08-16-2009 11:02 PM - edited 03-04-2019 05:45 AM
Hi
I'm trying to understand a routing loop scenario on our core router which is running OSPF & BGP. We had a issue that the subnets behind these 2 core router was not reachable after the internlink connection between the two CORE router failed.
Config:
WANROUTER A
router ospf 1
router-id 10.230.10.5
log-adjacency-changes
passive-interface default
no passive-interface GigabitEthernet0/1 (Connecting to Dist A)
no passive-interface GigabitEthernet0/2 (Connecting to Dist B)
no passive-interface GigabitEthernet0/3 (Interlink between WAN A&B)
network 10.230.0.0 0.0.255.255 area 10.0.0.0
default-information originate always metric-type 1
distance ospf external 130
WANROUTER B
router ospf 1
router-id 10.230.10.6
log-adjacency-changes
passive-interface default
no passive-interface GigabitEthernet0/1 (Connecting to Dist A)
no passive-interface GigabitEthernet0/2 (Connecting to Dist B)
no passive-interface GigabitEthernet0/3 (Interlink between WAN A&B)
network 10.230.0.0 0.0.255.255 area 10.0.0.0
default-information originate always metric-type 1
distance ospf external 130
DISTRIBUTION ROUTER A
!
router ospf 1
router-id 10.230.10.7
log-adjacency-changes
passive-interface default
no passive-interface GigabitEthernet1/0/11 (Connecting to WAN A)
no passive-interface GigabitEthernet1/0/12 (Connecting to WAN B)
network 10.230.0.0 0.0.255.255 area 10.0.0.0
distance ospf external 130
!
DISTRIBUTION ROUTER B
!
router ospf 1
router-id 10.230.10.8
log-adjacency-changes
passive-interface default
no passive-interface GigabitEthernet1/0/11 (Connecting to WAN A)
no passive-interface GigabitEthernet1/0/12 (Connecting to WAN B)
network 10.230.0.0 0.0.255.255 area 10.0.0.0
distance ospf external 130
!
Problem:
cable failure on Gig 0/3 between WAN Router A&B. Post this failure, site become isolated as servers behind the distribution were not reachable.
Resolution:
Temp resolution made to remove the 'default information orignate' command from WAN Router B, then all looked good, subnets were reachable.
Can someone explain why this has to happen? Should the failover be dynamic in this case?
Thanks,
Ram
08-17-2009 03:50 AM
Hello Ram,
>> Temp resolution made to remove the 'default information orignate' command from WAN Router B, then all looked good, subnets were reachable.
Can someone explain why this has to happen?
I think you shouldn't use the always option but you should use a route-map to generate an OSPF default route only if a BGP default route is present in the BGP table.
With your current setup if WAN B loses any valid default route that might be learned via the link with WAN A the default route is not removed.
WAN B has a discard route and sends all traffic to null0 creating a black hole.
This is the problem you have faced the always keyword disables the capability to remove the default route LSA from OSPF domain when the ASBR node has no valid default route to use itself.
I've implemented successfully a setup like the one I'm suggesting
router ospf 1
default-information originate route-map check-bgp metric-type 1
ip prefix-list only-default permit 0.0.0.0/0
accesss-list 11 permit host x.y.z.k
! where x.y.z.k is the BGP next hop og the BGP 0.0.0.0/0 route
route-map check-bgp permit 10
match ip prefix-list only-default
match ip next-hop 11
set metric 20
!
You should do this on both WAN A and WAN B.
A simpler solution can be that of just removing the always parameter.
Hope to help
Giuseppe
08-17-2009 04:48 AM
Hi Giuseppe
I was finding out internally how the black hole scenario was created. I agree its due to the 'always' keywod which is forcing the default route and creating routing loop for the BGP routes to which it doesnt have any routes from WAN B. It is sending the traffic back to Dist A or B which are not BGP aware and sending back to WAN B, making routing loop inevitable.
We choose to leave the config with always keyword and provide more resiliency between the routers (getting additional connectivity).
Thanks anyway for making me comfortable with your clarification.
08-17-2009 09:28 AM
Hello Ram,
I recommend to take time to remove the always keyword increasing the links between the two wan devices helps.
Ask for a maintanance window and you can do it.
Hope to help
Giuseppe
08-17-2009 04:36 AM
Hi Ram,
The behaviour you noticed means that (WAN-B) drops the traffic coming back from the servers behind the distribution routers.
WAN-B would only drops the packet if it has no default route to the Internet.
could you let us know how is your BGP setup between WAN routers & their upstream border router?
Does the WAN router-B accessible from the Internet when the link between WAN-A and WAN-B fails?
HTH
Mohamed
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: