Monday, September 6, 2021

OSPF design for Branch Office / Datacentre connectivity

Although I'm pretty clued in to the workings of OSPF - I'm looking for some advice on a new OSPF implementation.

Details :

6 datacentres

20 Office locations

Connectivity is all via ipsec tunnels over the internet - via Cisco ISR 4000 routers.

Typical current office connectivity is via 2 ipsec tunnels each on 2 routers each with their own isp - to the 2 'nearest' Datacentres.

Current WAN routing is all static * - ( An office router has 2 ipsec tunnels to 2 diferent datacentres and uses floating static routes for redundancy )

An office core switch has a static route to the 2 office routers HSRP ip address

The ip design is such that the second octet represents an Office or DC ( eg DC1 = 10.1.0.0 /16, DC2 = 10.2.0.0 /16, Office1 = 10.10.0.0 /16, Office2 = 10.11.0.0 /16 etc

I'm not too worried about DR / BDR election - i believe i can implement that via OSPF priority.

I guess the main question is area design - will area 0 suffice for router tunnel interfaces - maybe each office internal network could be its own (stub ) area ???

Most likely i'll be using ospf cost on a router that has 2 tunnels to the same DC - to prefer the routes received on one of the tunnels.

Router count = approx 50 - there will be growth but i wouldn't expect to reach 100 anytime soon.

( Current routing is all static * = not quite true. I notice one office has its own OSPF area 0 within itself i.e between router and core switch - mostly likely will need reconfiguring ! )

We do host customer services at our datacentres - customers connect via ipsec tunnels to our Firewall devices - this new OSPF implementation is solely for our office branch connectivity to DC routers.

Any advice much appreciated.



No comments:

Post a Comment