Hi all
I have a FlexVPN setup with 2x WAN routers in a branch (let's call them R1 and R2) connected to 2x hubs (HUB1 and HUB2)
R1 and R2 have a single ISP line each
Hub 1 Loopback = 1.1.1.1Hub 2 Loopback = 1.1.1.2R1 Loopback = 2.1.1.1R2 Loopback = 2.1.1.2R1/R2 local LAN = 192.168.1.0/24 (interface VLAN10)
I'm using iBGP on the FlexVPN and OSPF on the LAN
Routing configuration:
R1 routing configuration: router ospf 1 passive-interface default no passive-interface Vlan10 network 2.1.1.1 0.0.0.0 area 1 network 192.168.1.0 0.0.0.255 area 1 router bgp 65100 bgp log-neighbor-changes network 192.168.1.0 mask 255.255.255.0 network 2.1.1.1 mask 255.255.255.255 timers bgp 15 30 redistribute ospf 1 neighbor 1.1.1.1 remote-as 65100 neighbor 1.1.1.1 fall-over neighbor 1.1.1.1 next-hop-self neighbor 1.1.1.2 remote-as 65100 neighbor 1.1.1.2 fall-over neighbor 1.1.1.2 next-hop-self R2 routing configuration: router ospf 1 passive-interface default no passive-interface Vlan10 network 2.1.1.2 0.0.0.0 area 1 network 192.168.1.0 0.0.0.255 area 1 router bgp 65100 bgp log-neighbor-changes network 192.168.1.0 mask 255.255.255.0 network 2.1.1.2 mask 255.255.255.255 timers bgp 15 30 redistribute ospf 1 neighbor 1.1.1.1 remote-as 65100 neighbor 1.1.1.1 fall-over neighbor 1.1.1.1 next-hop-self neighbor 1.1.1.2 remote-as 65100 neighbor 1.1.1.2 fall-over neighbor 1.1.1.2 next-hop-self The problem I have is that when the tunnel on either R1 or R2 goes down, the loopback IP of the downed router is in the routing table but it's not accessible from the rest of the network - I believe this is because the down router doesn't know the route back to the rest of the network
For example if R2 is down, I can add a static route to R2, which fixed the problem (obviously not a practical solution)
ip route 0.0.0.0 0.0.0.0 2.1.1.1
I tried using the following commands:
router ospf 1
redistribute bgp 65100 subnets
router bgp 65100
bgp redistribute-internal
This does work but has 2 problems - it's a bit of a dangerous feature and secondly what happened is that when R2 ISP is back up, the routes received through OSPF have a lower metric than BGP (110 for OSPF routes and 200 for iBGP), and I couldnt find a way to manipulate that,
Does anyone have an idea how I can get this working?
From the user perspective hte loopback not being accessible causes no problems but in the situation like an ISP IP needs changing or something, it's really awkward to have to SSH from another router on site / console in to fix the problem
Hope this makes sense
No comments:
Post a Comment