02-08-2016 12:21 PM - edited 03-08-2019 04:31 AM
I have attached a design diagram - I have 2 HQ locations with internet connections, 4500-x each advertise (into BGP) half of my /20 as a /21 but also advertise the /20 in case either side fails.
I have Palo Alto between these in Active/Active
I have some larger branches which I would like to prefer traffic towards HQ2 (600MB internet) with HQ1 as failover
My smaller branches I would like to prefer routing to HQ1 (300MB internet)
entire inside LAN is EIGRP over ASE network - currently on a single AS
I would like some peer review to recommend if I should use 2 EIGRP AS - or use static with SLA and EIGRP, or use BGP and EIGRP
Any input would be much appreciated
02-08-2016 01:18 PM
Not familiar with the ASE setup but do the branches see the HQ 4500s as the next hop routers or are there other L3 devices within the ASE network ?
Presumably you are sending default routes to the branches for internet ?
Is it just for internet you want to direct traffic ?
Jon
02-08-2016 01:41 PM
ASE is straight point-to-point layer 3 no devices in the middle
this is really just internet routing
02-08-2016 01:52 PM
Are you sending default routes from both HQ sites to the branch sites ?
Jon
02-08-2016 02:18 PM
yes, though HQ1-B 4500x is distributing with higher metric
this way HQ1-A and HQ2-A are equal cost
however now they will need to be unequal cost for different sites.
this is why I was leaning towards multiple AS
02-08-2016 03:00 PM
Unfortunately I don't have access to the lab I usually test with so here are some suggestions for doing it with EIGRP.
You can't use an offset list because you cannot do it by neighbor (although I could have sworn I got this working once !).
I can think of two possible ways neither of which I have used in production and in no particular order -
1) modify the AD of the route you do not want to use and you can specify the source IP of the update.
See this link for details -
2) use a distribute list where you can specify the source IP of the update and simply filter out the default route from the HQ site you don't want to use.
Then add a floating static route pointing to that neighbor with an AD higher than the EIGRP default you want to use.
No need for IP SLA because the floating static will only be used if the router is no longer receiving EIGRP routes.
Not entirely sure about using two AS's but that may well work as well.
Others may well have alternatives that could be used.
Jon
02-08-2016 05:42 PM
Edited - not keen on that idea :)
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide