eigrp explained

Answered Question
Sep 11th, 2008

Here's my setup

Site1:

-single 2811

-single ISP

-Internal subnet: 10.10.50.0/24

-Tunnel1 interface: 10.10.10.1/24 (points to first 1841 at Site2)

-Tunnel2 interafce: 10.10.11.1/24 (points to 2nd 1841 at Site2)

Site2:

-Internal subnet: 10.200.200.0/24

-2 1841s

-2 ISPs. Each 1841 points to an ISP. This is in case one ISP goes down, the internal network in Site2 can still communicate with the internal network behind the 2811

-First 1841 - Tunnel1 interface: 10.10.10.2/24

-2nd 1841 - Tunnel2 interface: 10.10.11.2/24

Site1 2811's router has gre over IPSec tunnels to both 1841s. GRE over IPSec tunnels were created in order to have the 2 tunnels to the other 2 1841s active.

The internal network of Site2 is using GLBP (Gateway Load Balancing Protocol) for redundancy and load-balancing purposes

EIGRP is used at all the routers to distribute/present all the routes but I need to know how to accomplish this. How do I code the EIGRP part on all these routers?

I have this problem too.
0 votes
Correct Answer by Giuseppe Larosa about 8 years 4 months ago

Hello Angel,

you need to be able to run EIGRP over the GRE tunnels.

site1

router eigrp 100

network 10.10.50.0 0.0.0.255

network 10.10.10.0 0.0.0.255

network 10.10.11.0 0.0.0.255

site 2

first 1841

router eigrp 100

network 10.200.200.0 0.0.0.255

network 10.10.10.0 0.0.0.255

second 1841

router eigrp 100

network 10.200.200.0 0.0.0.255

network 10.10.11.0 0.0.0.255

OR

router eigrp 100

network 10.0.0.0

in all routers, the first solution shows what is needed: a network statement for the GRE tunnels and for the LAn subnets

a reference to EIGRP config:

http://www.cisco.com/en/US/docs/ios/iproute/configuration/guide/irp_cfg_eigrp_ps6350_TSD_Products_Configuration_Guide_Chapter.html

the ipsec crypto maps will use ACLs that permit only GRE traffic

access-list 121 permit gre host 10.10.10.1 host 10.10.10.2

access-list 122 permit gre host 10.10.11.1 host 10.10.11.2

Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Giuseppe Larosa Thu, 09/11/2008 - 22:21

Hello Angel,

you need to be able to run EIGRP over the GRE tunnels.

site1

router eigrp 100

network 10.10.50.0 0.0.0.255

network 10.10.10.0 0.0.0.255

network 10.10.11.0 0.0.0.255

site 2

first 1841

router eigrp 100

network 10.200.200.0 0.0.0.255

network 10.10.10.0 0.0.0.255

second 1841

router eigrp 100

network 10.200.200.0 0.0.0.255

network 10.10.11.0 0.0.0.255

OR

router eigrp 100

network 10.0.0.0

in all routers, the first solution shows what is needed: a network statement for the GRE tunnels and for the LAn subnets

a reference to EIGRP config:

http://www.cisco.com/en/US/docs/ios/iproute/configuration/guide/irp_cfg_eigrp_ps6350_TSD_Products_Configuration_Guide_Chapter.html

the ipsec crypto maps will use ACLs that permit only GRE traffic

access-list 121 permit gre host 10.10.10.1 host 10.10.10.2

access-list 122 permit gre host 10.10.11.1 host 10.10.11.2

Hope to help

Giuseppe

insccisco Fri, 09/12/2008 - 08:55

This is pretty good stuff.

Before imnplementing your solution, all tunnels were already up using GRE over IPSec indeed.

After adding your EIGRP commands, there is communication between all these 3 routers and also redundancy. I took down the first 1841 and the 10.200.200.0 network (the network behind the 1841s) was still communicating with the 10.10.50.0 (the network behind the 2811). This is very good.

Now I need some fine-tuning. There is an issue where the internal hosts (10.200.200.0) send their packets out to the servers at the hub and the GLBP is doing its job, however, when those packets hit the first 1841, they get re-routed back into the 10.200.200.0 network and out to the second 1841 and then from there the 2nd 1841 sends it to the destination (10.10.50.0)

So, load-balancing is not happening as all traffic destined to 10.10.50.0 gets out via the 2nd 1841 as opposed to both. I assume this is so because of the priorities on the router's route tables? In other words, the first 1841 has routes to the 10.10.50.0 but because the route via the 2nd 1841 has better metrics, it uses that route. Thus, only one router is being used to send out the traffic to 10.10.50.0

Giuseppe Larosa Fri, 09/12/2008 - 09:46

Hello Angel,

post the following show commands

sh ip eigrp interface tunnel x

sh ip route 10.10.50.0

sh ip eigrp topology

on both 1841.

I would expect with default values that each 1841 could forward to 10.10.50.0 via its own GRE tunnel.

However, there are parameters that can be tuned but before I would like to see the current scenario

Hope to help

Giuseppe

insccisco Fri, 09/12/2008 - 10:45

I played with the commands nd found the passive interface one.

What I did was not to advertise the routes on both of the internal interfaces of the 1841s. This way, its route tables only have one route towards the destination network 10.10.50.0. This is exactly the fix for the issue because we only need one route towards the destination on each of the 1841's. GLBP is already taking care of the load balancing and redundancy; if one 1841 goes downs, the other still up and all traffic towards the desti. will continue to flow via this other 1841.

Giuseppe thank you for your inputs... helped get this up...

Actions

This Discussion