EIGRP

Unanswered Question
Jan 5th, 2010

Hi

EIGRP supports unequal loadbalancing but applying variance command causes packet drops.

I have done as of this url

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009437d.shtml#topic1

Site_A connects to Site_B over GRE Tunnel with two different media and different bandwidth using eigrp as routing protocol.

Both GRE Tunnels terminates on Same Router.

Connection= Site_A to Site_B

Media = Ethernet using SatelliteLink

Bandwidth = 1MB

Type : GRE Tunnel

Connection= Site_A to Site_B

Media = Ethernet Using service Provider

Bandwidth = 2.5MB

Type : GRE Tunnel

If Both Tunnels are up then packet drops are seen, if anyone tunnel is up there is no packet drops.

Configuration of * Site_A *

interface Tunnel1
description "VSAT Link"
ip address 192.168.1.1 255.255.255.252
keepalive 3 10
tunnel source 10.10.10.2
tunnel destination 172.17.17.2

interface Tunnel2
description "2MB Link"
ip address 192.168.2.1 255.255.255.252
keepalive 3 10
tunnel source 192.168.100.2
tunnel destination 10.100.200.2

router eigrp 1
network 192.168.1.0 0.0.0.3
network 192.168.2.0 0.0.0.3

Any help

Thanks

ST

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Tue, 01/05/2010 - 07:51

Hello Saquid,

to perfom not equal cost load balancing you should add:

int tunnel 1

bandwidth 1000

int tunnel 2

bandwidth 2500

router eigrp 1

variance 3

in this way you have more traffic on the more capable tunnel and less traffic on tunnel 1

with your current configuration you are trying to do equal cost load balancing and you can see output drops on tunnel 1

Hope to help

Giuseppe

saquib.tandel Tue, 01/05/2010 - 08:17

Hi

After performing some bandwidth test ; i am getting 512K on Link1 and 2MB on Link 2.

I modified the tunnel config I get same packet drops.

int tunnel 1

bandwidth 512

int tunnel 2

bandwidth 2000

router eigrp 1

variance 4

On Cisco Documentation is there anywhere it states to have unequal loadbalancing you need to have a bandwidth statement.

Any input.

saquib.tandel Tue, 01/05/2010 - 10:46

Hello Giuseppe

I have amended the config as your input but there is still packet drops.

is Variance  4 correct when bandwidth is 2MB and 512K

Thanks

ST

Giuseppe Larosa Tue, 01/05/2010 - 10:57

Hello Saquib,

yes variance 4 should be fine.

Do you see packet drops only on tunnel1 or also on tunnel2 or on physical interfaces?

May  you post sh int tunnel1, sh int tunnel2 and sh int of physical interface?

Hope to help

Giuseppe

saquib.tandel Tue, 01/05/2010 - 11:16

Hello Guissepe

Please see the output

CTR_Router#sh int tunnel 2


Tunnel2 is up, line protocol is up
  Hardware is Tunnel
  Description: "2MB Link"
  Internet address is 192.168.2.1/30
  MTU 1514 bytes, BW 2000 Kbit, DLY 500000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation TUNNEL, loopback not set
  Keepalive not set
  Tunnel source 192.168.100.2, destination 10.100.200.2
  Tunnel protocol/transport GRE/IP
    Key disabled, sequencing disabled
    Checksumming of packets disabled
  Tunnel TTL 255
  Fast tunneling enabled
  Tunnel transmit bandwidth 8000 (kbps)
  Tunnel receive bandwidth 8000 (kbps)
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 2754
  Queueing strategy: fifo
  Output queue: 0/0 (size/max)
  5 minute input rate 4000 bits/sec, 7 packets/sec
  5 minute output rate 2000 bits/sec, 3 packets/sec
     13250144 packets input, 921421194 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     7854559 packets output, 1694467458 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out

=======

CTR_Router#sh int tunnel 1

Tunnel1 is up, line protocol is up
  Hardware is Tunnel
  Description:"VSAT Link"
  Internet address is 192.168.1.1/30
  MTU 1514 bytes, BW 512 Kbit, DLY 500000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation TUNNEL, loopback not set
  Keepalive not set
  Tunnel source 10.10.10.2 (GigabitEthernet0/1.12), destination 172.17.17.2
  Tunnel protocol/transport GRE/IP
    Key disabled, sequencing disabled
    Checksumming of packets disabled
  Tunnel TTL 255
  Fast tunneling enabled
  Tunnel transmit bandwidth 8000 (kbps)
  Tunnel receive bandwidth 8000 (kbps)
  Last input 00:00:00, output 00:00:01, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 122622
  Queueing strategy: fifo
  Output queue: 0/0 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 2000 bits/sec, 3 packets/sec
     24847170 packets input, 638404318 bytes, 0 no buffer
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     23024994 packets output, 780010052 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out

=====

CTR_Router##sh int gigabitEthernet 0/1


GigabitEthernet0/1 is up, line protocol is up
  Hardware is JK98980 Ethernet, address is 005r.50bb.88k1 (bia 005r.50bb.88k1)
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, media type is T
  output flow-control is XON, input flow-control is XON
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:00, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/173/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 18000 bits/sec, 17 packets/sec
  5 minute output rate 14000 bits/sec, 17 packets/sec
     341493206 packets input, 1211689319 bytes, 0 no buffer
     Received 2528374 broadcasts, 0 runts, 0 giants, 27 throttles
     1340 input errors, 0 CRC, 1 frame, 0 overrun, 1339 ignored
     0 watchdog, 0 multicast, 0 pause input
     0 input packets with dribble condition detected
     342812417 packets output, 276179600 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     135928 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

======

Giuseppe Larosa Tue, 01/05/2010 - 13:47

Hello Saquib,

the exit points are two vlan subinterfaces of giga0/1 ?

and I see that the tunnel declares a bandwidth of 8000 kbps have you removed the bandwidth commands?

What kind of device is this?

I guess an ISR, 2800 series

what IOS image is running on the box?

sh ver | inc image

Hope to help

Giuseppe

saquib.tandel Wed, 01/06/2010 - 06:08

Hi,

I have not removed the bandwidth command from the tunnels.

sh ver | inc image
System image file is "flash:c2800nm-adventerprisek9-mz.124-21.bin"

I have Two Interfaces on the Router, so both Internet links are terminated as sub-interface.

Giga 0/0 connects to LAN

Giga0/1 configured as sub-interface for Internet links.

Its a Cisco 2851 (revision 53.51) with 249856K/12288K bytes of memory.
2 Gigabit Ethernet interfaces
2 Virtual Private Network (VPN) Modules

Giuseppe Larosa Thu, 01/07/2010 - 02:01

Hello Saquid,

I would try with a different IOS image: take a 12.4T image with same feature set and let's see if there are any changes.

in the log of  router there are messages regarding changes of state of the two tunnels, I see in first post that you have configured tunnel GRE keepalive. Are the tunnels stable?

Hope to help

Giuseppe

saquib.tandel Thu, 01/07/2010 - 03:01

Hi Guislar,

Are you suspecting an IOS Issue.

If I have Either of One Tunnel UP then all is working Ok but when both tunnels are up then I get packet loss.

Due to above I configured keepalive.

For my existing IOS there are no known EIGRP bugs.

What you suggest.

saquib.tandel Thu, 01/07/2010 - 05:49

Hi,

I have changed the Router with 12.4 IOS but still the same packet drop.

System image file is "flash:c2801-spservicesk9-mz.124-11.T.bin"

Please help.

Thanks

ST

Mohamed Sobair Thu, 01/07/2010 - 10:33

Hi ST,

First the Variance command doesnt necessarly need the bandwidth statment at the interface to be modified.

The Idea is that:

Eigrp default to loadbalance across 4 equal cost paths by default, to perform un equal cost loadbalancing , then you need the variance command, How its calculated? Eigrp calculates the total metric (FD) to the reach a destination Network, IF FDs for both paths are the same then loadbalancing shoud take place, if not, then you need the variance command to place the second path in the routing table.

However, 1- with all your current config, and the variance applied, what is the default CEF loadbalancing method on the router? If its per-packet loadbalance, then disable it and let it be per-destination as per packet could result in packets recieved the destination out of order.

2- remove the tunnel keep alives from both tunnel interfaces.


3- configure (tunnel path-mtu-discovery) at both tunnels on all routers

let us know if this help,

Mohamed

saquib.tandel Thu, 01/07/2010 - 13:04

Dear Mohammed

I have done the following

1)     No ip cef

2)      No tunnel keep-alives

3)      ip mtu 1400

But still have packet loss when both tunnels are up.

Hope to get some help.

Thanks

ST

Giuseppe Larosa Thu, 01/07/2010 - 13:33

Hello Mohamed,

please consider the following facts:

Saquid's wan links are not equal in performance and type see initial post.

Here, use of variance would be wise to make possible to take in account these differences.

My first impression was that the drops were only on the slower path, for the default equal cost paths so I've suggested to use bandwidth and variance to differentiate paths to be able to put more traffic on the better link.

However, later show commands from Saquid show that output drops are present in both tunnels and actually counter is greater on tunnel going on better path.

Saquid has already tried with a different IOS release with no improvement.

To be noted that Saquid says that drops happen only if both tunnels are up and he doesn't see drops if only one tunnel is up.

We need to be sure that tunnels are stable and that no recursion happens.

Recursion is : if tunnel1 destination is advertised inside EIGRP running on tunnel1 or tunnel2.

Saquid: look at logs to see if tunnels have up/downs events also check with both tunnel up

sh ip route t1-destination

sh ip route t2-destination

the destination have to be learned by different means then the EIGRP protocol running on the tunnels.

This is the requirement for stable tunnels and correct routing. Eventually EIGRP routing needs to be tuned (route filtering)

Hope to help

Giuseppe

saquib.tandel Thu, 01/07/2010 - 14:03

Hi Giuslar

i tested what Mohammed inform but that didnt help, now config is back as per your last input.

I have one EIGRP Process so how could recursive happen.

If I do show IP route 10.10.10.0 it shows reachable via Tunnel1 and Tunnel2

what are other means to check tunnel stability and you shed more lights on route-filtering an if needed in my case.

Thanks in advance.

ST

Giuseppe Larosa Thu, 01/07/2010 - 14:43

Hello Saquib,

when I mean tunnel destination I mean the public IP address that will receive the GRE packet.

you need to check tunnels stability and that tunnel destinations = public ip addresses are not advertised in EIGRP.

use

sh log

sh ip route t1-destination

sh ip route t2-destination

we need to verify all possible causes, also you may want to use extended ping to verify reachability of these destinations.

However, problems in the public network would result in lost packets in transit not in output drops on the GRE tunnels

Also important, are these GRE tunnels protected by IPSec? = are you using crpyto maps to encrpypt GRE packets for security

in this case (if using IPsec) can we check with sh diag that the VPN module is present in the ISR router?

Hope to help

Giuseppe

saquib.tandel Fri, 01/08/2010 - 03:50

Thanks Giuseppe for all help

When packet drop was noticed I removed the IPSEC from the GRE Tunnel.

As of now its only GRE Tunnel. Public IP are not advertised in EIGRP

I have retested reaching my next hop and reaching public IP on other side but didnt find any packet loss.

Did extended ping but no packet drop.

If I have both tunnels with equal bandwidth then what config is reqd for OSPF instead of EIGRP

Thanks

ST

Actions

This Discussion