Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
981
Views
25
Helpful
12
Replies

Tunnel traffic through Between sites

Go to solution
Mokhalil82
Level 4
Level 4

‎10-07-2015 10:41 AM - edited ‎03-08-2019 02:06 AM

Hi

Please see the attachment for the setup I need advice on. We are designing a new WAN for the company alongside the existing WAN to connect all of our sites. Currently the new WAN is setup and we want to run some test users over it for 2 weeks to ensure it operated properly.

 

So all the sites (5 sites) have had the new routers and wan connections installed and the WAN is configured. However we have one site (Site A) that sits at the end of another site that is going to keep its existing routers and does not have a direct connection into the WAN. 

 

This site uses a router on a stick setup where the routers have sub-interfaces for each VLAN. We will create test subnets and the users in these test subnets need to be using the new WAN.

 

How can I tunnel the traffic through to the new WAN routers?

 

Currently the existing routers are using RIP for routing between them and the core switches are using static routes with a default route pointing to the routers. I was thinking of the following solution:

1) create sub-interfaces on the FC-R1 & R2 at SiteA for the test subnets and run HSRP

2) Use an ip helper to the DHCP server (again the DHCP server is at the DC which is accessable over the new WAN)

3) Configure EIGRP so only the test subnets and the site to site link participates and tunnel the eigrp routing to the new routers. So only the test subnets will be seen by the new routers at this point for the return traffic. 

4) Now I am thinking of using PBR somewhere to set the next hop of the test subnets to the new routers.

 

Can someone please advise if I am on the right lines and is there a better solution. This will be temporary so that the test users can route over the new WAN to ensure user traffic behaves well over the new WAN from site A. 

Or is there a way of tunneling the traffic so that the test subnets at Site A use the new routers at SiteB as their gateway across the L3 link somehow.

 

Thanks

Labels:
Preview file
47 KB
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Mokhalil82

‎10-08-2015 04:34 AM

Unfortunately, if I am understanding you correctly, I don't think that will work.

Without VRFs a router only has a global routing table.

It's not the test subnets, it is the WAN routes.

WC-R2 currently has all the remote WAN routes via RIP ie. your existing setup.

If you then run EIGRP between WC-R2 and your new WAN routers, which I think is what you are proposing, then all the RIP routes will be replaced by the EIGRP routes on WC-R2.

So every subnet in both sites now uses the new WAN routers because that is where the routes point to.

Perhaps I am missing something and Richard seems to think it will work so that may well be the case but I personally can't see how this will work.

Jon

View solution in original post

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Mokhalil82

‎10-08-2015 05:25 AM

Personally using PBR is what I would do.

However you also need to think about return traffic.

The test subnets need to be advertised via EIGRP to the WAN otherwise return traffic won't get back.

So what I would do is -

1) advertise the test subnets into RIP at site A so that WC-R2 knows how to get back to them.

2) on WC-R2 use PBR to redirect to the new WAN routers.

3) you then need static routes for return traffic back to the test subnets.

These static routes need to be redistributed into EIGRP and advertised by the new WAN routers so that return traffic to the test subnets works.

It's not clear what the switches are in site B ie. if they are L3 then presumably they are running RIP ?

If so the statics for the test subnets should be configured on the new WAN routers with a next hop IP of the L3 switches and redistributed into EIGRP.

Basically you do not want any L3 device running both routing protocols.

So RIP gets the test subnets to WC-R2, then PBR to the new WAN routers.

The return traffic uses statics on the new WAN routers to get to the L3 switches or WC-R2 (whichever is the next L3 hop) and then RIP takes over from there.

I think the above will work.

Any queries etc. feel free to ask.

Jon

 

View solution in original post

12 Replies 12

Go to solution
Richard Bradfield
Level 6
Level 6

‎10-07-2015 11:38 PM

I think you are pretty much on the right lines.

creating EIGRP for your test subnets thru to the new routers at the remote site should work ok, remember to make any interfaces that you do not want to participate in RIP or EIGRP passive, so they won't be advertised. the new endpoints will only be EIGRP so won't see the RIP routes.

As you will be running EIGRP I don't think you will need PBR, and I would get rid of the static routes at the core and use EIGRP  once you have switched over to the new network.

 

HTH

Richard.

Go to solution
Mokhalil82
Level 4
Level 4
In response to Richard Bradfield

‎10-08-2015 02:56 AM

Thanks Richard

Btw at Site A, i wan eigrp only to run on the test subnets and the link to SiteB. So when I passive out the the other interfaces, will the passive statement not also affect the RIP routing?

 

 

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Mokhalil82

‎10-08-2015 03:13 AM

The passive statement is done under the routing process so it only affect that routing protocol.

However I'm not sure you can do this.

Are the WAN routes going to be the same on the top and bottom routers at site B ?

I am assuming so because the this is just for a test.

If they are as soon as you run EIGRP then it will replace all the RIP routes with EIGRP ones on the top set of routers so it won't just be the test subnets using the new WAN routers at site B, it will be every subnet.

So do the existing pair of WAN routers and the new ones both have the same routes to the remote IP subnets ?

Jon

 

Go to solution
Mokhalil82
Level 4
Level 4
In response to Jon Marshall

‎10-08-2015 03:59 AM

Hi Jon

So the top and bottom routers do have the same routes to the remote networks, but the plan is to only run the eigrp process for the test subnets and the router to router links, and passive out everything else on eigrp. 

So on router WC-R2, although both the existing RIP and the newly configured EIGRP will be running, I will only use network statement for the /30 links to build a relationship with Site A and the new WAN routers but not for any other subnets. 

The existing routers currently only run RIP but for all networks using network 0.0.0.0.

 

So my thinking is although eigrp routes are prefered over RIP, I will only run eigrp for the text subnets and so the routes advertised by the new WAN routers will only be visible for those test subnets?

Im hoping that will work, otherwise I may just use PBR on WC-R2 to set the next hop of the test subnets to the new routers, and configure some static return routing to the test subnets as this is just temporary.

 

Thanks

 

 

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Mokhalil82

‎10-08-2015 04:34 AM

Unfortunately, if I am understanding you correctly, I don't think that will work.

Without VRFs a router only has a global routing table.

It's not the test subnets, it is the WAN routes.

WC-R2 currently has all the remote WAN routes via RIP ie. your existing setup.

If you then run EIGRP between WC-R2 and your new WAN routers, which I think is what you are proposing, then all the RIP routes will be replaced by the EIGRP routes on WC-R2.

So every subnet in both sites now uses the new WAN routers because that is where the routes point to.

Perhaps I am missing something and Richard seems to think it will work so that may well be the case but I personally can't see how this will work.

Jon

Go to solution
Mokhalil82
Level 4
Level 4
In response to Jon Marshall

‎10-08-2015 05:07 AM

I think you may be correct. Im having a good think about it and if R2-FC has eigrp and rip runni g and is seeing remote networks over both, then it would choose eigrp.

I suppose it may just be simpler using PBR on R2- FC to set the next hop of the test subnets to the new routers. Then throw in some statics for now for the return routes.

that I believe should work

 

Thanks

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Mokhalil82

‎10-08-2015 05:25 AM

Personally using PBR is what I would do.

However you also need to think about return traffic.

The test subnets need to be advertised via EIGRP to the WAN otherwise return traffic won't get back.

So what I would do is -

1) advertise the test subnets into RIP at site A so that WC-R2 knows how to get back to them.

2) on WC-R2 use PBR to redirect to the new WAN routers.

3) you then need static routes for return traffic back to the test subnets.

These static routes need to be redistributed into EIGRP and advertised by the new WAN routers so that return traffic to the test subnets works.

It's not clear what the switches are in site B ie. if they are L3 then presumably they are running RIP ?

If so the statics for the test subnets should be configured on the new WAN routers with a next hop IP of the L3 switches and redistributed into EIGRP.

Basically you do not want any L3 device running both routing protocols.

So RIP gets the test subnets to WC-R2, then PBR to the new WAN routers.

The return traffic uses statics on the new WAN routers to get to the L3 switches or WC-R2 (whichever is the next L3 hop) and then RIP takes over from there.

I think the above will work.

Any queries etc. feel free to ask.

Jon

 

Go to solution
Mokhalil82
Level 4
Level 4
In response to Jon Marshall

‎10-08-2015 05:30 AM

That sounds good to me. The core switches are not running any RIP, they just have a default route to the existing routers so I can point the return static route to the WC-R2 router and that will see the test subnets through RIP. So avoids any eigrp for now.

 

 

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Mokhalil82

‎10-08-2015 05:36 AM

Okay I just posted an additional response.

If the core switches have a default route to the existing routers you need to override this.

What are you core switches ?

Jon

 

Go to solution
Mokhalil82
Level 4
Level 4
In response to Jon Marshall

‎10-08-2015 07:26 AM

Hi John

 

The core switches are 3560 ip base switches. I know they need replacing soon.

 

I was not going to have a L3 interface on then dfrom the new routers internal subnet on the core switches.

So I plan to use pbr on the WC-R2 and set the next hop to the inside interface on the new WAN routers. This would mean I will configure a sub interface on the WC-R2 router with an IP from the same network to form the point to point over the core switches to the new routers which should bypass any routing on the core switches

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Mokhalil82

‎10-08-2015 10:00 AM

Okay, that would work fine.

Jon

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to Mokhalil82

‎10-08-2015 05:32 AM

One last point.

If those switches are L3 and are running RIP you will also need PBR on there as well otherwise traffic will be sent back to the existing WAN routers.

This is obviously not something I would recommend as a permanent design but as it really is just for testing then it is still probably the easiest way.

If your L3 switches don't support PBR then we may have to rethink it.

Jon

0 Helpful
Customers Also Viewed These Support Documents