I recently came across a design in which GRE tunnels were built utilizing HSRP VIP addresses. At first I was unsure of how well this would work so as usual I decided to lab it up. It turns out that this is an excellent counter design to having to place metrics or do any type of fancy route manipulation to run a backup path.

Here is the basic config and overview:

Subnets Involved:

Site A (Left Side) 144.24.100.0/30 + 144.24.100.4/30 = MPLS BGP Peering 172.16.100.0/29 = HSRP Subnet 172.16.0.0/16 = Internal Subnet Site B (Right Side) 164.24.100.0/30 + 164.24.100.4/30 = MPLS BGP Peering 192.168.100.0/29 = HSRP Subnet 192.168.0.0/16 = Internal Subnet 1 2 3 4 5 6 7 8 9 Site A ( Left Side ) 144.24.100.0 / 30 + 144.24.100.4 / 30 = MPLS BGP Peering 172.16.100.0 / 29 = HSRP Subnet 172.16.0.0 / 16 = Internal Subnet Site B ( Right Side ) 164.24.100.0 / 30 + 164.24.100.4 / 30 = MPLS BGP Peering 192.168.100.0 / 29 = HSRP Subnet 192.168.0.0 / 16 = Internal Subnet

The red line indicates a GRE tunnel. There is basic BGP configured to the MPLS Backbone on all 4 routers and they are receiving a default route via that Provider. EIGRP is running over the GRE tunnel itself. Here is the HSRP and Tunnel Configuration:

(Configurations for HSRP/Tunnel’s are identical across all routers)

R1:

<em>interface FastEthernet0/0</em> <em>description SITE A SUBNET</em> <em>ip address 172.16.100.2 255.255.255.248</em> <em>standby 1 ip 172.16.100.1</em> <em>standby 1 timers msec 200 msec 600</em> <em>standby 1 priority 110</em> <em>standby 1 preempt</em> <em>standby 1 name 172.16.100.0/29</em> <em>duplex full</em> 1 2 3 4 5 6 7 8 9 < em > interface FastEthernet0 / 0 < / em > < em > description SITE A SUBNET < / em > < em > ip address 172.16.100.2 255.255.255.248 < / em > < em > standby 1 ip 172.16.100.1 < / em > < em > standby 1 timers msec 200 msec 600 < / em > < em > standby 1 priority 110 < / em > < em > standby 1 preempt < / em > < em > standby 1 name 172.16.100.0 / 29 < / em > < em > duplex full < / em >

interface Tunnel1

description Tunnel to SITE B

ip address 10.100.0.1 255.255.255.248

keepalive 1 1

tunnel source 172.16.100.1

tunnel destination 192.168.100.1

With this design the tunnel on the “Secondary” routers will be down as long as the primary Tunnel/Router is up/up. With the HSRP timers set to 200/600 (msec) this allows for really fast tunnel and EIGRP re-convergence.

When taking down the Fa0/0 Interface on R1:

R1:

*Dec 28 20:41:47.355: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Active -> Init

*Dec 28 20:41:48.467: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel1, changed state to down

*Dec 28 20:41:48.515: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 10.100.0.3 (Tunnel1) is down: interface down

*Dec 28 20:41:49.347: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down

R2:

*Dec 28 20:41:47.951: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Standby -> Active

*Dec 28 20:41:49.291: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel2, changed state to up

*Dec 28 20:41:49.839: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 10.100.0.3 (Tunnel2) is up: new adjacency

R3:

*Dec 28 20:41:49.723: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 10.100.0.2 (Tunnel1) is up: new adjacency

*Dec 28 20:41:58.991: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 10.100.0.1 (Tunnel1) is down: holding time expired

As you can see in the above logs the EIGRP Adjacency was established over the secondary tunnel within just over 1 second. Utilizing BFD and decreased EIGRP timers this number can be tuned even lower. I thought this design was pretty cool and wanted to share it with the community. Please let me know what you think.