So I've got a few OSPF areas. Each rack is an area, and the spine switches make area 0 between them.
As the Fortigates are in two racks and because I'm using their FGCP cluster protocol, in order to make the port/IP configuration the same on both units in the event of a failover, I connected each member of the Fortigate cluster ("the Fortigate" from here on) to the leaf switches in both racks. This naturally puts them in two OSPF areas, neither of which are area 0. Just some background. This is something I plan to change/fix, but for now it is what is it.
It's also important to mention this is a pure layer 3 underlay network I'm talking about, with "routing to the host", so my hypervisors are advertising routes. And one final piece of background is that the Fortigates, being the gateways, are ASBRs as well.
So, in the two racks where the Fortigate has a presence (areas 100 and 200), I'm getting all the routes from the hosts. They get advertised as E2 as they are being pulled from other sources on the hosts and distributed into OSPF.
However, in a third rack (area 300, of which the Fortigate is not a member), the routes propagate through the spines, into the leaf switches in the other two racks, but the Fortigate won't install them for some reason. So a leaf, which only exists in area 200, for example, is installing the E2 route from area 300, but the Fortigate which exists in areas 100 and 200 is not.
I can post a rough diagram in a bit if it'd help. I'm thinking it's something to do with the Fortigate being in two areas and OSPF avoiding a routing loop. I have a backup plan in the meantime to get the traffic moving, but I wanted to see what you all think, as I'm not too well versed in OSPF.
Thanks in advance, happy to answer questions you might have.
No comments:
Post a Comment