0

I'm having troubles with finding the neighbors after the IPIP tunnels configurations where I have 4 VPCs and deployed there 4 CSR routers (for more details about the configuration, I posted yesterday in Network Engineering section OSPF over IPIP tunnel doesn't work for CSR 1000v in AWS). I configured OSPF in the tunnels. Below is the configuration for one router.

Routing Protocol is "ospf 1"
Router ID 172.3.1.38
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
10.10.3.0 0.0.0.3 area 0
10.10.4.0 0.0.0.3 area 0

The interfaces are configured and as well as the tunnels which are up. My problem is that I cannot see the neighbors using sh ip ospf neighbor, it shows nothing.

Is it coming for that AWS does not supports link-local multicast where multicast is needed for protocols like OSPF and EIGRP for the discovery and hello mechanisms?

Khalil Mebarkia
  • 129
  • 1
  • 1
  • 13

1 Answers1

0

Multicast doesn’t work in VPC subnets. However if you run OSPF over the GRE or IPIP tunnel between the CSRs and not directly over the ethernet interfaces it should work.

Check VPC Flowlogs to see what happens to the packets.

MLu
  • 23,798
  • 5
  • 54
  • 81
  • exactly what I did, OSPF is running over IPIP tunnel which is here in R1 with R2 `10.10.3.0 0.0.0.3 area 0` and `10.10.4.0 0.0.0.3 area 0 ` and it did not work when I showed the neighbor. – Khalil Mebarkia Dec 12 '18 at 10:23
  • I found also here in the [link](https://www.cisco.com/c/en/us/td/docs/routers/csr1000/software/aws/b_csraws/overview_of_cisco_csr_1000v_deployment_on_amazon_web_services.html) in table 1 where OSPF is not supported in AWS – Khalil Mebarkia Dec 12 '18 at 10:25
  • @KhalilMebarkia what are the IPIP tunnel endpoint IPs? Can you ping them across the tunnel? – MLu Dec 12 '18 at 10:26
  • no the pinging is not successful if I ping the destination public address. The configuration is shown [https://networkengineering.stackexchange.com/questions/55382/ospf-over-ipip-tunnel-doesnt-work-for-csr-1000v-in-aws] – Khalil Mebarkia Dec 12 '18 at 10:43
  • 1
    @KhalilMebarkia in that case it’s nothing to do with OSPF. Your tunnel isn’t working in the first place. – MLu Dec 12 '18 at 10:58
  • the problem is that the tunnels are up in `show ip int br` :o ? how come? – Khalil Mebarkia Dec 12 '18 at 11:04
  • I think the tunnels are well configured. Since it is shown `up` for status and protocol and a default route is added for network's address tunnel. I could ping the other routers by using their public address of the main interface but pinging the endpoint tunnel is not successful. – Khalil Mebarkia Dec 12 '18 at 13:32
  • @KhalilMebarkia IPIP tunnels don’t do any handshake, they will show up as UP even if you point them to an invalid other side. Try shutting down one of the routers and you’ll see that the tunnels pointing to it will still show as UP. You have to fix the tunnels first before playing with OSPF. – MLu Dec 12 '18 at 18:53
  • @MTu I think I figure out where the problem is. The problem is that I cannot ping the created interfaces which are associated with an Elastic IP address. Like from R1 cannot ping the public interface Gi2 of R2. If I could solve this issue, the tunnel will work, any ideas how to solve that? I did VPC peering, but it seems not working. – Khalil Mebarkia Dec 13 '18 at 13:26