×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

why OSPF virtual-link is not recommended ?

Unanswered Question
Dec 17th, 2011
User Badges:

Dears,

Would like your assistance regarding below plz


I always read that OSPF virtual-link is not recommeded and should not be used.

But Why ? What is the limitation ?

Also If I used GRE tunnel instead, will it also be not recommended ?

Thanks

BR,

Sherif Ismail

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.6 (12 ratings)
Loading.
Peter Paluch Sat, 12/17/2011 - 05:56
User Badges:
  • Cisco Employee,

Hello,


The use of virtual links is generally discouraged simply because if you need to use them, your network does not align to the strict hierarchic model that OSPF requires - all non-backbone areas are physically adjacent to the backbone area and the inter-area communication always goes through the backbone. Judicious usage of virtual links is perfectly fine as long as the virtual links are used only as a temporary measure before the network can be restructured to adhere to the OSPF requirements. However, they are not meant to be deployed permanently because they would then be simply misused as an excuse for a poor network topology.


Virtual links can not be directly compared to GRE tunnels. Virtual links are an internal hack to the OSPF database to make the backbone area appear connected, and they allow the two virtually linked OSPF routers to sync their database in a targeted OSPF adjacency session. However, routed packets are not tunneled. The transit area (i.e. the area over which the virtual link is built) will contain routing information about all areas and external routes, and will therefore be capable of routing packets natively. GRE tunnels, on the other hand, perform tunneling with all the nice and unpleasant effects.


Best regards,

Peter

Sherif Atef Ahm... Sat, 12/17/2011 - 09:11
User Badges:

Thanks Peter for your reply

That what I read in documentaions, but no one said why technically it is not recommended

I mean whats the dangers with not following the recommendation


A difference I know is that in virtual-link, OSPF packets are sent as unicast and not multicast .. but still dont see this an issue


|||


When I compared virtual-link to GRE tunnel, I did so cause both accomplish same role which is connecting an area to a backbone area via a transit area



Best Regards

Sherif Ismail

Peter Paluch Sat, 12/17/2011 - 11:00
User Badges:
  • Cisco Employee,

Hello,


To my best knowledge, there are no technical dangers related to using virtual links. You are only losing some advantages given to you by the proper design. For example, the transit area must be a regular area. You can never configure it as stubby or NSSA. Also, should one of the endpoints of the virtual link fail, the backbone will become partitioned again although the network may still be physically connected. Also, area ranges (summarization) that are configured for backbone area will be inactive for a transit area (i.e. networks internal to the backbone will be advertised without summarization into transit areas even if there are area ranges configured for the backbone). There may also be another annoyances that decrease the advantage of having your network split into areas in the first place.


A difference I know is that in virtual-link, OSPF packets are sent as  unicast and not multicast .. but still dont see this an issue 


That is correct - it is necessary in order to establish OSPF adjacency over several hops. Certainly, that is not an issue at all, on the contrary - it is absolutely necessary for the virtual link to come up.


When I compared virtual-link to GRE tunnel, I did so cause both  accomplish same role which is connecting an area to a backbone area via a  transit area


The primary difference is that the GRE tunnel hides the real recipients under the outer IP header. The "transit" area, in that case, does not need to actually know all the prefixes. What it needs, though, is a default route that points towards the backbone. Suboptimal routing may occur, then, because the traffic from the "transit" area must first reach the backbone in order to get GRE-encapsulated and carried again through the "transit" area to the disconnected area.


Once again, the virtual links are not something outright dangerous - if they were, they would not be implemented in OSPF and a part of regular RFC 2328 in the first place. However, their existence could create a false feeling that the network design may be arbitrary and sloppy. Therefore, it is quite good they are not considered something too common.


Best regards,

Peter

Sherif Atef Ahm... Sat, 12/17/2011 - 23:18
User Badges:

WoW ... Thanks Peter for your explanation


One more thing plz ... You mentioned

Suboptimal routing may occur, then, because the traffic from the "transit" area must first reach the backbone in order to get GRE-encapsulated and carried again through the "transit" area to the disconnected area.


