cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

VSX High Availability + OSPF

Hello, team.

I'm trying to configure ospf on VSX Cluster in HA mode.

I need to make OSPF adjacency with external system over Wrap link and checkpoint virtual switch.

GAIA version is r77.30.

The problem is that it seems, that OSPF process does not go up on wrp interface.

My configuration:

GW01:0> show configuration ospf
show instance 0 configuration ospf
set ospf area backbone on
set ospf interface wrp2 area backbone on
set ospf interface wrp2 priority 1
set ospf area backbone range 10.4.126.0/29 on

--------------------------------

GW01:0> show ospf
show instance 0 ospf

OSPF Router with ID 10.10.10.1 Instance default

SPF schedule delay: 2 secs
Hold time between two SPFs: 5 secs
Number of Areas in this router: 1
Normal: 1 Stub: 0 NSSA: 0
RFC1583 compability mode is on
Number of Virtual Links in this router: 0
Number of UpEvents: 0 Number of DownEvents: 0
Default ASE Cost: 1
Default ASE Type: 1

Area: 0.0.0.0

Number of Interfaces in this area: 0
Number of ABRs: 0 Number of ASBRs: 0
Number of times SPF Algorithm executed: 1
Area ranges are:
10.4.126.0/29 Advertise,Passive
No Area Stubnets Configured

--------------------------------

GW01:0> show ospf interfaces
show instance 0 ospf interfaces

GW01:0>

What I am missing?

Thanks in advance.

Tags (3)
6 Replies
Vladimir
Pearl

Re: VSX High Availability + OSPF

Aren't you supposed to configure OSPF from the context of VS/VR instead of the VS0?

0 Kudos

Re: VSX High Availability + OSPF

Hi, Vladimir. I'm not going to use Virtual Systems or Virtual Routers at this point of time.

I need only VS0 and Virtual Switch currently.

0 Kudos
Vladimir
Pearl

Re: VSX High Availability + OSPF

Virtual switch is the Layer 2 device, so there will be no OSPF options.

Also, the warp interfaces attached to the virtual switch should have "wrpj" preffix.

"A Warp Link is a virtual point-to-point connection between a Virtual System and a Virtual Router or Virtual Switch. Each side of a Warp Link represents a virtual interface with the appropriate virtual device."

So warp link is not exposed to the outside connectivity.

Re: VSX High Availability + OSPF

Hi, Vladimir.

Thanks for support.

Actually, I'm trying to configure OSPF between VS0 and outside router through the Virtual Switch. I'm trying to use VS0 wrp2 interface, which points to Virtual Switch. IP connectivity between wrp2 and outside router exists: I can ping outside router from wrp2 interface.

I attached the schema to the question for best understanding, please, take a look.

0 Kudos
Vladimir
Pearl

Re: VSX High Availability + OSPF

When you first converted this cluster to VSX, you were presented with the security policy for it.

By default, for VS0, these rules are present:

VSX Gateway Management

In the VSX Gateway Management window, define security policy rules that protect the VSX Gateway. This policy is installed automatically on the new VSX Gateway.

Note - This policy applies only to traffic destined for the VSX Gateway. Traffic destined for Virtual Systems, other virtual devices, external networks, and internal networks is not affected by this policy.

The security policy consists of predefined rules for these services:

  • UDP - SNMP requests
  • TCP - SSH traffic
  • ICMP - Echo-request (ping)
  • TCP - HTTPS traffic

Unless you've added OSPF to this policy at the time of creation, it may not be permitted from VS0.

If you have not yet created other VS' and installed policies on those, try:

[Expert@HostName:VSID]# vsenv 0
[Expert@HostName:0]# fw unloadlocal

To see if it'll change the behavior.

Otherwise, try unloading policies from other VS' first, and then from VS0 and repeat your experiment.

For the life of me, I cannot recall how, or even if, it is possible to adjust VS0 (VSX) policy after conversion is completed.

Good luck,

Vladimir

0 Kudos

Re: VSX High Availability + OSPF

Vladimir,

great idea, thank you!

I'll check default security policy. But I'll be able to do it a little bit later.

Thanks for support.