OSPF design help required

Unanswered Question
Oct 12th, 2009
User Badges:

Hi all,

I want to configure the ospf in my network which consists of 250 sites connected to one single main site via GRE over ipsec tunnels. This is straightforward configuration if I go with single area but considering in mind of 250 locations is it good idea to have single ospf area across the network.

It will certainly create routing overhead as at branch side there is no need to have full routes it just needs subnets in main site to be reachable.

Your suggestion is needed for this setup either to divide it into areas or any other choice possible.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Mon, 10/12/2009 - 01:39
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Muhammad,

with 250 remote sites I would consider to use DMVPN.


here it is a link to DMVPN SRND


http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/DMVPDG.html


DMVPN with OSPF would allow for spoke to spoke dynamic tunnel this can be desired or unwanted.


In any case, with or without DMVPN you can divide the remote sites in groups that will be put in totally stub areas.


Having 250 areas in HQ devices is not feasible. Each area requires its own link state DB.

So you should accept to receive some other remote sites routes those of remote sites in the same area.


I would say 10 areas with 25 remote sites each can be a good trade-off.


Hope to help

Giuseppe


hasnain321 Mon, 10/12/2009 - 02:47
User Badges:

Thanks for your reply

DMVPN is not required as there is no need to have spoke to spoke tunnels.

So dividing the network into number of areas is the only option left. Still there will be unwanted routes of same group in spoke sites and we have to do tade-off for this.

Joseph W. Doherty Mon, 10/12/2009 - 05:24
User Badges:
  • Super Bronze, 10000 points or more

Alhough you have no need for spoke-to-spoke tunnels, you might still want to consider Giuseppe's suggestion of DMVPN. It still offers some advantages in a hub-and-spoke architecture.


Yes, there will be unwanted routes within the same OSPF area, but it's a fair trade-off. However, you didn't describe spoke ends. I.e. whether they might only advertize one spoke LAN route or have a whole other spoke routed topology. If the latter, you'll need to account for this in your area groupings.


If you're using Cisco equipment on both ends, you might also consider using another dynamic routing protocol for these VPN connections. You can then, as needed, redistribute routes in and out of the VPN topology (assuming you're still using OSPF at the hub site).

Actions

This Discussion