Confused on OSPF features

Solved
Mikekaleny
Here to help

Confused on OSPF features

Hi all, I'm having some issues understanding how to configure my hub/spoke network with OSPF as the documentation is a bit... inconsistent.

 

At the hub I have two MXs (routed with vlans disabled) connected to my core switch. At the 3 remote sites I also have MXs (routed with vlans disabled) and one cisco switch downstream. Am I able to use OSPF to connect everything (from the core switch to the cisco switches at the remote sites)?

 

My understanding is that I'll need to use a default static route at the hub MX pass traffic to the core. Is that correct?

 

Any help will be appreciated. Thanks!

1 Accepted Solution
jdsilva
Kind of a big deal


@Mikekaleny wrote:

 

My understanding is that I'll need to use a default static route at the hub MX pass traffic to the core. Is that correct?

 


Hey @Mikekaleny.,

 

Not a default, but you will need a static. The way Meraki has implemented OSPF on the MX allows it to _advertise_ AutoVPN learned routers via OSPF, but it cannot _learn_ routes via OSFP. This means that no matter what LSA's the MX has in its LSDB it will never, ever install an OSPF route (I suspect it doesn't even run Dijkstra... But that's just a guess). So to allow your MX to reach networks in the core you need to add a static route (you also add this route into AutoVPN so your spokes can reach the core).

 

You should avoid using a default route as this will cause inconsistent behavior with the default route on the WAN port used to reach the Meraki cloud.

View solution in original post

6 Replies 6
jdsilva
Kind of a big deal


@Mikekaleny wrote:

 

My understanding is that I'll need to use a default static route at the hub MX pass traffic to the core. Is that correct?

 


Hey @Mikekaleny.,

 

Not a default, but you will need a static. The way Meraki has implemented OSPF on the MX allows it to _advertise_ AutoVPN learned routers via OSPF, but it cannot _learn_ routes via OSFP. This means that no matter what LSA's the MX has in its LSDB it will never, ever install an OSPF route (I suspect it doesn't even run Dijkstra... But that's just a guess). So to allow your MX to reach networks in the core you need to add a static route (you also add this route into AutoVPN so your spokes can reach the core).

 

You should avoid using a default route as this will cause inconsistent behavior with the default route on the WAN port used to reach the Meraki cloud.

Mikekaleny
Here to help

Thank you for explaining! 

 

One more question, does the MX have to run as a vpn concentrator at the hub or can I configure it using Routed/NAT mode? Will it have any impact on the AutoVPN routes in OSPF reaching the hub?

jdsilva
Kind of a big deal

You can configure OSPF in either routed or concentrator mode, but you must have VLANs disabled. 

 

https://documentation.meraki.com/MX/Site-to-site_VPN/Using_OSPF_to_Advertise_Remote_VPN_Subnets

 

image.png

Mikekaleny
Here to help

So OSPF on the MX will work the same way whether the hub is configured as a concentrator or routed (with VLANs disabled), correct? Sorry if I didn't phrase my question correctly the first time. 

jdsilva
Kind of a big deal

Yes, it will work the same way.

Mikekaleny
Here to help

Thank you very much!

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels