Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1915
Views
2
Helpful
19
Replies

S2S OSPF Hub and Spoke Topology

Go to solution
rtarson
Level 1
Level 1

‎01-23-2025 09:37 AM - edited ‎01-23-2025 10:02 AM

I am working on a hub and spoke topology. I have my Areas configured and interfaces as well on the hub and spokes but I believe I must be missing some or doing something wrong. As right right now the spokes see only the hub as a neighbor however the link says not established. The FTD/Hub side sees all three neighbors but when I show it says EXCHANGE/ for the neighbors. 

Here is what I'm seeing when I do a show ospf neighbor:

Neighbor ID Pri State Dead Time Address Interface
10.100.0.4 0 EXCHANGE/ - 0:00:36 10.255.255.4 S2S-HubSpoke_va33
10.100.0.5 0 EXCHANGE/ - 0:00:35 10.255.255.5 S2S-HubSpoke_va32
10.100.0.6 0 EXCHANGE/ - 0:00:39 10.255.255.6 S2S-HubSpoke_va31

 

Here is a show ospf

Routing Process "ospf 1" with ID 10.100.0.1
Start time: 1w5d, Time elapsed: 1d16h
Supports only single TOS(TOS0) routes
Does not support opaque LSA
Does not support Link-local Signaling (LLS)
Supports area transit capability
Event-log enabled, Maximum number of events: 1000, Mode: cyclic
It is an autonomous system boundary router
Redistributing External Routes from,
static
Router is not originating router-LSAs with maximum metric
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
Incremental-SPF disabled
Minimum LSA interval 5 secs
Minimum LSA arrival 1000 msecs
LSA group pacing timer 240 secs
Interface flood pacing timer 33 msecs
Retransmission pacing timer 66 msecs
Number of external LSA 0. Checksum Sum 0x0
Number of opaque AS LSA 0. Checksum Sum 0x0
Number of DCbitless external and opaque AS LSA 0
Number of DoNotAge external and opaque AS LSA 0
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Number of areas transit capable is 0
External flood list length 0
IETF NSF helper support disabled
Cisco NSF helper support disabled
Reference bandwidth unit is 100 mbps
Area 1.1.1.1
Number of interfaces in this area is 6 (1 loopback)
Area has no authentication
SPF algorithm last executed 00:21:07.000 ago
SPF algorithm executed 11 times
Area ranges are
Number of LSA 1. Checksum Sum 0xd9b1
Number of opaque link LSA 0. Checksum Sum 0x0
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Flood list length 0

Below is a diagram of the Topology and some extra information of 

s2s2.jpeg

To state I have the S2S VTI interface OSPF set to point-to-point. I have the internal networks set as broadcast. 

Here is what I setup for the interface:

No Authentication at the moment(troubleshooting purpose)

Hello interval (10s)

Delay (1s)

Retransmit (5s)

Dead Interval (40s)

Cost 1

 

 

 

Labels:
0 Helpful
19 Replies 19

Go to solution
rtarson
Level 1
Level 1
In response to rtarson

‎01-25-2025 11:22 AM

Routes are now flowing and I have Full connection to all the neighbors!!

Neighbor ID Pri State Dead Time Address Interface
10.100.0.5 0 FULL/ - 0:00:33 10.255.255.5 S2S-HubSpoke_va21
10.100.0.6 0 FULL/ - 0:00:35 10.255.255.6 S2S-HubSpoke_va20
10.100.0.4 0 FULL/ - 0:00:36 10.255.255.4 S2S-HubSpoke_va19

Go to solution
MHM Cisco World
VIP
VIP
In response to rtarson

‎01-25-2025 11:35 AM

To summary 

1-Now you use broadcast and use hub ad DR

2- LO IP you mentioned in link (which I think it same what I share with you before) is use only for barrow IP that all.

3-mtu mismatch, İ retrun to your original post it true you mentioned that spokes is other vendor  not FTD, but

FTD VTI by defualt support PMTU unless remote peer stop it.

Anyway glad issue is solve and for spoke to spoke  ospf, you can not establish that the only allow ospf is between spoke to hub. 

For mtu let me check this point update you if I get something 

MHM

0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎01-25-2025 04:21 AM

BTW, whenever I used static VTIs on Cisco routers, I recall they were always P2P.  However, don't know about your hub device.

0 Helpful

Go to solution
paul driver
VIP
VIP

‎01-25-2025 05:19 PM

Hello
as you’ve set ignore mtu - even though your ospf adjececys have established you still have a underlying mtu mismatch -which i would say you may still need to address 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
rtarson
Level 1
Level 1
In response to paul driver

‎01-25-2025 05:31 PM

Yeah I noticed it was the Spoke it was set to 1419. Now I just need to find out how to get Remote Access VPN to show in the OSPF routing and Layer3 nets. Will do thank you

0 Helpful
Customers Also Viewed These Support Documents