04-15-2014 08:07 AM - edited 03-04-2019 10:48 PM
HI guys . I have routers 1861 configured with eigrp to local cable ISP(A) and ospf to mpls another ISP carrier (B) . We have Exchange server in central site , so all sites users connect to it trough vpn (either ipsec to local ISP A or mpls vpn to B ). some sites can not connect to Exchange server .
When I did research I see : OSPF take priority
#sho ip route 10.x.x.x
Routing entry for x.x.x.x
Known via "ospf 100", distance 110, metric 20, type extern 2, forward metric 32
Last update from a.a.a.a on FastEthernet0/0, 00:36:59 ago
Routing Descriptor Blocks:
* a.a.a.a, from a.a.a.a, 00:36:59 ago, via FastEthernet0/0
Route metric is 20, traffic share count is 1
although we have eigrp with AD 90 . When i turn off fa0/0 ip route goes trough eigrp(cable internet) but when i turn on it back to ospf (mpls).
sho ip route eigrp :
10.0.0.0/8 is variably subnetted, 422 subnets, 9 masks
D 10.0.0.0/8 [90/26880256] via y.y.y.y, 01:03:34, Tunnel252
sho ip route ospf :
10.0.0.0/8 is variably subnetted, 422 subnets, 9 masks
O E2 10.1.0.0/27 [110/20] via z.z.z.z, 01:07:00, FastEthernet0/0
why ?? only difference i see that may cause trough ospf route entry is more explicit ... But router must choose eigrp with AD 90 not ospf with AD110 , right ?
Can ISP manipulate with tcp/udp ports on MPLS link to open/close services, control layer 7 ?
04-15-2014 10:21 AM
Hi,
the basic routing rule is:
The longest match wins!
So if your 10.x.x.x IP address is matched by O E2 10.1.0.0/27 and the longest EIGRP match is D 10.0.0.0/8, the packets are forwarded to 10.x.x.x using the OSPF path.
The AD is taken into consideration only in a case of the same prefix matching the destination IP address received from two (or more) routing protocols.
(To be precise: If the same prefix is received from two routing protocols, that one with lower AD is put into the RIB.)
Best regards,
Milan
04-16-2014 07:19 AM
I can telnet to Exchange server ports from that router,can ping by ip trough mpls, but I can't ping exchange server by name . I spoke with ISP they don't have any policy or inspect on ports . So, I am thinking maybe the thing that no name resolution cause that issue when users cannot connect to Exchange ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide