I have a 20 site network and need them all connected. The main office in london holds all servers. all sites need local internet breakout and all need to access the main site and maybe some internet site connections.
Would there best deign be GRE/IPSEC then run OSPF?
I'm not sure the ospf design here
Would i put the wan facing ip of each site in area 0 and all ths spoke lan interface in there own area say 1,2,3,4,5,6,etc
I'm new to OSPF just wondered if anyone knew the best design. We havn't yet confirmed what router models to use at each site.
What does your PER to CER connection look like? Is it OSPF that is then redistributed into your provider's BGP network? Or are you running a layer 2 service between your 20 sites that allows you setup OSPF logically between those 20 sites? With regard to OSPF design, the # of areas is determined by your ability to handle and propagate changes in the areas. You can isolate those changes by using different areas and/or stub areas. Like the other response pointed out, this can typically be absorbed in newer hardware/models and spare you some complexity and work, or you implement some design and upfront work that will help scale the network and accomodate future change and capacity.
we have 10 and 100mbps straight internet connection at each site provided by our isp. We just plug our kit at each site. Just wondering with 20 sites the best design. We just need all hub sites to communicate with our main office which has all the servers. How would i design OSPF to accomdate this?
I understand OSP can get complex i also understand all area must connect to the backbone of area 0 so i was thinking my main site area 0 and all the hubs in there own area? or could i have every site in area 0?
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
OSPF areas allow very large topologies. You didn't note how large the main office or branches would be.
An old OSPF recommendation was no more than 50 routers per OSPF area, but OSPF area sizing is really more dependent on number of links, the physical topology, stability of links and performance of the OSPF routers. In large enterprises with modern router equipment, OSPF areas often have many more than 50 routers per area.
For your network, one area might be all you need.
As you've described running a VPN over the Internet, you could construct point-to-point tunnels, e.g. GRE or VTI, or you might use a multipoint tunnel, e.g. mGRE or DMVPN. OSPF will see the tunnel as "link" and happily route traffic across it.
Whether to use encryption is up to you. Obtaining someone else's transit VPN traffic packets, on the Internet, isn't trival, unless you have access to the transit equipment. What you do want to insure is you follow all best pactices for security for you Internet/VPN devices, at they would be a primary attack point.
You can mix Internet VPN and regular Internet access on the same ISP links, but if you do, you can not really do QoS for your VPN traffic because the shared regular Internet traffic is a bandwidth unknown. If budget allows, I recommend one ISP connection be devoted to Internet VPN and another devoted to general Internet access.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...