OSPF Between 2 Data Centers

NETAD · ‎04-18-2020

Hello, I will be configuring OSPF for routing and failover between 2 data centers and would like your input on best practice in my case. Attached is the layout. We already have one circuit between the 2 DCs and we are adding another one for redundancy. Few questions if you can address for me please:

1-Do you recommend 2 uplinks from each core to each ASR or is 1 to each ASR enought (note that we have L3 links between the core switches and OSPF adjacency is established)

2-Do you recommend one area across and each circuit in it's own? I'm asking because we might want to prefer certain routes to flow across one circuit over the other and filtering with ospf within the same area is tricky.

Thanks

ngkin2010 · ‎04-18-2020

Hi,

1. If you have available port, I would recommend 2 uplinks from each core to each ASR. It will be good for the load balancing of the WAN circuits. For example, the CORE01 / CORE02 will have 2 ECMP (under default OSPF metric) to reach another Site. With the current setup, any traffic flowing through CORE01 will use Circuit-1, and CORE02 wil use Circuit-2.

2. You should not use different area on the 2 circuits. I try to explain it by examples:

i) If you remain your Circuit-1 in Area 0, Circuit-2 in non-backbone area (e.g. Area-1).

The problem is, when both sites' CORE switches are still remain in Area-0, intra-area route is always preferred.

So, your Circuit-2 will never be used (even Circuit-1 is down).

In addition, if your Circuit-1 is down, it will result in split BackBone Area.

ii) If you decide to change Circuit-1 in Area-1, Circuit-2 in Area-2.

Both areas must attached to a backbone area (Area-0). Then obviously your CORE switches on both sites need to be backbone area. But both backbone areas are separated, they won't able to communicate.

So, If you want to control the link usage you might need to use PBR on top of OSPF. It's still worth if there is just few subnet needed to be rerouted. Otherwise, you are advised to run BGP at ASR instead of OSPF.

NETAD · ‎04-18-2020

Thanks for the reply.

I will do 2 links to each ASR.

For the areas should I just keep everything in Area 0 between the 2 DCs?

On the route manipulation piece, is it possible match certain routes and configure a lower/higher cost to force traffic across a certain path?

ngkin2010 · ‎04-18-2020

Hi,

It's not possible to configure OSPF metric per subnet/route.

But you may make use of the trick of route summarization. (longest match prefix will be choose)

(Configure different area for both Sites; except the ASR)

But this is not a ideal method. You may consider to use BGP which is more flexible for you to control the routing by policy.

NETAD · ‎04-19-2020

I like this design although we might not be able to do it since ckt one is already and and passing traffic so I do they let us make changes to it but say we do go with area 0 on the wan and 1 and at the cores, can we at that point use the area filter command to filter out routes coming out from the ASRs?

now back to first question, in one DC we have a pair of 6509’s Thats eventually getting replaced by 9500’s stack virtual and on the other side it’s 9k’s so does it still make sense for dual homing the ASRs?

ngkin2010 · ‎04-19-2020

Hi,

Yes, you could filter type-3 LSA on ABR. But it may lead to single point of failure. For example, filter applied at ASR1, while ASR2 is down.

When you replacing with pair of C9500 stackwise virtual, you could configure Layer-3 MEC to each ASR. It will have benefit in term of resilience.