cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1236
Views
4
Helpful
4
Replies

OSPF - default-information - routing loop when interlink failed

ram.krishnan
Level 1
Level 1

Hi

I'm trying to understand a routing loop scenario on our core router which is running OSPF & BGP. We had a issue that the subnets behind these 2 core router was not reachable after the internlink connection between the two CORE router failed.

Config:

WANROUTER A

router ospf 1

router-id 10.230.10.5

log-adjacency-changes

passive-interface default

no passive-interface GigabitEthernet0/1 (Connecting to Dist A)

no passive-interface GigabitEthernet0/2 (Connecting to Dist B)

no passive-interface GigabitEthernet0/3 (Interlink between WAN A&B)

network 10.230.0.0 0.0.255.255 area 10.0.0.0

default-information originate always metric-type 1

distance ospf external 130

WANROUTER B

router ospf 1

router-id 10.230.10.6

log-adjacency-changes

passive-interface default

no passive-interface GigabitEthernet0/1 (Connecting to Dist A)

no passive-interface GigabitEthernet0/2 (Connecting to Dist B)

no passive-interface GigabitEthernet0/3 (Interlink between WAN A&B)

network 10.230.0.0 0.0.255.255 area 10.0.0.0

default-information originate always metric-type 1

distance ospf external 130

DISTRIBUTION ROUTER A

!

router ospf 1

router-id 10.230.10.7

log-adjacency-changes

passive-interface default

no passive-interface GigabitEthernet1/0/11 (Connecting to WAN A)

no passive-interface GigabitEthernet1/0/12 (Connecting to WAN B)

network 10.230.0.0 0.0.255.255 area 10.0.0.0

distance ospf external 130

!

DISTRIBUTION ROUTER B

!

router ospf 1

router-id 10.230.10.8

log-adjacency-changes

passive-interface default

no passive-interface GigabitEthernet1/0/11 (Connecting to WAN A)

no passive-interface GigabitEthernet1/0/12 (Connecting to WAN B)

network 10.230.0.0 0.0.255.255 area 10.0.0.0

distance ospf external 130

!

Problem:

cable failure on Gig 0/3 between WAN Router A&B. Post this failure, site become isolated as servers behind the distribution were not reachable.

Resolution:

Temp resolution made to remove the 'default information orignate' command from WAN Router B, then all looked good, subnets were reachable.

Can someone explain why this has to happen? Should the failover be dynamic in this case?

Thanks,

Ram

4 Replies 4

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Ram,

>> Temp resolution made to remove the 'default information orignate' command from WAN Router B, then all looked good, subnets were reachable.

Can someone explain why this has to happen?

I think you shouldn't use the always option but you should use a route-map to generate an OSPF default route only if a BGP default route is present in the BGP table.

With your current setup if WAN B loses any valid default route that might be learned via the link with WAN A the default route is not removed.

WAN B has a discard route and sends all traffic to null0 creating a black hole.

This is the problem you have faced the always keyword disables the capability to remove the default route LSA from OSPF domain when the ASBR node has no valid default route to use itself.

I've implemented successfully a setup like the one I'm suggesting

router ospf 1

default-information originate route-map check-bgp metric-type 1

ip prefix-list only-default permit 0.0.0.0/0

accesss-list 11 permit host x.y.z.k

! where x.y.z.k is the BGP next hop og the BGP 0.0.0.0/0 route

route-map check-bgp permit 10

match ip prefix-list only-default

match ip next-hop 11

set metric 20

!

You should do this on both WAN A and WAN B.

A simpler solution can be that of just removing the always parameter.

Hope to help

Giuseppe

Hi Giuseppe

I was finding out internally how the black hole scenario was created. I agree its due to the 'always' keywod which is forcing the default route and creating routing loop for the BGP routes to which it doesnt have any routes from WAN B. It is sending the traffic back to Dist A or B which are not BGP aware and sending back to WAN B, making routing loop inevitable.

We choose to leave the config with always keyword and provide more resiliency between the routers (getting additional connectivity).

Thanks anyway for making me comfortable with your clarification.

Hello Ram,

I recommend to take time to remove the always keyword increasing the links between the two wan devices helps.

Ask for a maintanance window and you can do it.

Hope to help

Giuseppe

Mohamed Sobair
Level 7
Level 7

Hi Ram,

The behaviour you noticed means that (WAN-B) drops the traffic coming back from the servers behind the distribution routers.

WAN-B would only drops the packet if it has no default route to the Internet.

could you let us know how is your BGP setup between WAN routers & their upstream border router?

Does the WAN router-B accessible from the Internet when the link between WAN-A and WAN-B fails?

HTH

Mohamed

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco