Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
608
Views
10
Helpful
12
Replies

OSPF Gateway of Last Resort not working with two Cores

simoesmarco8626982
Level 1
Level 1

‎09-26-2022 02:54 AM

Hi all,

Hope you can help me.

Have a network comprised 8 switches, where two of the cores (Switch 1 and 2) are connected to each other doing HSRP. In case on goes the other one take over. Also have this two cores connected to an Edge router to connect to the internet. The networks that connect to this edge router are, for one switch the network is 192.168.0.254 for the other switch the network is 192.168.2.254. 

The entire network is running OSPF and the OSPF mode is Cyclic. 

The entire network is running perfectly and when switch 1 drops, switch 2 picks up and the network continues running perfectly. But there's an issue tough. When switch 1 drops, switch 2 still tries to send the packets to connect to the net via 192.168.0.254 instead of 192.168.2.254.

I can see in the routing table of switch 2 that the gateway of last resort is the 192.168.2.254 but still it keeps trying to send the packets for the other one. 

The way I have this static routes configured in OSPF is the following, on switch 1 I have default-information originate always metric-type 1 and in switch 2 I have default-information originate always.

I think I have the config correct, and can't understand when why switch 1 disappears, switch 2 via OSPF still tries to send to the network that is in switch 1 even when that network doesn't appear in its routing table...

Please anyone have an idea of what might be happening?

P.S: The two cores are Cisco Catalyst 9300

Thank you

 

 

 

 

Labels:
0 Helpful
12 Replies 12

Georg Pauwen
VIP
VIP

‎09-26-2022 03:20 AM

Hello,

at first glance, without having seen your actual configs, as far as I recall it is best practice to put a higher OSPF cost on the interface that is the active HSRP (in your case). Can you give that a try and check if the 'blackholed' traffic disappears ?

0 Helpful

simoesmarco8626982
Level 1
Level 1
In response to Georg Pauwen

‎09-26-2022 07:47 AM - edited ‎09-26-2022 07:51 AM

Thank you for the reply Georg! 

I was trying another thing, I have the following config, indestead of havinf two different network to have only one vlan going across both switches and connecting to the router. The idea is when one switch fails, spanning tree to reconverge andthe other core to come back up. I have the config below:

In Core 1:

interface GigabitEthernet1/0/16
description INTERNET
switchport access vlan 100
switchport mode access
switchport port-security maximum 10
switchport port-security violation restrict
switchport port-security mac-address sticky
switchport port-security aging time 10
switchport port-security aging type inactivity
switchport port-security aging static
switchport port-security
!
interface TenGigabitEthernet1/1/8
description Link to Switch 2
switchport trunk native vlan 20
switchport trunk allowed vlan 7,20,30,40,50,100
switchport mode trunk
switchport nonegotiate
spanning-tree guard loop
service-policy output VIDEO_OUT

!
interface Vlan100
ip address 192.168.1.252 255.255.255.0
standby 100 ip 192.168.1.253
standby 100 timers msec 100 msec 300
standby 100 priority 110
standby 100 preempt
!
router ospf 1
auto-cost reference-bandwidth 10000
default-information originate
!
ip route 0.0.0.0 0.0.0.0 192.168.1.254

In Core 2:

interface GigabitEthernet1/0/11
description ADSL_BACKUP
switchport access vlan 100
switchport mode access
switchport port-security maximum 10
switchport port-security violation restrict
switchport port-security mac-address sticky
switchport port-security aging time 10
switchport port-security aging type inactivity
switchport port-security aging static
switchport port-security
!
interface TenGigabitEthernet1/1/7
description Link to Switch 1
switchport trunk native vlan 20
switchport trunk allowed vlan 7,20,30,40,50,100
switchport mode trunk
switchport nonegotiate
spanning-tree guard loop
service-policy output VIDEO_OUT
!
!
interface Vlan100

description INTERNET
ip address 192.168.1.251 255.255.255.0
standby 100 ip 192.168.1.253
standby 100 timers msec 100 msec 300
standby 100 preempt
!
router ospf 1
auto-cost reference-bandwidth 10000

Now I'm having really weird issues... if I put a static route in core switch 2 to 0.0.0.0 0.0.0.0 192.168.1.254 (internet router), I automatically loose connection from the computers to the internet. The computers are coming via vlan 20 and there's a trunk between switches that takes vlan 20 to core switch 1.

If I try to ping 192.168.1.254 via core switch 2 I can't ping the router but because I have the default information via OSPF coming from switch 1 I can ping 8.8.8.8 for example. But if I started tuning interfaces on and off, and changing the spanning tree eventualy I get the ping working from core switch 2 but it stops in core switch 1. 

If I put both switches originating the gateway of last resort then everything cocks up.

Right now I can access the internet with the config above, but as soon as I put the same static route in core switch 2, I automatically loose access to the internet since the switch 2 is the activate gateway for the computers. 

If I shutdown interface 16 of switch 1, spanning tree reconverges and without adding any config I'm able once again to ping 192.168.1.254 from core switch 2. 

Honestly don't know what it happenning in here. Also sometimes both cores stop doing inter vlan routing to vlan 100 from other vlans. 

Any ideas?

Thank you

0 Helpful

MHM Cisco World
VIP
VIP

‎09-26-2022 07:56 AM

can you more elaborate what you meaning of Switch drop ?

0 Helpful

simoesmarco8626982
Level 1
Level 1
In response to MHM Cisco World

‎09-26-2022 08:04 AM

Of course, basically the intention is, if switch 1 gets faulty for switch 2 to pick up and advertise to the network the default route instead of switch 1 (and vice versa). 

The network is a ring as per below:

Untitled Network.png

And the main location where all the traffic goes to, it's to Core 1 and Core 2. Now if Core 1 or Core 2 fails, the other one needs to pick up and start adverting the gateway of last resort to the entire OSPF network. 

If I put only one switch to do this, everything working fines, but if I put both I have the weirdest of issues 

0 Helpful

MHM Cisco World
VIP
VIP
In response to simoesmarco8626982

‎09-26-2022 08:09 AM

you design need some adj. 
Core1 and Core2 
config in each Core default route (never use always)
config in each Core track to link to default route next-hop, this make Core change HSRP status if it loss the default route. 

0 Helpful

simoesmarco8626982
Level 1
Level 1
In response to MHM Cisco World

‎09-26-2022 08:26 AM

Thank you MCM

Can I ask please, an example of config if possible?

Thank you

0 Helpful

MHM Cisco World
VIP
VIP
In response to simoesmarco8626982

‎09-26-2022 08:59 AM

sure I will finish lab tonight and share with you 

0 Helpful

simoesmarco8626982
Level 1
Level 1
In response to MHM Cisco World

‎09-26-2022 10:56 AM

Thank you very much MHM for the help!

0 Helpful

MHM Cisco World
VIP
VIP
In response to simoesmarco8626982

‎10-01-2022 06:41 AM

hgjhgjgjhghj.png
I dont forget you, but I postponed to this week end, 
I want to discuss something with you 
the design as you look above is what you share before, 
BUT 
where is HSRP and why we config HSRP if we run OSPF ?
what I meaning the HSRP is L3 but it work in L2, when on HSRP peer failed other peer change it status from standby to active. 
the GW for Client is same which is VIP of HSRP group. 

here where OSPF and which SW run it ?
can you point it to my draw ?

simoesmarco8626982
Level 1
Level 1
In response to MHM Cisco World

‎10-31-2022 10:44 AM

HI @MHM Cisco World ,

truly sorry for the late reply, but only now could return to this. So, basically is as per below:

simoesmarco8626982_0-1667238050201.png

The OSPF is running in a ring trough all of those links, and then the cores on the top connect to a Draytek that is giving two distinct LANs. If one switch fails, it needs to fallback to the other.

HSRP is configured between the two cores on the top because they are sharing trough the yellow link, 5 Vlans, and each core as 4 access switches connected to each other. If one core fails, spanning tree takes over, and reconverges and HSRP makes the other switch active to forward data. Thos are the two only core that have HSRP running trough them. Then OSPF does a full circle basically between all of them basically. 

Thank you

0 Helpful

paul driver
VIP
VIP

‎09-27-2022 02:59 PM

Hello
To advertise a default route into ospf the rtr requires a default in its route table to advertise, then you can use the default-information originate. However when you specify the ALWAYS keyword, this condition isnt applicable, So the advertised default will still be advertised, Plus ospf a type 1 metric is always preferred over default type 2 metric, so that’s why switch 2 continues to route via sw1, If you remove the always keywords so to make the default-information originate conditional that way if switch 1 fails for some reason resulting in its own default route being  removed from it own route table so will the advertise default originate its advertising into ospf and then sw2 will be preferred..

Example:
ip sla 1
icmp-echo 192.168.0.254 source-interface xxxx
timeout 1000
threshold 2000
frequency 15

ip sla schedule 1 start now life forever
track 10 rtr1 reachability
ip route 0.0.0.0 0.0.0.0 <interface> x.x.x.x track10  name primary link

ip prefix-list permit Default 0.0.0.0/0
route-map RM-Default-Route
match ip address prefix-list Default

router ospf x
default-information originate route-map RM-Default-Route metric-type 1


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

simoesmarco8626982
Level 1
Level 1
In response to paul driver

‎10-31-2022 10:33 AM

Thank you very much Paul! I'm going to try that

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card