Solved: Re: OSPF doesn't pick the least cost route...

Difan Zhao · ‎08-19-2010

Hi experts,

I have a branch router (Cisco 1841) and it has a T1 link to my Core router 1 and it also has a VPN (DMVPN) link to Core router 2.

The tunnel is up and OSPF adjacencies are fully. I have also checked the cost on both interfaces and for both directions the VPN tunnel interfaces have much lower cost. All the links are in area 0. The followings are some "show" commands. What would cause this??

Thanks!

================================= Core 1 ====================================

Core1#sh run | be router ospf
router ospf 1
router-id 10.80.0.21
log-adjacency-changes
auto-cost reference-bandwidth 1000
area 0 authentication message-digest
area 0 range 10.26.0.0 255.255.0.0
...
network 10.26.222.0 0.0.0.255 area 0
network 10.80.0.21 0.0.0.0 area 0

Core1#sh run int s0/0/0
interface Serial0/0/0
bandwidth 1536
ip address 10.26.222.1 255.255.255.0
encapsulation ppp
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 7 xxx
ip ospf network point-to-point
ip ospf hello-interval 3
ip ospf dead-interval 15
end

Core1#sh ip ospf int s0/0/0

Serial0/0/0 is up, line protocol is up
Internet Address 10.26.222.1/24, Area 0
Process ID 1, Router ID 10.80.0.21, Network Type POINT_TO_POINT, Cost: 651
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 3, Dead 15, Wait 15, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:00
Supports Link-local Signaling (LLS)
Index 9/6, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 1, maximum is 51
Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 10.80.0.72
Suppress hello for 0 neighbor(s)
Message digest authentication enabled
    Youngest key id is 1

Core1#sh ip ospf neighbor 10.80.0.72
Neighbor 10.80.0.72, interface address 10.26.222.2
    In the area 0 via interface Serial0/0/0
    Neighbor priority is 0, State is FULL, 6 state changes
    DR is 0.0.0.0 BDR is 0.0.0.0
    Options is 0x52
    LLS Options is 0x1 (LR)
    Dead timer due in 00:00:14
    Neighbor is up for 02:17:37
    Index 10/8, retransmission queue length 0, number of retransmission 0
    First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
    Last retransmission scan length is 0, maximum is 0
    Last retransmission scan time is 0 msec, maximum is 0 msec

================================= Core 2 ====================================

Core2#sh run | be router ospf

router ospf 1
router-id 10.80.0.22
log-adjacency-changes
auto-cost reference-bandwidth 1000
area 0 authentication message-digest
area 0 range 10.26.0.0 255.255.0.0
passive-interface GigabitEthernet0/0.130
passive-interface Serial0/1/0
network 10.26.130.0 0.0.0.255 area 0
network 10.26.160.0 0.0.0.255 area 0
network 10.26.180.0 0.0.0.7 area 0
network 10.26.180.8 0.0.0.3 area 0
network 10.26.221.0 0.0.0.255 area 0
network 10.27.0.0 0.0.0.255 area 0
network 10.80.0.22 0.0.0.0 area 0
network 10.255.255.0 0.0.0.255 area 0

Core2#sh run int t0
interface Tunnel0
description DMVPN HUB
bandwidth 3000
ip address 10.255.255.1 255.255.255.0
no ip redirects
ip mtu 1416
ip nhrp authentication xxx
ip nhrp map multicast dynamic
ip nhrp network-id 10
ip nhrp holdtime 3600
no ip route-cache cef
no ip route-cache
ip ospf message-digest-key 1 md5 xxx
ip ospf network broadcast
ip ospf priority 255
delay 1000
tunnel source GigabitEthernet0/1
tunnel mode gre multipoint
tunnel key 111
tunnel protection ipsec profile DMVPN_PROFILE
end

Core2#sh ip ospf neighbor 10.80.0.72
Neighbor 10.80.0.72, interface address 10.255.255.72
    In the area 0 via interface Tunnel0
    Neighbor priority is 1, State is FULL, 18 state changes
    DR is 10.255.255.1 BDR is 10.255.255.1
    Options is 0x52
    LLS Options is 0x1 (LR)
    Dead timer due in 00:00:35
    Neighbor is up for 00:42:51
    Index 8/8, retransmission queue length 0, number of retransmission 14
    First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
    Last retransmission scan length is 4, maximum is 4
    Last retransmission scan time is 0 msec, maximum is 0 msec

Core2#sh ip ospf int t0
Tunnel0 is up, line protocol is up
Internet Address 10.255.255.1/24, Area 0
Process ID 1, Router ID 10.80.0.22, Network Type BROADCAST, Cost: 333
Transmit Delay is 1 sec, State BDR, Priority 255
Designated Router (ID) 10.80.0.73, Interface address 10.255.255.2
Backup Designated router (ID) 10.80.0.22, Interface address 10.255.255.1
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:02
Supports Link-local Signaling (LLS)
Index 1/1, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 10, maximum is 24
Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 2, Adjacent neighbor count is 2
    Adjacent with neighbor 10.80.0.72
    Adjacent with neighbor 10.80.0.73 (Designated Router)
Suppress hello for 0 neighbor(s)
Message digest authentication enabled
    Youngest key id is 1

================================= Branch ====================================

router ospf 1
router-id 10.80.0.72
log-adjacency-changes
auto-cost reference-bandwidth 1000
area 0 authentication message-digest
...
passive-interface default
no passive-interface Serial0/0/0
no passive-interface Loopback0
no passive-interface Tunnel2
network 10.26.222.0 0.0.0.255 area 0
...
network 10.255.255.0 0.0.0.255 area 0

interface Serial0/0/0
ip address 10.26.222.2 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
encapsulation ppp
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 7 060E042A1F5B5E0A5D
ip ospf network point-to-point
ip ospf hello-interval 3
ip ospf dead-interval 15
service-module t1 timeslots 1-24
service-policy output PMAP_Voice
end

interface Tunnel2
bandwidth 3000
ip address 10.255.255.72 255.255.255.0
no ip redirects
ip mtu 1416
ip nhrp authentication xxx
ip nhrp map 10.255.255.1 69.46.103.133
ip nhrp network-id 10
ip nhrp holdtime 3600
ip nhrp nhs 10.255.255.1
no ip route-cache cef
no ip route-cache
ip tcp adjust-mss 1376
ip ospf message-digest-key 1 md5 7 xxx
ip ospf network broadcast
load-interval 30
delay 1000
qos pre-classify
tunnel source FastEthernet0/1
tunnel destination 69.46.103.133
tunnel key 111
tunnel protection ipsec profile DMVPN_PROFILE
end

Branch#sh ip ospf int t2
Tunnel2 is up, line protocol is up
Internet Address 10.255.255.72/24, Area 0
Process ID 1, Router ID 10.80.0.72, Network Type BROADCAST, Cost: 333
Transmit Delay is 1 sec, State DROTHER, Priority 1
Designated Router (ID) 10.80.0.22, Interface address 10.255.255.1
Backup Designated router (ID) 10.80.0.22, Interface address 10.255.255.1
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:07
Supports Link-local Signaling (LLS)
Index 2/8, flood queue length 0
Next 0x0(0)/0x0(0)
Last flood scan length is 3, maximum is 10
Last flood scan time is 0 msec, maximum is 4 msec
Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 10.80.0.22 (Designated Router)
Suppress hello for 0 neighbor(s)
Message digest authentication enabled
    Youngest key id is 1

Branch#sh ip ospf nei 10.80.0.22
Neighbor 10.80.0.22, interface address 10.255.255.1
    In the area 0 via interface Tunnel2
    Neighbor priority is 255, State is FULL, 6 state changes
    DR is 10.255.255.2 BDR is 10.255.255.1
    Options is 0x12 in Hello (E-bit L-bit )
    Options is 0x52 in DBD (E-bit L-bit O-bit)
    LLS Options is 0x1 (LR)
    Dead timer due in 00:00:36
    Neighbor is up for 00:37:25
    Index 2/2, retransmission queue length 0, number of retransmission 0
    First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
    Last retransmission scan length is 0, maximum is 0
    Last retransmission scan time is 0 msec, maximum is 0 msec

Atif Awan · ‎08-19-2010

Hub router needs to be the DR in such a topology. While branch does think Hub is DR, the hub router sees 10.80.0.73 (router-id) as the DR. Fix this and you should be ok.

It will be a good practice to set the spoke OSPF priorities to 0 so they are not eligible for DR functionality.

View solution in original post

Edison Ortiz · ‎08-19-2010

Please post the output from "sh ip ospf int bri" from the 3 routers along with the 'show ip route' output' from the route in question.

Regards,

Edison

Difan Zhao · ‎08-19-2010

Hi Edison

Thanks for the reply. Here are the outputs.

Core1#sh ip ospf interface brief
Interface    PID   Area            IP Address/Mask    Cost State Nbrs F/C
Se0/0/0      1     0               10.26.222.1/24     651   P2P   1/1
Se1/1:1      1     0               10.27.0.9/30       651   P2P   1/1
Gi0/1        1     0               10.26.180.9/30     1     DR    1/1
Lo0          1     0               10.80.0.21/32      1     LOOP 0/0
Se1/0:1      1     0               10.27.0.5/30       651   P2P   1/1
Gi0/0        1     0               10.26.180.1/29     1     DR    3/3
Gi0/0.504    1     0               10.26.220.2/24     1     DR    1/1
Gi0/0.130    1     0               10.26.130.1/24     1     DR    0/0
Gi0/0.160    1     0               10.26.160.3/24     10    DR    2/2

Core2#sh ip ospf int brief

Interface PID Area IP Address/Mask Cost State Nbrs F/C

Gi0/0 1 0 10.26.180.2/29 1 DROTH 2/3

Tu0 1 0 10.255.255.1/24 333 BDR 2/2

Gi0/1 1 0 10.26.180.10/30 1 BDR 1/1

Se1/1:1 1 0 10.27.0.1/30 651 P2P 1/1

Lo0 1 0 10.80.0.22/32 1 LOOP 0/0

Gi0/0.505 1 0 10.26.221.2/24 1 DR 1/1

Gi0/0.160 1 0 10.26.160.4/24 10 DROTH 1/2

Gi0/0.130 1 0 10.26.130.2/24 1 DR 0/0

Branch#sh ip ospf int bri
Interface    PID   Area            IP Address/Mask    Cost State Nbrs F/C
Tu2          1     0               10.255.255.72/24   333   DROTH 1/1
Se0/0/0      1     0               10.26.222.2/24     651   P2P   1/1
Lo0          1     72              10.80.0.72/32      1     LOOP 0/0
Fa0/0.150    1     72              10.72.150.250/24   100   DR    0/0
Fa0/0.140    1     72              10.72.140.250/24   10    DR    0/0
Fa0/0.120    1     72              10.72.120.250/24   100   DR    0/0
Fa0/0.90     1     72              10.72.90.250/24    100   DR    0/0
Fa0/0.80     1     72              10.72.80.250/24    10    DR    0/0

Core1#sh ip route 10.80.0.72 -----> loopback interface of the Branch router
Routing entry for 10.80.0.72/32
Known via "ospf 1", distance 110, metric 652, type inter area
Last update from 10.26.222.2 on Serial0/0/0, 01:19:39 ago
Routing Descriptor Blocks:
* 10.26.222.2, from 10.80.0.72, 01:19:39 ago, via Serial0/0/0
Route metric is 652, traffic share count is 1

Core2#sh ip route 10.80.0.72 -----> loopback interface of the Branch router
Routing entry for 10.80.0.72/32
Known via "ospf 1", distance 110, metric 653, type inter area
Last update from 10.26.180.1 on GigabitEthernet0/0, 01:20:03 ago
Routing Descriptor Blocks:
* 10.26.180.9, from 10.80.0.72, 01:20:03 ago, via GigabitEthernet0/1
Route metric is 653, traffic share count is 1

Branch#sh ip route 10.26.180.8 ------> It's the network which connects the two G0/1 interfaces of the Core routers.
Routing entry for 10.26.180.8/30
Known via "ospf 1", distance 110, metric 652, type intra area
Last update from 10.26.222.1 on Serial0/0/0, 01:16:43 ago
Routing Descriptor Blocks:
* 10.26.222.1, from 10.80.0.21, 01:16:43 ago, via Serial0/0/0
Route metric is 652, traffic share count is 1

As you can see the routes are still picking the serial interface instead of the VPN tunnel...

Any ideas,

Thanks!

Atif Awan · ‎08-19-2010

Hub router needs to be the DR in such a topology. While branch does think Hub is DR, the hub router sees 10.80.0.73 (router-id) as the DR. Fix this and you should be ok.

It will be a good practice to set the spoke OSPF priorities to 0 so they are not eligible for DR functionality.

Lei Tian · ‎08-19-2010

Hi,

As Atif Awan suggested, you need to configure the hub router be the DR. When using OSPF as the routing protocol for DMVPN, you always need to make sure DR is on the hub, all spoke routers have priority 0 on tunnel interface.

If you want use Dual hub single DMVPN, then configure 2nd hub router with lower ospf priority than the primary hub, and static nhrp map to the primary hub.

HTH,

Lei Tian

Edison Ortiz · ‎08-20-2010

Would OSPF P2MP be an option here?

Atif Awan · ‎08-20-2010

P2MP will introduce host routers which will probably impact spoke-to-spoke direct communication.

Atif

Lei Tian · ‎08-20-2010

Hi Atif,

For DMVPN phase 3, P2MP network type is supported. Please read the following documentation:

http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6660/ps6808/prod_white_paper0900aecd8055c34e_ps6658_Products_White_Paper.html

HTH,

Lei Tian

Edison Ortiz · ‎08-20-2010

Lei,

Great job +5

Atif Awan · ‎08-20-2010

You are correct Lei. Thanks for sharing this.

Atif

Difan Zhao · ‎08-23-2010

Thanks guys! I changed the priority on another spoke router to 0 and everything works fine now!