OSPF backup path - forms a loop?

journeyman · ‎10-06-2014

In the diagram below, is there a way to configure ospf on the link between FGT2 and FGT3? The aim is to provide a backup path to FGT3 given the flaky nature of the primary link. BTW, flaky is relative - it' s OK but not perfect. When I used area 0.0.0.5, FGT3 lost its area 0 routes but FGT2 was OK. When I used area 0.0.0.6, FGT2 lost its area 0 routes and FGT3 was also impacted (presume it also lost area 0 routes, didn' t confirm). Is this possible with appropriate configuration, or is the concept doomed? Thanks in advance.

emnoc · ‎10-08-2014

Will you need to look at ospf design concepts. In you case area 2 & 5 can' t pass inter-area traffic all areas without attachment to area 0. So to do this, you need to build a ospf virtual link and then adjust the ospf paths to select the area 5 link for area 2 and 5 . With looking very deeply into this, I believe you can config a virtual-link thru area 5 from the FGT that' s in area2 and adjust the ospf path costs to make the routes thru this virtual-link more preferred via the ospf metrics. FWIW; Your topology map present some personal interests, and I might lab this in GNS3 using cisco routers and see what happens.

PCNSE

NSE

StrongSwan

journeyman · ‎10-09-2014

Thank you. I knew I had an area related issue but wasn' t sure exactly how. Do I understand correctly: Add the slow link to area 5. In the area 5 config of FGT3 set up a virtual link to FGT1 (via FGT2 because it' s in area 5). Adjust metrics to taste. In the short term I have changed all links to area 2. It' s not perfect but it' s functional. I' d rather the slow link wasn' t a routing option for a lot of traffic, although not having matching policies has the same end effect. (My favourite firewall policy is " no route to host" :) ) There is enough hardware here to set up a lab for the virtual link solution. It' s something I' d like to try.