cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
618
Views
0
Helpful
6
Replies

Issue with PBR and EIGRP routing - Delay

mkmead
Level 4
Level 4

I currently have a problem where I have two routers setup on the same segment. One router is a in country Frame Relay network connection into it and the other is running a VPN encyrpted Tunnel over a public ADSL connection.

I am having a issue trying to get policy based routing to work. The Frame Relay router is the direction all traffic is flowing towards and is looking at DSCP marking to determine next hop = the VPN router remote end ip address of the tunnel.

The problem is when traffic is PBR'd to the VPN router the VPN router then has the best route to that other side of the tunnel as the Frame Relay router because of the amount of delay on the VPN tunnel. What this causes is basically a loop with PBR as the traffic bounces back and forth. By default I haven't added any delay command to the VPN tunnel and from my testing; if I do, then all I do is cause all traffic to shift over to the VPN router.

So I'm puzzled how I can get EIGRP consider the Frame Router as the Primary router and PBR to the VPN router, while also providing the VPN router as a backup if the Frame link were to go offline (down).

Any suggestion on how to get arount this issue.

6 Replies 6

Phillip Hichens
Level 1
Level 1

Hi

Your description is a bit confusing, maybe a network diagram?

If both routers is on the same segment I would suggest using HSRP or VRRP.

Regards

Phillip

HSRP is a option and I believe I may have to look at it.

I'm not sure about a diagram.. let me toss something together.

Here is a basic diagram..

I've been thinking about this more and at first I thought about just setting the delay on both links the exact same but then what would happen is the core switch would load balance the links or take the VPN router as its best route because the bandwidth on the frame connection is much smaller which would then just route all traffic over the vpn link.

I'm just puzzled why the traffic would route all the way back to the frame which is 5 interface hops away than when its on the router and the traffic is 1 interface away?

Matthew

It seems to me that the solution would be to implement Policy Based Routing on the VPN router similar to what you did on the Frame Relay router. This would have the advantage of leaving the dynamic routing logic as it naturally is and will direct the traffic as you wish. It probably also leaves a cleaner response if one of the network links fails.

HTH

Rick

HTH

Rick

If I apply the same PBR rules on the VPN will that trumpt the EIGRP Routes?

Now that I am thinking about it that may work.. let me try test it out.

Matthew

PBR will provide the same kind of over ride of the EIGRP logic on the VPN router just as it did on the Frame Relay router.

Test it and let us know what results you get.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: