EIGRP Stub with 2 routers at spoke site

Marc D · ‎09-20-2006

We're going from a full-mesh to hub and spoke. The spoke sites, for the most part, use L3 switches for local traffic and a router for WAN access. Looks like this:

L3 Switch <--> Router <--> WAN <--> Hub Router

I originaly thought of using stubs at the router level, but dicovered while testing in a lab that the L3 switch sees the router as a stub also so the Hub Router isn't getting the connected routes from the L3 switch and L3 switch isn't getting the default route published by the hub router.

So what I have working right now is running two different EIGRP processes and redistributing at the router level. I find this somewhat impractical. I've read in another thread here that a leak-map could help me, but I can't find any documentation on a leak-map that applies to EIGRP.

Is there another way people here use to do what I want to do, or does having two EIGRP processes the way to go?

Thanks.

sundar.palaniappan · ‎09-20-2006

Hi,

You are on the right track. The new eigrp stub leak feature allows you to leak certain routes from the stub network. I am surprised even the command lookup tool on CCO doesn't show this as a supported command. I agree there's a scarcity of documentation about this feature. A google search pulled this CCO link on this topic.

www.cisco.com/application/vnd.ms-powerpoint/en/us/guest/tech/tk207/c1482/cdccont_0900aecd801e4aab.ppt

My lab router running version 12.4(7) seems to support this.

R3(config)#router eigrp 1

R3(config-router)#eigrp stub ?

connected Do advertise connected routes

leak-map Allow dynamic prefixes based on the leak-map

receive-only Set IP-EIGRP as receive only neighbor

redistributed Do advertise redistributed routes

static Do advertise static routes

summary Do advertise summary routes

Hope this helps!

Regards,

Sundar

Marc D · ‎09-21-2006

Do you have a working example of this?

Here's what I'm trying.

This is an abridged config (not for secrecy, this is a lab, but for brievety)

================

ROUTER-REMOTE#show run

!

interface Tunnel901

ip address 10.90.1.10 255.255.255.252

keepalive 5 3

tunnel source 10.185.1.1

tunnel destination 10.185.30.1

!

interface Tunnel908

ip address 10.90.1.6 255.255.255.252

keepalive 5 3

tunnel source 10.180.1.1

tunnel destination 10.180.30.1

!

interface FastEthernet0

ip address 10.190.1.1 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet1

switchport access vlan 908

!

interface FastEthernet2

switchport access vlan 901

!

interface Vlan901

ip address 10.185.1.1 255.255.255.0

!

interface Vlan908

ip address 10.180.1.1 255.255.255.0

!

router eigrp 100

network 10.90.1.4 0.0.0.3

network 10.90.1.8 0.0.0.3

network 10.190.1.0 0.0.0.255

no auto-summary

eigrp stub connected leak-map MATCH-LOCAL

!

ip route 10.180.30.1 255.255.255.255 10.180.1.251

ip route 10.185.30.1 255.255.255.255 10.185.1.251

!

route-map MATCH-LOCAL permit 10

match interface FastEthernet0

!

=================

With that, I see this:

ROUTER-REMOTE#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.90.1.5 to network 0.0.0.0

10.0.0.0/8 is variably subnetted, 11 subnets, 3 masks

C 10.90.1.4/30 is directly connected, Tunnel908

C 10.90.1.8/30 is directly connected, Tunnel901

D EX 10.40.121.0/24 [170/28416] via 10.190.1.254, 00:06:44, FastEthernet0

D EX 10.150.24.0/24 [170/28416] via 10.190.1.254, 00:06:44, FastEthernet0

S 10.180.30.1/32 [1/0] via 10.180.1.251

S 10.185.30.1/32 [1/0] via 10.185.1.251

C 10.185.1.0/24 is directly connected, Vlan901

C 10.190.1.0/24 is directly connected, FastEthernet0

C 10.180.1.0/24 is directly connected, Vlan908

D EX 10.200.2.0/24 [170/28416] via 10.190.1.254, 00:06:45, FastEthernet0

D EX 10.40.194.0/24 [170/28416] via 10.190.1.254, 00:06:45, FastEthernet0

D* 0.0.0.0/0 [90/284447232] via 10.90.1.5, 00:06:44, Tunnel908

Everything learned through Fa0 is from my L3 switch. Tunnels 901 and 908 go to the hub router. I'm getting a sumerized 0.0.0.0 from T908, which is what I want. The routes learned through Fa0 do not get to the hub router, hence my problem.

The route-map config should be ok, I would think. I want all routes coming from Fa0 to be distributed by the stub to the hub router.

That router is running 12.3(11)T10. I could try to update it to 12.4 see if that helps. But the feature is there and the command is accepted.

Thanks.

m-haddad · ‎09-22-2006

Hello,

Honestly, since you are moving to hub and spoke topology it is better if you can use the terminology of "Kiss" Keep it simple and stupid. This means distribute a default route to the spokes only and have the hub site manage the routing using EIGRP.

This is most efficient because your spoke sites will have smaller routing tables. This is incase they have a single exit through the hub as you specified. Also, if they do have their own default exit you can do route summarization on the hub to be distributed to the spoke sites.

I hope I could help and rate if you find my post helpful,

Regards,

sundar.palaniappan · ‎09-22-2006

Hi,

Reconfigure the route map to match with an access list. In the access list, create an ACE for every network that's learnt from the downstream switch. 'match interface' isn't used for this purpose.

HTH

Sundar

Marc D · ‎09-22-2006

I was hoping not to have to list subnets. VLANs go up and down and move from different sites too often. So far my tests reveal that having two EIGRP processes does what I want it to. I'm probably going to use that method, unless anyone has an idea how to use only one and not having to list subnets in an ACL.

Thanks for the insight though.