Re: Loadsharing using OSPF through Tunnels

vmolinaro · ‎05-22-2005

Hi all,

I'm setting up a WAN using IPSEc (for user traffic) and GRE tunnels (for OSPF) over the internet between two sites for disaster recovery backup/restore. Due to the large volume of traffic (TeraBytes) the customer requires multiple physical links between each site. Each physical link will have a PIX on each end to terminate the IPSEC and GRE tunnel and filter all traffic, i.e. total of 3 physical links means 6 PIXes. I won't be running any dynamic routing protocol on the PIXes, and instead will have 2 mid-end routers (3600 series) at each site for this purpose. The routers will sandwidch the PIXes in a traditional firewall loadbalance sandwich type config. The idea is to run OSPF on the routers and pass OSPF route info through the PIXes (GRE tunnels) and have the routers loadshare across the WAN links using equal path load sharing and CEF per-destination option. CEF, configured with per destination, will ensure all packets for a particular sessions flow through the same path and avoid out of sequence packets at the receiver end.

In addition to the load sharing capability, this solution using OSPF also provides route redundancy which is another important customer requirement.

The basic question is..... Will this work?

Any advice/recommendation will be very welcome.

smahbub · ‎05-27-2005

Is this the topology you are talking about?

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800a43f6.shtml

vmolinaro · ‎05-27-2005

Thanks for the reply.

Yes this is the general topology. However, between the routers consider the scenario with mulitple PIX pairs across the Internet creating equal cost OSPF paths between both sites.

I would like to load-share across these paths using OSPF ECMP and by enabling the CEF per-destination algorithm. Would this work?