Mulit-Path Routing Question/Help

mpickens · ‎06-28-2011

I am trying to decide the best way to setup a multipath network. Any suggestions are appreciated:

I want to route all traffic destined for the Internet from SiteA on PathB
SiteA 10.0.0.0 to SiteB 172.16.0.0 on PathB
SiteA 10.0.1.0 to SiteB 172.16.0.0 on PathB
SiteA 10.0.5.0 to SiteB 172.16.0.0 on PathA
SiteA 10.0.6.0 to SiteB 172.16.0.0 on PathA

PathA

RtA-----100Mb----RtX

| |

SiteA----SwA SwX----Firewall---Internet

| | | |

--SwB SwY----SiteB

| |

RtB------50Mb----RtY

PathB

I need to make sure the routing is not a loop. Meaning, I do not want 10.0.5.0

to send to the Internet across PathB and then have the return traffic come back

on PathA.

The Rt's are 2800 Series Routers
The Sw's are 49xx Series Switches
The Firewalls are ASA 55xx series
I can run either OSPF or EIGRP
There must be automatic failover between PathA and PathB
There is a lot of multicast traffic between SiteA 10.0.5.0 to SiteB 172.16.0.0 on PathA

At this point I was considering using a route-maps.

Something like:

Internet Return:

SwX - Route-Map tag packets from Internet with 1000 set next hop SwY

SwY - Route-Map if tag = 1000 set next hop RtY

RtY - Route-Map if tag = 1000 set next hop RtB

Internet Send:

SwA - Route-Map if src 10.0.0.0 dest Not Private IP set next hop RtA

SwB - Route-Map if src 10.0.0.0 dest Not Private IP set next hop SwA

RtA - Route-Map if src 10.0.0.0 dest Not Private IP set next hop RtX

Then continue on with this same concept. Any thoughts of how this could be done

better or more simply?

Kelvin Willacey · ‎06-28-2011

You could probably use EIGRP with offset lists to influence path selection at Site B and route maps at Site A

mpickens · ‎06-30-2011

Thanks for the idea about using the eigrp offset lists. The off-set list does correctly influence the routing from siteB to siteA.

I implemented the off-set list on RtA at siteA . This allowed the correct networks to be seen as having a preferred path across PathB from SiteB to SiteA.

Marwan ALshawi · ‎06-28-2011

interesting topology,

for Internet routing from Site A going through Path B as primary path you can control this by controlling the advertisement of the default route

for example if you make site B as OSPF area 0

and site A as NASA

from from RTX to RTA

RTX:

under ospf use the bellow:

area nssa default-information originatecommand. The ABR generates a Type 7 LSA

in this way RTX will advertise all the specific routes of area 0 ( Site B ) + a default route but with LSA type 7 !

from RTY to RTB:

RTB:

under ospf :

area nssa no-summary

"

With the

no-summarykeyword, the NSSA ABR will not advertise the inter-area routes (Type 3 and Type 4 summary routes) inside the NSSA, instead will advertise a default route. This default route will be propagated inside the NSSA as Type 3 LSA With the no-summarykeyword, the NSSA ABR will not advertise the inter-area routes (Type 3 and Type 4 summary routes) inside the NSSA, instead will advertise a default route. This default route will be propagated inside the NSSA as Type 3 LSA"

what thats mean :

RTY default route ( Internet traffic ) will be the preferred route as it is type 3 LSA being injected in to OSPF area x ( Site A )

but no other routes will be sent ( area 0/ Site B routes )

however RTX will be sending default route with LSA type 7 ( less preferred Internet path / backup ) but at the same time it will send more specific route for area 0/Site B, as a result it will be used as main path for Site A traffic destined to Site B networks

however i am assuming that switch A and B will be in the same area of ospf of both RTA dn RTB if they are L3 switches

the above automate/simplify the traffic from Site A to Site B and the internet !

- to control the direction of the returned path i think it is better to make PATH A is preferred for traffic coming from Site B to Site A and you use the route maps wiht PBR you mentioned as you need to control based on the source for example if the source is form the Internet ( TAG x ) then send it through this path

http://www.cisco.com/en/US/customer/tech/tk365/technologies_tech_note09186a0080094a74.shtml#nssas

Good luck

if helpful Rate

mpickens · ‎06-30-2011

I am now experiencing a problem with the Route-Maps at SiteA.

SwA and SwB have Route-Maps to point to PathB based on the source:

access-list 10 permit 10.0.0.0 0.0.0.255

route-map to_pathB permit 10

match ip address 10

set ip next-hop RtB

Now where I am having a problem:

If PathB goes down, the route-map continues to send traffic to RtB.

I would normally use a set command of 'set ip next-hop verify-availability RtB 10 track 2'

track 2 would be: track 2 ip route PathB reachability

But it seems that on these newer 49xx switches that the 'set ip next-hop verify-availability' is no longer a permitted command. On 3750 and 3650 switches it is permitted, but if you attempt to apply it to a vlan interface you get ' %PLATFORM_PBR-3-UNSUPPORTED_RMAP: Route-map to_pathb not supported for Policy-Based Routing'

Because I can't track the route, the PBR does not fail back to the normal routing table when PathB is unavailable. Is there a new/different method nowadays for tracking route availability within a route-map? Do you not use route-maps for this type of scenario?

Thanks!