[c-nsp] Redundant routing design question

Peter Olsson pol at leissner.se
Tue Jun 27 00:26:40 EDT 2006 

We have been given the following task:

   LAN Customer A            LAN Customer B
         |                         |
        2821                      2821
         |                         |
         |         Fiber 1         |
        2970----------------------2970
         |                         |
         | Fiber 2         Fiber 3 |
         |                         |
  O.c.--2970---------+  +---------2970--O.c. (O.c. = Other connections)
         |            \/           |
         |            /\           |
        3845---------+  +---------3845
         |                         |
   Other connections         Other connections

We have administrative control over all of these routers/switches.
Note that there is no direct connection between the lower 2970:s,
but they are both connected to both 3845:s (to the dual physical
giga ports). LAN separation in the fiber network and in the 2821:s
is done by having two VLAN:s.

The customers have some traffic between each other, this traffic should
always pass through Fiber 1. All other traffic should pass straight
downwards in the network map. Customer A should use Fiber 2 for all
traffic except traffic to Customer B, and Customer B should use Fiber 3.
However, if there is a drop in one of the fiber connections, all traffic
must immediately be rerouted to the working fiber.

A possibly complicating factor is that Customer B uses encryption for
some traffic, both to Customer A and to other destinations.

Our current headache is how to make sure that one customers traffic
doesn't go through the other customers fiber when all fibers are working.
We use OSPF for routing, and both customers currently get Fiber 2 as the
preferred route. (I'm not sure why Fiber 2 is the preferred choice, maybe
because the 3845 on the left is the OSPF DR.)

We have been thinking about these methods so far:

* Split the network from just two VLAN:s to four or five VLAN:s, so we
   can use one dedicated VLAN per router-to-router connection and then
   manipulate OSPF cost on some of them. Another similar method would
   maybe be to use tunnels for all router-to-router connections.

* Some kind of policy routing.

But both methods seem rather clumsy. Is there someone that has an
idea about how to solve the given demands for the network above?

Or is the network design flawed and impossible? But the customers need
complete redundancy combined with the fact that all fibers should be
used when they are all working, so we have to avoid switch loops and
spanning tree shutting down ports.

I hope that my description of the problem makes sense.

Thanks!

-- 
Peter Olsson                    pol at leissner.se

More information about the cisco-nsp mailing list