TO SET EIGRP EXTERNAL route as preferred route 1

[mashadif]

TO SET EIGRP EXTERNAL route as preferred route

Any help that can be provided would be much appreciated.


We have two service provider, and EIGRP is configured for failover and default loadbalancing for all 5 locations.

EIGRP 101 (site A), 102 (site B), 103 (site C), 104 (site D) & 105 (site E) is enabled at Site A (Hub) for each remote sites

We want to accomplist following, but currently Service Provider A is acting as secondary link and we want to make it as primary.

1) Hub and spoke network with Site A as Hub and Site B, C, D & E as spoke. Alls sites can talk with only Hub (site A) and not between other

sites. e.g. Site B should not talk to site C etc.
2) Service Provider A link should be used as the primary
3) Service Provider B link should be used as secondary
4) Auto load balance traffic between two ISPs based on metrics

Find the EIGRP topology and IP address as given below:


KFKEELECORE#sh ip eigrp topology 172.3.0.0
EIGRP-IPv4 (AS 101): Topology Default-IP-Routing-Table(0) entry for 172.3.0.0/16
State is Passive, Query origin flag is 1, 0 Successor(s), FD is 4294967295
Routing Descriptor Blocks:
172.1.2.249 (Vlan1), from 172.1.2.249, Send flag is 0x0
Composite metric is (51456/51200), Route is External
Vector metric:
Minimum bandwidth is 100000 Kbit
Total delay is 1010 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 1
External data:
Originating router is 192.168.50.2
AS number of route is 65510
External protocol is BGP, external metric is 0
Administrator tag is 11079 (0x00002B47)
EIGRP-IPv4 (AS 103): Topology Default-IP-Routing-Table(0) entry for 172.3.0.0/16
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 1686272
Routing Descriptor Blocks:
172.1.2.252 (Vlan1), from 172.1.2.252, Send flag is 0x0
Composite metric is (1686272/1686016), Route is Internal
Vector metric:
Minimum bandwidth is 1544 Kbit
Total delay is 1110 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 2
172.1.2.249 (Vlan1), from 172.1.2.249, Send flag is 0x0
Composite metric is (51456/51200), Route is External
Vector metric:
Minimum bandwidth is 100000 Kbit
Total delay is 1010 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 1
External data:
Originating router is 192.168.50.2
AS number of route is 65510
External protocol is BGP, external metric is 0
Administrator tag is 11079 (0x00002B47)


Following are the IP configuration for each site:
-----------------------------------------------------
Service Provider A: MPLS with BGP, EIGRP is redistributed.
-----------------------------------------------------------
Site A: (EIGRP 101)
========
WAN interface: 192.168.50.2/30
LAN interface: 172.1.2.249/16

Site B: (EIGRP 102)
========
WAN interface: 192.168.50.13/30
LAN interface: 172.2.0.253/16

Site C: (EIGRP 103)
========
WAN interface: 192.168.50.9/30
LAN interface: 172.3.0.253/16

Site D: (EIGRP 104)
========
WAN interface: 192.168.50.5/30
LAN interface: 172.4.0.253/16

Site E: (EIGRP 105)
========
WAN interface: 192.168.50.17/30
LAN interface: 172.5.0.253/16



Service Provider B: Flat network
------------------------------------------------------------

Site A: (EIGRP 101)
========
WAN interface: 172.17.0.1/24
LAN interface: 172.1.2.252/16

Site B: (EIGRP 102)
========
WAN interface: 172.17.0.2/24
LAN interface: 172.2.0.252/16

Site C: (EIGRP 103)
========
WAN interface: 172.17.0.3/24
LAN interface: 172.3.0.252/16

Site D: (EIGRP 104)
========
WAN interface: 172.17.0.4/24
LAN interface: 172.4.0.252/16

Site E: (EIGRP 105)
========
WAN interface: 172.17.0.5/24
LAN interface: 172.5.0.252/16

 

[Minue]

Hello
What you want to do can be done with route maps.I your'e still interested I can give you hand!
Regards

 

[mashadif]

Hi Minue,

Yes please, if you can help with Route Maps.

