Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Steven_Lucas
Participant

OSPF Election Priority Set at 0 in OSPF Database no matter what is set on OSPF instance interface

My team and I have been trying to implement OSPF between two sites: specifically between two Checkpoint Clusters with a Cisco Router on each site. To make things simple, we've just been using the Backbone area for the networks involved, no other areas. The two clusters work well with other forming a full relationship, but I noticed that even though they have default election priorities of 1, they never become the designated routers for the networks they advertise, and in fact maintain election priorities of 0.

The real problem occurs when we form adjacencies with the Cisco routers, where the introduction of /32 routes(the neighboring interfaces of the Cisco Routers on the /24 networks where the Check Point clusters are default gateways) supersede the /24s we wish the Check Point devices to be the DRs for. Basically, the default election priority of the Cisco configuration makes them the DRs and BDRs for these networks, which is undesirable to us. As a workaround we simply made the election priority on the Cisco routers and now all the routes are advertised.

This has been nagging me though, because it seems like we are either missing something from an overall OSPF design perspective, or configuring something wrong. Our Cisco engineer isn't really working on it, since it seems like the oddity is with the Check Point Cluster election priority handling to them. This is R81.10 Take 55.

0 Kudos
4 Replies
_Val_
Admin
Admin

Please open a TAC case for this.

0 Kudos
PhoneBoy
Admin
Admin

Where precisely are you seeing the election priority of zero?
A more specific route (/32) is always going to take precedence over a less specific route (/24).
And yeah, I'm with you that something doesn't seem right about this configuration.

0 Kudos
Steven_Lucas
Participant

The /32 is definitely coming from the Cisco router, since it only gets there when we have adjacency with it. The 0 election occurs symmetrically with each checkpoint cluster, even without the Cisco Router. They share a VTI IPSEC tunnel though, which makes me think that is why.

0 Kudos

Interesting scenario. Did you raise a TAC case for this or what was the outcome?

0 Kudos