02-07-2011 05:33 AM
Hi
I'm looking for advice and real world experience in building out large-scale MPLS networks. There's plenty of material out there for scaling OSPF networks but I can't find anything which is specific to scaling the IGP's of MPLS networks.
Background - The network I am working on has a core of 12 P routers with 22 aggregation PE's (7600's) hanging off them. All of the interconnects and loopbacks of the core and aggregation routers are in OSPF Area 0. The 7600 PE's have an iBGP full-mesh between their loopback 0 interfaces. We have built out rings of access PE's (7201's) which interconnect a pair of 7600's and these are placed in different OSPF areas so each access layer ring of 7201's has 2 7600's as ABR's. The 7201's have iBGP peerings with the 2 ABR 7600's and are route-reflector clients of the ABR 7600's. The iBGP peerings between 7201 and 7600 are between loopback 0 on the 7201 which is in OSPF area X and loopback 0 on the 7600's which are in area 0.
Problem 1 - If the area 0 link between 7600#1 and it's core P router fails, all VPN traffic originated from 7600#1 stops. I believe this is caused by the OSPF loop prevention mechanisms on the 7600#2 preventing it re-importing 7600 #1's loopback 0 prefix back into area 0 when it is learned through area X.
Problem 2 - We are experiencing asymmetrical routing. VPN prefixes originated from a 7600 will have a BGP next-hop which is in area 0 so the access ring of 7201's it's acting as ABR for see this as a Type 3. The 7201's originate VPN traffic with a BGP next-hop in area X. Therefore, VPN traffic from a 7201 destined for 7600#1 may exit area X via 7600#2 and go to 7600#1 via area 0 if it is closer to 7600#2 than 7600#1 but the return traffic from 7600#1 will always stay intra-area and use area X. This causes asymmetrical routing.
Possible Solutions:
1 - move the 7600 loopbacks into the Area X?
2 - move everything into area 0 and run iSPF?
3 - hybrid solution with 2 different loopbacks on each 7600. One in Area0 for inter-area VPN customers. One in AreaX for VPN customers that are limited geographically to AreaX PE's?
4 - use "redistribute connected" on the 7600's so the loopback 0's are advertised in Area X and Area 0 as Type 5's?
I'd appreciate comments on the problems outlined above or links to design docs that address these issues.
Thanks in advance
02-08-2011 02:53 AM
Hi,
I think Option 1 will work, as it solves both of your problems without introducing any new issue.
regards,
Yasir