We have a network that’s running OSPF with a single upstream provider and everything works fine.
We are planing to add additional upstream provider on our network but it will be connected in different city and on different router. I need to mention that we don’t have our own ASN.
Network should look similar to diagram attached:
We need to be able to access to every single router from any point in our network and ideally to use all bandwidth, but splitting bandwidth into sectors will also work for us.
Can someone recommend how should this be configured/routed ideally?
Are you using private IPs on your network and NATing to an ISP provided IP on egress from your network? If so then you could simply use OSPF to make clients use the upstream closest to them.
Thank you for reply.
Yes, I’m using private IPs for clients inside network, and I’m NATing for most of the customers on demarc router.
So basically I add another DR and it will find the closest path? What will happen when there is routers in the “middle” of network when the cost is equal, for example 100 to ISP1 and 100 to ISP2?
Is there any way I can change which router will use specific upstream, except changing the cost of OSPF links/interfaces?
If you are NATing you can use the costs to ensure that costs are not exactly equal in the middle zone. You can certainly override the OSPF routes but if you do so you potentially also lose OSPF’s self healing capabilities so caution is advised.
From what you have described so far I don’t see any particular advantage to having BGP internally. It looks as if you have one cross-connect between to two main parts of the network. OSPF can detect failure of that link and react quickly to adjust the default route as required.
I think I will keep OSPF and EOIP tunnel to the PE (Provider Edge) routers where AC (Access Concentrator) will be also located, that way I can make a link go to AC that I want no matter where it is in network. Even a single interface on interfaces that have multiple interfaces can go to specific AC, for example one interface to PE router #1 and one to PE router #2.
Our Radius server is located on server that’s inside different data center, so each PE router can have access to it.
What do you think about this design?
It’s a good design - I would enhance it as follows:
Originate default GW advertisements {Redistribute Default Route = if-installed (as type 2) in OSPF instance} at both provider edge routers, and give both the same default route metric. (1 is fine)
This way, all internal routers will choose either default GW based on which advertising router is “closer.” It really helps if your internal links have appropriate metrics, and not just “10” everywhere. If it’s just 10 everywhere, then it only counts hops, and not bandwidth.
Next, on each PE router, configure the default gateway static route to ping test a target such as 8.8.8.8 and also force that it can only route to 8.8.8.8 via the local ISP (not the other PE’s ISP). If this ping fails, then the default GW route becomes inactive and it will withdraw its announcement from the inside.
This way if the router fails, or if the ISP link goes down, or cannot reach all the way to the internet, the network will begin using the other PE router to reach the internet.
At each PE router, do the EoIP tunnel as you described. Then make sure that OSPF runs between your PE routers across the tunnel, and that the metric of this link is very bad - like 10000 so that it only gets used as a last resort, but if the internal network gets split in half, the two halves can reach each other via the tunnel as you described.
EDIT: For security, you may want to use IPSec or encrypted PPTP for the wan<>wan backup VPN.
