Issue with PBR and EIGRP routing - Delay

Unanswered Question
Oct 16th, 2007
User Badges:

I currently have a problem where I have two routers setup on the same segment. One router is a in country Frame Relay network connection into it and the other is running a VPN encyrpted Tunnel over a public ADSL connection.


I am having a issue trying to get policy based routing to work. The Frame Relay router is the direction all traffic is flowing towards and is looking at DSCP marking to determine next hop = the VPN router remote end ip address of the tunnel.


The problem is when traffic is PBR'd to the VPN router the VPN router then has the best route to that other side of the tunnel as the Frame Relay router because of the amount of delay on the VPN tunnel. What this causes is basically a loop with PBR as the traffic bounces back and forth. By default I haven't added any delay command to the VPN tunnel and from my testing; if I do, then all I do is cause all traffic to shift over to the VPN router.


So I'm puzzled how I can get EIGRP consider the Frame Router as the Primary router and PBR to the VPN router, while also providing the VPN router as a backup if the Frame link were to go offline (down).


Any suggestion on how to get arount this issue.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Phillip Hichens Tue, 10/16/2007 - 05:20
User Badges:

Hi


Your description is a bit confusing, maybe a network diagram?

If both routers is on the same segment I would suggest using HSRP or VRRP.


Regards

Phillip

mkmead Tue, 10/16/2007 - 05:24
User Badges:

HSRP is a option and I believe I may have to look at it.


I'm not sure about a diagram.. let me toss something together.

mkmead Tue, 10/16/2007 - 05:37
User Badges:

Here is a basic diagram..


I've been thinking about this more and at first I thought about just setting the delay on both links the exact same but then what would happen is the core switch would load balance the links or take the VPN router as its best route because the bandwidth on the frame connection is much smaller which would then just route all traffic over the vpn link.



I'm just puzzled why the traffic would route all the way back to the frame which is 5 interface hops away than when its on the router and the traffic is 1 interface away?



Attachment: 
Richard Burts Tue, 10/16/2007 - 05:53
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Matthew


It seems to me that the solution would be to implement Policy Based Routing on the VPN router similar to what you did on the Frame Relay router. This would have the advantage of leaving the dynamic routing logic as it naturally is and will direct the traffic as you wish. It probably also leaves a cleaner response if one of the network links fails.


HTH


Rick

mkmead Tue, 10/16/2007 - 06:05
User Badges:

If I apply the same PBR rules on the VPN will that trumpt the EIGRP Routes?


Now that I am thinking about it that may work.. let me try test it out.

Richard Burts Tue, 10/16/2007 - 06:23
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Matthew


PBR will provide the same kind of over ride of the EIGRP logic on the VPN router just as it did on the Frame Relay router.


Test it and let us know what results you get.


HTH


Rick

Actions

This Discussion