Understanding OSPFv2 by Example using a Branch Scenario

The branch office scenario has a number of remote branch offices with managed devices talking to a central office via a Mobility Master using site-to-site VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. tunnels or IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnels. The central office Mobility Master is in turn talking to the upstream routers (see Figure 1). In this scenario, the default route is normally pointed to the uplink router, in many cases the ISP Internet Service Provider. An ISP is an organization that provides services for accessing and using the Internet.. Configure the area as stub so that inter-area routes are also advertised enabling the managed device in the branch office to reach the corporate subnets Subnet is the logical division of an IP network.. The following branch office scenarios will help you understand the functioning of OSPFv2 Open Shortest Path First version 2. OSPFv2 is the version 2 of the link-state routing protocol, OSPF. See RFC 2328..

Branch Topology

All the OSPF Open Shortest Path First. OSPF is a link-state routing protocol for IP networks. It uses a link-state routing algorithm and falls into the group of interior routing protocols that operates within a single Autonomous System (AS). control packets exchanged between the managed devices and Mobility Master undergo GRE Generic Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. encapsulation before entering the IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnels. The managed devices in the branch offices advertise all the user subnet Subnet is the logical division of an IP network. addresses to Mobility Master as stub addresses in router LSA. Mobility Master in turn forwards those router LSAs to the upstream routers.

Figure 1   Branch OSPF Topology

Click to view a larger size.

Branch Routing Table

View the branch office managed device routing table using the show ip route command:

(host) [md] #show ip route

 

Codes: C - connected, O - OSPF, R - RIP, S - static

M - mgmt, U - route usable, * - candidate default

The routing table for Mobility Master is below:

(host) [mynode] #show ip route

 

Gateway of last resort is 4.1.1.2 to network 0.0.0.0

 

O* 0.0.0.0/0 [1/0] via 4.1.1.2*

O 14.1.1.0/24 [1/0] via 30.1.1.1*

O 15.1.1.0/24 [1/0] via 30.1.1.1*

C 4.1.1.0 is directly connected, VLAN4

C 5.1.1.0 is directly connected, VLAN5