Enabling Routing in production network

Unanswered Question
May 22nd, 2010
User Badges:

Hi All,


I have to enable dynamic routing protocol (pref EIGRP) on my network whcih is working with static routing now. I am attaching the Network Diagram and the details of the requirement.


At each sites I have 2x6509E Core switches, 2 routers and 3 WAN links (Pleaes find the attachment)


Router 1 - Link 1 - MPLS Link from Telco 4Mb
Core Switch01- Link 2 - Private Link on Tunnel Interface
Router 2 - Link 3 - 2 Mb DLL Link from Telco



Now i need to run Dynamic routing protocol (pref EIGRP) from Core Switches. I want to make the Link 1 as the primary route for user range and Link 2 as the back up. Link 1 as the backup for the server ip range and Link 2 as the Primary.
Link 3 as the back up for both servers and users.



Before I start i would like mention one thing that, i have a doubt about the WAN Link 2 (Private Link), that the parent organisation, who is the owner of the private link, is using Eigrp at their huge backbone. If they use Eigrp and they are not willing to perr with my EIGRP, then i may have to change my protocol to some thing other right?


I need to check with them and I will update about this ASAP.


I am breaking down my task in to multiple steps.


Kindly find some time to reveiw this and correct me if i am wrong or i am missing some thing, also help with your inputs.


Task 1) Running EIGRP / OSPF in the Core Switch-1 and 2 at site-1 and then site-2. (All are under same AS or Area 0)


Task 2) Running EIGRP / OSPF in the WAN Router-1 and 2 at site-1 and site-2


Task 3) Redistribute EIGRP / OSPF route in to Telco BGP and Redistribute BGP in to EIGRP / OSPF at WAN Router-1 (4Mb MPLS Link Router) at site-1 and site-2.
(need some help on the redistribution part)


Task 4) I want to give first preference to the 4 Mb MPLS Link, any traffic originating from my user LAN at site-1 going to any where in Site-2 should take the 4 Mb MPLS Link first. And if this fails all traffic should pass to Link2 on Core Switch-1 (Private Link on Tunnel Interface). (need clarity on how to do this task)


(I guess, since it is a redistributed route this will be an external route for the EIGRP / OSPF domain. WAN Link-3 at Router-2 (2Mb DLL Link) is a point-to-point link and chances are there to get prefernce for this route)


Task 5) The WAN Link-2, which is terminated at Core Switch-1 at Site-1 and Core Switch1- at Site-2. As of now, I am using a PBR on the Core switch-1 and pushing all traffic originating from my server ip range (192.168.50.x/24) at site-1 going to server ip range (192.168.100.x/24) at site 2 to this Link.


After implementing the routing I want this link remians as the primary for the server to server communication between site-1 and site-2. Also should work as a backup link incase Link-1 (4Mb MPLS Link) failed. All traffic at that point should flow through this link.
(need clarity on how to do this task)


Task 6) In worst case if both Link 1 (4 Mb MPLS Link in Router-1) and Link-2 (Private Link on Tunnel interface in Core Switch-1) are failed the whole traffic should go to the 3rd Link in WAN Router-2 (2 Mb DLL Link).
(need clarity on how to do this task)



Dear friends, I know that it is a huge list of task and is not easy too, i need your kind help in this, kindly find some time to work with me on this, i need your kind support please.


Apreciate your valuable inputs.


Thanks and regards
Sunny


Message was edited by: Sunny Sam


Message was edited by: Sunny Sam

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Ganesh Hariharan Mon, 05/24/2010 - 05:07
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hi Friends,


I need your kind input on the below-

I have to enable routing from my core switches. Attaching the network setup. The dynamic routing protocol which i would be runnig is EIGRP. I have a 2 Mb dedicated link and 4 Mb link over MPLS. Want to do load balance between the total 6Mb. As of now static routing is conifugred on the core switch and on the router where MPLS is terminated is running static routing only, but in 2 Mb LL router i can see some ospf instance running same time with some static routes also. 


Core are configured with HSRP and Routers are also in HSRP to provide redunancy. Config as follows-


MPLS Router-


interface GigabitEthernet0/0

description *** MPLS VPN Link ***

!

interface GigabitEthernet0/0.752

encapsulation dot1Q 752

ip address 172.31.209.110 255.255.255.252

!

interface GigabitEthernet0/1

ip address 192.168.62.1 255.255.255.240

duplex auto

speed auto

media-type rj45

standby 0 ip 192.168.62.3

standby 0 priority 110

standby 0 preempt

standby 0 track GigabitEthernet0/0.752 20

!

router bgp 64730

no synchronization

bgp log-neighbor-changes

network 192.168.0.0 mask 255.255.192.0

network 201.200.200.0

neighbor 172.31.209.109 remote-as 65000

no auto-summary

!

ip forward-protocol nd

ip route 192.168.0.0 255.255.192.0 192.168.62.4

ip route 201.200.200.0 255.255.255.0 192.168.62.4




2Mb LLD Router


interface Multilink1

ip address 192.168.1.33 255.255.255.252

ppp multilink

ppp multilink group 1

!

interface GigabitEthernet0/0

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/1

description *** Link to Core Network ***

ip address 192.168.62.2 255.255.255.240

duplex auto

speed auto

standby 2 ip 192.168.62.3

standby 2 track Serial0/0/0:0 20

!

interface Serial0/0/0:0

no ip address

encapsulation ppp

no fair-queue

ppp multilink

ppp multilink group 1



Hi Sunny,


Check out the policy based routing in cisco switches to use both the links with configuring acl and mapping route maps in switches to select the traffic to whihc link needs to select.


http://www.itsyourip.com/cisco/how-to-setup-ip-policy-based-routing-in-cisco-routerios/


http://www.petri.co.il/how-to-use-cisco-ios-policy-based-routing-features.htm


Hope to Help !!


Ganesh.H


Remember to rate the helpful post

Jacob Samuel Sun, 05/30/2010 - 01:12
User Badges:

Hi Friends,


Thanks for the update. I have made some changes in the post regarding enabling EIGRP (ignore reading the lines marked in Red, i have decided to postpone this activity for some time).


Before enabling EIGRP I would like to know as per my current configuration (which is there in the post and diagram attached), can i acheive Redundancy?


Kindly need your valuable input.


regards

Sunny

Ganesh Hariharan Sun, 05/30/2010 - 22:43
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hi Friends,


Thanks for the update. I have made some changes in the post regarding enabling EIGRP (ignore reading the lines marked in Red, i have decided to postpone this activity for some time).


Before enabling EIGRP I would like to know as per my current configuration (which is there in the post and diagram attached), can i acheive Redundancy?


Kindly need your valuable input.


regards

Sunny


Hi Sunny,


Redundacy at which level as you have two core switch with FWSM module and two switches and two different isp routers,so if we conclude we have hardware redudncacy at each leavel now comes the part for logical flow redundancy.


You can achive if the traffic comes from lan to other site first at firewall level making cluster configuration in active/passive mode with inter chassis failover configuration and then traffic will be going two one of the isp router that can be achive by policy based routing configuration for which i have given the link in my previous post.


Check out the below link for active/standby failover configuration in FWSM


http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/fail_f.html


Hope to Help !!


Ganesh.H


Remember to rate the helpful post

Jacob Samuel Sun, 06/06/2010 - 02:36
User Badges:

Hi Friends,


There is chagne from the customer requirement, so that i changed the content in the main thread.

Kindly have a look at the the main thread please.


Appreciate your valuable input


Thakns and regards

Sunny

Giuseppe Larosa Tue, 06/15/2010 - 11:51
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Sunny,


if you use eBGP over the primary link as you have noted you will get external routes from the primary link.

OSPF has a strict hierarchy of routes that is built-in. EIGRP uses an higher admin distance (170) for external routes.


if using the same IGP (same protocol same AS number) on the MPLS L3 VPN link is not an option the only way is to have external routes on all links.


To achieve this you can:

use a different EIGRP AS number (this answers also the question of not mixing your EIGRP with that of parent company)

or a different OSPF process-id.


There is also another difficulty to deal with:

the links are connected to different devices of the two sites, specially the third link in red the VPN looks like to be on the opposite side of the FWSMs


Are the blades in use?


All the links should be on the same side or the firewall, if I understand correctly the VPN tunnel is for creating a point to point link over the BIG company intranet.


So all routes have to be external with a clear hiearchy


EIGRP requires 5 values for the seed metric. BGP can use network command instead of mutual redistribution (recommended)


default-metric


on primary link


AS 100 is EIGRP domain in site, AS 200 is used between sites on links #2 (vpn), links#3 (2 Mbps)



router eigrp 100

red bgp 65000 route-map site2_routes

default-metric 100000 10 255 1 1500

! network commands for  internal subnets



second link on VPN


two EIGRP processes


router eigrp 100

red eigrp 200 route-map site2_routes

default-metric 5000 500 255 1 1500


router eigrp 200

red eigrp 100 route-map site1_to_site2

default-metric 5000 500 255 1 1500


third link:



router eigrp 100

red eigrp 200 route-map site2_routes

default-metric 500 5000 255 1 1500


router eigrp 200

red eigrp 100 route-map site1_to_site2

default-metric 500 5000 255 1 1500



note:

values may need to be tuned in order to have the correct hierarchy of paths (for the different nodes where the links are connected)


In my opinion with OSPF you could get more control over the links because metric is simpler to calculate


primary link


router ospf 100

red bgp 65000 subnets route-map site2_routes type 1

default-metric 10



secondary link


router ospf 100

red ospf 200 subnets route-map site2_routes type 1

default-metric 1000



tertiary link



router ospf 100

red ospf 200 subnets route-map site2_routes type 1

default-metric 2000



this is  easier to understand then EIGRP but the idea is the same


you will still need the PBR to divert server traffic where you want




Hope to help

Giuseppe

Actions

This Discussion