RE: BGP OSPF question

From: Stephen Lee (slee@packet360.com)
Date: Tue Mar 27 2007 - 16:08:34 ART

• Next message: Bob Sinclair: "Re: multicast very fundamental"
• Previous message: Bit Gossip: "Re: multicast very fundamental"
• Maybe in reply to: nem chua: "BGP OSPF question"
• Next in thread: shiran guez: "Re: BGP OSPF question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Why not run OSPF on the Firewall? Most firewalls support it.

Thanks,
Steve

Stephen S. Lee
Senior Systems Engineer
slee@packet360.com
PACKET360, INC.
100 East Shore Drive
Glen Allen, VA 23059 USA

Direct 804.545.4705
Main 804.545.4700
Toll Free 877.998.3600
Fax 804.545.4759
 
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
nem chua
Sent: Tuesday, March 27, 2007 2:47 PM
To: maureen schaar
Cc: Cisco certification
Subject: Re: BGP OSPF question

so it looks like ibgp or EBGP is the only way to get these routes from
behind the firewall to pass routes into the internal network. I just
like
to keep the internal network simple with one protocol, but looks like I
don't have a choice.

Thank you all for your response.

On 3/27/07, maureen schaar <maureen.schaar@gmail.com> wrote:
>
> Sorry, will not work with ospf. Check the other post. You would have
> to make both routes believe they are on the same subnet. Not a very
> nice configuration with ospf.
>
>
> On 3/27/07, nem chua <nemthuduc@gmail.com> wrote:
> > Hi, thank you all for your reply. You're absolutely right about
IBGP
> > neighbor does not have to be directly connected. Assuming OSPF is
the
> > protocol using a neighbor statement and ospf nonbroadcast network
will
> allow
> > OSPF to send unicast messages to the neighbor one hop away and
establish
> > adjacency across the layer 3 firewall? That would be perfect.
> >
> >
> > On 3/27/07, maureen schaar <maureen.schaar@gmail.com> wrote:
> > > With ibgp there is no need for multihop. You can already peer with
> > > ibgp on for example the loopbacks without any special config
(besides
> > > setting the update-source). Just needs an underlying igp route!
> > >
> > > For the other protocols, if not using a tunnel, you would have to
find
> > > a way to establish an adjacency without broadcasting/multicasting.
So
> > > that would mean:
> > >
> > > RIP: passive-interface default + neighbor x.x.x.x
> > > OSPF: ip ospf network-type nonbroadcast + neighbor x.x.x.x
> > > EIGRP: neighbor x.x.x.x <outgoing intf>
> > >
> > > Maureen
> > >
> > > On 3/27/07, nem chua < nemthuduc@gmail.com> wrote:
> > > > Hi all, I have a unique scenario where we need to establish a
> dynamic
> > > > routing protocol over layer 3 firewalls. With EBGP we can do
> multihop
> > to
> > > > skip the firewall, but with other protocols such os ospf, eigrp,
> rip, is
> > > > there any option to establish a neighbor without using GRE to
tunnel
> > over
> > > > the firewall? Assume in all cases the firewall cannot
participate
> in
> > any
> > > > routing protocol.
> > > >
> > > > Is there a way to do multihop with ibgp? Is there a hop count
limit
> to
> > > > multihop?
> > > >
> > > > THanks much.
> > > >
> > > >
> >

• Next message: Bob Sinclair: "Re: multicast very fundamental"
• Previous message: Bit Gossip: "Re: multicast very fundamental"
• Maybe in reply to: nem chua: "BGP OSPF question"
• Next in thread: shiran guez: "Re: BGP OSPF question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Apr 01 2007 - 06:35:53 ART