Design and Analysis of enterprise core network-Case Study of migrating from OSPF to BGP core network

650) this. length = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/0500051Z4-0.png "title =" Enterprise Core Design(OSPF).png "width =" 700 "height =" 446 "border =" 0 "hspace =" 0 "vspace =" 0 "style = ""width: 700px; height: 446px; "/>

1. Description of the current network environment

① Run igp ospf across the network to achieve full network access and Regional Division

② Enable the loop port x. x/32 on the vro at the core layer and enter OSPF Area 0.

③ Establish fully interconnected PVC through remote site Frame Relay

④ All the devices in the original network have 23 routes for direct connection + OSPF)

⑤ Migrating from the current network environment to the core architecture of Internal/External BGP

2. Pre-migration analysis

2.1 differences between OSPF and OSPF

① The biggest difference between network-wide OSPF and OSPF is that even if the OSPF route in the route table is replaced by OSPF, the spread of ospf lsa will not be affected. In this network environment, it is not mandatory to modify the AD value of BGP.

② If OSPF uses passive-interface to interrupt the neighbor relationship, it does not trigger sending Goodbymessage as it is in the case of OSPF, and its neighbor relationship will not be interrupted until the neighbor relationship times out.

③ Before splitting the IGP domain, devices in the region are still required to be able to reach the external network of the region. If the default route is sent by OSPF, the routes outside the region are spread to the entire OSPF domain.

④ Remote sites cannot achieve mutual backup of IGP routes by disabling horizontal segmentation as in the case of VPN.

2.2 Main Problems and Solutions

1) Unilateral interruption of the neighbor relationship

① This is the same as when deploying VPN. before splitting the IGP domain, make sure that the vrouters in each region have default routes to reach the external region. The VBR and the core layer router provide accessibility through BGP.

② When a unilateral neighbor relationship is interrupted, the inbound and outbound traffic may depend on different protocols, such as OSPF and BGP.

2) The default route affects the entire network.

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/05000522P-1.png "title =" Unnamed image .png "/>

① If the number of routers in the region is small, you can consider using static default routes.

② If the default route generated by the border router in a region inevitably affects other regions, you must ensure that the default route of BGPCore and the border router in each region is BGP by default and cannot be replaced by OSPF, even if devices in the same region learn unnecessary default routes, they must use the regional border router to route the routes out of the region. Therefore, as long as the default route directions of the Regional Border Router and BGP Core are not changed, the accessibility of different regions and the accessibility of external networks can still be ensured.

The specific method is to configure a bgp ad value smaller than the OSPF route.

Of course, this will cause the BGP Route to completely replace the OSPF route, but this will not cause direct problems in the OSPF environment.

Note:

Before splitting the IGP domain, make sure that the default IGP route is published and learned correctly for the VBR in all regions. Otherwise, network interruption may occur when splitting the IGP domain.

For example, although the default OSPF route published by R1 is learned by R15, R15 cannot obtain the default route when R1 and R2 interrupt the OSPF neighbor relationship, while R15 does not enable BGP, therefore, the Location A network is inaccessible in R15.

3) remote site hubs cannot back up IGP

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/0500051024-2.png "title =" Unnamed image .png "/>

① NBMA Network

Due to the presence of DR and BDR campaigns, the routing validity requirements in the NBMA network are both effective LSA-1 and LSA-2

If R1 is DR and R3 is DR-Other, the OSPF connection between R1 and R3 will be disconnected if the PVC between R1 and R3 is interrupted, this causes R3 to be removed from the attached router of the LSA-2 published by R1. Therefore, in the opinion of R2 and R4, the LSA of R3 is invalid.

It can be seen that the original network design cannot provide better fault tolerance. During network transformation, we recommend that you rebuild the OSPF connection mode of the remote site to prevent route interruption caused by PVC interruption.

② P2MP Network

At this time, there is no DR or BDR campaign and there is no need to modify the original IP address plan. When a PVC fails, the route will not expire.

For example, when the PVC between R1 and R3 fails, the R3 route can be advertised through R2 and R4. In this case, the logical network topology of R1 is as follows:

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/0500054191-3.png "title =" Unnamed image .png "/>

P2MP can effectively solve the routing interruption problem caused by PVC faults, but it also brings complexity and redundant routing.

Smooth transition:

Because the OSPF network type needs to be modified to inevitably interrupt the adjacent relationship, the routing will also face a short interruption. If there is a high requirement on the non-Interconnectivity of network services, we recommend that you replace OSPF at the routing layer by using OSPF. After OSPF converges, the OSPF process is cleared.

