Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1681
Views
0
Helpful
3
Replies

OSPF with Multiple IPSEC Tunnels and redundant routers.

Bruce_Arnott_NH
Level 1
Level 1

‎03-05-2010 11:00 AM - edited ‎03-04-2019 07:43 AM

I have an issue in our environement at the moment with our OSPF setup.

We have 2 edge routers with GRe over IPSec tunnels out to several remote sites. These routers are connected via our core router.

Each of the remote sites have 2 tunnels configured, 1 to each of the edge routers.

I've noticed an issue where the tunnel conection fails on on of the routers the OSPF does not re route via the other router.

What appear to happen is that Router A learns that  the remote network is adjecent to one of it's local subnets (the tunnel interface) and therefore advertises that it can reach the subnet. This prevents routing from working. From Edge router B you can access the remote network but from the Core the advertised route from Router A takes precedence.

The tunnels and remote site are in a different OSPF area from the core.

The only way to resolve this is to shutdown the relevant Tunnel interface on router A then everything starts to work again.

If anyone has any ideas I'd love to hear them.

Thanks and regards

Bruce

Labels:
Preview file
19 KB
0 Helpful
3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

‎03-06-2010 11:14 AM

Bruce

I have read your description and looked at your diagram and am still not sure what is going on. When you describe that the tunnels and remote site are in a different OSPF area than the core it makes me wonder whether the edge routers are doing any kind of summarization of routes to the core?

Perhaps if you could post relevant parts of the edge router configs and the core config we might be able to supply better answers.

HTH

Rick

HTH

Rick
0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎03-07-2010 04:34 AM

I've implemented alot of this and I've never seen this behaviour before.  Can you post your config, as Rick mentioned?  What IOS and feature set are you using?

0 Helpful

Bruce_Arnott_NH
Level 1
Level 1
In response to Leo Laohoo

‎03-12-2010 02:07 PM

Turns out the solution was pretty simple. Keepalives were not set on the tunnel interfaces so they would stay up even when unable to connect.

Turning on keep alives means the router with the disconnected tunnel does not try to route through it's local network to the adjacent network.

Thanks for the replies though.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card