Do let me know if you need more information.

Regards

 

[Minue]

Hello
Who handle the configuration for the Routers at the different branches the ISP or you.
To stop the sites from seeing each other can be done with a route-map during the distrubition from BGP to EIGRP.
From the show topology.It alreay seems that ISP A is prefered because of the faster link please advice.
Regards

 

[mashadif]

Hi Minue,

Sorry for the delay in reply.

For Service Provider router:

Service Provider A: Done by service provider
(EIGRP is redistributed from BGP)

Service Provider B: Done by us locally
(only EIGRP is configured, NO BGP)

LAN Layer 3 switches: Done by us locally
(only EIGRP is configured)

Can you suggest what configurations is required at ISPs as well as LAN switches.

 

[Minue]

Hello
Being that the ISP_A is handling the CE routers are you sure they will let you configure them.The MPLS network is configured to let all site see each other.So it would be easier to tell the provider how you want subnets/site's to be redistributed.If they don't want to do it because of their policies.It can be done local with an access-list blocking traffic to the site in question or blocking the route from being advertise.This all depends on the topology of your network.
I have read your first email again but from what you wrote the Design isn't very clear to me.This is what I have understood so far,correct me if I am wrong.
All the site's have a Router connecting to 2 to different ISP with redundant connections (MPLS and DSL).The MPLS CE's or both configured with BGP and EIGRP.The Level 3 switches are running EIGRP with the CE's.Please correct if I am missing something.
If you can't touch the CE's,the blocking can be done on the Switches.
If you can post some configs it would be helpful.
Regards

 

[mashadif]

SERVICE PROVIDER A - ROUTER configuration

------------------ show running-config ------------------


Building configuration...

Current configuration : 8668 bytes
!
! Last configuration change at 18:04:07 EST Tue Dec 18 2007 by thi9423
! NVRAM config last updated at 10:24:52 EST Sat Dec 15 2007 by thi9423
!
version 12.3
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname KOHLCNCRDONR1
!
boot-start-marker
boot-end-marker
!
logging buffered 8192 debugging
no logging console
enable password 7 <removed>
!
username cisco privilege 15 password 7 <removed>
clock timezone EST -5
clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa authentication banner ^CTACAS NOT ENABLE^C
aaa authentication login default group tacacs+ local
aaa authorization config-commands

ip subnet-zero
ip cef
!
!
!
!
ip tftp source-interface FastEthernet0/1.511
no ip domain lookup
no ftp-server write-enable
!
class-map match-all CUST_INT
match input-interface FastEthernet0/0
class-map match-all all-traffic
match any
class-map match-all ROUTING
match access-group 199
match ip precedence 6
!
!
policy-map CE_egress
class CUST_INT
bandwidth remaining percent 97
random-detect dscp-based
class ROUTING
bandwidth remaining percent 3
policy-map all-BH-5000
class all-traffic
shape average 5000000
set dscp af31
service-policy CE_egress
!
interface FastEthernet0/0
description << Kohl & Frisch LAN at Concord >>
ip address 172.1.2.249 255.255.0.0
duplex auto
speed auto
!
interface FastEthernet0/1
description << TLS E10FDX WAN connection - Circuit id: 02/LMXQ PVC: KF2PVC00330 >>
bandwidth 5000
no ip address
service-policy output all-BH-5000
speed 10
full-duplex
!
interface FastEthernet0/1.100
description << 5 Mbps pvc - vlan 100 to Allstream-MPLS BUSIP cloud - pvc circuit id: KF2PVC00330 >>
bandwidth 5000
encapsulation dot1Q 100
ip address 192.168.50.2 255.255.255.252
!
interface FastEthernet0/1.511
description << Management vlan to Allstream-EMC - tjtj010aes - interface ATM4/0.341 VPI/VCI 12/111>
bandwidth 1000
encapsulation dot1Q 511
ip address 172.23.79.146 255.255.255.252
!
router eigrp 101
redistribute static
redistribute bgp 65510
network 172.1.0.0
network 0.0.0.0
default-metric 100000 100 255 1 1500
auto-summary
no eigrp log-neighbor-changes
!
router eigrp 103
redistribute static
redistribute bgp 65510
network 172.1.0.0
network 0.0.0.0
default-metric 100000 100 255 1 1500
auto-summary
no eigrp log-neighbor-changes
!
router bgp 65510
no synchronization
bgp router-id 192.168.50.2
bgp log-neighbor-changes
bgp update-delay 1
bgp scan-time 5
network 0.0.0.0
network 172.1.0.0
network 192.168.49.0
network 192.168.50.0 mask 255.255.255.252
timers bgp 20 60
redistribute eigrp 101
redistribute eigrp 103
neighbor 192.168.50.1 remote-as 11079
neighbor 192.168.50.1 description To MPLS Kohl & Frisch PE router - MPLS VPN ID: KF2VPN301
neighbor 192.168.50.1 version 4
neighbor 192.168.50.1 send-community
neighbor 192.168.50.1 advertisement-interval 1
neighbor 192.168.50.1 soft-reconfiguration inbound
maximum-paths 2
no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.1.2.254
ip route 192.168.4.0 255.255.255.0 172.23.79.145
ip route 192.168.49.0 255.255.255.0 172.23.79.145
!
ip bgp-community new-format
!
no ip http server
no ip http secure-server
ip tacacs source-interface FastEthernet0/1.511
!
logging source-interface FastEthernet0/1.511
logging 192.168.4.119
access-list 77 permit 192.168.4.0 0.0.0.255
access-list 77 permit 192.168.49.0 0.0.0.255
access-list 77 permit 216.13.99.0 0.0.0.255
access-list 88 permit 192.168.4.0 0.0.0.255
access-list 88 permit 192.168.49.0 0.0.0.255
access-list 88 permit 216.13.99.0 0.0.0.255
access-list 199 permit tcp any any eq bgp
access-list 199 permit tcp any eq bgp any
!
!
control-plane
!
rtr responder
banner motd ^CC^C
!
line con 0
exec-timeout 5 0
password 7 <removed>
stopbits 1
line aux 0
password 7 <removed>
line vty 0 4
exec-timeout 0 0
password 7 <removed>
!
ntp clock-period 17178907
ntp master
ntp server 192.168.4.119
end

 

[mashadif]

SERVICE PROVIDER B - ROUTER Configuration

!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Kohl_Concord
!
logging buffered 4096 debugging

enable password <removed>
!
username ableone password 7 14194003581C72
ip subnet-zero
!
!
no ip domain-lookup
ip host calgary 172.17.0.3
ip host moncton 172.17.0.2
ip host burnaby 172.17.0.4
ip host regina 172.17.0.5
!
!
!
!
interface Loopback0
ip address 172.18.0.1 255.255.255.255
!
interface FastEthernet0/0
description Lan Extension Ckt# 05LODJ800496-001BLCA-000
bandwidth 1544
ip address 172.17.0.1 255.255.255.0
speed auto
half-duplex
!
interface FastEthernet0/1
description to Concord Local Lan
ip address 172.1.2.252 255.255.0.0
duplex auto
speed auto
!
router eigrp 101
redistribute connected
redistribute static
network 172.1.0.0
network 172.17.0.0
network 0.0.0.0
auto-summary
!
router eigrp 103
redistribute connected
redistribute static
network 172.1.0.0
network 172.17.0.0
network 0.0.0.0
auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.1.2.254
ip http server
ip pim bidir-enable
!
snmp-server community public RO
snmp-server enable traps tty
banner login 
************************************************
**** KOHL AND FRISCH AUTHORIZATION ONLY ****
* ANY UNAUTHORIZED ACCESS IS STRICTLY FORBIDDEN*
** **
************************************************
!
line con 0
exec-timeout 5 0
password
login
transport output none
line aux 0
password

login
modem InOut
line vty 5
exec-timeout 0 0
login
!
end

 

[mashadif]

LAN SWITCH Configuration:


!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log datetime
no service password-encryption
service sequence-numbers
!
hostname KFKEELECORE
!

