[c-nsp] ospf between me and customer - design ?

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Thu Feb 24 11:46:48 EST 2005


matthew zeier <> wrote on Thursday, February 24, 2005 5:00 PM:

> For various reasons, it's been decided to run OSPF between me and a
> customer network.  However, since their gear is outside my
> administrative control, I want to make sure I only get the networks I
> expect from them and they only get a default route from me.
> 
> Unfortunately, I haven't had to think about OSPF in a long time and
> I'm not sure what the best route to solve this is.
> 
> Assuming they'll be in their own area, should I use area filter-lists
> or create another ospf process and use distribute-in/out filters?   Or
> should I make them a stub and use either a seperate ospf process or
> area filter-lists ?

If OSPF can't be avoided, I'd always use a separate process to 
a) hide any other topology and route information from the customer
b) allow for easy filtering
c) contain instabilities within the customer's process, possibly using
the new LSA/SPF throttling mechanisms

Please be aware that the number of routing processes is limited to 30
(this limit does not apply when OSPF is used as PE-CE RP in MPLS-VPN in
recent code), so this doesn't really scale to a large number of
customers..

	oli



More information about the cisco-nsp mailing list