OSPF Design

Answered Question
Jun 18th, 2010
User Badges:

Here is the environment :




Loopback0 172.16.255.1/32                               Loopback0 172.16.255.1/32


|                                                                                        |


int f0/0 3745 ---------- ------- l2 -----------------------            6509 Int f7/2 10.1.0.80  

10.1.0.51                         

                                                                                        |

                                                                                        | int f7/1 172.16.255.253/30

                                                                                       |

                                                                                    Layer 3

                                                                                       |

                                                                                       |

                                                                                       | inside 172.16.255.254/30


                                                                                    ASA5520


I want to use OSPF between the 3 devices. My first question is running it between the 3745 and the 6509. I'm having trouble understanding how to configure this, my thinking is that if i advertise the 10.1. network it may cause routing issues. Thanks in advance for any help .

Correct Answer by Giuseppe Larosa about 6 years 9 months ago

Hello Gizbri,

you will need to add redistribute commands in order to inject BGP and static routes into OSPF domain


router ospf 10

red bgp XX subnets

red static subnets


C6500

router ospf 10

red static subnets



the ASA may need to redistribute static routes for remote sites in the same way


subnets keyword is very important to correctly import routes into OSPF or it will auto summarize to major networks (class A, B,C)


Hope to help

Giuseppe

Correct Answer by Giuseppe Larosa about 6 years 9 months ago

Hello Gizri,


OSPF is classless by default so it does not perform automatic summarization at major network transition between network 10/8 and 172.16./16.


as Jon has noted you have the ability to decide to run OSPF only on a subset of each device's interfaces.


If you don't want this LAN segment to access/to be accessed from the internet or from another company (whatever is after the ASA 5520) it is enough to do not include 10.1.0.0 in NAT commands or in commands for setting up LAN to LAN IPSec VPN(s).


if there are other networks behind/upstream the C3745, that you would like to be advertised in OSPF and to be known at the ASA, according to your network diagram you need to run OSPF on 10.1.0.0/xx network or you will have only one OSPF adjacency between C6509 and ASA.


being the ASA and the router C3745 in different IP subnets they cannot build an OSPF adjacency even if they can see each other hellos and OSPF cannot build adjacency on secondary IP addresses as it could be done with RIP so no easy fix.

if you move the IP address that you have given to the C6509 L3 interface to the C3745 you can even use the C6509 only as a L2 switch for a specific Vlan.


So, what are you trying to achieve?


routing should be fine almost in any case


Edit:


I understand your question is more basic


you need something like


router ospf 10

network 10.1.0.0 0.0.0.255 area 0

! other network commands for networks behind C3745 but directly connected to it

network 10.20.20.0 0.0.0.255 area 0

!


on C6509

router ospf 10

network 10.1.0.0 0.0.0.255 area 0

network 172.16.X.Y 0.0.0.3 area 0


on ASA


router ospf 10

network 172.16.X.Y 0.0.0.3 area 0


the network area command is the basic command to exchange hellos both devices in common link need it with matching parameters ( area number, area type and others)


Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Jon Marshall Fri, 06/18/2010 - 10:41
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

gizbri wrote:


Here is the environment :




Loopback0 172.16.255.1/32                               Loopback0 172.16.255.1/32


|                                                                                        |


int f0/0 3745 ---------- ------- l2 -----------------------            6509 Int f7/2 10.1.0.80  

10.1.0.51                         

                                                                                        |

                                                                                        | int f7/1 172.16.255.253/30

                                                                                       |

                                                                                    Layer 3

                                                                                       |

                                                                                       |

                                                                                       | inside 172.16.255.254/30


                                                                                    ASA5520


I want to use OSPF between the 3 devices. My first question is running it between the 3745 and the 6509. I'm having trouble understanding how to configure this, my thinking is that if i advertise the 10.1. network it may cause routing issues. Thanks in advance for any help .


Why would it cause routing issues ?


If you don't include network statements for the 10.1.0.0 network on the 3745 and the 6500 then OSPF adjacency will be formed between the 2 routers so the 3745 will not be aware of any of the networks past the 6500 and the 6500 will not be aware of the loopback0 on the 3745.


Jon

gizbri Fri, 06/18/2010 - 10:51
User Badges:

Thanks Jon makes sense. To get them to exchange OSPF info would I use the  neighbor command ?

gizbri Fri, 06/18/2010 - 11:35
User Badges:

Giuseppe - thanks for the response and explanation. Basiclly I have networks on the 3745 (static, BGP and EIGRP), directly connected networks on the 6509 and VPN Networks on the ASA. With growth and re-design I wanted to eliminate putting static routes on each device and re-destribute some of the other connected networks, OSPF seems to be the best option. Thank you for the example , it gives me a jumping off point .

Correct Answer
Giuseppe Larosa Fri, 06/18/2010 - 11:53
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Gizbri,

you will need to add redistribute commands in order to inject BGP and static routes into OSPF domain


router ospf 10

red bgp XX subnets

red static subnets


C6500

router ospf 10

red static subnets



the ASA may need to redistribute static routes for remote sites in the same way


subnets keyword is very important to correctly import routes into OSPF or it will auto summarize to major networks (class A, B,C)


Hope to help

Giuseppe

Correct Answer
Giuseppe Larosa Fri, 06/18/2010 - 11:00
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Gizri,


OSPF is classless by default so it does not perform automatic summarization at major network transition between network 10/8 and 172.16./16.


as Jon has noted you have the ability to decide to run OSPF only on a subset of each device's interfaces.


If you don't want this LAN segment to access/to be accessed from the internet or from another company (whatever is after the ASA 5520) it is enough to do not include 10.1.0.0 in NAT commands or in commands for setting up LAN to LAN IPSec VPN(s).


if there are other networks behind/upstream the C3745, that you would like to be advertised in OSPF and to be known at the ASA, according to your network diagram you need to run OSPF on 10.1.0.0/xx network or you will have only one OSPF adjacency between C6509 and ASA.


being the ASA and the router C3745 in different IP subnets they cannot build an OSPF adjacency even if they can see each other hellos and OSPF cannot build adjacency on secondary IP addresses as it could be done with RIP so no easy fix.

if you move the IP address that you have given to the C6509 L3 interface to the C3745 you can even use the C6509 only as a L2 switch for a specific Vlan.


So, what are you trying to achieve?


routing should be fine almost in any case


Edit:


I understand your question is more basic


you need something like


router ospf 10

network 10.1.0.0 0.0.0.255 area 0

! other network commands for networks behind C3745 but directly connected to it

network 10.20.20.0 0.0.0.255 area 0

!


on C6509

router ospf 10

network 10.1.0.0 0.0.0.255 area 0

network 172.16.X.Y 0.0.0.3 area 0


on ASA


router ospf 10

network 172.16.X.Y 0.0.0.3 area 0


the network area command is the basic command to exchange hellos both devices in common link need it with matching parameters ( area number, area type and others)


Hope to help

Giuseppe

Actions

This Discussion

Related Content