OSPF PE-CE

Hi,
Can someone please clarify for me the role played by OSPF in the backbone when ew are using OSPF between PE and CE. How is this different to when we're using a differenr PE-CE routing protocol?
A route with the "down bit" set, is it dropped by MP-BGP or by the bacbone OSPF?
Thanks

Thank you,
But does this mean that there's no requirement whatsoever to run OSPF in the backbone when using PE-CE OSPF (ISIS can be used). I was made to believe that this is a requirement.

Similar Messages

  • OSPF with ipsec VTI interface goes down before dead timer.

    I have a strange issue that OSPF will initially start working, hellos are exchanged both ways but then after about 3 – 6 hellos one of the sides stops getting them and the ipsec VTI tunnel drops on router A even before the dead timer reaches 0. Is this default behavior, when OSPF is over a VTI interface if it doesn’t receive hellos is drops the tunnel?
    I’m at a loss as to what is going on since it looks like only one neighbor stops receiving hellos, router A, for a brief period of time. This VTI tunnel is going over another provider’s FW and they have assured me the tunnel destination/source ips are wide open they also sent me the ACL and I can verify this. The weird thing is if I enable EIGRP it works great with no issues. On router B I am using the same source/ip unnumbered  interface on multiple VTI tunnels to to other destinations but this shouldn’t cause any issues I don’t think. I have never had an issue like this and from what I can tell the router A just stops briefly getting hellos after 3 – 6 initial hellos and drops the protocol on the VTI interface. If I set the dead timer on router A long enough it will stop receiving hellos but stay up and then after a while you get “LOADING to FULL” as the hellos start coming in again.  Again the tunnel goes over a cisco 800 which I have no control over it and a potential FW before that but I saw the ACL and ip is being allowed. I was thinking this could be a trolling issue on the FW but it doesn’t explain why EIGRP works.  FYI I was having a recursive routing issue before but I have since fixed that and the issue still continues.
    ********  it turns out that i was using the same source ip on multiple tunnels. IPsec would get confused with packets coming in and would deliver packets to the wrong tunnel interface. This was solved but using the key command with a different key number on each set of tunnels with the shared profile command
    "If more than one mGRE tunnel is configured on a router that use the same tunnel source address, the shared keyword must be added to the tunnel protection command on all such tunnel interfaces. Each mGRE tunnel interface still requires a unique tunnel key, NHRP network-ID, and IP subnet address. This is common on a branch router when a dual DMVPN cloud topology is deployed. "
    Router A:
    router ospf 1
    router-id 10.213.22.2
    passive-interface default
    network x.x.97.26 0.0.0.0 area 0
    interface Tunnel1
    ip unnumbered GigabitEthernet0/1
    ip virtual-reassembly in
    ip tcp adjust-mss 1398
    ip ospf network point-to-point
    load-interval 30
    tunnel source GigabitEthernet0/1
    tunnel mode ipsec ipv4
    tunnel destination x.x.173.109
    tunnel path-mtu-discovery
    tunnel protection ipsec profile VTI-to-NB
    router B:
    router ospf 1
    router-id 172.17.2.6
    priority 1
    redistribute static subnets route-map Lan-static-RM
    passive-interface default
    no passive-interface Tunnel1
    no passive-interface Tunnel4
    no passive-interface Tunnel5
    network x.x.173.109 0.0.0.0 area 0
    network 172.17.2.6 0.0.0.0 area 0
    network 192.168.1.47 0.0.0.0 area 0
    interface Tunnel4
    ip unnumbered GigabitEthernet0/2
    ip virtual-reassembly in
    ip tcp adjust-mss 1398
    ip ospf network point-to-point
    load-interval 30
    tunnel source GigabitEthernet0/2
    tunnel mode ipsec ipv4
    tunnel destination x.x.97.26
    tunnel path-mtu-discovery
    tunnel protection ipsec profile VTI_NB_to_dorrance_prv
    end
    thanks P

    Disclaimer
    The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
    Liability Disclaimer
    In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
    Posting
    I haven't studied your config, but I can tell you I have production environment using OSPF across VTI  (and GRE, and GRE/IPSec and DMVPN) tunnels without issue.  I.e. so OSPF can be okay with VTI tunnels.

  • Ospf in asa 5505

    hi all ,
    i have 2 asa 5505 in different locations and i connected both the firewalls with direct cable like lease circuit
    so i provided outside ip as 10.0.1.1 on one end and 2nd firewall outside ip 10.0.1.2 and i can ping both from each side from firewall
    and i configured local network as 10.10.220.0/24 on one end and 10.10.230.0/24 on other end .
    i need to  access local networks from one side to otherside.
    so i configured ospf on both sides
    Neighbor ID     Pri   State           Dead Time   Address         Interface
    10.0.1.1          1   FULL/  -        0:00:39     10.0.1.1        outside
    the status is showing full but no access on local networks
    here is my ospf config
    router ospf 2
    router-id 10.0.1.2
    network 10.0.1.0 255.255.255.252 area 0
    network 10.10.230.0 255.255.255.0 area 0
    area 0
    neighbor 10.0.1.1
    log-adj-changes
    router ospf 2
    router-id 10.0.1.1
    network 10.0.1.0 255.255.255.252 area 0
    network 10.10.220.0 255.255.255.0 area 0
    area 0
    neighbor 10.0.1.2
    log-adj-changes router ospf 2
    please give me the solution
    thanks
    cyril

    Hello,
    Do you think is posible you can share the configuration of your ASA, what version are you running, I want to see the nat statements, the ACLS. Also can you share the show route on both ASA.
    Regards,
    Julio

  • How can I implement a backup 6500 that broadcasts the same OSPF networks?

    I feel as though the answer for this is extremely simple, but my routing experience is very minimal. We have a 6500 switch that shares about 10 OSPF networks, which is behind out 7200 router; and we have a spare 6500 we would like to put into place at our second location as a failover. Can I add the same OSPF networks to this second 6500, or will this cause issues since two switches will be broadcasting the same network. 
    In the case that our core 6500 goes down, i would need the other 6500 to continue broadcasting these networks. 

    Disclaimer
    The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
    Liability Disclaimer
    In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
    Posting
    Yes, it's possible for two locations to advertize the same networks, but this implies that both locations can (normally) reach all the hosts on those networks (at either location).  Also, if there's some kind of failure, some hosts (like one location's hosts) often can no longer be reached.  That's normally ok, but what's normally not okay is for hosts on the same network to be partitioned.
    Also, when you start to have networks across locations, sometimes there's requirements for hosts to logically migrate to the site that still is advertizing the host's network.
    It can all get rather complicated depending on what exactly you're trying to accomplish.

  • Adding VLAN to Po-Group and OSPF routing what is the correct way?

    Hi Community,
    I recently had an issue that brought down the links between a couple of switches...luckily this was done after hours and I did not save the config so was able to revert back.
    The basic scope of my project is:
    We are running out of IP's on the 192.168.1.0/24 sunbnet so wanted to create a seperate VLAN/Subnet  for physical workstations.
    He is what I orginally did;
    1) On our core switch; (Switch1) 
         Create the VLAN,
         VLAN interface,
         DHCP pool,
         excluded address'
    2) On second  switch (Switch 2)
         Add VLAN name, no interface
    3) I then updated the PO-group on Switch1 with new VLAN  (this brought down the link before I was able to finish my config)
        Therefore I was not able to complete the following:
              add vlan to spanning-tree or updated OSPF routing
    Here is what I assume to be the correct order?
    1) On Core Switch (Switch 1)
         Create VLAN
         VLAN interface
         DHCP pool
         excluded address'
         add vlan to spanning-tree
         add vlan (passive interface) and sunbet to OSPF routing
    2) On Switch 2
         Add vlan name/interfaces with no ip
    3) Update PO groups after the above has been configured
         Add new VLAN to Po-Group on Switch 2
         Add new VLAN to Po-Group on Switch 1
    4) Last steps
         Updated specific access ports with new VLAN and test
         upon completion of testing, update all other access ports connected ot workstations with new VLAN
    Questions:
    Did my links go down because I added new VLAN to Po-group BEFORE  updating spanning-tree and OSPF routing?
    Can anyone verify the order as outlined in the section "Here is what I assume to be the correct order"

    So the order in which to apply TASKS is correct?
    also just to clarify the following TASK  based on your comments.
    Step 4- Add new VLANs to OSPF as passive interface
    On Switch 1 (core)
    We have this line of code
    router ospf 100
    router-id 192.168.1.10
    log-adjacency-changes
    passive-interface Vlan10
    passive-interface Vlan30
    passive-interface Vlan50
    passive-interface Vlan500
    network 192.168.0.2 0.0.0.0 area 0
    network 192.168.1.10 0.0.0.0 area 0
    network 192.168.30.254 0.0.0.0 area 0
    network 192.168.33.254 0.0.0.0 area 0
    network 192.168.51.254 0.0.0.0 area 0
    network 192.168.99.5 0.0.0.0 area 0
    network 192.168.200.254 0.0.0.0 area 0
    TASK: OSPF - Add new VLANs(40 & 41) to OSPF as Passive Interface
    ******* Begin Here  *********
    config t
    router ospf 100
    passive-interface vlan40
    passive-interface vlan41
    !WE SHOULD ADD THIS LINE OF CODE
    network 192.168.40.254 0.0.0.0 area 0
    network 192.168.41.254 0.0.0.0 area 0
    ******* End Here  *********
    RESULT:
    router ospf 100
    router-id 192.168.1.10
    log-adjacency-changes
    passive-interface Vlan10
    passive-interface Vlan30
    passive-interface Vlan40
    passive-interface Vlan41
    passive-interface Vlan50
    passive-interface Vlan500
    network 192.168.0.2 0.0.0.0 area 0
    network 192.168.1.10 0.0.0.0 area 0
    network 192.168.30.254 0.0.0.0 area 0
    network 192.168.33.254 0.0.0.0 area 0
    network 192.168.40.254 0.0.0.0 area 0
    network 192.168.41.254 0.0.0.0 area 0
    network 192.168.51.254 0.0.0.0 area 0
    network 192.168.99.5 0.0.0.0 area 0
    network 192.168.200.254 0.0.0.0 area 0
    Better??
    Again thanks...your feedback have been a tremendous help!

  • Need advice on creating ospf abr router

    Hi, I'm studying for the CCNA, and am trying to learn and experiment with OSPF in packet tracer. I am having trouble with setting up a ABR to advertise a summary route for area 0 to another router in area 1. Lets say I have:
    R1:
    router ospf 1
    network 192.168.1.0 0.0.0.255 area 0
    network 192.168.2.0 0.0.0.255 area 0
    network 192.168.3.0 0.0.0.255 area 0
    area 0 range 192.168.0.0 255.255.252.0 <-- my summary route
    ip route 0.0.0.0 0.0.0.0 10.1.1.1
    default-information originate
    R2:
    router ospf 1
    network 10.1.1.0 0.0.0.255
    network 10.1.2.0 0.0.0.255
    network 10.1.3.0 0.0.0.255
    Assuming R1 in area0 is my main network, and I want to advertise my summary route to the area 1 router, what would I have to do?
    I hope that makes sense. Thanks!

    Well I think I've got it now. I think I was over complicating it, by not realizing that a router could easy advertise routes to multiple areas, eg:
    router ospf 1
    net 192.168.1.1 area 0
    net 192.168.2.1 area 0
    net 10.10.10.10 area 1
    net 10.10.20.10 area 1
    etc, and then using the 'area 0 range 192.168.0.0 255.255.252.0
    Also, as I understand it: If you put a default route on an ABR with default-information originate, the route is advertised to both AS's. But if the route is on either of these AS's, you can't do this because a routing loop will occur. Is this correct?
    thanks again

  • Can you display routes advertised and/or received in OSPF, similar to BGP command sh ip bgp neighbors x.x.x.x advertised-routes?

    TOC-BP-SWa#sh ip bgp neighbors 10.14.0.3 advertised-routes
    BGP table version is 1674320, local router ID is 10.14.0.1
    Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
                  S Stale
    Origin codes: i - IGP, e - EGP, ? - incomplete
       Network          Next Hop            Metric LocPrf Weight Path
    *> 10.14.0.1/32     0.0.0.0                  0         32768 i
    *> 147.249.37.0/24  172.20.18.1                   120      0 2001 65015 65016 64823 7381 64681 i
    *> 147.249.38.0/24  172.20.18.1                   120      0 2001 65015 65016 64823 7381 64681 i
    *> 147.249.46.0/24  172.20.18.1                   120      0 2001 65015 65016 64823 7381 12159 12159 i
    *> 147.249.196.0/24 172.20.18.1                   120      0 2001 65015 65016 64823 64870 65124 i
    *> 147.249.237.0/24 172.20.18.1                   120      0 2001 65015 65016 64823 7381 64681 i
    TOC-BP-SWa#sh ip bgp neighbors 10.14.0.3 received-r       
    Total number of prefixes 0 
    TOC-BP-SWa#sh ip bgp neighbors 10.14.0.2 received-r
    BGP table version is 1674320, local router ID is 10.14.0.1
    Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
                  S Stale
    Origin codes: i - IGP, e - EGP, ? - incomplete
       Network          Next Hop            Metric LocPrf Weight Path
    *>i10.14.0.2/32     10.14.0.2                0    100      0 i
    * i147.249.37.0/24  10.14.0.2                0    120      0 2001 65015 65016 64823 7381 64681 i
    * i147.249.38.0/24  10.14.0.2                0    120      0 2001 65015 65016 64823 7381 64681 i
    * i147.249.46.0/24  10.14.0.2                0    120      0 2001 65015 65016 64823 7381 12159 12159 i
    * i147.249.196.0/24 10.14.0.2                0    120      0 2001 65015 65016 64823 64870 65124 i
    * i147.249.237.0/24 10.14.0.2                0    120      0 2001 65015 65016 64823 7381 64681 i
    Can this output be duplicated with an OSPF command? 

    Not really because OSPF does not advertise routes it sends LSAs to it's peers.
    So you need to look at the OSPF database ie. -
    "sh ip ospf database"
    which will show you all the LSAs the router is aware of.
    In terms of all the LSAs the router has received it will show all of those but it will also show you LSAs that were generated by the router itself although the advertising router IP will point to that being the case.
    In terms of all the LSAs the router advertises again it depends on the area and how that has been configured.
    So for example an ABR might well have external LSAs (which aren't tied to any area in the OSPF database) but that doesn't necessarily mean it is advertising them to peers within an area as it could have been configured not to.
    So it gives you a good idea but you need to also work out a few things for yourself as well.
    Jon

  • What is the most effective way to get ospf to function and what is the basic command structure

    I am doing a project of ospf and need to know if I am on the right tract somehow these commands are not working and wondering if I am doing something wrong.

    Hello,
    I would say the basic configuration for OSPF should be:
    1. router ospf  1
             2.   Router-id 2.2.2.2 ( if you want to hardcode the router-id else you can go with the default which would be the highest interface on your router)
             3.  Network  192.168.0.0 0.0.0.255 area 0 (telling the router * I care about the 192.168.0 part of my ip and the last part can be anything thus the 255)
        4.      Net   192.168.2.2 0.0.0.255 area 0 (telling the router * I care about the 192.168.2 part of my ip and the last part can be anything thus the 255)
    OR for the 192.168.0.0 and 192.168.2.0 you could just have 192.168.0.0 0.0.255.255 meaning I only care about 192.168 and 0.0 can be anything.
    The four lines above would be my basic config for ospf. Also have a look at these links, they provide some insight into ospf and how it should be configured. http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_ospf/configuration/12-4/iro-cfg.html#GUID-588D1301-F63C-4DAC-BF1C-C3735EB13673
    http://www.cisco.com/en/US/tech/tk365/tk480/tsd_technology_support_sub-protocol_home.html
    I have also experienced that I cannot configure all OSPF commands on PT but prob GNS3 allow all configs.
    HTH.
    DJ.

  • Hi all, need advice on OSPF and private vlans

    Hi all.
    I have a project to complete and need some help on the possible solution I can use.
    Basically we have ospf area 0 and the users in question are in ospf area 7 and is a stub.
    I need to route the traffic from these users out through area 0 through 3 core devices, onto an external firewall interface to be placed onto the vpn that sits on it. The firewall is not included in the ospf domain.
    My thinking was that the firewall has a default route back into the ospf domain so dont need to worry about traffic coming in, however my job is to segregate these users and take them out of our core network and place them onto an external network via this vpn.
    Not sure how to achieve this apart from static routing redistributed but surely this does not seperate their traffic only points the route to ospf?!
    I was thinking I might have to use private vlans or policy routing but when I try policy routing the policy gets ignored due to normal forwarding.
    Any help and advice would be greatly appreciated.
    Cheers
    Steve

    Steve
    Thanks, that helps.
    GRE is defintely out because apart from the 6500 GRE tunneling is not supported on the Cisco switches.
    It's good that area 7 is only for these users and not mixed up with other users.
    So if i understand correcty the 4500 interface connecting to the 6500 is in area 0 and the interface connecting to the 3550 is in area.
    Or is the 3550 connected to both areas and the 4500 totally in area 0 ?
    Can you confirm the above ?
    In terms of keeping them separate there are 2 possible choices. You can either -
    1) use VRF-LIte, although i'm not sure whether the HP switch would support this. With VRF-Lite you are in effect creating virtual devices on the same physical device. This means each virtual device has it's own routing and forwarding table so it is quite secure because you would only populate the routing table with the routes needed so there would be no way for users to jump to thes rest of your networks.
    The downside is that is can become quite complex to configure. If the 4500 is only used to connect are 7 to area 0 then that would not be a problem but the connection from the 6500 to the HP could and i don't even know whether the HP supports VRF-Lite functionality let alone how to configure it on that switch.
    But it would, at least from the 4500 to 6500 to HP provide complete separation in terms of routing and forwarding. Once it got to the HP it wouldn't but that might not be an issue.
    2) Use PBR (possibly together with acls). This is easier to configure ie. you configure PBR on the 4500 and the 6500 to get the traffic to the HP switch. But you do not get the actual separation you get with VRF-Lite ie. the traffic simply overrides the existing routing tables.
    The other thing to bear in mind with PBR is that you also have to configure the return traffic as well so each device would need multiple PBR configs.
    Again i don't know whether the HP supports PBR but it may not be an issue depending on what the routing is on the HP.
    You could also use a combination of the above ie VRF-Lite between the Cisco switches and then PBR for the last hop to the HP device.
    I should say i don't have a huge amount of experience with VRF-Lite but that should not necessarily stop you using it if it is what you need. There are lots of other people on here so i'm sure there will be other people who can help if i can't.
    It still depends on how much separation is required. VRF-Lite is definitely seen as a way to separate traffic running across a shared infrastructure, PBR is not really seen in the same way.  So it may well be worth going back to find out exactly what "segregating" user traffic means.
    I don't want to confuse the issue but it's still not entirely clear what the actual requirement is.
    Jon

  • How do you Redistribution EIGRP into OSPF and maintain a distance of 250 for a static route?

    Ok, I have scoured the forums long enough and have to post. The design is below. I moved a firewall to our new data center, which required adding some static routes for VPN connections and broadband backups. To minimize the amount of static routes I redistribute static into EIGRP with a route-map and prefix-list.
    My problem is the next part of my network. When the data leaves my 56128's it hits an edge device connecting to our dark fiber. On this edge device I am running OSPF onto the dark fiber, then redistribute some EIGRP subnets into OSPF and again all is well.
    Everything works up until the point the redistributed routes hit my RIB at my main data center where I am running IBGP. IBPG is run between our MPLS router and core for all our remote sites. When my backup route from the 56128's hits the cores, it supersedes the BGP route because the AD route O E2 [110/20] is lower than the BGP AD B [200/0]. Given the configuration below what can be done to remedy this? Oh when I redistribute I can only change the AD for the backup routes, all other routes should stay the same.
    56128's where my static routes are:
    ip route 192.168.101.0/24 192.168.30.77 name firewall 250
    router eigrp 65100
       redistribute static route-map Static-To-Eigrp
    route-map Static-To-Eigrp permit 10
       match ip address prefix-list Static2Eigrp
    ip prefix-list Static2Eigrp seq 2 permit 192.168.101.0/24
    Edge device:
    router eigrp 65100
     network 172.18.0.5 0.0.0.0
     network 172.18.0.32 0.0.0.3
     network 172.18.0.36 0.0.0.3
     redistribute ospf 65100 metric 2000000 0 255 1 1500
     redistribute static metric 200000 0 255 1 1500 route-map STATICS_INTO_EIGRP
     passive-interface default
     no passive-interface Port-channel11
     no passive-interface Port-channel12
     eigrp router-id 172.18.0.5
    router ospf 65100
     router-id 172.18.0.5
     log-adjacency-changes
     redistribute eigrp 65100 subnets route-map EIGRP_INTO_OSPF
     passive-interface default
     no passive-interface GigabitEthernet1/0/1
     no passive-interface GigabitEthernet1/0/2
     no passive-interface GigabitEthernet2/0/1
     no passive-interface GigabitEthernet2/0/2
     network 172.18.0.0 0.0.255.255 area 0
    ip prefix-list EIGRP_INTO_OSPF seq 5 permit 172.18.0.0/16 le 32
    ip prefix-list EIGRP_INTO_OSPF seq 10 permit 192.168.94.0/29 le 32
    ip prefix-list EIGRP_INTO_OSPF seq 15 permit 192.168.26.32/29 le 32
    ip prefix-list EIGRP_INTO_OSPF seq 20 permit 192.168.30.72/29 le 32
    ip prefix-list EIGRP_INTO_OSPF seq 25 permit 192.168.20.128/25 le 32
    ip prefix-list EIGRP_INTO_OSPF seq 26 permit 192.168.101.0/24 le 32 <- Backup Route for MPLS Remote Office
    route-map EIGRP_INTO_OSPF permit 10
     match ip address prefix-list EIGRP_INTO_OSPF

