OSPF with Multiple IPSEC Tunnels and redundant routers.

Bruce_Arnott_NH · ‎03-05-2010

I have an issue in our environement at the moment with our OSPF setup.

We have 2 edge routers with GRe over IPSec tunnels out to several remote sites. These routers are connected via our core router.

Each of the remote sites have 2 tunnels configured, 1 to each of the edge routers.

I've noticed an issue where the tunnel conection fails on on of the routers the OSPF does not re route via the other router.

What appear to happen is that Router A learns that the remote network is adjecent to one of it's local subnets (the tunnel interface) and therefore advertises that it can reach the subnet. This prevents routing from working. From Edge router B you can access the remote network but from the Core the advertised route from Router A takes precedence.

The tunnels and remote site are in a different OSPF area from the core.

The only way to resolve this is to shutdown the relevant Tunnel interface on router A then everything starts to work again.

If anyone has any ideas I'd love to hear them.

Thanks and regards

Bruce

Richard Burts · ‎03-06-2010

Bruce

I have read your description and looked at your diagram and am still not sure what is going on. When you describe that the tunnels and remote site are in a different OSPF area than the core it makes me wonder whether the edge routers are doing any kind of summarization of routes to the core?

Perhaps if you could post relevant parts of the edge router configs and the core config we might be able to supply better answers.

HTH

Rick

HTH

Rick

Leo Laohoo · ‎03-07-2010

I've implemented alot of this and I've never seen this behaviour before. Can you post your config, as Rick mentioned? What IOS and feature set are you using?