Nexus OSPF Clarification

Serphentis · ‎11-16-2017

Hi Guys,

We have a scenario where we have 2 x Nexus 3548 Switches that are peered together and are working fine.

Recently we had the need to start running OSPF between them and the firewalls, but i am not qutie sure if i had it setup correctly. Each Firewall is connected to 1 of the Nexus Switches.

Adjentcy is forming fine, but the problem is that on each OSPF instance, the nexus switches are forming adjentcy between them as well.

My question is this normal, or is there a spesific way to configure Nexus Switches for OSPF?

For an example:

N3K-SW1
interface Vlan2
no shutdown
ip address 10.10.2.101/24
ip router ospf 254 area 0.0.0.254
hsrp version 2
hsrp 2
    preempt
    priority 120
    ip 10.10.2.1

router ospf 254
router-id 10.10.2.101

OSPF Process ID 254 VRF default
Total number of neighbors: 2
Neighbor ID     Pri State            Up Time Address         Interface
10.10.2.2         1 FULL/DR          00:20:00 10.10.2.2       Vlan2
10.10.2.102       1 FULL/BDR         00:20:04 10.10.2.102     Vlan2

N3K-SW2

interface Vlan2
no shutdown
ip address 10.10.2.102/24
ip router ospf 254 area 0.0.0.254
hsrp version 2
hsrp 2
    preempt
    priority 90
    ip 10.10.2.1

router ospf 254
router-id 10.10.2.102

OSPF Process ID 254 VRF default
Total number of neighbors: 2
Neighbor ID     Pri State            Up Time Address         Interface
10.10.2.2         1 FULL/DR          00:19:34 10.10.2.2       Vlan2
10.10.2.101       1 FULL/DROTHER     00:19:31 10.10.2.101     Vlan2

The same scenario is happening with EIGRP if i try to set up adjaceny with a 6880X VSS;

N3K-SW1

interface Vlan999
no shutdown
ip address 172.16.99.31/24
ip router eigrp 172
hsrp version 2
hsrp 99
    preempt
    priority 120
    ip 172.16.99.33

IP-EIGRP neighbors for process 172 VRF default
H   Address                 Interface       Hold Uptime SRTT   RTO Q Seq
                                            (sec)         (ms)       Cnt Num
1   172.16.99.1             Vlan999         13   6w5d      6    200   0   1881
0   172.16.99.32            Vlan999         11   19w0d     1    200   0   12632339

N3K-SW2

interface Vlan999
no shutdown
ip address 172.16.99.32/24
ip router eigrp 172
hsrp version 2
hsrp 99
    preempt
    priority 80
    ip 172.16.99.33

IP-EIGRP neighbors for process 172 VRF default
H   Address                 Interface       Hold Uptime SRTT   RTO Q Seq
                                            (sec)         (ms)       Cnt Num
1   172.16.99.1             Vlan999         10   2w5d      6    200   0   1881
0   172.16.99.31            Vlan999         13   19w0d     1    200   0   12722311

Thank you in advance,

Niko

vivek srivastava · ‎01-11-2019

What is the output of "sh ospf neigh" on the FW ?

Try using OSPF Point-to-Point network between N3k1-N3k2, FW1-N3k1, FW2-N3k2

paul driver · ‎01-11-2019

Hello

Just like to add you maybe be applicable to use Point-to-multipoint non-broadcast network type depending if the layer 3 interface is a SVI

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Richard Burts · ‎01-11-2019

Perhaps we can get some clarification from the original poster. I am not sure that there is a problem that needs to be fixed. In reading the original post it seems to me that the key question is this

My question is this normal

If I am understanding the original post correctly there are 2 switches that are connected in at least 1 vlan and operating independently. These switches are connected to 2 firewalls. And when a routing protocol is configured on the vlan/subnet connecting the switches to the firewalls then the switches become neighbors. From my perspective that is a normal behavior and not something that needs to be fixed. If there is something I am not understanding correctly then I hope that the original poster will provide clarification.

HTH

Rick

HTH

Rick