I have two internal OSPF routers in area 22 which is totally stub area. Each of them represents a branch office. Each router has two WAN links; one primary and one backup (DSL).
TT1 and TT2 are Service Provider routers (see topology).
SP asked me to filter routes as follows: each internal router must only accept the default route that's coming from the ABR.
Will this configuration work?
access-list 1 permit 0.0.0.0 0.0.0.0
router ospf 22
distribute-list 1 in
What are its implications?
OSPF is a link state protocol and the proposed distribute-list can only avoid installation of specific LSAs in the routing table of the local node.
if another OSPF node is present downstream in area 22 it will see the whole database including the filtered routes/LSAs.
From your network diagram there are only two routers in the site ( I guess the switches are L2 only but I may be wrong).
In case other devices are present downstream and are part of the OSPF area 22 routing domain you would need to configure the same distribute-list on them but also the routers in the middle would not be able to route traffic for those IP subnets advertised by those downstream devices.
if area 22 is a totally stub the database shouldn'tbe so big unless the provider is sharing the VRF between multiple customers!
>> if they are two different branch offices
>> SP asked me to filter routes as follows: each internal router must only accept the default route that's coming from the ABR.
I enclosed both WAN and OSPF topologies.
The situation is as follows: Marsa and Sidibou are internal OSPF in area 2. If LL1 goes down, HQ router will see Marsa routes through Hach, and Hach will see them coming from Sidibou router, because Sidibou is in the same area as Marsa. So it already has these LSAs.
SP backbone has OSPF and BGP. If what I understood is correct, Mar router advertises its learned routes as BGP into the backbone.
Service Provider says that OSPF routes have better administrative distance than BGP. So Hash sees OSPF routes from Sidibou and BGP routes from Mar, and it will prefer OSPF ones.
Is there a control mechanism I can implement to prevent Sidibou from advertizing LSAs of Marsa back to Hach? should the work be done on my side or on the Provider side?
I did with distribute-lists. However, as you told me, it didn't work.
The issue is not about communication between areas. If you read my previous post, it's about filtering routes that are coming from another internal router.
which are coming from hach? which is a service providers router?
am i correct in thinking that you have your routers in area2 and area 0 and your provider is in the middle runing OSPF and BGP ? and they do not want to see your OSPF routes?
Hach and Mar are Provider routers. They run OSPF and BGP.
I mentioned that the issue was not that SP does not want to see my routes. It's that when Leased Line of Marsa office goes down, traffic from HQ goes HQ-Hach-Sidibou instead of HQ-Hach-Mar-Marsa
sorry i understand and i take it once the traffic gets to the Sidibou office it then goes across its ADSL line to mar then to marsa or does it just stop at sidibou?
>> Service Provider says that OSPF routes have better administrative distance than BGP.
OSPF is preferred over iBGP routes lower admin distance. The two PE routes exchange i MP BGP routes in VPNv4 address family routes are imported with AD=200 and BGP next-hop = other router loopback address
>> Is there a control mechanism I can implement to prevent Sidibou from advertizing LSAs of Marsa back to Hach?
I would suggest to consider the use of two different OSPF routing processes on the two routers under your control.
OSPF process 1 : main process towards PE 1 Hach
OSPF process 2 : secondary process towards PE 2 Mar
In order to avoid race conditions (because two different OSPF processes compete for installing routes in the IP routing table) you should increase AD for all types of routes on secondary OSPF process
router ospf 1
! current configuration
router ospf 2
ospf external 120 inter-area 120
you cannot run two different OSPF processes on the same links in the same area, so I would suggest to use redistribute connected on secondary process to advertise local subnets and network ... area on primary process
This provides also to PE routers a way to determine the primary routes (internal routes are preferred over external routes in OSPF)
Hope to help