[c-nsp] OSPF router gets separated from a broadcast domain
Christopher E. Brown
chris.brown at acsalaska.net
Sun Feb 3 23:14:20 EST 2008
Gabor Ivanszky wrote:
> Peter Rathlev wrote:
>>
>>> That makes sense. But our experience in a real life scenario is that
>>> the partitioning of "OSPF speaking transport network" creates the
>>> blackhole as well. I will try to build this in the lab. May the root
>>> cause of the blackhole wasn't the network separation, but something
>>> else...
>>
>> If you only use these networks as OSPF transport networks, it's not a
>> big problem if they're black holed. Since they're not destinations,
>> neither clients nor servers ever see them in anything but a trace.
>>
> But not only the transport network itself get blackholed, but all the
> networks which are reachable through it.
Important follow on bits.
Declare the "one true IP" for the router on a Loopback as a /32
enable OSPF on this loopback
declare the OSPF router-id to be this IP
make use of "source" statements so that telnet, tacacs, snmp, ntp, etc.
all use this one true address
whenever you refer to or connect to, use the "one true IP"
Example
interface Loopback0
ip address 10.1.1.1 255.255.255.255
!
router ospf 10
router-id 10.1.1.1
network 10.1.1.1 0.0.0.0 area 0
!
The IPs within the split subnet may be blackholed, but since we never
speak to/from those IPs...
The one exception is a non-uniform split. Assume 3 routers A, B, C, if
a can talk to B and B to C but not A to C than even with OSPF things
outside of the transport subnets may also be blackholes, but it takes a
very screwy/evil network to create a non-unifor L2 split.
--
------------------------------------------------------------------------
Christopher E. Brown <chris.brown at acsalaska.net> desk (907) 550-8393
cell (907) 632-8492
IP Engineer - ACS
------------------------------------------------------------------------
More information about the cisco-nsp
mailing list