!
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing
!
!
cluster commander-address 001c.0e5b.f380 member 1 name KEELE3560_CLUSTER vlan 1
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface Vlan1
ip address 172.1.254.249 255.255.0.0
standby ip 172.1.2.254
!
router eigrp 101
network 172.1.0.0
network 0.0.0.0
redistribute connected
redistribute static
!
router eigrp 103
network 172.1.0.0
network 0.0.0.0
redistribute connected
redistribute static
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.1.2.250
ip http server
ip http secure-server
!
!
snmp-server community KANDFRD RO
snmp-server community KANDFWR RW
snmp-server community KFread@es1 RO
snmp-server community KFwrite@es1 RW
!
control-plane
!
!
line con 0
line vty 0 4
password keitsw1
login
length 0
line vty 5 15
password keitsw1
login
!
end

 

[mashadif]

Hi Minue,

Yes, we have two circuit one each from Service Provider A & B.

Service Provider A used BGP and EIGRP is re-distributed. We can get configuration changed with change request.

Service Provide B is a switched (FLAT) network, only EIGRP is configured. Router is in our control and we can change what ever we want, no permission is required from service provider.

Routers & Switches at HUB (main office) with have EIGRP 101, 102, 103 & 104

Routers & Switches at Spoke (remote location) will have only one EIGRP (101 or 102 or 103 or 104) configured.

Do let me know if you need more information.

Regards

 

[Minue]

Hello
Things are getting clearer.So for sure you have two routers at site_A.One with MPLS and the other Metro?!Also Please tell me if the other sites B,C,D,E have two routers with ISP_B offering Metro?
The quickest and simplest solution would be to put some access-list on the routers of the sites you want to block.Blocking the clients from geting to those subnets.Then to prefer ISP_B as the prefered route,you can just give interface a high bandwith.
I think asking the MPLS ISP to tampered with the routes isn't a good idea,first because if you decide later that you want the sites to communciate,you will have to ask them to re-configure the PE's or CE's.
To do more complicated filtering,you would have to post more show's commands and you would also have the time to do more troubleshooting.
Please let me know what you think.
Regards

 

[mashadif]

Hi,

Yes all sites have two routers, Service Provider A offering MPLS and Service Provider B offering Metro services.

We want Service Provider A to be preferred route and Service Provider B as backup route and a HUB and SPOKE topology.

I will be highly obliged if you can suggest convenient and easy configurable way to achieve the requirements.

Regards

 

[Minue]

Hello
Please be patient!It's hard to make progress,without being able to understand the topology and seeing the routers conf.
I think!I have grasp a bit more about the network.ISP_B is being prefered even though it has the worst metric's because it has internal route with AD 90.Please post a "show ip route",so I can confirm this.
Try changing the Administrative distance to make ISP_A the prefered.
KFKEELECORE(config-router)#distance eigrp 180 170

Let me know how it goes.
Regards

 

[mashadif]

Hi,

Thanks for the reply. I appreciate.

Please find SHOW IP ROUTE, SHOW IP EIGRP TOPOLOGY & SHOW IP EIGRP NEIGHB output as given below.

Yes, Service Provider B is taken as preferred route.

If i change Administrative distance in production will it affect connected sessions / network?


