Solved: Resilient routing design with OSFP

wscotty2012 · ‎08-28-2012

Hi,

I'm desiging the attached infrastructure.

We have 2 sites, each with 2 x 4506 switches which will be connected togther using an etherchannel. The switches will provide access ports for client devices and will be configured with HSRP to provide gateway redundancy. SW1 will be HSRP active.

2 metro ethernet links will be installed in each site which will connect back to our HQ sites. OSPF will be used over the backbone to provide resiliency and to allow shortest path routing to each HQ and to prevent traffic over the HQ to HQ link.

The 4506 will be trunked togther with an SVI for providing OSFP adjacency.For the traffic flow from SW2 to HQ2, traffic will hit SW1 and then route back to SW2 and then to HQ2. Is this the best way to do this? Should a second link be connected between switches just for routing or should something like GLBP be used?

Any thoughts?

thank you

Giuseppe Larosa · ‎08-28-2012

Hello Wscotty2012,

I would use GLBP instead of HSRP as you have already noted in this way you get all inter site links used otherwise the SW2-HQ2 links would be unused in direction branch office to HQ

Besides this you have enough connectivity between switches in the same site ( an etherchannel between them and one SVI associated to a vlan permitted on the bundle for OSPF adjacency for co-located devices) and with HQ.

For the client IP subnets I recommend to use network .... area command + passive interface instead of using redistribute connected in order to deal with internal OSPF routes instead of OSPF external routes to have more control

Hope to help

Giuseppe

View solution in original post

Giuseppe Larosa · ‎08-28-2012

Hello Wscotty2012,

I would use GLBP instead of HSRP as you have already noted in this way you get all inter site links used otherwise the SW2-HQ2 links would be unused in direction branch office to HQ

Besides this you have enough connectivity between switches in the same site ( an etherchannel between them and one SVI associated to a vlan permitted on the bundle for OSPF adjacency for co-located devices) and with HQ.

For the client IP subnets I recommend to use network .... area command + passive interface instead of using redistribute connected in order to deal with internal OSPF routes instead of OSPF external routes to have more control

Hope to help

Giuseppe

wscotty2012 · ‎08-28-2012

Hi Giuseppe,

thanks for the quick reply. That makes sense.

Also it is advised to keep everything in the same OSPF area or create seperate areas for the IP subnets in site1 and site2? there wont be any routers behind the 4506s

Joseph W. Doherty · ‎08-28-2012

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

Just be aware if you're going to span VLANs across both 4500s, you can encounter unicast-flooding.

Whether to define OSPF areas for your two sites depends on multiple factors besides whether there will be multiple routers at each site. You need to look at the size and complexity of the complete topology you wish to contain within an area, expected stability, bandwidth of links and performance of the individual OSPF platforms.

wscotty2012 · ‎08-29-2012

Thanks you for this.

The diagram displays the only OSPF routers in the topology so the infrastructure is not very complex.

Regarding unicast flooding, is there anyway to prevent this with this design? I assume that unicast flooding can be caused when a device uses SW1 as its gateway, which then routes traffic to HQ2 via SW2 and then return traffic is flooded into the source VLAN, is that correct?

Joseph W. Doherty · ‎08-29-2012

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting


Regarding unicast flooding, is there anyway to prevent this with this design? I assume that unicast flooding can be caused when a device uses SW1 as its gateway, which then routes traffic to HQ2 via SW2 and then return traffic is flooded into the source VLAN, is that correct?

Yes and yes.

One way to prevent the issue is to sync the L3 switches' ARP and MAC table timers.

PS:

Another possible issue, if the L2 link fails between the two L3 switches, they might still advertise reachability to the same subnet but not have reachability to all host on that subnet. You're already mentioned you plan to use Etherchannel which improves redundancy between the two switches, but will the Etherchannel links be on different cards?

wscotty2012 · ‎08-29-2012

Thats great.

Yes, each of the switches will have dual SUP modules so the etherchannel will be formed by connecting the 1Gbps ports on SUPs as SUP1-SUP1 and SUP2-SUP2.

Resilient routing design with OSPF