06-14-2010 04:26 PM - edited 03-06-2019 11:34 AM
Hello,
Here is the setup: router0 -> CiscoASA -> router1
The Cisco ASA is in Multi-context mode and is using 7.2.4 firmware (Cannot use dynamic routing due to limitation of multi-context mode). Router 0 is a linux based router that uses quagga 0.99. Quagga is a fully function routing suite for Linux that utilizes the OSPFd on Linux. The CLI is based on Cisco's CLI. Router1 is a Cisco 1841 AdvIPservices 12.4(9) T5.
My question is, since the Cisco ASA cannot perform dynamic routing because of multi-context mode, how can I set up a virtual OSPF link between router0 and router1? I've tried adding static routes in in both routers pointing to the firewall as a path for their router-ids. I then redistributed static routes in OSPF. I have been monitoring the ASA and do not see either router trying to send ospf packets.
router1 (1841) config:
interface FastEthernet0/1.121
description ospf test
encapsulation dot1Q 121
ip address 10.8.255.1 255.255.255.0
!
interface FastEthernet0/1.122
encapsulation dot1Q 122
ip address 10.8.128.1 255.255.255.0
router ospf 1
router-id 10.8.255.1
log-adjacency-changes
area 0.0.0.1 virtual-link 10.8.127.194
redistribute static metric 10 subnets
network 10.8.128.0 0.0.0.255 area 10.8.128.0
network 10.8.255.0 0.0.0.255 area 0.0.0.1
ip route 10.8.127.194 255.255.255.255 10.8.255.232
Router 0 (Linux Quagga)
router ospf
ospf router-id 10.8.127.194
redistribute kernel metric 10
network 10.8.127.0/24 area 0.0.0.1
network 192.168.0.0/24 area 0.0.0.0
area 0.0.0.1 virtual-link 10.8.255.1
eth1 Link encap:Ethernet HWaddr 00:30:18:AE:6D:E9
inet addr:10.8.127.194 Bcast:10.8.127.255 Mask:255.255.255.0
inet6 addr: fe80::230:18ff:feae:6de9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:862 errors:0 dropped:0 overruns:0 frame:0
TX packets:4059 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:78171 (76.3 KiB) TX bytes:369107 (360.4 KiB)
Interrupt:19 Base address:0xc000
eth2 Link encap:Ethernet HWaddr 00:30:18:AE:6D:EA
inet addr:192.168.0.52 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::230:18ff:feae:6dea/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:81499 errors:0 dropped:0 overruns:0 frame:0
TX packets:11347 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:24937313 (23.7 MiB) TX bytes:820748 (801.5 KiB)
Interrupt:16
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.8.255.1 10.8.127.232 255.255.255.255 UGH 0 0 0 eth1
192.168.192.0 192.168.0.252 255.255.255.0 UG 0 0 0 eth2
192.168.129.0 192.168.0.252 255.255.255.0 UG 0 0 0 eth2
192.168.5.0 192.168.0.252 255.255.255.0 UG 0 0 0 eth2
192.168.4.0 192.168.0.252 255.255.255.0 UG 0 0 0 eth2
172.31.254.0 192.168.0.252 255.255.255.0 UG 0 0 0 eth2
192.168.64.0 192.168.0.252 255.255.255.0 UG 0 0 0 eth2
192.168.1.0 192.168.0.252 255.255.255.0 UG 0 0 0 eth2
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
10.8.127.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
10.10.10.0 192.168.0.252 255.255.255.0 UG 0 0 0 eth2
192.168.9.0 192.168.0.252 255.255.255.0 UG 0 0 0 eth2
192.168.8.0 192.168.0.252 255.255.255.0 UG 0 0 0 eth2
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth2
Quagga sees:
sho ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
I - ISIS, B - BGP, > - selected route, * - FIB route
K>* 0.0.0.0/0 via 192.168.0.1, eth2
O 10.8.127.0/24 [110/10] is directly connected, eth1, 03:02:45
C>* 10.8.127.0/24 is directly connected, eth1
K>* 10.8.255.1/32 via 10.8.127.232, eth1
O>* 10.10.10.0/24 [110/10] via 192.168.0.252, eth2, 00:04:28
C>* 127.0.0.0/8 is directly connected, lo
O>* 172.31.254.0/24 [110/11121] via 192.168.0.252, eth2, 00:04:29
O 192.168.0.0/24 [110/10] is directly connected, eth2, 00:04:35
C>* 192.168.0.0/24 is directly connected, eth2
O>* 192.168.1.0/24 [110/11] via 192.168.0.252, eth2, 00:04:29
O>* 192.168.4.0/24 [110/11] via 192.168.0.252, eth2, 00:04:29
O>* 192.168.5.0/24 [110/11] via 192.168.0.252, eth2, 00:04:29
O>* 192.168.8.0/24 [110/11] via 192.168.0.252, eth2, 00:04:29
O>* 192.168.9.0/24 [110/11] via 192.168.0.252, eth2, 00:04:29
O>* 192.168.64.0/24 [110/10] via 192.168.0.252, eth2, 00:04:28
O>* 192.168.129.0/24 [110/10] via 192.168.0.252, eth2, 00:04:28
O>* 192.168.192.0/24 [110/10] via 192.168.0.252, eth2, 00:04:28
My guess is that since the static routes are redistributed into ospf that it cannot use this as a path for a virtual link. I see that these static routes are Type-5 AS External in the OSPF processes. A virtual link's path must be learned through OSPF? If this is the case I cannot use virtual links and would have to use a GRE tunnel to accomplish this.
any thoughts?
thanks,
Scott
Solved! Go to Solution.
06-14-2010 07:16 PM
Hi
In your example, router0 and router1 becomes ASBR.
The OSPF virtual link searches for the reachability of the OSPF virtual neigbhours within the OSPF area.
Hence OSPF virtual Link is not possible between router0 and router1.
Julian
06-14-2010 07:16 PM
Hi
In your example, router0 and router1 becomes ASBR.
The OSPF virtual link searches for the reachability of the OSPF virtual neigbhours within the OSPF area.
Hence OSPF virtual Link is not possible between router0 and router1.
Julian
06-14-2010 10:04 PM
Hello Scott,
in your scenario the right tool to use is a GRE point to point tunnel that would allow to build an OSPF adjacency between the two routers.
OSPF hellos will be exchanged over the tunnel that are encapsulated in an external envelope that is protocol GRE with specific source address and destination address
For the ASA is enough to allow the GRE flow in both directions between specific IP addresses to make it to work
OSPF virtual-link might be used inside an OSPF domain but only in rare scenarios
Hope to help
Giuseppe
06-15-2010 08:23 AM
Thanks.. I thought GRE was the only solution for this. I just did not want to encapsulate.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide