Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2292
Views
55
Helpful
11
Replies

OSPF routing cost based on prefix

SJ K
Level 5
Level 5

‎08-31-2021 09:30 PM

Hi all

 

In this diagram below - all links are 1G and there are no referenced bandwidth manipulation

 

Capture.JPG

 

I wanted all traffic to/fro from 192.168.1.x to go via wan1 and hence i have set a higher ospf cost on wan2 and ge1/0/10.

wan2 will be the backup if wan1 is down

 

I also wanted all traffic to/fro 192.168.113.x to go via wan2 but since wan2 has a higher cost earlier, traffic will go using wan1

 

How do i influence cost based on prefix rather then interface ?

e.g.

traffic to/fro 1.x advertise with higher cost on wan2 <-> ge1/0/10 link

trafic to/fro 113.x advertise with a difference cost on wan2 <-> ge1/0/10 link

 

Thank you

Labels:
0 Helpful
11 Replies 11

balaji.bandi
Hall of Fame
Hall of Fame

‎09-01-2021 12:01 AM

You need to control both the side right, even if you send out using prefix, other OSPF equal-cost coming in it should be using ECMP

 

what FW is this ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

SJ K
Level 5
Level 5
In response to balaji.bandi

‎09-02-2021 04:12 AM

Hi

 

It is a Fortigate firewall

 

Thank you

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎09-01-2021 01:02 AM - edited ‎09-01-2021 01:03 AM

Hello @SJ K ,

you need to use PBR policy Based routing to make some traffic to use a non best path.

 

OSPF is not able to provide what you need as it is not possible to make "per prefix" costs. OSPF looks at the topology for its link state nature.

 

Hope to help

Giuseppe

 

paul driver
VIP
VIP

‎09-01-2021 01:33 AM

Hello

you could max out wan2rtr ospf metric so all traffic routes through wan1rtr then append pbr so to policy route via wan2rtr for specific prefixes however this doesn’t this doesn’t guarantee return path would traverse back the same way.

 

wan 2

router ospf x

max-metric router-lsa

 

access-list 100 permit 192.168.113.0 0.0.0.255

any

track 10 interface <wan2 egress interface> reachability 

route-map pbr

match ip address 100

set ip next-hop <wan2 nexthop> verify-availability 1 track 10

 

int x/x

description lan facing 192.168.113

ip policy route-map pbr 

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to paul driver

‎09-01-2021 02:11 AM

Hello @paul driver ,

nice point PBR should be done on both directions with different setup in one case the selected prefixes are the destination addresses and on the other cases they are the source addresses.

 

I would not use the max-metric because we should also cover the case of WAN1 failure.

 

Hope to help

Giuseppe

 

paul driver
VIP
VIP
In response to Giuseppe Larosa

‎09-01-2021 02:25 AM

Hello

@Giuseppe Larosa If wan 1rtr was dropped/lost then even though wan2 rtr would have a very high metric traffic would redirect via this path?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to paul driver

‎09-01-2021 02:43 AM

Hello @paul driver ,

when using max-metric the Router LSA will use 65535 the max value for 16 bit intra area route for each link listed within.

The objective of max-metric is to avoid the router to be a transit for user traffic and to act as a shadow router that learns the OSPF DB.

 

Now, when WAN1 fails I'm not sure that WAN2 can be used.  It depends from implementation or  I may be wrong of course.

 

For the purposes of the original poster is enough to rise the cost on WAN2 on both ends and then to use PBR on both devices to move selected traffic flows over the non best path.

 

Hope to help

Giuseppe

 

paul driver
VIP
VIP
In response to Giuseppe Larosa

‎09-01-2021 04:13 PM

Hello @Giuseppe Larosa  

Glad to see you conclusion, my suggestion was an alternative for ospf redirection, However Interface costing is another applicable solution to this issue, maybe more so.

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

SJ K
Level 5
Level 5

‎09-01-2021 08:28 AM - edited ‎09-01-2021 08:30 AM

hi all

 

Thanks for your insights and feedback

 

Do you guys feel the same - that doing IGP with stateful firewall is really cumbersome - as in there is always a concern on how the firewall handles asymmetric traffic e.g. in an ECMP scenario ?

 

How do you guys circumvent that ? Do route exchanges only with routers ?

 

Thank you

 

MHM Cisco World
VIP
VIP

‎09-01-2021 10:53 AM - edited ‎09-01-2021 04:41 PM

there is infront of FW edge router which connect to ISP, this router will do the routing and forwarding and from the view of FW the traffic come from only one point which is edge router, this is how FW solve the asymmetric.

SJ K
Level 5
Level 5
In response to MHM Cisco World

‎09-02-2021 04:15 AM

Do you mean there is router place in front of the firewall ?

 

connection --> wan/edge router --> wan switch --> firewall ?

 

Issue is that router doesn't work in HA pair, so if the router goes down, so is link ...

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card