Sent from a mobile device
On 09/02/2013, at 15:28, John Neiberger <[email protected]> wrote: > This is a new one on me. We had a situation where OSPF between a router and > a firewall seemed to go insane and it involves something I've never heard > of before: Out of band Resync. Here are the logs from the beginning of the > ... > > Any thoughts? Don't run dynamic routing protocols with firewalls. Or do you have dynamic rulesets as well? What I have seen a couple if times now is that a route disappears from a firewall, it then recalculated its forwarding table for all the affected traffic and now sends this via the default route. When the original route comes back, the firewall continues to forward that traffic via the default, as that route doesnt disappear - so no recalculation. This is even more fun when the traffic is dhcp proxy traffic from one if your SVIs. Don't dynamic route firewall traffic unless you really cant avoid it. _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
