cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
209
Views
0
Helpful
0
Replies
Highlighted
Beginner

Preserve OSPF LSA type via BGP through firewall w/o MPLS

Hi all,

I think I know the answer to this. But here goes anyway...

Working on a contract for a company that won't (or can't - due to Checkpoint warp interfaces) run OSPF on their firewalls. They have firewalls all over the place, and currently do static routing for basically everything. It's a real PITA for everyone involved. They've expressed interest in defining an overall OSPF design, and working towards it.

Long story short:

- OSPF on left side of firewall

- OSPF on right side of firewall

- Can't run OSPF (or any other RP) on firewall

Question is, is there any way (for example using BGP extended communities) to preserve LSA type while redistributing to and from BGP. They do not want to tunnel through the firewall, as that would effectively defeat the purpose of having it there, and they would rather preserve O and OIA routes. Is there any way to accomplish this?  I thought there might be some way to kind of cheat, and use BGP extended communities, without the MPLS core (or tunnel) in between... but I've been unable to successfully lab it.

Any pointers here would be great... but like I said at the top, I suspect I already know the answer...

Thanks!!

0 REPLIES 0
This widget could not be displayed.