[c-nsp] OSPF router gets separated from a broadcast domain

Christopher E. Brown chris.brown at acsalaska.net
Thu Jan 31 07:22:15 EST 2008 

Gabor Ivanszky wrote:
> Hello,
> 
> 
> Ed Ravin wrote:
>>
>>      d1   d2   d3                          d4   d5   d6
>>       \    |   /                            \    |   /
>>        \   |  /                              \   |  /
>>         switch---------leased line------------switch
>>            |                                     |
>>        Router A                               Router B
>>            |                                     |
>>            +-- -- -- -- backup tunnel -- -- -- --+
>>
>>
>> I think the answer to the diagram above is "don't do that", or at
>> least "don't do that unless all the devices speak OSPF, and you've
>> made sure that none of your important traffic uses the IP addresses
>> in the broadcast domain that could be unreachable if the Ethernet gets
>> partitioned".
>>
>> The network works fine as long as every device in the broadcast
>> domain speaks OSPF and can follow the announced routes whether they
>> come from the broadcast domain or from elsewhere.  But for the
>> devices that don't speak OSPF, there's no way to reach them from
>> the "other side" of the leased line when it is down unless I play
>> tricks with /32 routes.
>>
>>   
> the point is that even if all your devices speak OSPF, they will suffer 
> from this issue as well.
> d4 speaking OSPF doesn't help Router A not to use it's connected 
> interface to try to reach the network, and d4 also(and all the possible 
> networks behind d4), still creating the blackhole, as far as our tests 
> shows.
> 
> Gabor

The point is that subnets should be transport or destination, *not 
both*.  The partition of a OSPF speaking transport network does not 
matter, only the partition of a destination subnet (or a shared 
transport+dest subnet).


If router A and router B were speaking OSPF on a pair of /30s, one over 
the primary and one over the backup then a partition on one path or the 
other is non impacting.  In the above, devices d 1-3 should be in their 
own subnet, as should d4 - 6.

If router redundancy is required there should be a pair at each site, up 
the OSPF subnets from /30s to /29s and run HSRP or VRRP to support the 
site A subnet(s) and the same at site B.


-- 
------------------------------------------------------------------------
Christopher E. Brown   <chris.brown at acsalaska.net>   desk (907) 550-8393
                                                      cell (907) 632-8492
IP Engineer - ACS
------------------------------------------------------------------------

More information about the cisco-nsp mailing list