Redundancy - OSPF redistribution and Static

sean.phan · ‎08-05-2007

Here is my network configuration:

10.10.10.0/24 -(Firewall)--- R1 -- (static)ISP ---- R2 --- (OSPF)---R3----(OSPF)--- HQ -----

- R1 connects to R2 through an ISP with a default route to R2

- at R2

+ Subnet 10.10.10.0/24 is redistributed into OSPF

+ Static route IP route 10.10.10.0/24 <ISP>

(we just send traffic to 10.10.10.0/24 through the ISP next ho router and they will send it to R1)

- at R3

Subnet 10.10.10.0/24 is seen at R3 through OSPF

now i have a new dedicated link between R1 and R3

What i want to achieve is the redundancy for the 10.10.10.0/24

- Traffic to HQ shall go to ISP if R2 is reachable through ISP (first priority)

- If the link to R2 fails traffic shall go to R3

With the following conditions:

1. I am not allowed to configure dynamic routing between R1 and R2

2. No restriction on routing protocol between R1 & R3

HSRP won't work because

If the ISP link fails traffic will be sent to R3 but because the OSPF static route redistribution

at R2, the traffic going back to 10.10.10.0/24 through R3 will be dropped by ISP

If i configure OSPF for the new link between R1&R3 and redistribute 10.10.10.0/24 into OSPF at R1 (with higher metric than at R3),what shall i do to ensure that the redistributed static route to 10.10.10.0/24 through ISP will not be injected (and thus the redistributed static route through R1 will be in routing table) when the link between R1 & R2 throuhg ISP fails ?

What is the best solution to my problem ? Appreciate your help

royalblues · ‎08-05-2007

Friend,

Do you still use the default route only over the ISP link or can point specific HQ routes?

Router choses a link based on the longest match and hence the default will be mayched only when the route is not learned via another routing protocol.

With Specific routes--

Say for eg. HQ has subnet 100.100.100.0/24

Then on R1 configure

ip route 100.100.100.0/24

run ospf with R3

router ospf 100

redistribute static subnets route-map test

network 0.0.0.3 area 0

route-map test permit 10

match ip address 10

access-list 10 permit 10.10.10.0 0.0.0.255

R1 uses the static route due to lower AD but also advertises the source via OSPF to R3

On R3 configure

router ospf 100

network 0.0.0.3 area 0

distance 120 10

access-list 10 permit 10.10.10.0 0.0.0.255

The above configuration makes the direct link less preferrable.

When the ISP link fails, the traffic to HQ will be forwarded via OSPF to R3. The redistributed static route from R2 would be flushed out of R2 and R3. R3 would start using the direct link to R1 to send the traffic.

With only default route

If you only want to use the default route from R1 then you need to deny the OSPF routing updates from being installed in the routing table.

For this you need to tweak the OSPF config at R1 in addition to what configured above

At R1 configure a floating static route via the direct link and deny the ospf updates

ip route 0.0.0.0 0.0.0.0 and remove the specific HQ routes

router ospf 100

distribute-list route-map deny-ospf-routes in

route-map deny-ospf-routes deny 10

match ip address 20

access-list 20 permit any

HTH, rate if it does

Narayan

GillieLucent · ‎08-05-2007

Hi,

One simple solution is you can configure floating static route in R1 to reach R3 by setting some administrative distance and configure another floating static route in R3 to reach R1 with administrative value higher than OSPF routes (110). So, the link between R1 and R3 will behave as a backup link.

Eg.

ip route 192.168.11.0 255.255.255.224 192.168.11.137 240

Here 240 is the administrative distance.

I think running OSPF between R1 and R3 will not work, in that case link between R1 and R3 will take preference over the link through ISP. Since link through ISP is an external OSPF route which is less preferred than OSPF IA or intra-area routes.

Thanks,

Vijaybabu

royalblues · ‎08-05-2007

Vijaybabu,

You are right and hence he needs to do configure it the way i posted above if using OSPF

Narayan