cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3724
Views
1
Helpful
14
Replies

Redistributed OSPF type 5 LSA not populating the routing table

jack.riley1
Level 1
Level 1

I'm currently taking routing updates from our SP for our new MPLS. We currently have other circuits providing data services to the sites we are migrating to the new MPLS, so already have entries via existing networks in OSPF via inter-area routes.

 

When i allow the new routing updates through the MPLS filter list i have, into our core OSPF process, i cannot get the routing update to populate the routing table in the OSPF PID i have used to peer with our SP.

 

I have the type 5 LSA learnt via the new MPLS connection & multiple other routes for my remote sites, however when i allow a prefix that matches an existing prefix learnt in the core ospf process, the route will not push into the routing table.

 

I'm currently testing with 10.137.70.0 /25 but this fails

If my SP advertises 10.137.70/24 instead, and i permit that through my filter list (bear in mind i dont have a route to that network prefix already) It works.

 

For context, I can allow any other unknown route through the filter list & it populates the routing table on demand.

 

Is there a reason OSPF would prevent type 5 E2 LSA's populating the routing table if we already have an inter-area route in the routing table?

 

Happy to provice scenario diagram if this helps.

 

Cheers, Jack.

2 Accepted Solutions

Accepted Solutions

OSPF will always install the best path in routing table. Intra-area route always preferred over inter, and inter area over external. Metric/cost will come into play when you are comparing two prefixes within the same route type.

 

if you like I can configure a small lab in gns3 and share the results.

View solution in original post

If I am understanding what Jack is asking then I believe that the key is when he asks for a resilient route. I would assume that what he means is that if he loses the inter area he would like the external route to be in the routing table. And that is exactly what should happen. As long as the inter area route is in the table the external will not be in the table and when the inter area route is removed from the routing table then the external route should be put into the routing table.

 

HTH

 

Rick

HTH

Rick

View solution in original post

14 Replies 14

Jack,

hard to say without seeing the configs. Do you have 'bgp redistribute-internal' configured ?

Post the full config of the router if possible...

Hi Georg,

 

So, the BGP & redist is all done by the service provider router, we actually only see OSPF from them & peer through that. They are sending us redistributed routes from BGP into OSPF & we receive them via a routed interface as type 5 LSA.

 

Our OSPF Config is below

 

router ospf 20
 router-id 192.168.230.75
 log-adjacency-changes
 passive-interface default
 no passive-interface GigabitEthernet1/21
 no passive-interface Vlan220
 network 192.168.190.X 0.0.0.3 area 20
 network 192.168.190.X 0.0.0.3 area 20
 network 192.168.230.X 0.0.0.0 area 20
 distribute-list WAN-ROUTES in GigabitEthernet1/21
 distribute-list WAN-ROUTES in Vlan220

 

Standard IP access list WAN-ROUTES
    210 permit 62.253.34.X (103 matches)
    4 permit 192.168.190.X log
    5 permit 192.168.190.X log
    7 permit 192.168.85.X, wildcard bits 0.0.0.127 log (156 matches)
    200 deny   any log (1622 matches)

 

 

GigabitEthernet1/21 is up, line protocol is up (connected)
  Internet Address 192.168.190.X/30, Area 20
  Process ID 20, Router ID 192.168.230.75, Network Type POINT_TO_POINT, Cost: 100
  Transmit Delay is 1 sec, State POINT_TO_POINT
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:00
  Supports Link-local Signaling (LLS)
  Cisco NSF helper support enabled
  IETF NSF helper support enabled
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 14, maximum is 14
  Last flood scan time is 0 msec, maximum is 4 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 192.168.190.X
  Suppress hello for 0 neighbor(s)
  Message digest authentication enabled
    Youngest key id is 1

 

Looking at the above output, I can permit any of the public routes learnt via type 5 LSA in the WAN-ROUTES ACL, but only routes that are not already in my routing table will then populate a new route. I've omitted some details for privacy.

 

The full config of the router is probably a little lengthy for a forum, but i can pull the parts you need if you like?

 

KR Jack

Hello,

try a prefix-list in combination with a route map (obviously you need to change the prefixes and masks to match what you have).

 

distribute-list route-map DENY_OSPF in

 

ip prefix-list WAN-ROUTES seq 10 permit 62.253.34.x/x
ip prefix-list WAN-ROUTES seq 20 permit 192.168.190.x/x
ip prefix-list WAN-ROUTES seq 30 permit 192.168.190.x/x
ip prefix-list WAN-ROUTES seq 40 permit 192.168.85.x/x
ip prefix-list WAN-ROUTES seq 50 deny any

 

route-map DENY_OSPF permit 10
match ip address prefix-list WAN-ROUTES

Hi Georg,

 

Thanks for this suggestion, I will look at amending to a route map instead of an ACL.

 

Do you know of any specific reason the route-map logic would influence the routing updates any differently than an ACL's logic?

 

I'm just curious thats all, as they seem to acheive the same goals, but people do appear to sway towards route-maps, i understand the much higher ability to control & influence the routes/traffic using set statements etc, however for a simply permit/deny action is there any difference in the logic?

 

Thanks for your assistance with this.

 

KR Jack.

Hi

The following command is usually used when you are using VRF under your OSPF, and I have seen that issue before with VRF, it should be configured on the PE in order to check the down bit and I have not configured it on global routing unless your OSPF is under a VRF, try to configure it on the CE or request it on the PE (ISP side):

router ospf X

capability vrf-lite




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Hi Julio, Thanks very much for your reply.

 

By the time the routing update reaches us we are only routing in the global routing table. The service providers router on our premesis is the last router using VRF on the MPLS.

 

If it was a VRF capability issue, should i be able to receive any other routes, or would this just affect the routing for routes already in the routing table?

 

KR Jack.

 

 

If you are learning the same prefix as a intra or inter area then external route would fail to install in global RIB.


@cofee wrote:

If you are learning the same prefix as a intra or inter area then external route would fail to install in global RIB.


Thanks for this, I had a suspicion this would be case. However I haven't seen any supporting literature, do you have anything i can refer too for this that you've come across before?

 

KR Jack

OSPF will always install the best path in routing table. Intra-area route always preferred over inter, and inter area over external. Metric/cost will come into play when you are comparing two prefixes within the same route type.

 

if you like I can configure a small lab in gns3 and share the results.

Hi Cofee,

 

Thanks again for your input. My question there would be, although i have a type 3 route learnt from the inter area route within OSPF, is there a way I can get OSPF to populate the external routes, even if inferior to the existing routes, as resilient routing alternatives in the global routing table.

 

KR Jack

Is there a reason you want to install both routes in the RIB?

 

This is the solution I can think of:

 

a) You will either need to redistribute the prefix that's being learned as an inter-area and then use cost to install the desired route in RIB

 

b) This option is more compllicated as this would require help from mpls provider. If the PE routers are in the same ospf domain (under vrf to connect your sites) - meaning same ospf process IDs on both side of the vpnv4 tunnel then all ospf redistributed prefixes will show up as an IA (inter area routes) because mpls cloud is considered to be super backbone. In the end cost will be the deciding factor.

 

 

If I am understanding what Jack is asking then I believe that the key is when he asks for a resilient route. I would assume that what he means is that if he loses the inter area he would like the external route to be in the routing table. And that is exactly what should happen. As long as the inter area route is in the table the external will not be in the table and when the inter area route is removed from the routing table then the external route should be put into the routing table.

 

HTH

 

Rick

HTH

Rick

Hi Richard/Cofee,

 

Richard, you were correct in your understanding. I was hoping to have this external, resilient route available to put in the routing table for a graceful cut over to the new MPLS routes when ready. But from what i can understand, I cannot populate the global RIB with both external & internal routes simultaneously using OSPF.

 

Funnily enough i proved this last night, by taking the internal routing update out & the external came straight into the routing table (from the MPLS provider). However when i re added the network statement to OSPF, the E2 (external) route stayed in the routing table until i supressed the routing update from the external source using my filter list again. This may just be a case of having to wait for the LSDB flood timeout to cleanse the old route, but I didn't have too much time to test this. 

 

Cofee, My MPLS ipvpn is layer 3 to site, then layer 2 (.1q subif's) downlink to my switches, so there is only BGP right up until the providers PE router in our DC, I have seen the end-to-end OSPF setup installed before now where the remote site is advertised using OSPF instead of BGP, but as you say this would take significant time investment now from myself & the service provider.

 

Once again thanks for both your inputs, much appreciated.

 

KR Jack.

Jack

 

I am glad that out explanations were helpful. Yes you should be able to have one or the other routing entry in the active routeing table but not both at the same time. Thank you for marking this discussion as solved.

 

HTH

 

Rick

HTH

Rick
Review Cisco Networking for a $25 gift card