Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4834
Views
28
Helpful
4
Replies

OSPF over a trunk link

Majid Jalinousi
Level 1
Level 1

‎07-22-2015 06:00 AM - edited ‎03-08-2019 01:04 AM

Hi buddies,

There were tow 6513 switches connected through a trunk link over a port-channel link named po1.

There were multiple Vlans that were allowed on this link and for all of these Vlans there were an interface Vlan. all of IP addresses of theses interface Vlans started with 10.x.x.x.

when I did "show run | sec router ospf" I saw there was command "network 10.0.0.0 0.255.255.255 area 0 " and meaning there was OSPF neighbor-ship on all of these interface vlans between tow 6513.

when I showed ip route I saw for some of the routes there were some of the interface vlans as a next hop and for some of routes another interface vlans as next hop, like below:

O E2 172.107.0.0/16 [90/20] via 10.6.0.3, 00:00:15, Vlan7
                    [90/20] via 10.0.1.114, 00:00:15, Vlan113
                    [90/20] via 10.0.1.98, 00:00:15, Vlan112
                    [90/20] via 10.0.1.66, 00:00:15, Vlan110
O E2 192.168.80.0/24 [90/20] via 10.6.0.3, 00:00:22, Vlan7
                     [90/20] via 10.0.1.130, 00:00:22, Vlan114
                     [90/20] via 10.0.1.114, 00:00:22, Vlan113
                     [90/20] via 10.0.1.82, 00:00:22, Vlan111

I want to know how it is possible?

And I want to know it's recommended for this kind of situation to make a neighbor-ship over all of the interface vlans, you know, Is'nt more correct to make a neighbor-ship just on an interface vlan?

 

Thanks in advance

Labels:
0 Helpful
4 Replies 4

Peter Paluch
Cisco Employee
Cisco Employee

‎07-22-2015 07:28 AM

Hi Morteza,

when I showed ip route I saw for some of the routes there were some of the interface vlans as a next hop and for some of routes another interface vlans as next hop, like below:

Yes, this is a nice example of an excessive redundancy in network :) What happens is this: Because your two 6513 switches have an OSPF adjacency over a number of common VLANs, they treat them as multiple equal paths. By default, for each destination, you can have at most 4 equal-cost paths installed into your routing table (you can check this in the show ip protocols and look for the Maximum path: 4 line). If the number of equal-cost paths is higher, at most 4 of them will make it into the routing table. Different protocols operate differently in this aspect: OSPF appears to randomly offer up to 4 paths to the routing table without any particular order, simply offering the routes in the order it has calculated them internally, and after re-running the SPF, a different set of next hops might be installed into the routing table. I recall this was the same with EIGRP but they had some issue with this and starting in some IOS version, they sort the equal-cost paths based on the IP address of the next hop, and offer first four paths in the increasing order (if my memory serves me well). So what you see is normal and expected.

And I want to know it's recommended for this kind of situation to make a neighbor-ship over all of the interface vlans, you know, Is'nt more correct to make a neighbor-ship just on an interface vlan?

I suppose that those VLANs are end-host VLANs, meaning that there are no other routers in these VLANs except the two 6513 switches, right? In such case, running OSPF over all of them is a bad design. It only stresses CPU and memory on these switches, slows down convergence, and does not add any real redundancy to the network because, obviously, in case a physical trunk goes down, all allowed VLANs will go down with it.

I would personally either create a dedicated VLAN just for the purpose of the interconect of these two 6513 switches and run OSPF only on that VLAN, or - even better - dedicate a separate pair of interfaces on these 6513 switches to be used in place of this interconnect, configure them as routed ports, and run OSPF over it. Regarding the other VLANs, I would keep them in OSPF - you want their network addresses to be advertised for sure - but configure the SVIs as OSPF passive interfaces. If there is a lot of SVIs to make passive, the passive-interface default is your friend :)

Feel welcome to ask further!

Best regards,
Peter

Majid Jalinousi
Level 1
Level 1
In response to Peter Paluch

‎07-24-2015 11:09 PM

I always love your great expansive answers, Peter

Thanks.

0 Helpful

CSCO12029650
Level 1
Level 1

‎07-22-2015 07:39 AM

Hi, morteza badizamani.

I think the main reason is default maximum path option of 4( max is 16) in OSPF ( you can check this by show ip protocols) thats why you see only 4 next hop per destination network. If you have more than 4 next-hops for destiantion IOS will use any 4 of available (like in your output)

It is strongly not recommended, because every neighborship is resource intensive and also there is no redundancy at all.

Recommended solution is to choose one dedicated vlan interface for 6k-to-6k trafic exchnge and use ospf feature passive interface to all other vlan interface

Be carefull for using passive-interface, you may shut down not only 6513 neighborship =)

 

--

Best Regards

Alex

Joseph W. Doherty
Hall of Fame
Hall of Fame

‎07-22-2015 09:43 AM

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Is it possible?  Sure it, as you've already found.

Is it recommended?  Usually not.  Often you would limit such routed transit VLANs to one (or two).

[edit]

Alas, I only saw Peter's post after posting mine, and his post, compared to mine, is much, much more expansive.

However, on his point on preferring a separate routed link, that can be done, but often the case is you want to trunk to tie together the VLANs at L2, so if you use another routed link, you'll use another set of ports.  When using "expensive" ports (e.g. 10g or better), you might want to just leverage the trunk port, but as we both suggest, without including all VLANs as active transits.

One transit VLAN is all you need.  (A second, perhaps for redundancy, if somehow you believe a single one could be unintentionally shut.)  Rather than using an exiting VLAN, you can also dedicate a VLAN for the purpose, i.e. it only interconnects the two devices.

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card