cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
908
Views
6
Helpful
3
Replies

EIGRP routing to HSRP VIP

todd.martin-02
Level 1
Level 1

I have a requirement to have EIGRP provide dynamic routing to a VIP.

I have an HSRP pair running HA IPSec.

My IPSec routers are redistributing static routes into EIGRP. packets are routed to my standby router and therefore do not get encrypted and as a result no workie workie.

is there a way to advertise the VIP address?

Thanks,

3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

Todd

If I am understanding your post correctly you have a pair of routers which are running IPSec and also running HSRP. They are running EIGRP as a dynamic interior routing protocol. Both routers are advertising routes including static routes that are redistributed into EIGRP. The problem is that some traffic is being forwarded to the standby router where you would like all traffic to be forwarded to the primary router.

I believe that fact that some traffic is forwarded to the standby router reflects the fact that both routers are advertising routes with the same metric, so some neighbors are forwarding some traffic to the standby. The easy way to solve this is to modify the configuration so that the standby router is advertising with a slightly higher metric, which will make the path through the primary router more desirable that the path through the standby router. If the problem centers on the static routes that are being redistributed then the easy solution is to change the default metric used on the standby router in the redistribution and increase either the bandwidth or the delay factor in the redistribution default metric. If the problem is more than just the redistributed static routes then you might think about using an offset list to raise the metric of routes advertised from the standby router.

HTH

Rick

HTH

Rick

Thanks Rick,

you are correct. and I have tried to set the admin distance on the standby static routes, however when a failure occurs, The floating static's wont work because when a link dies, HA IPSec will force a reload of the router. This causes the statefull failover to the standby router. ( all is good as long as the primary stays down). However it does not and in the event of a link failure, the primary will reload and come back up and again be the primary route even though it is the standby IPSec device. All traffic stops at this point until the bad link is fixed or the box is powered down.

So, This wont work either. The only solution that I think will work is one where EIGRP can have knowledge of the active router.ie HSRP VIP.

I have not looked into offset-lists yet although many have made the same recomendation.

Thanks for the post.

Todd

A couple of points about your response:

- I was not talking about admin distance and floating static routes. I was talking about changing the default metric used in the redistribution of the static routes so that the primary HSRP router would have a more favorable metric than the standby router.

- I am not sure that I understand your description of the failure scenario of link failure on the primary router.

- I am not aware of any way to make EIGRP aware of the state of HSRP. I wonder if using the feature of reliable static routing using object tracking might be a way to remove the route from the router that can not get to the destination.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: