Our network consist of multiple areas running OSPF with manual cost assignment. Area 18 is where our data center is located and we have different areas connected to it via area 0. Now we would like to add another ATM link to area 18 for reduandancy purposes. The purpose of this link is to have just 2 areas (5 and 8) to use this link as the primary link while other areas use their existing link as their primary route. I can force area 5 and 8 to use the new link by assigning lower cost for the new link. However, how do I shape return traffic?. If OSPF sees a new link with lower cost from area 18 to area 0, wont all traffic start using this link?. I thought of using route maps to do traffic shaping from area 0 so that I can differenciate traffic from area 5 and 8. but we also require area 5 and 8 to use the existing link as back up route in case the new link fails sometime. How can I make this setup?.
Any suggestions are welcome and feel free to ask for any further information you may require.
Thanks in advance.
I think I do not quite understand what you are trying to describe. I am clear that area 18 is the area where the data center is. I understand that you have area 0 connected to area 18. I understand that there are some number of areas (including 5 and 8) which connect to area 0 and that at least some of their traffic goes to area 18/data center. I understand that you are discussing an additional ATM link. One end of the link will be in area 18. I do not understand where the other end of the link will be. I also do not understand whether the new link will terminate on a border router or on an internal router (and the distinction can be important in your OSPF design).
Despite the lack of understanding I think there are some points that can be made. I think that you will have a difficult time achieving what you want by manipulation of OSPF metrics. I would suggest that you may come closer to achieving it if you assign relatively high OSPF cost to the link making it less desirable and configuring Policy Based Routing on various routers to steer traffic from areas 5 and 8 to that link and to steer responses from area 18 to areas 5 and 8 to that link.
Also it has been my experience that attempts to provide special paths for certain traffic in OSPF or to provide "back door" routes between areas is difficult to achieve and usually works against the architecture of the routing protocol.
Thanks for your reply. I'm attaching a diagram so it will be much easier for us to go over any design issues.
I need to implement traffic from 'A' and 'B' to use the new ATM PVC to reach area 18 via new ABR.
Traffic from other areas will use 'D' route to data center. (Existing route)
In the event of new ATM PVC failure, A and B will use D as back up route
In the event of D - DC gateway failure, all traffic will take A and/or B as backup route to get to area 18 via New ABR.
any help / suggestions is highly appreciated.
I have looked at the diagram that you sent. It is helpful to see how the network is set up.
I think it will be helpful to divide discussion of how traffic gets from the remote areas (5 and 8) to the data center (area 18) from the discussion of how traffic gets from the data center to the remote areas. I think I see a feasible way to get data from the remotes to the data center the way that you want. I see problems getting the return traffic to do what you want.
Am I correct in assuming that area 5 and area 8 have a single ABR and that the new ATM link is being added to the existing ABR in each area?
I believe that the diagram is clear that there is to be a new ABR connecting area 0 to area 18. The new ATM link terminates on the new ABR and on the ABR for areas 5 and 8. I assume from the diagram that the new ATM link will be defined as another path within area 0.
I suggest this as a way to achieve your objective of getting data from areas 5 and 8 to use the new ATM link with the path through D as a backup:
- configure the new ATM link on the three routers as belonging to area 0.
- assign a relatively high OSPF cost to the interfaces so that the new link looks relatively unattractive on the backbone.
- configure Policy Based Routing on the ABR for areas 5 and 8 such that they send traffic headed toward the data center with the new ABR as the next hop over the new ATM link.
This should get what you want. The ABRs will send traffic to the data center over the new ATM link. If the ATM link becomes unavailable the routers should use the normal path over D. If the path through D becomes unavailable all backbone routers will see the new ATM link as available and send traffic through it.
The other direction (getting return traffic from the data center back to areas 5 and 8) is probably more complex - especially depending on how many routers there are in area 18. It was easy getting the first traffic to go where we wanted because there was a single ABR for area 5 and 8. So all traffic from those areas went to the ABR automatically. From area 18 there will be two ABRs. All routers in area 18 will need to implement Policy Based Routing so that traffic with a source in the data center and destinations in area 5 or 8 are steered to the new ABR and all other traffic is sent the normal way. Response to a failure of the ATM link will also be more complex and perhaps problematic. How will routers not connected to the link realize if it is down? It would be somewhat easier if there were a direct link from the new ABR for area 18 to the existing ABR so that if the new ABR got traffic headed for area 5 or 8 but the ATM link was down it could forward that traffic to the existing ABR.
thanks for your reply. I also got stuck with regards to return traffic. That part seems to be tricky/ messy. I was planning to decrease the cost on new ATM links such that only A and B will find that link attractive as primary route.
