redundancy with static route and OSPF

Unanswered Question
Aug 5th, 2007

Here is my network configuration:

10.10.10.0/24 -(Firewall)--- R1 -- (static)ISP ---- R2 --- (OSPF)---R3----(OSPF)--- HQ -----

- R1 connects to R2 through ISP with a default route to R2

- at R2

+ Subnet 10.10.10.0/24 is redistributed into OSPF

+ Static route Ip route 10.10.10.0/24 <ISP>

- at R3

Subnet 10.10.10.0/24 is seen at R3 through OSPF

now i have a new dedicated ethernet link between R1 and R3

What i want to achieve is the redundancy for the 10.10.10.0/24

- Traffic to HQ shall go to ISP if R2 is reachable through ISP

- If the link to R2 fails traffic shall go to R3

With the following condition:

1. I am not allowed to configure dynamic routing between R1 and R2

HSRP won't work because

If the ISP link fails traffic will be sent to R3 but because the OSPF static route redistribution

at R2, the traffic going back to 10.10.10.0/24 through R3 will be dropped by ISP

What is the best solution to my problem ? Appreciate your help

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Edison Ortiz Sun, 08/05/2007 - 11:23

The configuration at R1 will be simple. Basically, an default route to R3 with a higher metric should take care of this.

However, at R2 the configuration will depend on the ISP connection and how R2 determines the internet connection is down. We can use OER or a conditional route-map.

R2's connection to the ISP is via a Serial connection or Ethernet drop. Can you illustrate the R2 connection as best as possible ?

Thanks

illusion_rox Sun, 08/05/2007 - 12:30

hi sir edison, i once read that we could install a static route in routing table if X condition matches, but i couldnt remember how to do it, can we really do it, coz if we can i think it will make this problem really easy to solve, can u tell us how to conditionally install a static route.

illusion_rox Sun, 08/05/2007 - 12:22

hi sean u can work this out using tunnel interfaces between R1 and R2. now the point is u will need eigrp or ospf on the tunnel to serve not as a routing protocol but as a keepalive mechanism, i have done it in my lab and the design is good i think, as soon as the isp connection on either side is down so will the tunnel interface and we would have set a route to 10.10.10.0 on R3 like this

ip route 10.10.10.0 255.255.255.0 R1 111 (AD higher than ospf ;) )

becoz entry at R3 for 10 network will be like this before

O EX 10.10.10.0 [110/20]

now catch this ->

at R2 there will be a static route to 10.10.10.0 via TUNNEL interface, if isp link is down so will the tunnel interface, when tunnel interface is down so will be the static route and when the static route is not there so R2 will not redistribute anything to R3 ;) SO R3 will use the route via ethernet link which i mentioned above :)

i hope u got the point, i can paste the whole configuration if u think this will meet ur needs

sean.phan Sun, 08/05/2007 - 18:49

Hi Rox,

Sorry I've got time to read your post carefully, this also sounds like a good one.

just one question, what the impact likely would be for the static route 10.10.10.0/24 via TUNNEL interface at R2 ? will ARP cause any problem here ?

If you have confguration ready would you pls post it here

Thanks

sean.phan Sun, 08/05/2007 - 17:23

Thank you guys for your thought.

Thanks Rox, for the tunnel solution we are not allowed to do this otherwise it would make this quite simeple with OSPF :-)

Edison's insight comes quite close :-)

Let me elaborate more on the R1---ISP --- R2

10.10.10.0/24 ---(Firewall)--- R1 ---(ISP_R1) ----(ISP Network) ---- (ISP2_R2) --- R2-- OSPF

At R1 we have default static route:

ip route 0.0.0.0 0.0.0.0 (ISP_R1)'s IP address

Ar R2:

IP route 10.10.10.0/24 (ISP_R2)'s IP address

and 10.10.10.0/24 -> OSPF redistribution

That is basically, we just throw all traffic to the ISP next hop router at R1 & R2 and they will take care of the routing

The solution to the problem i think is:

1. at R1 we have static default floating route to R3

2. Configure OSPF between R1&R3 and redistribute 10.10.10.0/24 to OSPF (Higher metric)

now how should i configure R2 to make sure that if 10.10.10.0/24 is unreachable the redistribution route at R2 will disappear in OSPF ?

Edison Ortiz Sun, 08/05/2007 - 19:39

How is R2 connection to the ISP. When R2 loses that connection, does an interface goes down or a route is lost ?

sean.phan Sun, 08/05/2007 - 20:07

Good question, When connection is lost the link between R2 and ISP will still be UP most of the time

illusion_rox Sun, 08/05/2007 - 23:14

hi i think in this case ip route with track might be a better option, since it will gonna look if a particular prefix is reachable which is in this case 10.10.10.x and places the static route, now as soon as the prefix is lost to R2 due to connection failure it will not place the route in table and therefore will not redistribute it,

now does this meets ur need ?

illusion_rox Sun, 08/05/2007 - 23:41

hi i have checked it, u will have to set this on R2

ip sla monitor 1

type echo protocol ipIcmpEcho 10.10.10.1

ip sla monitor schedule 1 life forever start-time now

track 1 rtr 1 reachability

ip route 10.10.10.0 255.255.255.0 (isp-ip) track 1

now on R3

ip route 10.10.10.0 255.255.255.0 (R1 ethernet ip) 111 ( AD > ospf 110 )

this will work it out

check and tell us if its working

sean.phan Mon, 08/06/2007 - 02:00

Thank you both for your suggestion, i will need to think over it and schedule for testing this weekend.

sean.phan Mon, 08/06/2007 - 05:18

I've got a little problem wit R3 (Still using IOS 12.2 and does not support IP SLA) and i can't upgrade the IOS to 12.3 - (Not enough flash & downtime required)

sean.phan Mon, 08/06/2007 - 17:09

Thanks alot, but the Track IP ROUTE command is still not available in this IOS release 12.2(x) so the tunnel option mentioned by Rox seems to be the only option left ?

Edison Ortiz Tue, 08/07/2007 - 08:18

You can use the 'protocol ipIcmpEcho' option within the rtr command.

However, I still don't have a solid understanding on how R2 determines the remote network is down.

You answered my query with:

"When connection is lost the link between R2 and ISP will still be UP most of the time"

Can you elaborate ?

Thanks

sean.phan Tue, 08/07/2007 - 19:29

Sorr for the confusion, The R2 to ISP link is Ethernet so the link is always up even the remote subnet is unreachable unless we manually unplug the cable

Edison Ortiz Wed, 08/08/2007 - 06:57

Sean,

My suggestion is configuring BGP fully meshed between R1, R2 and R3.

This will take care of your problem without the need for static routes and Cisco's SAA.

It will be a much cleaner config and it will allow you full redundancy among peers.

Actions

This Discussion