randylf
join:2008-05-21
Tempe, AZ
| Help with EIGRP failover question - Cant get straight answer
Hey everyone - What im trying to accomplish is internet link redundancy.
Here is my question:
If I use static routes at my core switches to point to a gateway of last resort(internet connection) and redistribute that static route into EIGRP for other routers to route internet requests to, how does EIGRP know when that link fails?
It is a metropolitan ethernet link to the internet so generally the line and protocol will not go down.
Since there are obviously no EIGRP neighbors out that link to send or receive hello packets, how does EIGRP know if that route can no longer pass traffic to the internet in order to send that routing update out so that my other routers can fall back to their floating static routes?
I know I could implement IP SLA to monitor the layer 3 next hop, but Isnt there a better way to do it?
We were trying to rely on static routes for failover but with a QMOE, its a switched internet handoff so the line status will not normally go down in a failure somewhere down the line.
I believe that static routes will only be taken out of the routing table if the physically connected link goes down am i correct? Or is there some other monitoring metric that a cisco router uses to monitor static routes and remove them from the routing table when necessary. |
|
rolande
Certifiable
Premium,Mod
join:2002-05-24
Powell, OH
clubs:
Host:
Linksys
AT&T Midwest
| Unless you run a routing protocol to the remote end device across that connection, you are limited in flexibility with a static route redistribution into EIGRP. EIGRP can only be as smart as the method used to generate the route and introduce it into the topology. In this scenario, a service monitor might be an ideal way to make the static route behave dynamically based on the health of the next hop or a combination of remote health-checks.
--
Ignorance is temporary...stupidity lasts forever!
»www.thewaystation.com/
»blog.thewaystation.com/ |
|
aryoba
Premium,MVM
join:2002-08-22
| reply to randylf
If you only have single default gateway to the Internet, then it does not really matter whether EIGRP knows the route is still valid or not. A scream from user saying "No Internet!" will let you know anyway 
When you have multiple gateway to the Internet, then it is probably time to implement dynamic routing protocol between your network and your ISP. |
|
randylf
join:2008-05-21
Tempe, AZ
| reply to randylf
I have decided to use IP SLA to monitor my links and pull the static routes out of the routing table.
I have now ran into another tough question though -
So with my topology, uploaded here, my IP sla will be pinging the next hop address off of our ASA at the middle site.
The possible problem I see is that once it detects that next-hop sla as down, it will take that route out and fall back to the floating static route out our backup t1.
At this point, it seems to me that the ip sla monitor will come back up since that next hop would once again be pingable, and that the old route would be placed back in the routing table. Then, it would be unreachable again, switch back, and a flapping loop would occur.
Is this the case? I suppose I could specify that the ping should come from the interface connected to the CC-3841 router which might solve this issue.
I suppose it might also be possible to ping a lan ip in the middle site, but I have a VPN on the failover t1, so those packets would get routed as well.
It seems like this solution is going to be complicated but without our ISP running BGP, I dont think I have any other options. |
|
rolande
Certifiable
Premium,Mod
join:2002-05-24
Powell, OH
clubs:
Host:
Linksys
AT&T Midwest
| All I can say is that design is screwed up. You are redistributing a static that far into your network, while using ASA's directly at the provider edge? You should have a router at the edge of each interconnect running a routing protocol talking to the rest of your network. The IP Service Monitor should run as close to the edge of your network as possible. Let the internal routing protocols do the job they are meant to do.
--
Ignorance is temporary...stupidity lasts forever!
»www.thewaystation.com/
»blog.thewaystation.com/ |
|
randylf
join:2008-05-21
Tempe, AZ
edit:
May 22nd, @01:07AM
| The routing protocols do all the work for internal routing, we just do not have bgp setup with our provider so running a router at the edge doesnt really have any benefits as far as that goes.
All of our switches are L3 4506's, so they do all the routing - technically they are our edge routers and traffic only gets sent to the ASA's when it needs to go out to the internet.
We are only redistributing the static 0.0.0.0 route in order to provide internet access to the CC location, which should always use the link back to the center site unless it goes down. How else would we advertise the internet route from the HFSW 4506's back at the middle site to the CC site? The t1 at the CC site is only for internet and lan backup if our primary link to the main network fails.
As far as the IP SLA service monitor, I guess it would make more sense to implement it at the center site, but we are not worried about the metro E internet link going down, we are worried about the multilinked point to point t1's going down, so thats why I was planning on doing the IP sla on the CCSW, as it is the closest Layer 3 device to the edge that we are trying to monitor(the t1's)
Does the design make more sense now and if not, can you explain how this could be done better in your opinion?
Maybe I am thinking about it wrong, but it seems to make sense to me. Im always open to better ideas. |
|
