ospf redistribution to WAN and route summarization

[theizer1]

I am really a sys admin pretending to be a network engineer and need clarification on ospf redistribution and route summarization.

Our topology:

Layer3 switches (6509s and 4506s) with WAN connection to AT&T MPLS cloud to other sites. We are running OSPF at each site and redistributing tagged routes to AT&T’s router for redistribution across their BGP back into our OSPF at each site.

Example of our routing config at each site:

router ospf 1
router-id 10.152.200.2
log-adjacency-changes
auto-cost reference-bandwidth 10000
redistribute connected subnets tag 30
redistribute static subnets route-map STATIC-OSPF
passive-interface default
no passive-interface Vlan300
no passive-interface Vlan600
network 10.144.0.0 0.15.255.255 area 0
network 10.250.152.0 0.0.0.255 area 0

route-map STATIC-OSPF permit 10
match tag 30

One of our sites has a ton of subnets that are being advertised and I need to summarize the routes being redistributed to AT&T’s WAN router.

A sho ip route connected displays over a 100 connected subnets which are being redistributed:

#sho ip route connected
10.0.0.0/8 is variably subnetted, 102 subnets, 5 masks
C 10.152.212.0/24 is directly connected, Vlan212
C 10.152.200.0/22 is directly connected, Vlan200
C 10.152.205.0/24 is directly connected, Vlan205
C 10.250.152.0/24 is directly connected, Vlan250
C 10.152.250.0/24 is directly connected, Vlan600
C 10.152.18.0/24 is directly connected, Vlan18
C 10.152.19.0/24 is directly connected, Vlan19
C 10.152.16.0/24 is directly connected, Vlan16
C 10.152.17.0/24 is directly connected, Vlan17
C 10.152.22.0/24 is directly connected, Vlan22
C 10.152.23.0/24 is directly connected, Vlan23
C 10.152.20.0/24 is directly connected, Vlan20
C 10.152.21.0/24 is directly connected, Vlan21
C 10.152.26.0/24 is directly connected, Vlan26
C 10.152.27.0/24 is directly connected, Vlan27
C 10.152.24.0/24 is directly connected, Vlan24
C 10.152.25.0/24 is directly connected, Vlan25
C 10.152.30.0/24 is directly connected, Vlan30
C 10.152.31.0/24 is directly connected, Vlan31
C 10.152.28.0/24 is directly connected, Vlan28
C 10.152.29.0/24 is directly connected, Vlan29
C 10.152.255.253/32 is directly connected, Loopback100
C 10.152.0.0/24 is directly connected, Vlan300
C 10.152.255.254/32 is directly connected, Loopback101
C 10.152.6.0/24 is directly connected, Vlan6
C 10.152.7.0/24 is directly connected, Vlan7
C 10.152.5.0/24 is directly connected, Vlan5
C 10.152.10.0/24 is directly connected, Vlan10
C 10.152.11.0/24 is directly connected, Vlan11
C 10.152.8.0/24 is directly connected, Vlan8
C 10.152.9.0/24 is directly connected, Vlan9
C 10.152.14.0/24 is directly connected, Vlan14
C 10.152.15.0/24 is directly connected, Vlan15
C 10.152.12.0/24 is directly connected, Vlan12
C 10.152.13.0/24 is directly connected, Vlan13
C 10.152.50.0/24 is directly connected, Vlan50
C 10.152.51.0/24 is directly connected, Vlan51
C 10.152.48.0/24 is directly connected, Vlan48
C 10.152.49.0/24 is directly connected, Vlan49
C 10.152.54.0/24 is directly connected, Vlan54
C 10.152.55.0/24 is directly connected, Vlan55
C 10.152.52.0/24 is directly connected, Vlan52
C 10.152.53.0/24 is directly connected, Vlan53
C 10.152.58.0/24 is directly connected, Vlan58
C 10.152.59.0/24 is directly connected, Vlan59
C 10.152.56.0/24 is directly connected, Vlan56
C 10.152.57.0/24 is directly connected, Vlan57
C 10.152.34.0/24 is directly connected, Vlan34
C 10.152.35.0/24 is directly connected, Vlan35
C 10.152.32.0/24 is directly connected, Vlan32
C 10.152.33.0/24 is directly connected, Vlan33
C 10.152.38.0/24 is directly connected, Vlan38
C 10.152.39.0/24 is directly connected, Vlan39
C 10.152.36.0/24 is directly connected, Vlan36
C 10.152.37.0/24 is directly connected, Vlan37
C 10.152.42.0/24 is directly connected, Vlan42
C 10.152.43.0/24 is directly connected, Vlan43
C 10.152.40.0/24 is directly connected, Vlan40
C 10.152.41.0/24 is directly connected, Vlan41
C 10.152.46.0/24 is directly connected, Vlan46
C 10.152.47.0/24 is directly connected, Vlan47
C 10.152.44.0/24 is directly connected, Vlan44
C 10.152.208.253/32 is directly connected, Loopback0
C 10.152.45.0/24 is directly connected, Vlan45
C 10.152.82.0/24 is directly connected, Vlan82
C 10.152.80.0/24 is directly connected, Vlan80
C 10.152.81.0/24 is directly connected, Vlan81
C 10.152.102.0/24 is directly connected, Vlan102
C 10.152.100.0/24 is directly connected, Vlan100
C 10.152.101.0/24 is directly connected, Vlan101



I’m trying to figure out which command I need to use: the range command or the summary-address command.

Should I add

Router ospf 1
Area 0 range 10.144.0.0 255.240.0.0

OR

Router ospf 1
Summary-address 10.144.0.0 255.240.0.0


Also, will this actually do what I want or will the command “redistribute connected subnets tag 30” still redistribute all 100+ connected subnets?

Thanks for the help!

 

[unclerico]

1) you'll use the summary-address command on the asbr that is receiving the routes
2) you don't need the redistribute connected subnets tag 30 command since your network statements in the ospf process take care of it
3) what are you doing with redistribute static subnets route-map STATIC-OSPF?? are you tagging these static routes on this device??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[theizer1]

Sorry - let me clarify.

Our layer 3 switch neighbors up with our vendor's router which is then only redistributing tagged routes to their BGP and then from BGP to OSPF on the other side.

At each site, our layer 3 switch is running OSPF in area 0 neighbored up with the vender router.

We are controlling which static routes to redistribute by tagging them.

I'm confused on how to summarize my routes since both my layer3 switch and the vendor router are both area 0.

 

[unclerico]

with ospf you can essentially summarize in two spots, ABRs and ASBRs. the CE devices where redistribution takes place from OSPF to BGP and vice versa are ASBRs. you need to have your vendor get on the CE devices and add the summary-address command for routes being received from other sites.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[theizer1]

If I dropped a router between my layer 3 switch and the vendor router and had int0 in area 0 neighbored to my layer 3 switch and int1 in area 1 neighbored the vendor router, then could I do the route summarization there so the vendor router would only receive summary routes to redistribute over their BGP?

 

[unclerico]

yes sir. you would then use the area range command instead of the summary-address command

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[theizer1]

Could I accomplish this by putting the vendor router in a new vlan on my 6509 that is in area 1 instead of deploying another physical router?


Core Layer 3 SW
core networks (10.0.0.0 - 10.31.255.255) in area 0
WAN vendor1 network (new vlan 400 10.253.255.0/24) area 1

Int Gi3/1 (vlan 400) <---> WAN vendor1 int0 (10.253.255.254/24) area 1

router ospf 10
router-id 10.2.1.251
log-adjacency-changes
area 0 range 10.0.0.0 255.224.0.0
auto-cost reference-bandwidth 10000
area 0 authentication message-digest
redistribute connected subnets tag 10
redistribute static subnets route-map STATIC-OSPF
passive-interface default
no passive-interface Vlan9
no passive-interface Vlan600
no passive-interface Vlan400
network 10.0.0.0 0.31.255.255 area 0
network 10.253.255.0 0.0.0.255 area 1

 

[unclerico]

yes, that would work.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[theizer1]

Just a thought -

I am using the "redistrubute connected subnets tag 30" command mainly to tag the routes so my vendor will filter what they redistribute into their BGP based on the tag. Since this command is essentially injecting external routes (connected subnets) into ospf, could I use the command "summary-address 10.0.0.0 255.224.0.0" to summarize all the routes (connected subnets) being redistributed into OSPF? Then my vendor router would only learn the summary route with the tag to redistribute to their BGP.

Sample config:

router ospf 10
router-id 10.2.1.251
log-adjacency-changes
area 0 range 10.0.0.0 255.224.0.0 (summarizes between area 0 and 1 but the route is not tagged so my vendor won't redistribute)
summary-address 10.0.0.0 255.224.0.0 (summarizes the routes redistributed into ospf via my "redistribute connected subnets tag 10" command)
auto-cost reference-bandwidth 10000
area 0 authentication message-digest
redistribute connected subnets tag 10
redistribute static subnets route-map STATIC-OSPF
passive-interface default
no passive-interface Vlan9
no passive-interface Vlan600
no passive-interface Vlan400
network 10.0.0.0 0.31.255.255 area 0
network 10.253.255.0 0.0.0.255 area 1

 

[unclerico]

yep, this will work. you won't need to run multi-area ospf.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)