Re: DR in ABR scenario

sridhar ch · ‎06-13-2019

Hi,

can some tell me is it recommended to have ABR acting as DR for a specific area? I have ASA in HA, Inside is in Area2 facing siteB and Outside is in area0 facing siteA. Inside interface, 4k1 and 4K2 are in the same subnet 192.168.1.8/28.

ASA : 192.168.1.9 (router id is 1.1.1.3)

4K1: 192.168.1.11 (router id is 2.2.2.5)

4K2: 192.168.1.12 ((router id is 2.2.2.4)

so when i do a show ip ospf neighbor, i can see 4k2 is the DR and 4K1 as BDR. Bcoz of this, we could see the traffic coming on secondary. we dont want the traffic to be distributed on both links, what could be done here?

Hector Gustavo Serrano Gutierrez · ‎06-13-2019

OSPF DR/BDR election in the segment should not impact the Routing path decision traffic is taking. If you are using OSPF on point-to-point links you do not even need the DR/BDR election on that point-to-point link. If you have more than 2 OSPF peers in the network segment, you indeed need the DR/BDR election.
The reason your traffic is taking the path you see is irrelevant to the DR/BDR election.

A scenario where we need to take more care about the DR/BDR election is on NBMA (Non-Broadcast Multi Access) Hub-&-Spoke networks where the Hub must be the DR and the Spokes DROTHER. Based on your topology it is not the case here.

sridhar ch · ‎06-13-2019

Hi,

if you see the outout of show route for the VLAN in siteB, the preferred path is showing as the 4K2 instead of 4k1.

ASA-01/pri/act# sh route 10.158.214.0

Routing entry for 10.158.214.0 255.255.254.0

Known via "ospf 158", distance 110, metric 11, type intra area

Last update from 10.158.11.11 on inside, 125:24:18 ago

Routing Descriptor Blocks:

* 192.168.1.12, from 2.2.2.4, 125:24:18 ago, via inside

Route metric is 11, traffic share count is 1

192.168.1.11, from 2.2.2.5, 125:24:18 ago, via inside

Route metric is 11, traffic share count is 1

ASA-01/pri/act# sh ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

1.1.1.7 1 FULL/BDR 0:00:37 192.168.2.3 outside

1.1.1.8 1 FULL/DR 0:00:38 192.168.2.2 outside

2.2.2.4 1 FULL/DR 0:00:31 192.168.1.12 inside

2.2.2.5 1 FULL/BDR 0:00:35 192.168.1.11 inside

Hector Gustavo Serrano Gutierrez · ‎06-13-2019

The output shows an ECMP (Equal Cost Multi-Path) entry to reach 10.158.214.0 255.255.254.0.

Different traffic flows destined to a host on that network should be forwarded by your ASA to either 192.168.1.12 or 192.168.1.11.

Both entries are valid, don't let the * mislead you.

ASA-01/pri/act# sh route 10.158.214.0

Routing entry for 10.158.214.0 255.255.254.0
  Known via "ospf 158", distance 110, metric 11, type intra area
  Last update from 10.158.11.11 on inside, 125:24:18 ago
  Routing Descriptor Blocks:
  * 192.168.1.12, from 2.2.2.4, 125:24:18 ago, via inside
      Route metric is 11, traffic share count is 1
    192.168.1.11, from 2.2.2.5, 125:24:18 ago, via inside
      Route metric is 11, traffic share count is 1

Giuseppe Larosa · ‎06-13-2019

Hello sridhar,

what is important for the ASA is that both route paths are out the same firewall interface.

And this is your case as both routers are seen via the inside interface.

So this is NOT a case of asymmetric routing that can break connectivity on the firewall.

Also the show route 10.158.214.0 shows two paths of type O (OSPF intra area ) with same cost 11.

The ASA should be able to perform Equal cost multipath

You can use

router ospf 10

maximum-paths 4

But I think it is already using both links. In the output one link is flagged with a * like that is best but both are listed so I think you are fine.

Hope to help

Giuseppe