Wednesday, January 17, 2018

Got an unexpected OSPF refresher today

Today found me prepping some new gear that is to be managed only by loopback address, with an on-box policy enforcing it.

The gear doesn't have any routing adjacencies up, right now has only a single IP address on an access lan in the lab. I added a host route for the new gear's loopback to the lab distribution switches, created a prefix list, added it to the STATIC->OSPF route map, etc...

Checking my work, I saw that external LSA appear twice in the database. Great. But I noticed another external (for a lab VPN block) appeared in the database only once. Where was my redundancy for this one?

The configuration looked fine. Both boxes had a static route for the VPN prefix and identically configured redistribution, route map, prefix lists, etc...

I ripped off the static route on the non-advertising guy (from home, via VPN!) Debugs there said this when I re-applied it:

OSPF: Don't redistribute net <vpn-prefix>, <other-switch> advertises it already

Wait, what? The LSA for my new gear's loopback is happy to have two instances in the database, why not this one?

The only difference between the LSAs is that the VPN prefix was pointing at an address on a backbone LAN (one with a type-2 LSA - the VPN box should have been running OSPF, but that work never got done so I'm redistributing statics), while the new loopback prefix (with its pair of LSAs) was on a "passive" access LAN.

Because of the difference between the network types of the next hop, the advertised forwarding address for the VPN block was the address of the VPN box, while the forwarding address for my pair of /32 LSAs was 0.0.0.0 (use the advertising router).

Could that be it?

Off to RFC 1583!

In this case, RTA and RTB would originate the same set of AS external link advertisements. These advertisements, if they specify the same metric, would be functionally equivalent since they would specify the same destination and forwarding address (RTX). This leads to a clear duplication of effort. If only one of RTA or RTB originated the set of external advertisements, the routing would remain the same, and the size of the link state database would decrease.

I'm not sure if I ever knew this (I had some intuition to compare the forwarding address of my samples), but I'd certainly forgotten it.

That was fun.



at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)