I recently came across a design in which GRE tunnels were built utilizing HSRP VIP addresses. At first I was unsure of how well this would work so as usual I decided to lab it up. It turns out that this is an excellent counter design to having to place metrics or do any type of fancy route manipulation to run a backup path.
Here is the basic config and overview:
Subnets Involved:
Site A (Left Side) 144.24.100.0/30 + 144.24.100.4/30 = MPLS BGP Peering 172.16.100.0/29 = HSRP Subnet 172.16.0.0/16 = Internal Subnet Site B (Right Side) 164.24.100.0/30 + 164.24.100.4/30 = MPLS BGP Peering 192.168.100.0/29 = HSRP Subnet 192.168.0.0/16 = Internal Subnet
The red line indicates a GRE tunnel. There is basic BGP configured to the MPLS Backbone on all 4 routers and they are receiving a default route via that Provider. EIGRP is running over the GRE tunnel itself. Here is the HSRP and Tunnel Configuration:
(Configurations for HSRP/Tunnel’s are identical across all routers)
R1:
interface FastEthernet0/0 description SITE A SUBNET ip address 172.16.100.2 255.255.255.248 standby 1 ip 172.16.100.1 standby 1 timers msec 200 msec 600 standby 1 priority 110 standby 1 preempt standby 1 name 172.16.100.0/29 duplex full
interface Tunnel1
description Tunnel to SITE B
ip address 10.100.0.1 255.255.255.248
keepalive 1 1
tunnel source 172.16.100.1
tunnel destination 192.168.100.1
With this design the tunnel on the “Secondary” routers will be down as long as the primary Tunnel/Router is up/up. With the HSRP timers set to 200/600 (msec) this allows for really fast tunnel and EIGRP re-convergence.
When taking down the Fa0/0 Interface on R1:
R1:
*Dec 28 20:41:47.355: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Active -> Init
*Dec 28 20:41:48.467: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to down
*Dec 28 20:41:48.515: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 10.100.0.3 (Tunnel1) is down: interface down
*Dec 28 20:41:49.347: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
R2:
*Dec 28 20:41:47.951: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Standby -> Active
*Dec 28 20:41:49.291: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel2, changed state to up
*Dec 28 20:41:49.839: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 10.100.0.3 (Tunnel2) is up: new adjacency
R3:
*Dec 28 20:41:49.723: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 10.100.0.2 (Tunnel1) is up: new adjacency
*Dec 28 20:41:58.991: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 10.100.0.1 (Tunnel1) is down: holding time expired
As you can see in the above logs the EIGRP Adjacency was established over the secondary tunnel within just over 1 second. Utilizing BFD and decreased EIGRP timers this number can be tuned even lower. I thought this design was pretty cool and wanted to share it with the community. Please let me know what you think.