Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Summary-address and VRF on same interface cause routes to disappear

When I put a summary address in for the interface below my routes disappear on my far eigrp neighbor. 

 

ip summary-address eigrp 8882 0.0.0.0 0.0.0.0

!

router eigrp 8882
 !
 address-family ipv4 vrf ######
  network 10.9.2.0 0.0.0.255
  autonomous-system 8882
 exit-address-family

 

!

interface Tunnel0
 bandwidth 1000
 ip vrf forwarding #######
 ip address 10.9.2.5 255.255.255.0
 no ip redirects
 ip mtu 1400
 ip nhrp authentication I#######
 ip nhrp map multicast dynamic
 ip nhrp network-id 100000
 ip nhrp holdtime 360
 ip tcp adjust-mss 1360
 delay 1000
 tunnel source GigabitEthernet0/0/3
 tunnel mode gre multipoint
 tunnel key 100000
 tunnel path-mtu-discovery
 tunnel vrf ####
 tunnel protection ipsec profile ########

9 REPLIES
Cisco Employee

Hello,This is interesting.

Hello,

This is interesting. Placing the summary address as shown on the Tunnel interface should cause this router to advertise only a default route to remote neighbors. They would in turn install that default route into their routing tables if they do not already have one with a better administrative distance. So are you saying that the far EIGRP neighbor stops seeing any EIGRP routes entirely? Not even the default route is present in the far EIGRP neighbor's VRF table? Does the EIGRP adjacency still exist after configuring the summarization?

Would it be possible for you to post the output of show ip eigrp topology command from the far end router after configuring the summarization?

Best regards,
Peter

New Member

Thanks for the reply. The

Thanks for the reply. The neighbor drops after I add the summary-address. See below

 

Before adding

Router#sh ip eigrp n
EIGRP-IPv4 Neighbors for AS(8882)
H   Address                 Interface              Hold Uptime   SRTT   RTO  Q  Seq
                                                   (sec)         (ms)       Cnt Num
0   10.9.2.5                Tu0                      12 00:00:07   35   210  0  187
EIGRP-IPv4 Neighbors for AS(1)

Router#sh ip eigrp topology 
EIGRP-IPv4 Topology Table for AS(8882)/ID(192.168.192.168)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status 

P 10.9.2.0/24, 1 successors, FD is 505856
        via Connected, Tunnel0
P 192.168.192.168/32, 1 successors, FD is 128256
        via Redistributed (128256/0)

EIGRP-IPv4 Topology Table for AS(1)/ID(192.168.192.168)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status 

P 192.168.192.168/32, 1 successors, FD is 128256
        via Connected, Loopback0

 

After adding

Router#sh ip eigrp n
EIGRP-IPv4 Neighbors for AS(8882)
EIGRP-IPv4 Neighbors for AS(1)

Router#sh ip eigrp topology 
EIGRP-IPv4 Topology Table for AS(8882)/ID(192.168.192.168)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status 

P 10.9.2.0/24, 1 successors, FD is 505856
        via Connected, Tunnel0
P 192.168.192.168/32, 1 successors, FD is 128256
        via Redistributed (128256/0)

EIGRP-IPv4 Topology Table for AS(1)/ID(192.168.192.168)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status 

P 192.168.192.168/32, 1 successors, FD is 128256
        via Connected, Loopback0

New Member

As a side note. I was able to

As a side note. I was able to distribute my default from ospf into the eigrp process using a route map. It still doesn't explain the original problem. 

Cisco Employee

Hi,Thank you for your

Hi,

Thank you for your response.

I am somewhat surprised that the topology table on the far end router does not contain any EIGRP routes even when no summarization is configured on your DMVPN hub. Why is that? Why are EIGRP routes missing from the far end router? Are there no routes to be advertised from the hub?

I see that on the DMVPN hub router where you configure the summarization, the Tunnel interface is configured both with a Front VRF (the tunnel vrf command), and with an Internal VRF (the ip vrf forwarding command). Are these two VRFs identical, or are they different?

In addition, I wonder - on the DMVPN hub router, is there any default route present both in its FVRF and IVRF? If so, where is the default route learned from and what is its administrative distance?

Lots of questions but there are lots of technical details necessary about your setup to diagnose the behavior better.

Best regards,
Peter

New Member

A lot of questions so I will

A lot of questions so I will try to answer them inline. Again. thanks for the response

 

Hi,

Thank you for your response.

I am somewhat surprised that the topology table on the far end router does not contain any EIGRP routes even when no summarization is configured on your DMVPN hub. Why is that? Why are EIGRP routes missing from the far end router? Are there no routes to be advertised from the hub?

This eigrp process is only being used as a backup route, I am attempting to advertise only a default route and then change the AD on the remote end. 

I see that on the DMVPN hub router where you configure the summarization, the Tunnel interface is configured both with a Front VRF (the tunnel vrf command), and with an Internal VRF (the ip vrf forwarding command). Are these two VRFs identical, or are they different?

Yes they are identical and the public facing interface is also using the vrf. Everything is using the same vrf and not the global table. This was the only way I could get my tunnel to come and establish an eigrp neighbor. I am open to suggestions on how to change this. 

In addition, I wonder - on the DMVPN hub router, is there any default route present both in its FVRF and IVRF? If so, where is the default route learned from and what is its administrative distance?

Yes, there is a default route present in the vrf

Lots of questions but there are lots of technical details necessary about your setup to diagnose the behavior better.

Best regards,
Peter

Cisco Employee

Hi,Yes they are identical and

Hi,

Yes they are identical and the public facing interface is also using the vrf. Everything is using the same vrf and not the global table. This was the only way I could get my tunnel to come and establish an eigrp neighbor. I am open to suggestions on how to change this.

It is possible for the tunnel endpoints to reside in one VRF (the FVRF) and the tunnel addresses, or better said - the link that the tunnel emulates - to reside in a different VRF (the IVRF), and in addition, either of these can be the global routing table. However, it depends on your requirements what kind of configuration would be most suitable to you. For now, let's not change it but if you are willing, try to explain why the tunnel is placed in a separate VRF, why do you believe that the FVRF and IVRF should be different, and whether any of these VRFs could be replaced by the global routing table.

Yes, there is a default route present in the vrf

You have omitted the most important information - where is it learned from currrently (what is the source routing protocol of this route), and what is its administrative distance?

I have a suspicion that either the discard route that is created on the DMVPN hub router as a result of performing the summarization, or the actually advertised default route to a far end router replace the existing default route that exists on these routers. When this happens, the DMVPN hub router and the far end router can no longer reach one another. If that happens on the DMVPN hub router, the far end router simply becomes unreachable because the discard route points to Null0. If the far end router replaces its existing default route with the EIGRP-learned default route, a recursive routing occurs in which the path to the tunnel endpoint is learned through that tunnel itself.

Would you mind trying configuring the summarization once again using the following command?

ip summary-address eigrp 8882 0.0.0.0 0.0.0.0 254

The 254 at the end of the command specifies the administrative distance of the discard route. If there is a default route already present (and is not learned via DHCP which is the only source having the AD of 254 by default), the discard route will hopefully not replace it this time.

Best regards,
Peter

New Member

This was the result of the

This was the result of the command. 

ip summary-address eigrp 8882 0.0.0.0 0.0.0.0 254 

%EIGRP: summary-address accepted but distance option deprecated; use summary-metric command for distance.

The separate VRFs would be used to keep the public side separate from private. This would be the only reason that I would use different VRFs. It may not need to be covered in this discussion, I have an acl that is exclusive to my needs.

 

 

This is the result of

HUB#sh ip route vrf ####

Routing entry for 0.0.0.0/0, supernet
  Known via "ospf 1", distance 110, metric 1, candidate default path
  Tag 1, type extern 2, forward metric 1

Cisco Employee

Hi,Okay, remove the ip

Hi,

Okay, remove the ip summary-address eigrp command configured on the Tunnel0 interface if any, and instead add these commands please:

router eigrp 8882
  address-family ipv4 vrf ...
    summary-metric 0.0.0.0/0 distance 254
!
interface Tunnel0
  ip summary-address eigrp 8882 0.0.0.0 0.0.0.0

 

You appear to be using a 15.x IOS that uses a different syntax.

Best regards,
Peter

New Member

router eigrp 8882  address

router eigrp 8882
  address-family ipv4 vrf ...
    summary-metric 0.0.0.0/0 distance 254
!
interface Tunnel0
  ip summary-address eigrp 8882 0.0.0.0 0.0.0.0

 

This was one the first thing I tried but it did not work. Thanks for all of your help but I had to move forward with using a route-map. 

 

 

423
Views
5
Helpful
9
Replies