As per the project working purpose, we need to integration Huawei NE40E router, EU8080E firewall with non-huawei equipments (here is Cisco) using one dynamic routing protocol (here is OSPF).
(The topology is attached.)
The simplified data flow of this network will be as below:
Internet User -> EU8080E firewall -> Cisco Switch (Caching Server) -> NE40E router -> Internet
But after integration with Cisco Switch with our Huawei Firewall & router, we had found one routing loop.
We had observed that, when one Internet user want to access Internet, the dataflow is as follows
Internet User -> EU8080E firewall -> Cisco Switch -> NE40E router -> EU8080E firewall -> NE40E router-> Internet.
Use the trace route command to check from Internet user end.
For keep the same preferece between Cisco & Huawei equipments we need to change the default value of Cisco Switch. In the cisco switch under the OSPF proceess " DISTANCE" command is used for change the default preference value.
After change the default preference value of Cisco 110 to 10 Then the loop is removed. We found out desire traffic path flow.
NE40E take “default route” from Internet upstream provider using E-BGP protocol.
The routing protocol between Cisco Switch & EU8080E firewall with NE40E router is OSPF. Under the NE40E “OSPF” routing protocol “default-route-advertise” command was executed. So, NE40E provide the “default route” to Cisco Switch & EU8080E firewall using OSPF routing protocol.
In Huawei NE40E router the OSPF configuration is as below:
default-route-advertise type 1
network 220.127.116.11 0.0.0.3
network 18.104.22.168 0.0.0.3
network 22.214.171.124 0.0.0.3
network 126.96.36.199 0.0.0.3
network 188.8.131.52 0.0.0.3
In Huawei NE40E router the EBGP configuration (which takes default route from Internet upstream) is below:
peer 184.108.40.206 as-number YYYYY
peer 220.127.116.11 description To_INTERNET_UPSTREAM
peer 18.104.22.168 ip-prefix 1 import
ip ip-prefix 1 index 10 permit 0.0.0.0 0
In Huawei EU8080E Firewall have the following configuration for OSPF
import-route static type 1
network 22.214.171.124 0.0.0.3
In our Huawei router the default preference of BGP is 255 and OSPF default preference is 10. But Cisco default value is 110. So, Huawei EU8080E firewall have OSPF default route preference is 10 and Cisco have OSPF default route value is 110 which comes from Huawei NE40E router. (We found Cisco information from Cisco Web site).
So, when one Internet user request for Internet, it goes to Firewall then Cisco Switch. When any packet comes from Cisco Switch to NE40E router in this time the value is changed into 110. So, router think there is one path to reach Internet (because IGP is always preferred over EGP), so router forward packet to firewall. The firewall again check it’s routing table and find no match, then again it forward to NE40E router. In this time the value is 10 (As router and Firewall both are Huawei equipments), so this time NE40E forward packet to Internet. But the loop is still exists and use system resource.
So, before implementing Huawei datacom equipments with non-huawei datacom equipments we have need to know the parameter of other vendor and avoid this type of problem.