[c-nsp] Filter OSPF routes

Paul Cosgrove paul.cosgrove at heanet.ie
Wed Jun 25 11:26:59 EDT 2008


Hi Ruben,

What is the topology of the the border between you and the ISP?  If 
there is a single connection between the ISP and (only) one of your 
routers there is no requirement for a dynamic protocol, just use static 
routes. No point waiting for routing protocol convergence if you don't 
need to.  Sorry if this sounds obvious but the requirement isn't clear 
in your email.

If you do need a dynamic protocol then you will want to minimise the 
possibility of changes elsewhere affecting the border routers (and vice 
versa). This might include link flaps causing spf recalculations, too 
many prefixes being advertised, duplicate router-ids, accidently 
injecting more specific routes etc.

Using the same OSPF process would be a bad idea.  Creating a separate 
OSPF process will certainly help.  Using BGP would give you even more 
control, though you will need to look at reducing the default timers or 
using BFD to speed up BGP failover.  BGP is often the preferred solution 
when connecting to a network you do not trust, but will need a little 
tweaking to speed it up (such as disabling fast-external-fallover on 
secondary paths).

If you settle on OSPF then when selecting the network type, keep in mind 
that as well as not having slow hello/dead timers, you should also try 
to use a network type which does not require a DR.  Using a DR when you 
don't need to slows down recovery after a failed link has been restored.

Paul.

Ruben Montes (Europe) wrote:
> Hello,
> 
> We are running one OSPF process with several areas. The service provider
> is going to install one router on my network to provide an IPT service.
> 
> We want this new router to only learn a group of networks where IP
> phones inside our network are located. We don't want them to learn any
> other route or have a default route to our network.
> 
> I've been reviewing all the possibilities and I think the best approach
> is configure a second OSPF process and only allow redistribution of the
> desired networks.
> 
> Prefix-list, distribute-list and different types of areas doesn't fit to
> our needs.
> 
> Do you think the best approach is to use a second OSPF process? What
> things should I take care of?
> 
> I can give more details if necessary.
> 
> Regards,
> 
> Ruben
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 


-- 
HEAnet Limited
Ireland's Education & Research Network
5 George's Dock, IFSC, Dublin 1, Ireland
Tel:  +353.1.6609040
Web:  http://www.heanet.ie
Company registered in Ireland: 275301

Please consider the environment before printing this e-mail.


More information about the cisco-nsp mailing list