[c-nsp] Filter OSPF routes

Ruben Montes (Europe) Ruben.Montes at eu.didata.com
Wed Jun 25 11:34:57 EDT 2008


Hello,

There is a dual connection with the ISP. I don't like the static routing approach because it requires manual configuration of some devices we don't control and we don't want to relay on the ISP configuration.

The networks I want to redistribute are now Inter-Area inside the process we have now, no external routes will need to be redistributed in this "new" process I'm suggesting.

I've read that using two OSPF processes can lead to situations where we can have suboptimal routing and it seems from the documentation I've that Cisco doesn't recommend it.

Thanks in advance,

Ruben

-----Original Message-----
From: Paul Cosgrove [mailto:paul.cosgrove at heanet.ie] 
Sent: miércoles, 25 de junio de 2008 17:27
To: Ruben Montes (Europe)
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Filter OSPF routes

Hi Ruben,

What is the topology of the the border between you and the ISP?  If 
there is a single connection between the ISP and (only) one of your 
routers there is no requirement for a dynamic protocol, just use static 
routes. No point waiting for routing protocol convergence if you don't 
need to.  Sorry if this sounds obvious but the requirement isn't clear 
in your email.

If you do need a dynamic protocol then you will want to minimise the 
possibility of changes elsewhere affecting the border routers (and vice 
versa). This might include link flaps causing spf recalculations, too 
many prefixes being advertised, duplicate router-ids, accidently 
injecting more specific routes etc.

Using the same OSPF process would be a bad idea.  Creating a separate 
OSPF process will certainly help.  Using BGP would give you even more 
control, though you will need to look at reducing the default timers or 
using BFD to speed up BGP failover.  BGP is often the preferred solution 
when connecting to a network you do not trust, but will need a little 
tweaking to speed it up (such as disabling fast-external-fallover on 
secondary paths).

If you settle on OSPF then when selecting the network type, keep in mind 
that as well as not having slow hello/dead timers, you should also try 
to use a network type which does not require a DR.  Using a DR when you 
don't need to slows down recovery after a failed link has been restored.

Paul.

Ruben Montes (Europe) wrote:
> Hello,
> 
> We are running one OSPF process with several areas. The service provider
> is going to install one router on my network to provide an IPT service.
> 
> We want this new router to only learn a group of networks where IP
> phones inside our network are located. We don't want them to learn any
> other route or have a default route to our network.
> 
> I've been reviewing all the possibilities and I think the best approach
> is configure a second OSPF process and only allow redistribution of the
> desired networks.
> 
> Prefix-list, distribute-list and different types of areas doesn't fit to
> our needs.
> 
> Do you think the best approach is to use a second OSPF process? What
> things should I take care of?
> 
> I can give more details if necessary.
> 
> Regards,
> 
> Ruben
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 


-- 
HEAnet Limited
Ireland's Education & Research Network
5 George's Dock, IFSC, Dublin 1, Ireland
Tel:  +353.1.6609040
Web:  http://www.heanet.ie
Company registered in Ireland: 275301

Please consider the environment before printing this e-mail.


More information about the cisco-nsp mailing list