• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 726
  • Last Modified:

OSPF Metrics

We have a DMVPN set with two main routers, we have our primary head router and a backup. One of our spokes keeps losing connection to out primary router, the second tunnel to the back up is up and works. The issue we are now having, is when tunnel one goes down and anyone from our core tries to go to this stub, one of the other stubs says they know how to get there and not our dr head router.

The two head routers are connected by a point to point tunnel. The head routers and spokes are connected by mGRE
0
axl13
Asked:
axl13
  • 7
  • 6
1 Solution
 
pergrCommented:
Generally you do not want your spoke sites to carry transit traffic, so it is a good idea to manipulate OSPF metric to achieve that.

If the spoke routers are junipers you can use the overload command on them to achieve that. If not, you can just increase the OSPF metric on all tunnels to spoke sites.

On the main, the metric should lower to the backup then to spoke sites.
0
 
axl13Author Commented:
We use Cisco... Currently the metric is calculated by the bandwidth... Funny thing, both 10meg sites and T1 sites are showing a metric of 71, should I just go ahead a change them. Also, how do I go about checking the metric of the dr site?
0
 
pergrCommented:
The advertised metric of the DR site should be in the OSPF database:

show ip ospf database

I seem to remember that is the Cisco command. Possibly you need to add something to the command for more details.

Next, check if you have the same "reference bandwidth" configured on all routers. Generally, the router should take the reference bandwidth and divide it by the interface bandwidth when it calculate the metric - and then advertise that metric to all other routers.

If you do not want to use the automatic metric calculation, you can either:

a) set the bandwidth under each interface (so that will be used to calculate the metric), or
b) set the metric under each interface.

You definitely want your metrics correctly set.

PS. I assume you have a single OSPF area. OSPF will always prefer a route within an area over a route to another area, even if the metric is lower.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
axl13Author Commented:
Same OSPF area but diffenet tunnels... Funny, when both tunnels are the Spoke in question are up, here is what the metric look like on our core router:

  LS age: 637
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 150.142.85.0 (summary Network Number)
  Advertising Router: 150.142.1.1
  LS Seq Number: 80000083
  Checksum: 0xCC4A
  Length: 28
  Network Mask: /24
        MTID: 0         Metric: 2

  LS age: 527
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 150.142.85.0 (summary Network Number)
  Advertising Router: 150.142.32.51
  LS Seq Number: 80000083
  Checksum: 0xC5FF
  Length: 28
  Network Mask: /24
        MTID: 0         Metric: 2
0
 
pergrCommented:
Since it is "Summary Links" it indicates the routes are from a different OSPF area.

That would mean you do have several areas in your OSFP domain - and possibly that is causing the routing issue we are looking at.

Can you describe the area design?
0
 
axl13Author Commented:
I have attached a diagram
DMVPN.vsd
0
 
pergrCommented:
Once on the DR router, when it forwards packets to a destination within area 1011, the router will always prefer the path within area 1011 - no matter what metrics.

That means means the path to MAIN will not be used since it is in area 0.

One solution is, of course, to have the whole network in area 0. It may be best depending on the scope of the whole network.

Another solution is to have the link between MAIN and DR both in area 0 and in area 1011. That's called "multiarea adjency":

http://tools.ietf.org/html/rfc5185
http://blog.codergenie.com/post/2012/07/20/OSPF-Multi-Area-Adjacency.aspx
http://www.juniper.net/techpubs/en_US/junos11.4/topics/topic-map/ospf-multiarea-adjacency.html

So, the command would be:

 area 1011
  multi-area-interface GigabitEthernet...

!
 
0
 
axl13Author Commented:
I do not have an AREA 1011. Here is how ospf is set up

MAIN ROUTER
router ospf 1
 router-id 150.142.1.1
 area 1011 stub
 network XXX.XXX.1.0 0.0.0.63 area 0
 network XXX.XXX.10.0 0.0.0.127 area 1011
 network XXX.XXX.10.129 0.0.0.0 area 0
!

DR ROUTER

router ospf 1
 router-id 150.142.32.51
 area 1011 stub
 network XXX.XXX.10.128 0.0.0.127 area 0
 network XXX.XXX.11.0 0.0.0.127 area 1011
 network XXX.XXX.31.0 0.0.0.255 area 0
 network XXX.XXX.32.0 0.0.0.255 area 0
 network XXX.XXX.37.0 0.0.0.255 area 0
 network XXX.XXX.48.0 0.0.0.63 area 0
 network XXX.XXX.175.0 0.0.0.255 area 0
 network XXX.XXX.179.0 0.0.0.255 area 0
 network XXX.XXX.190.0 0.0.0.255 area 0
 network XXX.XXX.175.0 0.0.0.63 area 0
!
0
 
pergrCommented:
In the config you pasted, there is:

network XXX.XXX.11.0 0.0.0.127 area 1011

which is your interfaces you have put in AREA 1011..., and that area is configured as a "stub" area (meaning no external routes is advertised to it).

The spoke routers is most likely also configured with that area.

Are there many spoke routers, or would you consider moving them all to AREA 0?
0
 
axl13Author Commented:
We have 32 spokes
0
 
axl13Author Commented:
Here are the two interface configs: The first is a P2P to our main router, the other is a mGRE to our spokes (area 1011)

interface Tunnel32
 description GRE TUNNEL ON 800NP
 bandwidth 10000
 ip address XXX.XXX.10.130 255.255.255.128
 ip mtu 1400
 cdp enable
 tunnel source GigabitEthernet0/0/1
 tunnel destination 10.48.9.22
 tunnel key 32
 tunnel path-mtu-discovery
 tunnel bandwidth transmit 80000
 tunnel bandwidth receive 80000
 tunnel protection ipsec profile PROFILE-TUN32
!

interface Tunnel72062
 description mGRE TUNNEL FOR AREA 1011 ON C7206-800NP
 bandwidth 900000
 ip address XXX.XXX.11.1 255.255.255.128
 no ip redirects
 ip mtu 1400
 ip nhrp authentication NHRPAUTH
 ip nhrp map multicast dynamic
 ip nhrp network-id 72062
 ip nhrp holdtime 300
 ip ospf authentication message-digest
 ip ospf authentication-key 7 ddddddddddd
 ip ospf network point-to-multipoint
 ip ospf hello-interval 10
 tunnel source GigabitEthernet0/0/1
 tunnel mode gre multipoint
 tunnel key 72062
 tunnel path-mtu-discovery
 tunnel protection ipsec profile PROFILE-DMVPN
!
0
 
pergrCommented:
In general, if you have less than 50 routers, and decent models, a single area should be fine.

The other option is to run the link between main and dr in area 1011., since I suspect RFC5185 is not supported on IOS.

Perhaps one solution is to run two VLAN on the link between MAIN and DR, and have one vlan in each area. That should work well.
0
 
axl13Author Commented:
Going to set up as single ospf area.
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

  • 7
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now