VRRP and OSPF configuration

Harutyun Hakobyan · ‎04-08-2015

Hi all,

In my topology (please see attached file) I have configured VRRP between R1_MASTER and R2_BACKUP, and OSPF between R1_MASTER, R2_BACKUP and R3. In normal case traffic from PC to Server goes PC->R1_MASTER->R3->Server and return path is the same.

When link from PC to R1_MASTER is DOWN, R2_BACKUP changes VRRP status from backup to master and traffic from PC to Server goes PC->R2_BACKUP->R3->Server. However, return traffic from Server to PC goes Server->R3->R1_MASTER and dropped. This is because of link between R1_MASTER and SW_Master is UP and OSPF from R3 sends traffic to R1_MASTER and not to R2_BACKUP. In this case when I manually shut down interface of R1_MASTER (link between R1_MASTER and SW_Master), all OK.

But how to do that when link from PC to R1_MASTER is DOWN, my topology work automatically ?

Thanks

Jon Marshall · ‎04-08-2015

Are you running VRRP on the R3 side ?

If not when the R1 link goes down it should stop advertising the 10.0.0.0/24 subnet to R3 via OSPF so R3 should send it back via R2.

Jon

Harutyun Hakobyan · ‎04-08-2015

VRRP is only between R1_MASTER and R2_BACKUP.

R1_MASTER and SW_Master are on one site and link between them is always UP.

Actually DOWN goes link between SW_Master and Switch, when Service Provider has connection problem.

Jon Marshall · ‎04-08-2015

Sorry, I should have spotted that on the diagram :-)

In that case it isn't going to work I'm afraid because R1 has no way of knowing that link has failed and so continues to advertise the route to R3.

And there isn't an obvious solution without a fair bit of reconfiguration.

You are going to need IP SLA but it's what else you do with it that is the issue. Normally you would configure a static route and tie it to IP SLA but you can't do that because 10.0.0.0/24 is directly connected to each router.

So what you could do is use EEM and tie it in with IP SLA.

On R1 you use IP SLA to ping 10.0.0.253 on R2. You must make sure that the ping can only go via R1's 10.0.0.254 interface ie. it cannot go via R3.

Then if the IP SLA fails using EEM you could either -

1) if you are advertising the 10.0.0.0/24 subnet with "network ..." statements under OSPF remove that statement from R1

or

2) if you are advertising the 10.0.0.0/24 subnet using "redistribute connected" you can remove that.

If the IP SLA pings respond then you can add it back in.

The other alternative if you don't want to run EEM is you could stop advertising 10.0.0.0/24 altogether and then on R1 and R2 add a default route pointing out of the 10.0.0.x interface on each router.

Then track that route and advertise it to R3 via OSPF.

Again, the only IP you can track is 10.0.0.253 on R2 because there is nothing else you can use if the diagram shows all the topology.

I don't think either are particularly good solutions and maybe others can spot something I have missed but I can't think of anything else at the moment.

Jon

Harutyun Hakobyan · ‎04-08-2015

Dear Jon,

R1_MASTER is ABR in OSPF and R3 is on area 10. Also I have 10.0.1.0./24 directly attached network to R1_MASTER and R1_MASTER advertises 10.0.0.0./16 summary route to R3 (the same scenario in R2_BACKUP). I can remove 10.0.0.0/24 with EEM however R1_MASTER will continue advertise 10.0.0.0/16 summary route because 10.0.1.0./24 is UP and have to work.

What to do in this more complicated case ?

Thanks

Jon Marshall · ‎04-09-2015

What area is R2 in ?

If R1 is an ABR then isn't R2 an ABR as well ?

If you want traffic to go via R2 then you would need to stop advertising any route from it that is used by R3

Jon

Harutyun Hakobyan · ‎04-09-2015

R1 and R2 are ABR - both are in area 0 and area 10. R3 is only on area 10.

R2 is for redundancy.

Jon Marshall · ‎04-09-2015

Then I'm not sure I understand the issue.

What I said still stands ie. you have to make sure R1 stops advertising any route, specific or summary, that takes precendence over the route being advertised by R2.

Perhaps you can explain in more detail what you mean about the summary route.

Jon

Harutyun Hakobyan · ‎04-09-2015

R1 and R2 advertise to R3 only 10.0.0.0/16 summary route.

I can add additional link in area 0 between R1 and R2 (please see attached file), but I can't remove 10.0.1.0/24 subnet which directly attached to R1.

Jon Marshall · ‎04-09-2015

Okay your original topology diagram didn't show 10.0.1.0/24 which is why what you were saying didn't make any sense :-)

Are there any other subnets I need to know about ?

Jon

Harutyun Hakobyan · ‎04-09-2015

Yes, there are and can be added other subnets from range 10.0.0.0/16.

For example in future can be added new 10.0.2.0/24 subnet like 10.0.0.0/24 subnet connection with another service provider.

Therefore R1 and R2 advertise only 10.0.0.0/16 summary route to R3.

Jon Marshall · ‎04-09-2015

Well I am all in favour of using summary routes but in this case they aren't really helping.

The problem is even with the extra link R1 cannot use R2 to get to 10.0.0.0/24 because it's directly connected interface is still up.

And you can't shut that interface so R1 does use R2 because then R1 will never know when the failed link has come back up.

The only way I can see to make this work is for R1 and R2 in addition to advertising a summary route also advertise the specific route for 10.0.0.0/24 because then as described previously you can withdraw that advertisement when the link fails so R3 uses the route via R2.

There is no other way I can see because R3 has to prefer R2 for a specific subnet only while other subnets such as 10.0.1.0/24 are still up and so should be reachable.

So you have to have some way of withdrawing that specific route advertisement to R3 and if you include it in the summary route you can't do that.

Jon

Harutyun Hakobyan · ‎04-09-2015

Thanks Jon !!!