3 Replies Latest reply on Nov 7, 2013 8:22 AM by levi

    vrrp with OSPF with an ISP MPLS and Fortinet 110C Active / Active Cluster

    golden New Member

      using vrrp with two 1544 G2 switches

       

      setup vrrp and it is working fine

      example config (have about 15 vlans, but 2 examples should do)

       

      Master 1544G2

      interface vlan 11

        description Printers VLAN

        ip address  192.168.97.3  255.255.255.0

        ip helper-address  192.168.125.104

        ip route-cache express

        vrrp 11 ip 192.168.97.1

        vrrp 11 priority 101

        no shutdown

      !

      interface vlan 12

        description Artisan-Lasers

        ip address  192.168.98.3  255.255.255.0

        ip helper-address  192.168.125.104

        ip route-cache express

        vrrp 12 ip 192.168.98.1

        vrrp 12 priority 101

        no shutdown

       

      ------------------

      vlan 11

       

          Group 11

              State: Master

              Actual Priority: 101

              Virtual IP: 192.168.97.1

              Preemption: Enabled

              Tracks: None

       

       

      vlan 12

       

          Group 12

              State: Master

              Actual Priority: 101

              Virtual IP: 192.168.98.1

              Preemption: Enabled

              Tracks: None

             

       

      ---------------------------

       

      Backup 1544G2

      interface vlan 11

        description Printers VLAN

        ip address  192.168.97.2  255.255.255.0

        ip helper-address  192.168.125.104

        ip route-cache express

        vrrp 11 ip 192.168.97.1

        no shutdown

      !

      interface vlan 12

        description Artisan-Lasers

        ip address  192.168.98.2  255.255.255.0

        ip helper-address  192.168.125.104

        ip route-cache express

        vrrp 12 ip 192.168.98.1

        no shutdown

       

      vlan 11

       

          Group 11

              State: Master

              Actual Priority: 101

              Virtual IP: 192.168.97.1

              Preemption: Enabled

              Tracks: None

       

       

      vlan 12

       

          Group 12

              State: Master

              Actual Priority: 101

              Virtual IP: 192.168.98.1

              Preemption: Enabled

              Tracks: None

             

       

      -----------***********----------

      ospf setup with 1544G2 and Fortinet

       

      master vrrp

      show ip ospf neighbor

      Neighbor ID      Pri State            Dead Time  Address         Interface

      192.168.127.2     1  FULL/BDR         00:00:37   192.168.96.2    vlan 10  

      192.168.96.254    1  FULL/DR          00:00:32   192.168.96.254  vlan 10  

      192.168.127.2     1  FULL/DR          00:00:37   192.168.97.2    vlan 11  

      192.168.127.2     1  FULL/DR          00:00:37   192.168.98.2    vlan 12  

      192.168.127.2     1  FULL/DR          00:00:37   192.168.99.2    vlan 13  

      192.168.127.2     1  FULL/DR          00:00:37   192.168.100.252 vlan 2   

      192.168.101.3     1  FULL/DR          00:00:40   192.168.101.3   vlan 14   this is the Windstream neighbor

      192.168.127.2     1  FULL/BDR         00:00:37   192.168.101.5   vlan 14  

      192.168.127.2     1  FULL/DR          00:00:37   192.168.102.2   vlan 15  

      192.168.127.2     1  FULL/DR          00:00:37   192.168.103.2   vlan 16  

      192.168.127.2     1  FULL/DR          00:00:37   192.168.104.2   vlan 17  

      192.168.127.2     1  FULL/DR          00:00:37   192.168.105.2   vlan 21  

      192.168.127.2     1  FULL/DR          00:00:37   192.168.106.2   vlan 22  

      192.168.127.2     1  FULL/DR          00:00:37   192.168.107.2   vlan 24  

      192.168.127.2     1  FULL/DR          00:00:37   192.168.125.252 vlan 18  

      192.168.127.2     1  FULL/DR          00:00:37   192.168.126.5   vlan 19  

      192.168.127.2     1  FULL/DR          00:00:37   192.168.127.2   vlan 26  

       

      *******************

      Backup 1544G2

       

      show ip ospf neighbor

      Neighbor ID      Pri State            Dead Time  Address         Interface

      192.168.127.1     1  FULL/ --         00:00:38   192.168.96.3    vlan 10   This is the master 1544G2

      192.168.96.254    1  FULL/DR          00:00:36   192.168.96.254  vlan 10  

      192.168.127.1     1  FULL/BDR         00:00:38   192.168.97.3    vlan 11  

      192.168.127.1     1  FULL/BDR         00:00:38   192.168.98.3    vlan 12  

      192.168.127.1     1  FULL/BDR         00:00:38   192.168.99.3    vlan 13  

      192.168.127.1     1  FULL/BDR         00:00:38   192.168.100.253 vlan 2   

      192.168.101.3     1  FULL/DR          00:00:36   192.168.101.3   vlan 14  

      192.168.127.1     1  FULL/ --         00:00:38   192.168.101.4   vlan 14   This is the master 1544G2

      192.168.127.1     1  FULL/BDR         00:00:38   192.168.102.3   vlan 15  

      192.168.127.1     1  FULL/BDR         00:00:38   192.168.103.3   vlan 16  

      192.168.127.1     1  FULL/BDR         00:00:38   192.168.104.3   vlan 17  

      192.168.127.1     1  FULL/BDR         00:00:38   192.168.105.3   vlan 21  

      192.168.127.1     1  FULL/BDR         00:00:38   192.168.106.3   vlan 22  

      192.168.127.1     1  FULL/BDR         00:00:38   192.168.107.3   vlan 24  

      192.168.127.1     1  FULL/BDR         00:00:38   192.168.125.253 vlan 18  

      192.168.127.1     1  FULL/BDR         00:00:38   192.168.126.4   vlan 19  

      192.168.127.1     1  FULL/BDR         00:00:38   192.168.127.1   vlan 26  

       

      **********************************************

      Fortinet is Active/Active Cluster

       

      OSPF    External 2    11.9.64.214/32    192.168.96.2    port1    0 00:56:57  Windstream Routes

      OSPF    External 2    11.9.64.214/32    192.168.96.3    port1    0 00:56:57

      OSPF    External 2    172.16.0.4/30    192.168.96.2    port1    0 00:56:57

      OSPF    External 2    172.16.0.4/30    192.168.96.3    port1    0 00:56:57

      OSPF    External 2    172.16.1.0/30    192.168.96.2    port1    0 00:56:57

      OSPF    External 2    172.16.1.0/30    192.168.96.3    port1    0 00:56:57

      OSPF    External 2    172.16.28.0/24    192.168.96.2    port1    0 00:56:57

      OSPF    External 2    172.16.28.0/24    192.168.96.3    port1    0 00:56:57

      OSPF    External 2    172.16.208.0/24    192.168.96.2    port1    0 00:56:57

      OSPF    External 2    172.16.208.0/24    192.168.96.3    port1    0 00:56:57


      Routes between the two 1544G2

      OSPF        192.168.97.0/24    192.168.96.2    port1    0 00:56:58

      OSPF        192.168.97.0/24    192.168.96.3    port1    0 00:56:58

      OSPF        192.168.98.0/24    192.168.96.2    port1    0 00:56:58

      OSPF        192.168.98.0/24    192.168.96.3    port1    0 00:56:58

      OSPF        192.168.99.0/24    192.168.96.2    port1    0 00:56:58

      OSPF        192.168.99.0/24    192.168.96.3    port1    0 00:56:58

      OSPF        192.168.100.0/24    192.168.96.2    port1    0 00:56:58

      OSPF        192.168.100.0/24    192.168.96.3    port1    0 00:56:58

      OSPF        192.168.101.0/24    192.168.96.2    port1    0 00:56:58

      OSPF        192.168.101.0/24    192.168.96.3    port1    0 00:56:58

      OSPF        192.168.102.0/24    192.168.96.3    port1    0 00:56:58

      OSPF        192.168.102.0/24    192.168.96.2    port1    0 00:56:58

      OSPF        192.168.103.0/24    192.168.96.3    port1    0 00:56:58

      OSPF        192.168.103.0/24    192.168.96.2    port1    0 00:56:58

      OSPF        192.168.104.0/24    192.168.96.3    port1    0 00:56:58

      OSPF        192.168.104.0/24    192.168.96.2    port1    0 00:56:58

      OSPF        192.168.105.0/24    192.168.96.2    port1    0 00:56:58

      OSPF        192.168.105.0/24    192.168.96.3    port1    0 00:56:58

      OSPF        192.168.106.0/24    192.168.96.2    port1    0 00:56:58

      OSPF        192.168.106.0/24    192.168.96.3    port1    0 00:56:58

      OSPF        192.168.107.0/24    192.168.96.2    port1    0 00:56:58

      OSPF        192.168.107.0/24    192.168.96.3    port1    0 00:56:58

      OSPF        192.168.125.0/24    192.168.96.2    port1    0 00:56:58

      OSPF        192.168.125.0/24    192.168.96.3    port1    0 00:56:58

      OSPF        192.168.126.0/24    192.168.96.2    port1    0 00:56:58

      OSPF        192.168.126.0/24    192.168.96.3    port1    0 00:56:58

      OSPF        192.168.127.0/24    192.168.96.2    port1    0 00:56:58

      OSPF        192.168.127.0/24    192.168.96.3    port1    0 00:56:58

       

      Branch Offices MPLS routes

      OSPF    External 2    192.168.192.0/19    192.168.96.2    port1    0 00:56:57

      OSPF    External 2    192.168.192.0/19    192.168.96.3    port1    0 00:56:57

      OSPF    External 2    192.168.210.0/24    192.168.96.2    port1    0 00:56:57

      OSPF    External 2    192.168.210.0/24    192.168.96.3    port1    0 00:56:57

       

      Branch Offices MPLS routes

      OSPF    External 2    192.168.224.0/19    192.168.96.2    port1    0 00:56:57

      OSPF    External 2    192.168.224.0/19    192.168.96.3    port1    0 00:56:57

      OSPF    External 2    192.168.224.0/24    192.168.96.2    port1    0 00:56:57

       

      ***********************--------------------*******************

       

      show ip route ospf

      Codes: C - connected, S - static, R - RIP, O - OSPF, B - BGP

             E1 - OSPF external type 1, E2 - OSPF external type 2

             IA - OSPF inter area

       

      Gateway of last resort is 192.168.96.254 vlan 10

       

      O E2 0.0.0.0/0 [110/10/1] via 192.168.96.254, vlan 10  set by Fortinet firewall

      O E2 11.9.64.214/32 [110/1/1] via 192.168.101.3, vlan 14

      O E2 172.16.0.4/30 [110/1/1] via 192.168.101.3, vlan 14

      O E2 172.16.1.0/30 [110/20/1] via 192.168.101.3, vlan 14

      O E2 172.16.28.0/24 [110/1/1] via 192.168.101.3, vlan 14

      O E2 172.16.208.0/24 [110/1/1] via 192.168.101.3, vlan 14

      O    192.168.109.0/24 [110/0/11] via 192.168.96.254, vlan 10

      O E2 192.168.192.0/19 [110/1/1] via 192.168.101.3, vlan 14

      O E2 192.168.210.0/24 [110/1/1] via 192.168.101.3, vlan 14

      O E2 192.168.224.0/19 [110/1/1] via 192.168.101.3, vlan 14

      O E2 192.168.224.0/24 [110/1/1] via 192.168.101.3, vlan 14

      O E2 192.168.225.0/24 [110/1/1] via 192.168.101.3, vlan 14

      O E2 192.168.226.0/24 [110/1/1] via 192.168.101.3, vlan 14

      O E2 192.168.227.0/24 [110/1/1] via 192.168.101.3, vlan 14

      O E2 192.168.228.0/24 [110/1/1] via 192.168.101.3, vlan 14

       

       

      let me know if I missed anything

        • Re: vrrp with OSPF with an ISP MPLS and Fortinet 110C Active / Active Cluster
          jayh Hall_of_Fame

          If it's working, you didn't miss anything.  You might want to consider IBGP to loopbacks on each router for the branch and user subnets and use OSPF strictly for infrastructure tying the routers together if this is going to scale much larger, or at least multiple OSPF areas.  Any flapping to a branch subnet will cause OSPF churn throughout the network in a single-area OSPF scenario such as this.

          1 of 1 people found this helpful
            • Re: vrrp with OSPF with an ISP MPLS and Fortinet 110C Active / Active Cluster
              golden New Member

              I do not have control of the MPLS.  Windstream does and they have issues with support at times with advance routing.