KFKEELECORE#SH IP ROUTE
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 172.1.2.250 to network 0.0.0.0

C 172.1.0.0/16 is directly connected, Vlan1
D 172.2.0.0/16 [90/1686272] via 172.1.2.252, 1w3d, Vlan1
D 172.3.0.0/16 [90/1686272] via 172.1.2.252, 4d16h, Vlan1
D 172.4.0.0/16 [90/1709312] via 172.1.2.252, 1w3d, Vlan1
D 172.5.0.0/16 [90/1686272] via 172.1.2.252, 1w0d, Vlan1
S* 0.0.0.0/0 [1/0] via 172.1.2.250
KFKEELECORE#

KFKEELECORE#SH IP EIGRP TOPOlogy ALL-links
EIGRP-IPv4 Topology Table for AS(101)/ID(192.20.0.249)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status

P 0.0.0.0/0, 1 successors, FD is 2816, serno 447
via Rstatic (2816/0)
via 172.1.2.249 (51456/51200), Vlan1
via 172.1.2.252 (28416/28160), Vlan1
via 172.1.254.248 (3072/2816), Vlan1
P 172.4.0.0/16, 1 successors, FD is 1709312, serno 3336
via 172.1.2.252 (1709312/1709056), Vlan1
via 172.1.2.249 (51456/51200), Vlan1
P 172.5.0.0/16, 1 successors, FD is 1686272, serno 3345
via 172.1.2.252 (1686272/1686016), Vlan1
P 172.1.0.0/16, 1 successors, FD is 2816, serno 1
via Connected, Vlan1
P 172.2.0.0/16, 1 successors, FD is 1686272, serno 3328
via 172.1.2.252 (1686272/1686016), Vlan1
via 172.1.2.249 (51456/51200), Vlan1
P 172.3.0.0/16, 0 successors, FD is Inaccessible, tag is 11079, serno 3370
via 172.1.2.249 (51456/51200), Vlan1

EIGRP-IPv4 Topology Table for AS(103)/ID(172.1.254.249)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status

P 0.0.0.0/0, 1 successors, FD is 2816, serno 5
via Rstatic (2816/0)
via 172.1.2.249 (51456/51200), Vlan1
via 172.1.2.252 (28416/28160), Vlan1
via 172.1.254.248 (3072/2816), Vlan1
P 172.4.0.0/16, 0 successors, FD is Inaccessible, tag is 11079, serno 0
via 172.1.2.249 (51456/51200), Vlan1
P 172.1.0.0/16, 1 successors, FD is 2816, serno 1
via Connected, Vlan1
P 172.2.0.0/16, 0 successors, FD is Inaccessible, tag is 11079, serno 0
via 172.1.2.249 (51456/51200), Vlan1
P 172.3.0.0/16, 1 successors, FD is 1686272, serno 63
via 172.1.2.252 (1686272/1686016), Vlan1
KFKEELECORE#

KFKEELECORE#SH IP EIGRP NEIGHbors
EIGRP-IPv4 neighbors for process 101
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
2 172.1.2.252 Vl1 14 1w5d 2 200 0 897
0 172.1.2.249 Vl1 14 5w3d 4 200 0 463
1 172.1.254.248 Vl1 12 7w5d 15 200 0 1204
EIGRP-IPv4 neighbors for process 103
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
1 172.1.2.252 Vl1 11 1w3d 1 200 0 63
2 172.1.2.249 Vl1 10 1w5d 1 200 0 28
0 172.1.254.248 Vl1 11 1w5d 31 200 0 31
KFKEELECORE#

 

[Minue]

Hello
EIGRP neighbors could be drop for a few seconds.But no problem EIGRP will converge very quickly.If you can't afford the down-time,please test in a low traffic period. After you have change the distance.Check to see the routing table is prefering the ISP_A routes.

Regards

 

[mashadif]

Thanks for the reply.

I will update you once it is changed.

Regards

 

[mashadif]

Hi Minue,

Thanks a lot

I got a maintenance window and tried DISTANCE EIGRP 180 170 it worked perfectly fine. I can see ISP_A as primary and ISP_B as secondary link in EIGRP table.

Can you also suggest on access-list for a HUB and SPOKE scenario.

Regards

 

[Minue]

Hello Mashadif
I am happy to know that it's working!As for the Hub and spoke situation,I think it would be best to keep it simple with,just blocking the clients from reaching subnets.
I will have some free time on Friday,so I will look over you config,and post the ALC's.
Best regards

 

[mashadif]

Thnaks Minue

You help is highly appreciated.

Regards