Track and connected route

armin.kask · ‎06-16-2008

Hello,

I am trying to configure OSPF so that in case of network split OSPF does not advertise a connected route anymore.

I am trying to make this work like this.

In case IP address 172.20.240.5 does not ping, OSPF withdraws a route for 172.20.240.0/29

The configuration is as follows.

ip vrf AJ-IP

rd 65000:215

import map AJ-IP-IN

export map AJ-IP-OUT

route-target export 65000:215

route-target import 65000:215

route-target import 65000:666

ip sla monitor 1

type echo protocol ipIcmpEcho 172.20.240.5 source-interface FastEthernet0/1.2

timeout 20

vrf AJ-IP

frequency 5

ip sla monitor schedule 1 start-time now recurring

track 1 rtr 1 reachability

interface FastEthernet0/1.2

description Switches

encapsulation dot1Q 2

ip vrf forwarding AJ-IP

ip address 172.20.240.2 255.255.255.240

no ip redirects

no ip unreachables

no ip proxy-arp

standby 1 ip 172.20.240.1

standby 1 priority 110

standby 1 preempt

router ospf 1 vrf AJ-IP

router-id 172.20.0.6

log-adjacency-changes

redistribute static subnets route-map AJ-IP

network 172.20.0.0 0.0.0.255 area 0

ip route vrf AJ-IP 172.20.240.0 255.255.255.240 Null0 tag 98 track 1

route-map AJ-IP permit 10

match tag 98

This does not work. I think it is because

connected route is still sitting in the routing table due to lower A/D and therefore static cannot

be advertised.

Is there a way around this.

Harold Ritter · ‎06-16-2008

Armin,

A couple of things here.

1. It would be preferrable to have a L2 design that would prevent a network split?

2. You first refer to 172.20.240.0/29 and later use 172.20.240.0 255.255.255.240, which is a /28.

3. You could use more specific static routes instead to make it work:

ip route vrf AJ-IP 172.20.240.0 255.255.255.248 fa0/1.2 tag 98 track 1

ip route vrf AJ-IP 172.20.240.8 255.255.255.248 fa0/1.2 tag 98 track 1

Regards,

armin.kask · ‎06-16-2008

hritter,

In this case it is hard to create a L2 design like this. It is indeed 172.20.240.0/28, my mistake :).

I suppose using smaller mask could fix this but i wonder if there is a better way.

Harold Ritter · ‎06-16-2008

Armin,

What is your current L2 design? I have built redundant L2 designs in the past. What do you see as the main hurdle?

As for easier ways to achieve what you wanted with the static route, I can't think of one but the one I recommended uses two line instead of one. It doesn't seem to complicated to me.

Regards,

armin.kask · ‎06-16-2008

our L2 design is like this.

BB-SW1<-Router_1----L2sw1----L2sw2----Router2->BB-SW2

Connections between Router_1,L2sw1,L2sw2,Router2

are done on dark fibre with spans of 80 km and more. Behind every L2sw is a subnet that is to be terminated to a Router using HSRP on Router1 and Router2. Routers are connected to BB-switches. On BB there is a vlan where OSPF is used to distribute routing information. This complexity comes from the need to avoid blackholed routes in case of fibre break for example between L2sw1 and L2sw2.

The static route method is probably the easiest way to achieve this, but the problem is that now we have to announce every subnet between Router1 and Router2 as two subnets. This could create rather big routing table considering that there will be 8 subnets per L2sw and total of 97 L2sw.

Harold Ritter · ‎06-16-2008

Armin,

It seems a bit akward that the L2 connectivity extends over two sites. It would usually extend to a single site and would therefore be easier to make redundant (i.e. etherchannel between the two l2sw).

Maybe changing the design is a more appropriate approach than resorting to an hack. Think of the long term and the growth.

Regards,

armin.kask · ‎06-16-2008

hritter, thank You for your answer,

perhaps You misunderstood me. Usually the L2 span between two routers is 2 to 3 switches. 97 is the total number of deployment. Etherchannel is not an option at the moment because those links between L2sw -s are long and usually run on the same fiber cable. Basically we have two design choices. Since those local subnets that reside behind L2sw are on remote locations (power stations) and the BB switches are not located in all of them, so we either place routers and L2sw in every location between BB switches and connect

routers via dark fibre or do it like this.