OSPF Design

Answered Question
Jun 18th, 2010

Here is the environment :

Loopback0 172.16.255.1/32                               Loopback0 172.16.255.1/32

|                                                                                        |

int f0/0 3745 ---------- ------- l2 -----------------------            6509 Int f7/2 10.1.0.80  

10.1.0.51                         

                                                                                        |

                                                                                        | int f7/1 172.16.255.253/30

                                                                                       |

                                                                                    Layer 3

                                                                                       |

                                                                                       |

                                                                                       | inside 172.16.255.254/30

                                                                                    ASA5520

I want to use OSPF between the 3 devices. My first question is running it between the 3745 and the 6509. I'm having trouble understanding how to configure this, my thinking is that if i advertise the 10.1. network it may cause routing issues. Thanks in advance for any help .

I have this problem too.
0 votes
Correct Answer by Giuseppe Larosa about 6 years 5 months ago

Hello Gizbri,

you will need to add redistribute commands in order to inject BGP and static routes into OSPF domain

router ospf 10

red bgp XX subnets

red static subnets

C6500

router ospf 10

red static subnets

the ASA may need to redistribute static routes for remote sites in the same way

subnets keyword is very important to correctly import routes into OSPF or it will auto summarize to major networks (class A, B,C)

Hope to help

Giuseppe

Correct Answer by Giuseppe Larosa about 6 years 5 months ago

Hello Gizri,

OSPF is classless by default so it does not perform automatic summarization at major network transition between network 10/8 and 172.16./16.

as Jon has noted you have the ability to decide to run OSPF only on a subset of each device's interfaces.

If you don't want this LAN segment to access/to be accessed from the internet or from another company (whatever is after the ASA 5520) it is enough to do not include 10.1.0.0 in NAT commands or in commands for setting up LAN to LAN IPSec VPN(s).

if there are other networks behind/upstream the C3745, that you would like to be advertised in OSPF and to be known at the ASA, according to your network diagram you need to run OSPF on 10.1.0.0/xx network or you will have only one OSPF adjacency between C6509 and ASA.

being the ASA and the router C3745 in different IP subnets they cannot build an OSPF adjacency even if they can see each other hellos and OSPF cannot build adjacency on secondary IP addresses as it could be done with RIP so no easy fix.

if you move the IP address that you have given to the C6509 L3 interface to the C3745 you can even use the C6509 only as a L2 switch for a specific Vlan.

So, what are you trying to achieve?

routing should be fine almost in any case

Edit:

I understand your question is more basic

you need something like

router ospf 10

network 10.1.0.0 0.0.0.255 area 0

! other network commands for networks behind C3745 but directly connected to it

network 10.20.20.0 0.0.0.255 area 0

!

on C6509

router ospf 10

network 10.1.0.0 0.0.0.255 area 0

network 172.16.X.Y 0.0.0.3 area 0

on ASA

router ospf 10

network 172.16.X.Y 0.0.0.3 area 0

the network area command is the basic command to exchange hellos both devices in common link need it with matching parameters ( area number, area type and others)

Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Jon Marshall Fri, 06/18/2010 - 10:41

gizbri wrote:

Here is the environment :

Loopback0 172.16.255.1/32                               Loopback0 172.16.255.1/32

|                                                                                        |

int f0/0 3745 ---------- ------- l2 -----------------------            6509 Int f7/2 10.1.0.80  

10.1.0.51                         

                                                                                        |

                                                                                        | int f7/1 172.16.255.253/30

                                                                                       |

                                                                                    Layer 3

                                                                                       |

                                                                                       |

                                                                                       | inside 172.16.255.254/30

                                                                                    ASA5520

I want to use OSPF between the 3 devices. My first question is running it between the 3745 and the 6509. I'm having trouble understanding how to configure this, my thinking is that if i advertise the 10.1. network it may cause routing issues. Thanks in advance for any help .

Why would it cause routing issues ?

If you don't include network statements for the 10.1.0.0 network on the 3745 and the 6500 then OSPF adjacency will be formed between the 2 routers so the 3745 will not be aware of any of the networks past the 6500 and the 6500 will not be aware of the loopback0 on the 3745.

Jon

gizbri Fri, 06/18/2010 - 10:51

Thanks Jon makes sense. To get them to exchange OSPF info would I use the  neighbor command ?

gizbri Fri, 06/18/2010 - 11:35

Giuseppe - thanks for the response and explanation. Basiclly I have networks on the 3745 (static, BGP and EIGRP), directly connected networks on the 6509 and VPN Networks on the ASA. With growth and re-design I wanted to eliminate putting static routes on each device and re-destribute some of the other connected networks, OSPF seems to be the best option. Thank you for the example , it gives me a jumping off point .

Correct Answer
Giuseppe Larosa Fri, 06/18/2010 - 11:53

Hello Gizbri,

you will need to add redistribute commands in order to inject BGP and static routes into OSPF domain

router ospf 10

red bgp XX subnets

red static subnets

C6500

router ospf 10

red static subnets

the ASA may need to redistribute static routes for remote sites in the same way

subnets keyword is very important to correctly import routes into OSPF or it will auto summarize to major networks (class A, B,C)

Hope to help

Giuseppe

Correct Answer
Giuseppe Larosa Fri, 06/18/2010 - 11:00

Hello Gizri,

OSPF is classless by default so it does not perform automatic summarization at major network transition between network 10/8 and 172.16./16.

as Jon has noted you have the ability to decide to run OSPF only on a subset of each device's interfaces.

If you don't want this LAN segment to access/to be accessed from the internet or from another company (whatever is after the ASA 5520) it is enough to do not include 10.1.0.0 in NAT commands or in commands for setting up LAN to LAN IPSec VPN(s).

if there are other networks behind/upstream the C3745, that you would like to be advertised in OSPF and to be known at the ASA, according to your network diagram you need to run OSPF on 10.1.0.0/xx network or you will have only one OSPF adjacency between C6509 and ASA.

being the ASA and the router C3745 in different IP subnets they cannot build an OSPF adjacency even if they can see each other hellos and OSPF cannot build adjacency on secondary IP addresses as it could be done with RIP so no easy fix.

if you move the IP address that you have given to the C6509 L3 interface to the C3745 you can even use the C6509 only as a L2 switch for a specific Vlan.

So, what are you trying to achieve?

routing should be fine almost in any case

Edit:

I understand your question is more basic

you need something like

router ospf 10

network 10.1.0.0 0.0.0.255 area 0

! other network commands for networks behind C3745 but directly connected to it

network 10.20.20.0 0.0.0.255 area 0

!

on C6509

router ospf 10

network 10.1.0.0 0.0.0.255 area 0

network 172.16.X.Y 0.0.0.3 area 0

on ASA

router ospf 10

network 172.16.X.Y 0.0.0.3 area 0

the network area command is the basic command to exchange hellos both devices in common link need it with matching parameters ( area number, area type and others)

Hope to help

Giuseppe

Actions

This Discussion