               

              Windstream Heritage at this  location is awesome

               

              O E2 0.0.0.0/0 [110/10/1] via 192.168.96.254, vlan 10

              O E2 11.9.64.214/32 [110/1/1] via 192.168.101.3, vlan 14

              O E2 172.16.0.4/30 [110/1/1] via 192.168.101.3, vlan 14

              O E2 172.16.1.0/30 [110/20/1] via 192.168.101.3, vlan 14

              O E2 172.16.28.0/24 [110/1/1] via 192.168.101.3, vlan 14

              O E2 172.16.208.0/24 [110/1/1] via 192.168.101.3, vlan 14

              O    192.168.109.0/24 [110/0/11] via 192.168.96.254, vlan 10

              O E2 192.168.192.0/19 [110/1/1] via 192.168.101.3, vlan 14

              O E2 192.168.210.0/24 [110/1/1] via 192.168.101.3, vlan 14

              O E2 192.168.224.0/24 [110/1/1] via 192.168.101.3, vlan 14

              O E2 192.168.225.0/24 [110/1/1] via 192.168.101.3, vlan 14

              O E2 192.168.226.0/24 [110/1/1] via 192.168.101.3, vlan 14

              O E2 192.168.227.0/24 [110/1/1] via 192.168.101.3, vlan 14

              O E2 192.168.228.0/24 [110/1/1] via 192.168.101.3, vlan 14

               

               

               

              30 miles down the road

              this is at one of the branch offices that I cannot get Windstream PACtech to filter.  it works but they have issues.  I had to tell them how to setup the OSPF

               

              O E2 192.168.106.0/24 [110/20] via 192.168.228.1, 05:27:34, FastEthernet0/0.14

                   209.252.106.0/30 is subnetted, 4 subnets

              O E2    209.252.106.100 [110/20] via 192.168.228.1, 4w0d, FastEthernet0/0.14

              O E2    209.252.106.96 [110/20] via 192.168.228.1, 4w0d, FastEthernet0/0.14

              O E2    209.252.106.116 [110/20] via 192.168.228.1, 4w0d, FastEthernet0/0.14

              O E2    209.252.106.112 [110/20] via 192.168.228.1, 4w0d, FastEthernet0/0.14

              C    192.168.226.0/24 is directly connected, FastEthernet0/0.22

              O E2 192.168.107.0/24 [110/20] via 192.168.228.1, 05:27:34, FastEthernet0/0.14

              O    192.168.227.0/24 [110/110] via 192.168.225.254, 4w0d, FastEthernet0/0

              O E2 192.168.104.0/24 [110/20] via 192.168.228.1, 05:27:34, FastEthernet0/0.14

              C    192.168.224.0/24 is directly connected, FastEthernet0/0.21

                   169.130.0.0/30 is subnetted, 2 subnets

              O E2    169.130.80.88 [110/20] via 192.168.228.1, 4w0d, FastEthernet0/0.14

              O E2    169.130.80.64 [110/20] via 192.168.228.1, 4w0d, FastEthernet0/0.14

              O E2 192.168.105.0/24 [110/20] via 192.168.228.1, 05:27:34, FastEthernet0/0.14

              O E2 192.168.210.0/24 [110/20] via 192.168.228.1, 1w1d, FastEthernet0/0.14

              C    192.168.225.0/24 is directly connected, FastEthernet0/0

                   64.0.0.0/8 is variably subnetted, 21 subnets, 2 masks

              O E2    64.80.36.52/32 [110/20] via 192.168.228.1, 4w0d, FastEthernet0/0.14

              O E2    64.80.255.233/32 [110/20] via 192.168.228.1, 4w0d, FastEthernet0/0.14

              O E2    64.80.255.232/32 [110/20] via 192.168.228.1, 4w0d, FastEthernet0/0.14

              O E2    64.80.255.230/32 [110/20] via 192.168.228.1, 4w0d, FastEthernet0/0.14

              O E2    64.80.255.225/32 [110/20] via 192.168.228.1, 4w0d, FastEthernet0/0.14

              O E2    64.80.255.253/32 [110/20] via 192.168.228.1, 4w0d, FastEthernet0/0.14

              --More-- and lots more

               

              any ideas how to help them help me?

               

               

            • Re: vrrp with OSPF with an ISP MPLS and Fortinet 110C Active / Active Cluster
              levi Employee

              golden:

               

              I went ahead and flagged this post as "Assumed Answered". If any of the responses on this thread assisted you, please mark them as Correct or Helpful as the case may be with the applicable buttons. This will make them visible and help other members of the community find solutions more easily. If you have any additional information on this that others may benefit from, please come back to this post to provide an update. If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

               

              Thanks,

              Levi