Solved: EIGRP failover

ergamusai · ‎06-14-2018

I have a setup where I have a router(R1) that connects to two other routers(R2 and R3). I am trying to build eigrp active/standby neighborships in between R1, R2 and R3.

I have built the eigrp neighborship, but I need to figure out how to send a default route from R2 and R3. The active one will be the active route from R2, when that goes down I need the default route from R3 to take over.

************R1**********

router eigrp 1
network 192.168.100.0 0.0.0.3
!
!
router eigrp 2
network 172.20.47.128 0.0.0.63

***********R2************

router eigrp 2
network 172.20.47.128 0.0.0.63

*********R3****************

router eigrp 1
network 192.168.100.0 0.0.0.3

**This is GNS3 lab, I need to test this before implementing it in my production network. This is in the LAN. I have considered BGP also, not sure on the pros and cons of each protocol, in terms of this specific scenario

Thanks in advance

paul driver · ‎06-15-2018

Hello

On the assumption the asa's are NAT'ing and have a default route towards their outside ISP interface then the following configuration should work.

Applying a mixture of sla tracking, redistribution and distance administrative manipulation to accomplish the failover using one eigrp process.

ASA1 -2
1) Apply sla to track the outside interface next hop

sla monitor 1

type echo protocol ipIcmpEcho <outside next-hop ip> interface outside
ip sla schedule 1 life forever start-time now

track 1 rtr 1 reachability

ip route outside 0.0.0.0 0.0.0.0 <outside interface>> track 1

2) create a prefix-list in conjunction with a route-map to advertise the above tracked static route into eigrp.

ip prefix-list 10 seq 5 permit 0.0.0.0/0

route-map STAN permit 10
match ip address prefix-list 10

router eigrp 100
redistribute static route-map STAN

3) advertise ASAx to Rx interface

asa1
router eigrp 100

network <R1 facing ip>
no auto-summary

asa2
router eigrp 100

network <R3 facing ip>
no auto-summary

4) create the rtr1 -3 eigrp peering with asa1-2 respectively and between each other via their IPsec tunnel

R1
router eigrp 100
network <tunnel ip>
network <ASA1 facing interface>
network <local network>
distance eigrp 90 70
no auto-summary

R3
router eigrp 100
network <tunnel ip>
network <ASA2 facing interface>
network <local network>
no auto-summary

That's it, then you should have failover via the eigrp IPsec tunnel if you lose connectivity from either asa isp

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

Georg Pauwen · ‎06-14-2018

Hello,

one option would be to use the EEM script below on your R1 router:

track 1 ip sla 1
!
ip sla 1
icmp-echo 172.20.47.130 source-ip 172.20.47.129
frequency 6
ip sla schedule 1 life forever start-time now
!
event manager applet EIGRP_FAILOVER_DOWN
event track 1 state down
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "interface GigabitEthernet0/2"
action 4.0 cli command "no shut"
action 5.0 cli command "end"
!
event manager applet EIGRP_FAILOVER_UP
event track 1 state up
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "interface GigabitEthernet0/2"
action 4.0 cli command "shut"
action 5.0 cli command "end"

ergamusai · ‎06-14-2018

This is great, but I need to able to receive a default route from both R2 and R3. I have used ip summary-address 0.0.0.0 0.0.0.0 command in the interface, but I believe that is being deprecated, and only one router is sending a default route.

Georg Pauwen · ‎06-14-2018

Hello,

use the delay command on the interface of R3 to influence which default route is being used:

R3

interface GigabitEthernet0/2

description EIGRP Link to R1

ip address 192.168.100.2 255.255.255.252

delay 110

With this configuration, the default route from R2 is preferred...

paul driver · ‎06-14-2018

Hello

Just like to add to Georgs post that there are lots of additional ways also to advertise a default or manipulate failover within eigrp

Eem ip sla tracking is just one way but it just depends on your physical setup

Other Examples-

summary's

variance

delay

Distance

max hop

pbr

etc...

May I ask why are you using two eigrp process? - what is the reason for this?

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

ergamusai · ‎06-15-2018

What is another way to send a default route. ip summary-address is not working

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

D* 0.0.0.0/0 is a summary, 00:04:42, Null0
172.20.0.0/16 is variably subnetted, 2 subnets, 2 masks

I cannot use static routes

paul driver · ‎06-15-2018

why are you using two eigrp process? - what is the reason for this?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

ergamusai · ‎06-15-2018

I corrected that, its one process now. I haven't worked with eigrp in a while and just picking things up.

I am trying to figure out how to send a default route to R1 from two different routers.

paul driver · ‎06-15-2018

Hello

Could you answer a few questions so I can obtain an insight into you network?

looking st your OP you state R1 is connected to R2-R3

So R1 is your hub rtr and R2-R3 are your spokes - is this still correct?

Does R1 connect to any other rtr and use any other routing protocol other than eigrp?

why do you need R1 to receive a default ?

Also do the 2 spokes need to peer with each other or can they go through R1

res

paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

ergamusai · ‎06-15-2018

To give you a better idea on what I'm doing. This is my topology. Its a simplified GNS3 lab.

In production, R1 and R2 are in one location, directly connected, R3 and R4 are in a remote location, directly connected. The connection between R1 and R3 is an GRE over IPSEC tunnel.

Failover setup:

When the link in between R1 and R2 fails, the traffic should be redirected to R3

Same thing for R3, when the link in between R3 and R4 fails, the traffic should be redirected to R1

paul driver · ‎06-15-2018

Hello

Okay so you would like failover between R1-R3

So would I be right in saying R2 R4 are providing egress routing for each location ?

if so what is the protocol running on thise two egress routers ?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

ergamusai · ‎06-15-2018

That s correct, R2 and R4 are the egress routers. As of now its all static in between R1-R2 and R3-R4. In production, R2 and R4 are ASAs and the true egress routers are the next hop.

I do have a lot to figure out in terms of failover, but I'm taking it a segment at a time.

paul driver · ‎06-15-2018

Hello

Thank for this I think we are now nearly at a point to sort your failover-

Are your egress rtrs advertising -BOTH internal networks of both locations

if so what you can do and I this is what you are requesting is to except external routes from each egress rrtr into both locations and use those for each location egress traffic and for site to site connectivity use the connection between R1-R3

what are the asas using for connection to their rrespective isps and are these towards different isps or the same

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

ergamusai · ‎06-15-2018

The ASAs are connecting to different ISPs. The egress routers are only advertising the internal network of each site. When the failover is in place, will have to advertise the range of the other site via the R1 and R3 connection.

The only traffic I'm looking to failover is egress traffic, not incoming.

The problem I'm having now is sending default routes to R1 and R3.

paul driver · ‎06-15-2018

Hello

One last thing how are the asas connecting to the ISPS, and what are they receiving interms of routes?

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul