cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4225
Views
5
Helpful
32
Replies

OSPF Routing Problem

wasiimcisco
Level 1
Level 1

I am facing problem in Routing in between head office and DR (disaster recovery) Side.

I have two links to my DR Side. I have GRE Tunnel with Primary and Secondary Router located in head office.

I want DR to use the Primary Router (tunnel 550) as primary link and Secondary IPVPN Router (Tunnel 540) as backup.

But I am not able to achieve this. I have even shut down the GRE tunnel (540) on Secondary IPVPN Router but still the traffic is going through this link. I am not able to track which path the traffic is taking. My bandwidth graph is high on on Secondary IPVPN link and Hardly few kbps is being used on the primary IPVPN link.

This means that something is wrong with the routing. Please go through the configuration and let me know what i am missing and which link cost I need to modify in order to use exact require link.

2 Accepted Solutions

Accepted Solutions

Hi,

   If Tunnel 540 is up with ip ospf cost 50 command,  ENOCDC_R03 will go to 192.168.10.x(DR) via this link. Right?  Please post "show ip route 192.168.10.0 255.255.255.0" while Tunnel 540 is up.

Toshi

View solution in original post

Hi,

   I forgot that Gig0/1 is running OSPF as well. We need to add LAN cost for O*E1 routes. If you didn't set the metric when doing redistribution you should see metric 20 from "show ip ospf database external".  You can check ASBR by using "show ip ospf border-router" on DR router.

  So you're correct 5-point. Good Job!

Toshi

View solution in original post

32 Replies 32

Hi

I guess that the traffic that you want to pass through the Primary router will be the one from the Branches , that are in different areas - Tottaly STUB areas , am i right - or please specify which traffic should go to the Tu550 ?

Your configuration :

on the Secondary router :

area 5 stub no-summary
area 5 default-cost 10
area 6 stub no-summary
area 6 default-cost 10

On the Primary router :

area 5 stub no-summary
area 5 default-cost 20
area 6 stub no-summary
area 6 default-cost 20

On DR router

area 5 stub no-summary
area 5 default-cost 30
area 6 stub no-summary
area 6 default-cost 30

So the Branch is going to install the default route from the secondary router ( can you check this ? )

Dan

wasiimcisco
Level 1
Level 1

Hi,

Branches will not go to DR site in mormal routine. They always use Secondary IPVPN link as default, in case of failure branch will switch to other IPVPN link.

Only subnets that are in head office like 192.168.200.0, 80, 205,  210, etc will go to DR Site.

.

My DR subnets are 192.168.10.0 and 192.168.180.0. So from head office whatever traffic is going to DR site (192.168.180.0, 192.168.10.0) should use primary IPVPN Link (R04).

Kindly assistance.

If i undestood well , the traffic between 192.168.{180,10} and 192.168.{210,205,200,80} should pass through Tunnel 550 - or if it arrives on the Secondary router , should pass though the link between Primary and Secondary ( is there any ) and then to the Primary's Tunnel550

Could you post a "show ip route 192.168.10.0", from your secondary router.

Dan

Hi,

Yes you are right traffic 192.168.{180,10} and 192.168.{210,205,200,80} should use Tunnel 550 and in case of Tunnel 550 down traffic should go to Tunnel 540 (secondary IPVPN link).

Secondary IPVPN#show ip route 192.168.10.0
Routing entry for 192.168.10.0/24
  Known via "ospf 1", distance 110, metric 41, type intra area
  Last update from 192.168.0.40 on GigabitEthernet0/1, 1w0d ago
  Routing Descriptor Blocks:
  * 192.168.0.146, from 172.27.1.10, 1w0d ago, via FastEthernet0/0/0
      Route metric is 41, traffic share count is 1
    192.168.0.40, from 172.27.1.10, 1w0d ago, via GigabitEthernet0/1
      Route metric is 41, traffic share count is 1

ENOCDC_R03#show ip route 192.168.180.0
Routing entry for 192.168.180.0/28, 3 known subnets

O E1    192.168.180.96 [110/61] via 192.168.0.146, 1w0d, FastEthernet0/0/0
                       [110/61] via 192.168.0.40, 1w0d, GigabitEthernet0/1
O E1    192.168.180.16 [110/61] via 192.168.0.146, 1w0d, FastEthernet0/0/0
                       [110/61] via 192.168.0.40, 1w0d, GigabitEthernet0/1
O E1    192.168.180.0 [110/61] via 192.168.0.146, 1w0d, FastEthernet0/0/0
                      [110/61] via 192.168.0.40, 1w0d, GigabitEthernet0/1
ENOCDC_R03#

Primary IPVPN#show ip route 192.168.10.0
Routing entry for 192.168.10.0/24
  Known via "ospf 1", distance 110, metric 11, type intra area
  Last update from 172.27.5.166 on Tunnel550, 1w0d ago
  Routing Descriptor Blocks:
  * 172.27.5.166, from 172.27.1.10, 1w0d ago, via Tunnel550
      Route metric is 11, traffic share count is 1

Primary IPVPN#show ip route 192.168.180.0
Routing entry for 192.168.180.0/28, 3 known subnets

O E1    192.168.180.96 [110/31] via 172.27.5.166, 1w0d, Tunnel550
O E1    192.168.180.16 [110/31] via 172.27.5.166, 1w0d, Tunnel550
O E1    192.168.180.0 [110/31] via 172.27.5.166, 1w0d, Tunnel550

I have also attached the full configuration of DR router, Primary IPVPN router and secondary IPVPN router configuration.

