OSPF Router-id Change

Answered Question
Oct 28th, 2009

Hi All

We are in a process of re-addressing the loopback IPs of routers/core switches.. I have the OSPF router-id associated with each device, which would need to be changed, post loopback re-addressing.. After I re-address the loopback, and enable routing for this new loopback, We were planning to do the following:

router ospf 100

no router-id 192.168.1.1

router-id 172.16.1.1 (new loopback IP)

Will I loose remote telnet connectivity, when I do this change? Since there are dual routers/switches, we are making sure we come through the other router, to make sure we dont connectivity to router, but:

1) what will happen when i change the ospf router-id? Will it automatically reset the OSPF neighbors, or should we do it manually?

2) Should we also clear the OSPF process for the new router ID to be effective?

I have this problem too.
0 votes
Correct Answer by Giuseppe Larosa about 7 years 1 month ago

Hello Stuey, Lavanya,

in theory the OSPF router-id doesn't need to belong to an interface in the router.It could be a fictious IP address.

So, in theory it is possible to simply do the following:

a) int loop0

ip address new-address 255.255.255.y

b) router ospf 10

network new-address area W

router-id new-address

c) clear ip ospf process

Sorry if I've appeared too careful but it is better to stay on the safe side.

So I would test the steps described above in a lab for example but it shouldn't be an issue OSPF reconvergence.

Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (6 ratings)
Loading.
Giuseppe Larosa Wed, 10/28/2009 - 13:47

Hello Lavanya,

1) you need to restart OSPF process (clear process) to have the router-id changed, all LSAs have to be regenerated with the new advertising router-id.

you shouldn't loose connectivity unless you were telnetting to the old loopback and you are also removing the old loopback.

old loopback removal should be done later with no problems.

you can still advertise the old loopbacks and the new ones during migration.

2) yes, see above

Hope to help

Giuseppe

sblavanya Wed, 10/28/2009 - 14:06

Hi Giuseppe,

"you shouldn't loose connectivity unless you were telnetting to the old loopback and you are also removing the old loopback"... didnt understand this.. what i planned of doing is:

1) renumber the loopback interface IP address from old 192.168.1.1 (say) to 172.16.1.1 and advertise this route to ospf process.. This route should be in ospf database then.. Ill do these changes by logging onto the direct point-to-point IP address of the router, so that I dont lose connectivity.

2) at this stage (with new loopback) and old router-id, would the OSPF adjacency still remain up, until I restart the ospf process?

3) next i would go ahead and change the router-ids for the router (command given before)...

4) I will clear the ospf process in the router where i changed the router-id, to make sure the new router-id is visible on the ospf process.

Is this good ? Do you see any issues doing this remote?

Giuseppe Larosa Wed, 10/28/2009 - 14:40

Hello Lavanya,

cisco routers can support multiple loopbacks I would do the following:

Add a new loopback interface to represent the new router-id

add an appropriate network command for it.

you change the router-id

clear the ip ospf process

verify with sh ip ospf that the new router-id is effective.

remove old loopback

I wouldn't remove the old loopback before changing the OSPF router-id; it shouldn't be a problem but with remote site it is better to be on the safer side.

Hope to help

Giuseppe

sblavanya Thu, 10/29/2009 - 06:19

Hi Giuseppe

Thanks for the response.. thats the problem i have here.. cant have different loopback configured since there are standards on the network to use say loop 0 as the router-id.. it would have been easy to configure a different loopback address, but i dont think its possible.. can u confirm my questions having in mind that we can have only one loopback address?

Giuseppe Larosa Thu, 10/29/2009 - 07:34

Hello Lavanya,

you can have multiple loopbacks on your device:

sh ip int br | inc oop

Loopback0 10.55.132.134 YES NVRAM up up

Loopback5 10.80.0.110 YES NVRAM up up

Loopback8 10.80.34.13 YES NVRAM up up

I have this in a production network

But you are probably meaning you would like to have multiple ip addresses associated to a single loopback interface.

if you can use the secondary option this is possible:

ip address 1.1.1.1 255.255.255.255 secondary ?

you should be able to add the new address as secondary address.

However, policy rules apply to steady migration, I think that during migration it is possible to have multiple loopbacks defined on your devices.

Hope to help

Giuseppe

sblavanya Thu, 10/29/2009 - 07:59

Giuseppe

I think you mis-understood my previous post.. I very well know that we can have multiple loopback interfaces on routers, but I will not be able to change loopback ID (loop 0) since there are some standards on the network. I cannot have say loopback 25 for ospf router-ids, since over-all in routers we use loop0. So the only way to apply this would be to re-number the existing loopback0, and not to add any new loopbacks.. i hope this makes things clear..

Can you go back to my 2nd post in this conversation, and clarify that, taking into consideration that I cannot add loopbacks or secondary IPs on my network?

CriscoSystems Thu, 10/29/2009 - 12:21

Lavanya

Giuseppe is 100 times the engineer I am, but for what it's worth I don't see anything wrong with the method you describe in your 2nd post, with a couple of conditions:

1. Don't telnet into the router using the old loopback IP as the telnet destination (obviously).

2. The route over which you're telnetting wasn't learned by OSPF. Telnet to the remote router over a direct link. (If that's not possible, define a static route over the multiple devices in the path.)

The reason for this is that if the remote router is using the old loopback IP as the router-ID, then when you blank out the old address there is a chance (a SLIM chance) that the OSPF process on that router will exit, giving you a "%OSPF-4-NORTRID: Could not allocate router ID" error message.

OSPF ought to just grab the next-highest IP address from another interface on the router, and it may indeed do this and recover on its own within a number of seconds. But you may lose your session before that happens; as the next-hop on the return path detects loss of hellos and declares the remote site unreachable.

(Even if this does happen, it would take a while; since the dead interval is 120 sec on serial links (40 sec in point-to-point mode); but like Giuseppe said it's better to be on the safe side.)

Anyway, that's my opinion. I'll probably be corrected by someone else...

Correct Answer
Giuseppe Larosa Thu, 10/29/2009 - 13:42

Hello Stuey, Lavanya,

in theory the OSPF router-id doesn't need to belong to an interface in the router.It could be a fictious IP address.

So, in theory it is possible to simply do the following:

a) int loop0

ip address new-address 255.255.255.y

b) router ospf 10

network new-address area W

router-id new-address

c) clear ip ospf process

Sorry if I've appeared too careful but it is better to stay on the safe side.

So I would test the steps described above in a lab for example but it shouldn't be an issue OSPF reconvergence.

Hope to help

Giuseppe

marikakis Fri, 10/30/2009 - 07:40

I think Giuseppe is right to prefer to be on the safe than on the sorry side, especially when the OP makes clear the interest on a smooth change procedure for a remote site.

Theoretically everything works except the times when it doesn't. See the following thread for example:

http://www.velocityreviews.com/FORUMS/t596882-ospf-routerid-incident.html

The above link confirms the procedure suggested by Giuseppe is a good way to go, but not necessarily without any problems (e.g. what will happen between steps a and b?, what will happen after the ospf process is cleared?). In the above link the OP had issues after performing step a and others report issues after performing step c.

There exist cases where "downtime is not expected", but you can still find yourself climbing stairs and removing cards with the help of the closest available kitchen knife! I would have a Plan B for the case of the remote router becoming unreachable, and that would depend on the importance of the remote site. So, it seems Giuseppe achieves a better balance than me between careful and cool :-)

sblavanya Mon, 11/09/2009 - 10:46

The router-id was changed remote without any disruption or issues. Thanks to all who contributed to this post.

Actions

This Discussion