Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

OSPF design question

I have an edge router at my HQ site that is getting a default route via BGP.

This router is in turn distributing the default route into OSPF and advertising it to my HQ firewall.

The default route needs to be dynamic for our failover scenario to our DR site.

If we loose HQ internet, the higher AD default route to DR takes over.

We have a CSS device in between our HQ router and Firewall. The CSS is taking web requests and redirecting them to the Static NATs on the firewall.

That all works, with this exception: possibilites of asymetric traffic flows due to the servers behind the firewall initiating traffic directly and not going through the CSS.

I need to have OSPF configured on the CSS and have it be the first hop from the Firewall.

So the firewall will route traffic to the CSS, then to the Edge router.

I have that set up in the lab and it works, but you can only set the CSS up as an AS-Boundary device to distribute a default route.

I also had to adjust the cost of the interfaces to make the CSS more desriable than straight to the edge router.

I was wondering if this would be an issue from a design perspective to have the CSS as an AS-boundary device, sitting in between the Firewall and edge router OSPF area, all devices are in area 0.


Re: OSPF design question

OSPF uses a link-state algorithm in order to build and calculate the shortest path to all known destinations. The algorithm by itself is quite complicated. The following is a very high level, simplified way of looking at the various steps of the algorithm:

Upon initialization or due to any change in routing information, a router will generate a link-state advertisement. This advertisement will represent the collection of all link-states on that router.

All routers will exchange link-states by means of flooding. Each router that receives a link-state update should store a copy in its link-state database and then propagate the update to other routers.

After the database of each router is completed, the router will calculate a Shortest Path Tree to all destinations. The router uses the Dijkstra algorithm to calculate the shortest path tree. The destinations, the associated cost and the next hop to reach those destinations will form the IP routing table.

In case no changes in the OSPF network occur, such as cost of a link or a network being added or deleted, OSPF should be very quiet. Any changes that occur are communicated via link-state packets, and the Dijkstra algorithm is recalculated to find the shortest path

CreatePlease to create content