Rick, how do we configure policy routing?. Is there a guide I can refer to?.. would highly appreciate if you could jot down a bare sample config for this case.
Regarding the return traffic, I guess, I can work with data center engineer to suggest a solution.
If we make the 2 new ATM PVC's to be in area 5 and 8 respectively instead of Area 0, do you think that will make the return traffic easier?. Please let me know if you think of any design issues with respect to this change.
I think it will make it more problematic to try to put the new ATM links into area 5 and area 8.
One possibility that I see that might make it easier would be to not have a new ABR for area 18 and to put the new ATM link onto the existing ABR. If there is a single exit point from the area it means that you only need to do policy routing in a single place. (I obviously have no insight into the logistics and hardware issues of whether the existing ABR could support the new ATM link - but from the perspective of simplifying the routing logic that would be attractive.)
Another possibility that occurs to me is that instead of doing policy based routing on multiple routers you may need to do it only on the two ABRs. You obviously need it on the new ABR which will have the new ATM link and you could do it on the existing ABR to direct any traffic that it gets over to the new ABR. It would be easy if the new ABR and the existing ABR were directly connected (so when the existing ABR sets the next hop, it will be directly to the new ABR). If the two ABRs are not directly connected, perhaps you could configure a GRE tunnel to pass that traffic.
You asked for some help with PBR. This link should help you get started. Also if you search the Cisco site you should find lots of helpful information.
You asked for a brief sample and here is what I come up with quickly:
on each inbound interface you configure:
ip policy route-map
PBR uses a route map which might look like this:
match ip address 101
set ip next-hop
The route map references an access list which might look like this:
access-list 101 permit ip
Depending on how things are set up in the various areas for IP addressing the access list may become a bit complex. Basically it needs to permit the various combinations of addresses between the areas. In the best case you might have set up the network using private addressing such that the second octet of the address was the area ID. In which case the access list would be:
access-list 101 permit ip 10.5.0.0 0.0.255.255 10.18.0.0 0.0.255.255
The basic intent of PBR is to over-ride the normal routing logic. So you have traffic that normally would go out one way and you want it to go a different way. So you create an access list that describes the traffic and you set a different next hop address. When traffic matches the access list and the next hop address is logicall reachable it is sent out the different next hop. If the special next hop is logically not reachable then the traffic follows the normal routing logic.
Thanks for ur reply.. I've been juggling with different projects that I'm kinda lost in the middle of nowhere. :) .. and not to mention these full day vendor meetings :)
Rick, I'm not very experienced with OSPF as you are so let me just confirm something..
I guess we could have 2 entry/exit points for 2 same areas with OSPF, if we need to.
As long as area 18 is running OSPF, both ABR's should learn each and every routes from all areas connected to area 0. So if there is a link failure, both ABR's would eventually know about it , converge and route traffic based on cost metric. so I'm guessing I just have to play with the cost to get the routing correct.
Please let me know as to what could go wrong so that I could plan that in advance.
Thanks a lot again for helping me out
The details of designing and implementing this probably extend beyond the scope of this forum, but I am glad to give what advice that I can.
If you have two entry/exit points for an area (two ABRs) then yes they will both learn all the routes from all the areas and if there is a link failure they would converge and use the surviving link. If you implement the new ATM link and make its cost relatively high then the ABRs would be more likely to use it as a backup path and for Policy Routed traffic. I believe that the link failure/backup link is easier to accomplish. The challenge is to get traffic to flow the way that you want when the network is operating normally.
In general when dealing with design of OSPF networks I favor having more than 1 ABR per area. (I regard having a single ABR as having a single point of failure.) When you have as part of your requirements the need to steer certain types of traffic over certain links then having multiple ABRs does complicate things. In terms of what could go wrong, I believe that most of the risk is that some traffic might not go the way that you want it to. Perhaps some traffic from area 5 to area 18 might not go over the new ATM link, or some traffic from some other area might go over the ATM link where you did not want it to.