RE: how to filter out default route in OSPF totally stub area?

From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Tue Dec 09 2003 - 17:16:37 GMT-3

        OSPF (and IGP in general) is not designed with complex routing
policy in mind. Instead this is what BGP is designed to do. I have seen a
few large networks that run BGP with themselves in order to sort out their
routing policy. Maybe this is something you should consider as a long term
solution to your problem.

        In the short term as previously suggested there are two solutions.
You can either poison the distance of the default learned from the ABR or
filter it out using a route-map distribute-list. In either case this would
have to be performed on every router in the area, as an LSA cannot be
removed from the database, only the route can be removed from the routing
table.

HTH,

Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 708-362-1418 (Outside the US and Canada)

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> zzk
> Sent: Tuesday, December 09, 2003 4:59 AM
> To: Brian McGahan; 'Scott Morris'; ccielab@groupstudy.com
> Subject: RE: how to filter out default route in OSPF totally stub area?
>
> Hello
>
> Thanks for the illustration, Brian.
> Our problem is there is a ABR router R1 generating a
> IA type default route into the network (because the
> area is totally stub NSSA), and another ASBR R2
> generating a external type default route.
> All the routers chose R1 as the default gateway,
> because LSA type 3 is prefered over LSA type 7.
>
> Is there anyway we can make the routers to select R2
> as the default gateway?
> There is one ABR LSA type 3 filtering feature, however
> it is not avaliable on Cat6 MSFC. :(
>
> thanks
>
>
> --- Brian McGahan <bmcgahan@internetworkexpert.com>
> wrote:
> > A not-so-totally-stubby area (nssa no-summary) is a
> > totally stubby
> > area that you can redistribute into. The ABR of the
> > NSTSA automatically
> > originates a default of LSA type-3 into the area:
> >
> > Rack1R1#sh run | b router ospf
> > router ospf 1
> > area 12 nssa
> > network 12.0.0.1 0.0.0.0 area 12
> >
> > Rack1R2#sh run | b router ospf
> > router ospf 1
> > area 12 nssa no-summary
> > network 12.0.0.2 0.0.0.0 area 12
> > network 150.1.2.2 0.0.0.0 area 0
> >
> > Rack1R1#show ip route ospf
> > O*IA 0.0.0.0/0 [110/11] via 12.0.0.2, 00:02:49,
> > Ethernet0/0
> > Rack1R1#show ip ospf database
> >
> > OSPF Router with ID (150.1.1.1) (Process
> > ID 1)
> >
> > Router Link States (Area 12)
> >
> > Link ID ADV Router Age Seq#
> > Checksum Link count
> > 150.1.1.1 150.1.1.1 188
> > 0x80000002 0x0006CE 1
> > 150.1.2.2 150.1.2.2 188
> > 0x80000003 0x00F8D2 1
> >
> > Net Link States (Area 12)
> >
> > Link ID ADV Router Age Seq#
> > Checksum
> > 12.0.0.2 150.1.2.2 189
> > 0x80000001 0x001342
> >
> > Summary Net Link States (Area 12)
> >
> > Link ID ADV Router Age Seq#
> > Checksum
> > 0.0.0.0 150.1.2.2 211
> > 0x80000001 0x00CBCE
> >
> >
> > An NSSA for which the ABR originates a default is
> > different (nssa
> > default-information-originate). This is an LSA
> > type-7 default (N1 or N2, N2
> > by default):
> >
> > Rack1R2#sh run | b router ospf
> > router ospf 1
> > log-adjacency-changes
> > area 12 nssa default-information-originate
> > network 12.0.0.2 0.0.0.0 area 12
> > network 150.1.2.2 0.0.0.0 area 0
> >
> > Rack1R1#sh ip route ospf
> > 150.1.0.0/16 is variably subnetted, 3 subnets,
> > 2 masks
> > O IA 150.1.2.2/32 [110/11] via 12.0.0.2,
> > 00:00:46, Ethernet0/0
> > O*N2 0.0.0.0/0 [110/1] via 12.0.0.2, 00:00:42,
> > Ethernet0/0
> > Rack1R1#sh ip ospf database
> >
> > OSPF Router with ID (150.1.1.1) (Process
> > ID 1)
> >
> > Router Link States (Area 12)
> >
> > Link ID ADV Router Age Seq#
> > Checksum Link count
> > 150.1.1.1 150.1.1.1 568
> > 0x80000002 0x0006CE 1
> > 150.1.2.2 150.1.2.2 568
> > 0x80000003 0x00F8D2 1
> >
> > Net Link States (Area 12)
> >
> > Link ID ADV Router Age Seq#
> > Checksum
> > 12.0.0.2 150.1.2.2 569
> > 0x80000001 0x001342
> >
> > Summary Net Link States (Area 12)
> >
> > Link ID ADV Router Age Seq#
> > Checksum
> > 150.1.2.2 150.1.2.2 54
> > 0x80000001 0x00EF0F
> >
> > Type-7 AS External Link States (Area
> > 12)
> >
> > Link ID ADV Router Age Seq#
> > Checksum Tag
> > 0.0.0.0 150.1.2.2 50
> > 0x80000001 0x0040C7 0
> >
> >
> >
> >
> > Brian McGahan, CCIE #8593
> > bmcgahan@internetworkexpert.com
> >
> > Internetwork Expert, Inc.
> > http://www.InternetworkExpert.com
> > Toll Free: 877-224-8987
> > Direct: 708-362-1418 (Outside the US and Canada)
> >
> >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com
> > [mailto:nobody@groupstudy.com] On Behalf Of
> > > Scott Morris
> > > Sent: Monday, December 08, 2003 11:46 AM
> > > To: 'zzk'; ccielab@groupstudy.com
> > > Subject: RE: how to filter out default route in
> > OSPF totally stub area?
> > >
> > > Well, I'll be damned. Just when you think an RFC
> > makes sense. :)
> > >
> > > However, the nssa default-info is the command that
> > must be manually
> > > done. And when you set up the "no-summary"
> > version, I don't believe
> > > that automatically generates a 0/0 route, it just
> > prevents other IA
> > > routes from coming in. So that leaves you with
> > NEEDING to manually
> > > configure the "nssa default-info" command.
> > >
> > > Either way you go there, it still seems to be an
> > administratively
> > > controlled feature.
> > >
> > >
> > > Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service
> > Provider) #4713,
> > > CISSP, JNCIS, et al.
> > > IPExpert CCIE Program Manager
> > > IPExpert Sr. Technical Instructor
> > > swm@emanon.com/smorris@ipexpert.net
> > > http://www.ipexpert.net
> > >
> > >
> > > -----Original Message-----
> > > From: zzk [mailto:ccie_99@yahoo.com]
> > > Sent: Monday, December 08, 2003 9:33 AM
> > > To: swm@emanon.com; ccielab@groupstudy.com
> > > Subject: RE: how to filter out default route in
> > OSPF totally stub area?
> > >
> > >
> > > Hi Scott
> > > Thanks for your reply.
> > > I think there is nssa totally stub areas. You can
> > see
> > > it at
> > >
> >
> http://www.cisco.com/en/US/tech/tk365/tk480/technologies_tech_note09186a
> > > 0080094a88.shtml#definestub
> > >
> > > The exit point of the whole network is inside this
> > > area 1, so this ASBR has to generate default route
> > for
> > > the whole network. However we are trying to reduce
> > the
> > > number of LSAs in this area 1, thats why we also
> > want
> > > to use totally stub area.
> > >
> > > I hope you understand the senario, and appreciate
> > if
> > > there is any better idea.
> > >
> > > regards
> > > --- Scott Morris <swm@emanon.com> wrote:
> > > > If your area is "totally stub" then it is NOT
> > > > "nssa". If it is "nssa",
> > > > then it is NOT "totally stub". You have to
> > choose
> > > > one or the other. If
> > > > you are configuring it as an nssa, then you have
> > to
> > > > add a specific
> > > > command to generate a default route, it's not in
> > > > there automatically.
> > > >
> > > > If you are a totally stubby area, it's generated
> > automatically. If
> > > > you don't want it to do that because there is
> > more than
> > > > one exit point, then
> >
> === message truncated ===
>
>
> __________________________________
> Do you Yahoo!?
> New Yahoo! Photos - easier uploading and sharing.
> http://photos.yahoo.com/
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Sat Jan 03 2004 - 08:25:38 GMT-3