Re: how to managing traffic flow over ospf network with two main offic - Page 2

ahmad.rz · ‎01-25-2023

Hi,

Consider a situation where two main offices(core1 and 2) are located at different locations to provide redundancy. Using DMVPN and OSPF, I have a branch connected to multiple hubs, again in separate DC sites. The branch advertises its LAN to OSPF(for example in area10) through HUB and then HUB redistributes received routes to the main core (in area100). Each core now has the same subnet in the same area, which is provided by the hub. In order to change the direction of outgoing traffic to one of the offices (site 1 or 2), I can reduce the OSPF distance number as you know!

Based on the above explanations and the attached scenario image:

1) Serverfarm1 selects HUB1 for sending packets to branch as it has the lowest hop count with the same metric.

2) Serverfarm2 selects HUB1 for sending packets to branch as it has the lowest hop count with the same metric.

Would it be possible to force each core to use another link to send traffic?

For example, traffic generated in serverfarm1 will enter Core1, but I want to force it to use Core2 for outbound traffic.

Be quick and careful!

ahmad.rz · ‎01-27-2023

If traffic is generated from serverfarm1 and enters core 1, thus flow of traffic is:
core1 > hub1 > branch

The only thing I need to do is change the flow by destination and manage it.

Be quick and careful!

rais · ‎01-27-2023

That's fine. ServerFarm1 should use Core1 and Hub1. Core1 is not going to use IntraArea/Core2 route to send traffic out of the area 0 as it's directly attached to area 10 as well.

What about ServerFarm2....that should be hitting Core2 and going to Hub2 ?

ahmad.rz · ‎01-27-2023

Yes, same here.

How can this be resolved? The idea of using BGP with parameters such as prepending and... crossed my mind. But then I would have to change the routing of the network, which has its own risks and problems. If I can handle it with OSPF, it's so much better.

Be quick and careful!

rais · ‎01-27-2023

You can use static route entries to force traffic out the other core.

ahmad.rz · ‎01-27-2023

Branches are over 1k and I can't manage it with static, so I should use a dynamic way.

Be quick and careful!

ahmad.rz · ‎01-30-2023

Any suggestions please?

Be quick and careful!

MHM Cisco World · ‎01-30-2023

sorry I will reply today

thanks

Joseph W. Doherty · ‎01-30-2023

What is it you're really trying to accomplish?

If you're after obtaining the best possible network performance, rather than mucking about manually trying to direct traffic from a particular source to prefer the "statically" better path, you might investigate whether something like Cisco's PfR might be suitable for your goals.

ahmad.rz · ‎01-31-2023

It is impossible to have static routing for over 1k branches.

There are many complexities in the PfR configuration, and I think it is an outdated solution. I believe I can achieve this with OSPF, where I can control traffic dynamically between CORE and HUB. It could be something like a prepend or weight in BGP or changing the metric or ...

Be quick and careful!

Joseph W. Doherty · ‎01-31-2023

Possibly you don't fully understand PfR. It was originally designed for routers connecting to the Internet, i.e. even more than 1k destinations.

Unsure it's all that "outdated", IMO.

Laugh, in any case it was just a suggestion. If you want to use OSPF, alone, I'm not stopping you.

Do let us know how it all works out.

ahmad.rz · ‎01-31-2023

My only objection to your solution was to express my opinion, but I will definitely use it as a potential solution if it proves to work.

Thank you in advance for the time you spent and reply

Be quick and careful!

Joseph W. Doherty · ‎01-31-2023

"My only objection to your solution was to express my opinion . . ."

Ah, but I never offered a solution, I suggested ". . . you might investigate whether something like Cisco's PfR might be suitable for your goals."

Heck, notice I wrote "like Cisco's PfR", i.e. the concept, not necessarily the actual technology or product.

Also, I started my posting with the question: "What is it you're really trying to accomplish?", because it was unclear, to me, whether OSPF was a "must", or are the end-goals a bit broader.

Anyway, you imply you did look at/into PfR, and believe:

It is impossible to have static routing for over 1k branches.
There are many complexities in the PfR configuration
and I think it is an outdated solution

I fully agree with there can be many complexities in the PfR configuration. Unsure how/why your comment on static routing vs. over 1K branches is relevant to PfR. Or, why you believe it's outdated; especially when compared to doing dynamic rerouting with OSPF (somehow).

BTW, in the past, I've actually used PfR, and, it was "magic"; doing things that dynamic routing protocols, like OSPF, could not.

For example, in the case where there is "cloud" congestion, to your site, via one connection, how do you "see" this? What do you do about it? PfR "sees" the congestion, and, assuming there's another path to same site, not as congested, it reroutes flows to the less congested cloud egress.

Laugh, in fact, when I first enabled it, in a production environment, the only "complaint" I got was the network monitoring of possible "cloud" performance issues stopped showing such issues because PfR routed around such problems before they could be detected (or the "what's wrong with the network" phone calls started). (Complexity, yes, we had to figure out how to do network monitoring not "fixed" by PfR and/or analyze PfR logs, why it made a change [so we could hit up our WAN providers for not meeting SLAs, etc.].)

But perhaps I digress too much on PfR itself.

I also agree with you that complexity can be bad, although I'm more against needless complexity, because sometimes complex issues/problems require complex solutions. So, when I read about what you're trying to accomplish using OSPF, I do wonder, if you're too focused on OSPF causing you to not fully consider other approaches.

Lastly, it's your network. If you want to dice and slice OSPF, have at it. I.e. don't let my contrary opinions stop you.

I really did mean "Do let us know how it all works out." because I like to keep aware of novel solutions so I can add them to my bag of tricks.

Paw_Paw · ‎01-31-2023

Can I ask you another question?

Where is Area10 exactly? It is not visible in your picture. But as I understand it is in the branches. If that is correct: where is the connection from Area10 to Area0?

ahmad.rz · ‎01-31-2023

Yes, exactly, and thank you for noticing. Area 10 and 0 don't have direct connection, but there is a connection between area 100 (hub) and area 0 (core) which redistribute the branch network(from area10) to the core.

# branch to hub:
router ospf 10
redistribute connected subnets

# hub to core:
router ospf 100
redistribute ospf 10 subnets

Be quick and careful!

MHM Cisco World · ‎01-31-2023

I success in my lab,
I will share config here after double check the config

but let me before explain issue I see.

using ospf in DMPVN is not recommend and if we use same OSPF process then we will get area not connect to Area0 or if we use area0 then we get Area0 partition.
this can be solve but DMVPN with OSPF and issue with area is nightmare to me.

how to managing traffic flow over ospf network with two main office?