The default route is distributed from Verizon BGP into our Internet router OSPF domain then advertised to the rest of the network, as part of our falover scenario.
The PIX firealls are configured with OSPF, the inside networks get the default route from the PIX.
Both PIX firewalls need to have the default route in the route table because they are doing entirely different things. Both Firewall's DMZs need to get to the Internet, have inside networks access their DMZ and failover to DR Interent when HQ Internet is lost.
I am having trouble with the Edge router and Inside 6509 switch preferring the 515 firewall.
I want the Edge router to always use the routes from the 525 PIX for inside and the 6509 to always use the 525 for the default route unless it fails.
The 6509 is also using the PIX 515 as the next hop for Internet. Both PIX firewalls are directly connected to the 6509 in this drawing.
There is another 6509 downstairs that is a neighbor to the 6509 in this drawing, that is getting the default route from the 525 pix as I want.
Looking at the OSPF databases, they all are identical.
The edge router is forming adjacnetcys but isn't the higher Neighbor ID supposed to be preferred? The Internet router is using the 515 firewall.
Are the external routes E1 or E2? If they are E2, then the routing decision will be based entirely on the seed metrics at the redistribution points. But the routing decision is completely seperate from the DR election decision.
Looking at the DR election process, it will depend on the order things happened. On any segment, the first eligible router to boot will become the DR. I think that the internet router and 192.168.1.1 were the first to come up, and to form an adjacency.
But once a DR and BDR have been elected, then no other router will preempt them. If there are two eligible routers on the segment at boot time, then yes, the higher neighbor IP will become the DR. But if a better router comes along later, it cannot become DR or BDR until one of the others goes off line.
Looking at your architecture, OSPF 1 area would not be much use without the Internet router. So I would give the firewalls a priority of 0 so that the Internet route is always the DR. If the Internet router disappears then the two firewalls would not form adjacencies with each other, but you would not care anyway, provided when the Internet router came back it could form adjacencies with both firewalls.
By the same sort of argument, I would set the OSPF priority of 0 on the inside too, to allow the 6509 always to be the DR.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...