3. Migration steps

3.1 establish BGP peer relationships

1) Multiple vrouters at the border of the region establish an iBGP peer relationship

① In the above topology, it refers to R1 and R2, R7 and R8, R3 and R11

② First run the BGP process and configure its BGP Router-ID

③ Establish a peering relationship with its direct physical interface as the source

2) The core layer router establishes a fully interconnected iBGP peer relationship

① In the above topology, the core layer router refers to R4, R5, R6, R10

② First run the BGP process and configure its BGP Router-ID

③ Establish a peer-to-peer relationship with the loopback as the source neighbor ring loopback address, and configure the update source address as the loopback address)

3) Establish an eBGP peer relationship between each region and the directly connected device at the core layer.

① Pay attention to the several eBGP peer relationships in each DMZ to be established

② Directly specify the physical interface directly connected to the remote device as the Peer address

③ EBGP peer relationships are not established between different regions

4) Verification

Check whether the number of BGP sessions of each device is correct and whether the specified peer address is correct.

3.2 preparations before route Injection

1) next-hop-self

All iBGP peers are used to enable the next hop of the BGP advertised route

2) bestpath compare-routerid

Ensure that BGP Route Selection is predictable

3) metric-type internal

When multiple devices in the core layer connect to the same region, the MED value should be included in the route update sent by the core layer to reflect the network topology of the core layer.

The value of MED is the next hop IGP metric of the route advertised by the core layer device.

4) BGP AD

In order to ensure that the default routes of each core layer device and Regional Border device do not change when OSPF default routes are released later, the bgp ad values iBGP and eBGP must be modified) smaller than OSPF

3.3 BGP Route Injection

1) The default BGP Route is issued at the egress of the enterprise network.

① R12 and R13 only release BGP default routes for their directly connected core layer routers R4 and R10

② Check BGP default route learning, next hop, and BGP default AD values in the routing table

2) the VBR in each region declares the region route

Through BGP, the Regional Border Router only declares the required route information.

3.4 split the IGP domain

1) The Enterprise Network egress device prevents default routing from being reinjected.

In the current network environment, R12 and R13 do not have default routes locally, but are issued to eBGP Peer through the neighbor command. Therefore, the default OSPF routes will enter the route tables R12 and R13.

Here, we can use the following solutions:

① Disable the OSPF process on R12 and R13

Or

② Use distribute-list to prevent default routes from entering the route table

Or

③ Write static routes to the Internet to prevent replacement by OSPF

2) The border routers in various regions issue OSPF default routes

In this network environment, R1, R2, R3, R11, R7, R8, and R9 are regional border routers. The default-informationoriginate command in the OSPF process generates the default route

Because the VBR in each region learned the default route from R12 and R13 through BGP, it is not mandatory to add the always keyword.

3) Verify the default route

At this time, there should be one or more default OSPF OE2 routes in the routers R14, R15, R16, and R17 in each region, pointing to the VBR in each region

The routing table on the vbrs and vrouters in each region is still the default BGP Route. The default direction is to the CEN egress or vro at the core layer.

4) use passive-interface to interrupt OSPF connections between regions

The OSPF neighbor relationship is interrupted one by one and the connectivity is checked in a timely manner, excluding the core layer router)

5) complete segmentation

Cancels the Declaration of the Regional external network and the passive-interface configuration. At this time, the related declaration must also be canceled on the vrouters of each core layer.

After the configuration is complete, check whether the OSPF neighbor relationship has been established as expected.

3.5 AD Restoration

Vrouters running BGP cancel the AD modification command and use the clear iproute command to restore the AD

3.6 remote site OSPF Transformation

1) run the command

① Start from the VBR in the region and start to enable it in sequence.

(2) modify the external routing AD (91) to be smaller than OSPF. This ensures that the default routing that will be released later can be replaced by OSPF.

③ Release the default BGP re-distribution of the OSPF route. When the OSPF connection is interrupted, the default route still enables the current device to access the Internet.

④ Check the establishment of the OSPF Neighbor Relationship

⑤ Check IGP route learning in the routing table

2) modify the OSPF network type

① Change the OSPF network type of each device to P2MP

② Check the establishment of OSPF Neighbor Relationship

3) Restore OSPF

Stop the OSPF process in the order of establishing the VPN gateway.

3.7 route Aggregation

① Configure the aggregation command on the regional border router to be aggregated and add the summary-only keyword

② Verification

Check the learning status and next hop information of the aggregation route.

The actual deployment topology and configuration process are included in the attachment.

This article is from the "Thely" blog, please be sure to keep this source http://thely.blog.51cto.com/2695427/1292185