As part of a data center migration, I was moving IP subnets from one data center with Nexus 7000s to another data center with new Nexus 93240s. When I shut down VLAN interfaces on the Nexus 7Ks to bring them up on the Nexus 93240s, I realized that a few subnets were still being advertised on one of the Nexus 7000s due to duplicate OSPF Router link entries in its OSPF database. How could that be?
Let me show you what I found and the workaround to this problem.
Advertisement
Problem Description
Data Center 1 (DC1) has two Nexus 7000s with code version 6.2(20). I am moving IP subnets, such as 10.62.2.2/23, to Data Center 2 (DC2) with two new Nexus 93240 switches (Layer 3 Aggregation). When I shut down the corresponding SVIs on the Nexus 7000s, the two Nexus 93240s in DC2 reported that they were still receiving via OSPF the 10.62.2.2/23 subnet from DC1.
This was not good because I shut down the SVIs on both Nexus 7010s in DC1. If the SVIs were down, that subnet should’ve come out of the OSPF database.
Unlike Nexus 7010 (2), when VLAN 100 is up on Nexus 7010 (1), its router LSA showed two entries for the 10.62.2.0 OSPF Router link instead of ONE.
N7K-01# show ip ospf database router 10.255.255.255 detail | i 10.62.2.0
(Link ID) Network/Subnet Number: 10.62.2.0
(Link ID) Network/Subnet Number: 10.62.2.0
N7K-01#
Remember that the OSPF Router LSA contains a description of all the active links. The normal behavior should be one entry per link that should disappear when the interface is shut down or deleted; however, when I shut down VLAN 100’s SVI, the real entry disappeared but the other “ghost” entry remained for Nexus 7K-01 with OSPF Router-ID 10.255.255.255.
N7K-01# config term ; int vlan 100 ; shutdown ; end
Enter configuration commands, one per line. End with CNTL/Z.
N7K-01#
N7K-01# show ip ospf database router 10.255.255.255 detail | i 10.62.2.0
(Link ID) Network/Subnet Number: 10.62.2.0
N7K-01#
After shutting down the SVI, I tried deleting the SVI with no success.
N7K-01# config term ; no int vlan 100 ; end
Enter configuration commands, one per line. End with CNTL/Z.
N7K-01#
N7K-01# show ip ospf database router 10.255.255.255 detail | i 10.62.2.0
(Link ID) Network/Subnet Number: 10.62.2.0
N7K-01#
Even though there wasn’t an interface on Nexus 7010 (1) with a subnet of 10.62.2.0/23, a “ghost” OSPF Router Link still showed in the router LSA for Nexus 7K-01 (OSPF Router-ID: 10.255.255.255).
So, since I wasn’t able to migrate this subnet over to the new Nexus 93240s at the new data center, I added this SVI 100 back on Nexus 7K 01 and 02.
N7K-01(config)# interface Vlan100 N7K-01(config-if)# ip address 10.62.2.2/23 N7K-01(config-if)# ip ospf passive-interface N7K-01(config-if)# ip router ospf 1 area 0.0.0.0 N7K-01(config-if)# hsrp version 2 N7K-01(config-if)# hsrp 100 N7K-01(config-if-hsrp)# authentication md5 key-chain HSRP-KEY N7K-01(config-if-hsrp)# name Wless_Guest-HSRP N7K-01(config-if-hsrp)# priority 150 N7K-01(config-if-hsrp)# ip 10.62.2.1 N7K-01(config-if-hsrp)# exit N7K-01(config-if)# description Wless_Guest N7K-01(config-if)# no shutdown N7K-01(config-if)# end N7K-01# N7K-02(config)# interface Vlan100 N7K-02(config-if)# ip address 10.62.2.3/23 N7K-02(config-if)# ip ospf passive-interface N7K-02(config-if)# ip router ospf 1 area 0.0.0.0 N7K-02(config-if)# hsrp version 2 N7K-02(config-if)# hsrp 100 N7K-02(config-if-hsrp)# authentication md5 key-chain HSRP-KEY N7K-02(config-if-hsrp)# name Wless_Guest-HSRP N7K-02(config-if-hsrp)# priority 140 N7K-02(config-if-hsrp)# ip 10.62.2.1 N7K-02(config-if-hsrp)# exit N7K-02(config-if)# description Wless_Guest N7K-02(config-if)# no shutdown N7K-02(config-if)# end N7K-02#
I checked the OSPF Router LSA for Nexus 7K-01, and the link was still there, twice.
N7K-01# show ip ospf database router 10.255.255.255 detail | i 10.62.2.0
(Link ID) Network/Subnet Number: 10.62.2.0
(Link ID) Network/Subnet Number: 10.62.2.0
N7K-01#
Advertisement
Workaround
I opened a TAC case to report this problem as it might’ve been documented internally within Cisco TAC. No success here.
After doing some testing, I realized that if you deleted the SVI while it was UP (not shutdown) on Nexus 7K-01, both entries disappeared from its OSPF Router LSA.
N7K-01# config term ; no int vlan 2004; end Enter configuration commands, one per line. End with CNTL/Z. N7K-01# N7K-01# show ip ospf database router 10.255.255.255 detail | i 10.62.2.0 N7K-01#
As you can see, nothing showed under the OSPF Router LSA.
Final result, I was able to remove 10.62.2.0/23 from two Nexus 7Ks, bring it up on the new Nexus 93240s, and initiate the advertisement of that subnet over OSPF to regain connectivity.
