Hello everyone. Longtime reader first-time poster. I need some help understanding certain things about OSPF and converting existing L2 network to OSPF (at least partially at first). Everything below is based on using Cisco equipment and commands.
I have two buildings connected to each other with single-mode fiber (4 strands).
One building is running a 4500X and other newer Cat9500. They are spanning VLANs to each other via port-channel. Right now the plan is to gradually migrate specific VLANs over to the Cat9500 and add some new ones that don't exist on the 4500x side.
Then to connect the two sites via a single OSPF area and let the SVIs in each building do inter-VLAN routing. When they need to access a different VLAN/Network that is at the other building, they will use OSPF. The goal is to end up with the only L3 between sites.
All SVIs are on the 4500x, its the core of a small network. I want to move two VLANs over two the cat9500 and remove them entirely from the 4500x. Right now all the VLANs that need to move to 9500 exist at both locations. There are some devices already using those VLANs at both locations (we will be removing vlans as we move devices off them at one location).
Since we still have devices that span both buildings I want to first migrate the SVIs out to cat9500. I cannot use one of the fiber pairs for a new L3 interface, and I cannot break the existing PO between building. I plan to create a transport VLAN on the PO for OSPF between the 4500x and the cat9500 to connect them via SVI. I understand the concepts, and I am pretty sure about the configs.
My first goal is to connect a network that only exists on the cat9500 to the 4500x via L3. It has SVI setup with HSRP working without issue on the cat9500.
My concern is first if I enable OSPF on both sides will that somehow interfere with the existing inter-VLAN routing going on between all the SVIs on the 4500x?
Also like most people, I have a static route on the 4500x (where all the svi live) pointing to a firewall for the internet and DMZ. The DMZ gateways exist on the firewall interface.
If I enable OSPF will I have to add the default-information originate, so the existing inter-VLAN routing doesn't get messed when it tries to get internet? Or does that only effect routing going through the OSPF, not the existing SVIs.
This is a small network, so I will be enabling OSPF on an interface basis using IP ospf process-id area area-id on each SVI and a loopback, I will also be running all interfaces as passive by default. The only networks that have OSPF are the two SVIs (for now).
Will the OSPF automatically learn the networks and SVIs that already exist on the switches without my specifying? If I add new VLANs and new SVIs do they automatically become known by each side?
Also since the DMZ network has a VLAN provisioned, but the gateways exist on the firewalls I assume OSPF will have no knowledge of the networks without either the firewall joining the OSPF OR simply having the static route catch it. In those cases, I assume I use the same default-information originate for those DMZ subnets?
The end game plan is once all the VLANs are moved over, and everything is L3, to also enable internet access at the cat9500 building. So each building has its own internet connection.
I was planning on putting a static route at each building core (one at 4500x and one at cat9500) pointing the firewall there at each site. Hoping OSPF will ignore the other static route due to cost distance, and use the other if its down.
I hope this made sense without a drawing and thank you very much for answering.
No comments:
Post a Comment