08-10-2004 12:29 AM
Hi folks,
I've a simple question.Why OSPF VRF does not support passive-interface command ? I want to filter OSPF Hellos because they are flooded to CPE, what is no good idea.
Technical details here:
Cisco Internetwork Operating System Software
IOS (tm) 7200 Software (C7200-P-M), Version 12.2(17a), RELEASE SOFTWARE (fc1)
MPLS-1(config)#router ospf 5628 vrf INET
MPLS-1(config-router)#?
Router configuration commands:
area OSPF area parameters
auto-cost Calculate OSPF interface cost according to bandwidth
capability Enable specific OSPF feature
compatible OSPF compatibility list
default Set a command to its defaults
default-information Control distribution of default information
default-metric Set metric of redistributed routes
discard-route Enable or disable discard-route installation
distance Define an administrative distance
distribute-list Filter networks in routing updates
domain-id OSPF domain-id
domain-tag OSPF domain-tag
exit Exit from routing protocol configuration mode
help Description of the interactive help system
ignore Do not complain about specific event
limit Limit a specific OSPF feature
log-adjacency-changes Log changes in adjacency state
maximum-paths Forward packets over multiple paths
mpls Configure MPLS routing protocol parameters
network Enable routing on an IP network
no Negate a command or set its defaults
redistribute Redistribute information from another routing protocol
router-id router-id for this OSPF process
summary-address Configure IP address summaries
timers Adjust routing timers
traffic-share How to compute traffic share over alternate paths
thank you
08-11-2004 10:03 AM
There are a couple of ways to kill the hello's. First, if your intention is not to run OSPF over a certain PE-CE link, you can make your OSPF network statements more specific so they don't capture this link (obviously you would have to configure "redistribute connected subnets" under the VRF process to advertise this PE-CE subnet now).
I could be wrong on this one but I believe you can configure the interface in question as passive under the global (non VRF) OSPF process and it will have the desired affect. Give it a try. Good luck
08-11-2004 11:11 PM
I tryed to configure passive under the global ospf process but without effect, because passive-interface command is missing there too. :-)
I'll might be to set and outgoing ACL to OSPF multicast 240.0.0.5 and put it to all my interfaces, but this require little bit admin overhead.
This strange behavior is probably some IOS bug, but Cisco's bug tool find not about it.
08-19-2004 05:29 AM
I have the same problem with hello packets. I have tried to make the network command more specific, but I got an error message
%OSPF: OSPF not enabled on FastEthernet0/0
Although the f0/0 interface has an ip address 194.154.236.43 255.255.255.248 configured and the ospf process is running this configuration
!
router ospf 5628 vrf VPN1
redistribute connected
network 194.154.236.40 0.0.0.7 area 0
!
08-19-2004 08:11 AM
I might be missing something but why would you run an OSPF process if you want the vrf interface to be passive?
08-19-2004 10:49 PM
I have three Internet routers connected together over Ethernet ( only one of them is MPLS PE router running Internet in VRF, others are classic Internet routers ) and I need to run OSPF because I need to receive routing information from the two Internet routers and need to redistribute connected and static networks of my MPLS PE router. In the future I will change OSPF to iBGP procsess, but this is a future.
08-20-2004 03:13 AM
If the PE router needs to learn routes from the two other ruters the you can't use passive-interface. OSPF requires the router to establish an adjacency in order for the router to learn LSAs and then calculate routes.
Hope this helps,
08-20-2004 03:35 AM
You are absolute right in this, but this is not my problem. I will try to explain it once again. Currently I have the following configuration on my PE router
!
router ospf 5628 vrf INET
network 194.154.224.0 0.0.31.255 area 0
!
the f0/0 interface has this configuration
!
interface FastEthernet0/0
ip vrf forwarding INET
ip address 194.154.236.43 255.255.255.248
!
The problem is, that using this configuration, hello packets are send also through other interfaces of my PE router, which are part of the same ip address range specified under ospf process and are in the same vrf. In other words, hello packets are send to my Internet customers, which is not good. Because it is not possible to configure passive interface under ospf in the VRF, I decided to make the network statement more specific. I have changed the configuration to
!
router ospf 5628 vrf INET
network 194.154.236.40 0.0.0.7 area 0
!
and got the message
%OSPF: OSPF not enabled on FastEthernet0/0
The question is, why is OSPF not enabled on my f0/0, as the ip address of my f0/0 is part of a 194.154.236.40 0.0.0.7 network ?
08-20-2004 04:04 AM
I get it now. Could you try
router ospf 5628 vrf INET
network 194.154.236.43 0.0.0.0 area 0
and see if it makes a difference. Also what IOS version are you using?
Thanks,
08-20-2004 05:03 AM
Thank you for your help, I found that the problem was in the sequence of commands, how I have configured the network statement.
With the following script, I got the error message that ospf is not enabled on f0/0
!
conf t
router ospf 5628 vrf INET
network 194.154.236.40 0.0.0.7 area 0
no network 194.154.224.0 0.0.31.255 area 0
!
but with this script, the ospf is running in the way how I wanted
!
conf t
router ospf 5628 vrf INET
no network 194.154.224.0 0.0.31.255 area 0
network 194.154.236.40 0.0.0.7 area 0
!
It is funny :-).
The IOS I used is c7200-p-mz.122-26.bin. Once again, thank you for your help and time.
Peter
08-20-2004 05:14 AM
Glad you solved your issue. I knew something was wrong ;o)
08-20-2004 04:58 AM
Pay attention that passive interfaces only for group of interfaces - especially for customer's p2p links, not to other core routers! Customers
are not running OSPF.It's unnenessary and insecure advertise hellos to customer's sites.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide