Re: OSPF advertising of summary routes

5aschulz · ‎06-30-2006

This is both a LAN/WAN issue. I have two routers with redundant DS3 circuits to an external site. The network at the external site is summarized at these routers.

If one circuit goes down routing will fail over to the other circuit and everything works fine. The problem occurs when the circuit comes back up. OSPF immediately advertises the summary route to the core switches before the individual routes have been installed in the router's table. Therefore when packets come in to the core switches from users they are routed to the router where the circuit jsut came back up. It is taking OSPF 2 minutes to install the routes so the packets are lost and we have connectivity loss to the external site.

How can I prevent these summaries from being advertised until the routin table has reconverged or how can I make OSPF not take 2 minutes to install the routes?

Here are the configs

ROUTER 1

interface ATM4/0

ip address 10.20.0.5 255.255.255.252

no ip redirects

no ip unreachables

load-interval 30

atm framing cbitplcp

atm ilmi-keepalive

pvc 1/32

encapsulation aal5snap

!

router ospf 9

log-adjacency-changes

area 5 range 10.20.0.0 255.255.0.0

area 50 stub no-summary

area 50 range 10.50.0.0 255.255.0.0

network 10.1.0.0 0.0.0.255 area 0

network 10.5.0.0 0.0.0.15 area 0

network 10.20.0.0 0.0.255.255 area 5

network 10.50.0.0 0.0.0.3 area 50

neighbor 10.20.0.6 priority 1

default-information originate

ROUTER 2

interface ATM2/0

ip address 10.20.0.1 255.255.255.252

no ip redirects

no ip unreachables

ip nat inside

load-interval 30

atm framing cbitplcp

atm ilmi-keepalive

pvc 1/32

encapsulation aal5snap

router ospf 9

log-adjacency-changes

area 5 range 10.20.0.0 255.255.0.0

area 50 stub no-summary

area 50 range 10.50.0.0 255.255.0.0

network 10.1.0.0 0.0.0.255 area 0

network 10.5.0.0 0.0.0.15 area 0

network 10.20.0.0 0.0.255.255 area 5

network 10.50.0.4 0.0.0.3 area 50

neighbor 10.20.0.2 priority 1

default-information originate

The external site is area 5 and the core switches are in area 0.

gwhuang5398 · ‎06-30-2006

See if I understood your issue correctly:

You have Router 1 and 2, and External router, all running OSPF in between. Area 0 is between Router 1 and 2 and your core switches. Area 50 is between Router 1, 2 and the external router. Your issue is when one ATM link comes back up after a link down (say on Router 1), Router 1 advertises summary route to your core switches before its OSPF coverges, and it take 2 minutes for the convergence.

Router 1 and 2 have identical config for OSPF. So from your internal network perspective, assuming the 2 routers are linked to your core switches the same way, there is no preference one way or the other. In other words, all OSPF routes learned from the 2 routers have equal costs.

I have a few questions we can discuss:

a. What's the summary route you referred to? For OSPF, before it becomes stable after the link comes back up, say on Router 1, Router 1 does not have a full neighbor relationship with the external router, and its routing table is not stable either. In this time period, your core switches won't learned routes from Router 1 if the routes need to come from the external router.

b. It could be possible that Router 1 advertises a default route into your core switches if it already have a static default route configured which has nothing to do with OSPF. Can you tell if the default route from Router 1 has a lower cost than the one advertised from Router 2?

c. How many routers are in your OSPF areas? Normally for a dozen or so OSPF routers, convergence is very quick, far less than 2 minutes. If you can post the "sh ip protocol", "sh ip ospf nei", and "sh ip ospf topology" during the 2 minute interval, that should provide more info to look into.

Gary

5aschulz · ‎06-30-2006

Your understanding is correct.

The summary I'm referring to is: (this is from the core switches)

O IA 10.20.0.0/16 [110/3] via 10.5.0.2, 20:09:37, Vlan15

[110/3] via 10.5.0.1, 20:09:37, Vlan15

[110/3] via 10.1.0.5, 20:09:37, Vlan12

[110/3] via 10.1.0.4, 20:09:37, Vlan12

Right after I bring up the downed circuit, I check the routing table on the core switches and this is what I see.

I do advertise default routes into the core from router 1 and 2 but that is not the problem.

There are 4 routers in area 0 and 4 routers in area 5.

I can't take the circuit down right now to post any info.

gwhuang5398 · ‎07-02-2006

This is what it's supposed to be from the core switches. Both Router 1 and 2 have "network 10.2.0.0 0.0.255.255 area 5". So 10.20.0.0/16 is what core switches should learn via OSPF. So what are the individual routes you were referring to?

I'm guessing you have a full mesh between core switches and Router 1 and 2. So each core switch learns the route from the routers and the other switch too. Can you post the routing table for the same route from the other core switch? Curious why as you said the downed link was always the route to go after it came back up.

As far as convergence time, what are the switches and routers you are running? But the thing is, for 8 routers, every model should be able to handle it in less than 2 minutes.

Gary

5aschulz · ‎07-03-2006

The routers are 7200s and the switches are 4507s. We do have a full mesh between these devices.

Here is the other switch's route table for those routes:

O IA 10.20.0.0/16 [110/3] via 10.5.0.2, 3d12h, Vlan15

[110/3] via 10.5.0.1, 3d12h, Vlan15

[110/3] via 10.1.0.5, 3d12h, Vlan12

[110/3] via 10.1.0.4, 3d12h, Vlan12

Here are the more specific routes on the routers that it learns from the external site.

