[c-nsp] EIGRP and OSPF

Oliver Boehmer (oboehmer) oboehmer at cisco.com
Wed Oct 12 04:09:56 EDT 2005 

Brad Swanson <> wrote on Tuesday, October 11, 2005 3:47 PM:

> The overall config:
> 
> Standard Cisco three tier design - core/dist/access.
> 
> OSPF with three areas, but NO area 0.  OSPF is used for a very basic
> IBM mainframe OSPF implementation.
> 
> All IBM MF's land on the same L2 access swt with the OSPF happening
> at the dist layer for ALL OSPF areas.
> 
> All routes from OSPF are redist. into the network-wide routing
> protocol EIGRP.
> 
> What I want to be able to do is limit the routes learned from the
> MF's to xxxx since I do not have control over the devices sending me
> routes.  Is what I have below gonna get me where I want to be? 

Yes, but:

> Again, I do not want devices participating in OSPF NOT in their area
> to learn other routes from other OSPF devices.

This is a different requirement.

So: "distribute-list 40 in" will prevent your router from ever putting
routes matching this acl advertised by any of the OSPF speakers into its
routing table and will thus prevent them from being redistributed into
EIGRP. This effectively limits the harm the MF's can do (you might want
to extend the ACL to other prefixes and also replace it by a prefix-list
which allows for a more granular control than a standard ACL). 
But it will not prevent this prefix to be flooded into the other areas
attached to your ABR, so those devices would still see all the prefixes
via Type 3 or Type5 LSAs.
Do you care if one MF messes up the routing table of another MF as long
as your router and your core-IGP are fine? You might not ;-)

> router ospf 132
> log-adjacency-changes
> network 10.116.110.0 0.0.1.255 area 112
> network 10.116.120.0 0.0.1.255 area 122
> network 10.116.130.0 0.0.1.255 area 132
> default-information originate
> distribute-list 40 in
>
> Do devices in area
> 112 have to go into EIGRP to get to devices in area 122?

what do you mean by "go into EIGRP"? 

If you don't want area 112 know about routes in other areas, you have
several options:

1) make it stub or nssa (requires the chance on all MFs as well)
2) if (1) is not possible, use "ABR Type 3 LSA filtering" feature to
filter type3 summaries (will not work for type5)
3) use multiple OSPF processes 

You definitly want to limit the prefixes advertised into OSPF, as well
as summarize them if possible. if one of the MFs advertises a couple of
thousand "valid" prefixes, this could blow up your EIGRP.. so you do
want to use a tight control on the prefixes redistributed into your
EIGRP.

	oli

More information about the cisco-nsp mailing list