Solution of service disabled because of configured equal-cost route when topology for networking

Publication Date:  2012-09-14 Views:  297 Downloads:  0
Issue Description
Device USG5120BSR of customer at some site added a fiber link and announced as OSPF, one passed by USG3030, another passed by S3328, E200S acted as access service server. When customer adopted current topology of network, user of VLAN1 couldn’t access BOSS server, but user of VLAN2 could. When disconnect the fiber link of USG5120BSR added, VLAN1 could access BOSS server normally, but two VLAN access service server become abnormality. 
Alarm Information
NULL
Handling Process
According to the situation that customer feedback, throw neighbor relationship with S3328 off on USG5120 when service abnormal, then service becomes normal.
There are two equal-cost route which return back to VLAN1 exist in NE20, that leads to two route exist in NE20 when return back to VLAN1 from BOSS server, when message passed by the firewall of “added fiber link”, firewall checked out that the path back and forth difference and dropped the message directly.
Review the route of VLAN1 on NE20 as bellow:

<CHUTIAN_NE20-8>dis ip rout 192.192.2.0
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : Public
Summary Count : 2

Destination/Mask Proto Pre Cost Flags NextHop Interface

192.192.2.0/24 OSPF 10 3 D 18.3.1.2 Ethernet1/0/3
OSPF 10 3 D 18.2.1.2 Ethernet1/0/2  

There are two equal-cost routes exist as we can see, one returned back from former link, another returned back from “added fiber link”.
After user of VLAN1 accessed BOSS server, there will be two returned routes, but message return to USG3030 will do link status examine, the message whose path back and forth difference will be dropped.

Modify the configuration of USG5120 as bellow:
[WUHAN_USG5120BSR-GigabitEthernet0/0/3]ospf cost 100

review route of VLAN1 on NE20 again:
<CHUTIAN_NE20-8>dis ip rout 192.192.2.0
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : Public
Summary Count : 1

Destination/Mask Proto Pre Cost Flags NextHop Interface

192.192.2.0/24 OSPF 10 3 D 18.3.1.2 Ethernet1/0/3

there just one returned route now , and it guaranteed that path back and forth difference will not happen anymore.
suggest customer observe a period of time (5 days) after change the configuration, service of network runs normal all the time and service of access is normal also. Then, problem solved.
Root Cause
1、 When disconnect the fiber link of USG5120BSR added, USG5120BSR couldn’t learn any OSPF route, but it could ping address of S3328 successfully.
2、 When this network doesn’t disconnect any link, tracert address of adjacency and neighbor from USG5120BSR, all disconnected.
3、 When this network doesn’t disconnect any link and operate as current topology, access service of VLAN1 and VLAN2 is normally at the beginning(first 30 minutes customer feedback), but after half an hour, hold-off time of access increased greatly, or couldn’t access any more, customer ping service system from S3328 all the time, then VLAN1 could access service grudgingly. (it seems to aging time of OSPF route exist on link and require persistent communication for access)
4、 When access BOSS server group, VLAN1 and VLAN2 works normally(when disconnect added link), when access service server, VLAN1 and VLAN2 are all unstable, big hold-off time or even access failed. When “UP” the added link, there are some problems with VLAN1 access BOSS server, big hold-off time, however, VLAN2 could access both service server and BOSS server. When disconnect all link interface of USG5120, all network become normal, then, VLAN1 could access BOSS system. Otherwise, node PC of VLAN1 couldn’t communicate with BOSS system. The access that user of VLAN1 access BOSS server and service server is unstable, but user of VLAN2 is normal all the time. Disconnect current link interface of USG5120, all network become normal.
Suggestions
 Topology as attachment.

END