Mailing List Archive: Advertising Default Route to particular Area using OSPF

Hello,

I am fairly new to Quagga and OSPF. I just started a new job and am trying
to learn as quickly as possible. I think I understand all of the basic
stuff, but I am having trouble understanding how to have 2 of my routers
advertise default routes to a particular area.

Here is our basic setup.

[image: Inline image 1]

We have two debian firewall servers which all of our ISP's are connected
to. I will refer to them as R1 and R2. They are both in Area 0

R1 has this configuration for OSPF:
ospf router-id 10.147.1.10
max-metric router-lsa on-startup 30
max-metric router-lsa on-shutdown 30
network 10.3.251.0/29 area 10.18.0.0
network 10.147.1.4/30 area 0.0.0.0
network 10.147.1.8/30 area 0.0.0.0
network 10.147.1.48/30 area 0.0.0.0
area 10.18.0.0 range 10.18.0.0/16

R2 has this configuration for OSPF:
ospf router-id 10.147.1.22
max-metric router-lsa on-startup 30
max-metric router-lsa on-shutdown 30
network 10.1.254.0/29 area 10.18.0.0
network 10.147.1.17/30 area 0.0.0.0
network 10.147.1.20/30 area 0.0.0.0
network 10.147.1.52/30 area 0.0.0.0
area 10.18.0.0 range 10.18.0.0/16

We also have two debian firewall servers (RR1 and RR2 both in Area 0)
outside our local network that have openvpn connections to R1 and R2.

RR1 has this configuration for OSPF
ospf router-id 10.147.1.9
max-metric router-lsa on-startup 30
max-metric router-lsa on-shutdown 30
redistribute static
network 10.84.0.0/22 area 10.88.0.69
network 10.88.1.0/24 area 10.88.0.69
network 10.88.250.0/30 area 0.0.0.0
network 10.147.1.2/30 area 0.0.0.0
network 10.147.1.8/30 area 0.0.0.0

RR2 has this configuration for OSPF:
ospf router-id 10.147.1.21
max-metric router-lsa on-startup 30
max-metric router-lsa on-shutdown 30
network 10.85.0.0/22 area 10.88.0.69
network 10.88.1.0/24 area 10.88.0.69
network 10.88.250.0/30 area 0.0.0.0
network 10.147.1.12/30 area 0.0.0.0
network 10.147.1.20/30 area 0.0.0.0

We have two Dell N3024 switches behind R1 and R2 that are our core switches
(S1 and S2). They are in area 10.18.0.0

I am trying to get this set up properly for High Availability. How do I
have R1 and R2 advertise themselves as a default route to S1 and S2 without
also advertising to RR1 and RR2? Can anyone point me in the right
direction? Also, is there any way to specify which one should take
precedence when both routes are available? We have two other debian
firewalls connected through openvpn that are set up similarly to RR1 and
RR2. We cannot afford to have ALL the traffic from the other locations
coming through our main location.

Hello Joshua,

I didnt

Regards,

Nico

On 11/01/2016 07:41 PM, Joshua Hurst wrote:
> Hello,
>
> I am fairly new to Quagga and OSPF. I just started a new job and am
> trying to learn as quickly as possible. I think I understand all of
> the basic stuff, but I am having trouble understanding how to have 2
> of my routers advertise default routes to a particular area.
>
> Here is our basic setup.
>
> Inline image 1
>
>
> We have two debian firewall servers which all of our ISP's are
> connected to. I will refer to them as R1 and R2. They are both in Area 0
>
> R1 has this configuration for OSPF:
> ospf router-id 10.147.1.10
> max-metric router-lsa on-startup 30
> max-metric router-lsa on-shutdown 30
> network 10.3.251.0/29 <http://10.3.251.0/29> area 10.18.0.0
> network 10.147.1.4/30 <http://10.147.1.4/30> area 0.0.0.0
> network 10.147.1.8/30 <http://10.147.1.8/30> area 0.0.0.0
> network 10.147.1.48/30 <http://10.147.1.48/30> area 0.0.0.0
> area 10.18.0.0 range 10.18.0.0/16 <http://10.18.0.0/16>
>
> R2 has this configuration for OSPF:
> ospf router-id 10.147.1.22
> max-metric router-lsa on-startup 30
> max-metric router-lsa on-shutdown 30
> network 10.1.254.0/29 <http://10.1.254.0/29> area 10.18.0.0
> network 10.147.1.17/30 <http://10.147.1.17/30> area 0.0.0.0
> network 10.147.1.20/30 <http://10.147.1.20/30> area 0.0.0.0
> network 10.147.1.52/30 <http://10.147.1.52/30> area 0.0.0.0
> area 10.18.0.0 range 10.18.0.0/16 <http://10.18.0.0/16>
>
> We also have two debian firewall servers (RR1 and RR2 both in Area 0)
> outside our local network that have openvpn connections to R1 and R2.
>
> RR1 has this configuration for OSPF
> ospf router-id 10.147.1.9
> max-metric router-lsa on-startup 30
> max-metric router-lsa on-shutdown 30
> redistribute static
> network 10.84.0.0/22 <http://10.84.0.0/22> area 10.88.0.69
> network 10.88.1.0/24 <http://10.88.1.0/24> area 10.88.0.69
> network 10.88.250.0/30 <http://10.88.250.0/30> area 0.0.0.0
> network 10.147.1.2/30 <http://10.147.1.2/30> area 0.0.0.0
> network 10.147.1.8/30 <http://10.147.1.8/30> area 0.0.0.0
>
> RR2 has this configuration for OSPF:
> ospf router-id 10.147.1.21
> max-metric router-lsa on-startup 30
> max-metric router-lsa on-shutdown 30
> network 10.85.0.0/22 <http://10.85.0.0/22> area 10.88.0.69
> network 10.88.1.0/24 <http://10.88.1.0/24> area 10.88.0.69
> network 10.88.250.0/30 <http://10.88.250.0/30> area 0.0.0.0
> network 10.147.1.12/30 <http://10.147.1.12/30> area 0.0.0.0
> network 10.147.1.20/30 <http://10.147.1.20/30> area 0.0.0.0
>
> We have two Dell N3024 switches behind R1 and R2 that are our core
> switches (S1 and S2). They are in area 10.18.0.0
>
> I am trying to get this set up properly for High Availability. How do
> I have R1 and R2 advertise themselves as a default route to S1 and S2
> without also advertising to RR1 and RR2? Can anyone point me in the
> right direction?
So far I can tell is that it's not possible to default-originate the
default route in OSPF on specific areas

It can be done globally with the config default-information originate
under router ospf section ( but that's not answering your question :) )

AFAIK, OSPF is not really meant for that. I would use BGP to have
maximum flexibility with routes.

I would suggest:

Use OSPF as what it is - IGP to "build" the map of your network - and
use BGP for "customer/service" traffic with route-map to announce the
default-route ( with next-hop self maybe ) from R1/R2 to the S1/S2 -
and S1/S2 to accept only default routes from upstream.

That would allow you to avoid having the default-route pointing to
RR1/RR2 as well.

> Also, is there any way to specify which one should take precedence
> when both routes are available?
Again, I don't how to do it "clean" with OSPF - you can use different
OSPF cost on both S1/S2 to R1/R2 links.
lets say:
S1 -> R1 cost 10
S1 -> R2 cost 100
S2 -> R1 cost 100
S2 -> R2 cost 10

Both routes are available, but as one next-hop will have a higher cost -
it will break ECMP ( but not the redundancy )

A cleaner way can be done again with BGP + route-map ( that can set bgp
attributes like MED / WEIGHT ) based on community for example at the
R1/R2 or S1/S2 level.
Some people would prefer to fix route choice at the R1/R2 level, others
at the S1/S2 level - depends on the habit I guess.

Regards,
Nicolas

Ps: what are the default-routes for R1/R2 ? one or more ISP ? what
happens if all uptreams goes done on R1 or R2 ?

> We have two other debian firewalls connected through openvpn that are
> set up similarly to RR1 and RR2. We cannot afford to have ALL the
> traffic from the other locations coming through our main location.
>
>
> _______________________________________________
> Quagga-users mailing list
> Quagga-users@lists.quagga.net
> https://lists.quagga.net/mailman/listinfo/quagga-users

Mailing List Archive

Mailing List Archive

Attached Files: