load balancing with eigrp

Unanswered Question
May 3rd, 2010

I have attached a diagram to get a better visual understanding of this.

We have 2 core switches on the LAN and a router facing a private network (wan).  We currently a physical connection from Core2 to the router, it is trunked as it carries a demarc vlan (231) and a vlan for waas (232), there is eigrp peering between the core router and core switch.  We also peer between the 2 core switches with vlan231 (see attached diagram).

We are now looking to connect Core1 to the wan router for redundancy purposes and we are looking for a "best practice" to implement this.

The proposal is to add a new demarc vlan (233) between Core1 and the router for eigrp peering AND also introduce V233 to the core switch peering (in addition to vlan231)... see red text in the diagram.

In order to force traffic to the wan to go through Core2, we are looking to increase the cost between Core1 and the router.

Any suggestions on the above proposal?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Mon, 05/03/2010 - 09:26

ronshuster wrote:

I have attached a diagram to get a better visual understanding of this.

We have 2 core switches on the LAN and a router facing a private network (wan).  We currently a physical connection from Core2 to the router, it is trunked as it carries a demarc vlan (231) and a vlan for waas (232), there is eigrp peering between the core router and core switch.  We also peer between the 2 core switches with vlan231 (see attached diagram).

We are now looking to connect Core1 to the wan router for redundancy purposes and we are looking for a "best practice" to implement this.

The proposal is to add a new demarc vlan (233) between Core1 and the router for eigrp peering AND also introduce V233 to the core switch peering (in addition to vlan231)... see red text in the diagram.

In order to force traffic to the wan to go through Core2, we are looking to increase the cost between Core1 and the router.

Any suggestions on the above proposal?

Ron

Why are you using subinterfaces on the WAN router rather than simply using L3 vlan interfaces on your switches ?

The way i would set this up would be to have all vlans routing on the L3 switches then have routed P2P links from the L3 switches to the WAN router rather than use subinterfaces.

Also why do you want to prefer one path over the other, is there a reason for this ?

Jon

Giuseppe Larosa Mon, 05/03/2010 - 11:27

Hello Ron,

you can add a point to point L3 link between core1 and WAN router or you can use a new demarc Vlan 233 if you like.

In any case I don't see any advantage on extending the new vlan 233 to core2, this would mean to use core1 as a L2 switch when sending traffic from core2 to WAN router and from WAN router to core2.

So you  should use Vlan 233 only between core1 and WAN router.

Between core1 and core2 I would deploy an etherchannel carrying  vlan 231 and othe Vlans if needed (not vlan 233) or a L3 ethechannel.

Doing so would allow to easily make Vlan 333 a backup path by increasing delay on SVI Vlan 233 interface and on WAN router subinterface.

Because EIGRP metric is cumulative on delay an inversely proportional to lowest Bandwidth on overall path changing delay settings is the more secure way to build a backup path in EIGRP.

Jon: Ron has mentioned a WAAS appliance connected in a dedicated Vlan, this could be the reason for the presence of the WAN router instead of connecting multilayer switch to private WAN (it is not clear from network diagram what type of WAN link is, if true WAN this also is a reason to deploy the WAN router if the core switches are not C6500 that can host WAN capable modules like flexwan or SIP/SPA ).

If the WAAS - router interaction is based on WCCP this could be supported also by core switches.

Hope to help

Giuseppe

ronshuster Mon, 05/03/2010 - 12:57

We have a broadcasted ethernet WAN and we are slowly decommissioning the router facing WAN and connect our core switches (either 3750 or 6500, depending on the site) directly to the WAN...Our core routers do support wccp, so that works well.

Giuseppe, your recommendations is what I had in mind...

For now, I will create a v233 between core1 and the wan facing router and increase the delay such that eigrp will prefer to go via core2.

Another note, we also have gre tunnels across the Internet (over ipsec) to our main site in case the wan fails we have eigrp peering with the gre's.

We will have core2 to the WAN is the main preference

                   core1 to the WAN is the second preference

                   gre across the Internet as the last resort.

and have the WAAS connected to both cores on the same vlan.

that should work

Actions

This Discussion