Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
442
Views
30
Helpful
10
Replies

CEF Load sharing.

examples20001
Level 1
Level 1

‎02-13-2006 05:04 AM - edited ‎03-03-2019 11:44 AM

Hi

I have two location`s with 2801 and both sides have 2 isp connections to internet and site-to-site VPN connection on both the links and both locations, each link should be load balanced and act as failover in case one goes down.

The links are 2 Mbps each to the internet, 1 tunnel running on each of the links.

1 WIC card which has 2 serial connections and 1 ISP connected to s0/1/0 and the other connected to s0/1/1.

Each link has a tunnel to the other side, and they have to do load balancing and failover.

Doing cef load-sharing algorithm for tunnels, using eigrp. We have 2 static routes with same metric and using IPSec on GRE tunnels.

How to achive my requiremts as per the attached diagram and above explanation?

Any help please...

Sample test config from Loaction A. Same settings in Location B also, except the ip address.

!

ip cef

ip cef load-sharing algorithm tunnel

ip ips po max-events 100

ip domain name x.com

ip name-server x.x.x.x

!

crypto isakmp policy 10

encr aes

authentication pre-share

group 5

!

crypto isakmp key sdfdafadfa address x.x.x.x

!

crypto isakmp keepalive 30 10

!

crypto ipsec transform-set test esp-aes 256 esp-sha-hmac

!

crypto map xxx-map 10 ipsec-isakmp

description Tunnel to Location1

set peer x.x.x.x

set transform-set xxx

set pfs group5

match address xxx-tunnel

!

interface Tunnel10

description ISP A-tunnel

bandwidth 2048

ip address x.x.x.x

tunnel source x.x.x.x

tunnel destination x.x.x.x

!

interface Tunnel20

description ISP B-tunnel

bandwidth 2048

ip address x.x.x.x

tunnel source x.x.x.x

tunnel destination x.x.x.x

!

interface FastEthernet0/0

description "lan1"

ip address x.x.x.x

ip access-group inside in

ip nat inside

ip virtual-reassembly

speed 100

full-duplex

!

interface FastEthernet0/1

no ip address

ip virtual-reassembly

duplex auto

speed auto

!

interface Serial0/1/0

bandwidth 2048

ip address x.x.x.x

ip access-group outside in

ip nat outside

ip virtual-reassembly

shutdown

no fair-queue

clockrate 2000000

crypto map xxx-map

!

interface Serial0/1/1

mtu 6000

bandwidth 2048

ip address x.x.x.x

ip access-group outside in

ip nat outside

ip virtual-reassembly

load-interval 30

crypto map xxx-map

!

router eigrp 10

redistribute connected route-map xxx

network x.x.x.x

auto-summary

!

ip classless

ip route 0.0.0.0 0.0.0.0 x.x.x.x

ip route 0.0.0.0 0.0.0.0 x.x.x.x

!

ip nat inside source route-map ISP A interface Serial0/1/1 overload

ip nat inside source route-map ISP B interface Serial0/1/0 overload

!

ip access-list extended XXX

permit ip x.x.x.x x.x.x.x any

!

ip access-list extended xxx-tunnel

permit gre host x.x.x.x host x.x.x.x

permit gre host x.x.x.x host x.x.x.x

Labels:
Preview file
20 KB
0 Helpful
10 Replies 10

lgijssel
Level 9
Level 9

‎02-13-2006 05:25 AM

If you are running GRE, you might as well enable EIGRP on the links. One big advantage of GRE tunnels is that they forward the eigrp multicast traffic. This will operate much more reliable than static routes.

To achieve this, you should add the tunnel-networks to eigrp 10.

Regards,

Leo

examples20001
Level 1
Level 1
In response to lgijssel

‎02-13-2006 05:43 AM

Thank you for the reply.

Is my sample test config the best solution or is there any other better method?

router eigrp 10

redistribute connected route-map test1

redistribute static route-map test1

network x.x.x.x

auto-summary

test1 incules the tunnel-network ACL.

0 Helpful

lgijssel
Level 9
Level 9
In response to examples20001

‎02-13-2006 05:52 AM

Generally speaking, the simplest solution is often the best one. I do not exactly know why you think you need the redistribute-lines for.

I would start with the following:

router eigrp 10

network x.x.x.x (your LAN side)

network

network

no auto-summary (required when you are using subnets from the same network)

Then check your routing table and add redistribution only when equired.

Regards,

Leo

Harold Ritter
Cisco Employee
Cisco Employee

‎02-13-2006 05:36 AM

CEF per-destination (per-flow) will happen by default in this scenario. As long as there is a sufficient number of flows, traffic should statistically be loadshared equally between the two links to your SPs.

One thing you should make sure of is that you have a static route for the destination ip address of tunnel10 to ISP-A and another one for tunnel20 to ISP-B. It should go something like this:

ip route 255.255.255.255 se0/1/0

ip route 255.255.255.255 se0/1/1

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Harold Ritter
Cisco Employee
Cisco Employee
In response to Harold Ritter

‎02-13-2006 05:49 AM

I forgot to mention that you should have static routes for the network(s) at the remote sites pointing at both tunnel interfaces.

You could also run a dynamic routing protocol as suggested by the previous poster.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

examples20001
Level 1
Level 1
In response to Harold Ritter

‎02-13-2006 05:53 AM

I am running EIGRP and using IPsec with GRE.

Is there any sample config?

0 Helpful

examples20001
Level 1
Level 1
In response to Harold Ritter

‎02-13-2006 05:49 AM

So I`ll have 4 route commands?

ip route 0.0.0.0 0.0.0.0 x.x.x.x (ISP-A)

ip route 0.0.0.0 0.0.0.0 x.x.x.x (ISP-B)

ip route 255.255.255.255 se0/1/0 (ISP-A)

ip route 255.255.255.255 se0/1/1 (ISP-B)

So if ISP-A goes down, how will the tunnel10 will route the traffic? Will it automatically shift to ISP-B?

0 Helpful

Harold Ritter
Cisco Employee
Cisco Employee
In response to examples20001

‎02-13-2006 06:20 AM

Yes, 4 static routes. In this case, you also need a dynamic routing protocol.

If ISP-A goes down, tunnel10 will stay up but going through the default route pointing at ISP-B, which is fine.

Hope this helps,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

olorunloba
Level 5
Level 5
In response to Harold Ritter

‎02-13-2006 07:33 AM

Because the tunnel will stay up, when one of the ISPs fails. I will not recommend the static default routes. I will prefer if the LAN addresses were learnt dynamically through eigrp. The config is simple enough

router eigrp

network

network

no auto-summary

examples20001
Level 1
Level 1
In response to olorunloba

‎02-28-2006 03:53 PM

Hi All,

Sorry for late replay.

Thank you very much for the support, the suggestions has helped a lot.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card