Fading Coder

One Final Commit for the Last Sprint

Home > Tech > Content

Building a Multi-Area OSPF Network with MGRE Tunnels, Route Summarization, and Stub Areas

Tech May 9 4

Lab Topology and Objectives

The network consists of twelve routers spanning multiple OSPF areas, a ISP router, and a combination of point-to-point, broadcast, and MGRE links. The primary objectives are IP address planning from 172.16.0.0/16, establishing multi-area OSPF with optimization, configuring inter-area and external summarization, deploying special area types, and enabling NAT for internet access.

IP Address Design

All internal addresses are derived from 172.16.0.0/16. To accommodate six OSPF areas (including one for RIP redistribution), three bits are borrowed from the subnet mask, creating /19 blocks. Each area uses a dedicated /19 block, further divided into /24 subnets for point-to-point links, multi-access segments, and user loopbacks.

Base allocation ( /19 blocks):
172.16.0.0/19    - Area 0
172.16.32.0/19   - Area 1
172.16.64.0/19   - Area 2
172.16.96.0/19   - Area 3
172.16.128.0/19  - Area 4
172.16.160.0/19  - RIP domain
172.16.192.0/19, 172.16.224.0/19 - Reserved

Area 0 detail:
  P2P links:      172.16.0.0/24 subdivided into /30
  MA links:       172.16.1.0/24 subdivided into /29
  Loopbacks:      172.16.2.0/24, 172.16.3.0/24, ...

Area 1 detail:
  P2P links:      172.16.32.0/24 -> /30
  MA links:       172.16.33.0/24 -> /29
  Loopbacks:      172.16.34.0/24, 172.16.35.0/24, ...

Similar structures apply to Areas 2, 3, and 4. The RIP domain uses 172.16.160.0/24 and 172.16.161.0/24 for loopbacks.

Device Configurations

Router-1 (Area 1)

  • Interfaces: G0/0/0 connected to the area 1 MA segment, Loopback0 simulates a user subnet.
  • OSPF enabled in area 1, stub area configured.
  • NAT configured to translate internal addresses when accessing the ISP.
  • Hello interval reduced to 3 seconds for faster convergence.
  • MD5 authentication enabled on the link to Router-3.
# Assign IP addresses
interface GigabitEthernet0/0/0
 ip address 172.16.33.1 255.255.255.248
#
interface LoopBack0
 ip address 172.16.34.1 255.255.255.0
#
# Enable OSPF and configure stub area
router ospf 1
 router-id 1.1.1.1
 area 1
  network 172.16.32.0 0.0.31.255
  stub
#
# NAT for outbound internet access
acl number 2000
 rule 5 permit source 172.16.0.0 0.0.255.255
interface GigabitEthernet0/0/0
 nat outbound 2000
#
# Tune timers and authentication
interface GigabitEthernet0/0/0
 ospf timer hello 3
 ospf authentication-mode md5 1 cipher HelloOspf

Router-2 (Area 1)

interface GigabitEthernet0/0/0
 ip address 172.16.33.2 255.255.255.248
interface LoopBack0
 ip address 172.16.35.1 255.255.255.0
#
router ospf 1
 router-id 2.2.2.2
 area 1
  network 172.16.32.0 0.0.31.255
  stub

Router-3 (Hub of MGRE, ABR for Areas 0 and 1)

  • Connects to ISP via Serial4/0/0 with public IP 34.0.0.1/24.
  • Acts as MGRE hub; tunnel interface uses 172.16.1.1/29.
  • Area 1 configured as totally stubby, inter-area summary applied.
interface Serial4/0/0
 ip address 34.0.0.1 255.255.255.0
interface LoopBack0
 ip address 172.16.36.1 255.255.255.0
#
ip route-static 0.0.0.0 0.0.0.0 34.0.0.2
#
interface Tunnel0/0/0
 ip address 172.16.1.1 255.255.255.248
 tunnel-protocol gre p2mp
 source 34.0.0.1
 nhrp network-id 100
 nhrp entry multicast dynamic
 ospf network-type p2mp
#
router ospf 1
 router-id 3.3.3.3
 area 0
  network 172.16.1.1 0.0.0.0
 area 1
  network 172.16.33.3 0.0.0.0
  network 172.16.36.1 0.0.0.0
  stub no-summary
  abr-summary 172.16.32.0 255.255.224.0
#
# Area 1 authentication
router ospf 1
 area 1
  authentication-mode md5 1 cipher HelloOspf

ISP Router (Router-4)

Only public IP addresses are configured on its four interfaces. No routing protocol runs.

interface Serial4/0/0
 ip address 34.0.0.2 255.255.255.0
interface Serial4/0/1
 ip address 45.0.0.2 255.255.255.0
interface Serial3/0/0
 ip address 46.0.0.2 255.255.255.0
interface GigabitEthernet0/0/0
 ip address 47.0.0.2 255.255.255.0

Router-5 (MGRE Spoke, Area 0)

interface Serial4/0/0
 ip address 45.0.0.1 255.255.255.0
interface LoopBack0
 ip address 172.16.2.1 255.255.255.0
#
ip route-static 0.0.0.0 0.0.0.0 45.0.0.2
#
interface Tunnel0/0/0
 ip address 172.16.1.2 255.255.255.248
 tunnel-protocol gre p2mp
 source Serial4/0/0
 nhrp network-id 100
 nhrp entry 172.16.1.1 34.0.0.1 register
 ospf network-type p2mp
#
router ospf 1
 router-id 5.5.5.5
 area 0
  network 172.16.2.1 0.0.0.0
  network 172.16.1.2 0.0.0.0
#
acl number 2000
 rule 5 permit source 172.16.0.0 0.0.255.255
interface Serial4/0/0
 nat outbound 2000

Router-6 (MGRE Spoke, ABR for Areas 0 and 2)

interface Serial4/0/0
 ip address 46.0.0.1 255.255.255.0
interface GigabitEthernet0/0/0
 ip address 172.16.64.1 255.255.255.252
interface LoopBack0
 ip address 172.16.3.1 255.255.255.0
#
ip route-static 0.0.0.0 0.0.0.0 46.0.0.2
#
interface Tunnel0/0/0
 ip address 172.16.1.3 255.255.255.248
 tunnel-protocol gre p2mp
 source Serial4/0/0
 nhrp network-id 100
 nhrp entry 172.16.1.1 34.0.0.1 register
 ospf network-type p2mp
#
router ospf 1
 router-id 6.6.6.6
 area 0
  network 172.16.3.1 0.0.0.0
  network 172.16.1.3 0.0.0.0
 area 2
  network 172.16.64.1 0.0.0.0
  nssa no-summary
  abr-summary 172.16.64.0 255.255.224.0
#
acl number 2000
 rule 5 permit source 172.16.0.0 0.0.255.255
interface Serial4/0/0
 nat outbound 2000

Router-7 (MGRE Spoke, ABR for Areas 0 and 3)

interface GigabitEthernet0/0/0
 ip address 47.0.0.1 255.255.255.0
interface GigabitEthernet0/0/1
 ip address 172.16.96.1 255.255.255.252
interface LoopBack0
 ip address 172.16.4.1 255.255.255.0
#
ip route-static 0.0.0.0 0.0.0.0 47.0.0.2
#
interface Tunnel0/0/0
 ip address 172.16.1.4 255.255.255.248
 tunnel-protocol gre p2mp
 source 47.0.0.1
 nhrp network-id 100
 nhrp entry 172.16.1.1 34.0.0.1 register
 ospf network-type p2mp
#
router ospf 1
 router-id 7.7.7.7
 area 0
  network 172.16.4.1 0.0.0.0
  network 172.16.1.4 0.0.0.0
 area 3
  network 172.16.96.1 0.0.0.0
  nssa no-summary
  abr-summary 172.16.96.0 255.255.224.0
#
acl number 2000
 rule 5 permit source 172.16.0.0 0.0.255.255
interface GigabitEthernet0/0/0
 nat outbound 2000

