cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
284
Views
0
Helpful
5
Replies
etechexperts
Beginner

EIGRP WAN failover design help

I'm having some issues getting an EIGRP design to work correctly. I've set up a lab consisting of a WAN and LAN. In the WAN portion I've created EIGRP AS 25. The WAN appears to work properly. I can ping all devices. I'm having issues with the LAN portion.

The goal I am trying to achieve is redundant WAN connections for the LAN. Because I'm creating all of this in the lab I don't know if it's my WAN not working correctly, or the LAN not working, or a little of both.

I would like the design to work as follows: Subnet 10.0.2.0/24 will always use R2 for Internet access. If R2 goes down, all traffic will route out R3. Subnet 10.0.12.0/24 will always use R3 for Internet access. If R3 goes down, all traffic will route out R2.

My test is to achieve a ping to 5.5.5.5 at the top of the WAN. I haven't been able to get it to work properly and I've confused myself with all of the troubleshooting I've been trying. At times I could ping 5.5.5.5 from 10.0.2.0/24 but it would route out R3. I tried increasing the delay on the R3 link to prefer the R2 route and that didn't work. I wanted to see if someone has some input. Much appreciated!

I've attached the interface and route portions of the devices.

EIGRP Topology

5 REPLIES 5
Jon Marshall
VIP Community Legend

You need to look at PBR (and probably IP SLA) or VRFs to make this work. Because switch2 is the gateway for all clients that switch would need to support either of the above and it is dependant on the switch and the IOS feature set.

Because you want failover VRFs may not be the most suitable as they are primarily used for keeping traffic separate.

Jon

Yes policy-based routing seems to be part of the solution.  I've made progress.  EIGRP was a disaster.  I reworked all of the EIGRP configs and have the routing working correctly now.  All traffic is going out R2.  If I shutdown an interface on R2 all traffic will reroute out R3.

The layer 3 switch is a 3850 with IP services.  It supports PBR.  I've configured PBR on it and told it to set the next hop for subnet 10.0.12.0/24 to 172.16.20.2.  Although the traffic matches my access-list and route-map, it does not send the traffic out the correct way.  The traffic will only follow the gateway of last resort set by EIGRP.

interface Vlan125
ip address 10.0.12.1 255.255.255.0
ip route-cache policy
ip policy route-map PBR4VLAN125

access-list 110 permit ip 10.0.12.0 0.0.0.255 any

route-map PBR4VLAN125 permit 10
match ip address 110
set ip next-hop 172.16.20.2


SW2#show access-list 110
Extended IP access list 110
10 permit ip 10.0.12.0 0.0.0.255 any (7 matches)


SW2#show route-map PBR4VLAN125
route-map PBR4VLAN125, permit, sequence 10
Match clauses:
ip address (access-lists): 110
Set clauses:
ip next-hop 172.16.20.2
Policy routing matches: 7 packets, 879 bytes

Presumably you are testing with traceroute ?

Your configuration looks fine to me with the only question as to why you have "ip route-cache policy" under the SVI as this is used when you are not using CEF which I would have thought you would be. I doubt that is stopping it work though.

I have seen bugs with PBR on the 3850 so you may be hitting one of those ?

Assume that the PBR next hop IP is up and reachable from the 3850 ?

Jon

I think I see the issue, now to troubleshoot:

SW2#ping 172.16.20.2 source vlan125

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.20.2, timeout is 2 seconds:
Packet sent with a source address of 10.0.12.1
.....
Success rate is 0 percent (0/5)

-----------------------------------------------------------------------------------------------------------

SW2#ping 172.16.20.1 source vlan125

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.20.1, timeout is 2 seconds:
Packet sent with a source address of 10.0.12.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms

That's strange since I can failover R2 and everything will go out R3 when pinging from the workstation off of switch 1.

EIGRP is the following now:

ASA
router eigrp 175
network 10.10.10.0 255.255.255.252
network 172.16.20.0 255.255.255.248
no auto-summary

==========================================================================

Switch 2

router eigrp 175
network 10.0.2.0 0.0.0.255
network 10.0.12.0 0.0.0.255
network 172.16.20.0 0.0.0.7
no auto-summary

==========================================================================

R2

router eigrp 175
redistribute static metric 100000 100 255 1 1500
network 10.10.10.0 0.0.0.3
no auto-summary

router eigrp 25
redistribute eigrp 175
network 1.1.1.0 0.0.0.7
network 10.10.10.0 0.0.0.3
no auto-summary

ip route 0.0.0.0 0.0.0.0 1.1.1.2

==========================================================================

R3

router eigrp 175
redistribute static metric 100000 120 255 1 1500
network 172.16.20.0 0.0.0.7
no auto-summary

router eigrp 25
redistribute eigrp 175
network 2.2.2.0 0.0.0.3
network 172.16.20.0 0.0.0.7
no auto-summary

ip route 0.0.0.0 0.0.0.0 2.2.2.1

I ended up getting this to work.  I wanted to follow up in case anyone else needed this.  It's a little embarrassing why it wouldn't ping.  The R3 interface ended up being administratively shutdown.  I guess I had disabled it while testing and forgot to re-enable it before moving back to R2.

Policy-based routing was working properly to send the 10.0.12.0/24 traffic out R3.  The issue I had was that the traffic would drop once it hit the ISP2 router.  The issue was that I had not applied NAT to the R3 router.  Once I applied NAT on both R2 and R3 everything worked perfectly.