Solved: Re: Routers are not able to ping shared subinterfaces using OSPF - Page 2

TylerByrd6153 · ‎11-26-2020

Hi all,

What I am trying to do is create a topology where Rtr 1 can ping Rtr 2 using OSPF then set up VRRP (or HSRP if possible but read that OSPF and HSRP cannot be used together) between them using the sub interfaces.

If the Rtr's do not share the same sub interfaces then OSPF reacts normally and the routes appear in the routing table and one side can ping over to the other. However if they both have the same sub interfaces then they can no longer communicate with the sub interfaces. The connection between the two routers, which is on a 172.0.0.x /24 subnet, communicates just fine.

I'm sure it's something simple that I am missing or not understand.

Rtr1 and Rtr2 both use interface gig 0/0 to connect to each other.

Rtr1 and Rtr2 both use interface gig 0/2 for their sub interfaces.

The format when pasting into the post wasn't very easy to read so, I've attached the outputs for show ip ospf data base, show ip ospf int, show ip ospf nei, show run | s ospf, show run | s interface.

I've included a separate document for the routing tables of each router. One is with one router's g0/2 shut down and the other is with both having the same interfaces/subinterfaces up.

I have also included a screen shot of the lab.

Thank you for your help in advance!

Richard Burts · ‎11-27-2020

I am glad that we are making progress and that the concepts are becoming more clear. There are a couple of things that I want to address:

- OSPF vs HSRP.

OSPF is a protocol for routing between different subnets and different networks. OSPF looks for all the paths toward a destination network. When there is more than one path toward a destination network OSPF evaluates the alternatives and chooses the best path. And once it has chosen that best path OSPF watches to make sure that that best path is still valid. And if the chosen best path becomes not available then OSPF dynamically looks for an alternate path to the destination.

HSRP is a protocol to provide first hop redundancy (how does a host in the network get to its default gateway - first hop toward the destination) in a network or subnet. To understand this let us think about a network that has 2 layer 3 devices (might be routers or might be L3 switches with routing enabled) that are capable of forwarding traffic toward remote destinations. Remember that if 2 devices are in the same broadcast domain (which means in the same vlan/same subnet) then they can just arp for each other and communicate directly. But if the devices are in different broadcast domains then they need a gateway to forward their traffic toward the destination. Most IP stacks specify a single gateway (some IP stacks allow definition of multiple gateways but most do not). So each host in this vlan/subnet are configured with R1 as their gateway. As long as R1 is running things work well and traffic is forwarded. But what happens if R1 goes down? All of a sudden the hosts do not have a working gateway and can no longer reach remote subnets. How can we get the hosts to use an alternate gateway? That is what HSRP was designed to do. Each of the routers has its own IP address and HSRP uses a third IP address in the subnet that either router can use. One of the routers has the shared IP address and is the active router. If the active router fails then automatically the standby router becomes active and takes over the shared address. This provides first hop redundancy for the hosts in the subnet.

- preempt

Sometimes we do not care which of the routers is the active gateway. But sometimes we do care which of the routers is the active gateway and to accomplish this HSRP uses priority. If there are 2 routers and one has a higher priority then we expect that this router will be the active gateway. If the active gateway router fails then the standby router takes over the shared IP address and now the hosts in the subnet are still using an active gateway. But let us think a bit more carefully about how this will work. In a diagram in one of your posts the routers had priority of 150 and of 110. So when the network got started R1 with priority of 150 becomes active. And things work for a while. But then R1 goes down. When R1 is no longer working then R2 automatically becomes the active gateway with the shared address. Then R1 comes back into service. Now R1 has the higher priority but R2 is still the active gateway. But we want R1 to be active when it is available. So we need a mechanism that will allow R1 to take over as active router when it comes back into service. And that is what preempt does it allows that if a router joins the HSRP group and it has a higher priority then it will take over as the active router.

- Let me also point out that whether you want preempt on both routers or on just one depends on whether you are using track within HSRP. With track enabled the router can monitor its other interfaces (especially the outbound interface toward remote destinations) and if an interface goes down then the router lowers its operating priority which allows the standby router to take over. If you are using track then you want preempt on both of the routers. If you are not using track then you need preempt only on the router with higher priority.

HTH

Rick

TylerByrd6153 · ‎11-28-2020

Rick this is awesome! Thank you for all of this. I really appreciate you taking the time to write all of this out and explain all of this, it is very helpful! I will most definitely refer back to this in the future

@paul driver @Georg Pauwen @Giuseppe Larosa and Rick, Here is the update that I promised.

Part of the issue is using a virtual platform. For the last few hours I could not get HSRP to work no matter what I did until I realized that it may not be anything that I am doing and may actually be the virtual platform. Well after saving everything and restarting CML I was able to get HSRP to work properly and it is configured and running as it should!

Now here is the next hurdle I am facing is getting the distro switch below to be able to ping the 172.0.0.1/2 ip addresses on the routers. I'm attempting to use OSPF to perform the routing however I am not doing something correctly. How would I go about getting the VLAN 10 network out to another subnet using OSPF? Or must I use static routes? I have added files with the outputs.

Thank you all for all your help, its been really insightful!

paul driver · ‎11-28-2020

Hello
You can run static routing between the core and distribution with a default route on the distribution pointing to the hsrp virtual address of the cores and have static routes on the cores pointing to the distribution for the fiancé and marking subnets, but why not just enable ospf on the distribution switches if they support it so to advertise the lan subnets, Then advertise a default route from the ospf cores into the distribution then you wouldn't require the HSRP.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

TylerByrd6153 · ‎11-28-2020

Pual,

This is true, however the default route's IP address would belong to one device (Rtr) and if that router would go down then that connection would be lost. If I am not misunderstanding. I am aiming for a method that would allow me full redundancy while using OSPF. But yes, I do want to use OSPF on the distro switches as well, I just wanted to get one thing working first so I could understand how to configure it in the future.

Please let me know if I am not understanding.

paul driver · ‎11-28-2020

Hello

@TylerByrd6153 wrote:

Pual,

This is true, however the default route's IP address would belong to one device (Rtr) and if that router would go down then that connection would be lost. If I am not misunderstanding.

You can advertise a default from both core rtrs with preference being primary core rtr and if that does go down then the default from the secondary core will take preference.

This can be accomplished with a very simple ipsla object tracking statement with ospf.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

TylerByrd6153 · ‎11-29-2020

Paul,

I think this is what I am actually looking for. Thank you!

@paul driver @Richard Burts @Georg Pauwen @Giuseppe Larosa Thank you all again!

Richard Burts · ‎11-29-2020

I have looked at the diagram posted and the router outputs and I have some comments and questions:

- The output seems to indicate that OSPF is running only on the 2 routers. Is that correct?

- How are the distro switches configured? Are they operating only as layer 2 switches, doing only layer 2 forwarding? Or is ip routing enabled on them so that they can also forward layer 3 addressing?

- it seems logical to assume that the access switches are configured as only layer 2 switches (ip routing not enabled). Can you confirm that this is the case?

- Clearly 10.0.10.0 is a subnet connecting the 2 routers and the 2 distro switches. Is anything else on that subnet/vlan?

- There are 2 external routes shown 10.0.20.0 and 10.0.50.0. Would I be correct that these are from other interfaces on the routers? Do we need to be aware of them/concerned about them?

- You show 2 groups connected to the access switches, finance and marketing. Are we correct in assuming that these are 2 separate vlans/2 separate subnets? Can you tell us what the vlans are and what the subnets are? Are you intending the routing logic for these subnets to be on the distro switches or on the routers?

- It might help us to understand the environment better is you would post the complete running config from one of the routers (and perhaps even better to see both router configs). Like wise it would be nice to see the config from at least one of the distro switches.

HTH

Rick

TylerByrd6153 · ‎11-30-2020

@Richard Burts wrote:
I have looked at the diagram posted and the router outputs and I have some comments and questions:
- The output seems to indicate that OSPF is running only on the 2 routers. Is that correct?
- How are the distro switches configured? Are they operating only as layer 2 switches, doing only layer 2 forwarding? Or is ip routing enabled on them so that they can also forward layer 3 addressing?
- it seems logical to assume that the access switches are configured as only layer 2 switches (ip routing not enabled). Can you confirm that this is the case?
- Clearly 10.0.10.0 is a subnet connecting the 2 routers and the 2 distro switches. Is anything else on that subnet/vlan?
- There are 2 external routes shown 10.0.20.0 and 10.0.50.0. Would I be correct that these are from other interfaces on the routers? Do we need to be aware of them/concerned about them?
- You show 2 groups connected to the access switches, finance and marketing. Are we correct in assuming that these are 2 separate vlans/2 separate subnets? Can you tell us what the vlans are and what the subnets are? Are you intending the routing logic for these subnets to be on the distro switches or on the routers?
- It might help us to understand the environment better is you would post the complete running config from one of the routers (and perhaps even better to see both router configs). Like wise it would be nice to see the config from at least one of the distro switches.

Rick,

Going down your line of questions:

-At the time yes, OSPF was ONLY running on the two routers.

-In the beginning the Distro Switches were only operating at layer 2. They have sense been configured for Layer 3 and are running OSPF as well.

-Access switches are layer two only, you are correct.

-10.0.20.0 and 10.0.50.0 subnets were ignored for this post and I should have stated this. Being aware of the other interfaces is not necessary for this instance.

-Finance, Marking, and Guest are all separate subnets. To answer your question, yes your assumption is spot on. Finance is on the 10.0.10.0 subnet, Marking is on the 10.0.20.0 subnet, and Guest is on the 10.0.50.0 subnet. The routers will be handling the routing logic.

- I can provide that with a follow up post. I am not quite done with my configuration but will reply back with the configurations.

Explanation:

At the start of this thread I was simply trying to get HSRP and OSPF to work in my lab and I was starting at the routers. I now understand that the issue was my method of implementation. As Paul helped me discover, using OSPF with IPSLA statements will be my preferred method of redundancy at the Layer 3 layer of my network. HSRP is layer 3 but trying to mix this with OSPF does not work well. I have found in another thread that HSRP/VRRP/GLBP should be used independently from OSPF, also. I am still not 100% sure that these FHRP protocols cannot be used with OSPF or other dynamic routing protocols, however, OSPF with IPSLA works very well and IPSLA provides really good data.

-Tyler

Richard Burts · ‎12-01-2020

Tyler

Thanks for the update. I am not clear how IPSLA works with OSPF. But if you have implemented it and it is working for you that is a good thing.

I would suggest that we might look at this discussion from a somewhat different perspective. I believe that fundamentally you are looking for ways to provide redundancy and failover capabilities for devices in your network so that loss of a gateway will not mean that other devices which have been using that gateway would be out of service. In looking at how to accomplish that we should recognize 2 types of devices and will find a redundancy solution that works for each class of device.

- one class of devices are devices that are capable of dynamically changing the gateway that they are using. The prime example of this are devices which run a dynamic routing protocol, such as OSPF. OSPF can advertise specific prefixes and also can advertise a default route. OSPF neighbors can learn that default route and will then use the original OSPF device as their gateway. In your example the distro switch running OSPF will select one of the routers as its gateway. (technically the switch could have 2 gateways and do load sharing, but to simplify I will discuss just the single gateway aspect) So in your example sw1 might choose rtr1 as its gateway, based on the advertised OSPF default route. And if rtr1 experiences a problem and goes down then sw1 recognizes loss of the current gateway and will begin using rtr2 as its gateway.

- the other class of devices are devices that are not capable of dynamically changing the gateway that they are using. These would typically be clients, servers, PCs etc. They might be manually configured with a gateway or might learn their gateway via DHCP or some other method. When the machine boots up it acquires its gateway address and uses that gateway. Unfortunately if that gateway stops working then the device is isolated and can not communicate. One way to supply redundancy for this is to use HSRP. With HSRP the gateway address is a virtual address that is shared by 2 (or sometimes more) devices. HSRP negotiates which of the peers will be active and use the virtual address. And if something happens to that active HSRP device then the standby device assumes the virtual address. This is transparent to the host device which continues to use the same gateway address and does not know that its gateway is now a different physical device.

So if your routers and switches are running OSPF there is no need for HSRP to provide redundancy/failover for the switches. But there is need to run HSRP on the devices which act as gateway for this hosts in the network. If you have 3 groups of users Finance, Marking, and Guest, and if each group has its own subnet then you will need HSRP for 3 sets of addresses. If the router is acting as gateway for the subnets then the router would run HSRP. If the switch were acting as gateway for the subnet then HSRP would run on the switch.

There is not any problem running both HSRP and OSPF. I have run them side by side in many networks. You just need to be aware of which devices are using which kind of redundancy/failover.

HTH

Rick