Thanks Guiseppe. I've brought this up before in prior postings for which you replied already. The EIGRP PE-CE was a solution we have tried to push with the providers but they don't do it. I am limited to EIGRP due to our data center configuration. Our spokes use the MPLS eBGP path to our HQ where we have a VPN tunnel for datacenter traffic. However if that fails, the spokes have their own vpn tunnels which can only run eigrp. This is becoming a big problem and I've pushed for solutions, however its become mismash of configs to make this work. Were running 2 instances of EIGRP on the spokes and redistributing from one EIGRP into another so that the advertisement up the backup tunnel to the data center shows up as 170 EIGRP. The HQ VPN tunnel is also running EIGRP. THe spokes and hub talk over eBGP and we redistribute back into EIGRP. Its a mess. The EIGRP PE-CE is the only solution that seems clean and viable however noone wants to do it.

So 1 we can either redistribute between EIGRP to change the admin distance, or run a tunneling solution over the MPLS eBGP network to preserve EIGRP administrative distances.

Give me a route-map Cisco!!! :D

Hello Glen,

the spokes support BGP they use eBGP over the MPLS links.

I don't understand when you say

>> the spokes have their own vpn tunnels which can only run eigrp

I guess you have a GRE tunnel carried inside IPSEc packets.

I would consider to use eBGP also over the GRE tunnels.

Hope to help

Giuseppe

All sites that have GRE IPSEC tunnels have to run EIGRP as that's what the data center runs. The spokes have backup IPSEC+GRE tunnels to the Data centers and EIGRP runs across this. Data center won't run BGP to customer sites. That's where I am stuck. I can force the EIGRP admin distance to 170 up to the data center by redistributing from EIGRP into EIGRP but again this is messy and redistribution makes me ill. :D

So yea, I'm really stuck right now on what I can do.

I am also trying to somehow tag routes from my backup tunnel at the hub so I can deny those routes at some spokes but not others. Since the MPLS connected router runs EIGRP and BGP trying to figure out how to tag routes on the backup tunnel when they come in, then tage them again when redistributed into BGP from the hub to the spokes. I want to deny these backup routes for some spokes but not others and dont know how.

Hello Glen,

>> All sites that have GRE IPSEC tunnels have to run EIGRP as that's what the data center runs

I understood you have one or a pair of front end routers for the datacenter running only EIGRP.

What if you add two nodes one for the primary tunnels and one for the secondary tunnels that use BGP towards the remote sites and EIGRP towards the datacenter ?

the node terminating primary tunnels will redistribute into EIGRP with a better seed metric.

At the same time the remote site will have an higher BGP weight for the session on the primary tunnel/MPLS link.

The suggestion is to concentrate complexity on the datacenter to make configuration of remote sites simpler and manageable.

About last question

you can use

match tag value

set metric

notice:

set metric value for BGP

set metric value1 value2 value3 value4 value5

for EIGRP

value1 is BW, value2 is delay last value5 is mtu

so you can use

set metric 10000 1000 255 1 1500

to have a bigger metric you can increase delay

set metric 10000 2000 255 1 1500

or you can decrease the BW seed value

you can also add other set actions including set tag in the same route map clause.

Hope to help

Giuseppe