If I am understanding your post correctly you have a pair of routers which are running IPSec and also running HSRP. They are running EIGRP as a dynamic interior routing protocol. Both routers are advertising routes including static routes that are redistributed into EIGRP. The problem is that some traffic is being forwarded to the standby router where you would like all traffic to be forwarded to the primary router.
I believe that fact that some traffic is forwarded to the standby router reflects the fact that both routers are advertising routes with the same metric, so some neighbors are forwarding some traffic to the standby. The easy way to solve this is to modify the configuration so that the standby router is advertising with a slightly higher metric, which will make the path through the primary router more desirable that the path through the standby router. If the problem centers on the static routes that are being redistributed then the easy solution is to change the default metric used on the standby router in the redistribution and increase either the bandwidth or the delay factor in the redistribution default metric. If the problem is more than just the redistributed static routes then you might think about using an offset list to raise the metric of routes advertised from the standby router.
you are correct. and I have tried to set the admin distance on the standby static routes, however when a failure occurs, The floating static's wont work because when a link dies, HA IPSec will force a reload of the router. This causes the statefull failover to the standby router. ( all is good as long as the primary stays down). However it does not and in the event of a link failure, the primary will reload and come back up and again be the primary route even though it is the standby IPSec device. All traffic stops at this point until the bad link is fixed or the box is powered down.
So, This wont work either. The only solution that I think will work is one where EIGRP can have knowledge of the active router.ie HSRP VIP.
I have not looked into offset-lists yet although many have made the same recomendation.
- I was not talking about admin distance and floating static routes. I was talking about changing the default metric used in the redistribution of the static routes so that the primary HSRP router would have a more favorable metric than the standby router.
- I am not sure that I understand your description of the failure scenario of link failure on the primary router.
- I am not aware of any way to make EIGRP aware of the state of HSRP. I wonder if using the feature of reliable static routing using object tracking might be a way to remove the route from the router that can not get to the destination.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...