ROUTER 1

C 10.20.0.4/30 is directly connected, ATM4/0

O 10.20.5.0/28 [110/3] via 10.20.0.6, 3d12h, ATM4/0

O 10.20.2.0/24 [110/3] via 10.20.0.6, 3d12h, ATM4/0

O 10.20.0.0/30 [110/5] via 10.20.0.6, 3d12h, ATM4/0

O 10.20.0.0/16 is a summary, 3d12h, Null0

O 10.20.1.0/24 [110/3] via 10.20.0.6, 3d12h, ATM4/0

O 10.20.120.0/24 [110/4] via 10.20.0.6, 3d12h, ATM4/0

O 10.20.113.0/24 [110/4] via 10.20.0.6, 3d12h, ATM4/0

O 10.20.109.0/24 [110/4] via 10.20.0.6, 3d12h, ATM4/0

O 10.20.104.0/24 [110/4] via 10.20.0.6, 3d12h, ATM4/0

O 10.20.105.0/24 [110/4] via 10.20.0.6, 3d12h, ATM4/0

O 10.20.102.0/24 [110/4] via 10.20.0.6, 3d12h, ATM4/0

O 10.20.103.0/24 [110/4] via 10.20.0.6, 3d12h, ATM4/0

O 10.20.100.0/24 [110/4] via 10.20.0.6, 3d12h, ATM4/0

O 10.20.101.0/24 [110/4] via 10.20.0.6, 3d12h, ATM4/0

O 10.20.98.0/24 [110/4] via 10.20.0.6, 3d12h, ATM4/0

O 10.20.99.0/24 [110/4] via 10.20.0.6, 3d12h, ATM4/0

O 10.20.96.0/24 [110/4] via 10.20.0.6, 3d12h, ATM4/0

O 10.20.97.0/24 [110/4] via 10.20.0.6, 3d12h, ATM4/0

ROUTER 2

O 10.20.0.4/30 [110/5] via 10.20.0.2, 3d12h, ATM2/0

O 10.20.5.0/28 [110/3] via 10.20.0.2, 3d12h, ATM2/0

O 10.20.2.0/24 [110/3] via 10.20.0.2, 3d12h, ATM2/0

C 10.20.0.0/30 is directly connected, ATM2/0

O 10.20.0.0/16 is a summary, 3d12h, Null0

O 10.20.1.0/24 [110/3] via 10.20.0.2, 3d12h, ATM2/0

O 10.20.120.0/24 [110/4] via 10.20.0.2, 3d12h, ATM2/0

O 10.20.113.0/24 [110/4] via 10.20.0.2, 3d12h, ATM2/0

O 10.20.109.0/24 [110/4] via 10.20.0.2, 3d12h, ATM2/0

O 10.20.104.0/24 [110/4] via 10.20.0.2, 3d12h, ATM2/0

O 10.20.105.0/24 [110/4] via 10.20.0.2, 3d12h, ATM2/0

O 10.20.102.0/24 [110/4] via 10.20.0.2, 3d12h, ATM2/0

O 10.20.103.0/24 [110/4] via 10.20.0.2, 3d12h, ATM2/0

O 10.20.100.0/24 [110/4] via 10.20.0.2, 3d12h, ATM2/0

O 10.20.101.0/24 [110/4] via 10.20.0.2, 3d12h, ATM2/0

O 10.20.98.0/24 [110/4] via 10.20.0.2, 3d12h, ATM2/0

O 10.20.99.0/24 [110/4] via 10.20.0.2, 3d12h, ATM2/0

O 10.20.96.0/24 [110/4] via 10.20.0.2, 3d12h, ATM2/0

O 10.20.97.0/24 [110/4] via 10.20.0.2, 3d12h, ATM2/0

gwhuang5398 · ‎07-03-2006

For 7200 routers and 4500 switches, it really should not take 2 minutes for less than a dozen devices to converge. If the link goes down again next time, you can use "debug ospf" to see what goes on during the 2 minute period.

For the 2nd question, are those /24 routes in Router 1 and 2's routing tables, not being learned by the swtiches? Your statement "network 10.20.0.0 0.0.255.255 area 0" puts all those /24 networks in area 0, but somehow I have the impression that those /24 networks coming from the ATM link are in a different area (area 5?).

However I still don't see why there is a preference for the link that went down and then came back up. Just by looking at OSPF, the 2 routers are equal.

Gary

5aschulz · ‎07-05-2006

Those /24 routes are not being learned by the switches because there is a summary being sent instead. The 10.20.0.0/16 network is in area 5 not area 0.

I will do a debug next time it goes down. It doesn't happen that often.

Thanks for your help.

gwhuang5398 · ‎07-07-2006

I looked at your config again. The reason that a summary was sent from Area 5 to Are 0 is you have "area 5 range 10.20.0.0 255.255.0.0" in the OSPF config. Because the 2 routers are area boundary routers between area 5 and area 0, this command tells the routers to send a summary route 10.20.0.0/16 into area 0 instead of more specific routes. That's why there's only a summary route in core switches' routing table.

If you remove the command, you will see all those /24 networks in your core switches' routing table.

Gary

5aschulz · ‎07-07-2006

I want that summary propagated to the other areas. I don't want all those /24 routes floating around. I just don't want it advertised until all the /24 routes are back in the router's table after a circuit outage.

kamlesh.sharma · ‎07-08-2006

Hi Guys,

As for as configuration is concern everything is ok. just few questions.

1- are you getting any default route in COre Switches as i can see you are only putting default information originate command only and not using " always" keyword.

2- Are your Router 1 and router 2 connected back to back or not.

My solution is to connect router 1 and router 2 back to back and bingo.

why i am saying this is beacause if you connect them than incase of one Ds3 goes down from router 1 it will learn the 10.20.0.0/16 summary route from router 2 and forward it to back to back link say for example 100/1000 Mbps link.

by doing this you have redundency as well as stability too bcos ultimately traffic will go out from router 2 only.

you can try putting conditional default route and summary route from both the router so if ds3 link goes down than don't publish the default and summary route to core switch.

please rate if it helps.

Kamlesh

5aschulz · ‎07-10-2006

Thanks for everyone's responses, but I'm going to go ahead and open a support case on this issue.