G’day,
I have an OSPF network ring topology setup. I was testing path failover and from an OSPF perspective it works, however locally connected “DAC” routes with a lower Distance (distance of 0) are overriding the imported OSPF routes. I had made a sketch of the network, but for some reason the forum here gives me an HTTP error when trying to upload the image.
Observation
If I disable a wireless PTP then the ports on the routers connected to that PTP stay up and thus their “DAC” Dynamic Active Connected routes stay installed in the routing table. The OSPF routes get installed but since they have a higher routing “DISTANCE” they do not become active.. This causes a router in this scenario to try to route out the interface that is UP, but has no connectivity.
I have tried a couple of things.
#1) Using Routing->Filter with a chain of “connected-in” to try to set the Distance of a connected route to a distance of 120 (OSPF is 110) and so the thinking here is that if an OSPF route gets imported it will take precedence over the connected route. This doesn’t work as the Route Filter doesn’t seem to be able to set the distance on a locally connected route.
#2) If I disable the interface where the PTP went down, then of course it remove the dynamic connected route and then the OSPF route can take over.
My question is -
How do other deal with this issue?
I’ll try to post my drawing as it will help greatly with the understanding.
cheers,
Paul
Attached network diagram. Image uploading stll not working
See google drive link…
Network Diagram
Ok. Now that I have the diagram up here is a more detailed explanation.
PTP #1 goes down (I simply changed the ssid on the AP side so the interfaces are still up just no ip connectivity)
Router #2 - routing table gets updated via OSPF and now it wants to send 0.0.0.0/0 traffic to 10.2.2.20.. ok BUT it retains a route on the interface that has the 10.0.1.51 and so it still wants to route traffic destined for 10.0.1.1 (main core router) through it’s interface on which the PTP is down. OSPF DID install a route for 10.0.1.0/24 that goes through 10.2.2.20, BUT it has a higher distance (110) and so the OSPF route is inactive because the interface is still up.
A kludge I can see working, is perhaps do a netwatch ping on the 10.0.1.51 port of router #2 and if it fails then take the interface down? There’s got to be a better way.
Should I not have put my core router on the same range as router #2 and router #3?
Ok.. so I haven’t found an answer to the issue I have, but I did find a pretty good workaround.
Instead of having the servers on the same subnet that the router IP addresses were I put the servers on a separate subnet and that has solved the issue.
This is not a workaround but a correct solution.
Try to avoid mixing transit networks and host networks as much as possible, especially if your network is built such that a router can be isolated at layer2 while its physical interface remains active.
Remember that routing is layer 3, and if the interface remains UP at layers 1 and 2, then IP is going to consider this a locally-connected interface, which is the highest priority of all networks: Connected (distance = 0 – i.e. You’re there! Return your seats to the upright and locked position)
Basically, the problem is that your layer 3 topology didn’t reflect your physical and logical topology accurately enough.
You should consider migrating your PTP links onto their own unique /30 networks so that they’re distinct from your client networks / device networks, and connect them directly to the routers where possible (eliminating points of failure such as the switch at the head end)
So for instance, the link between routers 3 and 4 would be something like 10.255.3.4/30 with router 3 being .5 and router4 being .6
If the PTP is provided using an external wireless bridge device, then that device should get a management IP from something “local” to site 3 at site 3, and the one at site 4 should get an address from the site 4 addressing space. That way, you don’t get any net splits which isolate your management access to the radios either. (analogous to the netsplit isolating server 1 from router 2 because they were in the same IP range)