I'm in the process of breaking down my network at three different sites. We used to have all of the network on a /23 Class C network, but now I want to make the most of the 3750 switch(es) I have at each site to vlan out for different purposes, but also want to take the opportunity to arrange the ip addresses in to areas so I can manage all sites routing through OSPF. There is every possibility that we could add more sites in future, so I'm thinking that we can just duplicate the structure and up the second octet to match the area. Hey presto!! Simple...
Trouble is, I'm having real problems working out the areas... It should be simple, but I'm having a mental block.
I've attached a diagram for the network as I want it to be. I may add some site to site VPN's in the future for redundancy, but we'll deal with the simple elements first...
I know this should be simple, but would love some help.
Just for a bit more information, the MPLS is managed by Verizon, which is why I want to put a GRE Tunnel in place so I can push OSPF and add class of service etc without having to beg the first line numpties to do it.
The 100Mb leased line is managed by me so I can do what I want to it...
My suggestion i that keep it simple.
Site 1 is area 0, i.e backbonearea.
Site 2 is area 2.
Site 3 is area 3.
Site One router:
router ospf 1
area 2 nssa
area 3 nssa
network 10.1.10.0 0.0.0.254 area 0
network 10.1.20.0 0.0.0.254 area 0
network 10.0.254.0 0.0.0.X area 2
network 10.X.X.0 0.0.0.X area 3 (GRE)
default-information originate always
area 2 range ip-address mask (summarization)
area 3 range ip-address mask (summarization)
This link might also help you:
Thanks for the advice BR. That all looks good.
How would that work for other sites that may be added in the future? The way that my mind was working on this was that we could almost create the area 0 as anything that wasn't 10.1(2,3,4...).n.0/23 based and make sure that area 0 had a 10.0.254.0/29 subnet for the links between sites? (Maybe that's why I'm having issues!)Suppose I were to add a site to site vpn from site 2 to site 3? How would that work?
Thanks in advance.
Then if you take care of the routing it would work fine. For site 2, you will get 0.0.0.0 from site 1 and more spesific routes from site 3. For site 3, you will get 0.0.0.0 from site 1 and more spesific routes from site 2.
But I quess that you want redundancy.
If the link from site 2 to site 1 fails you want to reach site 1 via site 3 ?
Then I think that you should go for BGP.
But thats my private opinion :)
Please do rate all helpfull post.
:) You're right, I do want redundancy.
I'll take a look at BGP and see how to get it working. My head was hurting from working out ospf, so it's going to possitively ache from throwing bgp in to the mix.
I'll let you know how I go...
I would be glad to help you.
BGP automatically guarantees the loop-free exchange of routing information, because it always selects the "best" path to a destination prefix.
Have a look at this link:
Think I may need your help to be honest!!! It really is appreciated.
Just to give you a quick overview, the Site 1, 2 and 3 switches are 3750's and have the vlans (as shown in the diagram) set with a default IP address on each vlan as 10.1.n.254 for each vlan at site 1 and 10.2.n.254 at site 2 etc... I am hoping that I can keep this as standard so that any new sites can follow this pattern.
I'm assuming that I will set an as number at each site, let's say 100 for site 1, 200 for site 2....
This is the entry that I have for the site 1 bgp setup on the 3750 (10.12.169.250 is the ip of the site 3 3750)
Should that work? Soryy about this.
router bgp 100
neighbor 10.12.169.250 remote-as 300
neighbor 10.12.169.250 route-map localonly out
This would work fine,but I suggest that you set up peering between loopback addresses.
Thats "best practice". also apply: update source loopback 0.
HTH, do rate all helpfull posts.
Okay, I'm still having a few issues. I'm concentrating on the link between Site #1 and Site #2, in particular the 3750 switches and the 2600 router on each side.
I've set the site #1 AS as 100 and the sute #2 AS as 200.
The relevant config is as follows:
ip address 22.214.171.124 255.255.255.255
router bgp 100
neighbor 126.96.36.199 remote-as 100
neighbor 188.8.131.52 update-source Loopback0
ip route 184.108.40.206 255.255.255.255 10.1.254.1
ip address 220.127.116.11 255.255.255.255
router bgp 100
neighbor 18.104.22.168 remote-as 100
neighbor 22.214.171.124 update-source Loopback0
neighbor 126.96.36.199 remote-as 200
neighbor 188.8.131.52 ebgp-multihop 2
neighbor 184.108.40.206 update-source Loopback0
ip route 220.127.116.11 255.255.255.255 10.1.254.254
ip route 18.104.22.168 255.255.255.255 10.0.254.26
I thought I should see the routes in the 'sh ip route' table...
Hi again !
I think the problem is that you do not reach the loopbacks :) Try to ping 22.214.171.124 from 2600 with source loopback 0. Looking at your diagram if the 2600 cary the link to site 2 the gateway for 126.96.36.199 should be 10.254.0.2 :) And no ebgp-multihop.
You do not need to run bgp on both the 3750 and the 2600. You run bgp on the box that has the link to the other site. And you have no network statement under bgp on the 2600. In addition to network you should use mask, like this:
network 172.25.33.0 mask 255.255.255.0
Please check the scroll-bar at the bottom rigth on every post :)
...and one more cosmetic thing. Use ospf to reach the loopbacks.
and maybe if you need a local routing at your site. BGP at the border :)