Re: OSPF Routing between Meraki and Nexus switches

mbrown-revitycu · ‎05-02-2024

We're having an issue with OSPF routing done on a Nexus9000 that we are not able to figure out. To explain the situation fully, I'm going to provide quite a bit of information, I apologize in advance.

Our organization currently has several branches, each with their own internal networks.

Branch A is the main hub with a public internet connection.

Branch B is our "DR" site. Most of its traffic uses its own public internet connection, but it also is connected to the main hub and other branches over the private WAN. In the case that a major outage occurs at Branch A, we failover to this branch to serve as the hub.

Branches C-G are the spokes, all their traffic backhauls to Branch A across a dedicated WAN connection, and then travels out through the connection there.

Traffic across the WAN is routed with OSPF configured on local devices as listed next:

Branch A and B: Meraki MS-350

Branch C-F: Cisco ISR4321 or 4331

Branch G: Nexus 9000

Each branch also utilizes a standalone SD-WAN device from Silverpeak (now owned by HP/Aruba). These devices use the WAN to build secure tunnels between themselves over which we can manage traffic. When the Silverpeak gets involved at Branch G is where our problems start.

When we stood up Branch G, we did not have the Silverpeak installed into the network. Without the Silverpeak in the network, the Nexus connects directly to the WAN router through one of its ethernet interfaces. IP address is assigned directly at the port level, as is the OSPF configuration. This configuration works as expected. OSPF neighbors up with all other branches, traffic flows freely, everybody is happy.

A diagram of this working configuration which I hope is helpful.

And the configuration of that port on the Nexus:

interface Ethernet1/45
description [REDACTED]
no ip redirects
ip address [REDACTED]/24
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 3 [REDACTED]
no ip ospf passive-interface
ip router ospf 10 area 0.0.0.0
no shutdown

At Branch G with the Nexus we are attempting to mirror the setup that works at other branches that have ISRs.

Connection 1 - from WAN handoff device to Meraki access switch (Access Port, VLAN990)

Connection 2 - from Meraki access switch (Access Port, VLAN990) to Cisco ISR

Connection 3 - from Meraki access switch (Trunk port, VLAN1) to Cisco ISR

Connection 4 - from Meraki access switch (Access Port, VLAN990) to SD-WAN device

Connection 5 - from SD-WAN device to Cisco ISR using BGP

This setup works just fine when it is a Cisco ISR.

When we attempt to mirror this when it's the Nexus instead of an ISR, everything goes sideways.

Here's what we have attempted:

What we're expecting to happen is the traffic from the dedicated WAN router just passes through the Meraki on VLAN990, it hits the Nexus which is still connected to the other branches by OSPF and work gets done.

When this is attempted, OSPF breaks completely. The branch loses all connectivity to the other branches using OSPF. The tunnels on the Silverpeak do come up, but this does us no good if normal connectivity is gone.

Initially, when we set up the Nexus - we have two in a stack - we tried configuring OSPF to use a VLAN990 interface with the IP assigned there, and HSRP in place. However, we could never get it to work, OSPF could never neighbor up properly. Only when we applied the IP and OSPF directly to the interface would work.

I know that was a ridiculous amount of information. I only want all of it I can get out there.

Are we missing something obvious? Does the IP address on the Nexus need to be assigned to the VLAN990 rather than the ethernet interface? If so, we have another problem since we couldn't get that to work.

If you got this far, thank you for reading it all. Any advice you might have would be hugely appreciated.

Thank you.

MHM Cisco World · ‎05-02-2024

All link between device is l3 interface and there is no l2 interface?

MHM

mbrown-revitycu · ‎05-02-2024

If I still have this right in my head...

Interface Eth1/45 on the Nexus is L3. It has the IP address assigned to it, and the OSPF routing config.

Direct connection between the SD-Wan Silverpeak device and the Nexus is L3, using BGP to create the connection.

The rest are L2 switchports.

Interface on the Meraki that connects to interface Eth1/45 Nexus is a switchport residing in VLAN990. No addressing or routing.

Interface on the Meraki that connects to the WAN handoff device is a switchport residing in VLAN990. No addressing or routing.

Interface on the Meraki that connects to our SD-WAN Silverpeak device is a switchport residing in VLAN990. No addressing or routing.

There is also an uplink trunk port between the Meraki stack and the Nexus stack.

Let me know if you need more info.

Thanks!

paul driver · ‎05-04-2024

Hello
Can you elaborate on the routing please, your diagram and explanation suggests:
Physical:
Meraki<vl990>WAN
Meraki<trk>N9K
Meraki<vl990>N9K
Meraki<vl990>SDWAN
N9K<p2p>SDWAN
Meraki<trk>LAN

Site G Routing:
N9K or ISR (Inter-vlan routing/ROAS for Lan users)
N9K or ISR & SDWAN devices (vlan 990 subnet) via meraki = OSPF peered to WAN Handoff rtr(s)
N9K or ISR & SDWAN connect directly = BGP peered (also possibly ospf?)
Site G Main egress path is via Branch A over SDWAN tunnel overlay

Can you confirm:
What opsf network type is being used (broadcast/P2P etc)
How is the bgp connected ( loopback or direct interface)
Any static routing?
Redistribution (bgp/ospf)

Probably require some additional information around your routing, route tables of N9K and SDWAN devices, expected traffic path
sh ip ospf neigbour
sh ip ospf int brief
sh ip ospf route
sh ip ospf rib
sh bgp ipv4 unicast all (assumption is just unicast routing is being applied?
sh bgp ipv4 unicast summary
sh run | sec router
sh ip route static
sh ip route connected

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

mbrown-revitycu · ‎05-06-2024

After a bit of research, it looks like the NX-OS command show ip ospf database may show what the show ip ospf rib command in IOS does, so I will include that below.

Nexus9000# sho ip ospf database
OSPF Router with ID (172.16.99.236) (Process ID 10 VRF default)

Router Link States (Area 0.0.0.0)

Link ID ADV Router Age Seq# Checksum Link Count
10.253.253.4 10.253.253.4 1499 0x80002833 0x80a0 4
172.16.99.236 172.16.99.236 1115 0x80002d43 0xfcc2 7
172.16.100.254 172.16.100.254 1517 0x80002bdd 0xdc84 6
192.0.8.254 192.0.8.254 1322 0x80001c41 0x9379 1
192.0.12.254 192.0.12.254 1241 0x80018335 0xaa23 10
192.0.16.1 192.0.16.1 1146 0x800005e5 0xfa6e 1
192.68.20.1 192.68.20.1 288 0x80000d97 0xef2e 1
192.68.120.254 192.68.120.254 1500 0x80001c41 0x643e 1
192.68.123.2 192.68.123.2 192 0x80000db9 0x1e11 1
192.68.130.254 192.68.130.254 131 0x80007802 0xc4b2 1
192.168.0.254 192.168.0.254 1244 0x800039f0 0x6d35 10
192.168.12.1 192.168.12.1 808 0x8001113a 0x3842 1

Network Link States (Area 0.0.0.0)

Link ID ADV Router Age Seq# Checksum
10.252.252.3 172.16.100.254 907 0x80002bc7 0x8595
10.253.253.3 172.16.100.254 1437 0x80002bcb 0x41be
172.16.1.1 192.168.12.1 808 0x800003c8 0xcb2f
172.16.99.253 192.168.0.254 1238 0x8000011a 0xfa28

Summary Network Link States (Area 0.0.0.0)

Link ID ADV Router Age Seq# Checksum
192.168.12.0 192.168.12.1 808 0x8000e53e 0xca62

Type-5 AS External Link States

Link ID ADV Router Age Seq# Checksum Tag
0.0.0.0 192.168.0.254 216 0x800039dc 0xfec7 0
1.1.1.1 172.16.99.236 965 0x80001943 0xd57c 0
1.1.1.1 172.16.100.254 957 0x80001943 0x62dc 0
8.8.8.8 172.16.99.236 965 0x80001943 0x92a3 0
8.8.8.8 172.16.100.254 957 0x80001943 0x1f04 0
10.1.4.15 192.168.0.254 216 0x800039dc 0xadfa 0
10.10.2.65 192.168.0.254 216 0x800039dc 0x610e 0
10.27.0.0 192.168.0.254 216 0x800039dc 0x1679 0
10.200.24.5 192.168.0.254 216 0x800039dc 0xd7fe 0
10.202.1.0 192.168.0.254 216 0x800039dc 0xef01 0
10.202.5.0 192.168.0.254 216 0x800039dc 0xc329 0
10.210.15.255 192.168.0.254 216 0x800039dc 0xa940 0
10.225.0.0 192.168.0.254 216 0x800039dc 0xc404 0
10.228.121.0 192.68.120.254 1500 0x80001c2e 0x95dc 0
10.228.122.0 192.0.16.1 393 0x800005d6 0x6f1b 0
10.228.123.0 192.68.123.2 1714 0x80000da2 0x9c68 0
10.228.124.0 192.0.8.254 1322 0x80001c31 0xa37d 0
10.228.125.0 192.68.20.1 288 0x80000fda 0xe947 0
10.228.130.0 192.68.130.254 131 0x80007534 0xd32c 0
10.228.145.0 192.168.0.254 216 0x800039dc 0x80c5 0
10.254.254.0 10.253.253.4 1499 0x80001fba 0xa10d 0
12.42.142.30 192.168.0.254 216 0x800039dc 0x1bc8 0
64.62.142.12 172.16.99.236 965 0x80001943 0x3dff 0
64.62.142.12 172.16.100.254 957 0x80001943 0xc960 0
66.170.18.105 192.68.20.1 288 0x80000fda 0x49eb 0
104.18.28.175 192.168.0.254 214 0x8000024d 0x8bbb 0
104.18.29.175 192.168.0.254 216 0x8000024e 0x7ec6 0
158.115.128.0 172.16.99.236 965 0x80001943 0x6b77 0
158.115.128.0 172.16.100.254 957 0x80001943 0xf7d7 0
162.123.250.127 192.168.0.254 216 0x800039dc 0x327b 0
170.209.0.2 192.168.0.254 216 0x800039dc 0x6add 0
170.209.0.3 192.168.0.254 216 0x800039dc 0x60e6 0
172.16.40.4 192.68.20.1 288 0x80000fda 0x12a5 0
172.16.40.8 192.68.123.2 1714 0x80000da1 0x88fd 0
172.16.40.12 192.0.16.1 393 0x800005d6 0x26df 0
172.16.40.16 192.68.120.254 1500 0x80001c2f 0x17d0 0
172.16.40.32 192.68.130.254 131 0x8000020f 0xbe49 0
172.16.40.40 192.0.8.254 1322 0x8000053d 0x8409 0
172.16.124.4 192.168.0.254 216 0x800039dc 0xf791 0
172.16.130.0 192.68.130.254 131 0x80007534 0x8ba6 0
172.16.150.16 192.0.16.1 393 0x800005d6 0x2770 0
172.16.150.24 192.68.123.2 1714 0x80000da2 0x0ffb 0
172.16.150.40 192.68.130.254 131 0x8000485f 0x24da 0
172.16.150.48 192.68.120.254 1500 0x80001c2e 0x015d 0
172.16.150.56 192.68.20.1 288 0x80000fda 0x31e7 0
172.30.1.1 192.168.0.254 216 0x800039dc 0xbb3e 0
192.0.1.0 192.68.120.254 1500 0x80001c2e 0x36e2 0
192.0.2.0 192.68.20.1 288 0x80000fda 0xab2f 0
192.0.8.0 192.0.8.254 1322 0x80001c31 0x18ab 0
192.0.10.245 192.68.20.1 288 0x800003bc 0x18ee 0
192.0.14.0 192.68.123.2 1714 0x80000da2 0xc3dc 0
192.0.16.0 192.0.16.1 393 0x800005d6 0x75ad 0
192.0.254.255 192.168.0.254 216 0x800039dc 0x40c6 0
192.68.20.0 192.68.20.1 288 0x80000fda 0xb1d2 0
192.68.120.254 192.68.120.254 1500 0x80001c2d 0xec72 0
192.68.123.2 192.68.123.2 1714 0x80000da1 0xca23 0
192.68.130.254 192.68.130.254 131 0x80007533 0x20cb 0
192.168.1.0 192.68.130.254 131 0x80007534 0xef17 0
192.168.2.0 192.68.20.1 288 0x80000fda 0xc36e 0
192.168.8.0 192.0.8.254 1322 0x80001c31 0x30ea 0
192.168.10.255 192.168.0.254 216 0x800039dc 0xde74 0
192.168.11.0 192.68.120.254 1500 0x80001c2e 0xdf86 0
192.168.13.0 172.16.99.236 965 0x80001943 0xc21d 0
192.168.13.0 172.16.100.254 957 0x80001943 0x4f7d 0
192.168.14.0 192.68.123.2 1714 0x80000da2 0xdb1c 0
192.168.16.0 192.0.16.1 393 0x800005d6 0x8dec 0
192.168.30.0 192.68.130.254 131 0x80007534 0xaf3a 0
192.168.101.0 192.0.12.254 1051 0x80008aab 0xd5e9 0
192.168.121.0 192.68.120.254 1500 0x80000134 0x66a6 0
192.168.122.0 192.0.16.1 1663 0x80000134 0x4c6a 0
192.168.123.0 192.68.123.2 1208 0x80000134 0x29db 0
192.168.124.0 192.0.8.254 1322 0x80000135 0x7845 0
192.168.125.0 192.68.20.1 288 0x80000135 0xea7f 0
192.168.174.44 192.168.0.254 216 0x800039dc 0x1270 0
192.168.250.0 172.16.99.236 785 0x80001463 0x587e 0
192.168.250.0 172.16.100.254 737 0x80001463 0xe4de 0
192.168.254.255 192.168.0.254 216 0x800039dc 0x5806 0
199.217.219.248 192.168.0.254 216 0x800039dc 0x4d0a 0
204.194.130.14 192.168.0.254 216 0x800039dc 0x4f57 0
204.194.130.23 192.168.0.254 216 0x800039dc 0xf4a8 0
208.87.15.0 192.168.0.254 216 0x800039dc 0xa6e8 0
209.206.48.0 172.16.99.236 965 0x80001943 0x4d47 0
209.206.48.0 172.16.100.254 957 0x80001943 0xd9a7 0
216.157.128.0 172.16.99.236 965 0x80001943 0xcca1 0
216.157.128.0 172.16.100.254 957 0x80001943 0x5902 0
216.189.0.0 192.68.20.1 288 0x800003bc 0xf43f 0
216.189.1.255 192.168.0.254 216 0x800039dc 0xac65 0
216.189.225.255 192.168.0.254 216 0x800039dc 0x3bf1 0

mbrown-revitycu · ‎05-06-2024

I made this post and then the board lost it, so here it goes again.

CURRENT Physical Routing, working

WAN<Eth1/45>Nexus9000

Meraki<QSFP Trunk>Nexus9000

SD-WAN<BGP>Nexus9000

INTENDED Physical Routing, non-working

WAN<AccessVlan990>Meraki

Nexus9000<AccessVlan990>Meraki

SD-WAN<AccessVlan990>Meraki

SD-WAN<BGP>Nexus9000

Meraki<QSFP Trunk>Nexus9000

Site G Routing

Nexus9000 inter-vlan routing/ROAS for LAN users

Nexus9000 and SD-WAN device are directly connected, BGP peered

Nexus9000 connected directly to WAN handoff router

Site G main egress is through WAN handoff router to Branch using OSPF on Nexus9000, not the SD-WAN device

Can you confirm?

OSPF Network type is broadcast

Nexus9000# sho ip ospf interface eth 1/45

Ethernet1/45 is up, line protocol is up

IP address 172.16.99.236/24

Process ID 10 VRF default, area 0.0.0.0

Enabled by interface configuration

State DROTHER, Network type BROADCAST, cost 40

Index 7, Transmit delay 1 sec, Router Priority 1

Designated Router ID: 192.168.0.254, address: 172.16.99.253

Backup Designated Router ID: 192.68.123.2, address: 172.16.99.248

8 Neighbors, flooding to 2, adjacent with 2

Timer intervals: Hello 10, Dead 40, Wait 40, Retransmit 5

Hello timer due in 00:00:01

Message-digest authentication, using key id 1

Number of opaque link LSAs: 0, checksum sum 0

Interface ospf state change count: 26

BGP is connected directly

Nexus9000# sho bgp ipv4 unicast

BGP routing table information for VRF default, address family IPv4 Unicast

BGP table version is 109, Local Router ID is 10.228.100.2

Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best

Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected

Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2

Network Next Hop Metric LocPrf Weight Path

*>e172.16.41.16/29 172.16.41.20 50 0 65101 i

Some static routes

ip route 0.0.0.0/0 10.254.254.1

ip route 1.1.1.1/32 10.254.254.1

ip route 8.8.8.8/32 10.254.254.1

ip route 64.62.142.12/32 10.254.254.1

ip route 158.115.128.0/19 10.254.254.1

ip route 192.168.13.0/24 10.254.254.1

ip route 192.168.250.0/24 10.254.254.1

ip route 209.206.48.0/20 10.254.254.1

ip route 216.157.128.0/20 10.254.254.1

Some of the routes are redistributed via OSPF. No BGP redistribution is done.

ip prefix-list MerakiTrafficIPs description Allow Meraki call home traffic

ip prefix-list MerakiTrafficIPs seq 10 permit 64.62.142.12/32

ip prefix-list MerakiTrafficIPs seq 20 permit 158.115.128.0/19

ip prefix-list MerakiTrafficIPs seq 30 permit 192.168.13.0/24

ip prefix-list MerakiTrafficIPs seq 40 permit 209.206.48.0/20

ip prefix-list MerakiTrafficIPs seq 50 permit 216.157.128.0/20

ip prefix-list PaloVPN description Allow Palo VPN traffic

ip prefix-list PaloVPN seq 10 permit 192.168.250.0/24

ip prefix-list Public_DNS_IPs description Allow public DNS traffic

ip prefix-list Public_DNS_IPs seq 10 permit 8.8.8.8/32

ip prefix-list Public_DNS_IPs seq 20 permit 1.1.1.1/32

ip prefix-list RouteToMain description Traffic routed to Main

route-map RedistributeStaticRoutes permit 10

match ip address prefix-list Public_DNS_IPs MerakiTrafficIPs PaloVPN

Additional information

I ran commands as possible shown below:

sh ip ospf neigbour

sh ip ospf int brief

sh ip ospf route

sh ip ospf rib < invalid command in NX-OS

sh bgp ipv4 unicast all < invalid command in NX-OS, ran show bgp ipv4 unicast detail

sh bgp ipv4 unicast summary

sh run | sec router

sh ip route static

sh ip route connected < invalid command in NX-OS, ran sho ip route

Nexus9000# sho ip ospf neighbors

OSPF Process ID 10 VRF default

Total number of neighbors: 11

Neighbor ID Pri State Up Time Address Interface

10.253.253.4 1 FULL/DROTHER 2w1d 10.253.253.4 Vlan253

172.16.100.254 1 FULL/DR 33w5d 10.253.253.3 Vlan253

192.0.8.254 1 TWOWAY/DROTHER 5d21h 172.16.99.249 Eth1/45

192.0.12.254 1 TWOWAY/DROTHER 5d21h 172.16.99.254 Eth1/45

192.0.16.1 1 TWOWAY/DROTHER 5d21h 172.16.99.251 Eth1/45

192.68.20.1 1 TWOWAY/DROTHER 5d21h 172.16.99.252 Eth1/45

192.68.120.254 1 TWOWAY/DROTHER 5d21h 172.16.99.250 Eth1/45

192.68.123.2 1 FULL/BDR 5d21h 172.16.99.248 Eth1/45

192.68.130.254 1 TWOWAY/DROTHER 5d21h 172.16.99.244 Eth1/45

192.168.0.254 1 FULL/DR 5d21h 172.16.99.253 Eth1/45

172.16.100.254 1 FULL/DR 33w5d 10.252.252.3 Vlan252

Nexus9000# sho ip ospf int bri

OSPF Process ID 10 VRF default

Total number of interface: 10

Interface ID Area Cost State Neighbors Status

Vlan253 8 0.0.0.0 40 BDR 2 up

Vlan160 6 0.0.0.0 40 DR 0 up

Vlan150 5 0.0.0.0 40 DOWN 0 down

Vlan35 4 0.0.0.0 40 DR 0 up

Vlan30 3 0.0.0.0 40 DR 0 up

Vlan10 2 0.0.0.0 40 DOWN 0 down

Vlan5 1 0.0.0.0 40 DOWN 0 down

Eth1/45 7 0.0.0.0 40 DROTHER 8 up

Vlan252 9 0.0.0.0 40 BDR 1 up

Vlan66 10 0.0.0.0 40 DR 0 up

Nexus9000# sho ip ospf route

OSPF Process ID 10 VRF default, Routing Table

(D) denotes route is directly attached (R) denotes route is in RIB

(L) denotes route label is in ULIB (NHR) denotes next-hop is in RIB

0.0.0.0/0 (type-2)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 10000 distance 110 (NHR)

1.1.1.1/32 (type-2)(R) area 0.0.0.0

via 10.252.252.3/Vlan252 , cost 20 distance 110 (NHR)

via 10.253.253.3/Vlan253 , cost 20 distance 110 (NHR)

8.8.8.8/32 (type-2)(R) area 0.0.0.0

via 10.252.252.3/Vlan252 , cost 20 distance 110 (NHR)

via 10.253.253.3/Vlan253 , cost 20 distance 110 (NHR)

10.1.4.15/32 (type-2)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 10000 distance 110 (NHR)

10.10.2.65/32 (type-2)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 10000 distance 110 (NHR)

10.27.0.0/16 (type-2)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 10000 distance 110 (NHR)

10.200.24.5/32 (type-2)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 10000 distance 110 (NHR)

10.202.1.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 10000 distance 110 (NHR)

10.202.5.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 10000 distance 110 (NHR)

10.210.0.0/20 (type-2)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 10000 distance 110 (NHR)

10.225.0.0/16 (type-2)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 10000 distance 110 (NHR)

10.228.100.0/24 (intra)(R) area 0.0.0.0

via 10.253.253.4/Vlan253 , cost 41 distance 110 (NHR)

10.228.120.0/24 (intra)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 41 distance 110 (NHR)

10.228.121.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.250/Eth1/45 , cost 20 distance 110 (NHR)

10.228.122.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.251/Eth1/45 , cost 20 distance 110 (NHR)

10.228.123.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.248/Eth1/45 , cost 20 distance 110 (NHR)

10.228.124.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.249/Eth1/45 , cost 20 distance 110 (NHR)

10.228.125.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.252/Eth1/45 , cost 20 distance 110 (NHR)

10.228.129.0/24 (intra)(R) area 0.0.0.0

via 172.16.99.254/Eth1/45 , cost 41 distance 110 (NHR)

10.228.130.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.244/Eth1/45 , cost 20 distance 110 (NHR)

10.228.145.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 10000 distance 110 (NHR)

10.252.252.0/29 (intra)(D) area 0.0.0.0

via 10.252.252.2/Vlan252* , cost 40 distance 110 (NHR)

10.253.253.0/24 (intra)(D) area 0.0.0.0

via 10.253.253.2/Vlan253* , cost 40 distance 110 (NHR)

12.42.142.30/32 (type-2)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 10000 distance 110 (NHR)

64.62.142.12/32 (type-2)(R) area 0.0.0.0

via 10.252.252.3/Vlan252 , cost 20 distance 110 (NHR)

via 10.253.253.3/Vlan253 , cost 20 distance 110 (NHR)

66.170.18.105/32 (type-2)(R) area 0.0.0.0

via 172.16.99.252/Eth1/45 , cost 20 distance 110 (NHR)

104.18.28.175/32 (type-2)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 10000 distance 110 (NHR)

104.18.29.175/32 (type-2)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 10000 distance 110 (NHR)

158.115.128.0/19 (type-2)(R) area 0.0.0.0

via 10.252.252.3/Vlan252 , cost 20 distance 110 (NHR)

via 10.253.253.3/Vlan253 , cost 20 distance 110 (NHR)

162.123.250.0/25 (type-2)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 10000 distance 110 (NHR)

170.209.0.2/32 (type-2)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 10000 distance 110 (NHR)

170.209.0.3/32 (type-2)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 10000 distance 110 (NHR)

172.16.0.0/24 (intra)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 41 distance 110 (NHR)

172.16.1.0/30 (intra)(R) area 0.0.0.0

via 172.16.99.254/Eth1/45 , cost 41 distance 110 (NHR)

172.16.3.0/24 (intra)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 41 distance 110 (NHR)

172.16.4.0/24 (intra)(R) area 0.0.0.0

via 172.16.99.254/Eth1/45 , cost 41 distance 110 (NHR)

172.16.20.0/27 (intra)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 41 distance 110 (NHR)

172.16.20.32/27 (intra)(D) area 0.0.0.0

via 172.16.20.32/Vlan30* , cost 40 distance 110 (NHR)

172.16.21.0/24 (intra)(R) area 0.0.0.0

via 172.16.99.254/Eth1/45 , cost 41 distance 110 (NHR)

172.16.40.4/30 (type-2)(R) area 0.0.0.0

via 172.16.99.252/Eth1/45 , cost 20 distance 110 (NHR)

172.16.40.8/30 (type-2)(R) area 0.0.0.0

via 172.16.99.248/Eth1/45 , cost 20 distance 110 (NHR)

172.16.40.12/30 (type-2)(R) area 0.0.0.0

via 172.16.99.251/Eth1/45 , cost 20 distance 110 (NHR)

172.16.40.16/30 (type-2)(R) area 0.0.0.0

via 172.16.99.250/Eth1/45 , cost 20 distance 110 (NHR)

172.16.40.32/30 (type-2)(R) area 0.0.0.0

via 172.16.99.244/Eth1/45 , cost 20 distance 110 (NHR)

172.16.40.40/30 (type-2)(R) area 0.0.0.0

via 172.16.99.249/Eth1/45 , cost 20 distance 110 (NHR)

172.16.41.0/30 (intra)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 41 distance 110 (NHR)

172.16.41.4/30 (intra)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 50 distance 110 (NHR)

172.16.41.8/30 (intra)(R) area 0.0.0.0

via 172.16.99.254/Eth1/45 , cost 60 distance 110 (NHR)

172.16.41.12/30 (intra)(R) area 0.0.0.0

via 172.16.99.254/Eth1/45 , cost 70 distance 110 (NHR)

172.16.66.0/24 (intra)(D) area 0.0.0.0

via 172.16.66.0/Vlan66* , cost 40 distance 110 (NHR)

172.16.99.0/24 (intra)(D) area 0.0.0.0

via 172.16.99.236/Eth1/45* , cost 40 distance 110 (NHR)

172.16.100.0/24 (intra)(D) area 0.0.0.0

via 172.16.100.0/Vlan35* , cost 40 distance 110 (NHR)

172.16.124.4/32 (type-2)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 10000 distance 110 (NHR)

172.16.130.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.244/Eth1/45 , cost 20 distance 110 (NHR)

172.16.150.0/29 (intra)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 41 distance 110 (NHR)

172.16.150.8/29 (intra)(R) area 0.0.0.0

via 172.16.99.254/Eth1/45 , cost 41 distance 110 (NHR)

172.16.150.16/29 (type-2)(R) area 0.0.0.0

via 172.16.99.251/Eth1/45 , cost 20 distance 110 (NHR)

172.16.150.24/29 (type-2)(R) area 0.0.0.0

via 172.16.99.248/Eth1/45 , cost 20 distance 110 (NHR)

172.16.150.32/29 (intra)(R) area 0.0.0.0

via 10.253.253.4/Vlan253 , cost 41 distance 110 (NHR)

172.16.150.40/29 (type-2)(R) area 0.0.0.0

via 172.16.99.244/Eth1/45 , cost 20 distance 110 (NHR)

172.16.150.48/29 (type-2)(R) area 0.0.0.0

via 172.16.99.250/Eth1/45 , cost 20 distance 110 (NHR)

172.16.150.56/29 (type-2)(R) area 0.0.0.0

via 172.16.99.252/Eth1/45 , cost 20 distance 110 (NHR)

172.16.160.0/29 (intra)(D) area 0.0.0.0

via 172.16.160.0/Vlan160* , cost 40 distance 110 (NHR)

172.30.1.1/32 (type-2)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 10000 distance 110 (NHR)

192.0.0.0/24 (intra)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 41 distance 110 (NHR)

192.0.1.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.250/Eth1/45 , cost 20 distance 110 (NHR)

192.0.2.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.252/Eth1/45 , cost 20 distance 110 (NHR)

192.0.8.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.249/Eth1/45 , cost 20 distance 110 (NHR)

192.0.10.245/32 (type-2)(R) area 0.0.0.0

via 172.16.99.252/Eth1/45 , cost 20 distance 110 (NHR)

192.0.12.0/24 (intra)(R) area 0.0.0.0

via 172.16.99.254/Eth1/45 , cost 41 distance 110 (NHR)

192.0.14.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.248/Eth1/45 , cost 20 distance 110 (NHR)

192.0.16.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.251/Eth1/45 , cost 20 distance 110 (NHR)

192.0.254.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 10000 distance 110 (NHR)

192.68.20.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.252/Eth1/45 , cost 20 distance 110 (NHR)

192.68.120.254/32 (type-2)(R) area 0.0.0.0

via 172.16.99.250/Eth1/45 , cost 20 distance 110 (NHR)

192.68.123.2/32 (type-2)(R) area 0.0.0.0

via 172.16.99.248/Eth1/45 , cost 20 distance 110 (NHR)

192.68.130.254/32 (type-2)(R) area 0.0.0.0

via 172.16.99.244/Eth1/45 , cost 20 distance 110 (NHR)

192.168.0.0/24 (intra)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 41 distance 110 (NHR)

192.168.1.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.244/Eth1/45 , cost 20 distance 110 (NHR)

192.168.2.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.252/Eth1/45 , cost 20 distance 110 (NHR)

192.168.8.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.249/Eth1/45 , cost 20 distance 110 (NHR)

192.168.10.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 10000 distance 110 (NHR)

192.168.11.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.250/Eth1/45 , cost 20 distance 110 (NHR)

192.168.12.0/24 (intra)(R) area 0.0.0.0

via 172.16.99.254/Eth1/45 , cost 41 distance 110 (NHR)

192.168.13.0/24 (type-2)(R) area 0.0.0.0

via 10.252.252.3/Vlan252 , cost 20 distance 110 (NHR)

via 10.253.253.3/Vlan253 , cost 20 distance 110 (NHR)

192.168.14.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.248/Eth1/45 , cost 20 distance 110 (NHR)

192.168.16.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.251/Eth1/45 , cost 20 distance 110 (NHR)

192.168.30.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.244/Eth1/45 , cost 20 distance 110 (NHR)

192.168.50.0/24 (intra)(R) area 0.0.0.0

via 10.253.253.4/Vlan253 , cost 41 distance 110 (NHR)

192.168.101.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.254/Eth1/45 , cost 10000 distance 110 (NHR)

192.168.121.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.250/Eth1/45 , cost 20 distance 110 (NHR)

192.168.122.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.251/Eth1/45 , cost 20 distance 110 (NHR)

192.168.123.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.248/Eth1/45 , cost 20 distance 110 (NHR)

192.168.124.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.249/Eth1/45 , cost 20 distance 110 (NHR)

192.168.125.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.252/Eth1/45 , cost 20 distance 110 (NHR)

192.168.174.44/32 (type-2)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 10000 distance 110 (NHR)

192.168.250.0/24 (type-2)(R) area 0.0.0.0

via 10.252.252.3/Vlan252 , cost 20 distance 110 (NHR)

via 10.253.253.3/Vlan253 , cost 20 distance 110 (NHR)

192.168.254.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 10000 distance 110 (NHR)

199.217.219.248/29 (type-2)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 10000 distance 110 (NHR)

204.194.130.14/32 (type-2)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 10000 distance 110 (NHR)

204.194.130.23/32 (type-2)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 10000 distance 110 (NHR)

208.87.15.0/24 (type-2)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 10000 distance 110 (NHR)

209.206.48.0/20 (type-2)(R) area 0.0.0.0

via 10.252.252.3/Vlan252 , cost 20 distance 110 (NHR)

via 10.253.253.3/Vlan253 , cost 20 distance 110 (NHR)

216.157.128.0/20 (type-2)(R) area 0.0.0.0

via 10.252.252.3/Vlan252 , cost 20 distance 110 (NHR)

via 10.253.253.3/Vlan253 , cost 20 distance 110 (NHR)

216.189.0.0/22 (type-2)(R) area 0.0.0.0

via 172.16.99.252/Eth1/45 , cost 20 distance 110 (NHR)

216.189.0.0/23 (type-2)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 10000 distance 110 (NHR)

216.189.224.0/23 (type-2)(R) area 0.0.0.0

via 172.16.99.253/Eth1/45 , cost 10000 distance 110 (NHR)

Nexus9000# sh bgp ipv4 unicast detail

BGP routing table information for VRF default, address family IPv4 Unicast

BGP routing table entry for 172.16.41.16/29, version 2

Paths: (1 available, best #1)

Flags: (0x80000012) (high32 00000000) on xmit-list, is in urib, is backup urib route, is in HW

Advertised path-id 1

Path type: external, path is valid, is best path, no labeled nexthop, in rib

AS-Path: 65101 , path sourced external to AS

172.16.41.20 (metric 0) from 172.16.41.20 (10.100.100.100)

Origin IGP, MED 50, localpref 100, weight 0

Path-id 1 not advertised to any peer

Nexus9000# sho bgp ipv4 unicast summary

BGP summary information for VRF default, address family IPv4 Unicast

BGP router identifier 10.228.100.2, local AS number 65100

BGP table version is 109, IPv4 Unicast config peers 1, capable peers 1

1 network entries and 1 paths using 276 bytes of memory

BGP attribute entries [1/352], BGP AS path entries [1/6]

BGP community entries [0/0], BGP clusterlist entries [0/0]

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

172.16.41.20 4 65101 39863 34622 109 0 0 1w5d 1

Nexus9000# sh run | sec router

layer3 peer-router

ip router ospf 10 area 0.0.0.0

router ospf 10

router-id 172.16.99.236

redistribute static route-map RedistributeStaticRoutes

log-adjacency-changes

area 0.0.0.0 authentication

passive-interface default

router bgp 65100

log-neighbor-changes

address-family ipv4 unicast

neighbor 172.16.41.20

remote-as 65101

update-source Vlan999

address-family ipv4 unicast

Nexus9000# sho ip route static

IP Route Table for VRF "default"

'*' denotes best ucast next-hop

'**' denotes best mcast next-hop

'[x/y]' denotes [preference/metric]

'%<string>' in via output denotes VRF <string>

0.0.0.0/0, ubest/mbest: 1/0

*via 10.254.254.1, [1/0], 1w5d, static

via 172.16.99.253, Eth1/45, [110/10000], 5d22h, ospf-10, type-2

1.1.1.1/32, ubest/mbest: 1/0

*via 10.254.254.1, [1/0], 2w2d, static

via 10.252.252.3, Vlan252, [110/20], 19w3d, ospf-10, type-2

via 10.253.253.3, Vlan253, [110/20], 19w3d, ospf-10, type-2

8.8.8.8/32, ubest/mbest: 1/0

*via 10.254.254.1, [1/0], 2w2d, static

via 10.252.252.3, Vlan252, [110/20], 19w3d, ospf-10, type-2

via 10.253.253.3, Vlan253, [110/20], 19w3d, ospf-10, type-2

64.62.142.12/32, ubest/mbest: 1/0

*via 10.254.254.1, [1/0], 2w2d, static

via 10.252.252.3, Vlan252, [110/20], 19w3d, ospf-10, type-2

via 10.253.253.3, Vlan253, [110/20], 19w3d, ospf-10, type-2

158.115.128.0/19, ubest/mbest: 1/0

*via 10.254.254.1, [1/0], 2w2d, static

via 10.252.252.3, Vlan252, [110/20], 19w3d, ospf-10, type-2

via 10.253.253.3, Vlan253, [110/20], 19w3d, ospf-10, type-2

192.168.13.0/24, ubest/mbest: 1/0

*via 10.254.254.1, [1/0], 2w2d, static

via 10.252.252.3, Vlan252, [110/20], 19w3d, ospf-10, type-2

via 10.253.253.3, Vlan253, [110/20], 19w3d, ospf-10, type-2

192.168.250.0/24, ubest/mbest: 1/0

*via 10.254.254.1, [1/0], 2w2d, static

via 10.252.252.3, Vlan252, [110/20], 15w4d, ospf-10, type-2

via 10.253.253.3, Vlan253, [110/20], 15w4d, ospf-10, type-2

209.206.48.0/20, ubest/mbest: 1/0

*via 10.254.254.1, [1/0], 2w2d, static

via 10.252.252.3, Vlan252, [110/20], 19w3d, ospf-10, type-2

via 10.253.253.3, Vlan253, [110/20], 19w3d, ospf-10, type-2

216.157.128.0/20, ubest/mbest: 1/0

*via 10.254.254.1, [1/0], 2w2d, static

via 10.252.252.3, Vlan252, [110/20], 19w3d, ospf-10, type-2

via 10.253.253.3, Vlan253, [110/20], 19w3d, ospf-10, type-2

Nexus9000# sho ip route

IP Route Table for VRF "default"

'*' denotes best ucast next-hop

'**' denotes best mcast next-hop

'[x/y]' denotes [preference/metric]

'%<string>' in via output denotes VRF <string>

0.0.0.0/0, ubest/mbest: 1/0

*via 10.254.254.1, [1/0], 1w5d, static

1.1.1.1/32, ubest/mbest: 1/0

*via 10.254.254.1, [1/0], 2w2d, static

8.8.8.8/32, ubest/mbest: 1/0

*via 10.254.254.1, [1/0], 2w2d, static

10.1.4.15/32, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/10000], 5d22h, ospf-10, type-2

10.10.2.65/32, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/10000], 5d22h, ospf-10, type-2

10.27.0.0/16, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/10000], 5d22h, ospf-10, type-2

10.200.24.5/32, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/10000], 5d22h, ospf-10, type-2

10.202.1.0/24, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/10000], 5d22h, ospf-10, type-2

10.202.5.0/24, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/10000], 5d22h, ospf-10, type-2

10.210.0.0/20, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/10000], 5d22h, ospf-10, type-2

10.225.0.0/16, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/10000], 5d22h, ospf-10, type-2

10.228.100.0/24, ubest/mbest: 1/0

*via 10.253.253.4, Vlan253, [110/41], 2w1d, ospf-10, intra

10.228.120.0/24, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/41], 5d22h, ospf-10, intra

10.228.121.0/24, ubest/mbest: 1/0

*via 172.16.99.250, Eth1/45, [110/20], 5d22h, ospf-10, type-2

10.228.122.0/24, ubest/mbest: 1/0

*via 172.16.99.251, Eth1/45, [110/20], 5d22h, ospf-10, type-2

10.228.123.0/24, ubest/mbest: 1/0

*via 172.16.99.248, Eth1/45, [110/20], 5d22h, ospf-10, type-2

10.228.124.0/24, ubest/mbest: 1/0

*via 172.16.99.249, Eth1/45, [110/20], 5d22h, ospf-10, type-2

10.228.125.0/24, ubest/mbest: 1/0

*via 172.16.99.252, Eth1/45, [110/20], 5d22h, ospf-10, type-2

10.228.129.0/24, ubest/mbest: 1/0

*via 172.16.99.254, Eth1/45, [110/41], 5d22h, ospf-10, intra

10.228.130.0/24, ubest/mbest: 1/0

*via 172.16.99.244, Eth1/45, [110/20], 5d22h, ospf-10, type-2

10.228.145.0/24, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/10000], 5d22h, ospf-10, type-2

10.252.252.0/29, ubest/mbest: 1/0, attached

*via 10.252.252.2, Vlan252, [0/0], 33w5d, direct

10.252.252.2/32, ubest/mbest: 1/0, attached

*via 10.252.252.2, Vlan252, [0/0], 33w5d, local

10.253.253.0/24, ubest/mbest: 1/0, attached

*via 10.253.253.2, Vlan253, [0/0], 34w0d, direct

10.253.253.1/32, ubest/mbest: 1/0, attached

*via 10.253.253.1, Vlan253, [0/0], 34w0d, hsrp

10.253.253.2/32, ubest/mbest: 1/0, attached

*via 10.253.253.2, Vlan253, [0/0], 34w0d, local

10.254.254.0/24, ubest/mbest: 1/0, attached

*via 10.254.254.3, Vlan254, [0/0], 34w4d, direct

10.254.254.2/32, ubest/mbest: 1/0, attached

*via 10.254.254.2, Vlan254, [0/0], 34w4d, hsrp

10.254.254.3/32, ubest/mbest: 1/0, attached

*via 10.254.254.3, Vlan254, [0/0], 34w4d, local

12.42.142.30/32, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/10000], 5d22h, ospf-10, type-2

64.62.142.12/32, ubest/mbest: 1/0

*via 10.254.254.1, [1/0], 2w2d, static

66.170.18.105/32, ubest/mbest: 1/0

*via 172.16.99.252, Eth1/45, [110/20], 5d22h, ospf-10, type-2

104.18.28.175/32, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/10000], 5d22h, ospf-10, type-2

104.18.29.175/32, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/10000], 5d22h, ospf-10, type-2

158.115.128.0/19, ubest/mbest: 1/0

*via 10.254.254.1, [1/0], 2w2d, static

162.123.250.0/25, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/10000], 5d22h, ospf-10, type-2

170.209.0.2/32, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/10000], 5d22h, ospf-10, type-2

170.209.0.3/32, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/10000], 5d22h, ospf-10, type-2

172.16.0.0/24, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/41], 5d22h, ospf-10, intra

172.16.1.0/30, ubest/mbest: 1/0

*via 172.16.99.254, Eth1/45, [110/41], 5d22h, ospf-10, intra

172.16.3.0/24, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/41], 5d22h, ospf-10, intra

172.16.4.0/24, ubest/mbest: 1/0

*via 172.16.99.254, Eth1/45, [110/41], 5d22h, ospf-10, intra

172.16.20.0/27, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/41], 5d22h, ospf-10, intra

172.16.20.32/27, ubest/mbest: 1/0, attached

*via 172.16.20.34, Vlan30, [0/0], 34w4d, direct

172.16.20.33/32, ubest/mbest: 1/0, attached

*via 172.16.20.33, Vlan30, [0/0], 34w4d, hsrp

172.16.20.34/32, ubest/mbest: 1/0, attached

*via 172.16.20.34, Vlan30, [0/0], 34w4d, local

172.16.21.0/24, ubest/mbest: 1/0

*via 172.16.99.254, Eth1/45, [110/41], 5d22h, ospf-10, intra

172.16.40.4/30, ubest/mbest: 1/0

*via 172.16.99.252, Eth1/45, [110/20], 5d22h, ospf-10, type-2

172.16.40.8/30, ubest/mbest: 1/0

*via 172.16.99.248, Eth1/45, [110/20], 5d22h, ospf-10, type-2

172.16.40.12/30, ubest/mbest: 1/0

*via 172.16.99.251, Eth1/45, [110/20], 5d22h, ospf-10, type-2

172.16.40.16/30, ubest/mbest: 1/0

*via 172.16.99.250, Eth1/45, [110/20], 5d22h, ospf-10, type-2

172.16.40.32/30, ubest/mbest: 1/0

*via 172.16.99.244, Eth1/45, [110/20], 5d22h, ospf-10, type-2

172.16.40.40/30, ubest/mbest: 1/0

*via 172.16.99.249, Eth1/45, [110/20], 5d22h, ospf-10, type-2

172.16.41.0/30, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/41], 5d22h, ospf-10, intra

172.16.41.4/30, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/50], 5d22h, ospf-10, intra

172.16.41.8/30, ubest/mbest: 1/0

*via 172.16.99.254, Eth1/45, [110/60], 5d22h, ospf-10, intra

172.16.41.12/30, ubest/mbest: 1/0

*via 172.16.99.254, Eth1/45, [110/70], 5d22h, ospf-10, intra

172.16.41.16/29, ubest/mbest: 1/0, attached

*via 172.16.41.18, Vlan999, [0/0], 2w6d, direct

172.16.41.17/32, ubest/mbest: 1/0, attached

*via 172.16.41.17, Vlan999, [0/0], 2w6d, hsrp

172.16.41.18/32, ubest/mbest: 1/0, attached

*via 172.16.41.18, Vlan999, [0/0], 2w6d, local

172.16.66.0/24, ubest/mbest: 1/0, attached

*via 172.16.66.2, Vlan66, [0/0], 14w4d, direct

172.16.66.1/32, ubest/mbest: 1/0, attached

*via 172.16.66.1, Vlan66, [0/0], 14w4d, hsrp

172.16.66.2/32, ubest/mbest: 1/0, attached

*via 172.16.66.2, Vlan66, [0/0], 14w4d, local

172.16.99.0/24, ubest/mbest: 1/0, attached

*via 172.16.99.236, Eth1/45, [0/0], 5d22h, direct

172.16.99.236/32, ubest/mbest: 1/0, attached

*via 172.16.99.236, Eth1/45, [0/0], 5d22h, local

172.16.100.0/24, ubest/mbest: 1/0, attached

*via 172.16.100.2, Vlan35, [0/0], 34w4d, direct

172.16.100.1/32, ubest/mbest: 1/0, attached

*via 172.16.100.1, Vlan35, [0/0], 34w4d, hsrp

172.16.100.2/32, ubest/mbest: 1/0, attached

*via 172.16.100.2, Vlan35, [0/0], 34w4d, local

172.16.124.4/32, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/10000], 5d22h, ospf-10, type-2

172.16.130.0/24, ubest/mbest: 1/0

*via 172.16.99.244, Eth1/45, [110/20], 5d22h, ospf-10, type-2

172.16.150.0/29, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/41], 5d22h, ospf-10, intra

172.16.150.8/29, ubest/mbest: 1/0

*via 172.16.99.254, Eth1/45, [110/41], 5d22h, ospf-10, intra

172.16.150.16/29, ubest/mbest: 1/0

*via 172.16.99.251, Eth1/45, [110/20], 5d22h, ospf-10, type-2

172.16.150.24/29, ubest/mbest: 1/0

*via 172.16.99.248, Eth1/45, [110/20], 5d22h, ospf-10, type-2

172.16.150.32/29, ubest/mbest: 1/0

*via 10.253.253.4, Vlan253, [110/41], 2w1d, ospf-10, intra

172.16.150.40/29, ubest/mbest: 1/0

*via 172.16.99.244, Eth1/45, [110/20], 5d22h, ospf-10, type-2

172.16.150.48/29, ubest/mbest: 1/0

*via 172.16.99.250, Eth1/45, [110/20], 5d22h, ospf-10, type-2

172.16.150.56/29, ubest/mbest: 1/0

*via 172.16.99.252, Eth1/45, [110/20], 5d22h, ospf-10, type-2

172.16.160.0/29, ubest/mbest: 1/0, attached

*via 172.16.160.2, Vlan160, [0/0], 10w3d, direct

172.16.160.1/32, ubest/mbest: 1/0, attached

*via 172.16.160.1, Vlan160, [0/0], 10w3d, hsrp

172.16.160.2/32, ubest/mbest: 1/0, attached

*via 172.16.160.2, Vlan160, [0/0], 10w3d, local

172.30.1.1/32, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/10000], 5d22h, ospf-10, type-2

192.0.0.0/24, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/41], 5d22h, ospf-10, intra

192.0.1.0/24, ubest/mbest: 1/0

*via 172.16.99.250, Eth1/45, [110/20], 5d22h, ospf-10, type-2

192.0.2.0/24, ubest/mbest: 1/0

*via 172.16.99.252, Eth1/45, [110/20], 5d22h, ospf-10, type-2

192.0.8.0/24, ubest/mbest: 1/0

*via 172.16.99.249, Eth1/45, [110/20], 5d22h, ospf-10, type-2

192.0.10.245/32, ubest/mbest: 1/0

*via 172.16.99.252, Eth1/45, [110/20], 5d22h, ospf-10, type-2

192.0.12.0/24, ubest/mbest: 1/0

*via 172.16.99.254, Eth1/45, [110/41], 5d22h, ospf-10, intra

192.0.14.0/24, ubest/mbest: 1/0

*via 172.16.99.248, Eth1/45, [110/20], 5d22h, ospf-10, type-2

192.0.16.0/24, ubest/mbest: 1/0

*via 172.16.99.251, Eth1/45, [110/20], 5d22h, ospf-10, type-2

192.0.254.0/24, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/10000], 5d22h, ospf-10, type-2

192.68.20.0/24, ubest/mbest: 1/0

*via 172.16.99.252, Eth1/45, [110/20], 5d22h, ospf-10, type-2

192.68.120.254/32, ubest/mbest: 1/0

*via 172.16.99.250, Eth1/45, [110/20], 5d22h, ospf-10, type-2

192.68.123.2/32, ubest/mbest: 1/0

*via 172.16.99.248, Eth1/45, [110/20], 5d22h, ospf-10, type-2

192.68.130.254/32, ubest/mbest: 1/0

*via 172.16.99.244, Eth1/45, [110/20], 5d22h, ospf-10, type-2

192.168.0.0/24, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/41], 5d22h, ospf-10, intra

192.168.1.0/24, ubest/mbest: 1/0

*via 172.16.99.244, Eth1/45, [110/20], 5d22h, ospf-10, type-2

192.168.2.0/24, ubest/mbest: 1/0

*via 172.16.99.252, Eth1/45, [110/20], 5d22h, ospf-10, type-2

192.168.8.0/24, ubest/mbest: 1/0

*via 172.16.99.249, Eth1/45, [110/20], 5d22h, ospf-10, type-2

192.168.10.0/24, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/10000], 5d22h, ospf-10, type-2

192.168.11.0/24, ubest/mbest: 1/0

*via 172.16.99.250, Eth1/45, [110/20], 5d22h, ospf-10, type-2

192.168.12.0/24, ubest/mbest: 1/0

*via 172.16.99.254, Eth1/45, [110/41], 5d22h, ospf-10, intra

192.168.13.0/24, ubest/mbest: 1/0

*via 10.254.254.1, [1/0], 2w2d, static

192.168.14.0/24, ubest/mbest: 1/0

*via 172.16.99.248, Eth1/45, [110/20], 5d22h, ospf-10, type-2

192.168.16.0/24, ubest/mbest: 1/0

*via 172.16.99.251, Eth1/45, [110/20], 5d22h, ospf-10, type-2

192.168.30.0/24, ubest/mbest: 1/0

*via 172.16.99.244, Eth1/45, [110/20], 5d22h, ospf-10, type-2

192.168.50.0/24, ubest/mbest: 1/0

*via 10.253.253.4, Vlan253, [110/41], 2w1d, ospf-10, intra

192.168.101.0/24, ubest/mbest: 1/0

*via 172.16.99.254, Eth1/45, [110/10000], 5d22h, ospf-10, type-2

192.168.121.0/24, ubest/mbest: 1/0

*via 172.16.99.250, Eth1/45, [110/20], 5d22h, ospf-10, type-2

192.168.122.0/24, ubest/mbest: 1/0

*via 172.16.99.251, Eth1/45, [110/20], 5d22h, ospf-10, type-2

192.168.123.0/24, ubest/mbest: 1/0

*via 172.16.99.248, Eth1/45, [110/20], 5d22h, ospf-10, type-2

192.168.124.0/24, ubest/mbest: 1/0

*via 172.16.99.249, Eth1/45, [110/20], 5d22h, ospf-10, type-2

192.168.125.0/24, ubest/mbest: 1/0

*via 172.16.99.252, Eth1/45, [110/20], 5d22h, ospf-10, type-2

192.168.174.44/32, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/10000], 5d22h, ospf-10, type-2

192.168.250.0/24, ubest/mbest: 1/0

*via 10.254.254.1, [1/0], 2w2d, static

192.168.254.0/24, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/10000], 5d22h, ospf-10, type-2

199.217.219.248/29, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/10000], 5d22h, ospf-10, type-2

204.194.130.14/32, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/10000], 5d22h, ospf-10, type-2

204.194.130.23/32, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/10000], 5d22h, ospf-10, type-2

208.87.15.0/24, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/10000], 5d22h, ospf-10, type-2

209.206.48.0/20, ubest/mbest: 1/0

*via 10.254.254.1, [1/0], 2w2d, static

216.157.128.0/20, ubest/mbest: 1/0

*via 10.254.254.1, [1/0], 2w2d, static

216.189.0.0/22, ubest/mbest: 1/0

*via 172.16.99.252, Eth1/45, [110/20], 5d22h, ospf-10, type-2

216.189.0.0/23, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/10000], 5d22h, ospf-10, type-2

216.189.224.0/23, ubest/mbest: 1/0

*via 172.16.99.253, Eth1/45, [110/10000], 5d22h, ospf-10, type-2

mbrown-revitycu · ‎05-09-2024

As a bump for this, what if we changed these connections:

WAN<AccessVlan990>Meraki

Nexus9000<AccessVlan990>Meraki

SD-WAN<AccessVlan990>Meraki

From access ports on Vlan990, to trunk ports allowing Vlan990?

Very much throwing things at the wall now.

Thanks!

RodneyWilkins11 · ‎05-19-2024

It seems like the OSPF configuration on the Nexus 9000 at Branch G might be encountering issues when integrating with the SD-WAN device. Verify OSPF settings and routing between the Nexus and the SD-WAN device for seamless traffic flow. For detailed troubleshooting steps, consult the Nexus 9000 documentation. (Data page: Nexus 9000 OSPF configuration guide)

Elliot Dierksen · ‎05-20-2024

Are you trying to get the Meraki devices to learn routes from OSPF? OSPF in Meraki is send only from what I have seen in the MX family. I think it was also a bit limited as it pertains to defining areas. To the best of my knowledge, BGP is the only protocol you can use to get a Meraki MX to do dynamic routing.

mbrown-revitycu · ‎05-20-2024

In this configuration we have set up, the Meraki devices have two routes applied to them. One is a static route that goes to a subnet defined on the Nexus to allow traffic to our firewall.

Meraki route:

Nexus configuration:

interface Vlan254
description Palo-Nexus-Transit
no shutdown
no ip redirects
ip address 10.254.254.3/24
no ipv6 redirects
hsrp 254
priority 150
timers 1 3
ip 10.254.254.2

There is also a default route on the Meraki which sends all traffic to that same next hop, but it doesn't advertise over OSPF.

We're trying to mirror the setup we have at other branches, where the Merakis are just passing the traffic from the SD-WAN device over to the Nexus directly. No OSPF is used at those branches between the SD-WAN and the routers there. There is a BGP connection between the SD-WAN and the routers though.