We have redundant links to the WAN provider. We are trying to make them work but we get a routing loop between router A, router B and Provider routers, everytime both links are up. Both routers A and B are in the same OSPF area. Each router has a WAN connection to WAN provider
The ideal situation is : when both links are up, router B does not announce routes to the provider.
The provider suggested to implement some route filtering. I'm trying to filter OSPF routes coming from router A to router B (backup). To this moment, I found a way to do it with Prefix lists and distribute lists on router B. However, doing so is like a "hard" filter: router B will never install certain routes, even when link A fails.
I know that link states propagate across all routers in an OSPF domain, so filtering routes is just a matter of preventing them to be installed in the routing table. But is there a way to "dynamically" filter routes on router B when link A is up and install them when link A is down? Is there a way to prevent router B from advertising them to the provider WAN and thus preventing a loop?
No solution yet, just a question to better understand your situation.
What routes are causing the routing loop: Are they routes that originate on your site, or are they routes learned from the provider and just advertised across your site from one PE router to another?
The route that's causing the loop is the branch subnet C, when reached from HQ. The subnet is advertised by router C onto the provider network with OSPF. The provider ensures that the route is advertised to HQ routers through its backbone.
In normal situation: to reach router C, traffic goes from router A through link A and then to router C. What is happening now is: traffic goes from router A through link A, then link B, then crosses the HQ LAN, then link A, etc. and the packets are stuck in the loop.
I can't help it - I believe that this is a problem of your provider and not your problem. What kind of VPN is he providing you with? Is that an MPLS L3VPN? Do you have any insight whether he is running BGP in his network? Just wondering, when the network C is advertised into HQ, what kind of OSPF route is it - intra-area, inter-area or external?
Another question: If link A was down, would HQ learn about the network C via link 2?
The more information you can provide me about the WAN solution you're using, the better.
Here are some additional information. I hope it may help:
- provider is using MPLS L3VPN
- We're using OSPF as IGP
- provider is running OSPF with our routers (CPE), but we don't know if he's running BGP in his backbone
- HQ routers and provider routers are in OSPF area 0
- Branch routers are in areas other than area 0. HQ routers are in area 0. Network C is on another OSPF area and is advertised as OSPF Inter Area route to HQ
- HQ routers are learning all routes. Only branch routers receive OSPF default routes since they are configured as OSPF Stub
- When link A is down, what we did is ping many branch subnets at the same time to see if link B works properly. Most routers responded but some did not (ping timeout). We did not do further testing. We focused on the situation when both links A and B were up.