[c-nsp] OSPF router gets separated from a broadcast domain

Ed Ravin eravin at panix.com
Tue Jan 29 11:01:05 EST 2008 

On Tue, Jan 29, 2008 at 09:03:42AM +0100, Gabor Ivanszky wrote:
> I did some research in different OSPF literature, and couldn't find any 
> solution for the following simple-looking issue:
> 
> Let's assume you have a broadcast multi-access network(e.g. ethernet) 
> with a subnet living on it, and having multiple OSPF routers connected 
> to it. Let's go with two routers for the example. As long as the 
> broadcast domain is intact, everything is fine, one of the OSPF routers 
> is the DR, and the other is the BDR, and only the DR announces the 
> network of this broadcast domain in it's LSA.
> 
> Now one of the routers gets separated from the network, while it's 
> physical interface remains in "up" state, which is easily possible 
> especially with ethernet.

I have a situation like this in my network.  We've got an Ethernet
spread across two colos, connected by a leased 100Mb line, with a
lower speed backup link via another network:

     d1   d2   d3                          d4   d5   d6
      \    |   /                            \    |   /
       \   |  /                              \   |  /
        switch---------leased line------------switch
           |                                     |
       Router A                               Router B
           |                                     |
           +-- -- -- -- backup tunnel -- -- -- --+

d1 through d6 (devices) and Router A and B are all in the same
broadcast domain.  Most of them are other routers that speak OSPF
with router A and B over the broadcast domain.

If the leased line goes down, Router A and B can still speak OSPF
to each other over the tunnel.  But Router A can't reach d4 through
d6, and router B can't reach d1 thru d3, because the broadcast
domain has been separated, and both routers are still using their
"connected" route to the subnet that normally covers d1 thru d6.
Likewise, d1 thru d3 can't reach d4 thru d6, at least not on the
IP addresses assigned to the broadcast domain.  All of the other
routes in the network work properly because they're passed via
OSPF.

I think the answer to the diagram above is "don't do that", or at
least "don't do that unless all the devices speak OSPF, and you've
made sure that none of your important traffic uses the IP addresses
in the broadcast domain that could be unreachable if the Ethernet gets
partitioned".

The network works fine as long as every device in the broadcast
domain speaks OSPF and can follow the announced routes whether they
come from the broadcast domain or from elsewhere.  But for the
devices that don't speak OSPF, there's no way to reach them from
the "other side" of the leased line when it is down unless I play
tricks with /32 routes.

	-- Ed

More information about the cisco-nsp mailing list