Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
322
Views
0
Helpful
4
Replies

Handling Asymmetry with OMP Preference

dodgerfan78
Level 1
Level 1

‎08-25-2024 02:22 PM

I have the following scenarion:

  • A site with 2 vEdges: vEdge1 and vEdge2 each with their own ISP connection.
  • Each vEdge has a TLOC extension to other in case their ISP goes down.
  • Each vEdge also has ZBFW enabled so traffic must be kept symmetric.
  • On the LAN side, we have VRRP with vEdge1 as primary
  • We have a hub and spoke topology where the Hub currently chooses all routes from vedge1.
  • When vEdge1 ISP goes down, the TLOC extension takes over and OMP path is still good. However, the Hub now chooses the site routes via vEdge2 which break the symmetric path and traffic is dropped.

Why does the Hub choose vedge2 even though vedge1 is still valid via the TLOC extension? Is there something that can be done to make the Hub prefer vEdge1?

Labels:
0 Helpful
4 Replies 4

MHM Cisco World
VIP
VIP

‎08-25-2024 02:26 PM - edited ‎08-25-2024 02:36 PM

do you use color strict ?

MHM

0 Helpful

dodgerfan78
Level 1
Level 1
In response to MHM Cisco World

‎08-25-2024 02:54 PM

No. When i turn off the Zone based policy, traffic works. I tried using affinity groups which then forced the hub to use vedge1 as next hop but traffic was still getting dropped when the policy was enabled. I just configured a VRRP tracker which now made vedge2 primary. This works but i was wondering if there was a better way. The whole point of TLOC extension is this vedge1 still can route. Maybe when you have these stateful configurations like ZBFW, tloc extension isn’t good.

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to dodgerfan78

‎08-26-2024 08:34 AM

Can you share topolgy 

Thanks alot

MHM

0 Helpful

Kanan Huseynli
VIP
VIP

‎08-27-2024 06:37 AM

Hi,

which version do you use? Is it vedge or cedge (ios xe)? The problem is most likely due to routing. You need to check omp route result for LAN subnets of VRRP site to understand to which it is failovered when ISP1 is down.

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card