Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

EIGRP/OSPF and External Routes vs Internal/connected Routes

Status
Not open for further replies.
Jun 26, 2012
7
Hello there!

I've run into a routing problem I can't seem to find a solution for and I was hoping someone who was far more versed in EIGRP and OSPF might be able to assist me.

I have a lab I have set up and this routing scheme will be used in a real world situation, so essentially I can test any suggestions or recommendations safely.

It's worth saying, in this original set up only EIGRP was run. Because of an MPLS provider change, we've had to add OSPF into the configuration.


I have 5 remote routers which all run EIGRP and OSPF. I redistribute EIGRP static in each remote router.
The primary internet connection is used to connect to a data center (we'll Call it DC for short) via a GRE Tunnel (this primary connection for each remote site is going away because the new MPLS backbone is being made the primary).
Each router has a secondary internet/dsl backup connection. This connection is split into 2 GRE Tunnels, 1 tunnel is for Local internet browsing and the second tunnel connects to the DC.
These routers all have an MPLS connection to a Core router. The Core also runs EIGRP and OSPF and redistribute's EIGRP static.

The way it was: The primary connection was used to go to the DC. If that failed then the DSL tunnel was used to connect to the DC and if that failed then the MPLS backbone was used to connect to the DC.

The way they want it now: All DC traffic needs to be routed down the MPLS backbone to get to the Core (which has a 100megabit connection to the DC) which then routes it to the DC. If the MPLS fails then the secondary DSL tunnel will be used to connect to the DC.

The problem is: We can route everything over the MPLS backbone without a problem, except when the secondary DSL Tunnel is up, then it wants to use that internal tunnel route instead of the OSPF external routes across the MPLS backbone.

I've tried various things (which trying to explain will likely muddle up this post) but I can't get the routing to work so that the tunnel is only used if the main mpls connection is down.

Does anyone have any suggestions?

I can provide more information as needed. I'm not our main routing guy, he's out and unavailable and the original configuration changed in mid-mpls switch so our original lab/model became outdated with the customers newly desired change.

I'd appreciate any help anyone can give me since I'm a bit out of my depth.





 
I need some more clarity:
1) Your PE-CE routing protocol for the MPLS domain is OSPF or BGP??
2) For your secondary connection (DSL), why are you running Internet traffic over a GRE tunnel?? Do you have a central firewall somewhere that controls access??
3) Why are you running both EIGRP and OSPF as opposed to just one??

This config is very easy to implement and failover is seamless, I just need to have those questions answered before I can give you the proper setup.

 
Sure...

1. The MPLS backbone is OSPF, within our network. within the provider network they are doing bgp to OSPF converting.
2. The secondary DSL connection is split into 2 tunnels. One tunnel is for all internet traffic and is actually going to a different data center than the one I originally mentioned (DC2 basically). The second tunnel connects to the original data center. It's a bit of a legacy configuration, which I can explain if you need me to. There is a firewall in the Core portion of the network.
3. EIGRP Was the original Routing Protocol on their network and it's what the DC router runs so it has to stay in place. OSPF was added because the new MPLS provider gave us the choice of OSPF or BGP and the senior admin chose OSPF. So we have to have both running.

Does that make it any clearer? let me know and thanks for your help!
 
I'll respond back this evening with a detailed explanation, I am just too busy right at this moment to lay it all out...hold tight.

 
No problem at all, take your time and thank you again for your help!
 
I haven't forgotten about you I promise...things have just come up that require my attention. Real quick, just so that I know can you use BGP as the PE-CE routing protocol as opposed to OSPF?? That will impact the design...

 
No, we have to stay with OSPF as the roll out of the 5 sites is basically done and we have to stick with it now.

I was talking with someone else and wondering if this could basically be done as just an EIGRP redistribution static setting? which seems to simple and I tried a variety of settings in that regards, but couldn't get anything to work.
 
How do you have the routes setup for the tunnel? I'm thinking you have a static route or eigrp route for this tunnel route and it is being picked over your ospf advertised route.

See this Cisco doc for more info on how Cisco chooses which route to pick when comparing routes from different protocols:

 
I've seen that document before but it didn't help.

The tunnel is shown as Connected, so even when I adjust EIGRP AD to higher values than OSPF, it still goes across the tunnel.

I am not in a position to give you the show ip route at the moment, but I'll post one later tonight in about 5 hours or so when I have downtime (I'm not in the office to connect to the lab).

There are no static routes directing anything across the tunnel from either direction. The only static routes that are configured point in the direction of the MPLS backbone.
 
Yes the tunnel showing as connected will have an administrative distance of 0 so it will always be the best route. Usually when doing a GRE tunnel though, you have either a static route or some other route that uses the tunnel. If you are learning routes accross the tunnel, you could possibly inluence those route with a route-map or something. We would have to see how your tunnels and routing protocols are setup though to determine that. When you get a chance, post a scrubbed config of your tunnels and routing protocol configs.
 
is there any way of changing the admin distance of the directly connected tunnel?

The expected downtime I was supposed to have was cancelled so I'll have to wait for this weekend to get a scrubbed config.

maybe this will help - I've included a simple network drawing. So just to re-state:

All 5 of the remote routers each represent a remote office and all 5 are set up the same way, so I represented them simply with 1 router.

Tunnel 0 is each router's secondary connection to the Data Center (these tunnels are currently ADMIN DOWN)
Tunnel 1 is each router's secondary connection to the internet
MPLS is the MPLS backbone / internal network connectivity.

Currently all internal traffic/data center traffic is routing across the MPLS connections.
All internet traffic is routing across tunnel 1.

The problem is if I turn up Tunnel 0 on the remote routers then routing stops going across the MPLS and starts to go across Tunnel 0.

OSPF sees the MPLS connections as External routes (and that is the protocol required by the MPLS provider to connect all these routers together).
Each remote router sees it's own Tunnel 0 as a directly connected / EIGRP internal routes.

So what I need to accomplish is to have the Tunnel 0's on the remote routers to act as secondary connections which are only utilized if the MPLS connection goes down.

 
 http://www.miratos.com/images/network.jpg
I'll work on getting that, the problem is the tunnels are shut down currently and I can't bring them up without interrupting connectivity and each of these locations have people who work very off times so getting green zone times don't always work out very speedily :)

If this were a new configuration though, any suggestions on what to do to make the tunnel 0's have a lower priority than the mpls connections?
 
You can't make a connected route have a lower priority but if the route is advertised via ospf or another protocol you can change the metric, cost and/or priority of that link. Different protocols having different knobs you could turn.

In OSPF you could change the cost of the interface which would take into consideration which link to use (higher the cost = least perferred). The primary way OSPF calculates cost is by the available bandwidth. With a tunnel interface setup it most likely will have a cost of 1 which would seem like an ethernet circuit. You can change the bandwidth of the tunnel interface to what the real connection is.

I.E.

Code:
interface tunnel0
 bandwidth 1536

Changing the bandwidth on an interface won't actually do anything with the traffic going over it, it just tells routing protocols like OSPF how fast the connection possibly is. You could also directly change the OSPF cost too manually, but I prefer not to do that if I don't have to.

Cisco has pretty good writeups on OSPF and other protocols they support. Here is a nice little beginner OSPF article:
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top