EIGRP between routers and making one router preferred

Answered Question
Dec 8th, 2008
User Badges:

4507 = Louisville core (192.168.187.1)

2851 = Louisville MPLS (192.168.187.252)

3660 = Louisville Point-to-Point (192.168.187.254)

2821 = Lexington MPLS (192.168.13.1)

3640 = Lexington Point-to-Point (192.168.13.3)


The MPLS connection is the primary connection. The Point-to-Point is the backup connection.


I have EIGRP 101 running on every single router, and BGP only running on the MPLS routers between cities.


The 4507 has both the 2851 and the 3660 plugged into it.


If I add a network to the 4507, both of the routers should say something like 'D 10.110.115.0/24 [90/3072] via 192.168.187.1' correct?


The problem I am receiving is that when I add a network to the 4507 router and do a 'sh ip route' on the 2851, the route says it's reachable via the MPLS. It is not saying it's connected to the 4507. It's actually going from the 2851 to the 2821, to 3640, to 3660, then to 4507.


How do i stop this loop? I would like to do this without setting a static ip route.


Also, If i unplug the 3660 and add the network, the 2851 finds the advertised route from the 4507 with no problems. When I plug the 3660 back in, the route starts going back to saying its reachable via the MPLS connection.


Any help or ideas are greatly appreciated.


Thanks


Correct Answer by Jon Marshall about 8 years 7 months ago

Kenny


"I tried adding


ip route 10.120.0.0 255.255.0.0 192.168.187.252

ip route 10.120.0.0 255.255.0.0 192.168.113.2


and still didn't have any effect on the Core router"


Is the network you are trying to advertise 10.120.201.0/24 ?


If so you need to add that exact route onto Louisville P2P. Because a router will always choose the most specific route. So Louisville P2P gets an advertisement from Lexington P2P for 10.120.201.0/24 but you have added statics for 10.120.0.0/16 so Louisville P2P will use the 10.120.201.0/24 route.


Try adding to Louisville P2P


ip route 10.120.201.0 255.255.255.0 192.168.187.252

ip route 10.120.201.0 255.255.255.0 192.168.113.2


Jon



Correct Answer by Jon Marshall about 8 years 7 months ago

"But that route still isn't being advertised over the MPLS"


D 209.Public.222.0/24 [90/28416] via 192.168.13.253, 2w1d, GigabitEthernet0/0


This is the route in your routing table but you are trying to advertise with 209.PUBLIC.224.64 255.255.255.224


change


router bgp 64803

network 209.PUBLIC.222.64 mask 255.255.255.224


to


router bgp 64803

network 209.PUBLIC.222.0 mask 255.255.255.0


I suspect this is the issue with the 10.110.x.x network as well. There must be an EXACT match in the routing table. So do a "sh ip route" on the 2851 and find the network you want to advertise and make sure the BGP network statement matches it eg.


if 10.110.0.0 has a subnet mask of 255.255.255.0 then your BGP statement needs to read


router bgp 64803

network 10.110.0.0 mask 255.255.255.0


Jon

Correct Answer by Jon Marshall about 8 years 7 months ago

Sorry no visio. Could you save as jpeg.


Anyway, initial observations. There is no control over what is being advertised out from Lexington. if you look you can see Frankfurt and a couple of the Covington/Cincinnati being advertised out. This is because EIGRP is being redistributed into BGP.


If you are absolutely sure you only want to advertise out the 2 subnets from Lexington


Lexington 2821


router bgp 64803

no redistribute eigrp 101 metric 0

network 192.168.13.0 mask 255.255.255.0

network 192.168.253.0 mask 255.255.255.0


That should fix issue 1. So Louisville 2851 should now see 4500 as next-hop for any new subnets you add to Louisville 4500.


Note to see the effects you will need to do a


"clear ip bgp 64.129.251.77 soft out" on the Lexington 2821.


I suggest we just make that change tonight and you can then check to see if all connectivity from all sites is working as it should be and that if you add a new subnet to the 4500 the Louisville 2851 gets the right next-hop.


If that goes okay we can then look at the backup link. I'll wait until i get the visio but i suspect that traffic is not routing how you want it to ie. if Lexington is advertising out Frankfurt that must mean it receives Frankfurt routes via EIGRP. It can only get these via the backup link with Louisville. So i wouldn't be surprised that from an internal switch/router in Lexington ie. not the 2821 if you did a traceroute to Frankfurt it went via Louisville backup link rather than MPLS cloud.


Does this sound okay to you ? The easiest change should be the one to the Lexington router as above.


The backup stuff will be more complicated. I may be asking you to do a few traceroutes and you may decide to wait until Lexington is readdressed.


Let me know what you want to do.


Jon


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Jon Marshall Mon, 12/08/2008 - 16:32
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Is the Louisville P2P connected to Lexington. And if so are you redistributing EIGRP into BGP.


If so then this won't work because Lexington receives a route via the P2P from Lousiville and then advertises this into BGP. BGP is a better metric on the 2851 - AD 20 compared to EIGRP received from the 4507 - AD 90.


So you need to filter which routes are advertised back into BGP at either site. Make sure only the sites internal routes are advertised into BGP.


However if you are doing this then you have another problem. The sites will use the backup link for normal communication. You redistribute BGP into EIGRP but these then become AD 170 and at the same time the site is receiving AD 90 routes down the backup link.


If your subnets within each site are summarisable make the backup link EIGRP passive and use static routes on each backup router.


If the original assumption about the P2P connection is wrong then just ignore all that :-)


Jon

the_crooked_toe Tue, 12/09/2008 - 06:02
User Badges:

Jon thanks for your response.


Yes the Lexington router is connected to the Louisville router.


I am redistributing BGP into EIGRP.


Attached is a network topology with all the routing protocols. in jpg form ;)


If you can explain how to filter routes to each site that would be a big help. (That is if the topology matches what you are trying to help me accomplish). And can you explain the different between having the 'no auto-summary' command and not. When I came into this network all the routers were configured with 'no auto-summary'


Thanks!



Attachment: 
the_crooked_toe Wed, 12/10/2008 - 06:49
User Badges:

Jon (or anyone for that matter) can you explain to me how you would filter the route?


I understand that from the 2821, I want to allow only network 192.168.13.0, and deny all others coming from EIGRP to be distributed through BGP.


Also with the current config, what do i need to remove to clean it up?


Thanks and it's much appreciated. Current config is attached on the updated topology jpg.



Attachment: 
Jon Marshall Wed, 12/10/2008 - 06:57
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Kendrik


Can you confirm whether or not you are redistributing EIGRP back into BGP because i think that is what both Giuseppe and i assumed but your topology map doesn't seem to mention this ?


Jon

the_crooked_toe Wed, 12/10/2008 - 07:05
User Badges:

Jon,

the current configuration looks like this on the 2821:


router eigrp 101

redistribute connected

redistribute static

redistribute bgp 64803 metric 100000 10 255 1 1500

network 192.168.13.0

no auto-summary

!

router bgp 64803

no synchronization

bgp log-neighbor-changes

network 64.129.251.76 mask 255.255.255.252

network 192.168.13.0

redistribute static

redistribute eigrp 101 metric 0

neighbor 64.129.251.77 remote-as 4323

default-information originate

no auto-summary

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 192.168.13.253

ip route 192.168.253.0 255.255.255.0 192.168.13.253


So it looks like yes, I am redistributing on both EIGRP and BGP on the 2821. Is this incorrect? As I said before, this was all setup when I arrived here, so I never originally set it up this way.


thanks again for your response and help

Jon Marshall Wed, 12/10/2008 - 07:19
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Kendrik


Not necessarily but this is one of your 2 problems.


Problem 1


EIGRP is exchanged via the backup routers so Lexington receives Louisville internal subnets via the backup link. Lexington then redistributes those into BGP. Lexington then advertise those routes back to Louisville via BGP. Louisville 2851 picks the route from Lexington because AD 20 (BGP) < AD 90 (EIGRP).


So to stop that either


1) redistribute EIGRP at each site but add filter so only that sites subnets are advertised


OR


2) Don't redistribute EIGRP into BGP, use network statements under your BGP config. Note that for the network to be advertised it must be in the IGP routing table but each sites networks should be in the routing tables anyway.


I prefer option 2 to be honest but it does mean that if you add another subnet to a site you must remember to add it under the BGP config as well. With option 1 if you add a new subnet it is automatically advertised out.


Your choice. If you choose option 1 then let me know and we can look to filter routes.


Problem 2


When Louisville 2851 receives BGP routes for Lexington subnets it redistributes these into EIGRP. Now we know Louisville 2851 will use BGP to get to these subnets but look at it from Louisville 4500 switch. It receives the routes for Lexington subnets from 2 places


i) Louisville 2851 from BGP redistributed into EIGRP - these will have AD of 170


ii) Louisville 3660 because it is peering with EIGRP to Lexington 3640. These will have AD of 90 so if you do a traceroute from Louisville 4500 to Lexington subnet on it will probably go via the backup link.


So to stop that


1) Use Giuseppe's idea of summary routes on the interfaces of the 3640 and 3660 that connect to each other.


But trouble is if you can't summarise then this becomes more difficult. You could make the link passive, add statics, redistribute into EIGRP and add offsets but that is a bit of a nightmare.


Can you efficiently summarise between sites ?


Jon



the_crooked_toe Wed, 12/10/2008 - 07:32
User Badges:

you're the Pro, so let's go with option 2.

Adding a new subnet to BGP seems like something I can remember ;)


So on the 2821 I need to remove the 'redistrubute eigrp 101' from BGP 64803, correct?


The 2851 is not redistributing EIGRP 101.


Additionally, on the 3640 and the 3660, I want to remove the statement that says 'no auto-summary' on EIGRP 101. Is that correct? How do you configure summary routes on just the interface?


Sorry if i'm asking to many questions. I just want to be 100% clear on what I'm about to do. Thanks!

Jon Marshall Wed, 12/10/2008 - 07:39
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Kendrik


1) "So on the 2821 I need to remove the 'redistrubute eigrp 101' from BGP 64803, correct? "


Yes you do but you need to be careful of doing this within core hours. Basically you need to do the following


Work out the Lexington subnets you need to advertise to Louisville. For each of the subnets add under your BGP config


router bgp 64803

network x.x.x.x mask x.x.x.x (the mask is optional but i always add it)


BUT key thing here is for BGP to advertise this out there must be a match in the IGP routing table on the 2821. So if you add


network 192.168.13.0 mask 255.255.255.0


when you do a "sh ip route" on the 2821 there must be a matching route. This route will be installed via EIGRP.


2) Removing the auto-summary probably won't work because that just determines whether you summarise on classful boundaries or not. You may need to use the "ip eigrp summary-address x.x.x.x" interface command.


Can you provide me with a full list of


Louisville subnets

Lexington subnets


The subnets you provide should be the ones you want to advertise between the sites.


"Sorry if i'm asking to many questions. I just want to be 100% clear on what I'm about to do. Thanks"


Totally understandable, this is your production network after all. You should probably look to do these changes out of core hours.


Jon

the_crooked_toe Wed, 12/10/2008 - 07:52
User Badges:

Just to let you know, we are in the midst of changing from 192.168./24 to the 10./24 network so there is a bunch of stuff. It's what also made me realize this problem.


Lexington:

192.168.13.0

192.168.253.0

192.168.113.0 <- this is only used between the 3640 and the 3660 to communicate. so probably shouldn't be in BGP if i'm not mistaken

(Lexington will eventually be on the 10.120.0.0/24 network)


Louisville:

192.168.15.0

192.168.32.0

192.168.33.0

192.168.34.0

192.168.35.0

192.168.36.0

192.168.50.0

192.168.52.0

192.168.187.0

192.168.199.0

10.110.115.0

10.110.132.0

10.110.133.0

10.110.134.0

10.110.135.0

10.110.136.0

10.110.201.1

10.110.213.0


(Louisville will eventually be on the 10.110.0.0/24 network)


And I will try the changes you give me out tonight. thanks again!

Jon Marshall Wed, 12/10/2008 - 08:00
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Okay, the problem you have is that 192.168.13.0 is in Lexington but 192.168.15.0 is in Louisville - this makes it hard to summarise.


Once you go to 10.120.0.0/24 for Lexington this would be relatively easy.


Sorry to have to ask yet another question - apart from Lexington and Louisville do you have other sites and if so do they use either 192.168.x.x or 10.110.x.x ?


Jon

the_crooked_toe Wed, 12/10/2008 - 08:09
User Badges:

Ask all the questions you want and i'll try my best to answer


I have a total of 5 cities.

Cincinnati and Covington are the same situation as Lexington. Both sites have a 2821 router with a MPLS connection. Cincinnati has a 2620 router with a Point-to-Point connected to Louisville 3660. Covington has a 2612 Router with a Point-to-Point connected to Louisville 3660.

Frankfort only has a 2801 router with a point-to-point connection to Louisville 3660


Cincinnati:

192.168.28.0/24

192.168.128.0/24 (only used for communication between the Point-to-Point routers)


Covington:

192.168.18.0/24

192.168.118.0/24 (only used for communication between the Point-to-Point routers)


Frankfort (NO MPLS, only Point-to-Point):

10.150.2.0/24

10.150.5.0/24 (used for Point-to-Point communication)

10.150.10.0/24

10.150.110.0/24

10.150.201.0/24

10.150.213.0/24

Jon Marshall Wed, 12/10/2008 - 08:22
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Okay, we probably need to take a step back here. Looking at the topology map you have some statics on the 3660 and 3640 routers that are doing something - just not sure what yet :-). Are they meant to be there ?


It would help if the topology map was updated to show all next-hop IP addresses ie. where they are within your network eg.


on the 3660


ip route 0.0.0.0 0.0.0.0 192.168.187.1


where is 192.168.187.1.


What i am really wary of is breaking your network by making changes without the full picture. So lets address the 2 issues separately.



Issue 1 - Lousiville 2851 picking wrong route.


1) On the 2821 Lexington router can you run


"sh ip bgp neigh 64.129.251.57 advertised routes"


and post output.


2) On 2821 Lexington router can you


"sh ip route" and post output


3) Are there any networks that you want to advertise into MPLS from Lexington that you didn't include when i asked about the networks being advertised to Louisville.


Key thing to understand here is that if we remove eigrp redistribution into BGP on Lexington we are only proposing to advertise out


192.168.13.0

192.168.253.0


which is fine for Louisville but do any of your other sites need to receive additional subnet advertisements from Lexington. Because if there are additional subnets from Lexington then we will need to add these in with network statements under BGP as well.


If we can sort the above out then we have solved initial issue with Louisville 2851 picking wrong route.


Issue 2 - backup link.


Looking at the statics it suggests someone has tried to address this before altho i can't say that for sure without knowing where all the next hops are.


Can you do a tracroute to an address in the 192.168.13.x subnet from the Louisville 4500 and tell me which way it goes ie. via MPLS or via the backup link.


Jon

the_crooked_toe Wed, 12/10/2008 - 08:55
User Badges:

1. I think you meant 64.129.251.77, because 57 was 'No such neighbor or address family'


LEX-GDM-TWC-MPLS#sh ip bgp neigh 64.129.251.77 advertised

BGP table version is 6825, local router ID is 192.168.13.254


Network Next Hop Metric LocPrf Weight Path

*> 0.0.0.0 192.168.13.253 0 32768 ?

*> 10.110.2.0/24 192.168.13.3 0 32768 ?

*> 10.110.5.0/24 192.168.13.3 0 32768 ?

*> 10.110.100.0/24 192.168.13.3 0 32768 ?

*> 10.110.101.0/24 192.168.13.3 0 32768 ?

*> 10.110.115.0/24 192.168.13.3 0 32768 ?

*> 10.110.132.0/24 192.168.13.3 0 32768 ?

*> 10.110.133.0/24 192.168.13.3 0 32768 ?

*> 10.110.201.0/24 192.168.13.3 0 32768 ?

*> 10.110.213.0/24 192.168.13.3 0 32768 ?

*> 10.150.2.0/24 192.168.13.3 0 32768 ?

*> 10.150.5.0/24 192.168.13.3 0 32768 ?

*> 10.150.10.0/24 192.168.13.3 0 32768 ?

*> 10.150.100.0/24 192.168.13.3 0 32768 ?

*> 10.150.110.0/24 192.168.13.3 0 32768 ?

*> 10.150.201.0/24 192.168.13.3 0 32768 ?

*> 10.150.213.0/24 192.168.13.3 0 32768 ?

*> 64.129.251.76/30 0.0.0.0 0 32768 i

*> 192.168.13.0 0.0.0.0 0 32768 i

*> 192.168.53.0 192.168.13.3 0 32768 ?

*> 192.168.113.0 192.168.13.3 0 32768 ?

*> 192.168.118.0 192.168.13.3 0 32768 ?

*> 192.168.128.0 192.168.13.3 0 32768 ?

*> 192.168.253.0 192.168.13.253 0 32768 ?

*> 209.Public.222.0 192.168.13.253 0 32768 ?


Total number of prefixes 25


2) NEXT POST. TOO MANY CHARACTERS


3) you're correct. for now we only want to advertise those 2 subnets from Lexington.


4)GDM-4507R#traceroute 192.168.13.57


Type escape sequence to abort.

Tracing the route to lexex1.greenebaum.com (192.168.13.57)


1 192.168.187.252 0 msec 0 msec 0 msec

2 64.129.251.57 4 msec 4 msec 0 msec

3 64.129.251.77 4 msec 4 msec 4 msec

4 64.129.251.78 4 msec 0 msec 0 msec

5 lexex1.greenebaum.com (192.168.13.57) 4 msec 4 msec 32 msec

GDM-4507R#


5) attached is the big picture with ALL the routers and configs. do you have visio?



the_crooked_toe Wed, 12/10/2008 - 08:56
User Badges:

2)

LEX-GDM-TWC-MPLS#sh ip rou

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route


Gateway of last resort is 192.168.13.253 to network 0.0.0.0


B 192.168.28.0/24 [20/0] via 64.129.251.77, 4w1d

C 192.168.13.0/24 is directly connected, GigabitEthernet0/0

B 192.168.15.0/24 [20/0] via 64.129.251.77, 1d17h

64.0.0.0/30 is subnetted, 4 subnets

B 64.129.251.56 [20/0] via 64.129.251.77, 4w1d

B 64.129.251.60 [20/0] via 64.129.251.77, 4w1d

B 64.129.251.72 [20/0] via 64.129.251.77, 4w1d

C 64.129.251.76 is directly connected, GigabitEthernet0/1

D 192.168.128.0/24 [90/4660480] via 192.168.13.3, 1w2d, GigabitEthernet0/0

B 192.168.198.0/24 [20/0] via 64.129.251.77, 4w1d

10.0.0.0/24 is subnetted, 16 subnets

D 10.110.100.0 [90/4151296] via 192.168.13.3, 1d02h, GigabitEthernet0/0

D 10.110.101.0 [90/4151296] via 192.168.13.3, 1d02h, GigabitEthernet0/0

D 10.110.115.0 [90/4151296] via 192.168.13.3, 1d02h, GigabitEthernet0/0

D 10.150.213.0 [90/4663040] via 192.168.13.3, 5d21h, GigabitEthernet0/0

D 10.150.201.0 [90/4663040] via 192.168.13.3, 1w0d, GigabitEthernet0/0

D 10.110.5.0 [90/4151296] via 192.168.13.3, 1d02h, GigabitEthernet0/0

D 10.110.2.0 [90/4151296] via 192.168.13.3, 1d02h, GigabitEthernet0/0

D 10.150.10.0 [90/4663040] via 192.168.13.3, 1w0d, GigabitEthernet0/0

D 10.150.5.0 [90/4660480] via 192.168.13.3, 1w0d, GigabitEthernet0/0

D 10.150.2.0 [90/4663040] via 192.168.13.3, 1w0d, GigabitEthernet0/0

D 10.110.201.0 [90/4151296] via 192.168.13.3, 1d02h, GigabitEthernet0/0

D 10.110.213.0 [90/4151296] via 192.168.13.3, 1d02h, GigabitEthernet0/0

D 10.110.132.0 [90/4151296] via 192.168.13.3, 1d02h, GigabitEthernet0/0

D 10.110.133.0 [90/4151296] via 192.168.13.3, 1d02h, GigabitEthernet0/0

D 10.150.110.0 [90/4663040] via 192.168.13.3, 1w0d, GigabitEthernet0/0

D 10.150.100.0 [90/4663040] via 192.168.13.3, 1w0d, GigabitEthernet0/0

D 192.168.113.0/24 [90/4148480] via 192.168.13.3, 2w1d, GigabitEthernet0/0

B 192.168.36.0/24 [20/0] via 64.129.251.77, 1d17h

D 192.168.53.0/24 [90/4151296] via 192.168.13.3, 1d17h, GigabitEthernet0/0

B 192.168.52.0/24 [20/0] via 64.129.251.77, 1d17h

B 192.168.187.0/24 [20/0] via 64.129.251.77, 4w1d

B 192.168.34.0/24 [20/0] via 64.129.251.77, 1d17h

B 192.168.50.0/24 [20/0] via 64.129.251.77, 1d17h

B 192.168.35.0/24 [20/0] via 64.129.251.77, 1d17h

D 192.168.118.0/24 [90/4660480] via 192.168.13.3, 2w1d, GigabitEthernet0/0

S 192.168.253.0/24 [1/0] via 192.168.13.253

B 192.168.32.0/24 [20/0] via 64.129.251.77, 1d17h

B 192.168.18.0/24 [20/0] via 64.129.251.77, 4w1d

B 192.168.33.0/24 [20/0] via 64.129.251.77, 1d17h

D 209.Public.222.0/24 [90/28416] via 192.168.13.253, 2w1d, GigabitEthernet0/0

S* 0.0.0.0/0 [1/0] via 192.168.13.253

Correct Answer
Jon Marshall Wed, 12/10/2008 - 09:28
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Sorry no visio. Could you save as jpeg.


Anyway, initial observations. There is no control over what is being advertised out from Lexington. if you look you can see Frankfurt and a couple of the Covington/Cincinnati being advertised out. This is because EIGRP is being redistributed into BGP.


If you are absolutely sure you only want to advertise out the 2 subnets from Lexington


Lexington 2821


router bgp 64803

no redistribute eigrp 101 metric 0

network 192.168.13.0 mask 255.255.255.0

network 192.168.253.0 mask 255.255.255.0


That should fix issue 1. So Louisville 2851 should now see 4500 as next-hop for any new subnets you add to Louisville 4500.


Note to see the effects you will need to do a


"clear ip bgp 64.129.251.77 soft out" on the Lexington 2821.


I suggest we just make that change tonight and you can then check to see if all connectivity from all sites is working as it should be and that if you add a new subnet to the 4500 the Louisville 2851 gets the right next-hop.


If that goes okay we can then look at the backup link. I'll wait until i get the visio but i suspect that traffic is not routing how you want it to ie. if Lexington is advertising out Frankfurt that must mean it receives Frankfurt routes via EIGRP. It can only get these via the backup link with Louisville. So i wouldn't be surprised that from an internal switch/router in Lexington ie. not the 2821 if you did a traceroute to Frankfurt it went via Louisville backup link rather than MPLS cloud.


Does this sound okay to you ? The easiest change should be the one to the Lexington router as above.


The backup stuff will be more complicated. I may be asking you to do a few traceroutes and you may decide to wait until Lexington is readdressed.


Let me know what you want to do.


Jon


the_crooked_toe Wed, 12/10/2008 - 10:13
User Badges:

attached is the JPG.


Around 5:00 tonight I will make that change to the 2821.


Thanks for all your help. I think once you see the attached diagram it will all make more sense to you. Sorry for not figuring out how to make the jpg earlier


-kenny



Jon Marshall Wed, 12/10/2008 - 10:19
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Kenny


Okay, no problem. I'll have a look at the jpg later on. Hope it goes alright. I'm in UK so 5.00 tonight is about 1:00 in the morning.


We can pick this up again tomorrow if you want.


Good luck.


Jon

the_crooked_toe Wed, 12/10/2008 - 14:31
User Badges:

removing the redistribute eigrp 101 from bgp on the 2821 fixed the 4500 and the 2851 problem.


now it seems like the 2851 isn't advertising it's routes correctly.


I have 10.110.0.0 added to EIGRP 101 on the 4507. I have 10.110.0.0 added to BGP 64803 on the 2851. Shouldn't the 2821 be getting it's routes for the 10.110.0.0 network from the 2851?

The 2851 is currently getting the routes from the 3640 via EIGRP. Do i not have BGP setup correctly on the 2851?


here is the 2851 config. Am I putting the 10.110.0.0/16 network incorrectly?


router eigrp 101

redistribute bgp 64803 metric 10000 10 255 1 1500

network 192.168.187.0

no auto-summary

!

router bgp 64803

no synchronization

bgp log-neighbor-changes

network 10.110.0.0

network 192.168.15.0

network 192.168.32.0

network 192.168.33.0

network 192.168.34.0

network 192.168.35.0

network 192.168.36.0

network 192.168.50.0

network 192.168.52.0

network 192.168.53.0

network 192.168.187.0

network 192.168.198.0

neighbor 64.129.251.57 remote-as 4323

no auto-summary

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 192.168.187.99

ip route 192.168.198.0 255.255.255.0 192.168.187.99




I also forgot i want to advertise our DMZ addresses so users can get to those servers internally.

So in Lexington I added 209.PUBLIC.222.64 mask 255.255.255.224 to bgp 64803.

But that route still isn't being advertised over the MPLS. This also starts being advertised from the ASA via EIGRP 101.



from the 2821 i have done 'clear ip eigrp neigh 192.168.13.3'

from the 2851 i have done 'clear ip eigrp neigh 192.168.187.254'

Both of these didn't get the routes going over the MPLS.

I also added a new 192.168.53.0/24 on the 4507, added that to BGP on the 2851 and that is distributed properly. It seems like the 10.110.0.0/16 network doesn't want to distribute properly from BGP.



the_crooked_toe Wed, 12/10/2008 - 15:27
User Badges:

on the 2851, i did a 'redistribute eigrp 101' for bgp 64803, and that got the 10.110.0.0/24 network to advertise it's route over the MPLS. but i'm sure that this isn't the correct way it's supposed to be done.

Correct Answer
Jon Marshall Wed, 12/10/2008 - 19:41
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

"But that route still isn't being advertised over the MPLS"


D 209.Public.222.0/24 [90/28416] via 192.168.13.253, 2w1d, GigabitEthernet0/0


This is the route in your routing table but you are trying to advertise with 209.PUBLIC.224.64 255.255.255.224


change


router bgp 64803

network 209.PUBLIC.222.64 mask 255.255.255.224


to


router bgp 64803

network 209.PUBLIC.222.0 mask 255.255.255.0


I suspect this is the issue with the 10.110.x.x network as well. There must be an EXACT match in the routing table. So do a "sh ip route" on the 2851 and find the network you want to advertise and make sure the BGP network statement matches it eg.


if 10.110.0.0 has a subnet mask of 255.255.255.0 then your BGP statement needs to read


router bgp 64803

network 10.110.0.0 mask 255.255.255.0


Jon

the_crooked_toe Wed, 12/10/2008 - 20:11
User Badges:

good morning Jon.


you are a guru.

I changed the DMZ address to 209.PUBLIC.222.0 and it's now being advertised. I was just cautious about that becuase I was just wanting to broadcast our DMZ only addresses. But I suppose this will work.


This was also the problem with the 10.110.x.x network.

I had 10.110.0.0 mask 255.255.0.0 and it was not working.

when i changed it to 10.110.115.0 mask 255.255.255.0, the route was being broadcasted correctly.


so it seems after all of this, I just wasn't broadcasting correctly and there was a redistribution that was messing it all up.


Thanks for all your help Jon!


-Kenny

Jon Marshall Wed, 12/10/2008 - 20:28
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Kenny


No problem with the help, glad you got it working as you wanted and i appreciate the ratings.


One last point -


"I changed the DMZ address to 209.PUBLIC.222.0 and it's now being advertised. I was just cautious about that becuase I was just wanting to broadcast our DMZ only addresses. But I suppose this will work."


Bear in mind that with your previous setup where you redistributed EIGRP into BGP at Lexington you were advertising this out as a /24 anyway. If you want to tie it down to 255.255.255.224 you would need to have a matching route in the IGP before BGP would advertise it out. If it's not affecting anything else perhaps best to just leave it as is.


Jon


the_crooked_toe Thu, 12/11/2008 - 06:23
User Badges:

Jon,

just curious. if the MPLS line ever fails, this should start looking to the Point-to_point routers for backup links, correct?


I'm looking at it in my head and it makes logical sense that it would work.


If i'm in Louisville, and I try to go to Lexington, and if the route to the MPLS line is down, then BGP would be down, meaning that router would find the routes via EIGRP, so it would go over the Point-to-Points. does that sound correct?

Jon Marshall Sat, 12/13/2008 - 17:18
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Kenny


Apologies for the delay in getting back.


Yes, i think the idea behind the network design is that if the MPLS links fail then the backup links are used.


However i'm not entirely convinced that it will work due to internal EIGRP (AD 90) vs external EIGRP (AD 170). Remember that any routes received from BGP and then redistributed into EIGRP will be AD 170. But as far as i can tell the same networks would be received down the P2P backup links with AD 90 and these would be preferred.


It's not quite that straightforward as when you did a traceroute it did go via MPLS although i have still to have a good look at the full network diagram.


What you can do is run some traceroutes from each site and see what path they take. Bear in mind that it is no good doing the traceroutes from the MPLS routers because they will always choose the BGP (AD 20) routes received from MPLS. You need to do traceroutes from devices within each site.


Jon

the_crooked_toe Thu, 12/18/2008 - 06:35
User Badges:

Hey Jon, hopefully you will see this. I've got another question for you.


I am in the process of adding new networks to Lexington and I'm having trouble on the core switch.


I am adding the networks correctly to Lexington. The 209 address is being broadcasted from the ASA. The 10.120 address is being broadcasted from a 3550, that will be disappearing in the future.


network 10.120.201.0 mask 255.255.255.0

network 209.PUBLIC.222.0


Networks 192.168.13.0 and 192.168.253.0 were already put in place before I got here so they are running correctly and there are no static routes set, yet, the Core switch is going to them first.


and when I go to the MPLS router in Louisville (2851) it can see the network being broadcasted over the MPLS correctly.


Now, when I go to the 4507 (core router in louisville) it is going over the backup links. I have this in my EIGRP table on the MPLS router (2851)


router eigrp 101

redistribute bgp 64803 metric 10000 10 255 1 1500

network 192.168.187.0

no auto-summary


So how do I make the core router look to the MPLS router before the backup links?

I understand that this is making it AD 170, compared to the backup of AD 90, but how do I get around that?


Here Is Lexington (2821):

router eigrp 101

redistribute static

redistribute bgp 64803 metric 10000 10 255 1 1500

network 192.168.13.0

no auto-summary

!

router bgp 64803

no synchronization

bgp log-neighbor-changes

network 10.120.201.0 mask 255.255.255.0

network 64.129.251.76 mask 255.255.255.252

network 192.168.13.0

network 192.168.253.0

network 209.PUBLIC.222.0

redistribute static

neighbor 64.129.251.77 remote-as 4323

default-information originate

no auto-summary



Here is the sh ip route on the core router (minus some stuff):

GDM-4507R#sh ip rou

D EX 192.168.13.0/24 [170/258816] via 192.168.187.252, 1w2d, Vlan1

10.0.0.0/24 is subnetted, 18 subnets

D 10.120.201.0 [90/1764864] via 192.168.187.254, 00:16:35, Vlan1

D EX 192.168.253.0/24 [170/258816] via 192.168.187.252, 1w0d, Vlan1

D 209.PUBLIC.222.0/24 [90/1767168] via 192.168.187.254, 6d22h, Vlan1




Jon Marshall Thu, 12/18/2008 - 09:50
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Kenny


From the core switch in Louisville can you you do traceroutes to


192.168.13.1

192.168.253.1

209.PUBLIC.220.1


i've used .1 here but i just need you to use an address that is active on those subnets,


and post results.


I'll wait until i see the results but as i said before i suspect traffic is not routing as it should. There are ways to fix this but because of the fact the addressing cannot be correctly summarised from each site it could well get messy !


Jon

the_crooked_toe Thu, 12/18/2008 - 09:57
User Badges:

GDM-4507R#traceroute 192.168.13.1


Type escape sequence to abort.

Tracing the route to 192.168.13.1


1 192.168.187.252 0 msec 0 msec 0 msec

2 64.129.251.57 4 msec 0 msec 4 msec

3 64.129.251.77 0 msec 4 msec 4 msec

4 64.129.251.78 4 msec * 4 msec


GDM-4507R#traceroute 192.168.253.1


Type escape sequence to abort.

Tracing the route to 192.168.253.1


1 192.168.187.252 12 msec 0 msec 4 msec

2 64.129.251.57 0 msec 0 msec 4 msec

3 64.129.251.77 4 msec 0 msec 4 msec

4 64.129.251.78 4 msec 4 msec 0 msec

5 * * *

6 *

This is because there is no 192.168.253.1, there is no router for this, it is just part of the IP pool from the ASA for VPN access. But you can see that it still goes through the MPLS.


GDM-4507R#traceroute 209.PUBLIC.222.67


Type escape sequence to abort.

Tracing the route to PUBLIC.gdm.com (209.Public.222.67)


1 192.168.187.254 0 msec 4 msec 0 msec

2 192.168.113.2 24 msec 20 msec 20 msec

3 PUBLIC.gdm.com (209.Public.222.67) 24 msec 20 msec 20 msec



SH IP route from the 4507

GDM-4507R#sh ip rou


Gateway of last resort is 192.168.187.99 to network 0.0.0.0


D EX 192.168.28.0/24 [170/258816] via 192.168.187.252, 1w2d, Vlan1

D EX 192.168.13.0/24 [170/258816] via 192.168.187.252, 1w2d, Vlan1

C 192.168.15.0/24 is directly connected, Vlan15

64.0.0.0/30 is subnetted, 4 subnets

D EX 64.129.251.56 [170/1767168] via 192.168.187.254, 1w0d, Vlan1

D EX 64.129.251.60 [170/258816] via 192.168.187.252, 1w0d, Vlan1

D EX 64.129.251.72 [170/258816] via 192.168.187.252, 1w0d, Vlan1

D EX 64.129.251.76 [170/258816] via 192.168.187.252, 1w0d, Vlan1

D 192.168.128.0/24 [90/1762048] via 192.168.187.254, 1w2d, Vlan1

S 192.168.198.0/24 [1/0] via 192.168.187.99

S 192.168.199.0/24 [1/0] via 192.168.187.99

10.0.0.0/24 is subnetted, 18 subnets

C 10.110.100.0 is directly connected, Vlan100

C 10.110.101.0 is directly connected, Vlan101

C 10.110.115.0 is directly connected, Vlan115

D 10.150.213.0 [90/3181312] via 192.168.187.254, 1w2d, Vlan1

D 10.150.201.0 [90/3181312] via 192.168.187.254, 1w2d, Vlan1

C 10.110.5.0 is directly connected, Vlan5

C 10.110.2.0 is directly connected, Vlan2

D 10.150.10.0 [90/3181312] via 192.168.187.254, 1w2d, Vlan1

D 10.150.5.0 [90/3178752] via 192.168.187.254, 1w2d, Vlan1

D 10.150.2.0 [90/3181312] via 192.168.187.254, 1w2d, Vlan1

C 10.110.201.0 is directly connected, Vlan201

C 10.110.213.0 is directly connected, Vlan213

D 10.120.201.0 [90/1764864] via 192.168.187.254, 03:41:52, Vlan1

C 10.110.187.0 is directly connected, Vlan187

C 10.110.132.0 is directly connected, Vlan132

C 10.110.133.0 is directly connected, Vlan133

D 10.150.110.0 [90/3181312] via 192.168.187.254, 1w2d, Vlan1

D 10.150.100.0 [90/3181312] via 192.168.187.254, 1w2d, Vlan1

D 192.168.113.0/24 [90/1762048] via 192.168.187.254, 1w2d, Vlan1

C 192.168.36.0/24 is directly connected, Vlan36

C 192.168.53.0/24 is directly connected, Vlan53

C 192.168.52.0/24 is directly connected, Vlan52

C 192.168.187.0/24 is directly connected, Vlan1

C 192.168.34.0/24 is directly connected, Vlan34

C 192.168.50.0/24 is directly connected, Vlan50

C 192.168.35.0/24 is directly connected, Vlan35

D 192.168.118.0/24 [90/1762048] via 192.168.187.254, 1w2d, Vlan1

D EX 192.168.253.0/24 [170/258816] via 192.168.187.252, 1w0d, Vlan1

C 192.168.32.0/24 is directly connected, Vlan32

D EX 192.168.18.0/24 [170/258816] via 192.168.187.252, 1w2d, Vlan1

C 192.168.33.0/24 is directly connected, Vlan33

D 209.PUBLIC.222.0/24 [90/1767168] via 192.168.187.254, 1w0d, Vlan1

S* 0.0.0.0/0 [1/0] via 192.168.187.99


Attached is a completely updated topology in jpg format. Except the ASA in Louisville is not yet broadcasting its EIGRP. Thanks againf or taking a look.



Jon Marshall Thu, 12/18/2008 - 10:03
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Kenny


Can you post output of


1) "sh run" on the P2P Louisville router

2) "sh run" on the Louisville core switch - actually just the bit from "router eigrp 101" onwards would be fine for this one

3) "sh run" on the P2P Lexington router

4) "sh ip eigrp neighbors" on the P2P Louisville router


Apologies again for asking for all this info but some of those traceroutes don't make a lot of sense without seeing the configs


Jon

the_crooked_toe Thu, 12/18/2008 - 10:16
User Badges:

1)

Louisville_P2P#sh run

hostname Louisville_P2P

no ip finger

no ip domain-lookup

!

ipx routing 0004.c14b.e490

call rsvp-sync

!

controller T1 2/2

framing esf

linecode b8zs

channel-group 1 timeslots 10-24 speed 64

description Connection to Frankfort

!

controller T1 2/3

framing esf

linecode b8zs

tdm-group 1 timeslots 1-13 type e&m

!

interface FastEthernet0/0

description CONNECTION TO 187 NETWORK

ip address 192.168.187.254 255.255.255.0

no ip mroute-cache

speed 100

full-duplex

ipx network 187

!

interface Serial1/0

description Connection to Cincinnati

ip address 192.168.128.1 255.255.255.0

!

interface Serial1/1

description Connection to Covington

ip address 192.168.118.1 255.255.255.0

!

interface Serial1/3

description Connection to Lexington

ip address 192.168.113.1 255.255.255.0

!

interface Serial2/2:1

description Connection to Frankfort

ip address 10.150.5.1 255.255.255.0

!

router eigrp 101

passive-interface FastEthernet0/1

passive-interface Loopback0

passive-interface Tunnel0

network 10.150.0.0 0.0.255.255

network 192.168.113.0

network 192.168.118.0

network 192.168.128.0

network 192.168.187.0

no auto-summary

no eigrp log-neighbor-changes

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.187.1

ip route 192.168.13.0 255.255.255.0 192.168.187.252

ip route 192.168.13.0 255.255.255.0 192.168.113.2

ip route 192.168.18.0 255.255.255.0 192.168.187.252

ip route 192.168.18.0 255.255.255.0 192.168.118.2

ip route 192.168.28.0 255.255.255.0 192.168.187.252

ip route 192.168.198.0 255.255.255.0 192.168.187.1


2)

GDM-4507R#sh run

!

hostname GDM-4507R

ip subnet-zero

ip domain-name greenebaum.com

!

cluster run

!

power redundancy-mode redundant

!

spanning-tree mode rapid-pvst

spanning-tree extend system-id

spanning-tree vlan 1-1000 priority 4096

!

redundancy

mode sso

!

vlan internal allocation policy ascending

!

