Orhan Ergun 25 Comments

OSPF and MPLS is most commonly used two technologies in an MPLS VPN environment.

In this post I will share a mini design scenario with you and ask couple questions about the fictitious company architecture.

When you attend to my CCDE class,we will work on tens of scenarios similar to this.

I published last week my first mini design scenario about MPLS VPN and DMVPN, and I am thinking to publish every Thursday a new one.

You can read last week design scenario from here. 

ospf topology

In the topology above Company A has a core ring topology between R1 through R8.

There is a huge direct traffic between R3 and R4 core routers thus network engineers decide to connect them directly and turn the topology to partial mesh.

There is no east-west traffic between R9 – R10 edge routers and almost all traffic is north-south.

Company A sends only default route from the core to the edge routers. They know that this might cause suboptimal traffic pattern but it is not an issue for the applications of Company A.

Company wanted to create a Multiple Area since the edge routes such as R9 and R10 and the other routers which are not included in the topology has a resource (CPU/Memory) concern.

Company A network engineers knows that flapping links , even adding a loopback interface on any router would trigger a full SPF run on the poor edge routers.

For the simplicity other routers which are connected to the ring is not shown.

CompanyA network engineer has some question to orhanergun.net readers.

 

Question 1 : Is it good idea to separate Core routers in two Areas (Area 0 and Area 10)

Update:

No. Company already has small amount of core routers, and even if the company had thousand of core routers, you can have them all in one area.

Using prefix suppression feature, infrastructure links can be removed from Router LSA, so they only have loopback addresses of each other.

Question 2 : Which area should R2-R4 and R3-R4 links should be placed in, Why ?

Update :

In order to prevent sub optimal routing, enabling OSPF Multi Area Adjaceny is better. Also if you would put both links in non-backbone area, R4 no longer wouldn’t be an ABR.

Question 3 : Should I have a direct link between R9 and R10  ?

Update:

No. In the background information section, we are told that between those routers, there is no traffic,so the traffic pattern is north-south.

Although in the topology is not shown,company has many edge routers as it is stated in the background informations, having a direct link would just increase the LSA database of poor routers,it would make troubleshooting harder as well.

Network Manager of Company A thanks to you and send an email to you, here it is:

Hi,

We want to have a BGP free core design. On all our core routers we have BGP running.

In this stage, We don’t want to have BGP Route Reflector since we want to have path visibility.

Question 4 : What would you suggest for Company A’s BGP solution?

I would suggest them to enable MPLS. In this stage in real exam you might be asked whether you need additional information.

If company wants to have scalable VPN solution, then having an MPLS provides them to have mpls vpn.

If they enable MPLS on the network, Core devices don’t have to run BGP.

You can’t use single area/Flat IGP in this network since in the requirements, you are told that edge devices have resource problem,so you need to create boundary and put the edges in different areas to protect them.

Question 5 : Would your solution work with the all above requirements ?

Update : 

No. In the background information sections, you are told that Company A sends only default route towards an Edge routers.

If you run MPLS, unless you enable RFC 5283 or have  Seamless MPLS design, you need to have /32 addresses of loopback interfaces of edge devices in non-backbone area. If you receive only default route, you need to leak loopback addresses from Core to Edge in IGP.

 

Last week there was excellent answers and I updated the post with my answers.

By the way should I put more or less question ? Any idea ?

Let’s discuss your answers in the comment box below. 

 
0.00 avg. rating (0% score) - 0 votes
  • Sherif

    Q1- No
    Q2-
    R3-R4 AREA0: This’s to force north-south traffic to go over this shortest link (intra-area)
    R2-R4 AREA20: In case of R2-10 or R4-9 failure, This link can be used as it’ll be preferred cause it’s intra. By this way, we keep north->south traffic using R1-2/R3-4 links.

    Q3- No:
    Q4- Configure iBGP on all edge router as full mesh
    Q5-iBGP sessions on R9/10 will not come up using only default route as it can’t initiate BGP sessions but they can be configured as a client

    • Thanks Sherif, In order to give some time to other readers, as you know next week I will update the post with my answer. Btw Congrats for being a first commenter to this post.
      Do you think 5 Question is too much , or less or enough ?

      • Sherif

        Actually no of questions is good…the good thing is the relation between questions so to answer all but also to make sure all requirements will work at the end

        • @Sherif I try make the format as close as possible to the real exam.

          • Sherif

            Thanks a million…this will help me a lot :

          • stephen

            Q4 , when you say remove BGP and run MPLS ,
            what type of MPLS do you recommend ? , just LDP ?, Full PE mesh?, LISP, VPNv4.

            i often read the answer as “run MPLS” to questions like this , but i dont always see that MPLS is the right answer.

            For example , to me , running MPLS means some sort of taging.
            This usually means either tunneled LDP or native LDP.

