Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2065
Views
5
Helpful
17
Replies

OSPF leak to area 0

Chris_78
Level 1
Level 1

‎01-16-2019 05:47 PM - edited ‎03-05-2019 11:11 AM

Hi Guys

I'm bumping my head for couple of days already - I have the topology below. My VLANs are routed through my firewalls. I'm pushing the traffic towards the firewall via PBR with tracking towards the FW interfaces and that works fine. I have full access from VLAN to VLAN. If FW goes down the switch is performing inter-VLAN routing itself. My goal is to advertise both VLAN10 and VLAN20 to FW2 in case of failure at FW1. I tried setting up SVI on SW1 and adding it to backbone 0 area but in that case traffic from area 30 and 40 is routed directly through SW1. From what i'm reading changes in metrics for SVI in Cisco Nexus switch won't affect traffic.. again the requirement is SW1 to route and advertise its SVIs (10 and 20) to FW2 in case of failure at FW1. Any feedback is greatly appreciated!

 

Thanks!

 

Chris

OSPF_Topo.png

 

 

0 Helpful
17 Replies 17

paul driver
VIP
VIP
In response to Chris_78

‎01-20-2019 03:25 AM

Hello

add additional links between fw and the opposite switch ( fw1-sw2, fw2-sw1)

 

Put these new links in an non backbone ospf area say area 1and then redistribute sw1 and sw2 areas into both area 0 and area1


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Chris_78
Level 1
Level 1
In response to paul driver

‎01-21-2019 01:39 PM - edited ‎01-21-2019 01:41 PM

Hi Paul

I added additional links between fw and the opposite switch ( fw1-sw2, fw2-sw1) I added them into area 0 and I tried changing cost and bandwidth, however no matter what I enter the opposite FW was always preferring the backup paths fw1-sw2, fw2-sw1 then once I changed the metrics at the FW level additional links I was able to achieve the objective. As mentioned earlier in the FWs are Palo Alto and for some reason they couldn't read correct what's on the other end. I'm not sure if that's right but when we apply cost and bandwidth - should we match that on both ends of the link?

0 Helpful

Sergey Lisitsin
VIP Alumni
VIP Alumni
In response to Chris_78

‎01-22-2019 03:28 AM

Chris,

 

Best practice is to set matching costs for both ends of a link in OSPF. This helps to avoid asymmetric routing scenarios.

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card