Currently, I have a 7609 that is multihomed to two different ISP's doing BGP load sharing. My 7609 is also running EIGRP for internal routing in an EIGRP AS comprised of about 30 EIGRP enabled layer3 switch's. All layer3 switch's use my 7609's EIGRP interface as the default route ip for internet access.
My question is, I am fixing to purchase another 7609, and split my BGP peers, each 7609 peering with one ISP. I need to load balance internally, where by the default-route IP will be asscotiated with each 7609 and my outbound traffic load will be split between the two.
I have looked into GLBP, but don't know how it will work with EIGRP? Also, my path needs to be able to failover incase one of my BGP peers goes down.
Any suggestions would be appreciated!
GLBP/HSRP are generally used for end hosts.
How will the 2 7600 routers be connected to the internal LAN and how are the internal routers connected. If EIGRP see's 2 equal cost paths it will load-balance over both links but it's difficult to say whether it will see 2 equal cost paths without understanding how the routers are interconnected.
That is what I am trying to figure out..how they will be connected to the internal LAN/MAN, load balancing the outgoing traffic correctly.
Right now, I allocate a layer2 VLAN for my EIGRP AS, across my entire MAN. Each router/layer3 switch, as well as my 7609, are all in the same subnet configured on SVI's. Each access layer switch, has a default route to my 7609.
Somehow, when I add in the second 7609, I need to be able to split the load for all outgoing traffic, without going to each access layer switch and manually specifing a different default gateways.
I was thinking about GLBP, where by I have a virtual IP, that is the default gateway and the 2 7609's communicate with two different IP's in the same EIGRP subnet, so they can still peer with my other EIGRP routers.
Or doing some sort of EIGRP load balancing....I just don't know how that would work considering my default route. Would I some how inject default routes into EIGRP from both of my Core routers (using different IP's), where each EIGRP neighbor would see 2 equal cost routes in its
EIGRP database and forward accordingly?
Please let me know if I have answered your question.
Totally agree with Giuseppe here. The only reason i could see for not needing an IBGP session between the 2 7600's would be if you were actually receiving the default-route from your ISP(s) and redistributing into EIGRP. If one connection went down then it would automatically lose the default-route.
But if you are injecting the default-route into EIGRP on the 7600's then go with the IBGP session as suggested by Giuseppe.
I currently do receive the entire routing table from both ISP's and I was planning on running iBGP between the two.
The reason I am having to do this is because the processor on my SUP720-3BXL is starting to get to high and I am needing to split the my traffic load.
I really appreciate your help, Jon.
I would have both C7609 that advertise an EIGRP default route with same parameters in normal conditions.
Then you need to add an iBGP session between them so that they can know about the other's eBGP session: in case of failure of the direct eBGP session they can send traffic to the other 7609.
GLBP is not useful in this scenario as explained by Jon.
Hope to help
Thanks! Yes, I planned on running iBGP between my 2 7609's for BGP fail-over.
It was EIGRP I was having the issue with. So, for instance, both of my 7609's would have different EIGRP LAN/MAN side IP's. Then I would just inject a default route into EIGRP from both 7609's and that is it?
Currently, I have a static default route configured on my EIGRP neighbors, but I will need to change the way i do this by a default route injection. I know I can redistribute a static route or summarize to 0.0.0.0/0 on the 7609's. Can you tell me which way would be the right way to do this and how might my routes look like on the EIGRP nieghbors?
I appreciate your help!
there are different ways to generate the default routes in both 7609 in EIGRP.
At the design level I would have a 2 to 4 GE etherchannel between the two 7609 for the iBGP session.
I would use a dedicated link to be sure you can move traffic from one C7609 to the other as needed.
For the default route:
an idea could be the usage of ip default-network based on the two links to the ISPs:
if the links are alive likely are also eBGP sessions.
Unfortunately with EIGRP you cannot call a route-map to check the presence of eBGP routes as a condition to generate the default route.
the network used for ip default network has to:
a) be in a different major network (A,B,C)
b) be in a routing table (this is fine is a connected)
c) be in a network command within EIGRP process
this will generate a D * route for the network that means a flag for a network to be used as exit point.
if the link fails the flagged route should be withdrawn and all traffic should to go to only one 7609.
If the link is up but the session eBGP is down traffic has to go on the etherchannel link.
On the other end using a simple summary route to 0.0.0.0/0 out lan ports to internal L3 switches is simpler but then they will always be alive regardless of the state of the link and of the eBGP session.
using the same parameters should provide to the L3 switches the capability to install both paths
note: to reduce inter-switch traffic you may consider to use a neigh weight command towards eBGP neighbor on each c7609 otherwise the best BGP path for each destination will be used (unless you use a filter on iBGP session)
Hope to help
Let me get this straight.. So on my Core routers, on the EIGRP participating interfaces, I would just put a "ip summary-address eigrp 100 0.0.0.0 0.0.0.0", and all my EIGRP peers will have TWO dynamic routes showing somthing like: "D* 0.0.0.0/0 [1/0] via 172.16.15.1" & "D* 0.0.0.0/0 [1/0] via 172.16.15.2", and all my outbound traffic will be load-balanced between both 7609's?
As far as communicating between both routers for eBGP failover, I was just going to have 2 trunk links to both 7609's sourced from one 6500 and Peer to Loopback address's configured on both 7609's. Will this not work for me? I don't have a problem doing Etherchannel if not...
Oh, by the way, I currently do weight my received routes from each peer, via route maps, to help equalize the BGP load sharing. I just didn't know if I would have to do that anymore, considering EIGRP would be doing my load-balanceing between each BGP peer.
yes the neighbors will see two
D * 0.0.0.0/0 [xx/yy] and should load balance over them.
for inter c7609 if you have two separate trunk links you need to play with STP per vlan cost to use both or only one link will be used. The suggestion of an etherchannel is just that not a requirement.
About BGP: if you enable iBGP and the two C7609 share the upstream ISP full BGP tables you still need to take some decisions about how you want the two to use all this routing information: without no weigths each router can compare the eBGP route with a BGP route via the iBGP session: if they have same parameters the eBGP session is preferred but if for a prefix ISP2 has a better router C7609_1 can send to C7609_2 to ISP2.
To avoid this is just enough to use weight only on the eBGP neighbor session.
Hope to help
its really nice interesting discussion :)
by the way
what about if you make IBGP peering between internall L3 switches and the edge routers
and now you can simply play with local prefrence to infororce route to use whatever link you want
whihc will give more flexabilty to achieve load sharing
this is for outbound
for returning traffic u can use for example as prepend to control it as well
just another idea
extending iBGP to the internal L3 switches without filters would load the switches with a full BGP table that they could be unable to support. (likely because now a full table is in the order of 270K routes)
Using iBGP to send out only a default route to internal L3 switches could give a control option using local preference on internal L3 switches but then you could need again to reroute to the other C7609 if you want to perform optimal routing.
So this looks like a small advantage I would still use a default route in EIGRP accepting some traffic between the two C7609.
for inbound traffic As path prepending can be used to try to influence the return path.
Hope to help
Two trunk links to two different 7609's, with EIGRP load balanceing outbound traffic to each gateway(different MAN side IP's), should work without any vlan cost requirements, I would think? I mean, RSTP show be forwarding down each trunk link, considering the 7609's would not be directley connected, thereby not creating a loop where STP blocks a link? Maybe I am not thinking correctly...
Also, each 7609 would connect to a different ISP, not share the same. Each 7609 would recieve the full routing table from 1 dissimilar peer. So, that being said, wouldn't outbound traffic from my MAN be load-balanced between the two?
Yes, I will still weight my recieved routes from my eBGP peers. I guess iBGP will see that a higher weighted route is on the other iBGP peer and do an IP re-direct of sorts? I guess that might not be good, considering outbound traffic might be directed towards 1 gateway via EIGRP, then turn right back around and be re-directed back down the same trunk link via iBGP? I guess thats where the inter-switch link traffic issue could come into play?
my suggestion is to add a direct link made of an etherchannel between the two c7609 directly then all L3 switches can connect to the two 7609 with other links as you prefer.
You can also use a L3 direct link between them.
if you give more credit weight to eBGP neighbor the iBGP session will be used likely only for backup but there is an important note:
you receive two different full tables.
For a given destination address each table has a prefix that matches but be aware that the two prefixes can be different in prefix len.
isp1 provides prefix 22.214.171.124/16
isp2 provides prefix 126.96.36.199/17
C7609_1 has a direct eBGP session with isp1 and an iBGP session with C7609_2 that propagates ISP2's prefix.
In any case the most specific prefix is used: so even if 188.8.131.52/16 has weight 500 prefix 184.108.40.206/17 is installed also and used.
To deal with this case that are possible but not highly probable I suggest to provide a good direct link between the two C7609.
Hope to help
Thanks for all your help! I won't bug you any longer. I think I have enough here to try things out... Have a good one!