cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2066
Views
5
Helpful
17
Replies

OSPF leak to area 0

Chris_78
Level 1
Level 1

Hi Guys

I'm bumping my head for couple of days already - I have the topology below. My VLANs are routed through my firewalls. I'm pushing the traffic towards the firewall via PBR with tracking towards the FW interfaces and that works fine. I have full access from VLAN to VLAN. If FW goes down the switch is performing inter-VLAN routing itself. My goal is to advertise both VLAN10 and VLAN20 to FW2 in case of failure at FW1. I tried setting up SVI on SW1 and adding it to backbone 0 area but in that case traffic from area 30 and 40 is routed directly through SW1. From what i'm reading changes in metrics for SVI in Cisco Nexus switch won't affect traffic.. again the requirement is SW1 to route and advertise its SVIs (10 and 20) to FW2 in case of failure at FW1. Any feedback is greatly appreciated!

 

Thanks!

 

Chris

OSPF_Topo.png

 

 

17 Replies 17

Hello

add additional links between fw and the opposite switch ( fw1-sw2, fw2-sw1)

 

Put these new links in an non backbone ospf area say area 1and then redistribute sw1 and sw2 areas into both area 0 and area1


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hi Paul

I added additional links between fw and the opposite switch ( fw1-sw2, fw2-sw1) I added them into area 0 and I tried changing cost and bandwidth, however no matter what I enter the opposite FW was always preferring the backup paths fw1-sw2, fw2-sw1 then once I changed the metrics at the FW level additional links I was able to achieve the objective. As mentioned earlier in the FWs are Palo Alto and for some reason they couldn't read correct what's on the other end. I'm not sure if that's right but when we apply cost and bandwidth - should we match that on both ends of the link?

Chris,

 

Best practice is to set matching costs for both ends of a link in OSPF. This helps to avoid asymmetric routing scenarios.

 

Review Cisco Networking for a $25 gift card