Solved: WAN load balancing with EIGRP and IP ACL or DSCP

tato386 · ‎07-26-2013

I am using EIGRP on my network and have two WANs configured. The primary WAN is MPLS enabled and the second is an Internet based GRE VPN. Both WANs are up all the time with traffic going over MPLS unless there is a problem at which time traffic fails over to the VPN. The switchover to VPN is taken care of by EIGRP.

I would love to use the VPN for load balancing and it seems that EIGRP has some load balancing features but they seem to work on a packet level. I would rather control the load balancing with either IP access-list or maybe QoS/DSCP markings.

The idea would be to overide the routing table with PBR or something similar. I can currently do this by using IP SLAs and pinging IPs but this seems inefficent. Mostly due to the large amount of commands it takes and the fact that you have to make sure your pings are not only sourced from the correct interface but also take a specific route. So lots of commands and static routes which I am trying to avoid. See below for an example on how many commands it take to setup one PBR relationship using IP SLA. Multiple this by a couple dozen sites and it gets unworkable I think.

So I guess I am looking for a "cleaner and elegant" of way of integrating PBR with EIGRP routing. Not quite ready to implement this but I am currently digging around for suggestions and tips on how this can be done if at all.

Thanks,

Diego

ip sla 1

icmp-echo 1.1.1.1 source-interface GigabitEthernet0/1

ip sla schedule 1 life forever start-time now

!

track 1 rtr 1 reachability
!

ip route 1.1.1.1 255.255.255.255 2.2.2.2

!
route-map MAP1 permit 15
match ip address 115
set ip next-hop verify-availability 2.2.2.2 1 track 1
!

cadet alain · ‎07-26-2013

Hi,

I would love to use the VPN for load balancing and it seems that EIGRP  has some load balancing features but they seem to work on a packet level

This is not the routing protocol that does load-balancing but the switching process and by default it is CEF which does per flow(src -dst ip pair) load-sharing so not per-packet.

All you have to do is either manipulate the metric for both paths to have same cost or do unequal-cost load-balancing using the variance command( take care that EIGRP will only install the second paths for which the feasibility condition is met).

Now if you really want PBR and IP sla you could use Pfr too.

Regards

Alain

Don't forget to rate helpful posts.

View solution in original post

cadet alain · ‎07-26-2013

Hi,

I would love to use the VPN for load balancing and it seems that EIGRP  has some load balancing features but they seem to work on a packet level

This is not the routing protocol that does load-balancing but the switching process and by default it is CEF which does per flow(src -dst ip pair) load-sharing so not per-packet.

All you have to do is either manipulate the metric for both paths to have same cost or do unequal-cost load-balancing using the variance command( take care that EIGRP will only install the second paths for which the feasibility condition is met).

Now if you really want PBR and IP sla you could use Pfr too.

Regards

Alain

Don't forget to rate helpful posts.

tato386 · ‎07-28-2013

Wow, PFR looks very powerful and impressive. It looks like it might do exactly what I was looking for but unfortunately it also looks like it may be a little to much for us both in terms of complexity, IOS verions and so on.

I was hoping I could do something like the simpler PBR and match an ACL or DSCP to route traffic to a route offered by a feasible successor rather than a successor router. I guess I am just looking for a Godilocks solution. Not to cold and not too hot! LOL

Thank you for your input and information.

Rgds,

Diego