Still i do not understand what is the problem.

DR and Primary - Tu550

DR and Secondary - Tu540

Primary and Secondary - Fa0/0/0 and G0/1

On Dr :

O E1 192.168.200.0/24 [110/60] via 172.27.5.165, 00:00:21, Tunnel550
O E1 192.168.205.0/24 [110/60] via 172.27.5.165, 00:00:22, Tunnel550

As expected

---

On Primary :

O    192.168.10.0/24 [110/11] via 172.27.5.166, 6d22h, Tunnel550

As expected

---

On Secondary , learned from Primary

show ip route 192.168.10.0
Routing entry for 192.168.10.0/24
  Known via "ospf 1", distance 110, metric 41, type intra area
  Last update from 192.168.0.40 on GigabitEthernet0/1, 1w0d ago
  Routing Descriptor Blocks:
  * 192.168.0.146, from 172.27.1.10, 1w0d ago, via FastEthernet0/0/0
      Route metric is 41, traffic share count is 1
    192.168.0.40, from 172.27.1.10, 1w0d ago, via GigabitEthernet0/1
      Route metric is 41, traffic share count is 1


As expected

hi,

apparently it looks like that traffic between head office and DR site is using the Primary IPVPN linke tunnel 550. But actually this is not happening. Few hours ago we send huge traffic from 192.168.200.0/24 subnet to DR subnet 192.168.10.0/24 but traffic use the secondary link (Tunnel 540) (router ENOCDC_R03) and whole link of primary IPVPN was fully choked.

Attached graph for your information. It shows that primary IPVPN link is not being use whole day and our secondary IPVPN link fully used especially in the last three to four hours.

Graph also shows the host to host communication of 192.168.200.0 and 192.168.10.0.

I am suspecing traffic is not going through the primary IPVPN link and Router is sending back traffic to Secondary IPVPN router and then use this link to reach DR.

Primary IPVPN#trace 192.168.10.72

Type escape sequence to abort.
Tracing the route to 192.168.10.72

  1 172.27.5.166 4 msec 0 msec 0 msec
  2 192.168.10.72 4 msec 4 msec 0 msec

===================================

Secondary IPVPN#traceroute 192.168.10.72

Type escape sequence to abort.
Tracing the route to 192.168.10.72

  1 192.168.0.40 0 msec
    192.168.0.146 0 msec
    192.168.0.40 0 msec
  2 172.27.5.166 4 msec 0 msec 4 msec
  3 192.168.10.72 4 msec 4 msec 0 msec

Hi,

   Please post the detailed topology regarding your question. I just want to make sure how they are connecting.

Toshi

wasiimcisco wrote:

Primary IPVPN#trace 192.168.10.72

Type escape sequence to abort.
Tracing the route to 192.168.10.72

  1 172.27.5.166 4 msec 0 msec 0 msec <<<<< Tunnel550 DR router
  2 192.168.10.72 4 msec 4 msec 0 msec

===================================

Secondary IPVPN#traceroute 192.168.10.72

Type escape sequence to abort.
Tracing the route to 192.168.10.72

  1 192.168.0.40 0 msec  <<<< Primary on Gi0/1 and Fa0/0/0 - loadbalancing - you have 2 routes installed from Primary
    192.168.0.146 0 msec
    192.168.0.40 0 msec
  2 172.27.5.166 4 msec 0 msec 4 msec <<<< Tunnel 550 on DR router
  3 192.168.10.72 4 msec 4 msec 0 msec

i don't see any issue . The prefixes that you wanted to pass though the Primary router are fine.

Maybe you have some PBR , as i saw one on the Tu540 , that push the traffic in other way.

Dan

Hi Dan,

The reason you dont see any issue is because Tun540 is shutdown if you look at the config. Hence, everything is routed via the Tun550. There is no secondary tunnel.

Wasim,

One thing I can see is that the secondary router is the DR(designated Router) in ospf.Tyr making the primary router as the DR(designated router) and see if does anything for you.

Edit:

What are the costs end to end. I mean what is the cost for the devices in the 192.168.0.0 range to get to the primary and secondary router?

Hi,

Please find attached the network diagram. Please revert for any clarification.

Hi,

   Please let me know where G0/1 is on Primary router and Secondary router in your diagram .  Please add the following command for testing.


!

ENOCDC_R03#conf t

ENOCDC_R03(conf)#interface Tunnel 540

ENOCDC_R03(conf-if)#ip ospf cost 50

!


HTH,

Toshi

wasiimcisco
Level 1
Level 1

Hi,

Infact in diagram fa0/1 is my gig0/1 it is showing wrong in diagram

Sent from Cisco Technical Support iPhone App

Hi,

   Okay. Did you try the command I told you?

HTH,

Toshi

Hi,

I have applied the changes to cost 50 on Tunnel 540. But no impact. Also I have already shut down Secondary IPVPN Tunnel 540 manually so that Always Tunnel 550 use for Sending Traffic to DR.

ENOCDC_R03#sh running-config interface tunnel 540
Building configuration...

Current configuration : 316 bytes
!
interface Tunnel540
description connected to the DR-Site
bandwidth 1024000
ip address 172.27.5.37 255.255.255.252
ip mtu 1476
ip policy route-map RE_ROUTE>RACK2
ip ospf network point-to-point
ip ospf cost 50
shutdown
keepalive 5 3
tunnel source GigabitEthernet0/0
tunnel destination 192.168.253.25
end

I am clueless if Tunnel 540 is down how come ENOCDC R03 is being use for DR Traffic.