interface GigabitEthernet1/1

..............

router eigrp 101

network 10.0.0.0

network 192.168.15.0

network 192.168.32.0

network 192.168.33.0

network 192.168.34.0

network 192.168.35.0

network 192.168.36.0

network 192.168.50.0

network 192.168.52.0

network 192.168.187.0

no eigrp log-neighbor-changes

no auto-summary

!

ip route 0.0.0.0 0.0.0.0 192.168.187.99

ip route 192.168.187.0 255.255.255.0 192.168.187.99

ip route 192.168.198.0 255.255.255.0 192.168.187.99

ip route 192.168.199.0 255.255.255.0 192.168.187.99


3)

Lexington_P2P#sh run

!

hostname Lexington_P2P

!

controller T1 0/0

framing esf

linecode b8zs

channel-group 0 timeslots 14-24 speed 64

tdm-group 1 timeslots 1-13 type e&m

description Connection to Telco

!

controller T1 0/1

framing esf

linecode b8zs

tdm-group 1 timeslots 1-13 type e&m

description Connection to PBX

!

interface FastEthernet0/0

description Inside Ethernet segment

ip address 192.168.13.3 255.255.255.0

duplex auto

speed auto

!

interface Serial0/0:0

description Point-to-Point to Louisville

ip address 192.168.113.2 255.255.255.0

ip mroute-cache

!

router eigrp 101

passive-interface FastEthernet1/0

passive-interface Loopback0

passive-interface Tunnel0

network 192.168.13.0

network 192.168.113.0

no auto-summary

no eigrp log-neighbor-changes

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.113.1

ip route 192.168.198.0 255.255.255.0 192.168.113.1



4)

Louisville_P2P#sh ip eigrp neigh

IP-EIGRP neighbors for process 101

H Address Interface Hold Uptime SRTT RTO Q Seq Type

(sec) (ms) Cnt Num

1 192.168.187.252 Fa0/0 12 1w0d 4 200 0 18156

2 192.168.128.2 Se1/0 12 1w1d 10 200 0 15527

0 192.168.187.1 Fa0/0 12 1w2d 1 200 0 18136

5 10.150.5.2 Se2/2:1 12 2w1d 10 200 0 193

4 192.168.118.2 Se1/1 13 6w0d 14 200 0 20459

3 192.168.113.2 Se1/3 12 6w0d 22 200 0 1142


Let me know if there is anything else you may need.

Jon Marshall Thu, 12/18/2008 - 10:32
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Sorry yes.


1) "sh ip route" from P2P Louisville

2) "sh ip route" from P2P lexington


Jon

the_crooked_toe Thu, 12/18/2008 - 10:42
User Badges:

1)

Louisville_P2P#sh ip rou

Gateway of last resort is 192.168.187.1 to network 0.0.0.0


S 192.168.28.0/24 [1/0] via 192.168.187.252

S 192.168.13.0/24 [1/0] via 192.168.187.252

[1/0] via 192.168.113.2

D 192.168.15.0/24 [90/28416] via 192.168.187.1, 1w2d, FastEthernet0/0

64.0.0.0/30 is subnetted, 4 subnets

D EX 64.129.251.56 [170/1766912] via 192.168.113.2, 1w0d, Serial1/3

D EX 64.129.251.60 [170/261120] via 192.168.187.252, 1w0d, FastEthernet0/0

D EX 64.129.251.72 [170/261120] via 192.168.187.252, 1w0d, FastEthernet0/0

D EX 64.129.251.76 [170/261120] via 192.168.187.252, 1w0d, FastEthernet0/0

C 192.168.128.0/24 is directly connected, Serial1/0

S 192.168.198.0/24 [1/0] via 192.168.187.1

10.0.0.0/8 is variably subnetted, 19 subnets, 2 masks

D 10.110.100.0/24 [90/28416] via 192.168.187.1, 1w0d, FastEthernet0/0

D 10.110.101.0/24 [90/28416] via 192.168.187.1, 1w0d, FastEthernet0/0

D 10.110.115.0/24 [90/28416] via 192.168.187.1, 1w0d, FastEthernet0/0

D 10.150.213.0/24 [90/3181056] via 10.150.5.2, 1w2d, Serial2/2:1

D 10.150.201.0/24 [90/3181056] via 10.150.5.2, 1w2d, Serial2/2:1

D 10.110.5.0/24 [90/28416] via 192.168.187.1, 1w0d, FastEthernet0/0

D 10.110.2.0/24 [90/28416] via 192.168.187.1, 1w0d, FastEthernet0/0

S 10.120.0.0/16 [1/0] via 192.168.187.252

[1/0] via 192.168.113.2

D 10.150.10.0/24 [90/3181056] via 10.150.5.2, 1w2d, Serial2/2:1

C 10.150.5.0/24 is directly connected, Serial2/2:1

D 10.150.2.0/24 [90/3181056] via 10.150.5.2, 1w2d, Serial2/2:1

D 10.110.201.0/24 [90/28416] via 192.168.187.1, 1w0d, FastEthernet0/0

D 10.110.213.0/24 [90/28416] via 192.168.187.1, 1w0d, FastEthernet0/0

D 10.120.201.0/24 [90/1764608] via 192.168.113.2, 04:27:12, Serial1/3

D 10.110.187.0/24 [90/28416] via 192.168.187.1, 4d22h, FastEthernet0/0

D 10.110.132.0/24 [90/28416] via 192.168.187.1, 1w0d, FastEthernet0/0

D 10.110.133.0/24 [90/28416] via 192.168.187.1, 1w0d, FastEthernet0/0

D 10.150.110.0/24 [90/3181056] via 10.150.5.2, 1w2d, Serial2/2:1

D 10.150.100.0/24 [90/3181056] via 10.150.5.2, 1w2d, Serial2/2:1

C 192.168.113.0/24 is directly connected, Serial1/3

D 192.168.36.0/24 [90/28416] via 192.168.187.1, 1w2d, FastEthernet0/0

D 192.168.52.0/24 [90/28416] via 192.168.187.1, 1w2d, FastEthernet0/0

C 192.168.187.0/24 is directly connected, FastEthernet0/0

D 192.168.34.0/24 [90/28416] via 192.168.187.1, 1w2d, FastEthernet0/0

D 192.168.50.0/24 [90/28416] via 192.168.187.1, 1w2d, FastEthernet0/0

D 192.168.35.0/24 [90/28416] via 192.168.187.1, 1w2d, FastEthernet0/0

C 192.168.118.0/24 is directly connected, Serial1/1

D EX 192.168.253.0/24 [170/261120] via 192.168.187.252, 1w0d, FastEthernet0/0

D 192.168.32.0/24 [90/28416] via 192.168.187.1, 1w2d, FastEthernet0/0

S 192.168.18.0/24 [1/0] via 192.168.187.252

[1/0] via 192.168.118.2

D 192.168.33.0/24 [90/28416] via 192.168.187.1, 1w2d, FastEthernet0/0

D 209.PUBLIC.222.0/24 [90/1766912] via 192.168.113.2, 1w0d, Serial1/3

S* 0.0.0.0/0 [1/0] via 192.168.187.1





the_crooked_toe Thu, 12/18/2008 - 10:43
User Badges:

Lexington_P2P#sh ip rou


Gateway of last resort is 192.168.113.1 to network 0.0.0.0


D EX 192.168.28.0/24 [170/261120] via 192.168.13.1, 1w0d, FastEthernet0/0

C 192.168.13.0/24 is directly connected, FastEthernet0/0

D 192.168.15.0/24 [90/4151040] via 192.168.113.1, 1w0d, Serial0/0:0

64.0.0.0/30 is subnetted, 4 subnets

D EX 64.129.251.56 [170/261120] via 192.168.13.1, 1w0d, FastEthernet0/0

D EX 64.129.251.60 [170/261120] via 192.168.13.1, 1w0d, FastEthernet0/0

D EX 64.129.251.72 [170/261120] via 192.168.13.1, 1w0d, FastEthernet0/0

D EX 64.129.251.76 [170/261120] via 192.168.13.1, 1w0d, FastEthernet0/0

D 192.168.128.0/24 [90/4660224] via 192.168.113.1, 1w0d, Serial0/0:0

S 192.168.198.0/24 [1/0] via 192.168.113.1

10.0.0.0/24 is subnetted, 18 subnets

D 10.110.100.0 [90/4151040] via 192.168.113.1, 1w0d, Serial0/0:0

D 10.110.101.0 [90/4151040] via 192.168.113.1, 1w0d, Serial0/0:0

D 10.110.115.0 [90/4151040] via 192.168.113.1, 1w0d, Serial0/0:0

D 10.150.213.0 [90/4662784] via 192.168.113.1, 1w0d, Serial0/0:0

D 10.150.201.0 [90/4662784] via 192.168.113.1, 1w0d, Serial0/0:0

D 10.110.5.0 [90/4151040] via 192.168.113.1, 1w0d, Serial0/0:0

D 10.110.2.0 [90/4151040] via 192.168.113.1, 1w0d, Serial0/0:0

D 10.150.10.0 [90/4662784] via 192.168.113.1, 1w0d, Serial0/0:0

D 10.150.5.0 [90/4660224] via 192.168.113.1, 1w0d, Serial0/0:0

D 10.150.2.0 [90/4662784] via 192.168.113.1, 1w0d, Serial0/0:0

D 10.110.201.0 [90/4151040] via 192.168.113.1, 1w0d, Serial0/0:0

D 10.110.213.0 [90/4151040] via 192.168.113.1, 1w0d, Serial0/0:0

D 10.120.201.0 [90/28416] via 192.168.13.204, 04:29:16, FastEthernet0/0

D 10.110.187.0 [90/4151040] via 192.168.113.1, 4d22h, Serial0/0:0

D 10.110.132.0 [90/4151040] via 192.168.113.1, 1w0d, Serial0/0:0

D 10.110.133.0 [90/4151040] via 192.168.113.1, 1w0d, Serial0/0:0

D 10.150.110.0 [90/4662784] via 192.168.113.1, 1w0d, Serial0/0:0

D 10.150.100.0 [90/4662784] via 192.168.113.1, 1w0d, Serial0/0:0

C 192.168.113.0/24 is directly connected, Serial0/0:0

D 192.168.36.0/24 [90/4151040] via 192.168.113.1, 1w0d, Serial0/0:0

D 192.168.52.0/24 [90/4151040] via 192.168.113.1, 1w0d, Serial0/0:0

D 192.168.187.0/24 [90/4150784] via 192.168.113.1, 1w0d, Serial0/0:0

D 192.168.34.0/24 [90/4151040] via 192.168.113.1, 1w0d, Serial0/0:0

D 192.168.50.0/24 [90/4151040] via 192.168.113.1, 1w0d, Serial0/0:0

D 192.168.35.0/24 [90/4151040] via 192.168.113.1, 1w0d, Serial0/0:0

D 192.168.118.0/24 [90/4660224] via 192.168.113.1, 1w0d, Serial0/0:0

D EX 192.168.253.0/24 [170/28416] via 192.168.13.1, 1w0d, FastEthernet0/0

D 192.168.32.0/24 [90/4151040] via 192.168.113.1, 1w0d, Serial0/0:0

D EX 192.168.18.0/24 [170/261120] via 192.168.13.1, 1w0d, FastEthernet0/0

D 192.168.33.0/24 [90/4151040] via 192.168.113.1, 1w0d, Serial0/0:0

D 209.PUBLIC.222.0/24 [90/30720] via 192.168.13.253, 1w0d, FastEthernet0/0

S* 0.0.0.0/0 [1/0] via 192.168.113.1


the_crooked_toe Thu, 12/18/2008 - 11:07
User Badges:

Jon,

the only thing I don't understand is that I am putting in new networks and in the 'show run' i'm not seeing anything different than what is already there.


I don't understand how the person before me was able to add the network for 192.168.13.0 on the Lexington MPLS and the Lexington P2P, and still have the Core router in Louisville look to AD 170 instead of AD 90. It just doesn't make any sense because the core router is probably doing what its supposed to do. I just dont see how the person before me set it up.


Thanks again for all your help

Jon Marshall Thu, 12/18/2008 - 11:30
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Kenny


Apologies for missing this.


192.168.253.0 is in Lexington P2P routing table and so is advertised to Louisville P2P.


D EX 192.168.253.0/24 [170/28416] via 192.168.13.1, 1w0d, FastEthernet0/0


Note it is AD 170. So Louisville P2P does receive this route from Lexington and sends it to 4500. But 4500 also receives the same route with AD 170 from 2851 MPLS router. So i suspect on the 4500 that the metric of the router received from 2851 is better than the metric received from Louisville P2P.


Told you it was confusing !


Jon

Jon Marshall Thu, 12/18/2008 - 11:17
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Okay, where to start !


There doesn't seem to be any consistency in the way routes have been advertised. Note that this is not a criticism of you as i appreciate you have picked this up. It is also not a criticism of the previous netadmin because


a) it might have evolved under him too

b) he may be a much better network designer than me and i just can't see the logic !


Lets explain 192.168.13.0 and 192.168.253.0


Both these networks routes via MPLS but for completely different reasons.


1) 192.168.13.0. There are 2 static entries on P2P Louisville for this


ip route 192.168.13.0 255.255.255.0 192.168.187.252

ip route 192.168.13.0 255.255.255.0 192.168.113.2


On Lexington P2P there is an entry for this network under the router eigrp config


router eigrp 101

passive-interface FastEthernet1/0

passive-interface Loopback0

passive-interface Tunnel0

network 192.168.13.0


And Louisville 4500 is using this route


D EX 192.168.13.0/24 [170/258816] via 192.168.187.252, 1w2d, Vlan1


ie. the 2851 MPLS router. Notice that the 4500 is using a router with an AD of 170.


So Lexington P2P advertises 192.168.13.0/24 to Louisville P2P. If the statics were not on Louisville P2P for 192.168.13.0/24 then Louisville would use the route advertised from Lexington. If this was the case then Louisville P2P would advertise the route to Louisville 4500 with AD 90 and all traffic for 192.168.13.x would go via the backup link.


But because Louisville P2P has statics they have better AD than route for 192.168.13.0 received from Lexington so they get installed in the routing table. So it is the statics on Louisville P2P that make the 4500 choose the MPLS route.


Confusing isn't it :-)


2) 192.168.253.0 - this is a lot simpler. Lexington P2P doesn't advertise this network to Louisville P2P and Louisville P2P doesn't have any statics for it. So the 4500 only knows how to get to this via MPLS. This network exists on the ASA but under your ASA config you only have


router eigrp 101

192.168.13.0

209.PUBLIC.220.0


This is what i meant about inconsistency.


** Edit - see previous post for explanation of 192.168.253.0/24 **


As for 209.PUBLIC.220.0. This is being advertised into EIGRP internally within Lexington. The Lexington P2P router receives this from EIGRP and then advertises it across to Louisville P2P. From Louisville P2P


209.PUBLIC.222.0/24 [90/1766912] via 192.168.113.2, 1w0d, Serial1/3


Louisville P2P then advertises this to Louisville 4500 and because the AD is 90 it is better than the 209.PUBLIC.222.0 advertisement the 4500 receives from the 2851 because the 4500 sees this as AD 170.


So how do you stop this. Well for consistency just add a static route on Louisville P2P for 209.PUBLIC.222.0/24 pointing to Lexington P2P. But obviously this is not a good solution.


I'm not trying to depress you :-), but hopefully you can see that the routing is not very predictable at the moment and we have only looked at Louisville/Lexington.


As i say there are ways to fix this but it could involve a lot of work and possible outages.


Jon

the_crooked_toe Thu, 12/18/2008 - 11:52
User Badges:

Jon,

I guess i'm in deeper *ish* than I thought...I actually just got a hold of the guy who set this up a few months ago and told him to explain how he set this all up. So we will see what sprouts from al this or what tricks he used to get this to work.


I tried adding


ip route 10.120.0.0 255.255.0.0 192.168.187.252

ip route 10.120.0.0 255.255.0.0 192.168.113.2


and still didn't have any effect on the Core router


Thanks for all your help and I'll post any findings that happen along the way

Correct Answer
Jon Marshall Thu, 12/18/2008 - 12:26
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Kenny


"I tried adding


ip route 10.120.0.0 255.255.0.0 192.168.187.252

ip route 10.120.0.0 255.255.0.0 192.168.113.2


and still didn't have any effect on the Core router"


Is the network you are trying to advertise 10.120.201.0/24 ?


If so you need to add that exact route onto Louisville P2P. Because a router will always choose the most specific route. So Louisville P2P gets an advertisement from Lexington P2P for 10.120.201.0/24 but you have added statics for 10.120.0.0/16 so Louisville P2P will use the 10.120.201.0/24 route.


Try adding to Louisville P2P


ip route 10.120.201.0 255.255.255.0 192.168.187.252

ip route 10.120.201.0 255.255.255.0 192.168.113.2


Jon



the_crooked_toe Thu, 12/18/2008 - 12:32
User Badges:

yep that did the trick...so whenever I need to add a new subnet to ANY remote city I have to add this static route...This is going to be a major PITA.


I might have to get the original network designer to come back in and re-think this out because I don't think this is very efficient.


Do you have any other suggestions?

Thanks for helping out once again.

Jon Marshall Thu, 12/18/2008 - 12:43
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Yes, that really is a very short term solution. And it still really doesn't address how the rest of the network is routing. The key thing is at the moment it is not predictable and if you lost connectivity and had to troubleshoot it would be very difficult.


It took me a while to work out what was going on, i really wouldn't want to be trying to do that with a site down. So it does need some work.


One of the key things that could really help here is summarisation. If you could get to the stage where each site had one summarisable network range (apart from the public range) then it would be a lot easier to configure. Because you are dealing in individual subnets it does mean each time you are going to have to add something somewhere. Even if we used a different method than the statics, and i don't think the statics are a good solution, without summarisation an additional subnet requires a lot more work than it should do.


What you want is a range per site and enough room for growth in that range so that once it is advertised out as a summary you can happily add more subnets and they would fall in the same range.


Have a chat with the original network designer and see what he says and then feel free to come back and discuss further.


Jon

Jon Marshall Wed, 12/10/2008 - 08:07
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Kendrik


In your topology map it shows the correct config under router bgp 64803 on the Lexington 2821 and yet the config you posted shows EIGRP redistribution.


Why is that ?


Jon

the_crooked_toe Wed, 12/10/2008 - 08:10
User Badges:

because i screwed up on making my visio diagram. I apologize for creating more confusion.

Giuseppe Larosa Mon, 12/08/2008 - 22:56
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Kendrick,

this is the same network of the other thread, isn't it ?


As Jon has explained you are facing the problem of comparing routes with different AD:

c2851 will prefer routes over eBGP session for its AD 20 < 90, at the same time routes redistributed by C2851 into EIGRP are not preferred becuase flagged as external routes D EX with AD 170, so your backup path can become the primary.

You should be able to take advantage of EIGRP capability to summarize out a specific interface: on the other side of the backup link you should summarize with the summary-address eigrp eigrp-as command: you can even make use more then one statement if necessary.


In this way, the most specific route should be used that is the one coming from eBGP on primary link and redistributed into EIGRP as D EX.


Also the site router connecting to the backup link has to summarize the site specific routes so that this link is used from the other side.


Hope to help

Giuseppe


the_crooked_toe Tue, 12/09/2008 - 06:06
User Badges:

Guiseppe, yes this is the same network. I also contacted my ISP for MPLS connection and they said nothing was abnormal. So of course it's on my end and my configuration just isn't correct.


If i understand this correctly,

I need to run the command:

summary-address eigrp eigrp-as


on each Point-to-Point router?

I'm not finding that command when I do:

conf t

router eigrp 101

summa ? - command not recognized


Attached is a network topology with all routing protocols if that helps.


Thanks again for your help




Attachment: 
Giuseppe Larosa Tue, 12/09/2008 - 09:35
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Kendrick,

this command has to be given in interface configuration mode here is the beauty of the whole thing


see

router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

router(config)#int f0/0

router(config-if)#?

router(config-if)#ip summary-address eigrp 100 172.16.0.0 255.255.0.0 ?

<1-255> Administrative distance


So you can have control of what routes are sent on backup point-to-point links


Until a most specific route is received over the MPLS Link it should be used even if it is a D EX because the most specific route is used first and then if two prefixes with same len exist it compares AD and metric


Hope to help

Giuseppe


the_crooked_toe Tue, 12/09/2008 - 09:42
User Badges:

Thanks Guiseppe,


I need every network on every link. Except, I need the MPLS to be the primary.


So Do I need to do 'ip summary-address...' for every single network i want to advertise?


I'm not completely understanding how this is going to work.


So if I do this on the 4507, will the 2851 know those networks are attached to it via EIGRP.

Giuseppe Larosa Tue, 12/09/2008 - 10:25
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Kendrick,

the feasibilty of what I'm suggesting depends from your current address plan:

a hierarchical address plan allows for summarization: a summary route still allows you to reach remote sites' ip subnets but with less details.

You can summarize if this doesn't create ambiguity:

example

if 172.25.14.0/24

172.25.15.0/24 are both associated to site M

from the other side point of view

routing to both happens in the same way

so a summary route of 172.25.14.0/23 that will take both in a single entry still allows to reach hosts in 172.25.14.0/24 and in 172.25.15.0/24 but with less detail.


If you can put your routers in the same scenario the detailed routes via MPLS Links will be preferred and used until they are alive.


If instead

172.25.14.0/24 belongs to site M

172.25.15.0/24 belongs to site N


if you create an aggregate 172.25.14.0/23 you can create problems.

If your address plan doesn't allow for some summarization other solutions are needed.

You may even think to use a second EIGRP process on backup links and have it redistributed into the main EIGRP process.


But I think you should be able to perform some summarization: the requirement is not to create a single prefix that will represent site M but few less specific routes.


Hope to help

Giuseppe


the_crooked_toe Tue, 12/09/2008 - 10:34
User Badges:

Giuseppe,

I'm still not clear on how this is going to help me out. I'm not sure how this will get the 2851 to look to the 4507 for routes.


the 2851 should look to the 4507 for EIGRP routes.

The 3660 looks at the 4507 for EIGRP routes. But the 3660 is also connected to Lexington which is giving me the looping problem.


So how do I fix the AD problem so the 2851 looks to the 4507 for the EIGRP routes instead of looking at the loop?


thanks

Giuseppe Larosa Tue, 12/09/2008 - 13:18
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Kendrich,

if I understand correctly your scenario:


2851 ----- MPLS ------- 2821---

4507 ----| |---4507

3660------ p-t-p ------ 3640---


EIGRP <> BGP <> EIGRP

EIGRP ------------------------------ EIGRP


where <> means redistribution


on the remote 2821 you need to filter the EIGRP routes so that into BGP only the local site routes are redistributed

You need to add a route-map with a prefix-list and only prefixes matching the prefix-list are to be reditributed

the loop is formed by the point-to-point link providing in the EIGRP of the remote site the same prefixes of the local site.


c2821

router bgp your.AS

redistribution eigrp your.EIGRP:AS route-map filter-routes


route-map filter-routes

match ip address prefix-list loca-routes


you need to filter everywhere


What I was suggesting is also beneficial because if out the point to point less specific routes are injected they cannot compete with local routes in doing the whole tour: it is the point-to-point link that provides a leakage path for local sites routes but if they are sent out less specific they again cannot compete with the legitimate routes coming over the MPLS link.


Probably this was suggested already by Jon the filtering based on site routes.

I would implement both methods to provide a complete control.


Hope to help

Giuseppe


the_crooked_toe Tue, 12/09/2008 - 14:28
User Badges:

ok i understand what you are saying about filtering from the routes.


Attached is the network topology.

i hate asking for handouts but can you tell me if this is the correct commands I should be putting in my 2821


conf t

route-map Filter-Routes


how do i create a pre-fix list? Which pre-fixes should I be putting in this list? The local only prefixes?


router bgp 64803

redistribution eigrp 101 route-map Filter-Routes


what do i need to remove from the current configuration? jpg attached with config



Attachment: 

Actions

This Discussion