Re: EIGRP Static Route Redistribution - Page 2

robward · ‎10-18-2007

Hi, I need some advice on the default behaviour of 'redistribute static'.

Background - we have a fully routed core network with Cat 6500's. Our Exchange network is behind an ISA firewall and is split across two 6500's for resilience. One of the 6500's routes traffic to exchange via ISA with a static route which is redistributed into EIGRP and propagated to the rest of the network i.e:

ip route x.x.252.0 255.255.255.0 x.x.42.10

x.x.42.10 is the IP address of the ISA Firewall.

I need to implement resilient routing for the Exchange network, I've tried adding the static route on the second 6500 and redistributing this but this is causing a routing loop on our other routers that have connections to both of the exchange routers:

6500#sh ip route x.x.252.0

Routing entry for x.x.252.0/24

Known via "eigrp 138", distance 170, metric 3072, type external

Redistributing via eigrp 138, bgp 64750

Advertised by bgp 64750

Last update from x.x.110.3 on Vlan3, 19:43:27 ago

Routing Descriptor Blocks:

* x.x.110.3, from x.x.110.3, 19:43:27 ago, via Vlan3

Route metric is 3072, traffic share count is 1

Total delay is 20 microseconds, minimum bandwidth is 1000000 Kbit

Reliability 255/255, minimum MTU 1500 bytes

Loading 1/255, Hops 1

x.x.1.26, from x.x.1.26, 19:43:27 ago, via Vlan806

Route metric is 3072, traffic share count is 1

Total delay is 20 microseconds, minimum bandwidth is 1000000 Kbit

Reliability 255/255, minimum MTU 1500 bytes

Loading 1/255, Hops 1

x.x.1.9, from x.x.1.9, 19:43:27 ago, via Vlan802

Route metric is 3072, traffic share count is 1

Total delay is 20 microseconds, minimum bandwidth is 1000000 Kbit

Reliability 255/255, minimum MTU 1500 bytes

Loading 1/255, Hops 1

The first route above via Vlan3 is from an old link that we'll be taking out of service shortly and originates from the same 6500 as the second route.

The third route is the one which I think is causing the loop and comes from the second 6500 that I tried to add the static route to.

I don't understand why the third route gives a hop count of 1 when the IP Address for ISA is not active on that router?

I hope this makes sense, if not please ask and I'll try to clarify!

Any tips would be appreciated?

Kevin Dorrell · ‎10-24-2007

I think there is already something wrong with the route from ct-cs1 to the subnet x.x.42.0/27 and onwards to the ISA. It's just you don't know about it because nobody is actually using ct-cs1 to get to the ISA. They wouldn't use the metric 3328+ route through ct-cs1new when they could quite happily use the metric 3072 routes through the other two.

But that all changes when ct-cs1 gets a static route and starts redistributing it through EIGRP 138. Now the access routers see three equally attractive routes, and distribute the load accordingly.

In theory, any packet that arrives at ct-cs1 from your access layer should be sent to mr-cs3. But in the sh ip route x.x.42.10, it shows that ct-cs1 has two routes: a correct one to mr-cs3 and an incorrect one to mr-cs2.

So, what happens to a packet that gets sent to mr-cs2? Well, under the old conditions, mr-cs2 had only one route to x.x.42.10, and that led ultimately to mr-cs3. But with ct-cs1 in place, does mt-cs2 always lead back to mr-cs3 probably not.

You probably know the "feasible successor" rule in EIGRP. It is designed to prevent loops. It says that the neighbor is a feasible successor if its AD is less than my current metric. One question that is often asked is "what happens if it is equal?" "What happens if my meighbor is the same distance from the destination as I am? Is he a feasible successor? The answer is no, he isn't. And it seems to me that we have a very similar situation here: three routers that have the same metric to the destination (because all three are redistributing a static), but only one of which has a real route to the destination.

OK, so what is the solution? I think that either you will have to make sure that ct-cs1 and mr-cs2 always route their ISA traffic directly to mr-cs3, and never to each other, or even indirectly via another router that has multiple routes .... or, more elegantly, reduce the re-distribution metric on the one that has the real route to the ISA, namely mr-cs3.

The problem is that by having an indirect route to x.x.252.0/24, and redistibuting it with the same metric as the router that has the real route, you are telling the rest of the network that all three routers can handle the traffic equally well. Which they cannot.

Kevin Dorrell

Luxembourg

robward · ‎10-24-2007

Hi Kevin, that makes sense although ct-cs1 is not directly connected to mr-cs3. The two possible routes are via mr-cs2 and rb-cs1.

The show ip route command without the network address only appears to have one entry in the routing table.

So from what you've said you think I should add a higher AD i.e. 201 to the static route on ct-cs1?

Thanks for your help by the way!

Kevin Dorrell · ‎10-24-2007

I would not do it that way. The AD is only a local concept within the router, and would not affect the decisions made by the other routers.

In you routers, you are redistributing static routes into EIGRP. Each of these routes will have a seed metric. What I am surprised at is that I don't see this default-metric in the router eigrp 138 section. The documentation says that redistributed "connected" routes get a metric of 0, but it is not clear if that applies to statics.

I would try something like default-metric 1000 25 255 1 1500 in the eigrp sections of both ct-cs1 and mr-cs2. That should put them at a significant disadvantage compared to the routes from mr-cs3.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hirp_r/rte_eih.htm#wp999030

BTW, in you original posting, you said "I don't understand why the third route gives a hop count of 1 when the IP Address for ISA is not active on that router?" It is because it doesn't know whether the static route is activ, direct, or indirect. That is the hop count to the redistribution point.

Kevin Dorrell

Luxembourg

robward · ‎10-24-2007

Thanks Kevin, I'll give that some thought as I'll have to assess the impact on the other networks that we'll be routing on ct-cs1.

I've done something similar with AD with backup static routes for our BGP peering by adding a default static route with an AD of 201 and redistributing this with EIGRP.

Under normal operation when our BGP peering with our ISP is in operation the BGP route with an AD of 200 is redistributed by EIGRP. If the BGP peering dissapears then the static route gets redistributed by EIGRP. This seems to work nicely.

Kevin Dorrell · ‎10-24-2007

If you don't wany to touch the other redistributions, you can set the sed metric for this one only by setting a route-map:

ip access-list standard IVS

permit x.x.254.0 0.0.0.255

route-map permit static->eigrp 10

match ip address IVS

set metric 1000 25 255 1 1500

route-map permit static->eigrp 20

! lets the rest of the routes through without modification of the metric

router eigrp 138

redistribute static route-map static->eigrp

Kevin Dorrell

Luxembourg

robward · ‎10-24-2007

Yes, that's the one!

Thanks I'll let you know how it goes, here's your points!