Routing issue OSPF BGP - Assistance required

singh1227 · ‎08-28-2013

Hi All,

I am new to the community and posting for the first time. I am currently having an issue in our company network where remote sites traffic coming to head office and then flowing via gig link to our data center instead of going straight to Data center via ISP core.

I will try to explain in detail. Here is the scenario

Site A - Head office (10.60.1.0)

Site B - Data Center(10.60.2.0)

Site C - Remote Site(10.60.3.0)

OSPF setup between our Cisco 3750 stack and ISP router at all three sites.

Two WAN circuits(Primary and Secondary) terminating at Head office and Data Center to provide connectivity. Remote site connects to ISP core and use to route traffic for network - 10.60.2.0 straight via ISP core until we provisioned another layer 2(1GB) link between Site A and Site B.

We provisioned this circuit for traffic between heads office and data center. This link terminates straight on our Layer 3 3750 switch on both ends.

OSPF was setup to advertise routes between those site by our nework support provider.

ISP saying that our OSPF pushing this as the best path to their BGP network hence traffic flowing via Head office.

I believe it's due to cost on OSPF but unable to figure out on where the issue is.

Any help or ideas would be much appreciated.

Thanks everybody

libi.pappachen · ‎08-28-2013

Hi Prabjeet,

Its look like ospf cost causing this problem. But to clarify, can we have the ospf and bgp configuration of all 3 sites and the following output please?

show ip route

show ip route ospf

show ip ospf database

show ip ospf neighbor

BR,

Libi

singh1227 · ‎08-29-2013

Hi Libi,

Thank you for your reply.

Unfortunately, I can't have ISP side of config but I have attached my switches config as requested.

I have removed the routes for all other sites and just left for one remote site, head office and Data centre subnets.

Cheers

Prabjeet

Lei Tian · ‎08-29-2013

Hi,

Based on your description, you have a back door link between data enter and headend, which pass the routes between eachother, and the data enter is advertising headend routes to the provider. Because the cost is lower on data enter side, provider prefers data center route over headend. Is my understanding correct? I think there are multiple ways to address the issue, if your headend and data enter are in different OSPF area, you can summarize local routes via backdoor link, or you can ask provider to summarize the route on BGP, or you can ask provider to advertise site local routes from data enter and headend, along with a default route to provide backup.

HTH,
Lei Tian

Sent from Cisco Technical Support iPhone App

singh1227 · ‎08-29-2013

Hi Lei,

Yes, that's right, We have back door link between Data centre and Headoffice. I amnot sure if which side have lower cost and which side advertising that link to be preferred to ISP.

OSPF to ISP and OSPF between sites are in different areas.

I have attached the config in above posy if you want to have a look. Any assistance is much appreciated.

Thanks

Prabjeet

Lei Tian · ‎08-30-2013

Hi Prabjeet,

It should be easy if it is in different ospf area. Can you post the config as txt file, so it is easier to open?

HTH,

Lei Tian

singh1227 · ‎09-01-2013

Hi Lei,

Thanks for your reply.

I originally uploaded txt files but it has zipped itself. I am trying to send again but if it does again then I may need to email you separately.

Thanks

Prabjeet

ashirkar · ‎08-30-2013

Hello Prabjeet,

Hope you are doing well,

This is what i understand from what you have written above:

1) You have 3 sites and advertising following subnets using IGP as ospf

A - Head office (10.60.1.0)

B - Data Center(10.60.2.0)

C - Remote Site(10.60.3.0)

2) Site C was reaching site-B through service provider, Are site A,B and C connected via MPLS link ?

3) Now you have commission new link between your head office and data center, of 1Gig, Is it point to point link?

4) Your problem is: your remote site user is reaching your datacenter through head office, Is that correct ?

If it is correct, then it seems like after adding 1GB link , Your HO router is learning routes for remote site with lower cost compared to previous interface.

Please check cost using "sh ip os int " command for both interface and let us know your observation.

Regards,

Ashish Shirkar

singh1227 · ‎09-01-2013

Hi Ashish,

Thanks for your reply.

1 - Right (We have multiple site but I have just mentioned one in the scenario)

2 - Yes, it was. Not sure if it's MPLS link in ISP cloud.

3 - Yes, It's Layer 2 Ethernet link

4 - Right

I have tried to run sh ip ospf int command on vlan interfaces and can see

Cost 1 - Vlan between Switch and ISP Router

Cost 10 - Layer 2 link connecting head office and data centre.

I have also attached other relevant info. Please have a look if you get a chance and let me know any suggestions you may have.

Much appreciated your help!!

Regards,

Prabjeet

ashirkar · ‎09-01-2013

Hi Prabjeet,

Hope you are doing well, I have seen your config, it seems like different process ID used on SP PE. Even if you use any configuration at your site, Routes propagated to other Site will be Only OE2 routes because your SP using different domain-IDs on PE.

On remote site router can you give me "sh ip os da x.x.x.x" output (X.X.X.X = head office and datacenter users IP address).

Also tell me are below IP address runs in your network on IP address WAN link connected to SP?

"172.18.57.18"

"172.18.57.14"

On remote router can u give me “sh ip route 172.18.57.18” and sh ip route 172.18.57.14 output

Regards,

Ashish Shirkar

singh1227 · ‎09-02-2013

Hi Ashish,

Thanks for looking into this for me.

10.58.x.x is between us and ISP.

172.18.57.x is ISP world.

Please find output below

Remote Site#sh ip route 10.60.17.1

Routing entry for 10.60.17.0/24

Known via "ospf 10", distance 110, metric 1

Tag 666, type extern 2, forward metric 1

Last update from 10.58.100.2 on Vlan2, 5d12h ago

Routing Descriptor Blocks:

* 10.58.100.2, from 172.18.57.14, 5d12h ago, via Vlan2

Route metric is 1, traffic share count is 1

Route tag 666

Remote Site#sh ip route 10.60.250.1

Routing entry for 10.60.250.0/24

Known via "ospf 10", distance 110, metric 1

Tag 666, type extern 2, forward metric 1

Last update from 10.58.100.2 on Vlan2, 1w4d ago

Routing Descriptor Blocks:

* 10.58.100.2, from 172.18.57.14, 1w4d ago, via Vlan2

Route metric is 1, traffic share count is 1

Route tag 666

Remote Site#sh ip route 172.18.57.14

% Network not in table

Remote Site#sh ip route 172.18.57.18

% Network not in table

Regards,

Prabjeet

singh1227 · ‎09-10-2013

Hi Ashish,

Hope you are doing well.

Did you get a chance to look at output you requested.

10.58.x.x is between us and ISP.

172.18.57.x is ISP world.

Please find output below

Remote Site#sh ip route 10.60.17.1

Routing entry for 10.60.17.0/24

Known via "ospf 10", distance 110, metric 1

Tag 666, type extern 2, forward metric 1

Last update from 10.58.100.2 on Vlan2, 5d12h ago

Routing Descriptor Blocks:

* 10.58.100.2, from 172.18.57.14, 5d12h ago, via Vlan2

Route metric is 1, traffic share count is 1

Route tag 666

Remote Site#sh ip route 10.60.250.1

Routing entry for 10.60.250.0/24

Known via "ospf 10", distance 110, metric 1

Tag 666, type extern 2, forward metric 1

Last update from 10.58.100.2 on Vlan2, 1w4d ago

Routing Descriptor Blocks:

* 10.58.100.2, from 172.18.57.14, 1w4d ago, via Vlan2

Route metric is 1, traffic share count is 1

Route tag 666

Remote Site#sh ip route 172.18.57.14

% Network not in table

Remote Site#sh ip route 172.18.57.18

% Network not in table

Any help is much appreciated.

Thanks

Prabjeet

singh1227 · ‎09-16-2013

Hi There,

Still looking for some help here.

Any help would be much appreciated

Thanks

Pabjeet

singh1227 · ‎09-16-2013

Hi There,

Still looking for some help here.

Any help would be much appreciated

Thanks

Pabjeet

Lei Tian · ‎09-18-2013

Hi Pabjeet,

Here is what you can do. If you dont need redundancy, like datacenter and headend backup eachother when primary WAN link fails, then you can remove redistribute ospf 100 under ospf 10 from both headend and datacenter. If you do need headend and datacenter backup eachother, then configure summary static route on both headend and datacenter. For example, configure 10.60.250.0/23 on headend, and 10.60.16.0/23 on datacenter. Remove redistribute ospf 100 from ospf 10, and redistribute those statics into ospf 10.

HTH,

Lei Tian