[j-nsp] Filtering OSPF routes

Martin, Christian cmartin at gnilink.net
Thu Feb 20 08:49:04 EST 2003


Wayne is correct in that there are uses for filtering LSA information, that,
while in the graph theoretical sense are contrary to link state design, are
still very in-tune with IP network design.  A perfect example is a
stub-host.  There are oher ways to do this, but this is one example.
Another may be a firewall running gated that you may wish to hide some
information from/to.  And finally. type 5 and 7 LSAs should be filterable as
they are "pathed" based on distance vector info.
 
Again, YMMV and loops can be common in this environment. 
 
-c

-----Original Message-----
From: Wayne (juniper nsp) [mailto:wg-jnpr-nsp at wgustavus.com] 
Sent: Tuesday, February 18, 2003 12:07 PM
To: Elliott, Andrew; 'Ben Buxton'; 'Ajay Bhardwaj';
juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] Filtering OSPF routes


Ok,

On the off chance that it wasn't clear in my original post when I said
"contrary to the design of OSPF (or any link state

protocol)", I am NOT advocating anyone doing this. I am simply pointing out
that Cisco IOS provides a knob to do what he described.

- Wayne

 

----- Original Message ----- 
From: Elliott, Andrew <mailto:AElliott at xo.com>  
To: 'Wayne (juniper nsp)' <mailto:wg-jnpr-nsp at wgustavus.com>  ; 'Ben Buxton'
<mailto:B.Buxton at Planettechnologies.nl>  ; 'Ajay Bhardwaj'
<mailto:ajay.bhardwaj at in.spectranet.com>  ; 'juniper-nsp at puck.nether.net'
<mailto:'juniper-nsp at puck.nether.net'>  
Sent: Tuesday, February 18, 2003 10:26 AM
Subject: RE: [j-nsp] Filtering OSPF routes


-----BEGIN PGP SIGNED MESSAGE----- 
Hash: SHA1 

Wayne, 
  
I have seen this in action, and it is ugly. 
  
I recently had to work on a Cisco network where all routers were in 
one of two areas, and they were using the distribute-lists to only 
use the 0/0 LSA.  This created many routing loops, and I asked the 
"designer" what they were thinking, and basically got the cold 
shoulder.  I couldn't understand why someone would want to use OSPF 
and then deliberately break it in that manner. 
  
Has anyone on this list ever seen a good reason to filter LSAs? 
  
- -andrew 

- -----Original Message----- 
From: Wayne (juniper nsp) [mailto:wg-jnpr-nsp at wgustavus.com
<mailto:wg-jnpr-nsp at wgustavus.com> ] 
Sent: Saturday, February 15, 2003 11:43 PM 
To: Ben Buxton; Ajay Bhardwaj; juniper-nsp at puck.nether.net 
Subject: Re: [j-nsp] Filtering OSPF routes 



Actually, if you are running a sufficiently high enough version of 
IOS (e.g. 12.0S), the 7200 can filter some LSAs.  It depends on your 
exact scenario if this will accomplish what you are trying to do.  It 
does tend to go contrary to the design of OSPF (or any link state 
protocol), but I suppose enough people wanted the knob, so they got 
it. 
  
Not sure if JUNOS has a similar knob. 
  
- - Wayne 

- ----- Original Message ----- 
From: Ben Buxton 
To: Ajay Bhardwaj ; juniper-nsp at puck.nether.net 
Sent: Monday, February 10, 2003 4:18 AM 
Subject: RE: [j-nsp] Filtering OSPF routes 


You cannot filter OSPF. This would break the requirement that all 
routers have 
the same link state view. 
This is true for both Junos and IOS. 
  
BB 

- -----Original Message----- 
From: Ajay Bhardwaj [mailto:ajay.bhardwaj at in.spectranet.com
<mailto:ajay.bhardwaj at in.spectranet.com> ] 
Sent: Monday, 10 February 2003 08:39 
To: juniper-nsp at puck.nether.net 
Subject: [j-nsp] Filtering OSPF routes 


Hi all, 
  
We have cisco 7200 router and M-5 router both running ospf and part 
of area 10. 
  
I want to deny few routes which are flowing trough ospf from 7200 to 
m5 either at 7200 side or m5 side. Pls if anyone have any solution to 
this would be gr8 help for me. 
  
Ajay Bhardwaj 



  _____  




_______________________________________________ 
juniper-nsp mailing list juniper-nsp at puck.nether.net 
http://puck.nether.net/mailman/listinfo/juniper-nsp
<http://puck.nether.net/mailman/listinfo/juniper-nsp>  



-----BEGIN PGP SIGNATURE----- 
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com
<http://www.pgp.com> > 

iQA/AwUBPlJPyq9gT5vxrBTJEQJqJACfRGLECJTzh9EeWLl7mG693JoJwW0An25A 
oMqrBQo8mopBgWm+4DFQiqxr 
=W5D4 
-----END PGP SIGNATURE----- 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://puck.nether.net/pipermail/juniper-nsp/attachments/20030220/649d65df/attachment.htm


More information about the juniper-nsp mailing list