Solved: Re: Traffic engineering for backup - Page 2

Jean Paul Enerst · ‎03-03-2014

Hi All,

I am looking for some suggestion and configuration help in how to manage a sort of failover. Let me explain the requirements which are also in the attached diagram(pdf). There we go: we have 4 sites connected with a full meshed MPLS, and all routes between the sites are being exchanged via EIGRP. However, Internet traffic for the remote sites, 3 of the sites, are sent to the HQ for filtering(IPS,WEB FILTER...) even thought the remote sites do have a backup internet. SO INTERNET TRAFFIC IS IN STAR MODE

Yes, i say backup... since this link is used for site-to-site VPN in case MPLS tunnel does down. Once again, traffic engineering with Bandwidth command in EIGRP makes the MPLS link as default.

Now, my dilemma... I want to use the remote sites internet connection, local internet with no filtering, when the HQ Internet is down! For the sake of me, i still don't Know to make it work!!

There is what i have in mind though, i plan to ping some host on the internet(4.2.2.2 and 208.67.220.220)... If i have reply back, i assume everything is fine. But i don't have reply from both of them, i assume the HQ INTERNET is down; therefore, i want to point the default route to the backup link at the remote!!

So that's how i imagine it but if you have suggestions, please share it.

Thanks,

Jon Marshall · ‎03-04-2014

Sorry, i was a bit busy so my answers were a bit short.

What you need to make sure is -

1) on the remote sites makes sure you have a floating static as discussed on the same device that you have the default received from the MPLS network.

This means you need it on the L3 device that is the default gateway for the clients in the remote site.

2) choose one of the remote sites and logon to that L3 device

3) remove the default route from the HQ router. Note if you do not want any downtime in HQ, instead of removing the static route just don't redistribute it into EIGRP so HQ still has the default route but the remote sites no longer receive it.

4) when you remove it you should see that EIGRP route removed from the remote site L3 device you are logged onto

5) once that route is removed the floating static should then be installed on the remote site L3 device pointing to the local internet connection.

If that happens then if the clients in the remote site still do not have internet access then it may be an issue with the local firewall (assuming you have one).

Jon

Jean Paul Enerst · ‎03-05-2014

Jon thanks for the suggestions and sorry I was on the road and did not have time to test it till ealier today.

Unfortunately, when i removed the default route at the HQ router. Another router at the remote has injected another default router into the L3 sw with an admin distance of 170, so the default route with the admin distance of 180 that i added never get install in the routing table.

Any other ideas?

Jon Marshall · ‎03-05-2014

Another router at the remote has injected another default router into the L3 sw with an admin distance of 170, so the default route with the admin distance of 180 that i added never get install in the routing table.

What is this router at the remote site and why is it injecting a default route into EIGRP ?

What is the next hop of the default route ?

My assumption was that the default route at remote sites was being received from the HQ site only. But now it seems there is another default route at local site.

Do you need this default route ie. what is it used for ?

Jon

Jean Paul Enerst · ‎03-06-2014

This is just a smaller router to provide hardware failover at the remote if the bigger router fails(shutdown, unplug). The way i have that setup originally is to have logical failover(redundant gre tunnels with bandwidth command in eigrp) and a second router with the same concept(dual gre tunnels with lower number in the eigrp bandwidth). But this router supposes to handle traffic only when the primary router fails.

This is router injects a default route into the L3 SW with him being the GW for that route, and even the default route is now pointed to it, the internet traffic still failing and failover did not occur. And of course, it does'nt where is the GW for my secondary ISP, so when i failover and ping... I got destination unreachable!

ps. the FW for the second ISP connection is connected to L3 SW....

Thanks

Jon Marshall · ‎03-06-2014

The backup router injects a default route but why ie. if the internet at HQ is down then why send traffic via the backup router.

How does the backup router know when to inject a default route.

Does the default route it injects also cover the non internet routes for remote sites.

I need some help here ie. i need to understand why the backup router uses a default route when internet is down anyway at HQ ?

Jon

Jean Paul Enerst · ‎03-06-2014

Jon,

Million thanks... I got to work by moving the floating default route in the backup router rathen then the L3 SW.

Now failover occurs just after one ping lost!

Thannks again for all the help.

Jon Marshall · ‎03-06-2014

No problem and glad to have helped.

Jon