Need Urgent help on configuring ospf with hsrp

Unanswered Question
Jul 25th, 2008

Hi Guys

I have twor routers configure with hsrp and running on ospf , now i have configure my firewall be the part of ospf and remove all the static routes from the firewall pointing to hsrp ip.

Firewall learn all the routes through ospf but not going through the hsrp ip instead going through the physical ip of routers .

My problem is that my routers all complete backup to each other and if one router goes down other will take over but now thats not happening from the firewall because its getting ospf updates from the routers physical ip instead of hsrp virtual ip.

Regards/Asfar

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Fri, 07/25/2008 - 03:14

hello Asfar,

if your firewall has OSPF adjaciencies with the two routers it will be informed of any topology change behind the two routers.

This is the job for which routing protocols exist !

So remove the static routes pointing to the HSRP VIP and everything should be fine.

>> Firewall learn all the routes through ospf but not going through the hsrp ip instead going through the physical ip of routers

Where is the problem ? this is right. Forget of HSRP VIP that is useful only as ip next hop of the static routes you used before.

Hope to help

Giuseppe

asfar.zaidi Fri, 07/25/2008 - 03:52

Hi

My problem is my router B is the backup of router A , and in case od failure of router A how my firewall will come to know that it has to go to router B as in my ospf routes on my firewall i can only see OSPF routes publish form router A and in the neighbour details of my firewall i can see both the routers but with Full state it should be one Full and one DR/Full.

Important thing is that Router A is now active for my HSRP may be thats trhe reason I am getting routes only from Router A.

Please Clearify

Regards/Asfar

tdrais Fri, 07/25/2008 - 07:11

You will always see both neighbors up and see both routes in the OSPF database. You no longer need the HSRP and will many times cause you issues if you attempt to run both a routing protocol and hsrp.

What you want to do is to manipulate the ospf metrics so that only the route to router A is placed into the firewall routing table. If it were to lose the route from router A it would then select the route it learned from router B.

How you do this will depend on what type of ospf routes these are. In general you can set ospf costs when you redistribute, on interfaces and with distribution lists.

Giuseppe Larosa Fri, 07/25/2008 - 12:14

Hello Asfar,

there is no dependency of OSPF on HSRP they are different separate protocols

DR/Full

Are you sure that your firewall isn't the OSPF DR in your setup ?

Hope to help

Giuseppe

sdoremus33 Fri, 07/25/2008 - 13:14

As mentioned befor as long as you have OSPF neighbor adjacencies to the two rtrs (active,standby) you should be fine

HSRP

RTRA - Active

HSRP Prioirity

RTRB = Standby

Hsrp Priority =

OSPF should have no problems if the dajacencied are formed from th VIP perspective

sdoremus33 Fri, 07/25/2008 - 13:18

meanins as lons as OSPF can reach the physical interfaces routers (active,standby) everyting is cool.

OSPF --> Route in table fpor active routers

OSPF--> In the event the active rtr goesd down Multicast packets are sent between the two devices every 5sec*3 then the obviouslly the standcy rtr accts as the active and the routes is in the table

gacross Sat, 07/26/2008 - 12:44

Meaning as long as OSPF can reach the physical interfaces routers (active,standby) everyting is cool.

-----

Active/Standby does not matter.

OSPF --> Route in table for active routers

-----

No route in table based on best metric

OSPF--> In the event the active rtr goesd down Multicast packets are sent between the two devices every 5sec*3 then the obviouslly the standcy rtr accts as the active and the routes is in the table

-----

No, route in table based on best metric, if router with best metric goes down FW will choose the other routers routes.

Who makes the FW? Does it support equal-cost multipath? If so and rtr-A and rtr-B have access to same networks then it should install both routes in routing table.

asfar.zaidi Sun, 07/27/2008 - 01:33

Hi

I am attaching the configuration of my Routers can you please check whats wrong as I am still not clear whats the problem

Regards/Asfar

Attachment: 

Actions

This Discussion