09-12-2018 03:34 PM
Hi Guys
Below is my topology (sorry for the noobish drawing). For some reason router B can't get any advertisements from router C. The only way to get that to work is if I redistribute the directly connected networks on router C... Both devices are in Full status and this is a broadcast network. I believe something is wrong with this design. Any info is greatly appreciated!
Regards!
Chris
09-12-2018 03:41 PM
Can you post the config of router B & C?
Are the interfaces between Server (in green) and 10.13.0.0/23 (in blue) UP/UP?
09-12-2018 03:46 PM
09-12-2018 03:50 PM
09-12-2018 03:59 PM
OK - what type of devices are they?
Assuming router B connects to servers via another device/ network, is that running OSPF? Area set correctly, forming neighbour relation correctly? Same with the other network?
09-12-2018 04:03 PM - edited 09-12-2018 04:08 PM
Hello
@Chris_78 wrote: I believe something is wrong with this design. Any info is greatly appreciated
Not really, However in relation to the ospf advertisement this should work, Butnot knowing the vendor platform it would hard to tell whats going on
It would be nice to know how you are advertising these external networks from A & C?
09-12-2018 04:32 PM
09-12-2018 04:49 PM
What is the link type set to on the Palo? Broadcast? P2P?
Can you see LSA’s being sent between devices if you capture packets?
Do do the routes show in the LSDB but not been added to the routing table?
09-12-2018 08:24 PM
Type everywhere is set to Broadcast
And here is output from Router B:
router B> show routing protocol ospf lsdb
VIRTUAL ROUTER: default (id 1)
==========
VR Area ID Orig RTR ID LS ID LSA Type Seq Number CheckSum Age Size
1 0.0.0.0 1.1.1.3 1.1.1.3 type-1 (Router) 0x800001E6 0x0000ABC9 1014 36
1 0.0.0.0 1.1.1.4 1.1.1.4 type-1 (Router) 0x800001E6 0x0000A6CC 1020 36
1 0.0.0.0 1.1.1.3 10.0.100.1/29 type-2 (Network) 0x80000010 0x0000C00F 1019 32
1 0.0.0.0 1.1.1.3 10.18.18.0/23 type-3 (Summary) 0x800001DC 0x000055C5 1562 28
1 0.0.0.0 1.1.1.3 10.22.22.0/23 type-3 (Summary) 0x800001DC 0x0000F81A 1562 28
1 0.0.0.0 1.1.1.3 10.99.99.0/29 type-3 (Summary) 0x800001DD 0x00004E57 476 28
1 0.0.0.0 1.1.1.3 10.99.99.8/29 type-3 (Summary) 0x800001DD 0x0000FD9F 476 28
1 0.0.0.0 1.1.1.3 172.16.2.0/23 type-3 (Summary) 0x80000195 0x00006A67 3 28
1 0.0.0.0 1.1.1.3 192.168.1.0/24 type-3 (Summary) 0x800001DD 0x0000D30B 476 28
1 2.2.2.2 1.1.1.1 1.1.1.1 type-1 (Router) 0x80000503 0x0000BFE4 784 60
1 2.2.2.2 1.1.1.2 1.1.1.2 type-1 (Router) 0x80000474 0x0000C676 800 72
1 2.2.2.2 1.1.1.3 1.1.1.3 type-1 (Router) 0x8000046F 0x00003FE5 1567 36
1 2.2.2.2 1.1.1.3 10.99.99.1/29 type-2 (Network) 0x800001EA 0x0000A8E2 1369 36
1 2.2.2.2 1.1.1.3 10.0.100.0/29 type-3 (Summary) 0x800001DC 0x0000ED1B 1562 28
1 2.2.2.2 1.1.1.3 10.99.99.8/29 type-3 (Summary) 0x800001DD 0x0000FD9F 476 28
1 2.2.2.2 1.1.1.3 192.168.1.0/24 type-3 (Summary) 0x800001DD 0x0000D30B 476 28
1 2.2.2.2 1.1.1.3 1.1.1.4 type-4 (AS summary) 0x80000010 0x00002D09 1094 28
1 3.3.3.3 1.1.1.1 1.1.1.1 type-1 (Router) 0x800004F9 0x00006215 814 48
1 3.3.3.3 1.1.1.2 1.1.1.2 type-1 (Router) 0x8000047A 0x0000A655 760 48
1 3.3.3.3 1.1.1.3 1.1.1.3 type-1 (Router) 0x8000046A 0x00000A10 1567 36
1 3.3.3.3 1.1.1.3 10.99.99.9/29 type-2 (Network) 0x800001E9 0x00005A2A 1369 36
1 3.3.3.3 1.1.1.1 192.168.1.248/24 type-2 (Network) 0x800001E3 0x00009C6B 814 32
1 3.3.3.3 1.1.1.3 10.0.100.0/29 type-3 (Summary) 0x800001DC 0x0000ED1B 1562 28
1 3.3.3.3 1.1.1.3 10.18.18.0/23 type-3 (Summary) 0x800001DC 0x000055C5 1562 28
1 3.3.3.3 1.1.1.3 10.22.22.0/23 type-3 (Summary) 0x800001DC 0x0000F81A 1562 28
1 3.3.3.3 1.1.1.3 10.99.99.0/29 type-3 (Summary) 0x800001DD 0x00004E57 476 28
1 3.3.3.3 1.1.1.3 172.16.2.0/23 type-3 (Summary) 0x80000195 0x00006A67 3 28
1 3.3.3.3 1.1.1.3 1.1.1.4 type-4 (AS summary) 0x80000010 0x00002D09 1094 28
1 1.1.1.4 10.0.100.0/29 type-5 (External) 0x8000000F 0x0000A3B1 1542
1 1.1.1.4 10.13.0.0/23 type-5 (External) 0x8000000F 0x00007C2A 1542
1 1.1.1.4 10.255.12.0/23 type-5 (External) 0x8000000F 0x00009413 1542
1 1.1.1.4 172.16.12.0/23 type-5 (External) 0x8000000F 0x00009163 1542
1 1.1.1.4 192.168.99.0/24 type-5 (External) 0x8000000F 0x0000A946 1542
09-12-2018 08:28 PM - edited 09-12-2018 08:33 PM
Currently they are working but router C must redistribute its own directly connected networks - that's the main question do we actually need this redistribution at all?
If turn off redistribution on router C , i'm unable to connect back from router B -> subnets on router C, however from subnets on router C i'm perfectly connected to subnets advertised by router B
09-13-2018 12:10 AM - edited 09-13-2018 05:23 AM
Hello
@Chris_78 wrote:
If turn off redistribution on router C , i'm unable to connect back from router B -> subnets on router C, however from subnets on router C i'm perfectly connected to subnets advertised by router B -
why are you redistributing anyway ?
Why don’t you just advertised the subnets of each Fw in ospf as inter- area routes?
Router A is nexus 3k switch with vpc connection towards router B which is Palo Alto firewall, as you may guess already router C is also Palo Alto firewall.
I’m advertising both subnets on the (so called) router A to router B via 2 separate uplinks - these are area 2.2.2.2 (for some reason didn’t show on the pic) and 3.3.3.3 but NOT area 0.0.0.0.
All devices are coded with RFC 1583 compatibility command.
When you drop the redistrubution icould it be the fact that PBR is then failing?
Are these two links between A-B load-balancing in ospf?
Does the PBR you have completed use anyone one these as a preffered ospf paths?
09-13-2018 04:33 PM
09-12-2018 06:50 PM
09-12-2018 08:07 PM
Here is the output on router C
Router C# show routing protocol ospf summary
==========
router id: 1.1.1.4
virtual router: default
reject default route: yes
redist default route: block
spf calculation delay (sec): 5.00
LSA interval timer (sec): 5.00
RFC1583 behavior: yes
area border router: no
AS border router: yes
LS type 5 count: 7
LS type 11 count: 0
LS sent count: 125
LS recv count: 129
area id: 0.0.0.0
interface: 10.0.100.2
dynamic neighbors:
IP 10.0.100.1 ID 1.1.1.3 - this is router B
Router C# show routing protocol ospf lsdb
VIRTUAL ROUTER: default (id 1)
==========
VR Area ID Orig RTR ID LS ID LSA Type Seq Number CheckSum Age Size
1 0.0.0.0 1.1.1.3 1.1.1.3 type-1 (Router) 0x800001E6 0x0000ABC9 103 36
1 0.0.0.0 1.1.1.4 1.1.1.4 type-1 (Router) 0x800001E6 0x0000A6CC 107 36
1 0.0.0.0 1.1.1.3 10.0.100.1/29 type-2 (Network) 0x80000010 0x0000C00F 108 32
1 0.0.0.0 1.1.1.3 10.18.18.0/23 type-3 (Summary) 0x800001DC 0x000055C5 652 28
1 0.0.0.0 1.1.1.3 10.22.22.0/23 type-3 (Summary) 0x800001DC 0x0000F81A 652 28
1 0.0.0.0 1.1.1.3 10.99.99.0/29 type-3 (Summary) 0x800001DC 0x00005056 1365 28
1 0.0.0.0 1.1.1.3 10.99.99.8/29 type-3 (Summary) 0x800001DC 0x0000FF9E 1365 28
1 0.0.0.0 1.1.1.3 172.16.2.0/23 type-3 (Summary) 0x80000194 0x00006C66 892 28
1 0.0.0.0 1.1.1.3 192.168.1.0/24 type-3 (Summary) 0x800001DC 0x0000D50A 1365 28
1 1.1.1.4 10.0.100.0/29 type-5 (External) 0x8000000F 0x0000A3B1 629
1 1.1.1.4 10.13.0.0/23 type-5 (External) 0x8000000F 0x00007C2A 629
1 1.1.1.4 10.255.12.0/23 type-5 (External) 0x8000000F 0x00009413 629
1 1.1.1.4 172.16.12.0/23 type-5 (External) 0x8000000F 0x00009163 629
1 1.1.1.4 192.168.99.0/24 type-5 (External) 0x8000000F 0x0000A946 629
1 1.1.1.4 192.168.99.0/24 type-5 (External) 0x8000000F 0x00000550 629
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide