??: RES: [c-nsp] Re: Limiting networks announced on special l ink of OSPF

Joe Shen sj_hznm at yahoo.com.cn
Wed Aug 24 21:16:40 EDT 2005 

Thanks for your help.

I've test the configuration which I listed below. It
does works, Vlan 3 is not taken as route between
6509-a and 6509-b while only packets destined to hosts
within Vlan3 is tranfered into it.


But, I met another problem. Eight host routers
announce the same IP address to 6509s, but only one
6509 could establish 7 routes to the same destination
located within Vlan3 ( I am trying  to setup ECMP),
the other 6509 could only set up one route to that
address.

If I divide the 7 host router into two Vlan ( vlan3
with 4 router, vlan8 with 3 router), both 6509 have
interface vlan3 and vlan8. Then, 6509-a could
establish 4 route to the same destination, while
6509-b could establish seven! 

why? is that a bug or something wrong with my
configuration?  I use quagga0.98.3 on host router.

Joe



--- "Tantsura, Jeff" <jtantsura at ugceurope.com>дµÀ:

>
http://www.ciscotaccc.com/iprout/showcase?case=K47811632
> 
> --
> Jeff Tantsura  CCIE# 11416
> Senior IP Network Engineer
> 
> 
> -----Original Message-----
> From: Murilo Antonio Pugliese
> [mailto:mpugliese at diveo.net.br] 
> Sent: 18 August 2005 20:23
> To: Joe Shen; Oliver Boehmer (oboehmer); Jeremiah
> Millay;
> cisco-nsp at puck.nether.net
> Subject: RES: ??: RES: [c-nsp] Re: Limiting networks
> announced on special
> link of OSPF
> 
> 
> Joe.
> 
> I'm sorry but I'm not sure, it sounds/looks ok to
> me, but 
> I have never deployed it so I cannot guarantee that
> it may/will work fine.
> 
> If you have the chance to test or deploy it, please
> could you let me know ?
> 
> Yours Truly.
> 
> Murilo Pugliese.
> 
> -----Mensagem original-----
> De: Joe Shen [mailto:sj_hznm at yahoo.com.cn]
> Enviada em: quarta-feira, 17 de agosto de 2005 07:15
> Para: Murilo Antonio Pugliese; Oliver Boehmer
> (oboehmer); Jeremiah Millay;
> cisco-nsp at puck.nether.net
> Assunto: ??: RES: [c-nsp] Re: Limiting networks
> announced on special link of
> OSPF
> 
> 
> Thanks for your help.
> 
> Can I set up incoming LSA filtering, so that only
> allows subnet inside VLAN3 to be installed on 6509-a
> and 6509-b? 
> 
> e.g 
> 
> interface vlan3
>   description server-subnet
>   ip address 10.1.2.1 255.255.255.240
> 
> access-list 24 allow 10.1.2.0 0.0.0.15
> access-list 24 allow 11.1.1.12 255.255.255.255
> access-list 24 allow 11.1.1.13 255.255.255.255
> access-list 24 deny any any
> 
> router ospf 100
>   network 10.1.1.0 0.0.0.255 area 0
>   network 10.1.2.0 0.0.0.15 area 10.1.2.0 
>   network 10.1.3.0 0.0.0.255 area 0 
>   distribute-list 24 in interface vlan3
> 
> If fact, area 10.1.2.0 is a area which need to learn
> default route from both 6509-a and6509-b. 
> 
> thanks 
> 
> Joe
> 
> 
> 
> --- Murilo Antonio Pugliese
> <mpugliese at diveo.net.br>дµÀ:
> 
> > 
> > Folks.
> > 
> > Follow "a sample" to restrict OSPF advertisements
> > that do work.
> > I'm not sure if it's intended for the discussed
> > scenario but I'm sending anyway.
> > 
> > 	router ospf #
> > 	 ...
> > 	 redistribute connected/static subnets route-map
> > void-ospf-redistribution	
> > 	!
> > 	ip access-list extended void-redistribution
> > 	 permit ip <prefix> <wildcard-mask> <mask>
> > <wildcard-mask>
> > 	 ...
> > 	!
> > 	route-map void-ospf-redistribution deny 10
> > 	 match ip address void-redistribution
> > 	!
> > 	route-map void-ospf-redistribution permit 20
> > 	!
> > Yours Truly.
> > 
> > Murilo Pugliese.
> > 
> > -----Mensagem original-----
> > De: Oliver Boehmer (oboehmer)
> > [mailto:oboehmer at cisco.com]
> > Enviada em: terça-feira, 16 de agosto de 2005
> 11:33
> > Para: Jeremiah Millay; cisco-nsp at puck.nether.net
> > Assunto: RE: [c-nsp] Re: Limiting networks
> announced
> > on special link of
> > OSPF
> > 
> > 
> > OSPF does not support generic outbound route
> > filtering like you
> > described below. You can't do this for link-state
> > routing protocols as
> > all routers within the area need to agree on the
> > same topology.
> > 
> > 	oli
> > 
> > Jeremiah Millay <> wrote on Tuesday, August 16,
> 2005
> > 4:23 PM:
> > 
> > > I would use a distribute-list to filter SPECIFIC
> > advertisements. For
> > > example, say you were trying to restrict the
> > advertisement of 10.1.1.0
> > > out an interface like serial0/1. You would
> > configure the following:
> > > access-list 24 deny 10.1.1.0 0.0.0.255
> > > access-list 24 permit any
> > > router ospf 1
> > >  network 10.1.1.0 0.0.0.255 area 0
> > >  distribute-list 24 out interface s0/1
> > > 
> > > Just change the prefix and the interface (int
> vlan
> > 3 or whatever) that
> > > you are trying to restrict advertisements to.
> > > If you don't want ANY advertisements out an
> > interface use the
> > > passive-interface command. (passive-interface
> vlan
> > 3)
> > > 
> > > 
> > > cisco-nsp-request at puck.nether.net wrote:
> > > 
> > >> Message: 6
> > >> 
> > >> Date: Tue, 16 Aug 2005 15:25:06 +0800 (CST)
> > >> From: Joe Shen <sj_hznm at yahoo.com.cn>
> > >> Subject: [c-nsp] Limiting networks announced on
> > special link of OSPF
> > >> To: cisco-nsp at puck.nether.net Message-ID:
> > >>
> >
>
<20050816072506.3962.qmail at web15403.mail.cnb.yahoo.com>
> > >> Content-Type: text/plain; charset=gb2312 
> > >> 
> > >> Hi,
> > >> 
> > >> Can I restricting networks advertised on one
> link
> > in
> > >> OSPF?
> > >> 
> > >> 
> > >> My situation:
> > >> 
> > >> 
> > >>   Cat6509-a ------------------  Cat6509-b
> > >>               (Vlan3, 8 on trunk)
> > >> 
> > >> 
> > >> both Cat6509 run OSPF. Vlan 3 is a vlan planned
> > for
> > >> server installation, while Vlan 8 is
> > interconnection.
> > >> Subnet of Vlan 3 is planned as a NSSA area
> which
> > >> connects to area 0, while both catalyst6509
> > belong to
> > >> area 0. There is only one ospf process configed
> > on
> > >> each catalyst6509, and there is logical
> interface
> > >> Vlan3 on both catalyst6509.
> > >> 
> > >> 
> > >> After setting up vlan3 interface on L3 module,
> I
> > >> noticed catalyst6509-a and catalyst6509-b
> 
=== message truncated ===



	

	
		
___________________________________________________________ 
ÑÅ»¢Ãâ·ÑGÓÊÏ䣭ÖйúµÚÒ»¾øÎÞÀ¬»øÓʼþɧÈų¬´óÓÊÏä 
http://cn.mail.yahoo.com

More information about the cisco-nsp mailing list