WAN redesign questions

Unanswered Question
Aug 25th, 2009

Hi there,

I've got a WAN that needs some redesign and I'm just looking for some input on my proposed design.

Currently, I have 3 sites connected by DS3's. Site A and B have two DS3's between them, and there's one DS3 connecting over to a remote office. These DS3's all terminate on routers that are in the same VLAN as the servers. My "core" at Site A is composed of two 4500 switches, and Site B has the same basic "core".

I would like to change it so that each site's routers terminate on their own VLAN at Site A. Is this a good idea? Also, should each router from Site B terminate in it's own Vlan or is it an acceptable practice to have those two routers terminate in the same VLAN?

I've attached a diagram to illustrate.

Thanks in advance. (Many points will be given for this question)


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (5 ratings)
Edison Ortiz Tue, 08/25/2009 - 10:40

Terminating both routers on SiteA servicing SiteB is a good design and it allows you to run first hop redundancy protocol (HSRP, VRRP, GLBP) between those two routers.

As for separating the remaining DS3 router from the current Vlan, I don't see any issue one way or the other unless you wanted to inspect traffic between sites via some kind of Firewall/IDS device.



branfarm1 Tue, 08/25/2009 - 10:45

Thanks Edison,

Part of the problem I'm having is that I want to be able to add a VPLS network between all three sites, but still use the DS3 between Site A and the Remote office. The Site-A to Site-B connectivity will go to the VPLS connection and the DS3's will be in the background for backup. I also want to add direct connectivity between the Remote Office and Site B. Can I accomplish that with OSPF and having the routers all in the same VLAN?

Edison Ortiz Tue, 08/25/2009 - 10:54

With the proposed VPLS, are you going mesh between the 3 locations or are you remaining on a point-to-point design?

How big are the sites? Are you running a single area? Other than the routers listed in the diagram, do you have any more routers and switches running OSPF?



branfarm1 Tue, 08/25/2009 - 11:23

The VPLS will essentially be a mesh between the three sites. I currently have one OSPF area, but I'm not opposed to moving to multiple areas with an area 0. My Site A and Site B are basically the same -- DS3 routers and 4500's running OSPF, but nothing else. The remote office has a 4500, DS3 router, and an ASA all running OSPF.

Edison Ortiz Tue, 08/25/2009 - 11:32

If you are going full mesh between the 3 sites, then I don't see the need for having 3 routers on SiteA.

2 routers on SiteA is more than sufficient and you may want to move the 3rd router from SiteA to the remote location to provide a failover.

OSPF will run well on this site of the network and I will only recommend multiple areas if you were planning to summarize routes between ASBRs. For this size of the network, run a single area - much simpler.

Also, make sure to change the WAN facing OSPF interface to point-to-multipoint in order to avoid the DR/BDR election process and modify the OSPF timers to be more aggressive than the default set by point-to-multipoint.




branfarm1 Tue, 08/25/2009 - 11:50

Thanks Edison.

Each DS3 has 1 router at each end, so I don't think I'll be able to reduce the number of routers. I was thinking of having the VPLS connect into one of the two 4500's at Site A and one 4500 at Site B.

I think the end result I'd would like to achieve is to have the VPLS be used as primary between Site A and Site B, and between Site B and the Remote office, but leave the DS3 between the Remote Office and Site A as primary. Do you think that's possible?

I should also note that the VPLS is a virtual Layer 2 connection.

Edison Ortiz Tue, 08/25/2009 - 12:19

You can terminate your VPLS in the 4500s on SiteA but you will be sacrificing some cool features such as NetFlow and QoS which may be useful in the future.

As for the routing engineering you are about to implement, it is possible but quite painful with OSPF. You will have to play around with ospf cost values under the interface to achieve the desired result. With BGP, things are much simpler :)

Thanks for the note, I'm familiar with VPLS - many locations have it around my neck of the woods :)

branfarm1 Tue, 08/25/2009 - 12:26

Can you clarify the features I'd be sacrificing by connecting the VPLS to the 4500? I have Netflow cards on both my 4500's and I'd be using either an SVI or Vlan Interface for the VPLS subnet, so everything should have to go through the router, right?

As for the route engineering...... I was hoping there was some CCIE trick to easily get that going ;) Would you ever consider BGP with a small setup like mine? I have very limited exposure to BGP so there would be a steep learning curve.

Edison Ortiz Tue, 08/25/2009 - 12:38

As you know, most of the features in switches are run in hardware. I'm glad you purchased a NetFlow card for your 4500s so you won't be sacrificing that service. As for QoS, you are quite limited as you can't perform egress shaping on 4500s - you are basically limited to marking at ingress and police inbound|outbound at ingress or egress.

Without a doubt, your switch will provide faster throughput than those 38xx routers in a 100Mbps VPLS connection so that's a plus.

You don't want to configure your networks with CCIE tricks :) It will be hard to manage and document - oh - you are looking for job security :)

The problem is; you will be sharing the same IP subnet on the WAN (mesh) - so it's hard to dictate traffic from one neighbor over the other as they are both coming into the same interface.

BGP isn't that hard and it provides a higher level of routing engineering that any other protocol out there - with OSPF - you are pretty much relying on the cost of the route.

branfarm1 Tue, 08/25/2009 - 12:50

Well, thanks again Edison. I appreciate your help.

Overall, you wouldn't necessarily move the DS3 router to the Remote office into it's own VLAN, but you would move the two DS3 routers towards site B into a dedicated Vlan to use a gateway redundancy protocol.

The route engineering will be difficult with OSPF, but possible, but BGP would make it easier.

What would you say is a more scalable solution? I don't anticipate a lot of growth in the future, but possibly the addition of 1 - 3 more sites. Am I setting up myself for major headache if I go down one of these roads vs another?

Edison Ortiz Tue, 08/25/2009 - 12:53

As you grow, you will have to revisit your design. Not only growth in routers but also application|customer requirements.

You can't predict this but you can build thinking on the future.

OSPF will scale well on the current size of your network but as things become more complex and you need more management in terms of routing engineering, you will have to consider moving into BGP. I offered a workaround to your requirement while using OSPF which I'm pretty sure meets your needs.

Don't be afraid on challenges, that's how you learn :)

Edison Ortiz Tue, 08/25/2009 - 12:48

I think the end result I'd would like to achieve is to have the VPLS be used as primary between Site A and Site B, and between Site B and the Remote office, but leave the DS3 between the Remote Office and Site A as primary. Do you think that's possible?

After some thinking, you can assign ospf cost 10 on the DS3 interfaces between SiteA and Remote while assigning ospf cost 20 to the VPLS interfaces. The backup DS3 connection from SiteA to SiteB will use ospf cost 30

For subnets destined to Remote Site from SiteA, it will use the DS3 as it has a lower cost and the return traffic will be the same.

For subnets destined to SiteB from SiteA, it will use the VPLS as it has lower cost than the backup DS3.

I suggest you put this idea into a lab environment before implementing...


This Discussion