Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3791
Views
10
Helpful
6
Replies

Change OSPF AD

Carl Ratcliffe
Level 3
Level 3

‎07-15-2015 06:15 AM - edited ‎03-05-2019 01:53 AM

Hi Support Community

 

I have an issue that I cant find the answer to and I have tested  in GNS3 and im still not sure with the results and I was hoping somebody could shed some light on it as I need to implement this into the live environment.

 

  •  I have an MPLS router at Site A that has an OSPF neighbour with a Layer 3 switch on the same site
  • I have an MPLS router at Site B that has an OSPF neighbour with a Layer 3 switch on the same site
  • Both MPLS router redistribute WAN BGP routes into OSPF as E1 routes
  • The above layer 3 switches are connected via the P2P link and also form OSPF neighbours.
  • OSPF is in a single Area 0

 

I want to change the AD of OSPF routes on the Site B Layer 3 switch learnt from the Site B MPLS router, pretty standard and I have used many times in the past with other protocols just not OSPF. I have confirmed the RID is correct on Site B MPLS router and applied this command to the OSPF process on Site B Layer 3 switch -  distance 15 1.1.8.1 0.0.0.0.

The idea would be that these routes would then become preffered rather than route to Site A MPLS ( I cant use costs on the links to do this as I have a met area network with multiple sites connected and multiple costs already in use ) however the AD of the routes does not update to 15 and the routes learnt from Site A are still preffered with an AD of 110.

Now to test that the RID and OSPF command are correct I shutdown the Site A MPLS interface so MPLS routes can only be learnt from Site B, when I do this the AD of OSPF routes from Site B Layer 3 switch are updated to 15 which indicates the config is correct.

 

Can anybody offer any advise on this, am I doing something wrong, misunderstanding something or is it just my GNS3 lab playing up ?

 

Thanks, Carl Ratcliffe

Preston-Lancashire-England

 

Labels:
0 Helpful
6 Replies 6

Peter Paluch
Cisco Employee
Cisco Employee

‎07-15-2015 06:46 AM

Hi Carl,

I believe that what you see is normal, and is to be expected.

You need to keep in mind that OSPF has its internal rules about the preference of routes independent of administrative distances, and I am sure you know the ordering:

  1. Intra-area routes (O)
  2. Inter-area routes (O IA)
  3. External Type 1 (O E1/O N1)
  4. External Type 2 (O E2/O N2)

Even though you modify the administrative distance on the L3 switch on Site B, the L3 switch still performs the SPF calculations as usual, totally ignoring what you just configured, and it then offers the best path to the routing table manager. Only at this point, if the best route offered by OSPF truly originated at 1.1.8.1, it would get an AD of 15 instead of 110. But because obviously, routes originated at 1.1.8.1 are OSPF External Type 1, they are strictly less preferred than internal routes. Hence the behavior you have observed.

Older IOSes actually had a bug in that they allowed you to use AD to influence the internal OSPF path selection process, but that behavior was in gross violation of the OSPF RFC 2328, and somewhere in 12.4T, this bug was corrected.

So if I understand you correctly, you want your sites A and B to communicate over the MPLS cloud and not over the P2P link (also called the backdoor link) between L3 switches, is that correct?

If I got you right then you do not have many options to choose from, based on OSPF's strict internal rules. One of options - not an ideal one - would be to set up a GRE tunnel between your MPLS routers at Site A and Site B, and run OSPF over it. This would cause the two routers to believe they're directly connected, and prefer the "internal" path over the tunnel. In this case, you could actually use costs to influence OSPF choices of what the best route is.

Yet another solution is to configure a so-called OSPF sham link between your MPLS routers. The sham link behaves as a targeted OSPF connection between distant routers with a configurable cost, existing in Area 0, but no data traffic tunneling is involved. Usually, the sham link is configured by the MPLS VPN provider that performs the BGP/OSPF redistribution.

I am not sure if any of these solutions suits you. However, they are the most typical ones for this type of scenario.

Best regards,
Peter

Carl Ratcliffe
Level 3
Level 3
In response to Peter Paluch

‎07-15-2015 07:46 AM

Hi Peter

 

Thanks for the detailed reply. I was aware of the internal OSPF rules and I follow the below points however I wasn't aware that these rules took precedence over the Administrative Distance. I thought that they would only take affect if there were multiple routes to the same network with different route types however both MPLS routers redistribute E1 routes so the route types are actually the same so it would use cost. Seems its not as simple as that:

A) When there are multiple routes available to the same network with different route types, routers use this order of preference (from highest to lowest): 1. Intra-area routes. 2. Inter-area routes. 3. External Type-1 routes. 4. External Type-2 routes.


B) If there are multiple routes to a network with the same route type, the OSPF metric calculated as cost based on the bandwidth is used for selecting the best route. The route with the lowest value for cost is chosen as the best route.


C) If there are multiple routes to a network with the same route type and cost, it chooses all the routes to be installed in the routing table, and the router does equal cost load balancing across multiple paths

 

To answer your question, all MPLS traffic is currently routed to Site A however Site B now has MPLS so we want to change it so that Site B sourced traffic uses site B MPLS not site A as it does at the moment and I cant just change the link OSPF costs because we have costs on each link in the met area network which is why im looking at other options.

 

Thanks, Carl Ratcliffe

Preston-Lancashire-England

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee
In response to Carl Ratcliffe

‎07-16-2015 08:39 AM

Hi Carl,

The rules A), B), C) are generally correct but they only govern the internal path selection process inside OSPF. The AD is not a part of these rules, and it is assigned to an OSPF route only after the OSPF process has decided, based on these rules, which route is the best. In other words, in OSPF, the AD is a result of the path selection, not an input into the path selection.

To answer your question, all MPLS traffic is currently routed to Site A however Site B now has MPLS so we want to change it so that Site B sourced traffic uses site B MPLS not site A as it does at the moment

I wonder: On the MPLS Router at Site B, what is currently the preferred path toward networks at Site A? Is it over the MPLS VPN (i.e. BGP-learned), or is it over the backdoor link between the L3 switches at sites A and B (i.e. OSPF-learned)?

Best regards,
Peter

Carl Ratcliffe
Level 3
Level 3
In response to Peter Paluch

‎07-18-2015 10:59 AM

Hi Peter

 

Thanks for the response. The results of the testing are exactly as you say, AD only comes into play after OSPF process has run.

 

We don't have access to the MPLS routers as they are managed but I think if we get as far as the MPLS router then the primary route will be across the MPLS for Site A due to the routes on the MPLS router being AD of 20.

 

Thanks, Carl Ratcliffe

Preston-Lancashire-England

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee
In response to Carl Ratcliffe

‎07-19-2015 09:48 AM

Hi Carl,

Okay - I did not know that the MPLS routers are managed - your original scenario had all routers under your command.

Anyway, it is not certain that the MPLS routers have the site routes learned over BGP with AD 20. If both routers run BGP in the same AD then it would be 200 instead of 20. In that case, it is possible that even the MPLS routers would be led into preferring the backdoor route.

This scenario is not unheard of, and the problems associated with it are well known. Obviously, precisely because there were no other proper solutions, an addition to OSPF had to be invented - the so-called sham-link which I have mentioned before.

If the MPLS routers have learned about the site routes truly via BGP over MPLS and are preferring this route then perhaps, in your particular scenario, some kind of static routing or PBR could be concocted to solve your needs. However, a proper solution leads back to the sham-link, and unfortunately, tweaking OSPF interface costs which I understand is something you want to avoid. Sadly, I am not sure if you can afford avoiding it.

Best regards,
Peter

0 Helpful

Carl Ratcliffe
Level 3
Level 3
In response to Peter Paluch

‎07-20-2015 04:51 AM

Hi Peter

 

Yes they are managed MPLS routers, I only mentioned that we have an OSPF neighbourship with them and I wanted to change the AD of routes learnt from these MPLS routers, I wasn't planning on changing anything on the MPLS routers the original idea was just to change the AD of routes learnt from them Site B MPLS router.

 

MPLS WAN side is external BGP and LAN side is OSPF.

 

I have now gone back to the design and we plan on changing the ospf costs on the interfaces, just means we have to do it on around 15 ineterfaces so need to make sure we get the costs right and don't cause asynchronous routing.

 

Thanks, Carl Ratcliffe

Preston-Lancashire-England

0 Helpful
Customers Also Viewed These Support Documents