            Just running LDP wont fix anything or even help , you still “need” something to advertise ip prefixes across the network.

            someone mentioned LDP+OSPF , which sounds reasonable,
            but looking at this core , and taking into account they only want a BGP-Free core, what benefit will MPLS bring ?

            what extra features/requirements have i missed that require MPLS?

            wouldnt just basic OSPF work in this instance?

            i am confused and would appreciate all answers

            many thanks

          • Hi Stephen. MPLS mean here a Label. If you want hierarchy you add more label into a stack.
            If you want to avoid hop by hop destination based lookup just one label is enough, so ingress node makes destination based lookup,find the next hop and for that next hop if there is label, it checks LFIB and PUSH the label, intermediate devices just do SWAP and if the egress signals Implicit NULL, next to last hop do the PHP.

            It doesn’t have to be LDP, it could be RSVP and in theory even BGP.

            But here, there is no Traffic Engineering requirement. In the requirements there is no VPN as well. So I would just use LDP for tagging, they already have Multiarea OSPF so you will continue to use IGP.
            Only PEs will run BGP. IPv4 BGP session will be setup.

            BGP next hop will be learn from IGP. IGP binds a label for the GP next hop. Everything as usual.

            You ask ” Wouldn’t just basic OSPF work in this instance ”
            No it wouldn’t. BGP is scalable, IGP is not as BGP, you know this right ?
            Now the problem, if BGP carries full Internet table ( more than 520k ) then IGP couldn’t carry this. I didn’t give specifically their Internet topology but you can assume this.

            Here label allow you to create an hierarchy, so intermediate devices try to reach to BGP next hop IP address rather than Internet routes.

            If topology would be given and say they just get default or partial route, you want to have BGP Free core, you would redistribute BGP into IGP under control, and it could work.

          • Sherif

            When will u update the post with correct answers?

          • After couple hours Sherif.
            Take a look at BGP Design Quiz. First time today I tried, let me know what do you think about it as well please

  • Nizami

    1. If the key is here to avoid further traffic on R3-R4 link, then i would say “Yes” here.
    2. R2-R4 = area 0 ; R3-R4 – area 10. This will force traffic to not use already overloaded R3-R4 link and will utilize R1-R2; R2-R4 links.
    3. No since no east-west traffic is needed
    4. Use Confederations
    5. Yes

    • Thanks Nizami, As I have seen you are one of the usual suspect. I was waiting your answer definitely and allow me to update it next week.

  • Q 1 : Is it good idea to separate Core routers in two Areas (Area 0 and Area 10)
    No,

    Q2 : Which area should R2-R4 and R3-R4 links should be placed in, Why ?
    R2-R4 => two sub-interfaces with area 0 and area 20 to avoid sub-optimal routing
    R3-R4 => area 0 to force north-south traffic to go over this link

    Q 3 : Should I have a direct link between R9 and R10 ?
    No,

    Q 4 : What would you suggest for Company A’s BGP solution?
    full mesh for “we want to have path visibility”

    Q 5 : Would your solution work with the all above requirements ?
    Yes

    • Thanks Daniel make sure you check last week scenario’s update. With the assumptions your answers was right, but if it is Cisco (Weight)

      • Yes, I missed to specify only for Cisco, for the Weight

  • Najib

    #########################################################################################################
    Question 1 : Is it good idea to separate Core routers in two Areas (Area 0 and Area 10)

    No, it doesn’t because suboptimal routing I will explain at question 2.

    and there is no need to separate topology complexity.
    and

    Question 2 : Which area should R2-R4 and R3-R4 links should be placed in, Why ?

    R2 and R4 are ABR, R1 and R3 are in area 0.
    R9 y R10 are in area 20.

    supossing we place the link r2-r4 in area 0, so we have
    inter-area route between r4 and r2 to reach networks belonging area 10.

    intra-area route trought router r9 then r4.

    because ospf state machine intra area routes are preferred
    over inter area routes, so R2 choose the path through routers
    r9,r4. so it is suboptimal routing.

    placing the link in area 20 presents the same problem,so

    the solution is place the link in area 0 and configure some static routes
    pointing R2 and R4.

    ———————————-

    the same answer applies for the link r3 and r4.

    Question 3 : Should I have a direct link between R9 and R10 ?

    No, because in a full mesh topology will be repetition of
    flooding LSA updates,and DR couldn’t be elected (there is no full visibility of the mesh)

    Question 4 : What would you suggest for Company A’s BGP solution?

    Thus, the core routers in the service provider network no longer need to run BGP, only the edge routers do.

    if you deploy MPLS tunneling in the network, Proposed LISP-MPS Architecture :
    To avoid the introduction of new network equipment, we exploit the iBGP implementation in edge routers and Route
    and Route Reflectors (RRs) for the distribution of mapping information.
    BGP Route Reflection are alternative to Full Mesh IBGP.

    in my previous answer I reply routers in area 10 must be placed in are 0.
    R3 -R4 , r7-r8 will be the PE routers running MP-BGP.

    Question 5 : Would your solution work with the all above requirements ?

    No , the problem comes with RR (no full path visibility) we cannot use MPLS L3VPN according customer requirement.
    so I would suggest overlay routing over MPLS VPNs running igp directly btw them (ce routers),and through the MPLS cloud.
    some sort of L2 circuit technology.

    ############################################################################################

  • Roy Lexmond

    question 1:
    No this will only add complexity, and possibly create suboptimal routing.

    Question 2:
    Both links need to be in area 0, to prevent suboptimal routing and SPOF’s.

    Question 3:
    No I don’t see a requirements that edge routers need to be connected to each other with somekind of backdoor link. WIll only add complexity, more resources to calculate SPF changes (requirements cpumemeory) and to much redundancy 🙂

    Question 4:
    bgp free core all the routers 1-8 are core routers so these routers will not run BGP. My answer is to run full-mesh between CE routers not very scalable but if you require optimal routing without tweaking the Route-reflectors to allow additional paths this is ok.

    Question 5:
    Requirements like sub-optimal routing are accepted by the customer from edge router to edge router.
    They are only worried that traffic will still prefer the direct link between R3 and R4 for example with default values R9 and R10 will route to R4 to get to R3. If this is not the case you need to adjust the metric on R3-R4 link to a lower cost compared to the link between R1-R2.

    That’s it I am used to reading over requirements so suprise me 🙂

    Thanks for the effort your putting into your mini scenario’s it’s a nice training.

  • Roy Lexmond

    Orhan,

    Forgot something I think the current amount of qeustions is good enough in my opinion.

    Cheers
    Roy

  • Philippe

    Hello Orhan,

    First, thanks for those excellent questions.

    Now my answers :
    1 – No, this reduce agility of the core. You will not be able to extend easily the partial mesh between area 0 and area 10 and you break well-understood features like cost-based metrics.
    2 – R4 needs at least one active adjacency with area 0. For resiliency puprposes two is a good idea. Then both links should belongs to area 0. Other option is to use 2 VLANs between R3-R4 and put each VLAN into both areas.

    3 – No, you wrote there is no traffic between both routers and you already have resiliency. Seems to easy, is it a trap ?

    4 – Use RR and build the L3VPN on RT instead of RD (a uniq RD per PE per VRF and stitch the VRFs using the RT). This will keep the path visibilty.

    5 – No. You need /32 address to create MPLS tunnels between the PEs. In addition to the default route, you have to leak all PE loopbacks.

    6 – This 5 questions scenario is perfect for a break…

    • @Philippe This is your first comment i think. Welcome to the site and hope we will see your comments anymore.
      As I understand from the other commenters also questions are good enough, maybe scenarios can get little bit longer to explain some concepts as well. Your answers are very good btw. I will update the post with my answers next Tuesday in addition to new scenario.

    • Sherif

      Regarding the resiliency, ABR is the router that has one interface in AREA0 and doesn’t have to have up neighbor on it (like loopback0)
      So if loopback0 is already configured in AREA0, we should be good

  • Pingback: CCDE Training - Network Design and Architecture()

  • driss jabbar

    Question 1 : Is it good idea to separate Core routers in two Areas (Area 0 and Area 10)
    No

    Question 2 : Which area should R2-R4 and R3-R4 links should be placed in, Why ?
    A: R2-R4 link should be in area 0 because if R9 and R10 looses the link to R4 they will chooses suboptimal routing to reach area 0 and the second reason is there is no need for east west trafic.
    R3-R4 link should also be in area 0, if not the area 0 will have a poor desing and susceptible to be partitionned.
    Question 3 : Should I have a direct link between R9 and R10 ?
    no need as there is no east west trafic

    Question 4 : What would you suggest for Company A’s BGP solution?
    full mesh bgp
    Question 4 : What would you suggest for Company A’s BGP solution?
    yes

  • Question 1 : Is it good idea to separate Core routers in two Areas (Area 0 and Area 10)

    Ans – You shouldn’t be unless you have really good reason or business requirements. While creating area may solve the purpose of route aggregation & topology information hiding, the trade off will be less visibility of routing information that can cause sub-optimal routing (though they don’t mind that here). So deciding factors would be size of network and hardware capabilities of platforms used in Core in terms of Memory and CPU.

    Question 2 : Which area should R2-R4 and R3-R4 links should be placed in, Why ?

    Ans – Well putting it in either area will cause sub-optimal routing for other. So either we can use subinterfaces to solve this problem or if platforms supports we can put single interface into multiple areas like IOS XR devices.

    Question 3 : Should I have a direct link between R9 and R10 ?

    Ans – Same situation as mentioned in Question – 2, also since most of traffic is North-South so perhaps not a good idea to get new link between R9-R10

    Network Manager of Company A thanks to you and send an email to you, here it is:

    Hi,

    We want to have a BGP free core design. On all our core routers we have BGP running.

    In this stage, We don’t want to have BGP Route Reflector since we want to have path visibility.

    Question 4 : What would you suggest for Company A’s BGP solution?

    Ans – Use Single area OSPF design with LDP

    Question 5 : Would your solution work with the all above requirements ?

    Ans – I guess so 🙂

    • First time I see your comment. Hope to see you more and welcome 🙂

  • Post is updated with my comments.