Re: OSPF filtering from Ivan Hrvatska on 2010-02-11 (Ccielab archives /201002)

From: Ivan Hrvatska <ivanzghr_at_gmail.com>
Date: Thu, 11 Feb 2010 18:26:29 +0100

I have managed to solve my problem. I used EEM to do it.
Initially my two locations had to have new L2 link. so both my
locations would be in area 212 and have only one connection to area 0
and this problem wouldn't exist. Since I didn't get that link, whole
scenario seems bad if you don't know whole story. Never the less, I
used EEM on router that has backup link on it. EEM monitors debug ip
routing msgs defined in one ACL. When it get log msg like this:

RT: delete route to 10.212.128.0/17 via 10.212.20.18

it knows that OSPF link with area 0 is down and it brings up the
backup interface. When OSPF with area 0 recovers it gets something
like this:

RT: add 10.212.128.0/17 via 10.212.20.18

and another event applet shuts down the backup port.

At the other location backup link is always UP. I also put some mail
notifications in event which tracks my backup FE interface, and that
is whole idea.
I tested couple of scenarios and it works fine.
Thanks for your assistance.

Regards

On Sun, Feb 7, 2010 at 12:22 PM, Ivan Hrvatska <ivanzghr_at_gmail.com> wrote:
> well after all I think nothing will work because transit area 0, which
> is not my administrative area also will have routes through the backup
> link. So I configured PBR in combination with static routes on both
> locations and when packet enters prim link, first router in area 0 has
> route through to backup link and returns that packet to me, I send it
> again to them, etc, etc...They should also configure static routes for
> my loopbacks.
>
> On Sun, Feb 7, 2010 at 5:19 AM, <ron.wilkerson_at_gmail.com> wrote:
>> Use a static route with the interface option. This way, if the interface goes down, the static route will disappear.
>>
>>
>> -----Original Message-----
>> From: Ivan Hrvatska <ivanzghr_at_gmail.com>
>> Date: Sun, 7 Feb 2010 01:39:54
>> To: Piotr Kaluzny<piotrk_at_ipexpert.com>
>> Cc: Tyson Scott<tscott_at_ipexpert.com>; Marko Milivojevic<markom_at_ipexpert.com>; Narbik Kocharians<narbikk_at_gmail.com>; Cisco certification<ccielab_at_groupstudy.com>
>> Subject: Re: OSPF filtering
>>
>> I have just tried. Doesn't do what i want.
>>
>> SW1---ABR---prim-----------R2
>> | \
>> | SW2
>> | /
>> R3--------backup----------------R4
>>
>> I don't know can you see the diagram correctly. R3 is router where I
>> have event manager which brings up FE port of backup link. What I want
>> to do is next: ping that is used in SLA should always go via primary
>> (it shouldn't follow the path in routing table). If it just go via
>> best path in RIB it will always get to SW2. So, I created lo int on R3
>> which is used as source for SLA ping. How can I make that ping goes
>> through SW1 and to ABR? That way ping will always use prim link and
>> track object will be UP till prim link is OK.
>>
>> On Sat, Feb 6, 2010 at 4:04 PM, Piotr Kaluzny <piotrk_at_ipexpert.com> wrote:
>>> Ivan,
>>>
>>> Did you try local PBR? This feature works for router-generated traffic. Just
>>> watch out for the source IP.
>>>
>>> Regards,
>>> --
>>> Piotr Kaluzny
>>> CCIE #25665 (Security), CCSP, CCNP
>>> Sr. Support Engineer - IPexpert, Inc.
>>> URL: http://www.IPexpert.com
>>>
>>>
>>> On Sat, Feb 6, 2010 at 2:38 PM, Ivan Hrvatska <ivanzghr_at_gmail.com> wrote:
>>>>
>>>> Hmmm... I thought solving this problem with event manager. On my
>>>> router that has backup link connected to it I configured event manager
>>>> that will unshut the port when primary link fail.
>>>> I'm pinging other side (location 2) and using that track in event
>>>> manager. It works, but not the whole part. See, when I lose ping
>>>> replies, event manager unshut the port and traffic start going via
>>>> backup. But the problem is that my ping in SLA after OSPF converged
>>>> starts getting replies and event applet shut down the port cause it
>>>> thinks that primary link is up. I tried to solve that with PBR. I
>>>> configured one loopback and thought that PBR will always send packets
>>>> with source IP of that loopback to the router that has primary link on
>>>> it. But obviously PBR doesn't work when traffic is originated on that
>>>> router?
>>>> So, is there some advanced option in IP SLA that can track route in
>>>> routing table combined with neighbor that advertise that route? Or
>>>> something similar?
>>>>
>>>> On Mon, Jan 25, 2010 at 3:01 PM, Tyson Scott <tscott_at_ipexpert.com> wrote:
>>>> > Ivan,
>>>> >
>>>> > It is definitely a design consideration that would solve your problems.
>>>> >
>>>> > Regards,
>>>> >
>>>> > Tyson Scott - CCIE #13513 R&S, Security, and SP
>>>> > Technical Instructor - IPexpert, Inc.
>>>> > Mailto: tscott_at_ipexpert.com
>>>> > Telephone: +1.810.326.1444, ext. 208
>>>> > Live Assistance, Please visit: www.ipexpert.com/chat
>>>> > eFax: +1.810.454.0130
>>>> >
>>>> >
>>>> >
>>>> > -----Original Message-----
>>>> > From: Ivan Hrvatska [mailto:ivanzghr_at_gmail.com]
>>>> > Sent: Monday, January 25, 2010 3:24 AM
>>>> > To: Tyson Scott
>>>> > Cc: Marko Milivojevic; Narbik Kocharians; Cisco certification
>>>> > Subject: Re: OSPF filtering
>>>> >
>>>> > Customer who owns the network I am using as transit network wants that
>>>> > area 212 is stub. Probably he doesn't want any external networks to be
>>>> > redistributed into OSPF domain.
>>>> >
>>>> > On Sat, Jan 23, 2010 at 4:46 PM, Tyson Scott <tscott_at_ipexpert.com>
>>>> > wrote:
>>>> >> Ivan,
>>>> >>
>>>> >> Does it have to remain specifically a stub or can it be a NSSA? As I
>>>> >> mentioned earlier creating two processes as NSSA's would definitely do
>>>> >> the
>>>> >> trick.
>>>> >>
>>>> >> ABR2 and ABR3
>>>> >>
>>>> >> router ospf 1
>>>> >> area 212 nssa
>>>> >> network x.x.x.x 0.0.0.0 area 0
>>>> >> network y.y.y.y 0.0.0.0 area 212
>>>> >>
>>>> >> ABR1 and ABR4
>>>> >>
>>>> >> router ospf 1
>>>> >> area 212 nssa
>>>> >> network y.y.y.y 0.0.0.0 area 212
>>>> >> redistribute ospf 2 subnets metric-type 1 metric 10
>>>> >> router ospf 2
>>>> >> area 212 nssa
>>>> >> network z.z.z.z 0.0.0.0 area 212
>>>> >> redistribute ospf 1 subnets metric-type 1 metric 100000
>>>> >>
>>>> >> You would then need to test between sites.
>>>> >>
>>>> >> HTH
>>>> >>
>>>> >>
>>>> >> Regards,
>>>> >>
>>>> >> Tyson Scott - CCIE #13513 R&S, Security, and SP
>>>> >> Technical Instructor - IPexpert, Inc.
>>>> >> Mailto: tscott_at_ipexpert.com
>>>> >> Telephone: +1.810.326.1444, ext. 208
>>>> >> Live Assistance, Please visit: www.ipexpert.com/chat
>>>> >> eFax: +1.810.454.0130
>>>> >>
>>>> >> IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA
>>>> > (R&S,
>>>> >> Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security &
>>>> > Service
>>>> >> Provider) Certification Training with locations throughout the United
>>>> >> States, Europe and Australia. Be sure to check out our online
>>>> >> communities
>>>> > at
>>>> >> www.ipexpert.com/communities and our public website at www.ipexpert.com
>>>> >>
>>>> >>
>>>> >> -----Original Message-----
>>>> >> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
>>>> > Ivan
>>>> >> Hrvatska
>>>> >> Sent: Saturday, January 23, 2010 8:38 AM
>>>> >> To: Marko Milivojevic
>>>> >> Cc: Narbik Kocharians; Cisco certification
>>>> >> Subject: Re: OSPF filtering
>>>> >>
>>>> >> Hmmm....diagram is something like this:
>>>> >>
>>>> >>
>>>> >> (Area 212) ABR1 ------------------ ABR2 (Area 0) ABR3
>>>> >> -------------------ABR4 (Area 212)
>>>> >> Location 1 *
>>>> >> Location 2
>>>> >> * *
>>>> >> *
>>>> >> * *
>>>> >> *
>>>> >> * *
>>>> >> *
>>>> >> * *
>>>> >> *
>>>> >> * *
>>>> >> *
>>>> >> ********************** ABR 4 (area
>>>> > 212)**************
>>>> >>
>>>> >> where * is backup link and ---- should be primary.
>>>> >> Between Area0 and location 2 is another area so connection to area0 is
>>>> >> through GRE. Area 212 is stub.
>>>> >>
>>>> >> On Sat, Jan 23, 2010 at 11:51 AM, Marko Milivojevic
>>>> >> <markom_at_ipexpert.com>
>>>> >> wrote:
>>>> >>> On Sat, Jan 23, 2010 at 10:27, Ivan Hrvatska <ivanzghr_at_gmail.com>
>>>> >>> wrote:
>>>> >>>> I sent diagram in attachment as jpg pic. Is it visible?
>>>> >>>
>>>> >>> GS doesn't do attachments, hence all the ASCII art we see from time to
>>>> >> time :-)
>>>> >>>
>>>> >>> --
>>>> >>> Marko Milivojevic - CCIE #18427
>>>> >>> Senior Technical Instructor - IPexpert
>>>> >>>
>>>> >>> Mailto: markom_at_ipexpert.com
>>>> >>> Telephone: +1.810.326.1444
>>>> >>> Fax: +1.810.454.0130
>>>> >>> Community: http://www.ipexpert.com/communities
>>>> >>
>>>> >>
>>>> >> Blogs and organic groups at http://www.ccie.net
>>>> >>
>>>> >> _______________________________________________________________________
>>>> >> Subscription information may be found at:
>>>> >> http://www.groupstudy.com/list/CCIELab.html
>>>>
>>>>
>>>> Blogs and organic groups at http://www.ccie.net
>>>>
>>>> _______________________________________________________________________
>>>> Subscription information may be found at:
>>>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Thu Feb 11 2010 - 18:26:29 ART

This archive was generated by hypermail 2.2.0 : Mon Mar 01 2010 - 06:28:35 ART