Solved: OSPF design question re default-information

skleinart · ‎04-04-2010

Please find attached my network diagram.

When all is normal, "ER01.COLO" provides default route to the entire network via 2 VPN tunnels. Currently the diagram is misleading, as I currently only have 1 ISP (2 cable modems, one to each ER - same provider)... but I have also had COLO provider outages... so the question is when the COLO router/VPN tunnels are down, I want the local ER's to originate default, but for ER02 to always be the internal preferred. How do I do this?

The ER's perform NAT so that all inside hosts can get out. The current issue I have is a race condition... whichever ER is first to announce default wins, the other learns from OSPF. Both local ER's have a static default route backup w/ admin distance 222 set, ER01 via DHCP and ER02 a traditional static route. (configs are below) Whichever router is first uses that route, but I ALWAYS want it to be ER02... how? But only when ER01.COLO is not up, when it is, default will be sent from it and used.

I want to keep using dynamic routing -- fast convergence is important. I was tempted to use a different IGP on the COLO router, probaby a lower AD by default than OSPF and then set 'always' on ER02. Is this the only option?

CONFIGS...

ER01.COLO#sh run | b router ospf 1
router ospf 1
router-id 172.22.0.50
log-adjacency-changes
passive-interface default
no passive-interface Tunnel1
no passive-interface Tunnel2
network A.B.18.8 0.0.0.3 area 1
network A.B.18.12 0.0.0.1 area 1
network A.B.18.14 0.0.0.0 area 1
network A.B.59.248 0.0.0.1 area 1
network 172.22.0.50 0.0.0.0 area 1
maximum-paths 6
default-information originate metric-type 1

ER01.HOME.DENVER#sh run | b router ospf 1
router ospf 1
router-id 172.22.0.11
log-adjacency-changes detail
passive-interface default
no passive-interface FastEthernet0/0
no passive-interface FastEthernet0/1
no passive-interface FastEthernet1/0
no passive-interface FastEthernet1/1
no passive-interface Tunnel1
network 10.0.99.0 0.0.0.255 area 0
network A.B.59.241 0.0.0.0 area 0
network A.B.59.248 0.0.0.1 area 1
network A.B.59.251 0.0.0.0 area 0
network 172.22.0.0 0.0.0.255 area 0
maximum-paths 6
default-information originate metric 200 metric-type 1

ip dhcp-client default-router distance 222

ER02.HOME.DENVER#sh run | b router ospf 1
router ospf 1
router-id 172.22.0.12
log-adjacency-changes detail
passive-interface default
no passive-interface FastEthernet0/0
no passive-interface FastEthernet1/0
no passive-interface FastEthernet1/1
no passive-interface FastEthernet2/0
no passive-interface Tunnel2
network 10.0.99.0 0.0.0.255 area 0
network A.B.18.12 0.0.0.1 area 1
network A.B.59.240 0.0.0.0 area 0
network A.B.59.252 0.0.0.0 area 0
network 172.22.0.0 0.0.0.255 area 0
network CM.Z.10.184 0.0.0.3 area 0
maximum-paths 6
default-information originate metric 100 metric-type 1

ER02.HOME.DENVER#sh run | i ip route
ip route 0.0.0.0 0.0.0.0 FastEthernet2/1 CM.Z.10.185 222

NORMAL OPERATION w/ VPN UP:

ER02.HOME.DENVER#sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
Known via "ospf 1", distance 110, metric 2, candidate default path
Tag 1, type extern 1
Last update from A.B.18.12 on Tunnel2, 04:11:00 ago
Routing Descriptor Blocks:
* A.B.18.12, from 172.22.0.50, 04:11:00 ago, via Tunnel2
Route metric is 2, traffic share count is 1
Route tag 1

(and due to external route, it's also the best path to rest of nework)

PROBLEM STATE, with VPN DOWN I don't want ER01 to be default, unless ER02 is ALSO DOWN....

ER01.HOME.DENVER#sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
Known via "static", distance 222, metric 0, candidate default path
Routing Descriptor Blocks:
* (DHCP LEARNT GATEWAY)
Route metric is 0, traffic share count is 1

ER02.HOME.DENVER#sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
Known via "ospf 1", distance 110, metric 11, candidate default path
Tag 1, type extern 1
Last update from 10.0.99.30 on FastEthernet0/0, 00:00:04 ago
Routing Descriptor Blocks:
* 10.0.99.30, from 172.22.0.50, 00:00:04 ago, via FastEthernet0/0
Route metric is 11, traffic share count is 1
Route tag 1

I want ER02 to always (no race condition) originate default and be best path... how?
(default-originate always does not work, as per the normal operation state requirement - I want default route to be via COLO router when up).....

ER02.HOME.DENVER#sh run | i metric
default-information originate metric 100 metric-type 1
ER02.HOME.DENVER#
ER02.HOME.DENVER#
ER02.HOME.DENVER#
ER02.HOME.DENVER#conf t
Enter configuration commands, one per line. End with CNTL/Z.
ER02.HOME.DENVER(config)#
ER02.HOME.DENVER(config)#router ospf 1
ER02.HOME.DENVER(config-router)#
ER02.HOME.DENVER(config-router)#do sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
Known via "ospf 1", distance 110, metric 2, candidate default path
Tag 1, type extern 1
Last update from A.B.18.12 on Tunnel2, 00:03:15 ago
Routing Descriptor Blocks:
* A.B.18.12, from 172.22.0.50, 00:03:15 ago, via Tunnel2
Route metric is 2, traffic share count is 1
Route tag 1

ER02.HOME.DENVER(config-router)#
ER02.HOME.DENVER(config-router)#
ER02.HOME.DENVER(config-router)$ormation originate metric 100 metric-type 1 ?
always Always advertise default route
route-map Route-map reference
<cr>

ER02.HOME.DENVER(config-router)#$riginate metric 100 metric-type 1 alwa
ER02.HOME.DENVER(config-router)#$riginate metric 100 metric-type 1 always
ER02.HOME.DENVER(config-router)#
ER02.HOME.DENVER(config-router)#end
ER02.HOME.DENVER#
ER02.HOME.DENVER#sh run | i metric
Apr 5 01:30:07.288 UTC: %SYS-5-CONFIG_I: Configured from console by kleinip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
Known via "static", distance 222, metric 0, candidate default path
Routing Descriptor Blocks:
* CM.Z.10.185, via FastEthernet2/1    <===   WRONG PATH
      Route metric is 0, traffic share count is 1

ER02.HOME.DENVER#

THANKS MUCH,

Shawn

Laurent Aubert · ‎04-08-2010

Hi,

To be sure ER02 will prefer its default static over the one received from ER01 we can increase the AD for this route only:

On ER02:

router ospf 1

distance 223 0.0.0.0 1

!

access-list 1 permit 0.0.0.0

!

If it works, ER02 will not installed the default route received from ER01 so will use its static route and send it to ER01 which should use it.

HTH

Laurent.

View solution in original post

Laurent Aubert · ‎04-05-2010

Hi,

What you could try is to configure ER02 to always send the default-route so it will be used by ER01 but only when ER01.COLO is down (route-map option):

router ospf 1

default-information originate metric 100 netric-type 1 route-map CHECK

!

route-map CHECK permit 10

match ip address 1

match tag 100
!

access-list 1 permit 0.0.0.0

ip route 0.0.0.0 0.0.0.0 FastEthernet2/1 CM.Z.10.185 222 tag 100

!

If the static default route is in the RIB, it means ER01.COLO is not reachable anymore. The TAG value is used to differenciate the static default route from the one received from ER01.COLO.

A soon as ER01 received it from ER02, it will use it due to the AD difference.

I tested it quickly and it's working.

HTH

Laurent.

skleinart · ‎04-08-2010

I can't get this solution to work..

What I see happening is if ER01.HOME 'wins the race' (I have a few ideas of things I can do to help influence that -- but no guarantee that I am sure of)... it sends the default to ER02... and then the static with AD 222 never gets in the RIB (see below).... so it doesn't seem to change the condition at all....

ER02.HOME.DENVER#sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
Known via "ospf 1", distance 110, metric 201, candidate default path
Tag 1, type extern 1
Last update from 10.0.99.30 on FastEthernet0/0, 00:00:08 ago
Routing Descriptor Blocks:
* 10.0.99.30, from 172.22.0.11, 00:00:08 ago, via FastEthernet0/0
Route metric is 201, traffic share count is 1
Route tag 1

ER02.HOME.DENVER#

If ER02 wins, it works - but that was always the case.

Did I miss anything?

ER02.HOME.DENVER#sh run | b router ospf 1
router ospf 1
router-id 172.22.0.12
default-information originate metric 100 metric-type 1 route-map OSPF-DEFAULT

ip route 0.0.0.0 0.0.0.0 FastEthernet2/1 X.Y.10.185 222 tag 100

ip access-list standard DEFAULT-ROUTE
permit 0.0.0.0

route-map OSPF-DEFAULT permit 10
match ip address DEFAULT-ROUTE
match tag 100

skleinart · ‎04-08-2010

FYI / more info...

I've been very hesitant to use 'always', but when testing it...

default-information originate always metric 100 metric-type 1 route-map OSPF-DEFAULT

... I get two negative behaviors in this case...

if tunnel 2 (ER01.COLO to ER02.HOME) goes down, but not tunnel 1 - I still have a path to the COLO and want to take it... but ER02 sees the lost default, immediately installs the static, as ER01.HOME cannot send an updated LSA in time to stop that... so my network breaks (since I lose COLO access). And, the always then 'locks' in and won't release.... is that specifically a bug? ER01 adjacency is up, and I see it sending LSA's in debug, but ER02 is not instaling the AD 110 (OSFP) route in the RIB, it keeps the AD 222 (static) instead...? I wouldn't expect this, but once always was activated, I might expect other anomalies related to OSPF and default...

172.22.0.50       0   FULL/ -        00:00:03    76.73.18.12     Tunnel2
ER02.HOME.DENVER#
ER02.HOME.DENVER#sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
Known via "static", distance 222, metric 0, candidate default path   <--- WON'T RELEASE.. ?????
Tag 100
Routing Descriptor Blocks:
* X.Y.10.185, via FastEthernet2/1
      Route metric is 0, traffic share count is 1
      Route tag 100

ER02.HOME.DENVER#
ER02.HOME.DENVER#sh run | i OSPF-
default-information originate always metric 100 metric-type 1 route-map OSPF-DEFAULT

If anyone can explain why the static route above won't release, I'm very curious. I need to read more about 'always'.... does that essentially turn-off default originates from other sources?? It didn't take effect when I applied, just when I bounced the tunnel interface to force update (topo change).

Thanks,

- Shawn

Lei Tian · ‎04-08-2010

Hi Shawn,

I think after you have default-information alway configured, the local router will think itself has the best path to reach outside the ospf domain, it will ignore other default-information advertised from other routers in the ospf domain. Is that your case?

Did you try to use different metric-type?

HTH,

Lei Tian

Laurent Aubert · ‎04-08-2010

Hi,

To be sure ER02 will prefer its default static over the one received from ER01 we can increase the AD for this route only:

On ER02:

router ospf 1

distance 223 0.0.0.0 1

!

access-list 1 permit 0.0.0.0

!

If it works, ER02 will not installed the default route received from ER01 so will use its static route and send it to ER01 which should use it.

HTH

Laurent.

skleinart · ‎04-09-2010

Thank you Laurent. AD change for the default route did the trick!

Here's my final config:

ER02.HOME.DENVER#sh run | b router ospf 1
router ospf 1
router-id 172.22.0.12
log-adjacency-changes detail
passive-interface default
no passive-interface FastEthernet0/0
no passive-interface FastEthernet1/0
no passive-interface FastEthernet1/1
no passive-interface FastEthernet2/0
no passive-interface Tunnel2
network 10.0.99.0 0.0.0.255 area 0
network .18.12 0.0.0.1 area 1
network .59.240 0.0.0.0 area 0
network .59.252 0.0.0.0 area 0
network 172.22.0.0 0.0.0.255 area 0
network .10.184 0.0.0.3 area 0
maximum-paths 6
default-information originate metric 100 metric-type 1
distance 106 172.22.0.50 0.0.0.0 DEFAULT-ROUTE
!

ip route 0.0.0.0 0.0.0.0 FastEthernet2/1 .10.185 109 name FLOAT-OSPF-BACKUP
!
ip access-list standard DEFAULT-ROUTE
permit 0.0.0.0