Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

OSPF and VRRP

Surbjeet
Occasional Contributor

OSPF and VRRP

i am designing a network for almost 3000 nodes (including Data, Voice, IPTV etc.). I have divided full network into two layer 2 networks running their own VRRP at the core.

To understand it more thoroughly, let assume there are two independent layer 2 networks running 5400zl at the core with VRRP configured. Now we want to connect these network together through OSPF.

How can we achieve it?

Users at one network need to access the Servers on the other network.

see the attached network diagram.....
Universal Brotherhood
2 REPLIES
Jeff Carrell
Honored Contributor

Re: OSPF and VRRP

a way:

config each 5400<-->5400 link as a separate OSPF network, totally separate networks from each other and from existing...in order to not have any L2 loops and spanning tree has to get involved...

set cost between the diagonal links to be something larger in number than 1 (like set them to 10) so they become the secondary paths, not primary as the verticals will be...

base commands:

(config) router ospf
(config) area 0
(vlanx) ip ospf ;if area not specified, system will use area 0 by default
(vlanx) ip ospf cost 10

vlanx = the new vlans and the existing vlans...

see the section in the manual for the rest of the ospf commands:
http://cdn.procurve.com/training/Manuals/3500-5400-6200-8200-MRG-Jan08-5-IP-Routing.pdf

hth...jeff
André Beck
Honored Contributor

Re: OSPF and VRRP

Hi,

incidentally I did something similar just some days ago. Jeff already mentioned the basic idea: Create four individual transit networks, make sure they are ALL active at the same time and put them into the backbone area.

What's making this a little complicated is the lack of certain features on the ProCurve boxes. First and foremost, the boxes still lack routed interfaces. Thus you have to work around that with VLANs:

1) Create four new VLANs
2) Map each of your four links to exactly one VLAN
3) Put the ports on each end Untagged onto the assigned VLAN (and only that VLAN)
4) Assign /30 IP transit networks to the VLANs
5) Configure the VLAN switch virtual interfaces at each end with the corresponding transit network IPs
6) Configure the ports to ignore STP using BPDU filters (and be sure you KNOW the implications of this configuration)
7) Connect the Links and check whether you can ping the connected peer IPs within the transit networks and whether the STP topology stays sane (you still have two individual STP clouds, and no loops at the interconnects)
8) If this all works, enter the transit VLAN SVIs into the OSPF backbone area and watch the routing tables unfold.

VRRP is mostly irrelevant to this. If you don't already have OSPF configured, I'd add some best practice stuff:

* Assign the access networks to dedicated areas (e.g. 1 and 2), and depending on the number of VLANs you have in each distribution unit (and whether your IP scheme allows for it), configure to aggregate them towards the backbone. The access networks could stay passive interfaces in OSPF (unless you plan to place OSPF routers there).

* If you really don't want the access networks internal to OSPF, plan and configure your redistribution (redistribute connected).

* Configure your redistribution of static routes at the ASBRs when necessary. For instance, you might want to redistribute your static default route from the switch that leads to your internet access building block.

* Create loopback interfaces on all the switches that talk OSPF and bind the router ID to that loopback.

* Use OSPF MD5 auth keychains at least in the access networks, but best use them everywhere (different keys per area).

BTW, what you plan is essentially a collapsed core with two distribution islands. It will work, but an even better way to do this (especially if you plan to add more distribution islands later) is to put a pair of dedicated core routers in the middle and connect each distribution switch pair to this core pair the same way as described above. This allows you to separate the tasks even better, with the core beeing "just route as fast as possible" while the distribution will implement policy (ACLs, QoS etc).

BTW^2, you will need the "Advanced Routing" licenses on your 5400zl for all this, but IIRC you will already have them as they are precondition to use VRRP.

And be sure to run 13.x, the ECMP was finally fixed there to resemble what you would expect from any decent OSPF router.

HTH,
Andre.