Implementation

Although it isn't immediately obvious that putting the area border on the HQ VLAN routers versus the core routers to which they are attached is going to make any difference, you should run through the exercise anyway.

If you make Routers A and B the ABRs, then you summarize toward the core from them. Ignore this for now, due to the fact that you are summarizing on a core router, and consider instead what happens if Router C loses its connection to just one of the VLANs. Assume the connection is lost to 172.16.1.0/24.

Routers A and B would be oblivious to this event. They would still be advertising the 172.16.0.0/20 route toward the rest of the core. If, however, a packet were to arrive on Router A with a destination of 172.16.1.10, it will look in its routing table and find that the only route it has to this destination is the summary route.

The critical point to remember here is that when a Cisco router builds a summary route, it puts a route in the routing table to null0 for that entire range of addresses. Router A would forward this packet to 172.16.1.10 to the only route it has for that destination—null0. null0 is the bit bucket, so all traffic to 172.16.1.0/24 would be dropped by Router A.

How would this change if you were to make Routers C and D the ABRs? Go back to the scenario of Router C losing its connection to the 172.16.1.0/24 network. Instead of Router C having only a summary address in its routing table, it will have a specific route through Router D.

Of course, this assumes that all of the parallel VLANs will be running OSPF—but is this really what you want to do? You don't want these VLANs to transit traffic. (It's never a good idea to have transit traffic on a link with hosts attached.) You can configure all of these interfaces as passive and not configure OSPF on all but one of them.

You do need to run OSPF on at least one of these links to prevent packets from being sent to null0 if either Router C or Router D loses its connection to one (or more) of the VLANs. You should set aside a VLAN just for this purpose with no hosts or servers connected to it.

So, with all of the options considered, it's best to put the area border at the routers connected to the hQ VLANs rather than at the edge of the core.

Was this article helpful?

0 0

Post a comment