Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
474
Views
0
Helpful
5
Replies

OSPF. Prevent Redistribution of broken link

MaximBudyonny
Level 1
Level 1

‎07-22-2008 08:11 AM - edited ‎03-03-2019 10:50 PM

Hello,

Problem

For some reasons, e.g. misconfiguration in Ethernet VLANs, etc link between

Router-X and Router-2 (it also can be Router-1) will become broken.

There is no direct LSA exchange between Router-X and Router-2

(OSPF neighborhood became ATTEMPT/DROTHER).

Router-X interface that points to Router-2 is still up and Router-2 interface that points to Router-X is still UP too.

But, Router-2 receives routes to Router-X from OSPF cloud and that route points to interface that point directly to Router-X.

This route is redistributed to Router-2 from Router-X via link to Router-X - Router-1.

For GRE tunnels I can prevent this with keepalives. But how can I prevent Router-X to redistribute route to the broken interface?

(net cloud)=area 0=[ROUTER-1]=area 10 nssa=[ROUTER-X]=area 10 nssa=+

] ]

area 0=============================[ROUTER-2]====area 10 nssa=====+

Scheme description

Router-X has connection to Router-1 and Router-2 via Ethernet links.

Network cloud exists behind the routers Router-1 and Router-2.

These routers are not directly connected but belong to area 0 and exchange LSAs.

Router configs

====Router-X====

interface FastEthernet0/0.640

description **** LINK TO ROUTER-2 ****

bandwidth 1000

encapsulation dot1Q 640

ip address 172.20.0.6 255.255.255.252

ip ospf message-digest-key XXXXXX

ip ospf network non-broadcast

no snmp trap link-status

no cdp enable

end

interface FastEthernet0/1.841

description **** LINK TO ROUTER-1 ****

bandwidth 4000

encapsulation dot1Q 841

ip address 172.24.1.5 255.255.255.252

ip ospf message-digest-key XXXXX

ip ospf network non-broadcast

no snmp trap link-status

end

router ospf 200

router-id 10.255.255.18

log-adjacency-changes

area 10 authentication message-digest

area 10 nssa

redistribute connected subnets

redistribute static subnets route-map STATIC_ FILTER

passive-interface default

no passive-interface FastEthernet0/0.640

no passive-interface FastEthernet0/1.244

network 172.20.0.4 0.0.0.3 area 10

network 172.24.1.4 0.0.0.3 area 10

neighbor 172.20.0.5

neighbor 172.24.1.6

====Router-1====

interface GigabitEthernet0/1.841

description **** LINK TO ROUTER-X ****

bandwidth 4000

encapsulation dot1Q 841

ip address 172.24.1.6 255.255.255.252

ip ospf network non-broadcast

no snmp trap link-status

end

router ospf 200

router-id 10.255.255.1

log-adjacency-changes

auto-cost reference-bandwidth 1000

area 0 authentication message-digest

area 10 authentication message-digest

area 10 nssa default-information-originate

redistribute connected subnets route-map CONNECTED_FILTER

redistribute static subnets route-map STATIC_FILTER

passive-interface default

no passive-interface GigabitEthernet0/1.841

no passive-interface GigabitEthernet0/0.1616

no passive-interface GigabitEthernet0/1

no passive-interface GigabitEthernet0/1.359

no passive-interface GigabitEthernet0/1.404

network 172.24.1.4 0.0.0.3 area 10

neighbor 172.24.1.5

====Router-2====

interface FastEthernet0/0.640

description **** LINK TO ROUTER-X ****

bandwidth 1000

encapsulation dot1Q 640

ip address 172.20.0.5 255.255.255.252

ip ospf message-digest-key XXXX

ip ospf network non-broadcast

no snmp trap link-status

no cdp enable

end

router ospf 200

router-id 10.255.255.2

log-adjacency-changes

area 0 authentication message-digest

area 10 authentication message-digest

area 10 nssa default-information-originate

redistribute connected subnets route-map CONNECTED_ FILTER

redistribute static subnets route-map STATIC_ FILTER

network 172.20.0.0 0.0.0.3 area 3

network 172.22.0.56 0.0.0.3 area 0

network 172.22.2.4 0.0.0.3 area 0

network 172.22.2.8 0.0.0.3 area 0

neighbor 172.22.2.10

neighbor 172.22.0.58

neighbor 172.20.0.6

Labels:
0 Helpful
5 Replies 5

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎07-22-2008 09:39 AM

Hello Maxim,

first of all you can solve the OSPF adj problem by configuring MD5 authentication on router 1

====Router-X====

interface FastEthernet0/0.640

description **** LINK TO ROUTER-1 ****

bandwidth 4000

encapsulation dot1Q 841

ip address 172.24.1.5 255.255.255.252

>>> ip ospf message-digest-key XXXXX

router ospf 200

area 10 authentication message-digest

While on router1

====Router-1====

interface GigabitEthernet0/1.841

description **** LINK TO ROUTER-X ****

bandwidth 4000

encapsulation dot1Q 841

ip address 172.24.1.6 255.255.255.252

ip ospf network non-broadcast

no snmp trap link-status

end

Hope to help

Giuseppe

0 Helpful

MaximBudyonny
Level 1
Level 1
In response to Giuseppe Larosa

‎07-23-2008 12:57 AM

Thank you for reply Giuseppe.

I have to inform you than in normal condition, when all links are up OSPF routers are adjacent and exchange LSA.

This's just a pity typo in copy-paste of router's config.

All interfaces are configured as NBMA and md5 authentication.

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to MaximBudyonny

‎07-23-2008 11:56 PM

Hello Maxim,

ok that it is fine. I try to understand your concerns.

you say : "Router-X interface that points to Router-2 is still up and Router-2 interface that points to Router-X is still UP too.

But, Router-2 receives routes to Router-X from OSPF cloud and that route points to interface that point directly to Router-X.

This route is redistributed to Router-2 from Router-X via link to Router-X - Router-1. "

Both routers R2 and RX will have the subnet in their own Router LSA and their LSAs are flooded in Area 10 NSSA.

From Area 10 ABR (10,0) R1 point of view it can see the subnet reachable via R2 or via RX or both depending on OSPF cost.

R2 will receive RX's Router LSA but it will not use the info about that subnet because it is also a direct connected link with AD=0 better then OSPF's AD=110.

So even in this case you don't need to worry about this.

If the two routers advertise a different subnet for the link where they cannot build the OSPF adj then each will install the subnet advertised by the other but the routing will go via R1 on the NBMA link for the missing adj.

Again, this is not a connectivity problem but can become a perfomance issue if a lot of traffic is going through the NBMA instead of using the direct LAN link

Use debug ospf adj to troubleshoot the missing adj between R2 and Rx.

Hope to help

Giuseppe

0 Helpful

MaximBudyonny
Level 1
Level 1
In response to Giuseppe Larosa

‎07-28-2008 01:52 AM

Thank you for reply.

May be my explanation is not good.

So, in normal condition, when all links are fully functional all OSPF neighbours are adjacent.

Problem is that router R-X still advertises interface that point to R-2 even when link between R2 and RX is broken.

I must find a technique that will put interface on router R-X down when link between this interface and router on opposite site is broken.

This problem can be solved pretty fine with GRE tunnel and keepalives. But for Eth interfaces it's impossible.

0 Helpful

MaximBudyonny
Level 1
Level 1
In response to Giuseppe Larosa

‎07-23-2008 01:53 AM

[del]

Double post.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card