Merlz Posted September 11, 2021 Share Posted September 11, 2021 Hi All. I am not convinced by the network design and solution for the question I will post below. The peering of the DC switches with vEdges doesn't make sense to me. The vEdges have VNP0 (that peers with vlan 4000 on DC Switches) then Service VPN 999 (That pairs with vlan 3999). The SDWAN VPNs are VRF level and I would expect that separation to be maintained until there is explicit route-leaking between the VRFs,, but then on the switches there are SVIs in the same ospf routing processes and area. That causes inter-vlan routing and the two VRFs are combined and traffic would go from VPN0 to VPN999 without going through the vEdges. That confuses me,, if there is anyone who is equally concerned or has a better explanation of what the design is attempting to achieve can help. ==================================================================================================== 1.7 : OSPFv2 in DC Configure devices in the DC according to these requirements: · Switches sw201 and sw202 must establish a stable OSPF adjacency in the FULL state with vedge21 and vedge22 on interface Vlan3999. Any configuration changes and corrections necessary to meet this requirement may be performed only on the switches, and any mismatched parameters causing the issue must be changed to exactly match the configuration of the vEdges. · All OSPF speakers in the DC running Cisco IOS and IOS-XE software must be configured to keep the number of advertised internal routes to an absolute minimum while not impacting the reachability of the services. This included the reachability of ISE,DNA center,vManage,vBond and vSmart on their internal (in Band Connectivty) addresses, as well as any existing and future devices in VLAN 4000 and sw201 and sw202. The configuration of this requirement must be completed exclusively within the “router ospf” and “interface vlan” contexts without causing any impact to existing OSPF adjacencies. · Router r24 must advertise two prefixes, 10.6.0.0/15 and 10.200.0.0/24, as Type-5 LSAs in OSPFv2 to provide HQ and DC with the reachability to the DMVPN tunnel and branches #3 and #4. The configuration of this requirement must be completed exclusively within the “router ospf” context. · Any route from the 10.2.0.0/16 range that keeps being advertised in OSPF must continue being advertised as an intra-area route. · It is not allowed to modify existing areas to accomplish this entire task. ================================================================================================ Link to comment Share on other sites More sharing options...
Moderators Glavin Posted September 11, 2021 Moderators Share Posted September 11, 2021 WARNING POST IN NO REQ SECTION 1 Link to comment Share on other sites More sharing options...
Merlz Posted September 11, 2021 Author Share Posted September 11, 2021 Hi Glavin, Apologies, where can I suitably post a question like this without generating a Warning? I wan't guys to discuss it. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now