Router-8 (Area 3 internal router)

interface GigabitEthernet0/0/0
 ip address 172.16.96.2 255.255.255.252
interface GigabitEthernet0/0/1
 ip address 172.16.96.5 255.255.255.252
interface LoopBack0
 ip address 172.16.98.1 255.255.255.0
#
router ospf 1
 router-id 8.8.8.8
 area 3
  network 172.16.96.0 0.0.31.255
  nssa

Router-9 (ASBR connecting OSPF process 2, Area 4)

interface GigabitEthernet0/0/0
 ip address 172.16.96.6 255.255.255.252
interface GigabitEthernet0/0/1
 ip address 172.16.128.1 255.255.255.252
interface LoopBack0
 ip address 172.16.130.1 255.255.255.0
#
router ospf 2
 router-id 9.9.9.9
 area 0
  network 172.16.128.0 0.0.31.255
 default-route-advertise
#
router ospf 1
 import-route ospf 2
 area 3
  nssa
 asbr-summary 172.16.128.0 255.255.224.0

Router-10 (Area 4, OSPF process 2)

interface GigabitEthernet0/0/0
 ip address 172.16.128.2 255.255.255.252
interface LoopBack0
 ip address 172.16.131.1 255.255.255.0
#
router ospf 2
 router-id 10.10.10.10
 area 0
  network 172.16.128.0 0.0.31.255

Router-11 (Area 2 internal router)

interface GigabitEthernet0/0/0
 ip address 172.16.64.2 255.255.255.252
interface GigabitEthernet0/0/1
 ip address 172.16.64.5 255.255.255.252
interface LoopBack0
 ip address 172.16.66.1 255.255.255.0
#
router ospf 1
 router-id 11.11.11.11
 area 2
  network 172.16.64.0 0.0.31.255
  nssa

Router-12 (ASBR redistributing RIP into OSPF, Area 2)

interface GigabitEthernet0/0/0
 ip address 172.16.64.6 255.255.255.252
interface LoopBack0
 ip address 172.16.160.1 255.255.255.0
interface LoopBack1
 ip address 172.16.161.1 255.255.255.0
#
router ospf 1
 router-id 12.12.12.12
 area 2
  network 172.16.64.0 0.0.31.255
  nssa
 import-route rip
 asbr-summary 172.16.160.0 255.255.224.0
#
rip 1
 version 2
 network 172.16.0.0

Optimization and Verification

After applying summarization and special areas, routing tables are significantly reduced. Stub areas receive only a default route from the ABR. NSSA areas import external routes as Type-7 LSAs, wich can be translated to Type-5 if needed, but with no-summary they also rely on a default route. Inter-area prfeixes are consolidated through ABR summaries, and external prefixes from RIP and OSPF process 2 are aggregated via ASBR summaries.

Convergence is accelerated by lowering hello timers on critical links and enabling authentication to secure adjacency formation. NAT on border routers ensures all internal subnets can access the ISP's loopback and external networks.

Tags: OSPFMGRENetwork Design
Back to List

Prev: Oracle Grid Infrastructure Cluster Startup Troubleshooting Guide

Next: Boosting Python Performance with Cython

Related Articles

Understanding Strong and Weak References in Java

Strong References Strong reference are the most prevalent type of object referencing in Java. When an object has a strong reference pointing to it, the garbage collector will not reclaim its memory. F...

Comprehensive Guide to SSTI Explained with Payload Bypass Techniques

Introduction Server-Side Template Injection (SSTI) is a vulnerability in web applications where user input is improper handled within the template engine and executed on the server. This exploit can r...

Implement Image Upload Functionality for Django Integrated TinyMCE Editor

Django’s Admin panel is highly user-friendly, and pairing it with TinyMCE, an effective rich text editor, simplifies content management significantly. Combining the two is particular useful for bloggi...

Leave a Comment

Anonymous

◎Feel free to join the discussion and share your thoughts.

Copyright © fadingcoder.top