OSPF Configuration Help

utawakevou · ‎08-06-2017

I have this setup with a hybrid of equipment's from Cisco and Ubiquiti Edge routers and Vyos. My Cisco Nexus configured with HSRP with all the SVI's on 192.168.1.243 as the active on HSRP and SVI's all on area 0.0.0.0 with SVI interfaces on 192.168.1.242 configured as ip ospf cost 50 because the default ip ospf cost on 192.168.1.243 is 40. I also configure ip ospf priority 100 on all SVI's of 192.168.1.243 and ip ospf priority 90 on all SVI's for 192.168.1.242. All the routers loopback interfaces and ethernet on 192.168.0.0/24 are on area 0.0.0.0. This setup is for me to have redundancy in my core network. OSPF neighbors looks ok on all routers.

Install in a new Edge router with 192.168.1.241 as the router ID and same OSPF configuration as 192.168.1.240 as I need to replace 192.168.1.240 however I cannot access this from any client connected to the subnets/vlan off the Cisco Nexus SVI's. I can access it from remote sites and even the routers in the same area. My WAN sites are connected via 192.168.1.240, 192.168.1.254 amd 10.11.1.50 and clients from that end can access this new router (192.168.1.241). I notice that OSPF works well as it manage to get routes from the respective neighbors on the same subnet and it get routes from the remote sites as well off my other WAN routers. Through troubleshooting I notice that if I configure the SVI on 192.168.1.243 with a higher cost I can access it but loose access to other routers in the same backbone area.

I believe there must be something I'm missing on my Nexus configuration. Am attaching herewith my setup and the configuration of the SVI's on my two Nexus. Hope someone will help me out here

Thanks

utawakevou · ‎08-07-2017

Anyone out there that can help out ? If needed I can get in more details

Thanks

cofee · ‎08-07-2017

you mentioned this new router is unreachable from the client network but reachable from other sites. Which client network are we talking about? Did you do a traceroute from the network that can't get to it or check the routing table at the layer 3 devices that are in between ?

utawakevou · ‎08-07-2017

[@cofee@0400] Client network I meant here is any client connected to any of those vlan/subnet using the nexus HSRP VIP as its gateway. From any host connected to a switch on the vlan/subnet I can traceroute to all other routers except the new one (192.168.0.9/192.168.1.241 -refer to my diagram)

Francesco Molino · ‎08-07-2017

Hi

I would be happy to assist you but I don't understand all your issues.

Maybe because i misunderstood but what you're saying isn't the same of the small config output.

You said ospf cost 100 was on router-id 192.168.1.243 but in the config is there invert.

Can you give a sketch with all 4 nexus ospf and the full config (without password and/or sensible data) of those 4 nexus switches?

I'm on a deployment taking lot of my time right now, don't be disappointed if my answers are a bit delayed.

Give also an output of show ip route of nexus switches and a wan site

Thanks

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

utawakevou · ‎08-07-2017

Hi supportlan

Its only 2 nexus (refer to my setup diagram). Am attaching herewith the two configuration and its show ip route output. Hope to get this sorted asap

Regards

utawakevou · ‎08-07-2017

supportlan And here is the show ip route output from one of the remote site connected via router (192.168.1.254)

utawakevou · ‎08-07-2017

I have a feeling that this must be asymmetric routing issue. I did more digging and found out via TCP dump that my echo request comes in and get replied by the equipment but it never reach the host sending the echo request

Is there a way to make sure that hosts connected on VLAN's using the HSRP VIP's as its gateway comes off a preferred SVI interface IP ? For e.g my test machine is connected on 192.168.2.0/24 network with 192.168.2.180 as its IP address. When I traceroute it uses 192.168.2.3 as its route path. Is there a way to force all clients to use 192.168.2.4 ? Or HSRP will load balance ?

utawakevou · ‎08-07-2017

I add in a static route on the router and I can see it now but I want OSPF to do that automatically and I want my preferred route to be 192.168.0.20 and fail-over to 192.168.0.19

S *> 192.168.2.0/24 [1/0] via 192.168.0.19, eth0
O 192.168.2.0/24 [110/50] via 192.168.0.20, eth0, 04:14:34

utawakevou · ‎08-08-2017

I got this sorted by statistically route subnets of my SVI as well from my UBNT(Vyos/Vyatta) to the VIP of the SVI's of the Nexus. It seems like they don't handle same subnet on different path to the Cisco whic is what I initially wanted for OSPF to handle automatically. My Cisco 2800 handle that well if I advertise SVI ip address of both Nexus on ospf using the same cost.

If there is a better way to handle this then Im here to listening and learn :)

Francesco Molino · ‎08-08-2017

Hi

There're too many messages and i missed your point. You were talking about ospf issues with 2 new nexus switches and remote sites and now talking about hsrp.

I don't know if you solved your issue.

However, on nexus switches, with vpc enabled, if you take a look you'll see that both nexus switches are forwarding the traffic no matter if it's in standby or active role. You can check that by doing a show hsrp. Both of them will be tagged as G (gateway). We call that hsrp active/active.

Is that what you're trying to figure out?

Talking about hsrp, in nexus switches, there's a feature called hsrp localization that can help when you have hsrp spanned over 2 DC. Devices will take the closest hsrp svi to forward the packets.(example: a vm moving across dc). This is called FHRP

Thanks

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

utawakevou · ‎08-08-2017

I believe my issue was other devices apart from Cisco doesn't handle the OSPF advertising a network via multiple paths using the same cost properly. When I advertise those SVI's address via OSPF on both Nexus using the same cost I notice that all the routers in that backbone area see the network from both interface however the other devices apart from Cisco will flap between the two next hop address.

for e.g my Cisco 2800 will have this on its routing table but will work well

O 192.168.2.0/24 [110/41] via 192.168.0.20, 03:58:31, FastEthernet0/0
[110/41] via 192.168.0.19, 00:04:25, FastEthernet0/0

However my other devices using Vyos/Vyatta will have the following on its routing table but then it'll flap between the two next hops hence intermittent drops

O 192.168.2.0/24 [110/41] via 192.168.0.20, eth3, 00:06:31
[110/41] via 192.168.0.19, eth3, 00:06:31

So its not HSRP issue I believe.

By the way that FHRP option looks interesting as we have VPC between my nexus switch with VMware host distributed on both switch. How to I enable that. I notice there is no feature called FHRP on my box. Or is it a command that I run to get that configured ?

Francesco Molino · ‎08-08-2017

OK gotcha.

Your issue is that you don't see your 2 ospf routes?

Can you paste the output of your ospf database for this subnet?

Can you do the show ip route 192.168.2.0?

Also run this command and give us the output:

show ip ospf border-routers

For fhrp, here's is the Cisco documentation:

https://www.cisco.com/c/en/us/support/docs/switches/nexus-7000-series-switches/113002-nexus-hsrp-00.html

Thanks

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

utawakevou · ‎08-08-2017

Yes, I believe that's my issue and I want OSPF to handle that automatically. If I shutdown a SVI on any of the two Nexus I want the hosts on those VLAN/Subnet to still communicate in/out and can still be seen from other subnets and remote sites

I also want the HSRP to work well as I notice at the moment from my test that hosts will be using any of the two SVI's local ip when I trace route from it and If I shutdown that SVI to test it will still use that SVI ip address as its gateway for routing and that will not work. I want host to switch automatically to the standby or active local IP address when I shutdown a SVI.

Hope you can help

As for the output of those commands, which device you want me to get those output from. refer to my diagram and let me know

Thanks

Francesco Molino · ‎08-09-2017

Let's move step by step.

First let's check ospf.

Please give outputs from your router 2800, nexus switches and remote site router.

Thanks

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question