07-22-2008 08:11 AM - edited 03-03-2019 10:50 PM
Hello,
Problem
For some reasons, e.g. misconfiguration in Ethernet VLANs, etc link between
Router-X and Router-2 (it also can be Router-1) will become broken.
There is no direct LSA exchange between Router-X and Router-2
(OSPF neighborhood became ATTEMPT/DROTHER).
Router-X interface that points to Router-2 is still up and Router-2 interface that points to Router-X is still UP too.
But, Router-2 receives routes to Router-X from OSPF cloud and that route points to interface that point directly to Router-X.
This route is redistributed to Router-2 from Router-X via link to Router-X - Router-1.
For GRE tunnels I can prevent this with keepalives. But how can I prevent Router-X to redistribute route to the broken interface?
(net cloud)=area 0=[ROUTER-1]=area 10 nssa=[ROUTER-X]=area 10 nssa=+
] ]
area 0=============================[ROUTER-2]====area 10 nssa=====+
Scheme description
Router-X has connection to Router-1 and Router-2 via Ethernet links.
Network cloud exists behind the routers Router-1 and Router-2.
These routers are not directly connected but belong to area 0 and exchange LSAs.
Router configs
====Router-X====
interface FastEthernet0/0.640
description **** LINK TO ROUTER-2 ****
bandwidth 1000
encapsulation dot1Q 640
ip address 172.20.0.6 255.255.255.252
ip ospf message-digest-key XXXXXX
ip ospf network non-broadcast
no snmp trap link-status
no cdp enable
end
interface FastEthernet0/1.841
description **** LINK TO ROUTER-1 ****
bandwidth 4000
encapsulation dot1Q 841
ip address 172.24.1.5 255.255.255.252
ip ospf message-digest-key XXXXX
ip ospf network non-broadcast
no snmp trap link-status
end
router ospf 200
router-id 10.255.255.18
log-adjacency-changes
area 10 authentication message-digest
area 10 nssa
redistribute connected subnets
redistribute static subnets route-map STATIC_ FILTER
passive-interface default
no passive-interface FastEthernet0/0.640
no passive-interface FastEthernet0/1.244
network 172.20.0.4 0.0.0.3 area 10
network 172.24.1.4 0.0.0.3 area 10
neighbor 172.20.0.5
neighbor 172.24.1.6
====Router-1====
interface GigabitEthernet0/1.841
description **** LINK TO ROUTER-X ****
bandwidth 4000
encapsulation dot1Q 841
ip address 172.24.1.6 255.255.255.252
ip ospf network non-broadcast
no snmp trap link-status
end
router ospf 200
router-id 10.255.255.1
log-adjacency-changes
auto-cost reference-bandwidth 1000
area 0 authentication message-digest
area 10 authentication message-digest
area 10 nssa default-information-originate
redistribute connected subnets route-map CONNECTED_FILTER
redistribute static subnets route-map STATIC_FILTER
passive-interface default
no passive-interface GigabitEthernet0/1.841
no passive-interface GigabitEthernet0/0.1616
no passive-interface GigabitEthernet0/1
no passive-interface GigabitEthernet0/1.359
no passive-interface GigabitEthernet0/1.404
network 172.24.1.4 0.0.0.3 area 10
neighbor 172.24.1.5
====Router-2====
interface FastEthernet0/0.640
description **** LINK TO ROUTER-X ****
bandwidth 1000
encapsulation dot1Q 640
ip address 172.20.0.5 255.255.255.252
ip ospf message-digest-key XXXX
ip ospf network non-broadcast
no snmp trap link-status
no cdp enable
end
router ospf 200
router-id 10.255.255.2
log-adjacency-changes
area 0 authentication message-digest
area 10 authentication message-digest
area 10 nssa default-information-originate
redistribute connected subnets route-map CONNECTED_ FILTER
redistribute static subnets route-map STATIC_ FILTER
network 172.20.0.0 0.0.0.3 area 3
network 172.22.0.56 0.0.0.3 area 0
network 172.22.2.4 0.0.0.3 area 0
network 172.22.2.8 0.0.0.3 area 0
neighbor 172.22.2.10
neighbor 172.22.0.58
neighbor 172.20.0.6
07-22-2008 09:39 AM
Hello Maxim,
first of all you can solve the OSPF adj problem by configuring MD5 authentication on router 1
====Router-X====
interface FastEthernet0/0.640
description **** LINK TO ROUTER-1 ****
bandwidth 4000
encapsulation dot1Q 841
ip address 172.24.1.5 255.255.255.252
>>> ip ospf message-digest-key XXXXX
router ospf 200
area 10 authentication message-digest
While on router1
====Router-1====
interface GigabitEthernet0/1.841
description **** LINK TO ROUTER-X ****
bandwidth 4000
encapsulation dot1Q 841
ip address 172.24.1.6 255.255.255.252
ip ospf network non-broadcast
no snmp trap link-status
end
Hope to help
Giuseppe
07-23-2008 12:57 AM
Thank you for reply Giuseppe.
I have to inform you than in normal condition, when all links are up OSPF routers are adjacent and exchange LSA.
This's just a pity typo in copy-paste of router's config.
All interfaces are configured as NBMA and md5 authentication.
07-23-2008 11:56 PM
Hello Maxim,
ok that it is fine. I try to understand your concerns.
you say : "Router-X interface that points to Router-2 is still up and Router-2 interface that points to Router-X is still UP too.
But, Router-2 receives routes to Router-X from OSPF cloud and that route points to interface that point directly to Router-X.
This route is redistributed to Router-2 from Router-X via link to Router-X - Router-1. "
Both routers R2 and RX will have the subnet in their own Router LSA and their LSAs are flooded in Area 10 NSSA.
From Area 10 ABR (10,0) R1 point of view it can see the subnet reachable via R2 or via RX or both depending on OSPF cost.
R2 will receive RX's Router LSA but it will not use the info about that subnet because it is also a direct connected link with AD=0 better then OSPF's AD=110.
So even in this case you don't need to worry about this.
If the two routers advertise a different subnet for the link where they cannot build the OSPF adj then each will install the subnet advertised by the other but the routing will go via R1 on the NBMA link for the missing adj.
Again, this is not a connectivity problem but can become a perfomance issue if a lot of traffic is going through the NBMA instead of using the direct LAN link
Use debug ospf adj to troubleshoot the missing adj between R2 and Rx.
Hope to help
Giuseppe
07-28-2008 01:52 AM
Thank you for reply.
May be my explanation is not good.
So, in normal condition, when all links are fully functional all OSPF neighbours are adjacent.
Problem is that router R-X still advertises interface that point to R-2 even when link between R2 and RX is broken.
I must find a technique that will put interface on router R-X down when link between this interface and router on opposite site is broken.
This problem can be solved pretty fine with GRE tunnel and keepalives. But for Eth interfaces it's impossible.
07-23-2008 01:53 AM
[del]
Double post.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: