Solved: On your switch can you do a

marcio.tormente · ‎01-27-2015

Dear friends!

I have a custome who have a main office connected with 6 branch (hub and spoke) using MPLS from one ISP, but to save money he want to change some branch to another ISP.

He is using OSPF between all office, but when we change a branch to a second ISP the branch can ping the main office, but not any other branch.

Is all office is using OSPF, why the other can´t ping the branch with a second ISP?

Thanks

Marcio

Jon Marshall · ‎01-29-2015

Okay then you need to talk to your ISPs.

Each ISP will be receiving OSPF intra area routes (or inter area if your main office has multiple areas) for the main office subnets.

They will be redistributing those into BGP to the branches.

Each ISP will also receive their respective branch routes via BGP and will redistribute those into OSPF at your main office so they are OSPF external routes.

But what is obviously not happening is that each ISP is not then redistributing those external OSPF routes into BGP so that all branches get all routes.

You can't do anything about this really within your network because it all depends on how the ISP has configured their CE devices.

Edit - I noticed under your OSPF process on your core switch you are doing a "redistribute connected" in which case some of your internal subnets will also be OSPF external routes on the CE devices but the principle above still applies.

I suspect the ISPs are doing some sort of filtering on their CE devices.

Jon

View solution in original post

AllertGen · ‎01-27-2015

Hello, marcio.tormente.

You told that you use MPLS at your first ISP. So the question is: do you have a direct access from one branch to another (not inside hub and spoke system)? Does all your branches and main office use a second ISP?

Richard Burts · ‎01-28-2015

Marcio

It might help us to give you better answers if we had a better understanding of the topology of your network. What is the addressing used for the branches and the main office? Does the routing table at the branch using the second ISP have entries learned via OSPF for all the other branches?

Does traffic from the branches in MPLS with the first ISP going to the public Internet go through the MPLS or do those branches have other connections to the Internet?

HTH

Rick

HTH

Rick

marcio.tormente · ‎01-28-2015

Dear AllertGen/Richard,

With the first ISP all office can ping each other, the problem began when one of this branch change ISP 1 to ISP 2, both are MPLS, there is no internet access from this link, only voice and data.

This branch after change ISP, can ping the main office, but not another brach, in the main office all routes is learned by OSPF.

I can´t understand why the main office don´t send informations about the branch that have a other ISP to the all others branchs.

Thanks

AllertGen · ‎01-28-2015

Hi, marcio.tormente.

Are you sure that your 1 and 2 ISP made changes in their MPLS clouds to give you access from one branch to other branches? MPLS is not a global protocol (comparing to TCP/IP) and works only iside the ISP network. So 1 ISP can not know all labels of the 2 ISP. The same for a 2 ISP. They could made this for your HO, but not sure ablout all your branches.

marcio.tormente · ‎01-28-2015

Hello AllertGen

Is almost impossiblem to know if the ISP made change, because they are not transparent with us.

I know the both ISP work with BGP at CE router and is using redistribution (OSPF to GBP and BGP to OSPF), in this case, the branch send all informations about they network by OSPF and the ISP redistribute do BGP, when this packet arive at main office they redistribute to OSPF again.

So, if the main office receive the routes from branch by ISP 1 by OSPF, why they don´t send by OSPF to ISP2 to comunicate to others branches?

Jon Marshall · ‎01-28-2015

So the ISPs control the CE as well as the PE devices, is that correct ?

There could be a number of reasons why but we would really need to see the CE configuration to be able to help.

Jon

Richard Burts · ‎01-28-2015

Marcio

Thank you for the additional information. I believe that there is a clue about the problem in this part of your response "there is no internet access from this link". If there is not internet access then the ISP probably does not have a default route to handle traffic whose destination is outside of the ISP 1 network. So when a packet from one of the branches in the ISP 1 MPLS is sent to a destination in ISP 2 then ISP 1 does not have a route about how to forward this traffic and drops it.

HTH

Rick

HTH

Rick

marcio.tormente · ‎01-29-2015

Hello Jon/Richard

Both PE and CE ar controled for the ISP, for this reason I can´t show the configuration, I have no access.

In all branches there is a MPLS (Data and Voice) and ADLS (internet), there is a default route as well, but point to FW.

This is the configuration of Catalyst 4500 of main office, there is only 03 network, because 02 is to comunicate to a ISP1 and ISP2 router and the another to comunicate to other Core switch.

In the branch, the configuration is almost the same, the difference is that, there are all networks in the OSPF about there branch and a default route to FW, remember that, in the branch there is only one MPLS link.

router ospf 1
log-adjacency-changes
redistribute connected subnets
redistribute static subnets
network 192.168.200.0 0.0.0.3 area 0
network 192.168.254.16 0.0.0.3 area 0

network 192.168.254.8 0.0.0.3 area 0
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.0.254.6
ip route 10.0.15.0 255.255.255.0 10.0.3.2
ip route 10.0.20.29 255.255.255.255 10.0.20.31
ip route 10.0.20.30 255.255.255.255 10.0.20.31
ip route 10.0.63.0 255.255.255.0 10.0.10.249
ip route 10.0.64.0 255.255.248.0 10.0.10.249
ip route 10.0.67.0 255.255.255.0 10.0.10.249
ip route 10.0.80.0 255.255.248.0 10.0.2.2
ip route 10.0.88.0 255.255.248.0 10.0.7.2
ip route 10.0.117.0 255.255.255.0 10.0.117.1
ip route 10.0.128.0 255.255.252.0 10.0.8.2
ip route 10.0.132.0 255.255.255.0 10.0.10.254
ip route 10.0.133.0 255.255.255.0 10.0.10.254
ip route 10.0.210.0 255.255.255.0 10.0.254.6
ip route 10.0.212.0 255.255.255.0 10.0.254.6

Jon Marshall · ‎01-29-2015

On your switch can you do a "sh ip route" and do you see OSPF routes for the branches.

If you do are the routes OSPF external routes ?

If you are not sure just post part of the routing table showing some of the branch routes.

Jon

marcio.tormente · ‎01-29-2015

Yes, fron the switch of main office I can see all routes as external, from any other branch too, but not from one branch tha was change to ISP2.

Jon Marshall · ‎01-29-2015

Okay then you need to talk to your ISPs.

Each ISP will be receiving OSPF intra area routes (or inter area if your main office has multiple areas) for the main office subnets.

They will be redistributing those into BGP to the branches.

Each ISP will also receive their respective branch routes via BGP and will redistribute those into OSPF at your main office so they are OSPF external routes.

But what is obviously not happening is that each ISP is not then redistributing those external OSPF routes into BGP so that all branches get all routes.

You can't do anything about this really within your network because it all depends on how the ISP has configured their CE devices.

Edit - I noticed under your OSPF process on your core switch you are doing a "redistribute connected" in which case some of your internal subnets will also be OSPF external routes on the CE devices but the principle above still applies.

I suspect the ISPs are doing some sort of filtering on their CE devices.

Jon

marcio.tormente · ‎01-29-2015

Jon,

I believe you are right, I sent a email to the ISP to know more details about you said.

Routing with OSPF