Re: Filtering OSPF external routes - tough one

From: Gregory Gombas (ggombas@gmail.com)
Date: Sun Sep 09 2007 - 16:32:25 ART

• Next message: Gregory Gombas: "Re: R&S Lab Changes per 01/01/2008?"
• Previous message: Hugo Viana: "Re: BGP Router-id"
• Maybe in reply to: Gregory Gombas: "Filtering OSPF external routes - tough one"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Sounds like this will do the trick - I will have to lab it up.
Thanks!

On 9/9/07, Alex <alex.arseniev@gmail.com> wrote:
> Hi there,
> For the purposes of CCIE lab exam you can do the following:
> --configure two OSPF processes on the router(s) depening on topology. Since
> full mesh is rare type of topology, you may need to invoke 2 OSPF processes
> on a limited number of routers
> --Let's call the OSPF process which receives the specific route in question
> "the originator" process and the other one "the receiver" process
> --redistribute from originator process to the receiver process using
> route-map to block the specific route
> --redistribute routes from receiver process to the originator process. Since
> no stub/NSSA/totally stub/TNSSA area are allowed, these redistributed Type-5
> LSA will be universally accepted throughout your whole topology.
> Does it meet your requirements or are there any other restrictions we do not
> know of yet?
> HTH
> Cheers
> Alex
>
> ----- Original Message -----
> From: "Gregory Gombas" <ggombas@gmail.com>
> To: "Herbert Maosa" <asawilunda@googlemail.com>
> Cc: "Shine Joseph" <shinepjoseph@iprimus.com.au>; "Toh Soon, Lim"
> <tohsoon28@gmail.com>; "groupstudy" <ccielab@groupstudy.com>
> Sent: Saturday, September 08, 2007 11:09 PM
> Subject: Re: Filtering OSPF external routes - tough one
>
>
> > On which router?
> >
> > Let me re-state the restrictions:
> >
> > 1. Can't do any filtering on the ASBR that's doing the redistribution
> > - that includes distribute lists, route maps, the "summary address
> > no-advertise" command, distance, or anything on the ASBR itself.
> >
> > 2. No stub/NSSA/totally/NSSA totally areas allowed
> >
> > 3. Since you have 100 routers in the area, its not feasible to do
> > distribute-list inbound on every router in the area.
> >
> > By the way, I made this scenario up myself , but its quite possible to
> > come across this in the real world. Say you have a large network with
> > multiple connections to external vendors (or even just multiple
> > routing protocols) that you are redistributing into OSPF. And you
> > wanted to prevent certain external routes from being
> > sent to a specific a area - let say its your customer network.
> >
> > Stub/NSSA areas may not be a good solution for you because you do want
> > allow certain external routes in and you didn't want sub-optimal
> > routing inherent in default or summary routes.
> >
> > The problem is that if you filter the prefix on the ASBR doing the
> > redistribution,
> > your entire organization will be cut off from those external routes.
> > And it may not be feasible to do distribute-list inbound on every
> > router in the area (especially if its a large area).
> >
> > How could you accomplish this?
> >
> >
> > On 9/8/07, Herbert Maosa <asawilunda@googlemail.com> wrote:
> >> I believe distribute-list route-map out should do.
> >>
> >> Herbert.
> >>
> >>
> >>
> >> On 9/8/07, Gregory Gombas <ggombas@gmail.com > wrote:
> >> >
> >> > Yup - only works on Type 3 LSA's...
> >> >
> >> > On 9/8/07, Shine Joseph < shinepjoseph@iprimus.com.au> wrote:
> >> > > Did you consider area filter-list?
> >> > >
> >> > > Regards,
> >> > > Shine
> >> > >
> >> > >
> >> > > -----Original Message-----
> >> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> >> > > Of
> >> > > Gregory Gombas
> >> > > Sent: Sunday, 9 September 2007 6:22 AM
> >> > > To: Toh Soon, Lim
> >> > > Cc: groupstudy
> >> > > Subject: Re: Filtering OSPF external routes - tough one
> >> > >
> >> > > Hi Lim,
> >> > >
> >> > > The goal is to filter the route so no router in the specific area you
> >> > > want to filter it from will have it in its OSPF database. Distribute
> >> > > list is only locally significant :-(
> >> > >
> >> > > Oh and I forgot to mention stub/totally/NSSA are not allowed for this
> >> > > solution :-)
> >> > >
> >> > > I can't believe OSPF is so inflexible! This is quite easily
> >> > > accomplished with any distance vector protocol!
> >> > >
> >> > >
> >> > >
> >> > > On 9/8/07, Toh Soon, Lim < tohsoon28@gmail.com> wrote:
> >> > > >
> >> > > >
> >> > > > Hi Gregory,
> >> > > >
> >> > > > At which point in the network do you want to filter the external
> >> routes?
> >> > > In
> >> > > > multi-area OSPF, you can consider deploying stub, totally stubby or
> >> NSSA
> >> > > > areas.
> >> > > >
> >> > > > AFAIK, Type 5 LSAs are flooded to the entire OSPF domain (whichever
> >> areas
> >> > > > that can accept Type 5 LSAs). IMO I don't think we can filter some
> >> Type 5
> >> > > > LSAs on only certain routers due to the fact that they must be
> >> identical
> >> > > > across the domain. You can try "distribute-list" to prevent them
> >> > > > from
> >> > > > entering the RIB.
> >> > > >
> >> > > > Just my 2cents. I may understand it wrongly. Let's hear other
> >> > > > opinion.
> >> > > >
> >> > > >
> >> > > > Thank you.
> >> > > >
> >> > > > B.Rgds,
> >> > > > Lim TS
> >> > > >
> >> > > >
> >> > > >
> >> > > > On 9/9/07, Gregory Gombas < ggombas@gmail.com> wrote:
> >> > > > >
> >> > > > > Does anyone know how to filter an ospf external route on a router
> >> > > > > other than the ASBR doing the redistribution?
> >> > > > >
> >> > > > > Oh and by the way, the forwarding address is set to 0.0.0.0.
> >> > > > >
> >> > > > > Good luck with this one :-)
> >> > > > >
> >> > > > >
> >> > > >
> >> _______________________________________________________________________
> >> > > > > Subscription information may be found at:
> >> > > > > http://www.groupstudy.com/list/CCIELab.html
> >> > >
> >> > >
> >> _______________________________________________________________________
> >> > > Subscription information may be found at:
> >> > > http://www.groupstudy.com/list/CCIELab.html
> >> >
> >> >
> >> _______________________________________________________________________
> >> > Subscription information may be found at:
> >> > http://www.groupstudy.com/list/CCIELab.html
> >> >
> >>
> >>
> >>
> >> --
> >> Kindest regards,
> >> hm
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

• Next message: Gregory Gombas: "Re: R&S Lab Changes per 01/01/2008?"
• Previous message: Hugo Viana: "Re: BGP Router-id"
• Maybe in reply to: Gregory Gombas: "Filtering OSPF external routes - tough one"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:10 ART