Frame relay with VPN Backup

Unanswered Question
Apr 28th, 2010


1st Thank you for your help.

I got asked to get a backup for a frame relay network, hub spoken with 2 spokes.

Right now the topology a big ospf area 0, with a default route to the hub where the spokes get to the internet.

I was thinking aboutVPN, but I not quite sure if it will work, this is the why I’m getting your opinion.


New topology above

The ospf is pont-to-point, the area 0 would be now only in between the firewall and the frame relay’s HUB, between the spokes and the HUB I’d put a area, for ex: area10 and 11. These areas, 10 and 11, will be totally stub. This way I’d have only a default route for the HUB correct ?

At the spokes we would have a static route with its administrative distance changed to 120, less preferred then the ospf 110 default route, to the Internet.

The firewall would be our VPN concentrator and for routing we would have a default to the Internet. In the OSPF process I’d put a redistribute static for the Reverse Route Injection from the VPNs routes, and a route map to discard the default route to the Internet so it would not go to the ospf causing a loop and when the networks from the ospf be gone from the table on area 0 it will show up again but now behind the firewall

When the ospf spokes loses it's connectivity with the HUB the default route originated by ospf would pulled out the routing table and the static to the internet would be placed in the table.

The traffic would then be redirected to the internet which will be encrypted and sent to the firewall on the other side.

Am I correct on my design ? any suggestions ?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Laurent Aubert Wed, 04/28/2010 - 20:28

Hi Rodrigo,

I think we can simplify your design:

- Single area 0 between FW, Hub and spokes

- FW redistribute its default static route to the Internet into OSPF in addition to the routes installed by RRI.

- Each spoke announces into OSPF its LAN subnet

- Each spoke is configure with a floating default static route to their local Internet link




This Discussion

Related Content