[j-nsp] Trying to get OSPF to work across IPsec for Redundancy
Stefan Fouant
sfouant at shortestpathfirst.net
Thu Apr 21 12:24:36 EDT 2011
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-
> bounces at puck.nether.net] On Behalf Of Devin Kennedy
> Sent: Thursday, April 21, 2011 11:33 AM
> To: juniper-nsp at puck.nether.net
> Subject: [j-nsp] Trying to get OSPF to work across IPsec for Redundancy
>
> Hello All:
>
> I'm trying to get OSPF up over IPsec. We have two IPsec tunnels, a
> primary and a secondary that our spoke router can use. We want to have
> the spoke router run OSPF across both and then in case of a failure of
> the primary hub router (where the primary IPsec tunnel terminates) OSPF
> will direct traffic over the backup tunnel to the backup hub.
>
> So far I have seen OSPF on the spoke router come up just a couple of
> times but only to one or the other peer. It never has come up to both
> peers. Here are my configurations for OSPF and the services interfaces
> below. Also BGP is up on all routers and all routers are reachable via
> BGP.
>
> If anyeone can guide me in the right direction to get OSPF working over
> IPsec that would be most apprectiated!
Have you configured router-id's on all the devices? I've seen this many
times where simply configuring the router-id will cause the OSPF adjacencies
to form across the tunnels.
'set routing-options router-id x.x.x.x' should do the trick.
If that doesn't work, give us the output from 'show ospf interfaces' on all
the devices.
Stefan Fouant, CISSP, JNCIEx2
www.shortestpathfirst.net
GPG Key ID: 0xB4C956EC
More information about the juniper-nsp
mailing list