cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
613
Views
5
Helpful
10
Replies

OSPF + 2 equal Cost Links + Video Conferencing

aprather
Level 1
Level 1

We have just installed a new T1 at a location specifically for video conferencing.

Currently the router at the site has 2 ethernet interfaces. 1 for the data network, and 1 specifically for the video conferencing network.

The router also now has 2 T1's. 1 for the data network, and 1 specifically for the video conferencing network.

As you can see, we are trying to completely seperate our video from our data. This is being done purely for political reasons.

Now onto my question. Obviously, as soon as we turned on the other T1, OSPF saw the equal cost paths and started load balancing the links.

I know there are many ways that I can force data over one link and video over the other but I wanted to see what the general consensus is for this type of traffic engineering.

My initial feeling is to raise the cost of the Video T1 and then put in a route-map to force the video data accross the Video T1. What other options are there out there? Is the one I proposed the best/easiest?

Thanks

1 Accepted Solution

Accepted Solutions

Fair enough. Suppose the video subnet is 192.168.100.0/24 for SiteA and 192.168.200.0/24 for SiteB

At SiteA

First, you create an ACL

ip access-list extended VIDEO

permit ip 192.168.100.0 0.0.0.255 192.168.200.0 0.0.0.255

Second, you create a route-map

route-map VIDEO permit 10

match ip address VIDEO

set ip next-hop 192.168.1.2

On this example, 192.168.1.2 represents the IP for the 'Video T1'.

At the LAN interface of this router, you need this command

interface f0/0

ip policy route-map VIDEO

At SiteB

ip access-list extended VIDEO

permit ip 192.168.200.0 0.0.0.255 192.168.100.0 0.0.0.255

route-map VIDEO permit 10

match ip address VIDEO

set ip next-hop 192.168.1.1

On this example, 192.168.1.1 represents the IP for the 'Video T1'.

interface f0/0

ip policy route-map VIDEO

You will also need to raise the cost on the Video T1 at both routers so this won't be in the routing table. If it remains in the routing table, the data portion will be balanced with OSPF.

HTH,

View solution in original post

10 Replies 10

Edison Ortiz
Hall of Fame
Hall of Fame

The video conferencing network belongs to another IP subnet ?

Are these point-to-point links and you manage each end ?

Not only you need to engineer how the traffic leaves the network but also how it returns.

PBR (Policy Based Routing) would be the easiest solution here.

Video belongs to its own IP subnet.

These points are point to point 1.5mb serial links that we manage on both ends.

We have multiple field sites with dual links (one for video) that connect back to a POP router (7500), so we would be implementing PBR there as well if we went with that solution.

Thanks,

Aaron

Fair enough. Suppose the video subnet is 192.168.100.0/24 for SiteA and 192.168.200.0/24 for SiteB

At SiteA

First, you create an ACL

ip access-list extended VIDEO

permit ip 192.168.100.0 0.0.0.255 192.168.200.0 0.0.0.255

Second, you create a route-map

route-map VIDEO permit 10

match ip address VIDEO

set ip next-hop 192.168.1.2

On this example, 192.168.1.2 represents the IP for the 'Video T1'.

At the LAN interface of this router, you need this command

interface f0/0

ip policy route-map VIDEO

At SiteB

ip access-list extended VIDEO

permit ip 192.168.200.0 0.0.0.255 192.168.100.0 0.0.0.255

route-map VIDEO permit 10

match ip address VIDEO

set ip next-hop 192.168.1.1

On this example, 192.168.1.1 represents the IP for the 'Video T1'.

interface f0/0

ip policy route-map VIDEO

You will also need to raise the cost on the Video T1 at both routers so this won't be in the routing table. If it remains in the routing table, the data portion will be balanced with OSPF.

HTH,

Aaron

Policy Based Routing is a good alternative (and probably what I would do) but there is another alternative which you might consider. You could use VRF Lite and configure a VRF which would include the video conferencing Ethernet and serial and another VRF which includes the data Ethernet and serial. This will keep the traffic entirely separate.

HTH

Rick

HTH

Rick

Thanks for verification on PBR being the best bet.

I implemented it just now and did a test, but did not see the result I thought I would see.

I raised the OSPF cost on that link and I did see that the route was removed from the table like I would expect, so everything went fine there.

I implemented the route-map on the ethernet interface:

interface FastEthernet0/1

description ***** FastEthernet 0/1 VIDEO CONFERENCE *****

ip address 10.122.100.222 255.255.255.224

ip helper-address 172.20.11.237

ip helper-address 172.20.11.238

ip policy route-map Video

ip ospf authentication-key 7 ****

duplex auto

speed auto

interface Serial0/3/0

description OCS VIDEO CONF

bandwidth 1544

ip address 10.121.3.102 255.255.255.248

ip ospf authentication-key 7 ******

ip ospf cost 100

load-interval 30

fair-queue

ip access-list extended Video

permit ip 10.122.100.192 0.0.0.31 any

route-map Video permit 10

match ip address Video

set ip next-hop 10.121.3.97

R#ping

Protocol [ip]:

Target IP address: 172.20.11.254

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: 10.122.100.222

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.20.11.254, timeout is 2 seconds:

Packet sent with a source address of 10.122.100.222

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

R#sh route-map

route-map Video, permit, sequence 10

Match clauses:

ip address (access-lists): Video

Set clauses:

ip next-hop 10.121.3.97

Policy routing matches: 0 packets, 0 bytes

As you can see, I sourced a ping from that particular IP address, but did not see any policy routing matches under that show command? I dont have any devices on that subnet yet to actually test it, so wanted to try a ping, is that not a good test?

Thanks

Aaron

There is a very simple explanation for this (and a simple fix). PBR is activated on the FastEthernet interface and will process all traffic that is THROUGH the interface. But you ping was sourced from the interface but did not go through the interface. Your PBR should work fine for the video traffic. If you want your ping to be policy routed then you need to activate local policy routing by using the command: ip local policy route-map map-tag

HTH

Rick

HTH

Rick

Aha!

Thanks for the explanations. I think I am on the right track with everything. Thanks very much to everyone.

You need to ping from a device sitting in the LAN, not from the router.

In addition to Edison's config, you could actually mention 2 next hops with the set ip next-hop command, the first being the T1 for video and the second as Data.

This way if the video T1 fails, it should fall back to the data T1 (just in case if you need redundancy). Data would always flow over to the other link in case of failures due to OSPF

HTH

Narayan

sorry it wont be required.

when the PBR nexgt hop is not reachable, the traffic would anyway use the routing table built by OSPF

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco