Geia sou Konstantinos
I tried to recreate this topology in the lab and confirmed that the hub automatically becomes an OSPF neighbor with each spoke. However, the two spokes do not become neighbors. All communication between the spokes is routed via the hub. This is because, at layer 2, each spoke is directly connected with the hub via the DLCIs. There is no direct communication between spokes even though broadcast network type has been used.
I hope this has been helpful!
Laz
Dear Ryan,
Thank you for your detailed explanation of OSPF configuration. I would like to leverage your expertise in designing a reliable network with 150 branches, considering the presence of two Layer 3 distributors in the main branch. ( see picture)
Challenges:
• A vast network with 150 branches.
• Some branches are connected to each other using OSPF with one area.
• The need to ensure network continuity in case one of the distributors in the main branch fails.
• There is no load balancing for OSPF
Proposed Design:
• Utilizing Multi-Area OSPF:
o Dividing the network into multiple OSPF areas, with a central area (Area 0) connecting the main distributors and a sub-area for each branch (Area N).
• Using OSPF with different areas per VLAN.
• Trunk port connect to all brunches.
• Connect SW1 and SW2 using port channel
Sincerely,
RBA
Hello Ridhwan
Just to confirm your topology, the ISP is providing Layer 2 connectivity between HQ and each branch, and the branch routers are using dot1q encapsulation to retrieve those frames that belong to them, correct? So you have Layer 3 connectivity between a subinterface on each branch, and the SVI interfaces in the pair of Layer 3 switches at HQ. I’m still not quite clear as to what kind of infrastructure the ISP is providing in order for you to be able to get one VLAN arriving at each branch router. However, let’s say you have that part figured out.
As far as the OSPF topology goes, I would create Area 0 at HQ and have each of the 150 branch locations belong to a different area. It looks like the communication between branches would only take place via the HQ anyway, so creating a different area for each branch looks like the best way to go. Also, you can configure each branch as a Totally NSSA, ensuring that your OSPF LSDB will be small and efficient, and you will be able to route traffic out of the local Internet connection (if you want to do that).
The rest looks good from what you mention. If you give us some more info on how the ISP interconnects the HQ with the branch offices (Layer 2? Layer 3) we can comment on that part of the design as well.
I hope this has been helpful!
Laz
Yes , this is correct
the ISP IS MPLS network (ATOM) provide fore me L2 communication
,my network is totally isolated i am not using internet in my topology
what is efficient configuration design for my network based in you experience?
Hello Ridhwan
As far as the OSPF topology goes, what I mentioned above in my post still stands.
For your underlying topology, you are using MPLS AToM which delivers a Layer 2 underlay. You also mention that you want to use a trunk port connection to all branches, but you have routers at your branches using the dot1q encapsulation. It’s still not quite clear to me how you are making the connection between your core switches with trunks to your routers at your branches, since each router really needs to connect to only one VLAN. Trunk connections must be made on a 1-to-1 basis, so the two trunks from the two cores must terminate on two ports somewhere else. You need a 1-to-may or point to multipoint technology to allow your multiple routers to connect to the two cores.
My suggestion would be to use either MPLS Layer 3 VPNs where you can create separate connections for each of your branches. The ISP is responsible for making those connections, so you only need to configure your own devices.
Alternatively, if you want to eliminate the MPLS technology completely using a DMVPN topology with a dual hub is another option.
I hope this has been helpful!
Laz
Hellow Lazarus Agapidis
forget about ISP configuration they will provide for me mesh connection
I will give you an example of configuration to make everything clear :
CORE1
hostname CORE1
!
!
!
!
!
!
ip routing
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
ip ospf 1 area 0
!
interface Port-channel1
no switchport
ip address 10.10.10.1 255.255.255.252
ip ospf 1 area 0
!
interface FastEthernet0/1
channel-group 1 mode active
!
interface FastEthernet0/2
channel-group 1 mode active
!
interface FastEthernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan1
no ip address
!
interface Vlan10
description "OSPF AREA 10"
ip ospf 1 area 10
ip address 192.168.10.1 255.255.255.0
!
interface Vlan20
description "OSPF-AREA20"
ip ospf 1 area 20
ip address 192.168.20.1 255.255.255.0
!
router ospf 1
router-id 1.1.1.1
log-adjacency-changes
!
ip classless
!
ip flow-export version 9
!
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!--------------------------------------------------------------------------------------
CORE 2
hostname CORE2
!
!
!
!
!
!
ip routing
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
ip ospf 1 area 0
!
interface Port-channel1
no switchport
ip address 10.10.10.2 255.255.255.252
ip ospf 1 area 0
!
interface FastEthernet0/1
channel-group 1 mode active
!
interface FastEthernet0/2
channel-group 1 mode active
!
interface FastEthernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
interface Vlan1
no ip address
!
interface Vlan10
description "OSPF-AREA-10"
ip ospf 1 area 10
ip address 192.168.10.2 255.255.255.0
!
interface Vlan20
description "OSPF-AREA20"
ip ospf 1 area 20
ip address 192.168.20.2 255.255.255.0
!
router ospf 1
router-id 2.2.2.2
log-adjacency-changes
!
ip classless
!
ip flow-export version 9
!
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
---------------------------------------------------------------------------------
BRANCH1
hostname BRANCH1
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
license udi pid CISCO2911/K9 sn FTX1524U54W-
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
ip ospf 1 area 10
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.10.3 255.255.255.0
ip ospf 1 area 10
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
router-id 3.3.3.3
log-adjacency-changes
!
ip classless
!
ip flow-export version 9
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
Branch 2
hostname BRANCH2
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 4.4.4.4 255.255.255.255
ip ospf 1 area 20
!
!
interface GigabitEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.20.4 255.255.255.0
ip ospf 1 area 20
!
!
router ospf 1
router-id 4.4.4.4
log-adjacency-changes
!
ip classless
!
ip flow-export version 9
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
can you guide me?
Hello Ridhwan
Thanks for the clarification. At first glance, your OSPF configuration looks just fine. You have created a different OSPF area for each branch. This ensures that routing information from each branch is not propagated unnecessarily throughout the topology, but remains local to each branch. The core switches perform the routing between branches and play the part of the backbone area.
If you have taken care of how the ISP interconnects your branches with HQ, then I think you’re all set!
I hope this has been helpful!
Laz
hellow Lazarus Agapidis
thank you…
"Additionally, I have another query regarding network configuration. Is it feasible to implement load balancing and full redundancy across branches by configuring two VLANs with distinct areas? for example
Branch 1
interface GigabitEthernet0/1.10
encapsulation dot1Q 10
ip address 10.10.10.2 255.255.255.0
ip ospf 1 area 10
!
interface GigabitEthernet0/1.20
encapsulation dot1Q 20
ip address 20.20.20.2 255.255.255.0
ip ospf 1 area 20
!
I’ve encountered delays in OSPF rerouting when a link fails.
Therefore, I’d like to explore the optimal approach for implementing OSPF Loop-Free Alternate (LFA) Fast Reroute (FRR) within VLANs.
Finally, what is the recommended spanning tree configuration for the headquarters given the multiple VLANs employed?"
Hello Ridhwan
Yes it is possible to perform equal cost load balancing across branches in this way. However, because each path is in a different OSPF area, there are nuances that you should keep in mind. Based on OSPF good practice and design, any routes found in Area 10 should not be found in Area 20. Each area should advertise its own distinct networks. So load balancing cannot occur when trying to reach networks in either Area 10 or Area 20. However, load balancing can occur if you are trying to reach networks in Area 0 (to which both Areas 10 and 20 are connected) and beyond, such as additional OSPF areas and networks outside of the OSPF domain. So load balancing will only take place assuming that you are trying to reach networks outside of Areas 10 and 20.
Secondly, load balancing will only take place with OSPF if you have equal costs. When traversing different areas, the cost to reach a particular destination may be modified by the ABRs, so you must make sure that the cost is indeed equal.
So it’s possible, you just have to keep in mind some of these nuances to make it work.
This is inherent to OSPF and is not due to the use of multiple areas. If you want to speed up the OSPF convergence process, you can do so by using some features such as LFA FRR. You can take a look at this lesson for more information:
Alternatively, you may also consider using Bidirectional Forwarding Detection for faster reconvergence:
If you have one switch become the root bridge for all VLANs, then you will have one of the links completely idle as it will be blocked for all VLANs to avoid a Layer 2 loop. It’s a good idea to make one core switch root bridge for half of your VLANs, and the other core switch root bridge for the other half. That way, you have a more efficient use of the layer 2 links.
I hope this has been helpful!
Laz
thank you Lazarus Agapidis
Based on my topology above, what is the best practice if I want to connect HQ-SW1 to HQ-SW2 using a Layer 3 Portchannel or a Layer 2 Portchannel (Trunk port)?
When I configure a Layer 3 Portchannel using OSPF Area 0 , I’m not seeing neighbor adjacencies between VLAN 10 and VLAN 20 on the two HQ switches,only area 0 FULL and the vlan 10 , vlan 20 protocol status is down .
Hello Ridhwan
If you create a Layer 3 PortChannel, you are essentially creating a single subnet between the two switches, with an IP address on each PortChannel interface of each switch. The IP addresses must be in the same subnet. The result is that you can no longer share VLANs between the two switches, and routing must take place at both L3 switches.
By using a Layer 2 PortChannel, you are able to share your VLANs between your switches, and routing can take place at either L3 switch. This gives you more flexibility in your setup, and reduces the routing load on both devices allowing them to share. Just make sure that you evenly distribute the VLAN SVIs across both switches (i.e. VLAN 10 on SW1 and VLAN 20 on SW2).
So my recommendation would be to use a Layer 2 PortChannel for flexibility and ease of routing.
I hope this has been helpful!
Laz
thank you
I am considering assigning Area 0 to VLAN 1, Area 20 to VLAN 20, and Area 10 to VLAN 10 on both switches. Would this be an optimal design for my network?
Hello Ridhwan
Generally speaking, that sounds like a good plan. When you have a topology with many branch offices connected to an HQ over WAN links, it’s a good design policy to have each branch configured in a different OSPF area, and have the backbone area reside at the HQ. This kind of approach has several advantages including:
However, in your particular case based on the last topology you shared, you have two WAN links on each of your branch routerσ, and each link is configured on a different non-backbone OSPF area.
This arrangement with two links can be troublesome because OSPF requires that all communication between non-backone areas take place via the backbone area. In other words, all ABRs must have at least one interface in Area 0. By having branch office routers connected to Areas 10 and 20 and not to Area 0, you are violating that rule.
So if you do make the branch office routers ABRs, at least one of their interfaces must be on Area 0. Does that make sense?
I hope this has been helpful!
Laz
Hi Team,
Is there any command to identify the ABR/ASBR router ?
Hello Sathish
Yes there is! You can use the show ip ospf command. One of the elements in the output shows any of the following:
It is an internal routerIt is an area border routerIt is an autonomous system boundary routerHere is the output in context:
Router# show ip ospf 1
Routing Process "ospf 1" with ID 10.0.0.1
Supports only single TOS(TOS0) routes
Supports opaque LSA
Supports Link-local Signaling (LLS)
It is an autonomous system boundary router
Redistributing External Routes from,
static, includes subnets in redistribution
Maximum limit of redistributed prefixes 2000
Threshold for warning message 75%
Initial SPF schedule delay 5000 msecs
Minimum hold time between two consecutive SPFs 10000 msecs
Maximum wait time between two consecutive SPFs 10000 msecs
You can find out more information from this command at this Cisco command reference:
Now having said that, you can also identify an ABR by simply checking out the OSPF configuration to see if it has interfaces in more than one area. For an ASBR, you just have to check if it has at least one interface that is not participating in OSPF.
I hope this has been helpful!
Laz