Wednesday, 25 January 2012

Some Revision - EIGRP offset lists

Every so often when reading around the internet you come across a post/email with a network related problem that makes you think "hmmmm i've never had to do that" or "that sounds like an interesting problem" - I'll lab it and see if I can find the answer.

Combine that with an area that I do not normally need to work in (EIGRP) and there you go a blog post in the making!


So here is the scenrio:

You are a network admin that looks after three sites, one main site where your offices are and two datacentres.

You have 2x100mbit links to each datacentre and the databcentres have 1x1Gbit link.


The problem:

Traffic to a certain network/host at datacentre 2 is overloading the link so we as the network admins have been asked if we can use the excess capacity on the link to datacentre 1 to spread the traffic.




First we setup the lab:

R1

interface Loopback0
ip address 192.168.101.1 255.255.255.0
!
interface Loopback1
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.12.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.13.1 255.255.255.0
duplex auto
speed auto
!
router eigrp 100
network 192.168.12.0
network 192.168.13.0
network 192.168.101.0
no auto-summary
!


R2

interface Loopback0
ip address 10.100.10.1 255.255.255.0
!
interface Loopback1
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.12.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.23.2 255.255.255.0
duplex auto
speed auto
!
router eigrp 100
network 10.100.10.0 0.0.0.255
network 192.168.12.0
network 192.168.23.0
no auto-summary
!


R3


interface Loopback0
ip address 10.200.10.1 255.255.255.0
!
interface Loopback3
ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.13.3 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.23.3 255.255.255.0
duplex auto
speed auto
!
router eigrp 100
network 3.3.3.3 0.0.0.0
network 10.200.10.0 0.0.0.255
network 192.168.13.0
network 192.168.23.0
no auto-summary
!




Now the offset lists:
R1

ip access-list standard LOOPBACK
permit 3.3.3.3

router eigrp 100
offset-list LOOPBACK in 4000 FastEthernet0/1



Confirming...

R1


R1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C 192.168.12.0/24 is directly connected, FastEthernet0/0
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback1
C 192.168.13.0/24 is directly connected, FastEthernet0/1
3.0.0.0/32 is subnetted, 1 subnets
D 3.3.3.3 [90/158720] via 192.168.12.2, 00:03:14, FastEthernet0/0
10.0.0.0/24 is subnetted, 2 subnets
D 10.100.10.0 [90/156160] via 192.168.12.2, 00:05:48, FastEthernet0/0
D 10.200.10.0 [90/156160] via 192.168.13.3, 00:05:48, FastEthernet0/1
D 192.168.23.0/24 [90/30720] via 192.168.13.3, 00:05:48, FastEthernet0/1
[90/30720] via 192.168.12.2, 00:05:48, FastEthernet0/0
C 192.168.101.0/24 is directly connected, Loopback0



Note this bit:

3.0.0.0/32 is subnetted, 1 subnets
D 3.3.3.3 [90/158720] via 192.168.12.2, 00:03:14, FastEthernet0/0

The succesor route is from 192.168.12.2 without the offset list it would be 192.168.13.3.

Here is the output from sh ip eigrp topology all-links

R1#sh ip eigrp topology all-links
IP-EIGRP Topology Table for AS(100)/ID(192.168.101.1)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status

P 3.3.3.3/32, 1 successors, FD is 158720, serno 9
via 192.168.12.2 (158720/156160), FastEthernet0/0
via 192.168.13.3 (160160/132256), FastEthernet0/1
P 192.168.101.0/24, 1 successors, FD is 128256, serno 3
via Connected, Loopback0
P 10.100.10.0/24, 1 successors, FD is 156160, serno 6
via 192.168.12.2 (156160/128256), FastEthernet0/0
via 192.168.13.3 (158720/156160), FastEthernet0/1
P 192.168.12.0/24, 1 successors, FD is 28160, serno 1
via Connected, FastEthernet0/0
P 192.168.13.0/24, 1 successors, FD is 28160, serno 2
via Connected, FastEthernet0/1
P 192.168.23.0/24, 2 successors, FD is 30720, serno 7
via 192.168.12.2 (30720/28160), FastEthernet0/0
via 192.168.13.3 (30720/28160), FastEthernet0/1
P 10.200.10.0/24, 1 successors, FD is 156160, serno 4
via 192.168.13.3 (156160/128256), FastEthernet0/1
via 192.168.12.2 (158720/156160), FastEthernet0/0



Problem solved :)

3 comments:

Mfawa Alfred Onen said...

Nice Post Richard. I have been a big fan.

Charles Morris said...

Hello. I have always watched your vyatta videos and learn so much. I must say thank you.
However I have a small issue here that I need your help with, I would like to know how to get vyatta to block secure websites (https)
The regular way doesn't work for websites running on https even when I put it in the local-block and local-block-url section of the vyatta content filtering.
Thanks in advance.

marina jason said...

Thanks for sharing this interesting post. It's really helpful.
itach gc-100