We're having a hard time getting floating static routes to work. We use the floating static route technique to utilize a VPN connection as a backup connection to our branch sites. When all that was involved was OSPF we didn't have a problem. Recently though we started using a different MPLS provider that required us to use BGP on their MPLS links. To accomodate this we added a new router at the Corp HQ (2811) to handle the new MPLS connections. BGP is configured on this router only for the WAN circuit, OSPF on the LAN side. We redistribute BGP into OSPF and vice versa.
Under normal conditions this works well. When the MPLS connection fails at one of our branch locations it (the remote branch) switches to the VPN connection immediately and the network re-converges in less than 2 seconds. The problem we're having is when the MPLS connection comes back online the MPLS router at the HQ (the trunk router) never re-inserts the remote branch's subnet into OSPF. OSPF seems to override what's in BGP on that router. To force the connection back to the MPLS connection we have to remove the static route to the remote branch on the VPN router.
Here's the redistribute commands on the MPLS router at HQ;
router ospf 1
redistribute bgp 65016 subnets
router bgp 65016
redistribute ospf 1 match internal external 1 external 2
Any thoughts? Thanks.
This may mostly be due to the mutual redistribution with redundant paths.
The only important thing to note with BGP is that administrative distance does not play a role in BGP path selection.
Its better that you post your network topology. It will help in understanding and giving solutions to your problem
I didn't post a diagram as I didn't think a text file would translate well. I can add a Visio file if that would help. Please let me know.
Router A - redistributes OSPF and BGP
Router B - BGP on main connection only. Default route pointing to VPN router with a cost of 111
Router C - OSPF with static route to Router B via VPN with cost of 150 (used to be 111 but was changed for TS purposes)
When the primary connection for router B fails it switches to the backup VPN connection to router C without any problems and the network is updated with the new info. When the primary connection comes back up though, router A never updates OSPF with the new route. Or at least if it does it never overrides OSPF. All traffic to router B goes down the VPN connection while all traffic from router B comes down the primary connection.
Is the static route at Router C default or specific static routes for remote sites??
If specific then,As i understand 4rm the scenario the static route at C which is being redistributed to OSPF,hence a external route, is having less metric than with the same external routes learn via the redistribution of BGP into OSPF..
As both end the redistribution into ospf is with default metric,make the redistribution at Router C of static route with higher cost than default value(20).
"redistribute static metric 100 subnet"
Lets hear what others have to say abt this..
Router C has specific (Class C) static routes with the other end of the VPN tunnel as it's next hop.
I'll verify when I get in tomorrow but I believe we already have the metric in the redistribution statement. We've also placed a metric on the static route statement itself.
I'll let you know what I find. Thanks!
ok thats good..
then check if the static metric propagaing in the ospf domain is less than one redistributed via bgp..if so try to make more ..
I checked and the metric is there. It was set to 111 to be one higher than OSPF but we even bumped it up to 150 hoping that would help. Here's the OSPF and static route statements for router C;
router ospf 1
redistribute static metric 150 subnets
network 10.101.0.0 0.0.255.255 area 0
network 192.168.200.0 0.0.0.255 area 1
ip route 0.0.0.0 0.0.0.0 184.108.40.206 111
ip route 10.10.11.0 255.255.255.0 192.168.200.2 111
ip route 10.10.12.0 255.255.255.0 192.168.200.1 150
When it should fail back (the primary connection comes up), I can see the route to the remote branch in the BGP tables on router A but it doesn't have the ">" symbol next to it saying it's the best route. It would rather take OSPF's word for it (and go through a minimum of 3 extra routers) to get to the remote subnet.
Here are the "sh run", "sh ip route", "sh ip bgp", and "sh ip bgp sum" on all the routers. These files have been cleansed where necessary and the actual IP addresses of the BGP connections have been changed though it should still be clear. Thanks!