cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2989
Views
35
Helpful
29
Replies

Show IP Route in HUB-Spoke setup

karamalomari
Level 1
Level 1

I have a question regarding OSPF point-multipoint non-broadcast setup. The links between Hub's & spokes are private links.

attached is the drawing with configuration files of Site-A with wan router-FW-Core Switch & Site-B with wan router-core switch.

The question is when typing

 #sh ip route | inc 192.168. on Hub-01 i see it as O E2 and #sh ip route | inc 172.16. on Hub-01 i see it as O IA

is this the correct ospf route i should see.

 

1 Accepted Solution

Accepted Solutions

Hello,

 

Yes this is exactly what it supposed to look like. With OSPF the network type that shows up is how it was introduced/sent into the network.

On Site A and Site B you have your separate areas. If nothing else was configured they would both show up as O IA routes in your area 0 as they are Inter-Area routes.

However note one key difference - on Site A you have the 

redistribute static subnets 

command. This changes the route type and turns it into a Type 5 or 

External O E2 

route by default. 

You are doing redistribute static with the static route to the 192.168.0.0 network configured at Site A. On site B you have no redistribution so you see regular O IA routes.

 

Hope that helps

 

-David

View solution in original post

29 Replies 29

Hello,

 

Yes this is exactly what it supposed to look like. With OSPF the network type that shows up is how it was introduced/sent into the network.

On Site A and Site B you have your separate areas. If nothing else was configured they would both show up as O IA routes in your area 0 as they are Inter-Area routes.

However note one key difference - on Site A you have the 

redistribute static subnets 

command. This changes the route type and turns it into a Type 5 or 

External O E2 

route by default. 

You are doing redistribute static with the static route to the 192.168.0.0 network configured at Site A. On site B you have no redistribution so you see regular O IA routes.

 

Hope that helps

 

-David

Dear David,

couple more questions related to the same topic.

If I use a route-map and redistribute the route-map, route will still show as External O E2?

If I use only redistribute static, route will still show as External O E2?

Yes it will. Redistribution of anything static, anything in a route map, another routing protocol will make the route O E2 because it’s a type 5 LSA. That’s how it’s categorized. You can tack on a command metric-type 1 when you redistribute to change it to a type 1 - O E1 route. 
The only way to have it show up as an O IA route is to use the network command or enable OSPF directly on the interface with the ip ospf # area x command.

-David

I need to see the tunnel config 
can you share it ?

There is no tunnel configuration, this is direct connection (Point-2-Multipoint).

The configuration on the Service Provider is not feasible to us.

I will run lab to see the what exact happened. 
I dont think it relate to redistribute static, but let me check first.  



lkklklklk1.png

int g0/3
ip address 192.168.254.6 255.255.255.252
!
router ospf 1
area 192 stub no-summary
area 192 range 192.168.0.0 255.255.0.0
network 192.168.0.0 0.0.255.255 area 192
network 192.253.100.192 0.0.0.255 area 0
network 192.253.200.192 0.0.0.255 area 0
redistribute static subnets
!
ip route 192.168.0.0 255.255.0.0 192.168.254.5

I run small lab (not exact IP subnet but same topology), 
now return to your network 
area 192 range 192.168.0.0 255.255.0.0 <<- this must advertise the 192.168.0.0/16 to Hub1+Hub2
and then advertise static route, but why static route is advertise and the O IA is not advertise??
 the answer for this Q is the 192.168.254.0 <<- this prefix is missing in OSPF database and hence the range is not advertise and static route is advertise. 

so check ip ospf database for 192.168.254.0/30 <<-  

The topology that I have is little different that the one you have in site-A I have RTR-->FW-->CSW and site-B RTR-->CSW

In site-A i have updated the router ospf section as:

router ospf 1
area 192 stub no-summary
area 192 range 192.168.0.0 255.255.0.0
network 192.168.0.0 0.0.255.255 area 192
network 192.168.254.0 0.0.0.3 area 192
network 192.168.254.4 0.0.0.3 area 0
network 192.253.100.192 0.0.0.255 area 0
network 192.253.200.192 0.0.0.255 area 0
redistribute static subnets
!
ip route 192.168.0.0 255.255.0.0 192.168.254.5
!

After that I have tried checking for the 192.168.254.0/30 in the Site-A OSPF Database after adding it, but still it was not showing in the database.

Then, I have added the this static route: ip route 192.168.254.0 255.255.255.252 192.168.254.5

Checking the OSPF database it shows: 192.168.254.0 192.168.254.5.

Now, checking the routes on HUB-1&2

#show ip route | inc 192.168.
O E2   192.168.0.0/16

O E2   192.168.254.0/30

O        192.168.254.4/30

The reason you and @MHM Cisco World cannot see the routes for the redistributed static is because your OSPF area is a stub. By definition a STUB blocks Type 4 + 5 LSA which is given to a route redistributed into OSPF and it makes it an O E2 route - adding the no-summary it also blocks type 3 (which is the summary LSA). If you want to apply redistribution in that area you would need to do an NSSA area not a stub.

 

-David

Dear David,

I have updated the drawing if you please take a look.

stub no-summary is used in both Site-A & Site-B.

The question is in Site-A the LSA going from will be type 5 but what will the LSA type going from Site-B, is it type 2?

Kind of. To answer your question shortly Type-5 (External - O E2 by default) is coming from Site-A and Type-3 (O IA) is coming from Site-B. Keep in mind the LSA Type (1-7 mainly) and route-type (O E1 and O E2) are linked but don't always match up. The Type-2 LSA is used used for the Designated Router in a segment between 2+ OSPF neighbors and is not propagated. The O E2 is used to denote a route is external/redistributed. As I mentioned you have the area configured as a STUB (after double checking you really don't, I'll explain later). You CANNOT redistribute anything in a stub area (that's the basic definition of a stub). Its a "dead end" and nothing else is supposed to be going into it. This might get a little complicated to explain the long way but I will try my best.

Let me back up a bit about the statement I made about redistribution. Spoke 1 is an ASBR and Spoke 2 is an ABR so you can redistribute on them even though they have a stub Area. The difference being an ASBR has redistribution and an ABR is just in more than 1 Area, but 2 things will happen:

They will either send a Type-3 LSA or nothing if configured as a stub no-summary (like in your case and just use the default) into the STUB area

They will send a Type-5 LSA throughout the rest of the network - That is the O E2 route you see in Area 0.

Also keep in mind that when you create a summarized address the router also creates a static entry in the routing table to 192.168.0.0 to Null 0 in the local routing table. This could black hole traffic if the router doesnt have a mopre specific route.

As for your config: (I used the * on a couple statements to refer what you're seeing in the routing table and why down below)

router ospf 1
area 192 stub no-summary <- this is doing nothing since you have no interfaces in Area 192
area 192 range 192.168.0.0 255.255.0.0 <- this is doing nothing since you dont have this network in area 192...its in Area 0. See my assessment below
network 192.168.0.0 0.0.255.255 area 192 <- this is doing nothing since there is a more specific network statement for the interface 2 entries below this line
network 192.168.254.0 0.0.0.3 area 192 <- this is doing nothing since there is no interface on Spoke-01 in that range
*network 192.168.254.4 0.0.0.3 area 0 <- here is the more specific entry mentioned above
network 192.253.100.192 0.0.0.255 area 0
network 192.253.200.192 0.0.0.255 area 0
**redistribute static subnets
!
**ip route 192.168.0.0 255.255.0.0 192.168.254.5

^ so from this Spoke-01 is only configured for Area 0 with redistribution. Anything in Area 192 is not valid because there is a more specific rule or just doesn't apply as mentioned above.

After that I have tried checking for the 192.168.254.0/30 in the Site-A OSPF Database after adding it, but still it was not showing in the database. <- you wont since its not learning it from OSPF, but once you added this:

Then, I have added the this static route: ip route 192.168.254.0 255.255.255.252 192.168.254.5 <- since you had redistribute static on it said "oh, now I know about this netowrk in OSPF becasue you did redistribute static and this is a static route"


For your statements below:

#show ip route | inc 192.168.
**O E2 192.168.0.0/16

**O E2 192.168.254.0/30

*O 192.168.254.4/30

Use the asterix above in your router statements to see how it learned the route.

It looks like you may be unfamiliar with the OSPF network statements. The network statements do NOT advertise that network into the area thats configured...but rather activates OSPF on any local interface that falls within that range and puts it into the specified area. See example below:

interface g0/1
ip address 10.10.10.1 255.255.255.0

router ospf 1
network 10.10.0.0 0.0.255.255 area 0

^This activates OSPF on ANY interface that falls within that range on this local device. Keep note it doesnt advertise the 10.10.0.0 netowrk as a /16 as noted in the netowrk statement. Thats not what that means. It will active OSPF on the G0/1 interface and it will advertise the netowrk associated with the interface which is /24


@MHM Cisco World yes you will see it in the local OSPF database but it wont go any farther. To prove this on the stub router (not ABR - the remote stub) and enter the following command:

sh ip ospf data external self-originate   <- you wont see any Type 5 because it cant send any due to being in a stub area so it wont advertise the network. But it will however send it to other areas if its an ABR.

NO LSA Type 4 + 5 is allowed in a STUB area. Also no Type 3 when you add the no-summary (except the default).

As the OP mentioned thier setup is different and therefore you can get different results in your lab setup.

 

@karamalomari If a lot of this sounds foreign to you I would read up on OSPF and its fundamentals. Its a pretty complex topic and not easily understood, especially when you start getting into the multiple areas/sites.

 

Hope that helps

-David

Dear David,

I would like to thank you for the details shared and explained.
I have one more question to you if you don't mind.
Based on your assessment, you mentioned that area 192 is not active since there are no interfaces within that area.
The question, in the topology I have 2 interfaces towards the Hubs & 1 interface towards the internal (towards firewall), and in order to activate area 192, I need to enable "ip ospf 1 area 192" under interface g0/3.

Site-A
======
interface g0/1
des "Connected to HUB-01"
ip address 192.253.100.192 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 0 pass OSPF@1234
ip ospf network point-to-multipoint non-broadcast
!
interface g0/2
des "Connected to HUB-02"
ip address 192.253.200.192 255.255.255.0
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 0 pass OSPF@1234
ip ospf network point-to-multipoint non-broadcast
!
int g0/3
des "Connected to Firewall"
ip address 192.168.254.6 255.255.255.252
ip ospf 1 area 192
!

Thank you and waiting for your feedback.

Yours,
Karam

That would be correct since the interface commands take precedence over network statements. But also understand when you enable OPSF on the interface it will advertise the network/mask of that interface. So if you enable it on G0/3 it will only advertise the  192.168.254.4/30 network. 

 

If you summarize on this router (which it looks like you're doing) then you can summarize the 192.168.0.0/16 network up to the HUB, however you would blackhole some traffic. Since your 192.168.0.0/16 network is 2 devices down and your Site-A router is not directly connected to the /16 or even know about it then it wont know how to forward traffic to the /16 network once traffic gets to the Site-A router, so it would drop it. You would need to create another OSPF adj between the core switch and Site-A spoke router or make static routes pointing to the correct networks in Site-A.

I was also wondering about Site-B looking at it again. Curious if you can ping any device past the core switch on the 172.16.0.0/24 network. No the link between the Spoke-2 router and Core switch but beyond that. Not sure if there is an adj. with those devices either. 

We didn't get the whole config so this is just observing from the snips you provided.

 

Hope that helps

 

-David

Hello David,

Site-A setup is WAN Switch --> Firewall --> Core Switch --> Access Switches.
There multiple L3 SVI's configured on Core Swicth, and a Default Route "ip route 0.0.0.0 0.0.0.0 192.168.254.1" towards the Firewall.
The Firewall have 2 routes:
- ip route 0.0.0.0 0.0.0.0 192.168.254.6 --> towards the WAN Switch.
- ip route 192.168.0.0 255.255.0.0 192.168.254.1 --> towards the Core Switch.

The reason for not configuring OSPF from Core Switch towards the Firewall & from firewall towards WAN Switch is dont want to enable Routing Protocols on the Firewall.
The whole point is make the 192.168.0.0/16 not part of Area 0 except the /30 IP's between the devices.
Is there a way to make area 192 active and working as expected in this such a setup?

Site-B referring to your question, yes I can PING, but I noticed a small typo in the drawing the subnet 172.16.0.0/16 rather than 172.16.0.0/24.
From any of the spokes I can ping all the way to the user PC.

Thank you and have a good day.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco