this is my topology:
- PE1, R1 are on SITE A
- PE2, R2 are on SITE B
- SITE A: ospf area 0
- SITE B: ospf area 1
- on SITE A, there's R1 on area 0 and area 1 (L1 backdoor to R2 on SITE B)
Today SITE B is reachable through the backdoor, cos from PE1 and R1 we have always LSA type 3, but the metric is different (AD iBGP > AD OSPF).
How could I use the superbackbone as primary link, and R1 backdoor only for backup? route-map on PE1 redistribution? or maybe something else?
Any advice will be appreciated
an OSPF sham link will solve your problem. It mimics an intra-area link with configurable bandwidth. Thus you get LSA1 and not LSA3 and path selection is only a question of metric.
For further reading and a more detailed explanation please consult:
"OSPF Sham-Link Support for MPLS VPN"
Hope this helps! Please rate all posts.
uhmm ... now PE1 and R1 send LSA3 on area 0 (SITE A), is it? now the path selection is only a question of metric ... I don't understand ... maybe you say "create a sham-link from PE2 to R1"?
thanks for your support
The design could look like this:
PE2 -(area1)- R2 -(area1 backdoor)- R1 -(area1)- PE1 -(area1 sham link)- PE2
and area 0 hanging off R1 to the rest of the network.
This means you would need to convert the R1 - PE1 link to area 1
The other redesign option would be to convert everything to area 0
I assume you are an end customer of an MPLS service provider. So you must be having more flexibility as to what you are doing on your network.
Now you can put the backdoor link in Area 2. Or any area of your choice apart from Area 0 or Area 1. Since Intra Area routes are preferred irrespective of metric over InterArea Routes.
So put you backdoor link ONLY in Area 2 and increase the cost of the backdoor link to that higher than compared to your PE-CE links. This should solve your problem for the good.
So the effect would be you your SITE A receives L3 LSA from PE1 and R2.
Since the metric of the L3 LSA is better from PE1 you will prefer that link compared to your backdoor link.
Do lets us know what was the outcome of your testing.
I forgot to mention a point there, you will need to configure a virtual link to support this scenario.
Whole solution is based upon you haveing more flexibility on your network configuration, arther than SP MPLS cloud. And second thing is backdoor is for pure backup scenario, so a virtual link.
Please ignore my post, am caught up in couple of things at the same time.
Just went on a tangential thinking mode.
Thast not the right way I specified.
Just back. Now coming back to the question on hand.
To achieve the objective of having primary over MPLS and backup on backdoor
without making any major changes. Use a static route with higher AD or RIP or EIGRP,
on the backdoor link, and redistribute OSPF routes into the dynamic protocol is you
dont use the static. This will solve the problem. As I dont see a real need to put the
backup link into any OSPF area. As this would complicate or you may need to
change quite some things.
Now the summary of your current problem is,
1) Link On R1 to PE1 is in Area 0 and on Both R1 and PE1 you will see the
SITE B routes are Inter Area Routes.
2) Link On R2 to PE2 is in Area 1 and on both R2 and PE2 you will see the
SITE A routes as Inter Area Routes.
3) Now when you Add a Link from R1 to R2 you will see the routes from
R2 as Intra Area.
4) Now these routes would be preferred more over the Inter Area route
received via MPLS VPN, as Intra Area has preference over Inter Area,
irrespective of metric as I specified earlier.
After you implement as stated the effect would be now R1 sees R2 route
only available through OSPF. And when the primary link goes down it
will go via the backup.
Let me know how it worked during your tests!
just one remark. using RIP or EIGRP with redistribution on the backup link might cause you serious routing loop issues. Also all routes will be OSPF external, which can not be summarized nor are allowed in stub areas, which restricts further designs and network modifications. In addition it might not work as expected.
Assume network N1 behind R1 and
N1-R1-MPLS-R2 for primary link
and N1-R1-RIP-R2 for backup link
Now on R2 initially you have the route through OSPF and through RIP, thus in the routing table you have the OSPF route and it is redistributed into RIP and announced back to R1. This is no real problem unless R1 looses network N1, when the R1 routing table entry will be from RIP and this is redistributed into OSPF and announced to R2 ... voila, a routing loop.
So this scenario only works, if you setup proper filters, which might get rather complex and unflexible depending on the network design (f.e. ip addressing, etc.). And whenever you introduce a new network or new IP addresses you should at least check your filters in place.
Introducing another routing protocol with mutual redistribution and necessary filters in different places is a more major change than converting one link in OSPF from being one area to another area, IMHO.
Hi Martin, hi folks,
thanks for your answers.
Just to understand correctly, in attach my topology.
Normally, PE1 on area1 has routes to area0 networks from backbone, and not from R1 LSA3. R3 instead receives routes from R1, and not PE1 (correct). Question: why? That's a "specific" superbackbone behavior?
Another question, for Martin: I've to do a sham-link between PE1 and PE2?
thanks for your support
Hmmm....I am looking at your original post and this topology attachment. both are different.
Anyways what are the link speeds/media used.
Hi Looking at your current topology,
the previous answers stand still, again to brief a little.
You current scenario is like this:
1) Any hosts connected below you R1 will go via the backdoor link to R2
as INTRA area routes would be preferred over INTER area routes.
As you will be receiving two types of routes fro same destination R2.
one Via backdoor link and other via PE1. at Site 1.
2) For R4 and R3 its a question of metric whether backdoor or MPLS VPN.
3) For PE1 and PE2 its the question of AD, as PE will have routes learnt
via the VPN, but becasue of the backdoor the PE1 and PE 2 will face
problem with the AD. and the forwarding will point back to directly
connected CE.(R3 or R2) due to route to same destination learnt in OSPF.
4) For R2 as well for destinations on R3 or R4 its a matter of the metric.
but for destination on R1 it will choose the backdoor because of the
reason given in point 1.
Now what you can do is as below.
A) Run static with higher AD on the backdoor, or use other dynamic routing
protocol with simple route-map with tag filtering for <-> redistribution.
B) If Still if you want to retain the Area Structure as it is then,
you can still do that,provided you dont have any hosts or
destination of R1m and do two things as below.
B.1) Set the cost of your backdoor link very high.
B.2) What you need to do is go to your PE, and in the router
ospf vrf process use this command.
"distance ospf inter-area 210"
Method B is not recommended for all scenarios and is specified from this topology
perspective, since if you want to retain the area structuring as it is.
Let me know how ur testing goes.
Hmmm, I think sham link may work in this case if you have a similar area on both sides. As it will help you override the Inter Area LSA received from one side by converting that to a Intra Area LSA.
So Sham link will work but only thing is you will have to change you area setup, to use it. SO i wanted to try and keep your things as they are and achieving a solution.
You need to redesign your network in any case, because otherwise the stated goal - MPLS primary, R1-R2 backup - can not be achieved. So the question is what to change.
Are there good reasons to have multiple areas (with only 5 routers, if your topology is drawn correctly this time)?
If not, then convert everything to one area (presumably 0) and use a sham link in the MPLS VPN.
If you introduce another routing protocol between R1 and R2 using mutual redistribution including proper filters and getting external networks instead of interarea, it would be possible to achieve the stated goal as well.
IMHO this increases operational complexity a lot and thus would be only the second best option.
Having only OSPF everywhere plus a sham link in the MPLS VPN would be the easiest solution I can see.
But finally it is your network and your decision to take.
Hope this helps! Please rate all posts.