08-01-2018 06:43 AM
Hi all,
I am trying to make sense of tie breaker in case of equal cost ospf routes on palo alto ( all the route below have the same metric and all of the same type). Note ECMP is not use so only one route is choosen for routing. Couldn't find on the rfc what would be the tie breaker on such case and on some forum some people refer to the lowest router-ID, some other refer to the oldest installed route. Any idea on how PA implements it?
side 1:
VR Area ID Orig RTR ID LS ID LSA Type Seq Number CheckSum Age Size
0.0.0.2 1.1.1.1 10.25.2.0/23 type-3 (Summary) 0x80000667 0x000081AD 715 28
0.0.0.2 2.2.2.2 10.25.2.0/23 type-3 (Summary) 0x80000667 0x00005055 711 28 ( prefered route on fib)
0.0.0.2 3.3.3.3 10.25.2.0/23 type-3 (Summary) 0x80000667 0x0000D4AA 832 28
Side 2:
VR Area ID Orig RTR ID LS ID LSA Type Seq Number CheckSum Age Size
0.0.0.3 1.1.1.1 10.27.0.0/23 type-3 (Summary) 0x800018EC 0x00003E59 1673 28 ( prefered route fib)
0.0.0.3 2.2.2.2 10.27.0.0/23 type-3 (Summary) 0x80000B5E 0x00005158 1472 28
0.0.0.3 3.3.3.3 10.27.0.0/23 type-3 (Summary) 0x80002ADE 0x0000776C 666 28
08-01-2018 07:28 AM
Hello,
I found the following in another OSPF post:
if all else is equal, and ICMP is not enabled, traffic will be forwarded out the first interface that learns about the route.
This besing said, I would need to see a rough diagram of the network in question to help out further since you have multiple areas and the route4s are being learned through summary advertisements. It was once said to me, why have different areas if you dont have to, keep it simple. Obvisouly I dont know your network so it might be a requirement. But due to the different areas, it might be because of the external advertisements.
Hope that helps.
08-01-2018 07:28 AM
Hello,
I found the following in another OSPF post:
if all else is equal, and ICMP is not enabled, traffic will be forwarded out the first interface that learns about the route.
This besing said, I would need to see a rough diagram of the network in question to help out further since you have multiple areas and the route4s are being learned through summary advertisements. It was once said to me, why have different areas if you dont have to, keep it simple. Obvisouly I dont know your network so it might be a requirement. But due to the different areas, it might be because of the external advertisements.
Hope that helps.
08-06-2018 05:08 AM
Hi Otakar
thanks for the feedback.
"traffic will be forwarded out the first interface that learns about the route" that seems to be in line with the "oldest known" route being chosen as a tie breaker.
Regarding the setup i would say that we have multiple area as the location where the output were taken from are spoke sites talking to our hub(s) were we have the backbone area. So basically the setup looks like this;
Spoke 1 ----(multiple tunnels) -----BACkBONE (hubs) -----(multiple tunnels)--- Spoke2
With tunnel failing from time to time causing asymetric traffic, that is why i am trying to figure out what actually is the tie breaker in case of same cost link to have a better prediction of chosen path.
cheers
08-06-2018 06:36 AM
Hello,
I'm going to assume that say from Spoke1 you are only advertising the Spoke 1 subnets. With that in mind what I have done to combat OSPF asymetric routing was to introduct costs to a less desired route. For me our primary is a P2P circuit and its at default costs. The backup link is a VPN tunnel and I have a cost of 10,000 added to it. This way it will only be chosen if the P2P circuit goes down and when the P2P comes back up, the traffic will switch back to it.
Hope that helps.
08-06-2018 06:50 AM
Yes indeed you assumption is right. It looks like we have to go for cost manipulation or at best using ECMP ( which needs restarting virtual router!!!)
The only reason we opted initially not to use the cost was to avoid bottleneck in one hub location. Our Hub here is actually a few DC locations ( in backbone area) but we wished we could load balance traffic...so maybe only ecmp is a solution for us.
Cheers
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
