SRX Services Gateway
Highlighted
SRX Services Gateway

OSPF routing failover issue

[ Edited ]
‎08-10-2018 03:43 AM

Please bear with me, I'm still trying to get to grips with JunOS/SRX.

 

Site A, with a VDSL connection as its primary connection, and an RF connection as its backup

Site A's connection to our 'core' network is via the primary connection using a VPN - the termination point is Site B

Site A's backup connection into our 'core' network is via the RF connection - the entry point is another site, Site C

 

All sites are in area 0.0.0.0.

 

Here's the config. I have that I thought would work:-

 

interfaces {
    ge-0/0/0 {
        unit 0 {
            family inet {
                address 192.168.111.254/24;
            }
        }
    }
    ge-0/0/1 {
        unit 0 {
            family inet {
                address 192.168.0.6/30;
            }
        }
    }
    pt-1/0/0 {
        EDITED OUT 
    }
    pp0 {
        EDITED OUT
    }
    st0 {
        unit 0 {
            family inet {
                address 172.16.0.54/30;
            }
        }
    }
}
routing-options {
    static {
        route 0.0.0.0/0 next-hop pp0.0;
    }
    router-id 192.168.111.254;
}
protocols {
    ospf {
        traceoptions {
            file OSPF;
            flag error;
            flag hello;
        }
        preference 10;
        external-preference 150;
        reference-bandwidth 10g;
        area 0.0.0.0 {
            interface ge-0/0/0.0 {
                passive;
            }
            interface ge-0/0/1.0 {
                metric 2000;
            }
            interface st0.0;
        }
    }
}

 

In theory, what should happen I hope, is that OSPF routes traffic via the st0.0 interface, which it does, but if the underlying VDSL connection should drop or just the tunnel, traffic should then be routed via the secondary RF (ge-0/0/1.0) interface, hence the metric of 2000, however this does not happen. I have tried changing the interface-type for both ge-0/0/1.0 and st0.0 to p2p and then combinations, but nothing helps. I have similar scenarios at 2 other sites and both failover without an issue, although they use ADSL and VDSL respectively as their secondary connections.

 

Can anyone point out where I'm going wrong please?

 

 

10 REPLIES
SRX Services Gateway

Re: OSPF routing failover issue

[ Edited ]
‎08-10-2018 09:15 AM

Extra notes:-

 

Relevant site B config:

 

interface st0.111;

 

Relevant site C config:

 

interface ge-0/0/4.0 {
                interface-type p2p;
            }

 

I think I have my interface types in a muddle, but I'm struggling to sort it, especially without disconnecting myself from the remote site.

 

 

SRX Services Gateway

Re: OSPF routing failover issue

‎08-10-2018 11:20 PM

Hello there,


@EMTSU wrote:

if the underlying VDSL connection should drop or just the tunnel, traffic should then be routed via the secondary RF (ge-0/0/1.0) interface, hence the metric of 2000, however this does not happen

  


 Could You please clarify what exactly does not happen? I see Your 0/0 route points to pp0 interface, so my guesses are:

1/ when tunnel drops, everything goes out of pp0 

2/ when tunnel drops, the inter-site traffic still tries to go into a dead tunnel and is blackholed

3/ anything else?

 


@EMTSU wrote:
protocols {
    ospf {
<skip>
        area 0.0.0.0 {
<skip>
            interface ge-0/0/1.0 {
                metric 2000;
            }

 

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 

Relevant site C config:

 

interface ge-0/0/4.0 {
                interface-type p2p;
            }

 

 


The above OSPF interface config mismatch won't get You an OSPF adjacency up. You need to use either p2p or default (broadcast) ON BOTH sides.

 Finally, do You inject Your site B and C routes as OSPF external Type 2, by any chance? If yes, then interface metric won't have any effect. You need to inject them as OSPF external Type 1 for the interface metric to work.

HTH

Thx

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
SRX Services Gateway

Re: OSPF routing failover issue

[ Edited ]
‎08-15-2018 02:46 AM

Thank you so much for your reply Alex, I do appreciate it. My apologies for the slow reply.

 

Just to note, all relevant interface IP addresses are /30 addresses.

 

In answer to your questions:- 

 

1) Correct

2) Correct

3) Not that I have observed

4) So, if I harmonize all interfaces to P2P will this get my setup working as I'd like?

5) I don't believe any routes are injected

 

When I simulated the Primary (VDSL with VPN) connection going down I physically disconnected the cable, I did not drop the tunnel or simply deactivate the st interface.

SRX Services Gateway

Re: OSPF routing failover issue

[ Edited ]
‎08-16-2018 01:48 AM

Hello,

I feel I am missing something in the bits and pieces of information You shared so far.

My scenarios [1] and [2] cannot BOTH be true/correct at the same time, it's  either 1 or 2.

Once again, they are:

Scenario #1:

- when tunnel drops, everything (I mean EVERYTHING including traffic towards sites B and C) goes out of pp0

Scenario #2:

- when tunnel drops, traffic towards sites B and C (and only THIS traffic) is still routed towards the tunnel and is blackholed.

Please share Your sanitized configs and topology diagram showing the physical+tunnel links, OSPF area(s), routes/prefixes & where they are originated from in order for us to be able to help You further. 

And to answer Your question on "harmonizing" the OSPF interface types- the main requirement is that Your OSPF interface type MUST BE the same on both sides. Does  not matter if it is broadcast-broadcast (default for Etnernet) or p2p-p2p. Mistmatched OSPF interface types result in OSPF adjacency never reaching "Full" state.

HTH

Thx

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
SRX Services Gateway

Re: OSPF routing failover issue

[ Edited ]
‎08-16-2018 06:56 AM

@aarseniev

My scenarios [1] and [2] cannot BOTH be true/correct at the same time, it's  either 1 or 2.

 

Ok, I understand. Please can you talk me through the steps to determine which scenario is true?

SRX Services Gateway

Re: OSPF routing failover issue

‎08-21-2018 06:17 AM

@aarseniev

Any thoughts on this please?

SRX Services Gateway

Re: OSPF routing failover issue

‎08-22-2018 04:54 AM

When the tunnel drops look at the routing table and see if there is a route for the tunnel traffic pointing to the tunnel interface still active in the table.

 

If yes, then this is #2 if no and the traffic will use the default route out then it is #1

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
SRX Services Gateway

Re: OSPF routing failover issue

[ Edited ]
‎08-23-2018 09:35 AM

It's actually neither scenario.

 

When the tunnel drops, the routing table shows that internal traffic is being routed via the RF link, which is correct, and yet I cannot ping the site. However, if I jump on to the device via external IP and run a ping from it to site C or B, the pings are successful, but I cannot ping from the routers at site C or B back to the lan-side (/24) of site A.  I can, however, ping the /30 address (RF link) at site A. When I check the routing tables at sites C and B they appear correct for a path back to site A (/24), but site B lists a 'network address' for the route to /30 at site A, and site C has no routing information for the /30 at site A.

 

This has to be something simple I'm missing!

 

 

SRX Services Gateway

Re: OSPF routing failover issue

‎08-24-2018 01:31 AM

Alas, a good night's sleep and a clear head got me to where I needed to be i.e. a Trust-to-Trust allow rule, d'oh!

SRX Services Gateway

Re: OSPF routing failover issue

‎08-24-2018 04:21 AM

Thanks for the update.

 

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home