Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1483
Views
0
Helpful
3
Replies

OSPF Virtual Link

Go to solution
sweigle
Level 1
Level 1

‎06-14-2010 04:26 PM - edited ‎03-06-2019 11:34 AM

Hello,

Here is the setup:    router0 -> CiscoASA -> router1

The Cisco ASA is in Multi-context mode and is using 7.2.4 firmware (Cannot use dynamic routing due to limitation of multi-context mode).    Router 0 is a linux based router that uses quagga 0.99.   Quagga is a fully function routing suite for Linux that utilizes the OSPFd on Linux.  The CLI is based on Cisco's CLI.   Router1 is a Cisco 1841 AdvIPservices 12.4(9) T5.

My question is, since the Cisco ASA cannot perform dynamic routing because of multi-context mode, how can I set up a virtual OSPF link between router0 and router1?   I've tried adding static routes in in both routers pointing to the firewall as a path for their router-ids.   I then redistributed static routes in OSPF.    I have been monitoring the ASA and do not see either router trying to send ospf packets. 

router1 (1841) config:

interface FastEthernet0/1.121
description ospf test
encapsulation dot1Q 121
ip address 10.8.255.1 255.255.255.0
!
interface FastEthernet0/1.122
encapsulation dot1Q 122
ip address 10.8.128.1 255.255.255.0

router ospf 1

router-id 10.8.255.1

log-adjacency-changes

area 0.0.0.1 virtual-link 10.8.127.194

redistribute static metric 10 subnets

network 10.8.128.0 0.0.0.255 area 10.8.128.0

network 10.8.255.0 0.0.0.255 area 0.0.0.1

ip route 10.8.127.194 255.255.255.255 10.8.255.232

Router 0  (Linux Quagga)

router ospf
ospf router-id 10.8.127.194
redistribute kernel metric 10
network 10.8.127.0/24 area 0.0.0.1
network 192.168.0.0/24 area 0.0.0.0
area 0.0.0.1 virtual-link 10.8.255.1

eth1      Link encap:Ethernet  HWaddr 00:30:18:AE:6D:E9
          inet addr:10.8.127.194  Bcast:10.8.127.255  Mask:255.255.255.0
          inet6 addr: fe80::230:18ff:feae:6de9/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:862 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4059 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:78171 (76.3 KiB)  TX bytes:369107 (360.4 KiB)
          Interrupt:19 Base address:0xc000


eth2      Link encap:Ethernet  HWaddr 00:30:18:AE:6D:EA
          inet addr:192.168.0.52  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::230:18ff:feae:6dea/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:81499 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11347 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:24937313 (23.7 MiB)  TX bytes:820748 (801.5 KiB)
          Interrupt:16

Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.8.255.1      10.8.127.232    255.255.255.255 UGH       0 0          0 eth1
192.168.192.0   192.168.0.252   255.255.255.0   UG        0 0          0 eth2
192.168.129.0   192.168.0.252   255.255.255.0   UG        0 0          0 eth2
192.168.5.0     192.168.0.252   255.255.255.0   UG        0 0          0 eth2
192.168.4.0     192.168.0.252   255.255.255.0   UG        0 0          0 eth2
172.31.254.0    192.168.0.252   255.255.255.0   UG        0 0          0 eth2
192.168.64.0    192.168.0.252   255.255.255.0   UG        0 0          0 eth2
192.168.1.0     192.168.0.252   255.255.255.0   UG        0 0          0 eth2
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 eth2
10.8.127.0      0.0.0.0         255.255.255.0   U         0 0          0 eth1
10.10.10.0      192.168.0.252   255.255.255.0   UG        0 0          0 eth2
192.168.9.0     192.168.0.252   255.255.255.0   UG        0 0          0 eth2
192.168.8.0     192.168.0.252   255.255.255.0   UG        0 0          0 eth2
0.0.0.0         192.168.0.1     0.0.0.0         UG        0 0          0 eth2

Quagga sees:

sho ip route
Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
       I - ISIS, B - BGP, > - selected route, * - FIB route

K>* 0.0.0.0/0 via 192.168.0.1, eth2
O   10.8.127.0/24 [110/10] is directly connected, eth1, 03:02:45
C>* 10.8.127.0/24 is directly connected, eth1
K>* 10.8.255.1/32 via 10.8.127.232, eth1
O>* 10.10.10.0/24 [110/10] via 192.168.0.252, eth2, 00:04:28
C>* 127.0.0.0/8 is directly connected, lo
O>* 172.31.254.0/24 [110/11121] via 192.168.0.252, eth2, 00:04:29
O   192.168.0.0/24 [110/10] is directly connected, eth2, 00:04:35
C>* 192.168.0.0/24 is directly connected, eth2
O>* 192.168.1.0/24 [110/11] via 192.168.0.252, eth2, 00:04:29
O>* 192.168.4.0/24 [110/11] via 192.168.0.252, eth2, 00:04:29
O>* 192.168.5.0/24 [110/11] via 192.168.0.252, eth2, 00:04:29
O>* 192.168.8.0/24 [110/11] via 192.168.0.252, eth2, 00:04:29
O>* 192.168.9.0/24 [110/11] via 192.168.0.252, eth2, 00:04:29
O>* 192.168.64.0/24 [110/10] via 192.168.0.252, eth2, 00:04:28
O>* 192.168.129.0/24 [110/10] via 192.168.0.252, eth2, 00:04:28
O>* 192.168.192.0/24 [110/10] via 192.168.0.252, eth2, 00:04:28

My guess is that since the static routes are redistributed into ospf that it cannot use this as a path for a virtual link.   I see that these static routes are Type-5 AS External in the OSPF processes.   A virtual link's path must be learned through OSPF?  If this is the case I cannot use virtual links and would have to use a GRE tunnel to accomplish this.

any thoughts?

thanks,

Scott

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
simonjulian
Level 1
Level 1

‎06-14-2010 07:16 PM

Hi

   In your example, router0 and router1 becomes ASBR.

   The OSPF virtual link searches for the reachability of the OSPF virtual neigbhours within the OSPF area.

   Hence OSPF virtual Link is not possible between router0 and router1.

Julian

View solution in original post

0 Helpful
3 Replies 3

Go to solution
simonjulian
Level 1
Level 1

‎06-14-2010 07:16 PM

Hi

   In your example, router0 and router1 becomes ASBR.

   The OSPF virtual link searches for the reachability of the OSPF virtual neigbhours within the OSPF area.

   Hence OSPF virtual Link is not possible between router0 and router1.

Julian

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎06-14-2010 10:04 PM

Hello Scott,

in your scenario the right tool to use is a GRE point to point tunnel that would allow to build an OSPF adjacency between the two routers.

OSPF hellos will be exchanged over the tunnel that are encapsulated in an external envelope that is protocol GRE with specific source address and destination address

For the ASA is enough to allow the GRE flow in both directions between specific IP addresses to make it to work

OSPF virtual-link might be used inside an OSPF domain but only in rare scenarios

Hope to help

Giuseppe

0 Helpful

Go to solution
sweigle
Level 1
Level 1
In response to Giuseppe Larosa

‎06-15-2010 08:23 AM

Thanks.. I thought GRE was the only solution for this.  I just did not want to encapsulate.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card