[j-nsp] Controlling routes between OSPF areas

Mark Tinka mark.tinka at seacom.mu
Mon May 21 09:43:29 EDT 2012 

On Thursday, May 10, 2012 04:06:26 AM Morgan McLean wrote:

> Also, just to add to this, if I try to deny a route by
> neighbor or next-hop, the entire route is denied
> regardless of where it comes from.
> 
> If I try to deny the export of a route from protocol
> static on the announcing router, again it doesn't matter
> to which neighbor, it denies the entire route.
> 
> Am I just SOL? BGP is so much easier to work with....

Link state routing protocols don't generally like to be 
filtered, as a consistent, holistic view of the global 
network topology is the only way to avoid loops in your link 
state IGP network.

Yes, there is some kind of filtering available in routing 
implementations for link state routing protocols, and as you 
can see, it behaves rather strangely and might not do 
everything you want, the way you want or expect. For some 
implementations, I've seen filtering on inbound to be more 
successful, while in others, it's been the reverse.

At the heart of it, while it is possible to filter prefixes 
being announced/received, the filters don't really filter 
the entire IGP message, as what is exchanged among neighbors 
is LSA's (OSPF) and LSP's (IS-IS), and not routes as in the 
case of BGP.

I have been in your exact situation before where we've had 
to originate a default route to various Access switches in 
Metro-E rings, and IS-IS seemed like an obvious way to do it 
between the PE Aggregation routers and the Access switches 
directly. But while you could originate the default route to 
the Access network, it wasn't easy to prevent said route 
from being announced to other parts of the network where it 
"wasn't" needed (especially since we were a flat Level-2 IS-
IS network). Unlike BGP, route exchanges among neighbors is 
not unicast in nature (yes, it can be in certain cases), so 
controlling which routes/LSA's/LSP's go where isn't easy.

We ended up going with BGP, getting those default routes 
announced to all Access switches from the control-plane-only 
route reflectors in the network, and relying on MPLS to 
ensure proper forwarding of traffic (away from the route 
reflectors that were originating those default routes).

Hope this helps.

Mark.

More information about the juniper-nsp mailing list