Solved: OSPF Redistribute Static won't install in routing table but in database

Ryan Tian · ‎04-26-2016

Here is the network

otherRouter-SiteArouter -- {Provider Allstream Switched Ethernet) -- SiteBrouter

|

router(10.96.20.16, which has 10.1.44.1/24 interface)

Gi0/0 is Switched Ethernet interface facing provider

SiteArouter#

interface GigabitEthernet0/0
ip address 192.168.254.130 255.255.255.0

SiteBrouter#

interface GigabitEthernet0/0
ip address 192.168.254.1 255.255.255.0

I put two routers in OSPF area 0, they build OSPF neighbor through gi0/0. Any network statement on SiteArouter can be advertised to SiteBrouter, no problem, otherRouter's OSPF routes can pass through provider's network too.

The issue is: I have a valid static route on SiteArouter, it can be redistributed to otherRouter locally as OE2 normally, but on SiteBrouter, this route installed and will disappear after 5 seconds (I confirmed it every time to clear ip route *), and I can see it through "siteBrouter# show ip os data external", just not in routing table!

But otherRouter (as in topology) connecting to SiteArouter locally can receive OE2 normally!

I followed this link and troubleshot and suspect Allstream Switched Ethernet issue, any idea? How do I talk/challenge them?

http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/7112-26.html

SiteArouter#

ip route 10.1.44.0 255.255.255.0 10.96.20.

router ospf 200

redistribute static subnets

======================

SiteBrouter#sh ip route os | i 10.1.44 //no 10.1.44.0/24 route
SiteBrouter#clear ip route *
SiteBrouter#sh ip route os | i 10.1.44
O E2 10.1.44.0/24 [110/1] via 192.168.254.3, 00:00:03, GigabitEthernet0/0 //this route showed up after cleared routes
SiteBrouter#sh ip route os | i 10.1.44
O E2 10.1.44.0/24 [110/1] via 192.168.254.3, 00:00:06, GigabitEthernet0/0 //it will stay for 5 seconds
SiteBrouter#sh ip route os | i 10.1.44
O E2 10.1.44.0/24 [110/1] via 192.168.254.3, 00:00:08, GigabitEthernet0/0
SiteBrouter#sh ip route os | i 10.1.44
O E2 10.1.44.0/24 [110/1] via 192.168.254.3, 00:00:09, GigabitEthernet0/0
SiteBrouter#sh ip route os | i 10.1.44 //it disappeared/removed
SiteBrouter#sh ip route os | i 10.1.44
SiteBrouter#sh ip os data external

OSPF Router with ID (10.64.10.2) (Process ID 200)

Type-5 AS External Link States

LS age: 1762
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 10.1.44.0 (External Network Number ) //it is still in database
Advertising Router: 10.96.10.2
LS Seq Number: 80000001
Checksum: 0xDD99
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 1
Forward Address: 10.96.20.16
External Route Tag: 0

Rolf Fischer · ‎04-27-2016

I don't understand the highlighted sentence very well, but SiteBrouter has 10.96.0.0/11 route, it should be intra "O" and I have it as static.

Inter-area would be ok too, but yes, the problem is that the static route overwrites the (internal) OSPF route, so the check fails. If I understand you correctly, you cannot change this at the moment?

Perhaps we can change the ASBR configuration so that it sets the FA to 0.0.0.0 (this check is only performed when the FA is non-zero) ...

Is there a chance to configure the Interface pointing to 10.96.20.16 (/11 is pretty huge...) as OSPF-passive on the ASBR or do you have adjacent OSPF router(s) on this subnet?

View solution in original post

Rolf Fischer · ‎04-28-2016

Hm, this is really tricky ...

At least I understand now why it is as it is, thanks for the additional information.

Well, I know a way to trick this FA rules but it is quite ugly. Of course I cannot recommend something like this for production environments, but it may be used as a temporary workaround in a migration scenario like yours.

I guess you are familiar with the concept of recursive routes? The next-hop IP of a route belongs to a subnet, and there is no connected interface for this subnet. So a second routing-table lookup is needed in order to determine the exit-interface.

On SiteA router you could do something like this:

no ip route 10.1.44.0 255.255.255.0 10.96.20.16
!
ip route 10.1.44.0 255.255.255.0 192.168.1.1
ip route 192.168.1.1 255.255.255.255 10.96.20.16
!
SiteA#show ip cef 10.1.44.0 255.255.255.0
10.1.44.0/24, version 16, epoch 0
0 packets, 0 bytes
  via 192.168.1.1, 0 dependencies, recursive
    next hop 10.96.20.16, FastEthernet1/0 via 192.168.1.1/32
    valid glean adjacenc

192.168.1.1/32 is just an example, just use a private network which does not exist in your routing domain. Do not propagate this network in OSPF (no network statement).

So routing for 10.1.44/24 towards the ASA will continue to work localy but SiteA router (ASBR) will now set the FA to 0.0.0.0 and SiteB router can skip the check.

SiteB#show ip ospf database external 10.1.44.0
            OSPF Router with ID (10.64.10.2) (Process ID 200)
                Type-5 AS External Link States
  Routing Bit Set on this LSA
  LS age: 206
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 10.1.44.0 (External Network Number )
  Advertising Router: 10.96.10.2
  LS Seq Number: 80000002
  Checksum: 0xC130
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 20
        Forward Address: 0.0.0.0 <<<<<<<<<<<<
        External Route Tag: 0

View solution in original post

Pawan Raut · ‎04-26-2016

Check the ospf neighborship uptime using command sh ip ospf nei de

check when ospf route for 10.1.44.0/24 disappear router might be installed same rececving from other routing protocol like eigrp or EBGP.

sh ip route | i 10.1.44

Ryan Tian · ‎04-26-2016

nei is always up, I don't have other protocols except OSPF and static routes. After it was removed, no route for 10.1.44 any more, it is clear in my post.

thank you

Pawan Raut · ‎04-26-2016

can you do debug ip ospf monitor

Ryan Tian · ‎04-26-2016

Thank you Pawan,

Here is the output.

bc-r-swe-a#clear ip route *
bc-r-swe-a#
bc-r-swe-a#
*Apr 26 20:32:13.941: OSPF-200 MON : Force running SPF
*Apr 26 20:32:13.945: OSPF-200 STATS: Begin SPF at 5266107.248ms, process time 8368ms
*Apr 26 20:32:13.945: OSPF-200 STATS: Last spf_time 8w4d, wait_interval 0ms
*Apr 26 20:32:13.945: OSPF-200 MON : Setting next wait-interval to 10000ms
*Apr 26 20:32:13.945: OSPF-200 MON : End SPF at 5266107.248ms, Total elapsed time 0ms
*Apr 26 20:32:13.945: OSPF-200 STATS: Schedule time 8w4d, Next wait_interval 10000ms
*Apr 26 20:32:13.945: OSPF-200 STATS: Intra: 0ms, Inter: 0ms, External: 0ms
*Apr 26 20:32:13.945: OSPF-200 STATS: R: 11, N: 4, Stubs: 9
*Apr 26 20:32:13.945: OSPF-200 STATS: SN: 0, SA: 0, X5: 2, X7: 0
*Apr 26 20:32:13.945: OSPF-200 MON : Schedule Prefix Recalculation SPF in area 0, change in LSID 10.96.0.0, LSA type X
*Apr 26 20:32:13.945: OSPF-200 MON : Schedule SPF in 10000ms: spf_time 8w4d, wait_interval 10000ms
*Apr 26 20:32:14.941: OSPF-200 REDIS: Do redist-scanning, reason flag 0x1
*Apr 26 20:32:14.941: OSPF-200 MON : End scanning, Elapsed time 0ms
bc-r-swe-a#
bc-r-swe-a# no debug info for 5 seconds or so, I pressed ENTERS here. I think 10.1.44.0/24 disappeared with the following logs
bc-r-swe-a#
bc-r-swe-a#
bc-r-swe-a#
bc-r-swe-a#
*Apr 26 20:32:23.945: OSPF-200 STATS: Begin SPF at 5266117.248ms, process time 8368ms
*Apr 26 20:32:23.945: OSPF-200 STATS: Last spf_time 8w4d, wait_interval 10000ms *Apr 26 20:32:23.945: OSPF-200 MON : Setting next wait-interval to 10000ms
*Apr 26 20:32:23.945: OSPF-200 MON : End SPF at 5266117.248ms, Total elapsed time 0ms
*Apr 26 20:32:23.945: OSPF-200 STATS: Schedule time 8w4d, Next wait_interval 10000ms
*Apr 26 20:32:23.945: OSPF-200 STATS: Intra: 0ms, Inter: 0ms, External: 0ms
*Apr 26 20:32:23.945: OSPF-200 STATS: R: 0, N: 0, Stubs: 0
*Apr 26 20:32:23.945: OSPF-200 STATS: SN: 0, SA: 0, X5: 2, X7: 0
*Apr 26 20:32:24.941: OSPF-200 REDIS: Do redist-scanning, reason flag 0x4
*Apr 26 20:32:24.941: OSPF-200 MON : End scanning, Elapsed time 0ms
bc-r-swe-a#

bc-r-swe-a#

bc-r-swe-a# Then no debug info any more, at least minutes

something wrong with "Do redist-scanning, reason flag 0x4" ?

Rolf Fischer · ‎04-27-2016

Could you share the output of

show ip ospf border-routers | include 10.96.10.2_
show ip route 10.96.20.16

10.96.20.16 is the Forwarding Address of the external route and the following check is performed for the route calculation:

"If the forwarding address is non-zero, look up the forwarding address in the routing table. The matching routing table entry must specify an intra-area or inter-area path; if no such path exists, do nothing with the LSA and consider the next in the list." (Reason 6 in the document you've linked)

Ryan Tian · ‎04-27-2016

10.96.10.2/11 (area 0) is SiteArouter, 10.96.20.16/11 is the router which has interface 10.1.44.0.

If I put 10.96.20.16/11 into OSPF area0, SiteBrouter can receive 10.1.44.0/24, no routing problem. But 10.96.20.16 is ASA 8.4, doesn't has route filter feature and it doesn't want to see other incoming routes, upgrading to 9.2 will fix it but we don't want to do it now, that is why I use static route.

I can provide output once I am in office.

thanks!

Ryan Tian · ‎04-27-2016

SiteBrouter#show ip ospf border-routers | include 10.96.10.2
i 10.96.10.2 [1] via 192.168.254.2, GigabitEthernet0/0, ASBR, Area 0, SPF 134
SiteBrouter#show ip route 10.96.20.16
Routing entry for 10.96.0.0/11
Known via "static", distance 1, metric 0
Routing Descriptor Blocks:
* 192.168.254.1
Route metric is 0, traffic share count is 1

192.168.254.0/24 is the network facing provider. I don't understand the highlighted sentence very well, but SiteBrouter has 10.96.0.0/11 route, it should be intra "O" and I have it as static.

BTW, both siteArouter(s) and SiteBrouter(s) are paired routers with HSRP - two siteArouter and two siteBrouters with full mesh OSPF in area 0, it doesn't matter, does it?

Rolf Fischer · ‎04-27-2016

I don't understand the highlighted sentence very well, but SiteBrouter has 10.96.0.0/11 route, it should be intra "O" and I have it as static.

Inter-area would be ok too, but yes, the problem is that the static route overwrites the (internal) OSPF route, so the check fails. If I understand you correctly, you cannot change this at the moment?

Perhaps we can change the ASBR configuration so that it sets the FA to 0.0.0.0 (this check is only performed when the FA is non-zero) ...

Is there a chance to configure the Interface pointing to 10.96.20.16 (/11 is pretty huge...) as OSPF-passive on the ASBR or do you have adjacent OSPF router(s) on this subnet?

Ryan Tian · ‎04-27-2016

Hi Rolf, I am trying to understand your sugestion....

"If I understand you correctly, you cannot change this at the moment? " No I can't, I am going to move to OSPF for everything, but not yet.

"Perhaps we can change the ASBR configuration so that it sets the FA to 0.0.0.0 (this check is only performed when the FA is non-zero) ..."

Route metric is 0 is the problem? This sentence I don't understand how to do it...:-(

Is there a chance to configure the Interface pointing to 10.96.20.16 (/11 is pretty huge...) as OSPF-passive on the ASBR or do you have adjacent OSPF router(s) on this subnet?

For siteA, 10.96.0.0/11 for Area 0, for SiteB 10.64.0.0/11 for Area 0, they are connected through 192.168.254.0/24 also area 0. Is this fine? I know it is huge, but that is the current configuration. SiteArouter is the ASBR for this static route, the 10.96.0.0/11 interface is no passive because it needs to build nei with other routers (at least HSRP peer)... Don't know how to passive 10.96.20.16 only..

Rolf Fischer · ‎04-27-2016

Ok, let's do it step by step.

The check I mentioned in my first posting is only performed when you have a so-called non-zero forwarding-address (FA; in your case: 10.96.20.16).

An ASBR sets a non-zero FA only under certain conditions, otherwise the FA is set to 0.0.0.0. (more details HERE). The idea is to change the configuration on the ASBR in a way that the conditions are no longer met so that the ASBR sets the FA to 0.0.0.0 and SiteBrouter doesn't need to have an OSPF internal route to 10.96/11. (Again: You say deleting the static route is no option, right?)

What kind of interface on SiteArouter is attached to IP-network 10.96/11?

Could you share the output of "show ip ospf interface <interface>" (replace <interface> with that interface)?

Ryan Tian · ‎04-27-2016

You are so great, man! after some research, I kinda understand my situation now!

Just finished my another test, for SiteArouter, if I only build neighbor by static "nei 10.96.10.3" or so, no advertise 10.96.0.0/11 which include 10.96.20.16, then the FA is set to 0.0.0.0 it will be fine!!!!!!!!!!!!

Lunch now, will test further later!

thanks again!!!!

Rolf Fischer · ‎04-27-2016

Glad to hear this, thanks ;)

Feel free to come back if you have further questions.

Ryan Tian · ‎04-27-2016

I will use static nei for all neighbourship now instead of /11 network statement, which is out of control and also made a lot of unnecessary link. /11 is easy for static route management, no need to worry about routing, which was setup before me.

The interface where the static route is coming from should NOT be in OSPF network. If it is in OSPF, then we get no 0 FA (like my case), then it requests ospf internal route all the hops ( in my case, there is static route which breaks it).

So this must be the meaning of your highlighted sentence of REASON 6, which I didn't understand very well even though I read it.

Thanks again. This is what I learned.

Rolf Fischer · ‎04-27-2016

I've quickly labbed up a similar scenario just to show the options in such a case.

This is the external LSA:

  Routing Bit Set on this LSA
  LS age: 61
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 10.1.44.0 (External Network Number )
  Advertising Router: 10.96.10.2
  LS Seq Number: 80000001
  Checksum: 0x9CC7
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 20
        Forward Address: 10.96.20.16
        External Route Tag: 0

There is an OSPF internal route for the FA in the routing-table, so the external route is also present:

SiteB#show ip route ospf
     10.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
O E2    10.1.44.0/24 [110/20] via 192.168.254.130, 00:01:00, FastEthernet0/0
O       10.96.0.0/11 [110/2] via 192.168.254.130, 00:01:00, FastEthernet0/0

Now I overwrite the route to the FA with a static:

SiteB(config)#do debug ip routing
SiteB(config)#ip route 10.96.0.0 255.224.0.0 null 0

RT: closer admin distance for 10.96.0.0, flushing 1 routes
RT: NET-RED 10.96.0.0/11
RT: SET_LAST_RDB for 10.96.0.0/11
  NEW rdb: is directly connected

RT: add 10.96.0.0/11 via 0.0.0.0, static metric [1/0]
RT: NET-RED 10.96.0.0/11

RT: del 10.1.44.0/24 via 192.168.254.130, ospf metric [110/20]
RT: delete subnet route to 10.1.44.0/24
RT: NET-RED 10.1.44.0/24

SiteB(config)#do show ip route ospf

SiteB(config)#

If there are no OSPF neighbor(s) on the 10.96/11 segement, we could remove the network-statement for 10.96/11 under SiteArouter's OSPF process. Alternatively we could simply make it a passive interface:

SiteA#show ip ospf interface f1/0
FastEthernet1/0 is up, line protocol is up
  Internet Address 10.96.10.2/11, Area 0
  Process ID 200, Router ID 10.96.10.2, Network Type BROADCAST, Cost: 1
  Transmit Delay is 1 sec, State DR, Priority 1
  Designated Router (ID) 10.96.10.2, Interface address 10.96.10.2
  No backup designated router on this network
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:02
  Supports Link-local Signaling (LLS)
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 0, maximum is 0
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 0, Adjacent neighbor count is 0 <<<< No neighbors!
  Suppress hello for 0 neighbor(s)

SiteA#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
SiteA(config)#router ospf 200
SiteA(config-router)#passive-interface f1/0

SiteA(config-router)#do show ip ospf interface f1/0 | incl Hellos
    No Hellos (Passive interface)

SiteB#show ip ospf database external
            OSPF Router with ID (10.64.10.2) (Process ID 200)
                Type-5 AS External Link States
  Routing Bit Set on this LSA
  LS age: 84
  Options: (No TOS-capability, DC)
  LS Type: AS External Link
  Link State ID: 10.1.44.0 (External Network Number )
  Advertising Router: 10.96.10.2
  LS Seq Number: 80000002
  Checksum: 0xC130
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        TOS: 0
        Metric: 20
        Forward Address: 0.0.0.0 <<<<< !
        External Route Tag: 0

SiteB#show ip route ospf
     10.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
O E2    10.1.44.0/24 [110/20] via 192.168.254.130, 00:01:34, FastEthernet0/0

Or we could change the OSPF network type of the interface attached to the 10.96/11 segement, so we could still have neighbor(s) if they support that network type as well:

SiteA(config-router)#no passive-interface f1/0
SiteA(config-router)#exit
SiteA(config)#interface f1/0
SiteA(config-if)#ip ospf network point-to-point
SiteA(config-if)#do show ip ospf interface f1/0 | incl Hellos
SiteA(config-if)#

SiteB#show ip route ospf
     10.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
O E2    10.1.44.0/24 [110/20] via 192.168.254.130, 00:00:03, FastEthernet0/0

Hope that makes sense.