Re: Which area to put an ABR's loopback into for iBGP peering?

leedavies · ‎02-07-2011

Hi

I'm looking for advice and real world experience in building out large-scale MPLS networks. There's plenty of material out there for scaling OSPF networks but I can't find anything which is specific to scaling the IGP's of MPLS networks.

Background - The network I am working on has a core of 12 P routers with 22 aggregation PE's (7600's) hanging off them. All of the interconnects and loopbacks of the core and aggregation routers are in OSPF Area 0. The 7600 PE's have an iBGP full-mesh between their loopback 0 interfaces. We have built out rings of access PE's (7201's) which interconnect a pair of 7600's and these are placed in different OSPF areas so each access layer ring of 7201's has 2 7600's as ABR's. The 7201's have iBGP peerings with the 2 ABR 7600's and are route-reflector clients of the ABR 7600's. The iBGP peerings between 7201 and 7600 are between loopback 0 on the 7201 which is in OSPF area X and loopback 0 on the 7600's which are in area 0.

Problem 1 - If the area 0 link between 7600#1 and it's core P router fails, all VPN traffic originated from 7600#1 stops. I believe this is caused by the OSPF loop prevention mechanisms on the 7600#2 preventing it re-importing 7600 #1's loopback 0 prefix back into area 0 when it is learned through area X.

Problem 2 - We are experiencing asymmetrical routing. VPN prefixes originated from a 7600 will have a BGP next-hop which is in area 0 so the access ring of 7201's it's acting as ABR for see this as a Type 3. The 7201's originate VPN traffic with a BGP next-hop in area X. Therefore, VPN traffic from a 7201 destined for 7600#1 may exit area X via 7600#2 and go to 7600#1 via area 0 if it is closer to 7600#2 than 7600#1 but the return traffic from 7600#1 will always stay intra-area and use area X. This causes asymmetrical routing.

Possible Solutions:

1 - move the 7600 loopbacks into the Area X?

2 - move everything into area 0 and run iSPF?

3 - hybrid solution with 2 different loopbacks on each 7600. One in Area0 for inter-area VPN customers. One in AreaX for VPN customers that are limited geographically to AreaX PE's?

4 - use "redistribute connected" on the 7600's so the loopback 0's are advertised in Area X and Area 0 as Type 5's?

I'd appreciate comments on the problems outlined above or links to design docs that address these issues.

Thanks in advance

Yasir Ashfaque · ‎02-08-2011

Hi,

I think Option 1 will work, as it solves both of your problems without introducing any new issue.

regards,

Yasir

martin ofner · ‎02-08-2011

hello!

Yes put the Loopback0 from the PE into the global routing table from OSPF and also the Loopback0 from the 7201# into the global routing table.

Then you will receive all the routes with O IA and it works

Luc De Ghein · ‎02-10-2011

Hi,

Your view on Problem 1 is correct. Prefixes from area 0, sent into another area, cannot be re-advertised into area 0.

I'm not sure why asymetrical routing is an issue.

In any case, your issue is typical where the connection between 2 ABRs is either in area 0 or area X.

This leads to suboptimal routing.

Solutions are:

1) have 2 links (or subinterfaces) between the ABRs, one in area 0 and one in area X

2) create a vrtual link through area X between ABRs

3) GRE tunnel between ABRs in area X

4) the link between the 2 ABRs is multi-area adjacency

4) is implemented in IOS-XR, but not yet in IOS

Regarding solution 1: it is difficult to have optimal routing through ABRs in both direction. For instance, if you put the loopbacks on 7600 in area X, then VPN traffic from one 7600 to another will prefer intra-area inside area X, which is a ring, and not the area 0 path.

Regarding using one area only: a good idea. How many routes would you have if all is in one area? This depends if you do summarization on the ABRs today. If using one area, then you likely do not even need iSPF. Would it really make a difference if for example the SPF takes 5 ms instead of 30 ms to run.

Thanks,

Luc