Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1341
Views
0
Helpful
4
Replies

How to failover to other DC using OSPF area ?

Hidayat Khan
Level 1
Level 1

‎08-10-2016 03:40 AM - edited ‎03-05-2019 04:28 AM

Hi Expert,

                I need your help expert opinions. we are building two new DC (Primary & Sec) with DC external boundary network. Diagram attached.

Primary DMZ with layer 3 hope running ospf and facing the provider using BGP and redistribution is happening on this box, furthermore we have ext fw's and again down below layer 3 hop and then LB, down below again layer 3 hop with Int fw's connected and then ends with aggregation layer in Area X and both Area X are the same in the diagram, which is then connected with the Core Layer 3 routers in Area 0.

? If my primary BGP/MPLS links fails, how would the router in the Core knows to divert the traffic to 2nd DC via DC interconnect link ?

? Can I use tracking on the Core router to track the top end ext L3 router if it fails, but then I have L3 ext FW's , L3 DMZ , L3 int and L3 Agg routers, what if any one of them fails ? Can I use track for each of them ie if any L3 fails then traffic should be diverted to 2nd DC ?

? How about the incoming traffic ? Assume that SP started advertising the BGP routes after failure ie inbound traffic via 2nd DC WAN link, coming all the way to Core L3 router but then it needs to send it to the primary DC via DC interconnect ?

? Any other area to be looked at to avoid any asymmetrical routing issue  ? 

Your help will be appreciated

Rgds

Labels:
Preview file
84 KB
0 Helpful
4 Replies 4

Sam Byers
Level 1
Level 1

‎08-10-2016 08:27 AM

Nice diagram!

Quick answers:

  1. That's how the routing protocols work. If OSPF knows of multiple ways to get to a network via your BGP->OSPF redistribution, when one goes down all routers will now router to the only other possible path.
  2. Why do you need tracking if every device is participating in the routing domain? There's built-in info sharing and tracking w/ BGP and OSPF.
  3. For incoming, you probably want to have the secondary site attach a community or prepend the AS to slightly devalue the networks. Check w/ your MPLS provider to see if they have a community to use for that or just prepend your AS a couple of times to make the as-path longer. If you every go active-active, you can just rely on the providers RR's to handle best path.
  4. I wouldn't mutually redistribute on both sides between OSPF<->BGP. I would redistribute from BGP->OSPF and either use summaries or manual configuration of BGP out to the MPLS cloud. Mutual redistribution causes weirdness and you have to start using tags to eliminate loops (micro or otherwise).
0 Helpful

Hidayat Khan
Level 1
Level 1
In response to Sam Byers

‎08-11-2016 01:22 AM

Thanks Sam for your quick response.

1. that means that i need to increase the OSPF link in the core connecting  to other DC ? Also I can put a transit link on my top boundary router ie if the primary MPLS link goes down then the traffic will be diverted to the 2nd DC via transit link ?

2. Why do you need tracking if every device is participating in the routing domain? There's built-in info sharing and tracking w/ BGP and OSPF. (Can you elaborate a bit more please ) ?

3) For incoming, you probably want to have the secondary site attach a community or prepend the AS to slightly devalue the networks. Check w/ your MPLS provider to see if they have a community to use for that or just prepend your AS a couple of times to make the as-path longer. If you every go active-active, you can just rely on the providers RR's to handle best path.(Agree with you :)

4. why wouldn't you want mutual redistribution as traffic will be flowing both ways ? We can use route-maps and tag the traffic in both DC's and not to permit the traffic to avoid the loops. Are you agree with me ?

0 Helpful

Sam Byers
Level 1
Level 1
In response to Hidayat Khan

‎08-11-2016 08:28 PM

NP Hidayat!

  1. For my understanding: you want to use the DCI link as a backup path to MPLS if one side can't reach it?
  2. I'm assuming all devices in the OSPF Area X areas are participating in OSPF? What do you need to track? If a route -or all routes- stop being available via L3 Ext router on one side, OSPF will converge and find those routes via the DCI out the other DC.
  3. At least I got one! :)
  4. This is mostly personal preference, but I just don't like mutual redistribution at more than 1 point. It makes integrating w/ other networks harder later, using tags is fine but it doesn't keep it simple. Also, when redistributing from OSPF->BGP, if someone accidentally adds a ton of networks your MPLS provider will shutdown your peering (usually set for 1000 routes). That is a traumatic experience I've witnessed folks do to themselves before.
0 Helpful

Hidayat Khan
Level 1
Level 1
In response to Sam Byers

‎08-17-2016 01:12 AM

1. Yes, or the transit link in case of only MPLS WAN is down, if the whole Primary DC is down then yes .. DCI Interconnect link will be used.

2. Yes, No need to use tracking, if my Core router delete the primary route from its routing table, then it will eventually use the backup route.

3. :)

4. Reason to do the mutual redis is that I want both sites be similar ie route the traffic in similar fashion. The other solution I am proposing is to use BGP in both DC's ie iBGP and use eBGP between our router and provider router ? If you can comment on this solution ?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card