05-29-2013 08:51 PM - edited 03-04-2019 08:03 PM
Hi,
Have a 1921 that has 3 eth connections (1 LAN, and 2 WAN) - I have 2 seperate OSPF processes (2 areas) on the WAN Ints - both upstream WAN's are sending defaults back to the 1921, and the 1921 is sending it's LAN range to them.
I have ip ospf cost 150 set on the "failover" WAN connection interface (Both on the 1921 and upstream), but the 1921 is preferring the default route from the "failover"?
The ospf processes are:
"failover" ospf 38 (And area 38)
"primary" ospf 40 (And area 40)
The default routes are both being received by the 1921, but it's preferring the "failover" Int with the ip ospf cost 150 configured?
Any suggestions as to why this is happening?
Thanks.
Solved! Go to Solution.
05-30-2013 12:54 AM
Hello,
use the command "distance ospf external 109" to set only the external routes.
Regards.
05-29-2013 10:25 PM
Hi John ,
What i understood with your query is u have 2 exit point & getting 2 default route pointing to 2 different interface.
But your route is always going to Failover interface instead of going to Primary one .
can u please share the interface details with Ospf config so i can see those things , because some time edit cost is not the only solution
05-29-2013 11:15 PM
Hello John,
So you are sending a default route from two upstreams routers on different OSPF areas,
You want ur router to use Exit 1 (primary) but is using Exit 2(secondary) where you have set a specific OSPF cost to the interface,
Can you share the OSPF database so we can determine why the route is being prefered over Path B ( you can filter it to only show the default route)?
What happens if you disable Exit 2(failover), does the primery route get's installed on the routing table ?
Regards
05-30-2013 12:54 AM
I am unable to disable the links at this time (CE is in production), but both ospf processes are advertising default to CE (And is seen in CE also)...for some reason secondary link is preferring the default.
If you need to see specific output from ospf, please let me know (I provided ospf database output earlier)
05-29-2013 11:24 PM
Hello johnelliot6,
how do you inject the default route?. Do you use the command "default-information originate always"?.
Notice that external routes in OSPF are type 1 (E1) and 2 (E2). By default, default-route are injected using E2 type.
This meaning that routers do not add any internal OSPF cost to the metric. Your command "ip ospf cost 150" does not
apply to E2 routes. So you can do:
1) change your command to "default-information originate always metric-type 1" in both WAN routers.
This change route type to E2 and the your ip ospf cost command works.
or
2) change your command to "default-information originate always metric 50" in primary WAN router and
"default-information originate always metric 100" in backup WAN router. You can delete the command "ip
ospf cost" because default routes are injected with different metrics. Although, routes are E2 type the metric
are set by WAN routers.
Regards.
05-29-2013 11:59 PM
Thanks for the responses - I tried Antonio's suggestion, but it is still preferring the "backup" WAN.
Int configs, and ospf configs below:
CE
interface GigabitEthernet0/0
description BACKUP_WAN
ip address 10.2.8.226 255.255.255.252
ip flow ingress
ip flow egress
ip ospf cost 150
duplex auto
speed auto
interface FastEthernet0/0/0
description PRIM_WAN
ip address 10.2.9.62 255.255.255.252
duplex auto
speed auto
router ospf 38
router-id 10.2.8.226
redistribute connected subnets
passive-interface default
no passive-interface GigabitEthernet0/0
network 10.2.8.224 0.0.0.3 area 38
!
router ospf 40
router-id 10.2.9.62
redistribute connected subnets
passive-interface default
no passive-interface FastEthernet0/0/0
network 10.2.9.60 0.0.0.3 area 40
#sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
Known via "ospf 38", distance 110, metric 100, candidate default path
Tag 38, type extern 2, forward metric 151
Last update from 10.2.8.225 on GigabitEthernet0/0, 00:06:27 ago
Routing Descriptor Blocks:
* 10.2.8.225, from 10.2.8.193, 00:06:27 ago, via GigabitEthernet0/0
Route metric is 100, traffic share count is 1
Route tag 38
#sh ip ospf 38 database
OSPF Router with ID (10.2.8.226) (Process ID 38)
Router Link States (Area 38)
Link ID ADV Router Age Seq# Checksum Link count
10.2.8.193 10.2.8.193 1713 0x80002609 0x0056C0 2
10.2.8.194 10.2.8.194 1740 0x80002426 0x004943 1
10.2.8.226 10.2.8.226 1540 0x80001D73 0x0049E6 1
Net Link States (Area 38)
Link ID ADV Router Age Seq# Checksum
10.2.8.194 10.2.8.194 1740 0x800011EE 0x007E65
10.2.8.226 10.2.8.226 1540 0x80000041 0x004CF5
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
0.0.0.0 10.2.8.193 210 0x8000241B 0x0081BD 38
10.1.2.0 10.2.8.194 1740 0x80000784 0x00F33E 0
192.168.1.0 10.2.8.194 1740 0x800004F1 0x004B32 0
192.168.5.0 10.2.8.194 1740 0x80001577 0x009F30 0
192.168.6.0 10.2.8.194 1740 0x80000257 0x000EF3 0
192.168.8.0 10.2.8.194 1740 0x800003AD 0x004860 0
192.168.9.0 10.2.8.226 1540 0x8000005A 0x002CB1 0
192.168.10.0 10.2.8.194 1740 0x800013EA 0x0087D1 0
192.168.11.0 10.2.8.194 1740 0x800011F8 0x0066E5 0
#sh ip ospf 40 database
OSPF Router with ID (10.2.9.62) (Process ID 40)
Router Link States (Area 40)
Link ID ADV Router Age Seq# Checksum Link count
10.2.9.61 10.2.9.61 1167 0x8000000D 0x00C218 1
10.2.9.62 10.2.9.62 969 0x8000000B 0x00C119 1
Net Link States (Area 40)
Link ID ADV Router Age Seq# Checksum
10.2.9.61 10.2.9.61 1167 0x8000000B 0x006D7B
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
0.0.0.0 10.2.9.61 545 0x8000000C 0x00EEB9 3489678694
192.168.9.0 10.2.9.62 969 0x8000000B 0x009F31 0
Primary Core:
router ospf 40 vrf HOCA
router-id 10.2.9.61
passive-interface default
no passive-interface Port-channel1.560
network 10.2.9.60 0.0.0.3 area 40
default-information originate always metric 50
interface Port-channel1.560
description CORE_PRIM
encapsulation dot1Q 560
ip vrf forwarding HOCA
ip address 10.2.9.61 255.255.255.252
ip mtu 1500
Backup Core:
router ospf 38 vrf HOCA
router-id 10.2.8.193
log-adjacency-changes
passive-interface default
no passive-interface GigabitEthernet0/1.2765
network 10.2.8.192 0.0.0.3 area 38
default-information originate always metric 100
interface GigabitEthernet0/1.2765
description CORE_BACKUP
encapsulation dot1Q 2765
ip vrf forwarding HOCA
ip address 10.2.8.225 255.255.255.252
ip ospf cost 150
05-30-2013 12:30 AM
Hello,
I have checked that Cisco use always the oldest route when there are two routes with the same Administrative
distance for OSPF.
http://d2zmdbbm9feqrf.cloudfront.net/2010/usa/pdf/BRKARC-2350.pdf
So, my first answer is not very good. You have to change the adminitrative distance to have a deterministic behavior in your network.
Please do the following:
- Remove all "ip ospf cost" commands.
- Change your command again to "default-information originate always".
- In 1900 router in ospf process associated with primary link do "distance ospf 109 109 109"
So, routes learned by ospf associated primary link have a lower AD (109<110) and are preferred.
Regards.
05-30-2013 12:49 AM
Thanks Antonio,
The only options I have on the 1900 are:
(config-router)#distance ospf ?
external External type 5 and type 7 routes
inter-area Inter-area routes
intra-area Intra-area routes
Which option is correct?
05-30-2013 12:54 AM
Hello,
use the command "distance ospf external 109" to set only the external routes.
Regards.
05-30-2013 12:59 AM
Thanks Antonio!
That worked.
#sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
Known via "ospf 40", distance 109, metric 50, candidate default path
Tag Complete, Path Length == 1, AS 17766, , type extern 2, forward metric 1
Last update from 10.2.9.61 on FastEthernet0/0/0, 00:02:43 ago
Routing Descriptor Blocks:
* 10.2.9.61, from 10.2.9.61, 00:02:43 ago, via FastEthernet0/0/0
Route metric is 50, traffic share count is 1
Route tag 3489678694
I cant test failover atm, but looking good.
Thanks for your help
05-30-2013 01:12 AM
Hello,
please, when you do the failover test, let me now that everything is fine. Be careful with the keywords "always"
because the default route is "always" injected.
Regards.
05-30-2013 01:34 AM
Thanks - So, am I better to simply have only "default-information originate" on both "cores"? (And manipulate prmary ospf process on the CE?)
Side note - If I were to run the same ospf process/area (i.e. 38) on both primary+secondary WAN Ints, would ip ospf cost on the secondary Ints then work?
Thanks again for your help
05-30-2013 01:52 AM
Hello,
I do not ask you why use two ospf process. If there are not "special" reasons use only one proccess and use only an area
(area 0 backbone area). Then, if you have only a ospf proccess my first post will be good. "ip ospf cost" only apply if your external routes are type 1. I prefer control the metric in WAN routes setting the metric in the "default-information" command.
If you use "always" keywork WAN routes always inject the default route. If you do not use it, they only inject it if there is a default route in its routing table. In our network we do not use "always". Default route are learned by BGP in the WAN routes and if there is a problem (link down, BGP problem, so on...) the default route is not injected by ospf process.
Regards.
05-30-2013 03:27 PM
Hi Antonio - Initially I had a single ospf process (And single area) - 38, but the "backup" core also had a link to another site(In the same vrf) in area 38 and this was also the default route for the vrf.
So all routes learned via ospf 38 from this "other" site, were being advertised via the backup link to the 1921(Including the default), and then those routes were also being advertised to the "primary" core(Including default) even though I had the following route-map/acl configured on the 1921:
router ospf 38
router-id 10.2.8.226
redistribute connected subnets route-map OSPF_ACL
route-map OSPF_ACL permit 10
match ip address 2
access-list 2 permit 192.168.9.0 0.0.0.255
So this is why I removed ospf 38 from primary core, and setup ospf 40
As to why the routes where being advertised even with the acl, Im not entirely sure...would love if someone could explain why
05-31-2013 12:33 AM
Hello Johnelliot6,
you can not filter intra-area (routes learned from routers in the same area). OSPF needs that all routers inside
an area have the same database topology. What you can do is avoiding that this routes go into routing table.
You can use the "distribute-list 2 in" (2 is the ACL number) command in the "primary" core router.
Regards.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide