[j-nsp] Junos ospf question

Per Westerlund p1 at westerlund.se
Wed Sep 25 16:35:00 EDT 2013 

I think I know one way to do it.

Multi-topology routing to the rescue!

With MT-routing we can have one topology with only sites A and B and all their routers and routes/prefixes, and another topology with sites A, B and C and everything (just like today). On ingress, you classify and assign traffic to different routing tables/topologies. Storage traffic will use routing tables where site C is not present, there is no way high volume traffic will use that path. The rest of the traffic will use the same routing table as before.

Obviously, this has to be labbed up and verified first, it is only an idea.

1) Add extra topology/ies for OSPF to all routers.

This can be done without downtime, it only adds extra information to the OSPF database and creates new RIBs, but they are not used yet. Verify that everything looks OK before proceeding.

2) Add firewall filters (multi-field classifiers or BA classifiers) to ingress interfaces that direct storage traffic to a specific topology.

This can also be implemented carefully, by only matching on a small set of prefixes or prefix combinations.

3) Optionally label the traffic with some kind of BA-label, if MT-routing has to be implemented in more that a few places.

I have tested the principles in a small lab I have, I can send you sample configs and a drawing if you like.

/Per

25 sep 2013 kl. 11:42 skrev R S <dim0sal at hotmail.com>:

> indeed I make it simpler....
> 
> - network is already running with ospf (very sensite traffic)
> - the concept is A-C-B-A as you correctly understood, but there are between A and B 4 links with 4 big MXs on each side and on C there are two different big SRX, hence topology is not so easier
> - traffic is OSPF over IPSEC on each link
> - the idea is to find a solution under the current config/topology/routing domain, otherwise if I was enabled to rebuild everything I'd do in different way...
> 
> Subject: Re: [j-nsp] Junos ospf question
> From: p1 at westerlund.se
> Date: Wed, 25 Sep 2013 11:32:01 +0200
> CC: ipv6freely at gmail.com; juniper-nsp at puck.nether.net
> To: dim0sal at hotmail.com
> 
> First let me see if I understand you correctly by rephrasing.
> 
> - Three sites A, B och C all connected with direct links
> - Link A-B has high capacity
> - Links A-C and B-C has lower capacity
> - High volume storage traffic traverses link A-B and must not use links A-C or B-C, even if link A-B goes down
> - There is also other low-volume traffic between all sites that should be routed around possible broken links.
> 
> Why not first try to solve it the easy way instead of using routing magic?
> 
> - If the high-volume storage traffic has static addressing that is unique, you can use static routes that are NOT exported into OSPF.
> 
> If the easy way does not apply, there is a slightly more complex way to do it:
> 
> - If you can classify storage traffic statically with a filter, use FBF to direct that traffic to a static default route in another routing instance.
> 
> I don't really recommend it, but there are high-tech alternatives that do about the same as FBF in this case, but in a more "interesting" way. Usually you should always think KISS in production, but I must mention it: Multitopology routing.
> 
> With MT routing one OSPF instance can have more than one topology active, in this case one with only A and B present, and another where all of A, B and C are present. You then classify the ingress traffic and assign it to one of the topologies (by using their specific routing/forwarding table).
> 
> Here is a link to where you can get started: http://www.juniper.net/techpubs/en_US/junos12.1/topics/usage-guidelines/routing-configuring-multitopology-routing-in-ospf.html .
> 
> Remember: I don't recommend it!
> 
> /Per
> 
> 25 sep 2013 kl. 10:39 skrev R S <dim0sal at hotmail.com>:
> 
> basically I've a triangulation A - B - C - A
> 
> single area 0
> 
> A-B link is 10Gbs
> A-C and B-C is 1 Gbs
> 
> since in A-B run a very high volume of traffic (storage), I do not want if A-B fails this traffic goes through C
> 
> C redistribute as well statics into OSPF
> 
> Hope it clear now

More information about the juniper-nsp mailing list