Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
How to use the ospf proto...

How to use the ospf protocol advise default routing to control users?

Latest reply: Oct 31, 2018 02:32:24 762 5 5 0 1
View the author 1#

Hello everyone,

This post highlights the process of how to use the ospf protocol advise default routing to control users. Please see more details below. 

Figure 1


 
Problem description

As per Figure 1:

  • the ACC switch is the access device for the user access network;

  • the AGG switch is the spine device for all the routing switches;

  • two USGS are the border device for NAT and the Internet outport;

The problem phenomenon is as follows:

  • Users cannot access the Internet;

  • Asynchronous traffic exists in usg1 andusg2 when Internet traffic is returned;

  • The Internet traffic can't auto change to another link quickly when one of the ISP broadband is not working.


Problem analysis


Here, the OSPF protocol is used to implement the interworking between USG and AGG.
Three-layer exchange between AGG and ACC.
ACC is the access device for users accessing to network.
 
UAG1 configuration is below:


ospf 1 router-id 10.10.y.1
 area0.0.0.0
 network 10.10.y.0 0.0.15.255
ip route-static 0.0.0.0 0.0.0.0 (telecom ISP gateway)
 
USG2 configurations are below:

ospf 1 router-id 10.10.y.2
 area0.0.0.0
 network 10.10.y.0 0.0.15.255
 
AGG configurations are below:

ospf 1 router-id 10.10.y.3
 area0.0.0.0
 network 10.10.y.0 0.0.15.255
ip route-static 0.0.0.0 0.0.0.0 (UNIcom ISP gateway)
 
Root cause

There is no default routing in the AGG switch.
There is no tracking of IP-link and no closing firewall link status checking of TCP in the USG Firewall.
 
Solution

Use OSPF to send a default route from USG to AGG.

Add configuration to usg1 and usg2 as follows:

USG1:
ip-link check enable
ip-link 1destination 114.114.114.114 interface g1/0/1 mode icmp next-hop xxxx
iproute-static 0.0.0.0 0.0.0.0 (xxx ISP gateway1) track ip-link 1
ospf 1
default-route-advertisecost 50
undofirewall session link-state check tcp


USG2:

iproute-static 0.0.0.0 0.0.0.0 (xxx ISP gateway2)preference 100
ospf 1
default-route-advertisecost 100
undofirewall session link-state check tcp


That is all I want to share with you! Thank you!

This article contains more resources

You need to log in to download or view. No account? Register

x

Like (5) Dislike (0) Favorite(1) Share Report
Previous: [Q&A]Why you save the configuration of device failed on U2000?
Next: How to collect SIP AG debugging information ?
(0) (0)
2#
Torrent
Created Oct 27, 2018 09:22:26

To be honest OSPF is a good protocol in network and we usually use this. it will cost the best patch in the network and no any loop。 thanks for sharing us a good example about OSPF.How to use the ospf protocol advise default routing to control users?-2787669-1 This post was last edited by Torrent at 2018-10-31 06:01.
View more
  • x
  • convention:
(0) (0)
3#
wanglei259
Created Oct 27, 2018 09:33:15

Thanks for your sharing ,which is a wonderful guidance, i really interested in this article, which is useful for us and improvement product technology and become to a professional engineer .
I hope that you can insist post new kownlege and skills, i will alawys keep an eye on your sharing.
View more
  • x
  • convention:
(0) (0)
4#
No.9527
Created Oct 29, 2018 00:46:35

OSPF is a frequently-used protocol in our daily maintenance, it is very useful for our daily troubleshooting.
Usually we just know how to advise the default routing to ospf process, now I know how to choose different path by ip-link configuration from your document, thanks a lot! This post was last edited by No.9527 at 2018-10-31 02:35.
View more
  • x
  • convention:
(0) (0)
5#
SupperRobin
Created Oct 29, 2018 00:50:17

Default ospf routing adversi seeting is very important for the ospf routing controller and also the tcp link status check about tcp and udp is Disable stateful inspection if the forward and return paths of packets are different. If you disable stateful inspection, do not use TCP proxy to defend against SYN flood, use TCP full connection attack defense, or perform SMTP/POP3 mail filtering/anti-virus/content filtering.
This post was last edited by SupperRobin at 2018-10-31 04:03.
View more
  • x
  • convention:
(0) (0)
6#
No.9527
Created Oct 31, 2018 02:32:24

OSPF is a frequently-used protocol in our daily maintenance, it is very useful for our daily troubleshooting.
Usually we just know how to advise the default routing to ospf process, now I know how to choose different path by ip-link configuration from your document, thanks a lot!
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.