Preserve OSPF LSA type via BGP through firewall w/o MPLS
I think I know the answer to this. But here goes anyway...
Working on a contract for a company that won't (or can't - due to Checkpoint warp interfaces) run OSPF on their firewalls. They have firewalls all over the place, and currently do static routing for basically everything. It's a real PITA for everyone involved. They've expressed interest in defining an overall OSPF design, and working towards it.
Long story short:
- OSPF on left side of firewall
- OSPF on right side of firewall
- Can't run OSPF (or any other RP) on firewall
Question is, is there any way (for example using BGP extended communities) to preserve LSA type while redistributing to and from BGP. They do not want to tunnel through the firewall, as that would effectively defeat the purpose of having it there, and they would rather preserve O and OIA routes. Is there any way to accomplish this? I thought there might be some way to kind of cheat, and use BGP extended communities, without the MPLS core (or tunnel) in between... but I've been unable to successfully lab it.
Any pointers here would be great... but like I said at the top, I suspect I already know the answer...
In EVPN A/A + IRB both PE in same EVI have BVI playing a default GW role. Its not supported to have BVI to be shutdown on one of PEs, In this case if if traffic hit this PE with DMAc equal to BVI Custom MAC, then it will drop this traffic du...
Crosswork Cloud - Crosswork Traffic Analysis - FAQ
Crosswork Cloud - Crosswork Traffic Analysis is a Cloud-hosted Software as a Service platform that provides Netflow based Traffic Analytics. The Crosswork Traffic Analysis platform Traffic Analysis, Peeri...
Cisco Champion Radio · S8|E9 Innovations to Achieve a Trustworthy Infrastructure
How do you know for certain that a router in your network has not been altered with since you deployed it? Wouldn’t it be great if you can cryptographically challenge your r...
IOS upgrade on asr9xx mandates rommon upgrades sometimes while they can be optional at other times. You may land up in unwanted situation if proper procedure is not followed during upgrades.
This article will include complete details about rommon ...
In some situation NCS560 RP become unresponsive after reload or powercycle.
In many NCS560 deployments are in remote location, deployment might be large and human intervention should be kept at minimum
Engineering team have been working on a str...