Re: OSPF route filtering teaser

From: P729 (p729@xxxxxxx)
Date: Sat Jun 29 2002 - 17:08:16 GMT-3

   
You're right, I missed something:

I read R1 and R2 are running RIPv2 and R2 and R3 are in OSPF area 1, but I
forgot about the part stating "There are other routers also connected to the
ethernet segment in Area 1 again running OSPF."

Not R1, but I forgot about it nontheless. My bad.

It comes down to somehow filtering the AS-external LSA that represents the
RIP domain from flooding past R3 into area 0. I suppose two OSPF processes
on R3 would work, but I find it rather inelegant. Oh well, it's just me.
Whatever works.

Even though R3 is not the ASBR, hence not injecting the AS-external LSA, I
wonder if a 'summary-address not-advertise' command on R3 will have any
effect...

Regards,

Mas Kato
https://ecardfile.com/id/mkato
----- Original Message -----
From: "Carlos G Mendioroz" <tron@huapi.ba.ar>
To: "P729" <p729@cox.net>
Cc: "David Ham" <ccieau@hotmail.com>; <peter@whittle-systems.demon.co.uk>;
<ccielab@groupstudy.com>
Sent: Saturday, June 29, 2002 12:08 PM
Subject: Re: OSPF route filtering teaser

> May I politelly disagree...
> the original request clearly states config could only be done on R2 &
> R3.
> Changing area 1 requires config in all routers in area 1, including but
> no limited to, R1.
>
> P729 wrote:
> >
> > David,
> >
> > I think you've got it. Making area 1 an NSSA would cause the external
RIP
> > domain to be advertised via type 7 LSAs throughout area 1. Using
> > 'summary-address not-advertise' on R2 would allow you to control which
type
> > 7s are translated into type 5s to be flooded throughout the rest of the
OSPF
> > AS.
> >
> > Regards,
> >
> > Mas Kato
> > https://ecardfile.com/id/mkato
> > ----- Original Message -----
> > From: "David Ham" <ccieau@hotmail.com>
> > To: <franjime@cisco.com>; <peter@whittle-systems.demon.co.uk>;
> > <ccielab@groupstudy.com>
> > Sent: Saturday, June 29, 2002 8:18 AM
> > Subject: RE: OSPF route filtering teaser
> >
> > > Frank,
> > >
> > > Could you pls bit more detail. I used nssa with summary-address
> > > not-advertise, it works great. But not sure about 2 ospf processes.
> > >
> > > Regards,
> > >
> > > David Ham
> > >
> > >
> > > >From: "Frank Jimenez" <franjime@cisco.com>
> > > >Reply-To: "Frank Jimenez" <franjime@cisco.com>
> > > >To: "'Peter Whittle'" <peter@whittle-systems.demon.co.uk>,
> > "'CCIELab
> > > > Studygroup'" <ccielab@groupstudy.com>
> > > >Subject: RE: OSPF route filtering teaser
> > > >Date: Fri, 28 Jun 2002 17:30:07 -0500
> > > >
> > > >Are we allowed to have two different OSPF processes running? If so,
we
> > > >can run two different OSPF processes and redistribute between the
R2/R3
> > > >process and the R3/R4 process.
> > > >
> > > >Frank Jimenez, CCIE #5738
> > > >franjime@cisco.com
> > > >
> > > >-----Original Message-----
> > > >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> > > >Peter Whittle
> > > >Sent: Friday, June 28, 2002 3:11 PM
> > > >To: CCIELab Studygroup
> > > >Subject: OSPF route filtering teaser
> > > >
> > > >
> > > >Selectively blocking OSPF routes between areas
> > > >----------------------------------------------
> > > >
> > > >I would like to pose a simple scenario to the group.
> > > >
> > > >There are 4 routers R1 .. R4
> > > >
> > > >R1 is injecting routes into RIPv2 say 10.1.0.0/16
> > > >
> > > >R2 is running RIPv2 on e0, it is also connected by e1 to OSPF Area 1
and
> > > >must inject the routes learnt from RIP into AREA 1. There are other
> > > >routers also connected to the ethernet segment in Area 1 again
running
> > > >OSPF. The routes injected by R2 into area 1 must be visible to these
> > > >routers via OSPF.
> > > >
> > > >R3 has 2 ethernet interfaces e0 in OSPF Area 0, and e1 in OSPF Area
1.
> > > >It must see the RIP routes injected into OSPF by R2 (ie 10.1.0.0/16).
> > > >
> > > >R4 in connected to the ethernet in Area 0 and is also running OSPF
and
> > > >is outside of your control.
> > > >
> > > >STOP the RIP routes that were injected by R2 from being seen in Area
0.
> > > >(i.e. block the 10.1.0.0/16 route)
> > > >
> > > >You may only program routers R2, & R3 to achieve this.
> > > >
> > > >
> > > >Any thoughts, ideas, solutions?
> > > >
> > > >
> > > >I have one solution in mind but it is not very elegant. I will share
> > > >this next week when you have had time to think about the problem.
> > > >
> > > >
> > > >------------
> > > >
> > > >A distribute-list applied to R3, an ABR, will of course not work.
(When
> > > >the 10.1 route reaches R3 it is in an LSA. If we apply the
distribute-
> > > >list x in, it will only block the route going into R3's routing
table,
> > > >it will not prevent the LSA from being sent on to R4. We are not
> > > >permitted to change the other routers in Area 0 so we can not use the
> > > >conventional approach of applying the distribute-list x in to each of
> > > >the routers in Area 0.
> > > >
> > > >If we apply a distribute-list x out to the ABR it will again have no
> > > >impact on the LSA advertising the 10.1 route into Area 0.)
> > > >
> > > >==========================
> > > >
> > > >May enlightenment be yours.
> > > >
> > > >Peter
> > > >
> > > >--
> > > >Peter Whittle

This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:44 GMT-3