I'm building out a new branch office network for a site. The central office has a 7200 router with two 2-port DS3 line cards. There are ~100 branches, each with a 1721 and a T1 carved out of the ds3's.
There are currently no routing protocols implemented at the main site, but they are using nortel gear for other stuff, so i'm thinking OSPF is the right way to go.
At this point i'm just looking for any recommendations, gotchas or references to design guides that would help me out. For example, is there any advantage to implementing multiple areas, best way to integrate with branch office routing (which may be managed by third party), NAT considerations, etc.
Here's the Cisco URL to the OSPF design guide:
If you don't have a stable network and/or your remote office routers are doing a lot of (like NAT, VPN) already , you might want to break up the routers into multiple areas. Generally, Cisco recommends no more than 50 routers in an OSPF area (depending on various things).
If it were me, I'd put the CO in area 0. Then try and come up with logical groupings for the remote sites, things like IP subnet range proximity at each site (which would be useful in summarizing). For example if you have several sites that have IP subnet ranges like 192.168.1.0, 192.168.2.0, etc. and another group of sites that have IP subnet ranges like 172.16.1.0, 172.16.2.0, etc. you could make two areas and summarize the networks at the ABR of each area. This would keep the topology table fairly manageble on each router and ease troubleshooting.
I would also use OSPF authentication since you may not have entire adminstrative control over the network (you mentioned third parties).
Putting the CO in area 0, then using an area per site, is probably the best way to go. And you should definitely consider OSPF MD5, so these are all good suggestions.
But Cisco doesn't recommend 50 routers per area any longer (though there is some old documentation on CCO that states this, and other places). Instead, you should judeg the number of routers in an area depending on the amount of change in the area, the types of routers (processing power and memory), and other factors. There's no real good "rule of thumb," but we have areas of 100's of routers running fine.
Thanks both of you for your suggestions (and the link to the OSPF design guide).
Russ, i'm curious about the rationale for one area per site...in this particular circumstance, the only instability in the network would be due to T1 failures...no routes at the remote site will be redistributed into this network.
This is probably an OSPF 101 question, but how should the point to point network addresses relate to the different areas, or does it matter?
Primarily for summarization.... Of course, if there are so few routes in any given site that you won't be summarizing but a couple of routes, then you could consider more than one site in each area. It's all going to depend on how big the sites are.
I would always try to put the T1's into the same address space as the remote sites, if possible, so they can be summarized into that address space as things get bigger. If the T1's are where you expect most of your instability, then I'd definitely push them into the areas with the remote sites, no matter how you address them.
If the agg router is the ABR, then when the t1 fails, only a couple of leaf nodes on the SPF tree (type 3 LSAs) are going to change at the core. This can greatly reduce the amount of processing the core routers have to do, so it's better to get the links that are less stable out of area 0.
If you implement incremental SPF in the core at some point:
Then this seperation provides even more benefits.