Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

fully fault tolerance routing between sites

Hi All

i am trying to configure two sites with multiple wan link and different link to internet (rough diagram attached). i am trying to setup such that connection between sites and internet remain available till the even when two links are down.

i have setup ospf in all devices and i can connect, traceroute and default route preference is also working fine. OSPF areas are defined as per diagram.

here is what i wanting to achieve

- internet connection for Site B down -> internet traffic from site B need to go through site A and using 2mb wan link if this is not available used 10mb wan link and visa versa (i.e. when site A internet fails it should follow same scenario.

- i want to use both link as much as i can.

note:- interface for 2mb wan connection has the ospf cost of 20 so that this link is not preferred for the traffic.

QOS for voice and video is set on each interface.

I tried using static route with different distance

e.g. ip route 0.0.0.0 0.0.0.0 192.168.1.1

ip route 0.0.0.0 0.0.0.0 192.168.4.4 20

ip route 0.0.0.0 0.0.0.0 192.168. 3.4 40

but this just created loop, doesn't know if interface of other site is down and so forth.

i also looked at PBR but am not able to understand how i can make pbr to failover to other link and making sure PBR also is not creating loop like static routing is creating.

i will appreciate if you guys can give me some idea

.

Thank you

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: fully fault tolerance routing between sites

Hello Ashok,

only aspect to be checked when introducing 802.1Q header is the MTU: 802.1Q adds 4 bytes to frames

I agree that if the service simply carries ethernet frames it is not a problem 802.1Q tagged frames are still ethernet frames.

>> what if ospf select this link as first choice and send most of the  traffic from this link? is there any way of telling not to do that?

with suggested configuration there will be 6 equal cost paths. CEF will perform load balancing based on flows

IP SA exor IP DA exor hash (the hash is a seed that doesn't change until next reload)

So given a flow with a specific IP SA, IP DA a specific link is chosen among the available ones.

A different choice can be made per direction.

per packet load balancing is not recommended

Hope to help

Giuseppe

Rate useful posts to help Haiti

9 REPLIES
Hall of Fame Super Silver

Re: fully fault tolerance routing between sites

Hello Ashok,

given the different speeds of the two links OSPF is not able to handle this natively.

a possible approach if feasible is to divide the 10 Mbps link in 5 logical links and then to implement maximum-paths 6

For example using FR you can create 5 point-to-point subinterfaces with /30

int ser0/0

no ip address

enc frame-relay

int ser0/0.20 point-to-point

ip ospf cost 60

ip address 192.168.3.1 255.255.255.252

frame-rel interface-dlci 20

int ser0/0.21 point-to-point

ip ospf cost 60

ip address  192.168.3.5 255.255.255.252

frame-rel interface-dlci 21

int ser0/0.22 point-to-point

ip ospf cost 60

ip address  192.168.3.9 255.255.255.252

frame-rel interface-dlci 22

int ser0/0.23 point-to-point

ip ospf cost 60

ip address  192.168.3.13 255.255.255.252

frame-rel interface-dlci 23

int ser0/0.24 point-to-point

ip ospf cost 60

ip address  192.168.3.17 255.255.255.252

frame-rel interface-dlci 24

you put ospf cost 60 also on 2 Mbps link

router ospf 10

network 192.168.3.0 0.0.0.255 area 0

network 192.168.4.0 0.0.0.127 area 0

maximum-paths 6

the same has to be done on the remote site

if the link is a CDN one side can act as frame-relay DCE with

frame-rel intf-type dce under main physical interface

Hope to help

Giuseppe

New Member

Re: fully fault tolerance routing between sites

Hi Giuseppe

Thank you for your reply and have appreciated it.

now reason we have two WAN link is 2mb link was initially meant for backup use but we have managed to negotiate such that we can use that one as well if we can make it work.

Difference in these two link is also 10mb is fiber 1:1 contention ration and 2mb link is SHDSL 1:4 contention ration. will this effect the scenario you are suggesting? I want to utilize 2mb as much as i can but at the same time don't want to over do it.

you also talked about frame relay (as you can see i am not expert in this area) but will there be any different with Ethernet connection (isp  provide us with Ethernet handover).

am i also correct to say that once i set interfaces to 6 of 2mbs, ospf will use them in random?

just a thought

1) can we set in ospf that if primary link (10mb) reaches more than certain percent of utilization use second link?

2) will bgp be better choice/fit on what we want to achieve?

Thank you

Hall of Fame Super Silver

Re: fully fault tolerance routing between sites

Hello Ashok,

>> you also talked about frame relay (as you can see i am not expert in  this area) but will there be any different with Ethernet connection  (isp  provide us with Ethernet handover).

this can be done using Vlan subinterfaces (different vlans ) in the same way I've explained for FR

You need to verify with ISP if they can support different vlan tags between sites, they can or not.

>> Difference in these two link is also 10mb is fiber 1:1 contention ration  and 2mb link is SHDSL 1:4 contention ration

not clear to me what you are meaning here  SHDSL is symmetric

With OSPF or you implement equal cost routing (using the 5 logical + 1 links OR  you use the 2 Mbps as a backup only no other choices are possible.

EIGRP would allow for weighted load balancing over unequal cost paths but I would not move to EIGRP only for this reason.

Hope to help

Giuseppe

New Member

Re: fully fault tolerance routing between sites

Hi Giuseppe

Thank you again

>>>not clear to me what you are meaning here  SHDSL is symmetric With OSPF or you implement equal cost routing (using the 5 logical + 1 links OR >>>you use the 2 Mbps as a backup only no other choices are possible.EIGRP would allow for weighted load balancing over unequal cost paths but I >>>would not move to EIGRP only for this reason.

initially 2mb shdsl link was meant for backup use only but now our ISP agreed that we can use them as well. all our connections are layer 2 handover so we have to configure as we want to. we own the routers and we can configure as the way we want it. i have to confirm with isp about multiple vlans but as far as i know that shouldn't be the problem. 2mb link being 1:4 contention ration and have higher latency and not as good as the 10mb link we are worried with following

1. what if ospf select this link as first choice and send most of the traffic from this link? is there any way of telling not to do that?

I agree i will no go the path of EIGRP as i mention earlier i don't want to over use this link.

Thank you

Hall of Fame Super Silver

Re: fully fault tolerance routing between sites

Hello Ashok,

only aspect to be checked when introducing 802.1Q header is the MTU: 802.1Q adds 4 bytes to frames

I agree that if the service simply carries ethernet frames it is not a problem 802.1Q tagged frames are still ethernet frames.

>> what if ospf select this link as first choice and send most of the  traffic from this link? is there any way of telling not to do that?

with suggested configuration there will be 6 equal cost paths. CEF will perform load balancing based on flows

IP SA exor IP DA exor hash (the hash is a seed that doesn't change until next reload)

So given a flow with a specific IP SA, IP DA a specific link is chosen among the available ones.

A different choice can be made per direction.

per packet load balancing is not recommended

Hope to help

Giuseppe

Rate useful posts to help Haiti

New Member

Re: fully fault tolerance routing between sites

Hi Giuseppe

Thank you for the reply again and for the information. i will try those and see how will it go and let you.

Thank you

New Member

Re: fully fault tolerance routing between sites

Hi Giuseppe

Thank you for you answer

Considering our situation we have decided to keep it simple at this stage and just go with simple ospf failover i.e. keep backup link as backup and only use when primary goes down.

Thank you again.

New Member

Re: fully fault tolerance routing between sites

It's always good to keep topology as simple as possible and appreciate your stand on the same.

. However in near future your client decided to use the 2 Mb link for load sharing along with 10 Mb link the

n I would recommend to use eigrp as both peer routers are cisco make and supports eigrp.. this give

s more flexible option based on the cost and feasible successor routing entries to use for load balancing.. you w

ill have multiple options with variance or per packet load balacing option with eigrp...

You can simplified u r design

1....Static routing LAN to firewall --- Firewall to router (Juniper static routing) -- WAN Router (Cisco 2811) ---EIGRP -- WAN Router (Cisco 2811) -- Firewall to router (Juniper static routing)  --- Static routing LAN to firewall

2.. IPSEC between two firewall for LAN to LAN traffic. Source is Firewall A to Destination Firewall B (all the traffic will be encapsulated and load balanced)

Hope this will help you in future if you think to use 2 Mb link as well

Cheers!

Shailesh

New Member

Re: fully fault tolerance routing between sites

Thanks Shailesh

Situation at this stage is

Centralize data center (Mid sized) and clients of Site b access files, email, data base from sit A. Sit B only has servers like DCS, DHCPs, Proxy and localized servers below are the reasons why topology was designed that way and of course your opinion is most welcome

- Move away from senario where you have to add one single routing entry to six different routers/switches/firewalls. has to be dynamic.

- we also didn't wanted to put wan routers after firewall because of the load of our WAN traffic and didn't wanted to put that much of load if possible.

- WAN links are private vpn point to point connection and not shared with out side world so bit of security there.

- we choose OSPF because it is the protocols supported by all devices.

Thank you and hopefully i have given bit of explanation.

668
Views
0
Helpful
9
Replies
CreatePlease to create content