    So in the case of a /24. If it were say broken up into /25's? From our remote sites we are using aggregate-address summary-only. Not sure how I would advertise a more specific route via BGP, sorry.
    I didnt have this problem until I moved my firewalls. They plugged into the cores where IBGP was running and the static never kicked in unless the bgp route disappeared. I guess I could use my static redistribution for my VPN sites and use statics across the cores for the handful of backup links I have.

  • Trying to understand problems that occur when redistributing between two OSPF processes

    Hi all, I'm currently brushing up on my OSPF and trying to understand the problems that can occur when redistributing between two OSPF processes. I have read and understand (I think!) the issues caused by the fact that the same route submitted by two different OSPF processes may not necessarily follow the OSPF rules that one would expect - for example, OSPF preferring intra-area routes to inter-area routes to external routes, but only within the same process. So, if the same route is submitted from two different processes, that rule goes out the window.
    But I'm having some difficulty getting my head around the idea of setting the administrative distance lower in one OSPF process to prefer one domain over the other. I just can't quite follow the example described in this document:
    http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/4170-ospfprocesses.html#twored
    Specifically, in figure 4 where two external networks - external network "N" originating in OSPF domain 1, and external network "M" originating in OSPF domain 2 - are redistributed via two ASBRs. The explanation states:
    This sequence of events could occur occur:
    Router A (Router B) redistributes M into Domain 1, and external M will reach Router B (Router A).
    Because the administrative distance of Domain 1 is lower than Domain 2, Router A (Router B) will install M through Domain 1 and will set to maxage its previous originated LSA (event 1) into Domain 1.
    Because M has been set to maxage in Domain 2, Router A (Router B) will install M though Domain 2 and, therefore, will redistribute M into Domain 2.
    Same as event 1.
    I can't quite work my way through this. I guess it must have something to do with the redistribution of "M" from domain 2 into domain 1 being learned by both ASBRs due to the lower administrative distance assigned to external routes in domain 1, and the original routes through domain 2 being deleted, but then I can't follow the rest of the description. And I can't understand why this would be a problem for network "M" in OSPF domain 2, but NOT for network "N" in OSPF domain 1.
    Any explanation gratefully received!
    Thanks, Graham

    Hello.
    You are right - whenever A and B learns about "M" from Domain 2, they craft LSA for domain 1 and inject it simultaneously. They learn each other's LSAs simultaneously and withdraw (set timer to 3600) for previous LSAs. And it might flap infinitely.
    If they don't learn LSA simultaneously (let's say that A is much faster then B), then there will be no flaps, but B would learn all Domain 2 routes (not just redistributed) via Domain 1.
    And later you will observe routing loop (when you stop advertising M from D): A knows "M" from Domain 2 and injects into Domain 1, B knows from A via Domain 1 and injects into Domain 2... so "M" stays in the routing tables due to mutual redistribution.
    You don't have similar (flap) issue with network "N", because admin distance is lower for Domain 1, so both routers would never prefer OSPF via Domain 2! But having no issue with route flaps, you still will observe routing loop if you stop advertising "N" from C.

  • PE-CE OSPF problem

    CE1-CE2-PE1-P-P-PE2-CE3-CE3
    For OSPF superbackbone:
    From CE2 perspective, PE1 is a ABR
    From provider network perspective, PE1 and PE2 is a ASBR.
    But for Provider network, how they see CE2?
    and Do CE1(in other area) still see PE1 as a ABR?

    In this scenario, the CE routers are ABR routers and the PE routers are ABR and ASBR routers for the CE1 and CE2 routers.
    http://www.cisco.com/warp/public/121/mpls_ospf2.html

  • GRE over DSL with OSPF in an MPLS network

    Hi guys,
    we run 2 GRE tunnels in our network. The A end is a PE router while the B end are 2 different CPE DSL sites.
    Both tunnels at the A end (PE) are using as a source a gig sub inteface which is in the same VRF
    interface Tunnel40 (for branch office 1)
    ip vrf forwarding example
    ip address x.x.x.250 255.255.255.252
    ip mtu 1476
    ip tcp adjust-mss 1420
    ip ospf dead-interval 60
    ip ospf mtu-ignore
    keepalive 10 6
    tunnel source Gig x/x.z
    tunnel destination x.x.x.x.
    tunnel vrf example
    interface Tunnel60 (for branch office 2)
    the frame is as above
    router ospf 1 vrf example
    log-adjacency-changes
    capability vrf-lite
    passive-interface default
    no passive-interface Tunnel40
    no passive-interface Tunnel60
    network x.x.x.250 0.0.0.0 area x.x.x.x
    .network ......
    CPE example
    interface Tunnel1
    ip address x.x.x.249 255.255.255.252
    ip flow ingress
    ip flow egress
    ip ospf dead-interval 60
    ip ospf mtu-ignore
    keepalive 10 6
    tunnel source Dialer1
    tunnel destination z.z.z.1 ( this is the subinterafce Gig x/x.z on the PE router)
    router ospf 1
    router-id x.x.x.x
    log-adjacency-changes
    passive-interface default
    no passive-interface Tunnel1
    no passive-interface Vlan1
    network x.x.x.x 0.0.0.0 area x.x.x.x
    network x.x.x.249 0.0.0.0 area x.x.x.x
    same is the config for CPE 2 ( just the frame of the commands no the ospf areas , IP s etc)
    The problem is that when the tunnel fails for cpe 1 then it fails for CPE 2 exactly the same time.
    Any advice.
    Thanks

    Hi my friend,
    I didnt know about that command and the purpose you use that  but I was searching a bit. Do you use that command for
    normal GRE tunnels?  This is not a point to multipoint topology and every tunnel is a point to point and I run ospf for the point to point link is is differnet area than the other tunnel. Do you beleive that its still could be related to the tunnel key?
    Many thanks fo ryour advice. Please reply at your erliest convenience
    I know it looks like hub and spoke or point to miltipoint but does it actually dehave like that?
    Thank,
    Spyros

  • Why OSPF use wildcard mask? Not subnet mask?

    Why OSPF use wildcard mask? Not subnet mask? Any advantage of using wildcard in OSPF? How wildcard in OSPF work? I saw some OSPF configuration for class b network use 0.0.0.255 as an OSPF wildcard mask. What does it mean? Is that mean to exchange only route information for the subnetwork?

    hello,
    with the use of a wild-card mask we can gain control over route update propagation.So we can define which networks should receive updates and which networks should not receive routing updates.Its just like wildcard masks used in ACLs.this is my view
    cheers,

  • Question about network statement in OSPF and BGP

    The network statements in OSPF and BGP can be used to advertise networks. But I'm not clear under what circumstances would make more sense to use network statements to advertise a network than by using other methods to have the network learned by other routers.
    Here is an example: assume I'm running BGP on router A. I want to advertise network 10.1.1.0/24 to other BGP peers. I have a OSPF route for this network. I can do 2 things: one is to use "network 10.1.1.0 mask 255.255.255.0", the other is to do "redistribute OSPF ... route-map OSPF-INTO-BGP", and create a prefix list to permit 10.1.1.0/24.
    Both would work to have this network learned by other BGP peers. But which is better for what purpose?
    Thanks a lot
    Gary

    Hi Gary,
    There is one little difference between the use of the two approaches - the route injected into BGP by using a network statement will carry an Origin attribute of IGP, whereas the route injected using redistribution will have an Origin attribute of Incomplete. Now, that is not a huge issue since you can always change that whatever value you desire both with the use of the network statement and redistribution. The important thing, however, is that in the BGP best path selection process, the Origin attribute comparison is fairly high up and will prefer a route with the attribute of IGP.
    Apart from that, there is absolutely no difference between using the network statement and using redistribution with a route-map that matches exactly on the same route that you would have specified with the network statement.
    I guess one advantage of using the redistribute approach is that it does not clutter up the BGP config. If you wish to add more routes, you simply add them to the prefix list so that you don't really touch the BGP config portion at all..
    Hope that helps - pls do remember to rate posts that help.
    Paresh

Maybe you are looking for