OSPF - default-information - routing loop when interlink failed

Unanswered Question
Aug 16th, 2009
User Badges:

Hi


I'm trying to understand a routing loop scenario on our core router which is running OSPF & BGP. We had a issue that the subnets behind these 2 core router was not reachable after the internlink connection between the two CORE router failed.


Config:


WANROUTER A


router ospf 1

router-id 10.230.10.5

log-adjacency-changes

passive-interface default

no passive-interface GigabitEthernet0/1 (Connecting to Dist A)

no passive-interface GigabitEthernet0/2 (Connecting to Dist B)

no passive-interface GigabitEthernet0/3 (Interlink between WAN A&B)

network 10.230.0.0 0.0.255.255 area 10.0.0.0

default-information originate always metric-type 1

distance ospf external 130


WANROUTER B


router ospf 1

router-id 10.230.10.6

log-adjacency-changes

passive-interface default

no passive-interface GigabitEthernet0/1 (Connecting to Dist A)

no passive-interface GigabitEthernet0/2 (Connecting to Dist B)

no passive-interface GigabitEthernet0/3 (Interlink between WAN A&B)

network 10.230.0.0 0.0.255.255 area 10.0.0.0

default-information originate always metric-type 1

distance ospf external 130



DISTRIBUTION ROUTER A


!

router ospf 1

router-id 10.230.10.7

log-adjacency-changes

passive-interface default

no passive-interface GigabitEthernet1/0/11 (Connecting to WAN A)

no passive-interface GigabitEthernet1/0/12 (Connecting to WAN B)

network 10.230.0.0 0.0.255.255 area 10.0.0.0

distance ospf external 130

!



DISTRIBUTION ROUTER B


!

router ospf 1

router-id 10.230.10.8

log-adjacency-changes

passive-interface default

no passive-interface GigabitEthernet1/0/11 (Connecting to WAN A)

no passive-interface GigabitEthernet1/0/12 (Connecting to WAN B)

network 10.230.0.0 0.0.255.255 area 10.0.0.0

distance ospf external 130

!



Problem:


cable failure on Gig 0/3 between WAN Router A&B. Post this failure, site become isolated as servers behind the distribution were not reachable.


Resolution:


Temp resolution made to remove the 'default information orignate' command from WAN Router B, then all looked good, subnets were reachable.


Can someone explain why this has to happen? Should the failover be dynamic in this case?


Thanks,

Ram

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Giuseppe Larosa Mon, 08/17/2009 - 03:50
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Ram,


>> Temp resolution made to remove the 'default information orignate' command from WAN Router B, then all looked good, subnets were reachable.


Can someone explain why this has to happen?


I think you shouldn't use the always option but you should use a route-map to generate an OSPF default route only if a BGP default route is present in the BGP table.


With your current setup if WAN B loses any valid default route that might be learned via the link with WAN A the default route is not removed.

WAN B has a discard route and sends all traffic to null0 creating a black hole.

This is the problem you have faced the always keyword disables the capability to remove the default route LSA from OSPF domain when the ASBR node has no valid default route to use itself.


I've implemented successfully a setup like the one I'm suggesting


router ospf 1

default-information originate route-map check-bgp metric-type 1



ip prefix-list only-default permit 0.0.0.0/0

accesss-list 11 permit host x.y.z.k


! where x.y.z.k is the BGP next hop og the BGP 0.0.0.0/0 route



route-map check-bgp permit 10

match ip prefix-list only-default

match ip next-hop 11

set metric 20

!


You should do this on both WAN A and WAN B.


A simpler solution can be that of just removing the always parameter.



Hope to help

Giuseppe




ram.krishnan Mon, 08/17/2009 - 04:48
User Badges:

Hi Giuseppe


I was finding out internally how the black hole scenario was created. I agree its due to the 'always' keywod which is forcing the default route and creating routing loop for the BGP routes to which it doesnt have any routes from WAN B. It is sending the traffic back to Dist A or B which are not BGP aware and sending back to WAN B, making routing loop inevitable.


We choose to leave the config with always keyword and provide more resiliency between the routers (getting additional connectivity).


Thanks anyway for making me comfortable with your clarification.

Giuseppe Larosa Mon, 08/17/2009 - 09:28
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Ram,

I recommend to take time to remove the always keyword increasing the links between the two wan devices helps.


Ask for a maintanance window and you can do it.


Hope to help

Giuseppe


Mohamed Sobair Mon, 08/17/2009 - 04:36
User Badges:
  • Gold, 750 points or more

Hi Ram,


The behaviour you noticed means that (WAN-B) drops the traffic coming back from the servers behind the distribution routers.


WAN-B would only drops the packet if it has no default route to the Internet.


could you let us know how is your BGP setup between WAN routers & their upstream border router?


Does the WAN router-B accessible from the Internet when the link between WAN-A and WAN-B fails?



HTH

Mohamed

Actions

This Discussion