cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
695
Views
33
Helpful
15
Replies

SRND Camus Design Ques

aamercado
Level 4
Level 4

Plan to redesign the attach visio network and using the SRND "High Availability Campus Network Design-Routed Access Layer using EIGRP or OSPF" as a reference. All equipment will be in one location which is our datacenter so no IDF/MDF. Will also plan to use OSPF and MST. I am accustom to L2 design but plan to move to L3 design and so my following questions are:

1. Using Edge1 as an example, I am accustom to using 10Voip(10.3.10.X) and 110Data (10.3.110.X) etc.. as Vlans but if I move to routed access layer with /31 for L3 port-channel uplinks, then to take advantage of ospf stub no-summary and ospf range commands I would need to change that to another subnet on 2nd octet right (ie 10.31.X.X) right? I was hoping to summarize to 10.3.X.X for this whole site but I don't think I can do this? right?

2. Currently, I am running Area0 on WAN router and VPN router(via tunnel) as well as on Cores and ASA. Is it a good idea to shrink the campus Area 0 to just WAN and VPN router such that the Core switch and ASA are in a non-zero area. The Cores will be the DR and BDR for this non-zero area.

3. I suspect shrinking A0 will create a discontinuous A0 btwn WAN and VPN router. Do you see this and if so, is there a workaround?

Thx

15 Replies 15

Edison Ortiz
Hall of Fame
Hall of Fame

I recommend running the entire DC as OSPF Area 0. Based on the diagram, you don't have enough devices to warrant running multiple OSPF areas in the DC.

The remote sites, should be running a non-zero OSPF area with their respective WAN router acting as ASBR with area 0 in their WAN interfaces.

L3 design in the DC can have its drawbacks, for instance: dual homing servers and any other type of devices unless you are doing L2 inter-switch links between A-B switch pairs.

HTH,

__

Edison.

I need to say that this site is one of three hub sites which is identical to each other and we do have several smaller remote sites in non-zero area with WAN interface as Area 0.

If we dual-home, I plan to dual-home on same chassis diff blade or same stackable diff switch-stack.

Assuming this is 1 of 3 identical hub sites all in A0, do you recommend going to L3 or just staying with L2. I was thinking of L3 as to avoid Spanning-tree and to take advantage of ospf aggregate uplinks back to core, summarizing etc..

Also, I am still strugling over how to design the ip subnets assuming L3. Any ideas?

Thanks for your responce.

Thanks for providing additional information regarding the other hub sites.

This is when things become a little complex and requires one-on-one whiteboard discussions and designs pros-and-cons. It can't be discussed in a public internet forum :)

If you have a dedicated link between the hub sites, then you can run OSPF area 0 on this link in order to avoid any discontinuous area 0 configuration. You can also look for configuring OSPF strictly as an IGP and BGP for inter-site connectivity.

As for dual-home on same chassis, some designers will frown upon that. Dual-home on different chassis is often the recommended solution. Stackable provides the best of both worlds.

What's the problem with ip subnets on the L3 links? Not sure I follow there.

__

Edison.

Our WAN is MPLS cloud with Ethernet handoff and with a /24 on WAN router interface. All campus hub sites are collapse L2 core/dist to access. Each hub site also have a separate DMVPN router on Area0 in case WAN router fails so Area0 is currently on all 3 hub's WAN, failover DMVPN and campus.

This will be the 1st hub site that I migrate to L3. Don't worry about ip addressing as I got this down. But with the additional info provide, would you still recommend Area 0 in this DC hub?

I was thinking of putting Area 3 on this whole DC and use the WAN MPLS and DMVPN on Area 0. I am not sure if this will create a discontinous Area 0 on WAN and DMVPN. If not, I keep Area 0 on this whole hub DC.

Thanks again for your responce

If you are planning to remain with just OSPF, then Yes - I recommend Area 0 on the DC hub and review how to prevent a discontinuous Area 0.

It's hard for me to make this assessment without a formal review of the whole entire network.

__

Edison.

I setup L3 PTP from Access to my collapse Core/Dist. For the port-channel btwn the 2 cores. I plan to use a L2 port-channel rather than L3. Do you see any problems with this?

Thanks

If your intention is to share some Vlans between the 2 Cores, then having a L2 Port-Channel is a must. If you aren't planning to share any Vlans between the 2 Cores, then going with L3 Port-Channel would be ideal as you are going with a complete L3 design environment.

HTH,

__

Edison.

I setup a lab environment on this and on testing, I have a question:

from access, I have a L3 Port-channel to each core and ran a continuous ping from my laptop. Each L3 Port-Channel is tied to 2 Gig port..so Port-channel 11 goes to Core1 and Port-channel 21 goes to Core2. When I unplug 1 of the gig on port-channel 11, I expected the traffic to eventually go to 21 but it did not. Only when I unplug both gig associated with 11 did traffic obviously go to 21.

What routing protocol you were using and what was the destination IP on the ping?

Check the routing table and see if the metric for the destination subnet changed after unplugging the cable on the port-channel.

__

Edison.

Nevermind, I didn't have the 'auto-cost reference-bandwidth" setup on all my device. Once that was in place with 10000, life was good. Thx

Another question, I have the following timers setup per SRND on the campus devise but not the WAN routers which is also on Area 0 as well as the multiple hub and remote site. I assume that is ok?

router ospf x

timers throttle spf 10 100 5000

timers throttle lsa all 10 100 5000

timers lsa arrival 80

Interface x

ip ospf dead-interval minimal hello-multiplier 4

Timers implemented under the router process should be identical in all devices participating within the same router process.

Timers implemented under the interface should match the directly connected device on that interface.

HTH,

__

Edison.

Is there an equivalent command for the ASA firewalls for below? I am running 7.2.3 and the ASA is participating in ospf Area 0.

ip ospf dead-interval minimal hello-multiplier 4

FWs do not support sub-seconds hellos. Minimum hello interval is 1 second.

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/ip.html#wp1094564

HTH,

__

Edison.

I am doing another setup of a new site with Nexus 5k. Any chance I can touch base with you offline on this?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: