[c-nsp] Two OSPF process on a router

raj.2.panchal at bt.com raj.2.panchal at bt.com
Mon Mar 12 05:31:16 EST 2007 

 
hi,
I have typical requirement which is driving me to use dual ospf process
on my cisco 7206 npe g1 routers. Suggest me if its advisable or not and
would i be able to achieve my requirment .
 
My setup is ( as seen in the diagram attached ), I have two routers at
site a and site b. Both the routers have dual connectivity using atm pvc
to backbone area. Links connecting the backbone area are in area 0. The
backbone area is already in place , the sites a and b are now being
connected to backbone area. Also routers at site a and b are expected to
act as ABR/ASBR for AS 65111.
 
I have a backdoor link from site a to site b, which is expected to carry
and route only LAN traffic to-from site a and site b. 
 
Site A and Site B would be managed from AS 65100 , reachability to the
same is provided by bgp-ospf redistribution between both AS. The LAN
hosts behind the firewals at site A and Site B are statically nat'd for
the traffic flowing to-from LAN hosts at site a or b to area 0 or AS
65100. Traffic between LAN hosts at site a and site b would not be
nat'd.
 
Now comes the requirments: 
1) LAN host prefix ( 10.251.17.96/27, 10.251.17.128/27 and
10.251.27.96/27, 10.251.27.128/27) should not be sent to area 0. LAN
host prefixes are statically routed on rtr01 and rtr02 towards the
firewall vrrp address.
2) IP prefix used to nat the LAN host should be advertised in area 0 and
to AS 65100 to give the reachability to LAN hosts through NAT outside IP
3) LAN prefix should be routed dynamically over backdoor link between
site a and site b
4) Backdoor link should not carry any traffic for NAT prefixes hence
dont advertise NAT prefix over backdoor link.
5) site a and site b should recieve the routes as seen on backbone area.
 
Solution :
 
1) Run two ospf process on rtr01 and rtr02
2) ospf process 1 shall include WAN link prefix( connecting to backbone
area )& loopbacks in area 0 , LAN network connecting the firewall ( two
vlans ) by redistributing connected, NAT prefix for hosts behind
firewall by redistributing static.
 
3) ospf process 2 shall include backdoor link wan prefix in area 10,
Inter-router gigabit ethernet link ( IRL ) in area 10, Inside ( actuall
) ip prefix for hosts behind firewall by redistributing static.
 

Achievement:
1) AS 65100 & other areas connected to backbone area 0 can access the
hosts behind firewall using the outside NAT IP address which are
statically nat'd on rtr01 and rtr02
2) Site a and site b can access the LAN host behind firewall without NAT
and always through backdoor link.
 

huuuh .. thats all :)
Please suggest me if its a practical solution or there is some other
suggested way to achieve the same. 
 
Thanks and Regards
Raj Panchal

More information about the cisco-nsp mailing list