6

I have this setup with a hybrid of equipment's from Cisco and Ubiquiti Edge routers and Vyos. My Cisco Nexus configured with HSRP with all the SVI's on 192.168.1.243 as the active on HSRP and SVI's all on area 0.0.0.0 with SVI interfaces on 192.168.1.242 configured as ip ospf cost 50 because the default ip ospf cost on 192.168.1.243 is 40. I also configure ip ospf priority 100 on all SVI's of 192.168.1.243 and ip ospf priority 90 on all SVI's for 192.168.1.242. All the routers loopback interfaces and Ethernet on 192.168.0.0/24 are on area 0.0.0.0. This setup is for me to have redundancy in my core network. OSPF neighbors looks ok on all routers.

Install in a new Edge router with 192.168.1.241 as the router ID and same OSPF configuration as 192.168.1.240 as I need to replace 192.168.1.240 however I cannot access this from any client connected to the subnets/vlan off the Cisco Nexus SVI's. I can access it from remote sites and even the routers in the same area. My WAN sites are connected via 192.168.1.240, 192.168.1.254 amd 10.11.1.50 and clients from that end can access this new router (192.168.1.241). I notice that OSPF works well as it manage to get routes from the respective neighbors on the same subnet and it get routes from the remote sites as well off my other WAN routers. Through troubleshooting I notice that if I configure the SVI on 192.168.1.243 with a higher cost I can access it but loose access to other routers in the same backbone area.

I believe there must be something I'm missing on my Nexus configuration. Am attaching herewith my setup and if needed I can post the configuration of the SVI's on my two Nexus. Hope someone will help me out here

Thanks enter image description here

Here is the SVI's and OSPF configuration 

**cisco-nexus01**
interface Vlan2
  ip address 192.168.0.20/24
  ip ospf priority 100
  ip router ospf 100 area 0.0.0.0
  hsrp 2
    preempt
    priority 105
    ip 192.168.0.21
  no shutdown

interface Vlan3
  ip address 192.168.2.4/24
  ip ospf priority 100
  ip router ospf 100 area 0.0.0.0
  hsrp 3
    preempt
    priority 105
    ip 192.168.2.1
  no shutdown

interface Vlan4
  ip address 192.168.4.4/24
  ip ospf priority 100
  ip router ospf 100 area 0.0.0.0
  hsrp 4
    preempt
    priority 105
    ip 192.168.4.1
    no shutdown

interface Vlan5
  ip address 192.168.60.11/24
  ip ospf priority 100
  ip router ospf 100 area 0.0.0.0
  hsrp 5
    preempt
    priority 105
    ip 192.168.60.1
  no shutdown

interface Vlan6
  ip address 192.168.61.7/24
  ip ospf priority 100
  ip router ospf 100 area 0.0.0.0
  hsrp 6
    preempt
    priority 105
    ip 192.168.61.1
  no shutdown

interface Vlan8
  ip address 192.168.8.4/24
  ip ospf priority 100
  ip router ospf 100 area 0.0.0.0
 hsrp 8
    peempt
    riority 105
   ip 192.168.8.1
  no shutdown

interface Vlan10
  ip address 192.168.3.38/24
  ip ospf priority 100
  ip router ospf 100 area 0.0.0.0
  hsrp 10
    preempt
    priority 105
    ip 192.168.3.1
    no shutdown

interface Vlan52
  ip address 192.168.52.4/24
  ip ospf priority 100
  ip router ospf 100 area 0.0.0.0
  hsrp 52
    preempt
    priority 105
    ip 192.168.52.1
  no shutdown

cisco-nexus02

interface Vlan2
  ip address 192.168.0.19/24
  ip ospf cost 50
  no ip ospf passive-interface
  ip ospf priority 90
  ip router ospf 100 area 0.0.0.0
  hsrp 2
    preempt
    ip 192.168.0.21
  no shutdown

interface Vlan3
  ip address 192.168.2.3/24
  ip ospf cost 50
  no ip ospf passive-interface
  ip ospf priority 90
  ip router ospf 100 area 0.0.0.0
  hsrp 3
    preempt
    ip 192.168.2.1
  no shutdown

interface Vlan4
  ip address 192.168.4.3/24
  ip ospf cost 50
  no ip ospf passive-interface
  ip ospf priority 90
  ip router ospf 100 area 0.0.0.0
  hsrp 4
    preempt
    ip 192.168.4.1
  no shutdown

interface Vlan5
  ip address 192.168.60.10/24
  ip ospf cost 50
  no ip ospf passive-interface
  ip ospf priority 90
  ip router ospf 100 area 0.0.0.0
  hsrp 5
    preempt
    ip 192.168.60.1
  no shutdown

interface Vlan6
  ip address 192.168.61.6/24
  ip ospf cost 50
  no ip ospf passive-interface
  ip ospf priority 90
  ip router ospf 100 area 0.0.0.0
  hsrp 6
    preempt
    ip 192.168.61.1
  no shutdown

interface Vlan8
  ip address 192.168.8.3/24
  ip ospf cost 50
  no ip ospf passive-interface
  ip ospf priority 90
  ip router ospf 100 area 0.0.0.0
  hsrp 8
    preempt
    ip 192.168.8.1
  no shutdown

interface Vlan10
  ip address 192.168.3.37/24
  ip ospf cost 50
  no ip ospf passive-interface
  ip ospf priority 90
  hsrp 10
    preempt
    ip 192.168.3.1
  no shutdown

interface Vlan52
  ip address 192.168.52.3/24
  ip ospf cost 50
  no ip ospf passive-interface
  ip ospf priority 90
  hsrp 52
    preempt
    ip 192.168.52.1
  no shutdown
 

cisco-nexus01

router ospf 100
  router-id 192.168.1.242
  default-information originate
  redistribute static route-map static-in-ospf
  rfc1583compatibility

interface Vlan2
  ip ospf priority 100
  ip router ospf 100 area 0.0.0.0

interface Vlan3
  ip ospf priority 100
  ip router ospf 100 area 0.0.0.0

interface Vlan4
  ip ospf priority 100
  ip router ospf 100 area 0.0.0.0

interface Vlan5
  ip ospf priority 100
  ip router ospf 100 area 0.0.0.0

interface Vlan6
  ip ospf priority 100
  ip router ospf 100 area 0.0.0.0

interface Vlan8
  ip ospf priority 100
  ip router ospf 100 area 0.0.0.0

interface Vlan10
  ip ospf priority 100
  ip router ospf 100 area 0.0.0.0

interface Vlan52
  ip ospf priority 100
  ip router ospf 100 area 0.0.0.0

interface loopback0
  ip ospf priority 100
  ip router ospf 100 area 0.0.0.0

cisco-nexus02

router ospf 100
  router-id 192.168.1.243
  rfc1583compatibility

interface Vlan2
  ip ospf cost 50
  no ip ospf passive-interface
  ip ospf priority 90
  ip router ospf 100 area 0.0.0.0

interface Vlan3
  ip ospf cost 50
  no ip ospf passive-interface
  ip ospf priority 90
  ip router ospf 100 area 0.0.0.0

interface Vlan4
  ip ospf cost 50
  no ip ospf passive-interface
  ip ospf priority 90
  ip router ospf 100 area 0.0.0.0

interface Vlan5
  ip ospf cost 50
  no ip ospf passive-interface
  ip ospf priority 90
  ip router ospf 100 area 0.0.0.0

interface Vlan6
  ip ospf cost 50
  no ip ospf passive-interface
  ip ospf priority 90
  ip router ospf 100 area 0.0.0.0

interface Vlan8
  ip ospf cost 50
  no ip ospf passive-interface
  ip ospf priority 90
  ip router ospf 100 area 0.0.0.0

interface Vlan10
  ip ospf cost 50
  no ip ospf passive-interface
  ip ospf priority 90
  ip router ospf 100 area 0.0.0.0

interface Vlan52
  ip ospf cost 50
  no ip ospf passive-interface
  ip ospf priority 90
  ip router ospf 100 area 0.0.0.0

interface loopback0
  ip ospf priority 90
  ip router ospf 100 area 0.0.0.0
Usaia Tawakevou
  • 86
  • 3
  • You need to provide us with your network device configurations. We cannot simply guess. – Ron Maupin Aug 07 '17 at 21:42
  • @RonMaupin I got the configuration on a PDF file. How do I post it up here ? – Usaia Tawakevou Aug 07 '17 at 22:26
  • You can copy the text from the PDF and paste it into your question. Use the Preformatted-text option (`{}`) so that the text is readable. – Ron Maupin Aug 07 '17 at 22:28
  • @RonMaupin Thanks, I've edited my question with the configuration of t he SVI's and the OSPF for both Nexus – Usaia Tawakevou Aug 07 '17 at 22:44
  • I have a feeling that this must be asymmetric routing issue. TCP dump shows that my echo request comes in and get replied by the equipment but it never reach the host sending the echo request Is there a way to make sure that hosts connected on VLAN's using the HSRP VIP's as its gateway comes off a preferred SVI interface IP ? For e.g my test machine is connected on 192.168.2.0/24 network with 192.168.2.180 as its IP address. When I traceroute it uses 192.168.2.3 as its route path. Is there a way to force all clients to use 192.168.2.4 ? Or HSRP will load balance ? – Usaia Tawakevou Aug 08 '17 at 04:20
  • I got this sorted by statistically route subnets of my SVI as well from my UBNT(Vyos/Vyatta) to the VIP of the SVI's of the Nexus. It seems like they don't handle same subnet on different path to the Cisco which is what I initially wanted for OSPF to handle automatically. My Cisco 2800 handle that well if I advertise SVI ip address of both Nexus on ospf using the same cost. If there is a better way to handle this then Im here to listening and learn :) – Usaia Tawakevou Aug 08 '17 at 22:22
  • Please post an answer to your question. –  Aug 09 '17 at 11:37
  • @UsaiaTawakevou you should post an answer so that other people can benefit from your solution :-) –  Feb 22 '18 at 19:50
  • Did any answer help you? If so, you should accept the answer so that the question doesn't keep popping up forever, looking for an answer. Alternatively, you can post and accept your own answer. – Ron Maupin Jan 05 '21 at 01:30

1 Answers1

3

Problem1: You should have consistent ospf cost, the L3 routing is independent of the L2 hsrp gateway redundancy

Problem1b: You host vlans hanging off the Nexus devices should be passive for OSPF, why do you want active ospf here ?

Problem2: On your vlan2 (192.168.0.0/24) you should not have hsrp, if all the devices are using ospf to interconnect no need for L2 shared ip, only needed if you are doing static routing and need l2 ip failover.

Problem3: If you have dual Nexus devices you probably have vPC configured, although you have not attached any config. vPC has specific rules for interconnecting L3 devices and traversing the peer link. see https://www.cisco.com/c/en/us/support/switches/nexus-5000-series-switches/products-implementation-design-guides-list.html

Problem3: Recommendation is to use a dedicated L3 link (not Vlan) to connect to other ospf routers.

Pieter
  • 1,417
  • 10
  • 14
  • This was sorted out. Thanks @Pieter We use HSRP for our clients on different VLAN's using the Nexus for their gateways. We've got the passive interface sorted out as well. We have vPC configured and we now use L3 link (physical connection) between the two Nexus. It fails over nicely now when one goes off which is what I was after. – Usaia Tawakevou Mar 05 '18 at 04:31