Description
This article presents an example to control OSPF routes when 2 routers have got parallel (redundant) links to each other.
The following scenario illustrates this example :
10.160.0.0/23 [ FGT1 ] --- wan1 ----- [ FGT2 ] ---- 192.168.182.0/23 + default route
------------- [------] --- wan2 ----- [------]
OSPF is enabled on all interfaces of FGT1 and FGT2.
Requirements :
Scope
All FortiOS
Solution
The solution described hereafter is based on the OSPF interface cost.
FGT1 # get router info ospf neighbor
FGT1 # get router info routing-table ospf
FGT2 # get router info ospf neighbor
FGT2 # get router info routing-table ospf
We see from the above that two adjacencies are brought up, and due to ECMP, both FortiGate learn each route from wan1 and wan2
FGT1 # get router info routing-table ospf
FGT2 # get router info routing-table ospf
FGT1 # get router info ospf database router lsa
FGT2 # get router info ospf database router lsa
FGT2 # get router info routing-table ospf
FGT1 # get router info ospf database router lsa
When wan1 is brought down, the OSPF routes over wan2 are in the routing tables :
FGT1 # get router info routing-table ospf
FGT2 # get router info routing-table ospf
This article presents an example to control OSPF routes when 2 routers have got parallel (redundant) links to each other.
The following scenario illustrates this example :
10.160.0.0/23 [ FGT1 ] --- wan1 ----- [ FGT2 ] ---- 192.168.182.0/23 + default route
------------- [------] --- wan2 ----- [------]
OSPF is enabled on all interfaces of FGT1 and FGT2.
Requirements :
- FGT1 should learn the network 192.168.182.0/23 and the default route only via wan1
- FGT2 should learn the network 10.160.0.0/23 only via wan1
- wan2 should be used as backup link only
Scope
All FortiOS
Solution
The solution described hereafter is based on the OSPF interface cost.
Step 1: situation with default settings
FGT1 # get router info ospf neighbor
| OSPF process 0: Neighbor ID Pri State Dead Time Address Interface 10.2.2.2 1 Full/Backup 00:00:33 10.182.0.187 wan1 10.2.2.2 1 Full/Backup 00:00:31 10.183.0.187 wan2 |
FGT1 # get router info routing-table ospf
| O*E2 0.0.0.0/0 [110/10] via 10.183.0.187, wan2, 00:00:01 [110/10] via 10.182.0.187, wan1, 00:00:01 O 192.168.182.0/23 [110/20] via 10.183.0.187, wan2, 00:02:04 [110/20] via 10.182.0.187, wan1, 00:02:04 |
FGT2 # get router info ospf neighbor
| OSPF process 0: Neighbor ID Pri State Dead Time Address Interface 10.1.1.1 1 Full/DR 00:00:38 10.182.0.57 wan1 10.1.1.1 1 Full/DR 00:00:38 10.183.0.57 wan2 |
FGT2 # get router info routing-table ospf
| O 10.160.0.0/23 [110/20] via 10.183.0.57, wan2, 00:00:39 [110/20] via 10.182.0.57, wan1, 00:00:39 |
We see from the above that two adjacencies are brought up, and due to ECMP, both FortiGate learn each route from wan1 and wan2
Step 2: Controlling route on FGT2
The cost of the wan2 interface is increased to 200 (10 being default in this situation).| FGT2 # config router ospf config ospf-interface edit "WAN2_higher_cost" set cost 200 set interface "wan2" next end |
- There are no route changes on FGT1 :
FGT1 # get router info routing-table ospf
| O*E2 0.0.0.0/0 [110/10] via 10.183.0.187, wan2, 00:07:33 [110/10] via 10.182.0.187, wan1, 00:07:33 O 192.168.182.0/23 [110/20] via 10.183.0.187, wan2, 00:07:33 [110/20] via 10.182.0.187, wan1, 00:07:33 |
- But FGT2 now only learns the remote route via wan1 :
FGT2 # get router info routing-table ospf
| O 10.160.0.0/23 [110/20] via 10.182.0.57, wan1, 00:05:18 |
- LSDB check on FGT1 and FGT2 :
FGT1 # get router info ospf database router lsa
| Router Link States (Area 0.0.0.0) LS age: 16 Options: 0x2 (*|-|-|-|-|-|E|-) Flags: 0x0 LS Type: router-LSA Link State ID: 10.1.1.1 Advertising Router: 10.1.1.1 LS Seq Number: 8000000f Checksum: 0xd97c Length: 60 Number of Links: 3 Link connected to: Stub Network (Link ID) Network/subnet number: 10.160.0.0 (Link Data) Network Mask: 255.255.254.0 Number of TOS metrics: 0 TOS 0 Metric: 10 Link connected to: a Transit Network (Link ID) Designated Router address: 10.183.0.187 (Link Data) Router Interface address: 10.183.0.57 Number of TOS metrics: 0 TOS 0 Metric: 10 Link connected to: a Transit Network (Link ID) Designated Router address: 10.182.0.187 (Link Data) Router Interface address: 10.182.0.57 Number of TOS metrics: 0 TOS 0 Metric: 10 LS age: 21 Options: 0x2 (*|-|-|-|-|-|E|-) Flags: 0x2 : ASBR LS Type: router-LSA Link State ID: 10.2.2.2 Advertising Router: 10.2.2.2 LS Seq Number: 80000013 Checksum: 0x48c8 Length: 60 Number of Links: 3 Link connected to: Stub Network (Link ID) Network/subnet number: 192.168.182.0 (Link Data) Network Mask: 255.255.254.0 Number of TOS metrics: 0 TOS 0 Metric: 10 Link connected to: a Transit Network (Link ID) Designated Router address: 10.183.0.187 (Link Data) Router Interface address: 10.183.0.187 Number of TOS metrics: 0 TOS 0 Metric: 200 Link connected to: a Transit Network (Link ID) Designated Router address: 10.182.0.187 (Link Data) Router Interface address: 10.182.0.187 Number of TOS metrics: 0 TOS 0 Metric: 10 |
FGT2 # get router info ospf database router lsa
Router Link States (Area 0.0.0.0) LS age: 258 Options: 0x2 (*|-|-|-|-|-|E|-) Flags: 0x0 LS Type: router-LSA Link State ID: 10.1.1.1 Advertising Router: 10.1.1.1 LS Seq Number: 80000008 Checksum: 0x5b07 Length: 60 Number of Links: 3 Link connected to: Stub Network (Link ID) Network/subnet number: 10.160.0.0 (Link Data) Network Mask: 255.255.254.0 Number of TOS metrics: 0 TOS 0 Metric: 10 Link connected to: a Transit Network (Link ID) Designated Router address: 10.183.0.57 (Link Data) Router Interface address: 10.183.0.57 Number of TOS metrics: 0 TOS 0 Metric: 10 Link connected to: a Transit Network (Link ID) Designated Router address: 10.182.0.57 (Link Data) Router Interface address: 10.182.0.57 Number of TOS metrics: 0 TOS 0 Metric: 10 LS age: 257 Options: 0x2 (*|-|-|-|-|-|E|-) Flags: 0x2 : ASBR LS Type: router-LSA Link State ID: 10.2.2.2 Advertising Router: 10.2.2.2 LS Seq Number: 8000000c Checksum: 0xc953 Length: 60 Number of Links: 3 Link connected to: Stub Network (Link ID) Network/subnet number: 192.168.182.0 (Link Data) Network Mask: 255.255.254.0 Number of TOS metrics: 0 TOS 0 Metric: 10 Link connected to: a Transit Network (Link ID) Designated Router address: 10.183.0.57 (Link Data) Router Interface address: 10.183.0.187 Number of TOS metrics: 0 TOS 0 Metric: 200 Link connected to: a Transit Network (Link ID) Designated Router address: 10.182.0.57 (Link Data) Router Interface address: 10.182.0.187 Number of TOS metrics: 0 TOS 0 Metric: 10 |
Step 3: Controlling route o FGT1
- The cost of the wan2 interface is increased to 200 (10 being default in this situation).
| FGT1 # config router ospf config ospf-interface edit "WAN2_higher_cost" set cost 200 set interface "wan2" next end end |
- Now both FGT1 and FGT2 have only one route, via wan1
| O*E2 0.0.0.0/0 [110/10] via 10.182.0.187, wan1, 00:00:40 O 192.168.182.0/23 [110/20] via 10.182.0.187, wan1, 00:00:40 |
FGT2 # get router info routing-table ospf
| O 10.160.0.0/23 [110/20] via 10.182.0.57, wan1, 00:09:37 |
- LSDB check on FGT1 :
FGT1 # get router info ospf database router lsa
Router Link States (Area 0.0.0.0) LS age: 81 Options: 0x2 (*|-|-|-|-|-|E|-) Flags: 0x0 LS Type: router-LSA Link State ID: 10.1.1.1 Advertising Router: 10.1.1.1 LS Seq Number: 8000000b Checksum: 0xe637 Length: 60 Number of Links: 3 Link connected to: Stub Network (Link ID) Network/subnet number: 10.160.0.0 (Link Data) Network Mask: 255.255.254.0 Number of TOS metrics: 0 TOS 0 Metric: 10 Link connected to: a Transit Network (Link ID) Designated Router address: 10.183.0.187 (Link Data) Router Interface address: 10.183.0.57 Number of TOS metrics: 0 TOS 0 Metric: 200 Link connected to: a Transit Network (Link ID) Designated Router address: 10.182.0.57 (Link Data) Router Interface address: 10.182.0.57 Number of TOS metrics: 0 TOS 0 Metric: 10 LS age: 83 Options: 0x2 (*|-|-|-|-|-|E|-) Flags: 0x2 : ASBR LS Type: router-LSA Link State ID: 10.2.2.2 Advertising Router: 10.2.2.2 LS Seq Number: 8000000e Checksum: 0xfc9b Length: 60 Number of Links: 3 Link connected to: Stub Network (Link ID) Network/subnet number: 192.168.182.0 (Link Data) Network Mask: 255.255.254.0 Number of TOS metrics: 0 TOS 0 Metric: 10 Link connected to: a Transit Network (Link ID) Designated Router address: 10.183.0.187 (Link Data) Router Interface address: 10.183.0.187 Number of TOS metrics: 0 TOS 0 Metric: 200 Link connected to: a Transit Network (Link ID) Designated Router address: 10.182.0.57 (Link Data) Router Interface address: 10.182.0.187 Number of TOS metrics: 0 TOS 0 Metric: 10 |
Step4 : Route redundancy verification
When wan1 is brought down, the OSPF routes over wan2 are in the routing tables :
FGT1 # get router info routing-table ospf
| FGT1 # get router info routing-table ospf O*E2 0.0.0.0/0 [110/10] via 10.183.0.187, wan2, 00:00:06 O 192.168.182.0/23 [110/210] via 10.183.0.187, wan2, 00:00:06 |
FGT2 # get router info routing-table ospf
| O 10.160.0.0/23 [110/210] via 10.183.0.57, wan2, 00:00:14 |
Labels:
