I have redundant DS3 circuits between two sites (see diagram). Each site (A & B) has redundant switches and routers. Certain hosts have redundant NICs (with an internal failover mechanism).
I'm using EIGRP on all routers. HSRP is configured such that router "1" at each site is the respective LAN's default gateway. This causes traffic from LAN A to LAN B (and vice-versa) to prefer DS3 #1 between routers A1 and B1. By the way, DS3 #2 does handle some other traffic. So, it's not sitting idle.
Recently switch B1 failed (a UPS died). I would have expected router B1 to immediately begin routing traffic destined for LAN B out the interface connected to router B2. But it took a good deal of time to converge.
Upon investigation I realized the FD of router B1's original route to switch B1 is the exact same metric as the AD from router B2. So, the route advertised through B2 was not considered a feasible successor. And, B1 went active on the route for LAN B instead of immediatly using the route through B2.
I can overcome this by lowering the delay on router B2's interface to switch B2. That will lower the AD to B1 such that B1 considers the route a feasible successor.
The only thing I don't like is that it's a one way street. In other words, router B1 will have two successors for LAN B, but router B2 will still only have one successor. I'd like the redundancy to be a bit more symmetrical. Any suggestions?
As the FD to Lan B from either routers is same, EIGRP may not route symmetrically.
Try to configure a floating static route on both the routers with Administrative distance more than that of EIGRP pointing the other router as next-hop.
HTH, Please rate if it does
Thanks for the suggestion. I'm not particularly fond of static routes. But I'll use them where practical or when nothing else will do.
Unfortunately, the symmetry I'm trying to achieve would require complementary static routes on both routers (so the redundancy works in either direction). In the event of a double failure (LAN B becomes completely isolated) a rather ugly routing loop would be set up. Traffic destined for LAN B would start ping-ponging between the routers until eventually reaching the TTL mark. This could impact other traffic maintained by these routers.
I've lowered the delay metric on the interfaces of the "secondary" routers connected to the LAN B switches as I discussed above. This lowered the AD such that the secondary route is now a feasible successor on the primary router. So, failover from the primary path to secondary path will be immediate. However, in the event that HSRP toggles for some reason on the LAN A side I want the same immediate failover to occur (if required) from the secondary routers to the primary routers. In other words, I'm trying to achieve design symmetry such that either DS3 path will switch immediately to the alternate router in the event of a LAN switch failure.
There could an alternate for this, however I'm not sure whether it would be feasible for you to go ahead with this.
The way it could be done is to connect both the Routers to both the switches as at the moment both the routers are connected to only one switch at a time.
Secondly I guess that both the switches are being used for only Access Layer at L-2 and no L-3 Switching is being carried out over there.
To make my view easier I have made the respective changes in the Red Colored lines in the diagram please go through it and let me know what do you think about it.
Please rate if it helps.
Thanks for the suggestion. Connecting each router to both switches simultaneously isn't practical. The two switches are one subnet. You can't have two interfaces on the same router in the same subnet. So, I'd have to look into using bridged ports on the router.
I know some of the newer Cisco multi-service devices have the ability to incorporate an integrated switch module. But I don't think the 7200 series has anything like that available.
Regardless, bridging would bring up other complexities. For instance, port blocking via spanning tree would be required to prevent bridge loops. STP would need to be tuned for quick failover, etc.
Could you please share your configs from both the Switches and Both the Routers (of one side) to understand the topology in a better way.
WS - I appreciate your offer. But there's nothing in the configs that's not conveyed in the diagram. All connections to the switches are layer 2, and all router-to-router links are layer 3 (routed) subnets. It's a pretty straight forward design - nothing fancy.
I was just wondering what are the parameters you have given for the HSRP.. hence was requesting for the Config.
I'm wondering, considering the present design, if SW B-1 dies, then hosts are still considering that RTR B1 is their default-gateway and sending it to the RTR B-2!!!
And I guess this is what creating the delay for Fast Recovery of the alternate route to A side of the network via Router B-1.
Please let us know what do you think of this point.
That's a valid point.
In the case of a switch B1 failure, the multi-NIC host on LAN B will detect the link failure almost instantaneously. It will begin using its alternate link to switch B2. It will still send to the same virtual IP address using the same virtual MAC.
However, router B2 will not know about the failure of switch B1. And it will not assume the HSRP active role for the virtual address until the hold timer expires. Presently, HSRP timers are set to their defaults (3s hello, 10s hold). So, that switch over could easily take as long as 10 seconds.
You're right. The HSRP failover probably accounts for a good chunk of time. Are there any minimum recommended parameters for the HSRP timers? Only two routers involved. All of the intervening switchports have portfast enabled.
You could provide the Hello Time interval even in the MilliSecond range and Hold time is min 1 second, may be that can help.
Secondly, as per Cisco's guidance its always better if you have a Routed Access Layer as compared L-2 Access layer, esp if the availability is of importance.
I hope this helps,
Please rate all the helpful posts.