L3 Igp Core Configuration (Ospf) - Avaya 8600 Technical Configuration Manual

avaya.com
Site5:5(config)# interface loopback 2
Site5:5(config-if)# ip address 172.16.5.254/24
Site5:5(config-if)# ip ipvpn-lite-capability
Site5:5(config-if)# exit
2.2.5.3 CLIP#3 Configuration
CLIP#3 will be used for the IPinIP outer encapsulation of L3 VPN traffic destined for / received from the
DualHub-Spoke Internet IPVPN. It is only configured on the two Hub Sites (Site1 & Site2) which provide
the Internet access and is configured with an identical IP address at both Sites. This ensures that both
Site1 and Site2 will be able to decapsulated Internet based IPVPN traffic from one of the other Sites
regardless of the MLT hash used by those other Sites and without having to switch the traffic
unnecessarily over the IST.
Again, IPVPN-Lite capability needs to be enabled on it.
Both Site1 and Site2 (only Site1 shown)
CLI
Site1:5# config ip circuitless-ip-int 3 create 172.16.0.254/24
Site1:5# config ip circuitless-ip-int 3 ipvpn-lite-capability enable
ACLI
Site1:5(config)# interface loopback 3
Site1:5(config-if)# ip address 172.16.0.254/24
Site1:5(config-if)# ip ipvpn-lite-capability
Site1:5(config-if)# exit

2.2.6 L3 IGP Core Configuration (OSPF)

OSPF will be configured across two separate VLANs which span all 5 Sites. The OSPF interface type is
broadcast which operates via election of a Designated Router (DR) for the segment. In this design it only
makes sense for either Site1 or Site2 to operate as the DR. The reason for using two VLANs instead of
just one is to eliminate any traffic interruption which would occur if the node acting as DR for the single
segment failed. In this scenario, even though the Backup DR (BDR) would be elected as the new DR, two
consecutive SPF (Shortest Path First) runs would be necessary to restore all OSPF routes across the
segment but the OSPF holddown timer will not allow two consecutive SPF runs within it's timer value. By
using two VLANs we have two OSPF segments. If the DR fails on one segment, the very first SPF run will
restore all OSPF routes across the other segment thus ensuring sub-second failover even in case of DR
failure.
The next thing to ensure is that the same node does not act as DR across both VLANs. In this design
Site1 will be made DR for one VLAN and Site2 will be made DR for the other VLAN by increasing their
OSPF priority on those interfaces. All other interfaces on the two OSPF VLANs will be configured with an
OSPF priority of 0 which will prevent them from ever taking on the role of DR or BDR.
As such there will be no BDR in these OSPF VLANs. This is necessary because if a BDR did become the
new DR, it would not revert to BDR status once the original DR was back on line and this could eventually
result in either Site1 or Site2 being the DR across both OSPF VLANs which would then defeat the
objective of having two segments in the first place.
Network Design Implementation to Provide L2 & L3 VPN Connectivity
39
November 2010
between Sites using SMLT and IPVPN-Lite for ERS 8600
Technical Configuration Guide