I didnt get your point .. Appreciate if you can verify


Appreciate your assistance


BR,

Sherif Ismail

Peter Paluch Sun, 12/18/2011 - 16:15
User Badges:
  • Cisco Employee,

Hi,


Imagine you have three areas in a row:


Area 0 --- Area 1 --- Area 2


This would call either for a virtual link through the Area 1, or for a GRE tunnel. Now, if you use a GRE tunnel through Area 1, the Area 1 may not know about routes in Area 2. That could happen if, for example, Area 1 was configured as a totally stubby area, or if the GRE tunnel was already made part of Area 2.


In both those cases, Area 1 would be unaware of the prefixes located in Area 2. If communication between Area 1 and Area 2 should take place, the traffic will need to go from Area 1 to Area 0 (because of the default route), and in Area 0, it will get routed via the GRE tunnel, over the Area 1 again, to the Area 2. The communication in the opposite direction would most probably follow the same suboptimal path - from Area 2 via GRE tunnel to Area 0 and from there to Area 1.


Best regards,

Peter

Sherif Atef Ahm... Sun, 12/18/2011 - 23:13
User Badges:

Thanks Peter

But wouldnt this be the same case also for virtual-link

As area 2 will advertize its routes to area 0 via virtual-link

Then area 0 will advertzie these routes to area 2

So If communication between area 1 & area 2 is needed, area 1 will go to area 0 then to area 2

So in both cases virtual-link & GRE suboptimal routing will occur , correct ?


Many thanks for your assistance


Best Regards

Sherif Ismail

Peter Paluch Mon, 12/19/2011 - 00:16
User Badges:
  • Cisco Employee,

Hello,


As area 2 will advertize its routes to area 0 via virtual-link

Then area 0 will advertzie these routes to area 2

So If communication between area 1 & area 2 is needed, area 1 will go to area 0 then to area 2


Certainly not. Virtual links work differently. A virtual link is a virtual point-to-point interconnection that, within the link state database, always belongs into Area 0 even though it is configured over a different area, and allows its endpoints, the ABRs, to be logically adjacent to Area 0. This virtual link is subsequently used to synchronize the contents of the link state database for Area 0 (recall that each area has its own link-state database). Now, this has to be understood very carefully: Area 0 contains detailed information about its own topology in form of LSA-1 and LSA-2, plus summarized information in form of LSA-3 and LSA-4 about networks and ASBRs in other areas, plus summarized external routing information in form of LSA-5. This means that even if a virtual link is used to connect Area 2 to Area 0 through Area 1, through this virtual link, the synchronization is performed from the viewpoint of the Area 0 - not any other areas!


It is therefore incorrect to say that "area 2 will advertise its routes to area 0 via virtual link", as the virtual link does not belong to area 2 at all. Even though Area  0 will learn about networks in Area 2 via the virtual link, it is not because Area 2 sent them through the virtual link; rather, it is becase the ABR between Area 1 and Area 2 took all networks from Area 2, imported them into Area 0 link-state database as LSA-3 and subsequently advertised them via the virtual link.


In the precisely same way, the ABR between Area 1 and Area 2 will take all networks from Area 2 and import them into Area 1 as LSA-3, and vice versa, it will take all networks from Area1 and import them as LSA-3 into Area 2. This means that the Area 1 will know about all networks in Area 2 and Area 2 will know about all networks in Area 1. Therefore, the suboptimal routing as explained with GRE tunnels will not take place at all because the Area 1 is completely populated with networks from Area 2. This is why I stressed in one of my previous posts that the transit Area 1 must be a regular area and will therefore know all inter-area, intra-area and external routes. Hence, suboptimal routing is not an issue here.


Best regards,

Peter

Actions

This Discussion