Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8068
Views
5
Helpful
17
Replies

EIGRP convergence time

ciscoben2009
Level 1
Level 1

‎01-04-2012 06:39 AM - edited ‎03-04-2019 02:49 PM

Hi All

I hope someone can help i am trying to speed up the convergence time of EIGRP

basically we have two offices connected by a 10mb point to point using a primary router in each office and connected via ADSL and a VPN tunnel using a back up router in each office

also we run HSRP between the primary and backup routers in each office

if the 10mb lines goes down it fails over to the back up VPN but drops around 3 ping i have read that this can be sub second

the time seem to be when the London end is waiting for the eigrp dead timer to time out for its link to the primary router in Sheffield

once this has timed out the router via the 10mb link is dropped and it sends traffic by the back up router in London and then across the VPN to the back up router in Sheffield

the primary router in london does have a FS for sheffield to go via the backup link but only uses it once the primary route is dropped

any ideas?

thanks !

Ben

Labels:
0 Helpful
17 Replies 17

andrew.prince
Level 10
Level 10

‎01-04-2012 06:54 AM

Change your Hello and Hold timers on the layer 3 interfaces that the neighbors are formed over.

HTH>

0 Helpful

ciscoben2009
Level 1
Level 1
In response to andrew.prince

‎01-04-2012 07:00 AM

Hi Andrew

have done that unless i set the dead timer to a second it still drops a ping or two

cisco documentation say should be in ms

thanks

Ben

0 Helpful

ciscoben2009
Level 1
Level 1
In response to ciscoben2009

‎01-04-2012 07:01 AM

Hi Andrew

have done that unless i set the dead timer to a second it still drops a ping or two

cisco documentation say should be in ms

thanks

Ben

0 Helpful

andrew.prince
Level 10
Level 10
In response to ciscoben2009

‎01-04-2012 07:03 AM

So the issue is when your primary link fails - the 3 pings are lost over the VPN tunnel? 

Post the config of your GRE interfaces.

0 Helpful

ciscoben2009
Level 1
Level 1
In response to andrew.prince

‎01-04-2012 07:06 AM

i think the problem is the primary router in london keeps trying to send traffic via the primary link as there is still a route in its routing table

once the dead timer passes itdrops the route and it then uses the route for the VPN tunnel via the other router

thanks

Ben

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to ciscoben2009

‎01-04-2012 07:35 AM

Hi,

maybe BFD should be an option for you:  http://www.cisco.com/en/US/technologies/tk648/tk365/tk207/technologies_white_paper0900aecd80243fe7.html

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

ciscoben2009
Level 1
Level 1
In response to cadet alain

‎01-04-2012 08:43 AM

Thanks Alain

that looks good but only one of my routers has the right IOS the other has 12.3 take it that is a cost upgrade?

thanks

Ben

0 Helpful

andrew.prince
Level 10
Level 10
In response to ciscoben2009

‎01-04-2012 10:52 AM

just to be clear - when things are stable is there a feasible successor route in the topology for the backup path?

What bandwidth and delay have your configured for the backup path?

Sent from Cisco Technical Support iPad App

0 Helpful

Jeff Van Houten
Level 5
Level 5
In response to andrew.prince

‎01-04-2012 06:10 PM

is it possible that these sites are or should be configured as eigrp stub networks? That will cut convergence time.

Sent from Cisco Technical Support iPad App

0 Helpful

John Peterson
Level 1
Level 1

‎01-04-2012 10:34 PM

Just a thought, could the packets be lost as the VPN tunnels starts to initiate ? and only then the route is injected in the routing table.

I know when a tunnel is down, it takes a few packets to bring it back up again.

0 Helpful

andrew.prince
Level 10
Level 10
In response to John Peterson

‎01-05-2012 12:08 AM

well that's the issue, if the backup route is via a VPN then it must be via a gre tunnel, as you cannot encapsulate a multicast packet into a VPN. So the gre is over the VPN and that means the VPN tunnel will always be up, as the eigrp keepalive hellos are set to 1 second...apparently to the response from the original poster.

Sent from Cisco Technical Support iPad App

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to andrew.prince

‎01-05-2012 01:01 AM

Hi Andrew,

you can use IPSec VTIs to encapsulate multicast traffic now:

http://www.cisco.com/en/US/technologies/tk583/tk372/technologies_white_paper0900aecd8029d629_ps6635_Products_White_Paper.html

You can also configure a keepalive for GRE tunnels so if one end is down then the tunnel won't be up.

Regards.

Alain

Don't forget to rate helpful posts.

andrew.prince
Level 10
Level 10
In response to cadet alain

‎01-05-2012 01:47 AM

Hi Alain,

Thanks for the link - much appreciated.

What are they really, just a GRE tunnel with IPSEC encryption, so the under lying technology is still to encapsulate the multicast packet with a unicast header with encryption....!!!!!

But I remember messing around with this awhile ago - and if I remember correctly you cannot configure the keepalive option on them, as the src/dst happens to be the outside of the tunnel IP's - but the tunnel itself requires it to be source from the inside IP's....something like that - I might have to get back into the lab again and confirm.

But thanks for the URL again.

Thanks,

Andrew.

0 Helpful

andrew.prince
Level 10
Level 10
In response to andrew.prince

‎01-05-2012 02:06 AM

Ignore the above - the keepalives on the tunnel work just fine, alsio when tuned to 1 hello and 3 dead, actually works quicker...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card