OSPF Summarization issue.

rtjensen4 · ‎02-01-2012

Morning,

I am trying to accomplish some "Failover" routing via summary routes.

See attached "BASIC" picture.

Ethernet WAN is going to be OSPF Area 0

Datacenter 1 will be Area 1

Datacenter 2 will be Area 2

DC-1, RTR 1, has his WAN interface in Area 0

DC-2 RTR has his WAN interface in Area 0 as well as the point to point 250mbps link in Area 0

DC-1 subnets:

10.10.116.0/22

(a bunch of other irrelevant ones)

DC-2 has subnets:

192.168.240.0/24

10.10.241.0/24

(a couple other irrelevant ones heres)

With current setup, Routes from DC-1 -> DC-2 are going across the point to point link. That's typically what I want EXCEPT, my Ethernet WAN supports QoS while my Point to point does not. I'm trying to get traffic 10.10.116.0/22 <-> 10.10.241.0/24 to go across the 100mbps WAN connection instead of the PTP link. I still want 192.168.240.0/24 <-> DC-1 traffic to go across Point to Point. I need to build-in some failover.

On DC-2 router, I've created a summary route of this:

area 2 range 10.10.240.0 255.255.240.0

AND

area 2 range 10.10.241.0 255.255.255.0

From there, I was going to try removing the /24 route when it comes into DC-1 RTR2. This way, my DC-1 RTR1 should learn both routes across the WAN, however, if the WAN goes down, I want it to use the summary route to go through DC-1 RTR2. I realize the first summary would "Hide" the /24 route, so I created the more specific /24 summary route. However, i'm not able to get both summary routes

in the tables. I dont even see the /21 in the OSPF database. Any hints? Am I going about this all wrong to accomplish what I am trying to do?

Right now I've recreated our network in GNS3 and using that for testing, the current live environment is a bit different.

Current Production environment:

DC-1 is Area 0

WAN is Area 2

DC-2 is Area 1

PTP link between DC-1 and DC-2 is in Area 1

This setup isn't really working well, especially for what i'm trying to do. I'm trying to get a different design that will work. Any thoughts?

Thanks.

Michael Kiessling · ‎02-08-2012

Hi,

my first thought is: Policy Routing

Why not use PR on DC2? Create a ACL that separates

10.10.116.0/22 <-> 10.10.241.0/24 and then send it to your Ethernet WAN (set ip next-hop primary_IP backup_IP).

Thats not really dynamic anymore, I know. But for your case it should be appropriate.

Regards,

Michael

Michael Kiessling · ‎02-08-2012

Hi,

and here's my second thaught ;-)

To keep the dynamics you could also use PfR (Performance Routing) based on the bandwidth utilization of your

point-to-point link (if high load then use Ethernet WAN).

I never tried this myself, so I'm not 100% sure if PfR can do this exactly the way you want it (but it could be worth a try).

Regards,

Michael

ebarticel · ‎02-08-2012

I think you shoud create a static route for the network you want to go on serial link and let OSPF do the rest. All the routers in your topology has to have a interface in area 0,

DC-2 <---------> DC-1 RTR2

DC-2 <---------> DC-1 RTR1

Branch <-------> DC-1 RTR-1

Those interfaces facing each other need to be in area 0. The other interfaces on the respective routers you can put them in any areas you need.

Hope this helps

Eugen

rtjensen4 · ‎02-08-2012

Thanks both of you for your input. Right now i'm using static routes. One on DC-1 RTR-1 and one on DC-2. Has about the dynamic-ness of policy routing, but not a whole lot i can do right now haha. Thanks again.

Michael Kiessling · ‎02-09-2012

Hi,

there's just one advantage using PBR instead of static routing. You can have a backup link:

set ip next-hop primary_IP backup_IP

PBR will try to send the packets to primary_IP first, if the link is down it will use backup_IP.

In your case primary_IP would be your Ethernet WAN and backup_IP your PTP line.

Regards,

Michael (Pls vote:-)

rtjensen4 · ‎02-09-2012

That is a good point.

I also had another thought....

How about sticking an interface on DC-1 RTR-2 onto the Ethernet WAN segment? I can have as many connections to it as i want really. Its one big L2 broadcast domain between my HQ , DR , and 18 branches. Because the point to point link to DC-2 is on RTR-2, i can weight the OSPF on that local router to prefer the Ethernet WAN route instead of the Point to point and if it fails, it'll go across the PTP thats attached to it.

Michael Kiessling · ‎02-10-2012

Hi,

adding DC1 RTR-2 to the Ethernet WAN is a good idea. But if you use OSPF weight to move your traffic over to the Ethernet WAN you have to keep in mind that this will affect every traffic, and not only 10.10.116.0/22 <-> 10.10.241.0/24.

And that means you won't be using your 250Mbit line (you would pay for a line with higher capacity that's only used in a fail-over case?).

Maybe you should have a closer look at PfR - it is easyer to configure as it looks like and it would be more efficent in the term of using both lines at the same time (not all the time but under certain conditions).

You would need to connect DC1 RTR-2 to the Ethernet-WAN (what you suggested) and then configure PfR to

route the traffic 10.10.116.0/22 <-> 10.10.241.0/24 over your Ethernet WAN as soon as the bandwidth utilization on your PtP link will be 50% (or what ever fits best in your environment).

In that scenario you would use both lines when you experience high traffic. And in case of a line outage routing will

work as expected.

Have a look at https://supportforums.cisco.com/docs/DOC-8353

Regards,

Michael