Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Design Help needed

Network diagram is attached. Please help me in deciding routing best for this situation. There is main Head office and every branch office is connecting to this directly through VPN.

I would like to proceed with OSPF because of industry standard and devices involving multiple vendors. Which OSPF design would be best for this situation? The problem is that IP address allocated to Branch offices are not in symmetry.

So simply dividing the branch office into multiple areas based on their geographic locations doesn't look possible due to IP addresses allocation. I can't change the IP addresses in all offices.

If I go with just one area OSPF database size will be large as there are around 300 branch offices.

So help me to decide is Static routing a solution or still go with OSPF? Is there a way to control the ospf traffic other than areas?

One thing to mention each branch having dual links to the main site and each Service provider is providing dual links one primary and other backup.

Thanks

3 REPLIES
Hall of Fame Super Silver

Re: Design Help needed

Hello Muhammad,

>> So simply dividing the branch office into multiple areas based on their geographic locations doesn't look possible due to IP addresses allocation. I can't change the IP addresses in all offices.

you can use multiple OSPF areas even if the address plan doesn't allow a good summarization at area boundary you can get some advantages too.

A solution that fits well with your scenario is DMVPN:

in this case you can build one ore more virtual clouds and to have OSPF running over it.

You may be already thinking of this.

Each cloud you implement being a virtual lan subnet can be in a single OSPF area.

for DMVPN see

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/DMVPDG.html

for scalability considerations see:

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/DMVPN_3.html#wp70028

and more general for IPSec VPNs

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/IPSec_Over.html

Be aware that the type of platform you use as head ends is important and probably you need at least a C7200 VXR with NPE-G2.

the dual links may be handled with double mGRE clouds one preferred and one used as backup.

Edit:

I see that you say you are in a multivendor scenario so I'm not sure that DMVPN is supported in this case.

Handling 300 + 300 point-to-point GRE tunnels over IPSec over the internet leads to considerations in the third link.

Hope to help

Giuseppe

Community Member

Re: Design Help needed

Thanks Giuseppe

DMVPN is not a choice due to multivendor environment. To handle 300+ spokes through VPN is not issue.

Issue is the choice of Routing. If I go with ospf multiple areas and without summarization then OSPF database size and LSA traffic would that be an issue?

Hall of Fame Super Silver

Re: Design Help needed

Hello Muhammad,

using OSPF areas even without summarization is advatangeous because you partition the database:

detailed link state information is used and tracked only for intra area routes.

Inter Area routes are less detailed and being linked to the ABR they can be tracked/updated with partial recalculation (a full SPF execution should'nt be needed if a route in another area changes state, at least with PRC support in modern IOS images)

I think you can try to use the multiple area approach.

You can even think to use some form of stub area (the standard one that is stub area) to reduce the size of OSPF updates sent to remote routers.

This gives a clear advantage over mono-area OSPF

Hope to help

Giuseppe

97
Views
0
Helpful
3
Replies
CreatePlease to create content