OSPF on VPN Tunnel interface

[cpcpc]

Hi, everyone,

Does anyone have any experience about OSPF on VPN tunnel interface?

Using vpn shell command to create some vt interfaces but will these interfaces work with OSPF?

Thanks.

[chillyjim]

Yes they will. That's the primary reason VTIs were created. Do you have SPLATPro? if not you don't get gateD, the routing daemon to use OSPF.

[cpcpc]

Thanks for the reply.

I installed FW onto a Cluster & a GW and enabled Dynamic Routing (gated's running).

For example, on cluster member: local vt IP 2.2.2.1, 2.2.2.2 and cluster IP is 2.2.2.10; on GW: local vt IP 3.3.3.1. On Cluster, add VPN tunnel interface by "vpn shell itnerface add 2.2.2.1 3.3.3.1 GW"; on GW, add VPN tunnel interface by "vpn shell interface add 3.3.3.1 2.2.2.10 cluster".

But on Gated command line interface, "show ip ospf interface" on cluster doesn't display vt interface at all but do show vt interface on GW. So that OSPF won't work on cluster enviorment to me :-(

Any ideas?

[chillyjim]

Did you enable ospf on the interface?

(Going from memory, so don't depend on the syntax)

cligated
en
config t
interface vt-other
ip ospf area 10
network 1.1.1.0 0.0.0.255
exit
exit
exit


Or something close to that.

[cpcpc]

I configured this on GW and it did work:

router-id <id>
network <remote GW vt IP> 0.0.0.0 area 0.0.0.0
network <internal> 0.0.0.255 area 0.0.0.0
redistribute direct
redistribute kernel


I tried to configure vt interface on Gated CLI with the one you suggested, but seems under interface, there's no network or ip ospf area. I still cannot get it working for me.

localhost(config)#interf <vt>
localhost(config-if)#ip ospf
1-65535 enable poll-interval
advertise-subnet hello-interval priority
allow-all neighbor retransmit-interval
authentication network traffic-eng
cost no-multicast transmit-delay
dead-interval passive-interface
localhost(config-if)#ip ospf network
nonbroadcast point-to-multipoint
localhost(config-if)#ip ospf network

From your memory, anything else might fix this issue? :-)

Thanks.

[cpcpc]

"show interface" shows vt interface but "show ip ospf interface" doesn't show vt interface.

localhost#sho interf <vt>
Physical interface: <vt> index 15
type: Unknown MTU: 1500
status: up MAC: 0:0:0:0
refcount: 2 up-to-down-transitions: 0
p2p: yes maskedp2p: no loop: no simplex: no allmulti: no
Logical interface: <local vt ip>
Index: 15 MTU: 1436 masklen: 32
As Number: 0 refcount: 2
remote address: <remote vt ip>
primary: yes active: yes bcast: no loop: no
mcast: yes simplex: no noroute: no tun: no
reg: no del: no keepall: no priv: no disable: no
Cluster IP address: <cluster vt ip> Cluster masklen: 32
Cluster broadcast address: <cluster vt ip>

localhost#sho ip ospf interface
<internal net interface> is up
Internet Address <internal ip>, Area 0.0.0.0
Network Type Broadcast, Cost: 10
Transmit Delay is 1 sec, State DR, Priority 1
No Designated Router on this network
No Backup Designated Router on this network
Timer intervals configured, Hello 10, Dead 40, Retransmit 5
Neighbor Count is 0
localhost#

[chillyjim]

Found this from the lab I took...

router ospf 1
router-id 212.150.141.253
exit

interface vt-itchy
ip ospf 1 area 0.0.0.0
enable
exit
exit
interface vt-pek
ip ospf 1 area 0.0.0.0
enable
exit
exit
interface eth0
ip ospf 1 area 52.0.0.0
enable
exit
exit

[cpcpc]

Wow, I added the following to my DR config and it worked !!!

interface <vt>
ip ospf 1 area 0.0.0.0
enable
exit
exit

Chillyjim, thank you so much!

Now the question is, why on my FW GW, I do not need to configure vt interface on Gated CLI but it's working fine. Is this config only required for Clustering setup?

Thanks again :-)