Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
696
Views
0
Helpful
2
Replies

OSPF route issues - causing TCM logs - how can I resolve an OSPF issue

Go to solution
gp1200x
Level 2
Level 2

‎09-27-2017 03:51 AM - edited ‎03-05-2019 09:12 AM

We are going to implement Office 365. We currently have a core switch that has a default route to a CHECKPOINT firewall to send / recevie Internet traffic. I have ASAs with a few special routes that import their routes to the core to redirect traffic to specifc IP sites. They all use OSPF with authentication in our network.

 

I was going to do the same for the OFFICE 365 traffic so that this https traffic goes out an ASA interface which is attached to a much faster ISP than our Checkpoint. However for the OFFICE 365 sites there are about 800 routes that Microsoft has listed (a lot of specific hosts routes). I coded them into the ASA and it imported them into the core and it updated the OSPF tables on our internal routers too...which really do not need to know this info since the core router handles all their outgoing traffic anyway. I still want the interna routers using OSPF since they have redundant links between them etc so using statics on them is not an option.   Is there a way I can stop all of these Office 365 routes from the ASA (imported into the core router) from getting propagated to all my other routers?

 

I liked the idea of only coding all the routes on the ASA and importing them into the core since an ASA failure would simply allow all the routes from the ASA to time out and then the default route on the core to the Checkpoint would continue to allow Office 365 to work. This also allowed me to not have to code all the routes in the core switch.

 

Any ideas?     The remote sites are getting the tcam   %PLATFORM_UCAST-4-PREFIX: One or more, more specific prefixes could not be programmed into TCAM and are being covered by a less specific prefix, and the packets may be software forwarded  messages because of this issue.

 

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio E. Moisa
VIP Alumni
VIP Alumni

‎09-27-2017 05:29 AM - edited ‎09-27-2017 05:31 AM

Hi

Do you have an scheme how it is connected, please correct me if Im understanding wrong, the Core is connnected to the checkpoint to receive Internet Traffic using a default route and the ASA is connected to other ISP but just for specific routes, all of 3 devices are running OSPF, is that correct? I think you could use IP SLA and EEM to create an automatic script to be executed, but I would like to see the topology before. 

 

About the error message %PLATFORM_UCAST-4-PREFIX:, it is because the TCAM table is getting the maximum capacity or because there is a bug, now you could verify the capacity using:

show tcam platform.

Also you can change the SDM template to expand the TCAM table and focus the resources to routing, using the following commands:

To see the current template: show sdm prefer

To change the current template: 

conf t

sdm prefer routing

write

reload to take effect. 

Please check this link: https://supportforums.cisco.com/t5/lan-switching-and-routing/3750-error-message/td-p/1376445

 

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Julio E. Moisa
VIP Alumni
VIP Alumni

‎09-27-2017 05:29 AM - edited ‎09-27-2017 05:31 AM

Hi

Do you have an scheme how it is connected, please correct me if Im understanding wrong, the Core is connnected to the checkpoint to receive Internet Traffic using a default route and the ASA is connected to other ISP but just for specific routes, all of 3 devices are running OSPF, is that correct? I think you could use IP SLA and EEM to create an automatic script to be executed, but I would like to see the topology before. 

 

About the error message %PLATFORM_UCAST-4-PREFIX:, it is because the TCAM table is getting the maximum capacity or because there is a bug, now you could verify the capacity using:

show tcam platform.

Also you can change the SDM template to expand the TCAM table and focus the resources to routing, using the following commands:

To see the current template: show sdm prefer

To change the current template: 

conf t

sdm prefer routing

write

reload to take effect. 

Please check this link: https://supportforums.cisco.com/t5/lan-switching-and-routing/3750-error-message/td-p/1376445

 

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Go to solution
gp1200x
Level 2
Level 2
In response to Julio E. Moisa

‎09-27-2017 08:53 AM

First....the setup is much more involved as far as gthe number of routers....there are at least 20 plus routers and a dozen ASAs connecting via OSPF.  The core has fiber links (wan links) to a dozen sites with redundant fiber backups so the entire network is fairly large.

 

I am going to look into the tcam settings change since I also read about that too and give it a try and see waht happens on a few routers.

 

Thanks!

0 Helpful
Customers Also Viewed These Support Documents