RE: EIGRP Problem from Tyson Scott on 2010-03-09 (Ccielab archives 03/2010)

From: Tyson Scott <tscott_at_ipexpert.com>
Date: Tue, 9 Mar 2010 16:51:18 -0500

Sorry for not removing the bottom of my signature. I will just say that
before I get blasted from everyone.

Regards,

Tyson Scott - CCIE #13513 R&S, Security, and SP

-----Original Message-----
From: Tyson Scott [mailto:tscott_at_ipexpert.com]
Sent: Tuesday, March 09, 2010 4:47 PM
To: 'Tyson Scott'; 'Ahmad'
Cc: ccielab_at_groupstudy.com
Subject: RE: EIGRP Problem

Sorry one more thing. I will just give you the answer. I am assuming if
your remote sites just have a dynamic IP from the ISP none of them have
public address space.

ip route 0.0.0.0 0.0.0.0 10.1.1.1
ip route 0.0.0.0 0.0.0.0 10.1.1.2

That would be your attempt to load balance traffic. For the Remote DMVPN

ip route 10.0.0.0 255.0.0.0 10.1.1.1
ip route 172.16.0.0 255.240.0.0 10.1.1.1
ip route 192.168.0.0 255.255.0.0 10.1.1.1

Whatever the address space is for your remote sites. This address space
should never been seen on the internet so this meets the needs of what you
are trying to do.

Regards,

Tyson Scott - CCIE #13513 R&S, Security, and SP
Technical Instructor - IPexpert, Inc.
Mailto: tscott_at_ipexpert.com
Telephone: +1.810.326.1444, ext. 208
Live Assistance, Please visit: www.ipexpert.com/chat
eFax: +1.810.454.0130

IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S,
Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service
Provider) Certification Training with locations throughout the United
States, Europe and Australia. Be sure to check out our online communities at
www.ipexpert.com/communities and our public website at www.ipexpert.com

-----Original Message-----
From: Tyson Scott [mailto:tscott_at_ipexpert.com]
Sent: Tuesday, March 09, 2010 4:18 PM
To: 'Ahmad'
Cc: '<ccielab_at_groupstudy.com>'
Subject: RE: EIGRP Problem

How would you not have load balancing? The routes would be specific to the
remote networks of the DMVPN. Either you don't know the remote networks or
you are misunderstanding my recommendation.

-----Original Message-----
From: Ahmad [mailto:ccie_at_halawlaw.com]
Sent: Monday, March 08, 2010 5:25 PM
To: Tyson Scott
Cc: <ccielab_at_groupstudy.com>
Subject: Re: EIGRP Problem

Hey Scott

Thanks for your reply but if I do that I won't have load balancing for
Web browsing anymore

-Ahmad
Sent from my iPhone

On Mar 8, 2010, at 8:42 PM, "Tyson Scott" <tscott_at_ipexpert.com> wrote:

> Use more specific routes on the ASA to force the DMVPN traffic to
> the first router with SLA tracking and higher AD routes pointing to
> your ISP2 router.
>
> Regards,
>
> Tyson Scott - CCIE #13513 R&S, Security, and SP
> Technical Instructor - IPexpert, Inc.
> Mailto: tscott_at_ipexpert.com
> Telephone: +1.810.326.1444, ext. 208
> Live Assistance, Please visit: www.ipexpert.com/chat
> eFax: +1.810.454.0130
>
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf
> Of ccie_at_halawlaw.com
> Sent: Monday, March 08, 2010 3:19 AM
> To: ccielab_at_groupstudy.com
> Subject: EIGRP Problem
>
> Hi Group,
>
> I am facing some routing problems with the EIGRP neighbors over the
> tunnel
> interface of a DMVPN network with static load balancing.
> Below is the topology
>
> Hub:
>
> --- ASA -------------- Router 1 ------- ISP1
> -------------- Router 2 ------- ISP2
>
> Branch
>
> ASA ----------- Router ------ ISP3
>
> I have configured basic DMVPN with no problems at first (BTW the
> destination tunnel ip for the Branches is the secondary IP of the
> outside
> interface of router 1 only) with EIGRP running on the ASAs and
> Routers.
> Now we want to allow the Hub users to access the internet so we
> added a
> default route on the ASA to point to the HSRP IP of the routers
> (router 1
> being the active router with preempts enabled).
> Till now everything is working fine until we are asked to implement
> load
> balancing for the users to access the internet using both ISPs at
> the same
> time.
> So we added a new default route on the first router that points to the
> Router 2 inside interface. With sla tracking in place, static load
> balancing is working like a charm. However, we later noticed that
> some of
> our eigrp tunnel neighbors are going up and down (Q count not being
> zero).
> To solve this problem, we can either remove the new default route or
> add a
> static route on router 1 to route the real ip of the branch router
> through
> ISP1. The first solution is out of the question since we will lose
> the load
> balancing we implemented for internet access and the second solution
> is not
> possible since we don't have static real IP assigned in our branches.
> Please note that we can reach our branches from both ISPs and that we
> don't need to have load balancing for the VPN tunnel so I am ok if
> we can
> configure the router with policy base routing to route my VPN traffic
> through the first ISP only. Please note that I tested the PBR
> solution and
> the eigrp neighbors kept on flapping.
> I would really appreciate if someone can explain in detail how the
> EIGRP
> neighbor relationship is being established in my scenario. I mean what
> source and destination IP address is used to send hello packets and
> how the
> eigrp proceed until the neighbors converge ( k values check...
> )
> Thanks for your help,
> Regards
> -Ahmad
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________

> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________

> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Tue Mar 09 2010 - 16:51:18 ART

This archive was generated by hypermail 2.2.0 : Thu Apr 01 2010 - 07:26:34 ART