11-03-2010 11:14 AM - edited 03-04-2019 10:21 AM
Hi
This one is related to OSPF design question, I request some input from experts
15 Regional Remote Offices Connects to HQ over Service Provider MPLS Cloud.
10 International Branch Offices Connects to HQ over VPN
Each Regional office are small with less than 50 users
Each International Offices are medium or small ranging from 100 to 500 users
Question : How many OSPF area would I need in the complete network including Regional Remote Offices and International Branch Offices
Solved! Go to Solution.
11-03-2010 11:32 AM
Hello Anthony,
be aware that in real world multiple options are possible.
First of all we should know if international offices connecting over VPN use the VPN connection to HQ for internet access (for more control) or they use the local handoff to access the internet.
Let's suppose that using the VPN tunnel to access the internet is desired.
The best idea to take advantage of OSPF hierarchy is to put the international remote sites in an OSPF stub area (under the hyphotesis above). Area 11
The 15 regional offices are probably using low end routers and they again can take advantage of OSPF stub area, in this case for maximum resource savings you could use a totally stub area.
To be noted every remote office will receive the routes of the other regional remote sites because they are in the same area even if it is totally stub. Area 22
An area 0.0.0.0 is always needed in multi area OSPF so it is reasonable to use 3 areas in total in this scenario.
to be noted if international sites use local links for internet access the area 11 should be a normal area or an NSSA area because it is not acceptable for them to receive a default route over the tunnel ( this is automatically generated on ABR nodes of a stub or totally stub area this is the key point).
On the other hand regional branch offices have no local internet option so they can benefit from a stub area in any case.
IF the MPLS service is a layer 3 VPN can be acceptable to put regional branch offices in area 0.0.0.0 because most of implementations using OSPF as PE -CE protocol use area 0.
So also 2 areas could be an acceptable solution.
Hope to help
Giuseppe
11-03-2010 11:32 AM
Hello Anthony,
be aware that in real world multiple options are possible.
First of all we should know if international offices connecting over VPN use the VPN connection to HQ for internet access (for more control) or they use the local handoff to access the internet.
Let's suppose that using the VPN tunnel to access the internet is desired.
The best idea to take advantage of OSPF hierarchy is to put the international remote sites in an OSPF stub area (under the hyphotesis above). Area 11
The 15 regional offices are probably using low end routers and they again can take advantage of OSPF stub area, in this case for maximum resource savings you could use a totally stub area.
To be noted every remote office will receive the routes of the other regional remote sites because they are in the same area even if it is totally stub. Area 22
An area 0.0.0.0 is always needed in multi area OSPF so it is reasonable to use 3 areas in total in this scenario.
to be noted if international sites use local links for internet access the area 11 should be a normal area or an NSSA area because it is not acceptable for them to receive a default route over the tunnel ( this is automatically generated on ABR nodes of a stub or totally stub area this is the key point).
On the other hand regional branch offices have no local internet option so they can benefit from a stub area in any case.
IF the MPLS service is a layer 3 VPN can be acceptable to put regional branch offices in area 0.0.0.0 because most of implementations using OSPF as PE -CE protocol use area 0.
So also 2 areas could be an acceptable solution.
Hope to help
Giuseppe
11-03-2010 11:47 AM
Thank you for a nice explanation.
International offices will have local handoff to access the internet.
MPLS Service from Provider runs on BGP ( Regional Branch Office connectivity )
If One of the International Offices got 15 local branch offices connected to it via their local MPLS Service provider.
All these 15 branches would get 90% services from International office and 10% Application services from HQ but passing the traffic thorugh the International branch
I_branch*******(MPLS)******International_office***********************(VPN over Internet)***************************HQ
Keeping the above in mind, what ideally should be OSPF Design
11-03-2010 01:29 PM
Hello Anthony,
if there are 15 branch offices behind a single international office:
the VPN link has to be in area 0=0.0.0.0 (use of virtual link has to be avoided in a real world design)
branch offices connected to the international office can be put in a totally stub area
international office router can act as ABR sending a default route to branch routers and summarized routes (area range) towards HQ representing IP subnets in international office and connected regional branch offices.
Hope to help
Giuseppe
11-03-2010 01:53 PM
Thank you for replying.
I do understand your saying but how does it looks in configuration ( VPN link will be in area 0 )
Lets consider this example
BB_rtr___VPN-rtr___Firewall======INTERNET======VPN-rtr---------BB_rtr ( HQ )
On International_site I would have Area 11
On HQ I would have Area 0
How VPN will be in area 0 ( HQ end i can advertise as area 0 )
On International site ( VPN end will be advertise as area 0 ) => I m confused on this point
11-03-2010 02:05 PM
Hello Anthony,
>> On International_site I would have Area 11
On HQ I would have Area 0
sorry for having being unclear
the added requirements of branch offices connected to international office calls for moving to area 0 the links between international office and HQ that is the VPN link so no area 11 on HQ side but area 0
Hope to help
Giuseppe
11-03-2010 02:18 PM
Thanks Giuseppe for the clarity. I got a good understanding.
For MPLS (BGP ) I got two questions but will have another Post, do help if possible
Best Wishes
Anthony
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide