Definitive MPLS Network Designs [Electronic resources] نسخه متنی

EuroBank Network Core Routing Design

The total number of routers in the EuroBank network core is 140. This includes P routers, PE routers, and multi-VRF CE routers located in the offices, POPs, and data centers (the branches, of course, are not part of the IGP routing domain). The number of internal routes does not exceed 500, and no external routes are advertised into OSPF (the OSPF link-state database consists of only router and network LSAsLSA of type 1 and 2). Hence, EuroBank adopted a simple routing design consisting of a single OSPF backbone area.

EuroBank conducted a detailed analysis of the required convergence time to satisfy the requirements of its applications in terms of network availability (including its Systems Network Architecture (SNA) application via data-link switching (DLSw), interactive applications, and so on). The conclusion was that the rerouting time should be at most 5 seconds should a core link or P router fail.

As already pointed out, EuroBank systematically elected the use of protected circuits (whenever possible). For instance, all the STM-1 links are protected, and the ATM PVCs are also dynamically rerouted in the service provider core. In the former case, the convergence time is on the order of a few tens of milliseconds, and in the latter case, ATM PVCs are restored in the service provider core within 2 to 3 seconds.

In the case of the metro connections, Fast Ethernet links rely on the SDH NTU (thus, tens of milliseconds of convergence time are achieved thanks to SDH protection). In the case of the Gigabit Ethernet switches used in metro connections, they can propagate any link failure caused, for instance, by a failure within a few milliseconds. As soon as the switch detects the failure, the LAN port on the customer side is turned off, thus propagating the failure notification to the routing neighbor. Note that the Gigabit Ethernet links used for metro connections are not themselves protected; their failure is handled via OSPF rerouting.

When links cannot be protected by means of lower-layer network recovery mechanisms (such as in the case of 34-Mbps leased line, router failures, and so on), the core network exclusively relies on OSPF to converge and restore the affected traffic. As already pointed out, the network is fully redundant both in terms of equipment (dual routers, dual Gigabit Ethernet switches, and so forth) and network paths (no single point of failure).

To meet the 5-second convergence time, EuroBank decided to modify the default OSPF hello timer from its default 10-second value to 1 second and the OSPF RouterDead timer from its default 40-second value to 3 seconds. Such parameter settings have proven not to generate any unreasonable control plane overhead on the routers. Thus, in any failure case, the worst failure detection time is bounded to 3 seconds. This gives OSPF 2 more seconds to complete its convergence. Upon failure detection, each routing neighbor originates a new LSA that is propagated across the network to reflect the topology change. Note that the time for each router to receive the updated OSPF LSA is composed of several components:

The link propagation delay

The queuing delay on each traversed hop

Serialization delay

EuroBank determined that the worst-case delay for each router to receive an LSA update was always less than 500 ms.

The last step of the recovery cycle is the routing table computation, which is on the order of 200 ms for the EuroBank network. This shows that a convergence of 5 seconds can be achieved (including the LSA origination time).

Note

EuroBank decided to use Nonstop Forwarding (NSF) techniques in the future on its PE routers.

Host Routing

Each host in the EuroBank network can access the network by means of at least two routers. However, a protocol is required to select the appropriate router and redirect the traffic to the other one should the primary router fail. Hence, EuroBank elected to use Hot Standby Router Protocol (HSRP) with a hello timer of 1 second and a hold time of 3 seconds.

In case a PE router (in an office) or CE router (in a branch) fails, the slave router starts receiving the traffic within 3 seconds, which meets the EuroBank routing convergence target. Because HSRP relies on the election of a master and a slave, in steady state, the master receives all the traffic from the various hosts to be routed onto the network core. To take advantage of the two leased lines connecting the two routers to the network core, it is desirable for the master to reroute part of the traffic toward the slave router. In the branch office case, the master router load-balances the traffic by means of an appropriate BGP configuration. In the case of the servers and mainframes located in the data centers, this is achieved by means of multigroup HSRP so that both routers play the role of master but for a subset of the hosts.

Note

EuroBank elected to use Gateway Load Balancing Protocol (GLBP) in the future for its branches and offices. GLBP is similar to HSRP in many respects but offers a superior solution in terms of traffic load balancing. It is particularly suitable in environments that have a large number of hosts. In a nutshell, the principle consists of load-balancing the traffic from the hosts to the routers by using a single virtual IP address (as in the case of HSRP) and multiple virtual MAC addresses. This way, the traffic is balanced across the multiple routers rather than electing one master router that receives all the traffic and is responsible for load balancing. Consequently, in steady state the traffic is balanced between the two routers. Of course, such a protocol is well suited for environments that have a large number of hosts. Indeed, load balancing is less accurate if the number of hosts is limited. This is particularly true with mainframes that generate and receive large amounts of traffic. In the case of data centers where a few hosts generate most of the traffic, it is more appropriate to use HSRP, where the master router performs the load-balancing function.