I wonder if some of you gurus might help me. I am in the process of designing the edge of our network which connects to 5 other sites. We have purchased 2 6500 switches and to this is connected the LES connections to the other sites, the firewall and other such edge devices.
Would you advice routed p2p links with the core devices or hsrp/glbp etc. I want complete resilience but I'm not too concerned with load sharing as there does not appear to be too much traffic traversing the link.
Currently the routing protocol in use is ospf and the core devices are currently connected directly to another switch which has the LES connections to the other sites. This will be decommisioned once the edge switches are in live.
The core switches and all the core switches in the 5 sister sites are all in area 0 so all routes are seen by all the 6 sites without any further effort.
My questions here are:
1. Should all the sites be in are 0 or should they be in separate areas? Please give reasons.
2. I now need the edge devices to run ospf as well, should I just put this in area 0 too or should the core and edge be in separate areas, please advice as to how to correctly design the ospf.
3. Any tips on designing the edge and how it should connect to/work with the core.
There are currently quite a few vlans in the core but I want to change these to routed links with the distribution switches and the server farm, any pointers.
I need the two edge switches to be in a completely resilient design with all edge devices connecting to them both and automatic failover, any ideas on what to do, should i implement pbr? all the cabling is in place i just need to configure the devices.
I know all this is probably as clear as mud but please ask me any questions, I appreciate the time you've taken to read this long post.
in an OSPF multi-area domain area 0 the backbone area must be at the center with other areas connected to it.
In your scenario is a natural choice to keep the WAN links in area 0.
Each site can then have its own area, to be used between core routers and distribution.
To be noted that all areas must connect to area 0 and that area 0 must be contiguous (not partitioned).
Taking in account these protocol constraints from the point of view of OSPF:
the edge routers connecting to other sites can be in area 0.
the core routers of each site have links in area 0 to edge routers.
client vlans and distribution can easily fit in a non zero area.
so core routers can be an ABR.
see this OSPF design guide
to be multi-area ready use network area commands as specific as possible.
In this way in a later time you will be able to activate new areas with minor changes.
The reason is that network ... area commands have a logic similar to an ACL and the order counts.
instead of putting a single network command like
net 10.0.0.0 0.255.255.255 area 0
10.10.10.0 0.0.0.255 area 0
10.100.200.0 0.0.0.255 area 0
so if in a second time you want to move net 10.100.200.0 in area 11 you can easily
no 10.100.200.0 0.0.0.255 area 0
10.100.200.0 0.0.0.255 area 11
Note about wan connections:
I hope the other switch is not only one : I mean don't terminate all the WAN links in a single device or your redundancy is just nominal:
if that device fails the site is isolated even if the edge switches are two.
if there is a single device terminating WAN links I recommend to migrate these links half on new edge1 and half on new edge2.
Don't be afraid to ask for a maintanance window for doing this if necessary.
Hope to help
LES shuld mean leased lines.
if you are comfortable with OSPF in area 0 only adding two devices don't change the picture.
In the future you may want to implement an OSPF multi-area domain for scalability and for getting a finer control on routing (route filtering is possible only at area borders).
In that case the core devices can become the ABR between area 0 used on the WAN links and the area used in each site (one area in each site)
2) yes the new edge routers need to take part in OSPF area 0 see above for multi-area considerations
3) different connections schemas can be used: you can use 4 point-to-point routed links to avoid any STP interaction.
You don't need anything else then OSPF: automatic failover is provided by the routing protocol
about moving routing to distribution is a common practice.
This step if has to be done in all 6 sites can be a trigger for a multi-area OSPF implementation or not all depends in the size of the sites.
Hope to help