Steve

Apologies but i have just seen another issue. The GRE tunnel is on the same router as the BGP connection. Site 5 receives sites 1 - 4 routes via EIGRP which are AD 90 but it also sees sites 1 - 4 routes via BGP and because it's the same router it will always choose the AVPN cloud. So all return internet traffic will go via the AVPN cloud.

If this needs to be done tonight then it depends how quick and dirty you want it.  For example sites 1 - 4 already have a static route for internet.

At site 5 on the WAN router we could simply use static routes for all site 1 - 4's subnets pointing to the relevant GRE tunnel. Static routes are preferred over EBGP routes so that would work.  Statics are not the best because there is no failover ie. if site 1 tunnel went down it couldn't then use the AVPN cloud to get to sites 2 - 4. But how much traffic is there between the new sites if you take out internet connectivity ?

Note also that even if you used EIGRP and the tunnel went down you would still have sites 1 - 5 connectivity but no internet because we are not allowing the BGP default route in. So it all comes down to how much redundancy you want/need for sites 1 - 5 non internet connectivity ? 

Can you also confirm and this is important that each new site only has the one WAN router and that is the only entry/exit point into each site ?

Jon

Steve

My sincere apologies. Even though you told me it was one router i have stupidly been working under the assumption it was 2 routers connecting to a L3 switch. So i was concerned about EIGRP internal being preferred over EBGP but the actual issue is the other way round because it's all on the same router ie. the AVPN cloud will always be the preferred route.

And this happens at all new sites ie. BGP routes to new sites take preference over EIGRP learned routes. So here is what i propose -

1) let sites 1 - 4 use the AVPN cloud for inter site connectivity but not internet connectivity. This will happen without any extra config.

2) filter out the default route via BGP so sites 1 - 4 use the default route via the GRE tunnel.

3) site 5 is the issue. If we use EIGRP to advertise sites 1 - 4 subnets to site 5 down the GRE tunnel site 5 will ignore them and use the AVPN cloud. So we either -

i) change the admin distance of EIGRP at site 5 which is very messy but would mean that if the GRE tunnel went down for site 1 for example, site 5 could use the AVPN cloud for connectivity to site1 for non internet traffic. Site 1 has obviously lost connectivity to the internet.

or

ii) use statics on site 5 WAN router for all sites 1 - 4 subnets pointing to the relevant tunnel. Drawback here is that if tunnel to site 1 goes down teh AVPN cloud cannot be used as backup.

That said apart from internet just how much connectivity is there between the sites.

Once again i apologise for my really stupid mistake. 

If you want to carry on this (and i wouldn't blame you if you didn't) can you open a new thread where we can pick up as this thread is getting a bit long and taking a long time to load for me.

Let me know what you think.

Jon

Yes it does but not if we change to EIGRP.

Jon

Steve

Are you the one implementing this. Can we do it one step at a time. The first thing to do is get EIGRP up and running between the new sites. Don't do anything with BGP yet and certainly don't do any redistribution anywhere.

So if you can do this step by step, simply get EIGRP running between all new sites. Leave the statics in at the moment.

I'm making the assumption that you do not want return traffic from the internet for the new sites going via the AVPN cloud ie.

site1 -> GRE tunnel -> site5 -> internet

internet -> site 5 -> AVPN cloud -> site 1

if that is acceptable then the config becomes a lot easier.

Oh and can you open new thread as this is getting difficult to follow.

Jon