03-19-2009 03:49 PM - edited 03-06-2019 04:42 AM
Hi,
I have a weird situation,
There is a Webserver located on Site-Y, when users on Site-X try to access it ; the traffic goes
via VPN Tunnel (( site A )) and returns back same path.
I wanted all traffic for Site-Y initiating from Site-X should go via FR_RTR
How could I resolve it...
Attached is network diagram and config of Site-X and Site-Y
03-19-2009 04:22 PM
You haven't posted enough information to be certain (e.g. VPN routers configs), but its likely if you're running OSPF both via frame-relay and via VPN, the VPN paths OSPF cost is less or the cost is the same. (If the cost is the same, traffic should normally alternate paths.)
03-19-2009 04:49 PM
Thanks for your reply.
I didnt get what you mean, my requirement is that "Traffic for site-Y initiated from Site-X should be via FR-RTR and traffic for Site-A initiated from Site-x should go via VPN Tunnel...
Plz help
03-19-2009 05:47 PM
Yes I understand, but you did not post enough information to be certain what the issue is. From what you did post, I suspect Site-X sees reaching Site-Y is "better" going via Site-A, and the same for the converse.
03-20-2009 01:19 AM
Hello Ronald,
Joseph is right we can only guess that the OSPF best path is via the vpn tunnel.
take two subnets as example and provide
sh ip route X
sh ip route Y
there are chances that the path over the VPN sees only LAN interfaces, instead the FR path sees a low bandwidth serial interface and so the cost via FR is higher.
How is the VPN made ? Are you using a GRE tunnel protected by IPSec ?
using sh ip ospf interface of all involved interfaces you can find a confirmation to our guess.
Another possible reason is a comparison between different types of OSPF routes
Hope to help
Giuseppe
03-20-2009 05:27 AM
Thank to all for your reply.
Yes we have GRE tunnel protected by IPSEC
when I do sh ip route 192.168.99.0 it goes via GRE-tunnel rather than FR_RTR
Frame_Relay connection is 1MB
GRE_IPSEC Tunnel is 2MB to site_A
From Site_Y GreIPSEC tunnel is 2MB to Site_A
Is it a good idea to run EIGRP for FRame_relay Router and OSPF with GRE_IPSEC...
can someone help with sample configuration on cisco_doc_link
03-20-2009 05:39 AM
Hello Ronald,
the FR path is less preferred for its lower bandwidth.
If you want to move only part of traffic you can use PBR to send some traffic over the FR link.
if you use EIGRP over the FR link all traffic will go via the FR link for the lower administrative distance.
I think you can achieve some load sharing using PBR
see
the idea is to configure a route-map that invokes ACLs to define traffic to be redirected.
Hope to help
Giuseppe
03-20-2009 05:27 AM
Thank to all for your reply.
Yes we have GRE tunnel protected by IPSEC
when I do sh ip route 192.168.99.0 it goes via GRE-tunnel rather than FR_RTR
Frame_Relay connection is 1MB
GRE_IPSEC Tunnel is 2MB to site_A
From Site_Y GreIPSEC tunnel is 2MB to Site_A
Is it a good idea to run EIGRP for FRame_relay Router and OSPF with GRE_IPSEC...
can someone help with sample configuration on cisco_doc_link
03-22-2009 04:56 AM
You could tweak the OSPF cost of the FR cloud to make it the preferred route from X to Y. However, you may also have to tweak costs of GRE tunnels to site A to ensure that traffic from A to Y still uses the GRE.
If you provide the reference bandwidth being used in OSPF process then I could provide a solution as described above. Default RBW is 100Mb.
03-22-2009 11:03 PM
Thanks for your reply.
GRE Tunnel = 2MB
FR=1MB
I hope this is the informtaion you needed.
Plz can u provide the solution as u explained
03-23-2009 04:30 AM
Currently the cost from Site X to Site Y via FR cloud is 100 (assuming your using default reference bandwidth). The cost from Site X to Site A would be 50. The cost from Site A to Site Y would also be 50. So, you can see, there is actually equal path costs from X to Y right now. By default your traffic should be load balanced per flow (based on source/destination IP address). If from your Core device at Site X you issue a "show ip route y.y.y.y" for some network at Y, there should be two valid equal path routes. Do you get that?
If so, the following changes will correct this and allow Site X traffic to use the FR cloud as the primary route to Site Y, but failover to use the VPN should the FR cloud go down.
===============
Site X FR-RTR
===============
conf t
interface Serial0/0/0.2 point-to-point
ip ospf cost 80
end
wr
===============
Site Y FR-RTR
===============
conf t
interface Serial0/0/0.2 point-to-point
ip ospf cost 80
end
wr
03-23-2009 11:30 AM
Hi,
Today Cisco System Engineer try to tackle the issue but no luck and recommended to have EIGRP running on Frame-relay cloud only and OSPF on LAN & GRE with IPSEC.
what do you suggest.
03-23-2009 01:25 PM
Hello Ronald,
using two different routing protocols that offer comparable routes (same prefix and same prefix len) build a primary and backup path:
EIGRP is preferred over OSPF and this is different from what you want.
I think you should try the suggestions from Ryan.
OSPF metric is simply the sum of individual costs so if all links are in the same Area for OSPF you should be able to move traffic as you like.
if the paths are in different OSPF areas however, the OSPF hierarchy makes O routes preferred to O IA routes regardless of metric.
Edit:
I've reviewed the attached configurations and all paths are in OSPF area 0 so tayloring the metrics is possible.
Randy has given you an example of the approach to be used.
the cost of the FR link has to be less then going twice through the GRE tunnels
Hope to help
Giuseppe
03-24-2009 08:26 AM
Thanks Giuseppe & Ryan
But after trying the cost still it doesnt seems to work.
03-25-2009 03:48 AM
Can you provide the routing tables of your core devices? At least the routing entries we are concerned with...I am sure we can solve this problem.
Thanks,
Ryan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide