?
Solved

ospf and bridge-groups??

Posted on 2009-04-20
25
Medium Priority
?
1,211 Views
Last Modified: 2012-05-06
Experts,
I have three routers. R1 on the left is running OSPF, R2 in the middle is running rip, and R3 on the right is running OSPF. R1 and R3 are connected to each other via a bridge group in R2 that does not have an IP address at all, just configured as transparent bridging. I can pass traffic (i.e. ping/telnet/tracert) between R1 and R3 through R2, however i am not receiving any OSPF updates. Essentially OSP does not redistribute through the bridge group in any way, shape, or form. Does anyone have a soultion for this? i can provide router configs if requested.

Thanks!!
0
Comment
Question by:mholzwarth
  • 11
  • 8
  • 6
25 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24187644
Please provide the configs.

This should work as R2 is a transparent bridge. It should be flooding all multicast traffic.
0
 
LVL 15

Expert Comment

by:bkepford
ID: 24187815
OSPF adjacencies are built using multicasts with a TTL of 1 so they only talk to the routers right next to them. I think if you tunnel to the other 1 it will work. If you add this configuration it might fix your problem

R1
interface Fastethernet 0/0
description R1s interface closest to R3
ip add 10.0.0.1 255.255.255.0

int tunnel 0
ip unnumbered fa 0/0
tunnel source 10.0.0.1
tunnel destination 10.0.0.2
ip ospf 1 area 0

R3

interface Fastethernet 0/0
description R3s interface closest to R1
ip add 10.0.0.2 255.255.255.0

int tunnel 0
ip unnumbered fa 0/0
tunnel source 10.0.0.2
tunnel destination 10.0.0.1
ip ospf 1 area 0
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24187963
bkepford,

R2 isn't really a router. It's a bridge.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:mholzwarth
ID: 24187965
Below you will find the configs for the three Routers.
-R1 COnfig
-
-
-Current configuration : 2498 bytes
-!
-version 12.3
-service timestamps debug uptime
-service timestamps log uptime
-no service password-encryption
-!
-hostname R1
-!
-boot-start-marker
-boot-end-marker
-!
-logging buffered 4096 debugging
-!
-memory-size iomem 15
-no aaa new-model
-ip subnet-zero
-ip cef
-!
-!
-ip name-server x.x.x.x
-ip name-server x.x.x.x
-!
-ip audit po max-events 100
-!
-!
-interface FastEthernet0/1
- description Backup DSL Connection ***This is connected to the ATM3/0.1191 interface on R2***
- bandwidth 1500
- ip address 10.15.15.179 255.255.255.248
- duplex auto
- speed auto
-!
-!
-router ospf 1
- log-adjacency-changes
- network 10.0.0.0 0.255.255.255 area 1
-!
-no ip http server
-no ip http secure-server
-ip classless
-!
-!
-logging x.x.x.x
-access-list 120 deny   tcp any any eq 135
-access-list 120 deny   udp any any eq 135
-access-list 120 deny   udp any any eq netbios-ns
-access-list 120 deny   udp any any eq netbios-dgm
-access-list 120 deny   tcp any any eq 139
-access-list 120 deny   udp any any eq netbios-ss
-access-list 120 deny   tcp any any eq 445
-access-list 120 deny   tcp any any eq 593
-access-list 120 deny   tcp any any eq 4444
-access-list 120 deny   tcp any any eq 137
-access-list 120 deny   tcp any any eq 6121
-access-list 120 deny   tcp any any eq 18559
-access-list 120 deny   tcp any any eq 2581
-access-list 120 deny   tcp any any eq 3620
-access-list 120 permit ip any any
-!
-snmp-server community xxxxxxxxx
-snmp-server enable traps tty
 
-----------------------------------------------------------------------
`Router R2 Config
`
`
`version 12.2
`service timestamps debug uptime
`service timestamps log uptime
`no service password-encryption
`!
`hostname R2
`!
`clock timezone MST -7
`clock summer-time MST recurring
`ip subnet-zero
`!
`!
`ip domain-name xxxxxxxxxxxx
`ip name-server x.x.x.x
`ip name-server x.x.x.x
`!
`ip cef
`call rsvp-sync
`cns event-service server
`!
`!
`!
`!
`!
`!
`bridge irb
`!
`!
`interface Multilink1
` no ip address
` ppp multilink
` multilink-group 1
`!
`interface FastEthernet1/0
` description Backup DSL Link to R3
` no ip address
` duplex full
` bridge-group 6
`!
`interface FastEthernet2/0
` description Connection To New DS3
` ip address x.x.x.x 255.255.255.252
` duplex full
`!
`interface ATM3/0
` description Physical DS3 
` bandwidth 44000
` no ip address
` atm scrambling cell-payload
` no atm ilmi-keepalive
`!
`interface ATM3/0.32 point-to-point
` description 20Mbps DS3 Frag 
` bandwidth 30000
`!
`!
`interface ATM3/0.132 point-to-point
` description 30Mbps DS3 Frag 
` ip address x.x.x.x 255.255.255.252
` pvc 1/32
`  ubr 30000
`  oam-pvc manage
` !
`interface ATM3/0.1191 point-to-point
` description backup DSL link to R1
` pvc 1/191
`  encapsulation aal5snap
 `!
 `bridge-group 6
!
interface BVI6
 description CCI Wright DSL Backup
 no ip address
 clns mtu 1514
!
router rip
 version 2
 network 10.0.0.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 x.x.x.x
ip http server
!
logging 
access-list 120 deny   udp any any eq 1900
access-list 120 deny   tcp any any eq 135
access-list 120 deny   udp any any eq 135
access-list 120 deny   udp any any eq netbios-ns
access-list 120 deny   udp any any eq netbios-dgm
access-list 120 deny   tcp any any eq 139
access-list 120 deny   udp any any eq netbios-ss
access-list 120 deny   tcp any any eq 445
access-list 120 deny   tcp any any eq 593
access-list 120 deny   tcp any any eq 4444
access-list 120 permit ip any any
access-list 130 deny   tcp any any eq www
access-list 130 deny   tcp any any eq smtp
access-list 130 permit ip any any
access-list 135 deny   tcp any any eq smtp
access-list 135 permit ip any any
access-list 140 deny   tcp any any eq 6129
access-list 140 permit ip any any
snmp-server engineID local 
snmp-server community xxxxxxxxx
snmp-server community xxxxxxxxx
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps casa
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps channel
snmp-server enable traps hsrp
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps envmon
snmp-server enable traps bgp
snmp-server enable traps rsvp
snmp-server enable traps frame-relay
snmp-server enable traps syslog
snmp-server enable traps rtr
snmp-server enable traps dlsw
snmp-server enable traps dial
snmp-server enable traps voice poor-qov
!
tftp-server x.x.x.x
bridge 6 protocol ieee
bridge 6 route ip
 
!
dial-peer cor custom
!
!
!
!
gatekeeper
 shutdown
!
!
line vty 0 4
 password xxxxxxxxxxxx
 transport input lat pad v120 mop telnet rlogin udptn nasi
 
!
ntp clock-period 17179806
ntp master 2
ntp update-calendar
ntp server x.x.x.x
end
 
-----------------------------------------------------------------------
 
R3 COnfig 
 
Current configuration : 7057 bytes
!
! Last configuration change at 09:09:55 MST Mon Apr 20 2009
! NVRAM config last updated at 11:12:07 MST Sat Apr 18 2009
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R3
!
!
clock timezone MST -7
clock summer-time MST recurring
ip subnet-zero
ip routing
!
ip name-server x.x.x.x
ip name-server x.x.x.x
!
!
spanning-tree mode pvst
spanning-tree extend system-id
no spanning-tree vlan 2
!
!
!
vlan dot1q tag native
!
!
 
!
interface FastEthernet0/15
 description backup DSL link **this port is connected to the FA1/0 on R2 router**
 no switchport
 bandwidth 1500
 ip address 10.15.15.177 255.255.255.248
!
 
!
router ospf 1
 log-adjacency-changes
 redistribute static subnets
 network 10.0.0.0 0.255.255.255 area 1
 network x.0.0.0 0.255.255.255 area 1
 default-information originate
!
ip classless
ip route 0.0.0.0 0.0.0.0 x.x.x.x
ip http server
!
logging x.x.x.x
access-list 10 permit x.x.x.x 0.0.0.255 log
access-list 10 permit x.x.x.x 0.0.0.255 log
access-list 115 deny   udp any any eq tftp
access-list 115 deny   tcp any any eq 135
access-list 115 deny   udp any any eq 135
access-list 115 deny   udp any any eq netbios-ns
access-list 115 deny   udp any any eq netbios-dgm
access-list 115 deny   tcp any any eq 139
access-list 115 deny   udp any any eq netbios-ss
access-list 115 deny   tcp any any eq 445
access-list 115 deny   tcp any any eq 593
access-list 115 deny   tcp any any eq 4444
access-list 115 deny   icmp any any
access-list 115 permit ip any any
access-list 180 permit ip x.x.x.x 0.0.0.255 any
access-list 180 permit ip x.x.x.x 0.0.0.255 any
access-list dynamic-extended
route-map route65 permit 10
 match ip address 10
 set ip next-hop x.x.x.x
!
snmp-server community xxxxxx
snmp-server community yyyyyy
!
!
ntp clock-period 17180172
ntp peer x.x.x.x
!
end

Open in new window

0
 

Author Comment

by:mholzwarth
ID: 24188021
To give you all more info, R1 and R3 are also connected via T1 lines that do redistribute the OSPF networks. The bridge that we are trying to create is to setup a transparent bridge DSL line as a backup link for R1 and R3. However when turning off the T1 lines, the OSPF routes are not redistributed across this backup link. I have traced my issue down to the bridge-group in R2. It currently passes traffic, and if i turn off the T1link in R1 and manually input a static defualt route then it will pass traffic with no problem....However that really defeats one of my current purposes for using OSPF, if i loose the T1 i don't want to have to manually do this everytime, OSPF should just update the new routes over the R2 brdige until i can get onsite to repair the original T1 links
0
 

Author Comment

by:mholzwarth
ID: 24188054
I have been working on this all day, and google has not uncovered much for me.......looking into "source route bridging" as a possible solution.....
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24188079
Quick and dirty solution would be to create a floating static route. Just set the AD to 130. The router will not use the static route unless the OSPF path over the T1 is lost.

OSPF problem over the bridge may have something to do with the translational bridging going on in R2.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24188115
SRB is used in token ring. I don't think I've ever heard of SRB in an Ethernet environment.
0
 

Author Comment

by:mholzwarth
ID: 24188216
thanks don just saw that.

we have tried the dirty solution already, and while it works...well its dirty, and my ultimate goal with this project is to get a perminent clean solution in place.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24188292
I'm pretty sure your problem is the translation between ethernet and ATM.

Have you tried manually defining the neighbor?



R1
router ospf 1
 neighbor 10.15.15.177
 
R3
router ospf 1
 neighbor 10.15.15.179

Open in new window

0
 

Author Comment

by:mholzwarth
ID: 24188432
tried your config don, get a respones back as:
OSPF: Neighbor commonad is allowed only on NBMA and point-to-multipoint networks.
And they will not accept the neighbor command.

The idea was great though!
0
 
LVL 15

Expert Comment

by:bkepford
ID: 24188493
When I see bridging done with ATM they use

bridge 6 protocol dec

not

bridge 6 protocol ieee
0
 

Author Comment

by:mholzwarth
ID: 24188502
now looking at going down the road of the bitswap-layer3-addresses or circuit-group commands....any thoughts
0
 

Author Comment

by:mholzwarth
ID: 24188514
but will protocol dec work with the thernet interface?
0
 
LVL 15

Expert Comment

by:bkepford
ID: 24188518
Well actually I've seen it both ways.
0
 
LVL 15

Expert Comment

by:bkepford
ID: 24188567
In the below example off of Cisco's site they use it to bridge a fiber, Token ring and Ethernet connection.

Here's the link
http://www.cisco.com/en/US/docs/ios/bridging/configuration/guide/br_transprnt_brdg_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1004432
interface tokenring 0
 ip address 131.108.1.1 255.255.255.0
 bridge-group 1
!
interface fddi 0
 ip address 131.108.2.1 255.255.255.0
 bridge-group 1
!
interface ethernet 0
 ip address 192.31.7.26 255.255.255.240
 bridge-group 1
!
interface serial 0
 ip address 192.31.7.34 255.255.255.240
 bridge-group 1
!
interface ethernet 1
 ip address 192.31.7.65 255.255.255.240
 bridge-group 1
!
bridge 1 protocol dec

Open in new window

0
 
LVL 15

Expert Comment

by:bkepford
ID: 24188577
PS notice that the bridge irb command is not used.
0
 
LVL 15

Expert Comment

by:bkepford
ID: 24188584
or the

 bridge 6 route ip
0
 

Author Comment

by:mholzwarth
ID: 24188814
after doing some digging i can not remove the bridge irb or even change it do to another bridge group currently in use by a large number of DSL customers, i have however remove the BVI6 as it was also missing in the examples you provided as well as the route ip command. going to do a little more testing then make the switch and see if it will now update the routes, will be a few before i am back.
0
 
LVL 50

Accepted Solution

by:
Don Johnston earned 1000 total points
ID: 24189219
I don't think this is your problem.

IRB (Integrated Routing and Bridging) is used when you want the router to bridge traffic but you also want to route traffic between the bridge group and layer 3 interfaces. The BVI (Bridge Virtual Interface) is the layer 3 interface for the bridge group.

If there was a problem with the bridging function, you would not be able to move ANY traffic across the link. Since you can move traffic across the bridge, it's working. The problem is broadcast/multicast traffic only.

There are numerous papers that cover this topic.

For example:

http://www.faqs.org/rfcs/rfc2226.html
http://www.faqs.org/rfcs/rfc2844.html

It's been sooo long since I did any ATM, I can't remember the fix. I seem to recall changing the ospf network type on an interface.

Maybe on R3 issuing the command "ip ospf network non-broadcast" on the f1/0 interface and then define the neighbor.

Did you try the neighbor command on R1?



0
 
LVL 15

Expert Comment

by:bkepford
ID: 24189461
This is true both sides need to have matching hello/dead timers. If they do not match no peering will take place.
0
 
LVL 15

Expert Comment

by:bkepford
ID: 24189473
If you do a show ip ospf interfaces on both routers you can compare them. Changing the network type chanes the timers and if one side is ethernet and the other ATM the ATM will not require a DR while the ehternet side will. You need to make sure both require the same thing.
0
 

Author Comment

by:mholzwarth
ID: 24194851
Good Morning Don,

Didn't get a chance until this morning to try the IP ospf command. After working through it and cleaning up everything i did yesterday the backup link is now working correctly.

The one catch i found is i did have to put the "ip ospf network non-broadcast" in both R1 and R2 with the neighbor commands. Once done everything came right up and started working.

Thank You for all your help on this, and thank you to the other guys that have posted as well.
0
 

Author Closing Comment

by:mholzwarth
ID: 31572416
Please read the entire post for the solution and see the router configs.

Thanks for everybody's help!!
0
 

Author Comment

by:mholzwarth
ID: 24194964
Final configs
R1
 
 
interface FastEthernet0/1
 description Backup DSL
 bandwidth 1500
 ip address 10.15.15.179 255.255.255.248
 ip ospf network non-broadcast
 duplex auto
 speed auto
!
!
router ospf 1
 log-adjacency-changes
 network 10.0.0.0 0.255.255.255 area 1
 neighbor 10.15.15.177
!
--------------------------------------------------------------------------------------------
 
R2
 
!
bridge irb
!
!
interface FastEthernet1/0
 description Backup DSL Link
 no ip address
 duplex full
 bridge-group 6
!
interface ATM3/0.1191 point-to-point
 description Backup DSL Link
 pvc 1/191
  encapsulation aal5snap
 !
 bridge-group 6
!
!
interface BVI6
 description DSL Backup
 no ip address
 clns mtu 1514
!
bridge 6 protocol ieee
bridge 6 route ip
 
------------------------------------------------------------------------------------------------
 
R3
 
 
interface FastEthernet0/15
 description backup link to DSL
 no switchport
 bandwidth 1500
 ip address 10.15.15.177 255.255.255.248
 ip ospf network non-broadcast
!
router ospf 1
 log-adjacency-changes
 redistribute static subnets
 network 10.0.0.0 0.255.255.255 area 1
 neighbor 10.15.15.179 priority 1
 default-information originate
!

Open in new window

0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question