Routing

Expand all | Collapse all

Conditional advertisement in OSPF

  • 1.  Conditional advertisement in OSPF

    Posted 12-10-2020 23:51
    Hi everybody,
    We have two data centers at Denver and LA, We have a dedicated link for vMotion between two data centers.
    We have  following design requirement:
    1) VM should use same IP i.e 10.10.10.10 regardless of  data center location as shown below.
    2) When VM is at Denver data center, SRX2 should advertise 10.10.10.10/32 into OSPF.  Similarly, when VM is at LA data center, SRX1 should advertise 10.10.10.10/32 into OSPF.
     It will be very easy with static route with probe condition and redistribute static route into OSPF if probe succeeds, but my headache is 10.10.10.0/24 is directly connected subnet on SRX. 
    Any ideas?
    Have a good weekend!!

    VM is moved to LA data center, still using the same IP:




  • 2.  RE: Conditional advertisement in OSPF

    Posted 12-11-2020 05:22
    You can do this in a couple of ways, but nowadays the obvious question would be: Have you considered having EVPN on this design? MAC movement management in EVPN is done natively, consider checking out the solution.

    Elvin


  • 3.  RE: Conditional advertisement in OSPF

    Posted 12-11-2020 16:27

    *** if you want LA and DNVR to be EVPN L2 connected and NYC to stay IP connected only, then this is how I did it

    *** this way you can have the L2 bridging between LA and DNVR and also the /32 optimal host routing from NYC via inet.0 (i've tested that by adding another ip like (10.10.10.10 and 10.10.10.11) and then traceroute from NYC to show that when .10 is in LA and .11 is in DNVR, NYC will optimally route to each /32 appropriately, and not sub optimally tromboning like back in the FHRP (vrrp) days...

    *** ...but for the 10.10.10.10 move scenario you mentioned, here's what I have....

    *** i'm using 172.223.10.0/24 instead of your 10.10.10.0/24...

    *** i tried to name my routers like your sites...

    SRX1-LA

    SRX2-DNVR

    MX-NYC

    *** i'm using 17.4R1.16 vmx for all 3 nodes in this lab scenario

    *** both srx's are participating in a EVPN-MPLS ELAN

    *** both srx's are exporting EVPN routes into inet.0 via an ospf export policy, as you will see below

    *** MX-NYC is only connected to those SRX nodes via inet.0 core routing

    *** i tested moving an ip from one dc to the other... 172.223.10.10/32

    *** i'm exporting those evpn reachable devices at the EVPN speakers (LA and DNVR) into ospf with this export policy...

    me@SRX1-LA> show configuration protocols ospf | display set
    set protocols ospf export my-ospf-export-policy
    set protocols ospf area 0.0.0.1 interface lo0.0 passive
    set protocols ospf area 0.0.0.1 interface ae0.0
    set protocols ospf area 0.0.0.1 interface ae1.0
    set protocols ospf area 0.0.0.1 interface ae50.0
    set protocols ospf area 0.0.0.1 interface irb.10 passive

    me@SRX1-LA> show configuration policy-options policy-statement my-ospf-export-policy | display set
    set policy-options policy-statement my-ospf-export-policy term 1 from protocol evpn
    set policy-options policy-statement my-ospf-export-policy term 1 then accept


    me@SRX2-DNVR> show configuration protocols ospf | display set
    set protocols ospf export my-ospf-export-policy
    set protocols ospf area 0.0.0.1 interface lo0.0 passive
    set protocols ospf area 0.0.0.1 interface ae0.0
    set protocols ospf area 0.0.0.1 interface ae1.0
    set protocols ospf area 0.0.0.1 interface ae50.0
    set protocols ospf area 0.0.0.1 interface irb.10 passive

    me@SRX2-DNVR> show configuration policy-options policy-statement my-ospf-export-policy | display set
    set policy-options policy-statement my-ospf-export-policy term 1 from protocol evpn
    set policy-options policy-statement my-ospf-export-policy term 1 then accept


    *** initially 172.223.10.10/32 was here at SRX1-LA ...

    me@SRX1-LA> show route table inet.0 172.223.10.0/24

    inet.0: 30 destinations, 30 routes (30 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    172.223.10.0/24 *[Direct/0] 1d 15:18:59
    > via irb.10
    172.223.10.1/32 *[Local/0] 1d 15:18:59
    Local via irb.10
    172.223.10.10/32 *[EVPN/7] 00:15:40
    > via irb.10 <<<--- seen locally in LA

    *** other DC SRX2-DNVR sees it via evpn but also via the remote dc's ospf export policy via inet.0

    me@SRX2-DNVR> show route table inet.0 172.223.10.0/24

    inet.0: 30 destinations, 31 routes (30 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    172.223.10.0/24 *[Direct/0] 1d 07:29:03
    > via irb.10
    172.223.10.1/32 *[Local/0] 1d 07:29:03
    Local via irb.10
    172.223.10.10/32 *[EVPN/7] 01:05:13
    > to 10.103.129.17 via ae1.0, Push 16, Push 299776(top) <<<--- seen remotely via EVPN
    [OSPF/150] 00:21:04, metric 0, tag 0 <<<--- also seen via inet.0 ospf)
    > to 10.103.129.17 via ae1.0


    *** here is router MX-NYC not participating in the evpn, but is learning this route via core routing table (inet.0) using OSPF

    me@MX-NYC> show route table inet.0 172.223.10.0/24 | refresh 1
    ......

    inet.0: 28 destinations, 28 routes (28 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    172.223.10.0/24 *[OSPF/10] 00:26:30, metric 3
    to 10.103.129.6 via ae0.0
    > to 10.103.129.1 via ae1.0
    172.223.10.10/32 *[OSPF/150] 00:23:18, metric 0, tag 0 <<<---- been here for 23 minutes
    > to 10.103.129.6 via ae0.0 <<<---- x.x.129.6 next hop
    ---(refreshed at 2020-12-11 14:43:10 CST)---


    *** at this moment i switched 172.223.10.10/32 over to other DC....


    inet.0: 28 destinations, 28 routes (28 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    172.223.10.0/24 *[OSPF/10] 00:26:31, metric 3
    to 10.103.129.6 via ae0.0
    > to 10.103.129.1 via ae1.0
    172.223.10.10/32 *[OSPF/150] 00:00:00, metric 0, tag 0 <<<--- been here for 0 seconds, just got here
    > to 10.103.129.1 via ae1.0 <<<--- x.x.129.1 next hop


    *** after moving 172.223.10.10/32 to SRX2-DNVR it's seen like this...


    me@SRX1-LA> show route table inet.0 172.223.10.0/24

    inet.0: 30 destinations, 31 routes (30 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    172.223.10.0/24 *[Direct/0] 1d 15:21:41
    > via irb.10
    172.223.10.1/32 *[Local/0] 1d 15:21:41
    Local via irb.10
    172.223.10.10/32 *[EVPN/7] 00:00:12
    > to 10.103.129.14 via ae0.0, Push 299776, Push 300000(top) <<<--- seen remotely via EVPN
    [OSPF/150] 00:00:13, metric 0, tag 0 <<<--- also seen via inet.0 ospf)
    > to 10.103.129.14 via ae0.0


    me@SRX2-DNVR> show route table inet.0 172.223.10.0/24

    inet.0: 30 destinations, 30 routes (30 active, 0 holddown, 0 hidden)
    + = Active Route, - = Last Active, * = Both

    172.223.10.0/24 *[Direct/0] 1d 07:31:27
    > via irb.10
    172.223.10.1/32 *[Local/0] 1d 07:31:27
    Local via irb.10
    172.223.10.10/32 *[EVPN/7] 00:00:10
    > via irb.10 <<<--- seen locally in DNVR




    ------------------------------
    Aaron Gould
    Senior Network Engineer
    aaron@gvtc.com
    https://www.linkedin.com/in/agould123/
    ------------------------------