[c-nsp] Filter OSPF routes
Paul Cosgrove
paul.cosgrove at heanet.ie
Wed Jun 25 11:26:59 EDT 2008
Hi Ruben,
What is the topology of the the border between you and the ISP? If
there is a single connection between the ISP and (only) one of your
routers there is no requirement for a dynamic protocol, just use static
routes. No point waiting for routing protocol convergence if you don't
need to. Sorry if this sounds obvious but the requirement isn't clear
in your email.
If you do need a dynamic protocol then you will want to minimise the
possibility of changes elsewhere affecting the border routers (and vice
versa). This might include link flaps causing spf recalculations, too
many prefixes being advertised, duplicate router-ids, accidently
injecting more specific routes etc.
Using the same OSPF process would be a bad idea. Creating a separate
OSPF process will certainly help. Using BGP would give you even more
control, though you will need to look at reducing the default timers or
using BFD to speed up BGP failover. BGP is often the preferred solution
when connecting to a network you do not trust, but will need a little
tweaking to speed it up (such as disabling fast-external-fallover on
secondary paths).
If you settle on OSPF then when selecting the network type, keep in mind
that as well as not having slow hello/dead timers, you should also try
to use a network type which does not require a DR. Using a DR when you
don't need to slows down recovery after a failed link has been restored.
Paul.
Ruben Montes (Europe) wrote:
> Hello,
>
> We are running one OSPF process with several areas. The service provider
> is going to install one router on my network to provide an IPT service.
>
> We want this new router to only learn a group of networks where IP
> phones inside our network are located. We don't want them to learn any
> other route or have a default route to our network.
>
> I've been reviewing all the possibilities and I think the best approach
> is configure a second OSPF process and only allow redistribution of the
> desired networks.
>
> Prefix-list, distribute-list and different types of areas doesn't fit to
> our needs.
>
> Do you think the best approach is to use a second OSPF process? What
> things should I take care of?
>
> I can give more details if necessary.
>
> Regards,
>
> Ruben
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
--
HEAnet Limited
Ireland's Education & Research Network
5 George's Dock, IFSC, Dublin 1, Ireland
Tel: +353.1.6609040
Web: http://www.heanet.ie
Company registered in Ireland: 275301
Please consider the environment before printing this e-mail.
More information about the cisco-nsp
mailing list