Some Questions on OSPF 5

[Tony414]

Hello,
I am going to implement OSPF on our network. Not a big network, a total of only 5 1700 routers. Can anywone give me some common mistakes that people might make when implementing it? If there is evey any. Can someone give me a quick example? Lets just say I have 2 routers. Router A and Router B. One thing I'm not sure of is the area setting. Thanks in advance for the help.

Tony

 

[Tony414]

Hi Jsteve,
Can you elaborate a little on the loopback config you mentioned? Using the 192 addresses like you mentioned is ok?

Thanks,
Tony

 

[drewdown]

Tony414,

You configure loopback interface's on each router so that the router ID will never go "down". Its not a physical interface so it won't go down like a physical interface could. IE no cable attached to it, and as long as the router is on the loobpack address is up.

It makes for better stability in an OSPF environment.

You can use whatever you want, as long as its unique.

 

[UCAtech]

Loopback config:

conf t
interface Loopback0
description Loopback for OSPF router-id
ip address 172.16.10.3 255.255.255.255
router ospf 1
router-id 172.16.10.3
end

Ben Boyd
Network Engineer/Programmer/Student
Windstream Communications
JNCIA, JNCIS, CCNP

 

[jneiberger]

Tony,

When the OSPF process is activated it selects an active IP address to use as a router ID for the process. When you look at any "show ip ospf" commands and see the router ID, you're really just seeing the IP address of one of the interfaces on that router. This can be a little confusing and inconsistent. In order to provide some consistency, some people prefer to create a loopback interface on the router. OSPF prefers the loopback address and will use it as its router ID. You'll want to make sure to add the "ip ospf network point-to-point" command as Jsteve recommends.

As long as you're pretty familiar with the IP addressing in your network, it's probably not necessary to go through the trouble of creating additional virtual interfaces and routes within your network for this purpose. I would do it in a larger, more complex network but you'll do just fine without doing it.

 

[Tony414]

Hey Guys! I am back revisiting my thread. Looking for more help Things have been working great until now. Also, I never setup the loopback info as mentioned. Here is what's going on. I recently purchased a Sonicwall NSA-3500. I am putting this unit into "Transparent Mode". From what Sonicwall is telling me is that when in this mode it just passed date thought the unit. I have everything turned off on this thing allow everything in/out. What's happening is my OSPF is crashing. If you look at my configs from before, I am plugging my "townhall" router "10.81.0.1" into what Sonicwall calls the WAN port. The LAN port is plugged into my switch. The gateway of the WAN port is 10.81.0.1. From what they are telling me is when in this mode it should pass date right to 10.81.0.1. Any help would be great!!

 

[jneiberger]

I won't be much help there. I'm not familiar with any Sonicwall products. Do they have a support website or forum? You might want to check their website to see if they have any tips about using this product in an environment with OSPF.

What exactly is breaking? Is it breaking the neighbor relationship between the two Townhall routers? (this is technically called an adjacency.) With the Sonicwall in place, can you still ping across it? Is it only OSPF that seems to be broken?

As an FYI, OSPF uses multicast, so you might check to see if there are additional commands on the Sonicwall related to passing multicast packets.

 

[jneiberger]

I just looked at the Sonicwall Administrator's Guide. It looks to me like Layer 2 Bridge Mode would be a better choice than Transparent Mode, but that's just at first glance. This mode will pass broadcast and multicast traffic. I'm not sure that Transparent Mode does that.

 

[Tony414]

Stupid me!! I meant L2 Bridge mode. That's how I have it configured. The relationship between the townhall and the highschool goes down. I will look into the multicast setting. Thanks for the quick response!!

 

[jneiberger]

Adding the firewall to the LAN interface on Townhall brings down the OSPF connection to High School? That's interesting. You might want to turn on OSPF debugging on the High School router and see what it says. It will tell you why the adjacency is going down.

 

[Tony414]

First off let me apologize for needing my hand held for all this. What's the best way to do the debugging? I'm not 100% sure of all the commands, and I don't want to mess anything up. Thanks

 

[jneiberger]

I believe the command you need is debug ip ospf adjacency, or something like that. Use the ? key to help with the exact keywords. Remember to do "term mon" so you can see the output.

 

[jneiberger]

A thought occurs to me... If this new device is truly in transparent mode, there shouldn't be a problem. Try restarting OSPF on the Townhall router and on the High school router. The command is "clear ip ospf 1 process". You might want to do it on Townhall2, as well.

 

[Tony414]

Well it's in "L2 Bridge Mode" They say it's pretty much the same thing with less configuration. So they say Here's the problem. I'm on the side of this unit that gets lost. So I can't get to the highschool. Can I clear the ospf first then hook the unit back up?

 

[jneiberger]

Well, I hate to say this, but you might want to put in some static routes for now until you get this figured out. I'm stumped about why this is happening in the first place. I don't know why adding something to the LAN interface on your Townhall router would have any effect on the High School connection.

You could remove the device, activate debugging on the two routers (or maybe even Townhall2, as well), insert the device, let the OSPF stuff fail, then remove the device again and look at the router logs to see what the debug output says. It will tell you what happened with OSPF, and that should lead us to the solution.

 

[Tony414]

Check this out!! I'm on the 10.81 side. I can ping to 10.0.0.20 (highschool), but can't ping to 10.81.0.1 which is on the other side of the sonicwall....

 

[jneiberger]

What are you pinging from?

 

[Tony414]

From my workstation, which is 10.81.0.16

 

[jneiberger]

Interesting. I think something is broken on the Sonicwall. You say that it's not blocking anything, but it clearly is causing some sort of bizarre problem. Does it have an administrative IP address? If so, did it accidentally grab the same IP address as the Townhall LAN interface?

 

[Tony414]

Yes, very interesting! I'm saying I pretty much have it turned off so it allows anything to pass through. It has it's own static ip which is not related to anything else.

 

[jneiberger]

Can Townhall2 ping the LAN interface of Townhall?