cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2574
Views
6
Helpful
9
Replies

distribute list for default route

Wassim Aouadi
Level 4
Level 4

Hi,

I have two internal OSPF routers in area 22 which is totally stub area. Each of them represents a branch office. Each router has two WAN links; one primary and one backup (DSL).

TT1 and TT2 are Service Provider routers (see topology).

SP asked me to filter routes as follows: each internal router must only accept the default route that's coming from the ABR.

Will this configuration work?

access-list 1 permit 0.0.0.0 0.0.0.0

!

router ospf 22

network ...

distribute-list 1 in

What are its implications?

9 Replies 9

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Wassim,

OSPF is a link state protocol and the proposed distribute-list can only avoid installation of specific LSAs in the routing table of the local node.

if another OSPF node is present downstream in area 22 it will see the whole database including the filtered routes/LSAs.

From your network diagram there are only two routers in the site ( I guess the switches are L2 only but I may be wrong).

In case other devices are present downstream and are part of the OSPF area 22 routing domain you would need to configure the same distribute-list on them but also the routers in the middle would not be able to route traffic for  those IP subnets advertised by those downstream devices.

if area 22 is a totally stub the database shouldn'tbe so big unless the provider is sharing the VRF between multiple customers!

>> if they are two different branch offices

>> SP asked me to filter routes as follows: each internal router must only accept the default route that's coming from the ABR.

they can generate better routes on the main link, or simply an higher metric can be associated to the DSL link.
I would suggest this.
Hope to help
Giuseppe

I think an ABR would only send a default route to a Totaly stub area is this not what you are seeing ? can you do a show ip route?

Giuseppe,

I enclosed both WAN and OSPF topologies.

The situation is as follows: Marsa and Sidibou are internal OSPF in area 2. If LL1 goes down, HQ router will see Marsa routes through Hach, and Hach will see them coming from Sidibou router, because Sidibou is in the same area as Marsa. So it already has these LSAs.

SP backbone has OSPF and BGP. If what I understood is correct, Mar router advertises its learned routes as BGP into the backbone.

Service Provider says that OSPF routes have better administrative distance than BGP. So Hash sees OSPF routes from Sidibou and BGP routes from Mar, and it will prefer OSPF ones.

Is there a control mechanism I can implement to prevent Sidibou from advertizing LSAs of Marsa back to Hach? should the work be done on my side or on the Provider side?

I did with distribute-lists. However, as you told me, it didn't work.

Thanks

could you not set up GRE tunnels between your two areas ? this way the BGP and OSPF routes would not effect each other?

just an idea

Ben,

The issue is not about communication between areas. If you read my previous post, it's about filtering routes that are coming from another internal router.

which are coming from hach? which is a service providers router?

am i correct in thinking that you have your routers in area2 and area 0 and your provider is in the middle runing OSPF and BGP ? and they do not want to see your OSPF routes?

Hach and Mar are Provider routers. They run OSPF and BGP.
I mentioned that the issue was not that SP does not want to see my routes. It's that when Leased Line of Marsa office goes down, traffic from HQ goes HQ-Hach-Sidibou instead of HQ-Hach-Mar-Marsa

sorry i understand and i take it once the traffic gets to the Sidibou office it then goes across its ADSL line to mar then to marsa or does it just stop at sidibou?

Hello Wassim,

>> Service Provider says that OSPF routes have better administrative distance than BGP.

OSPF is preferred over iBGP routes lower admin distance. The two PE routes exchange i MP BGP routes in VPNv4 address family routes are imported with AD=200 and BGP next-hop = other router loopback address

>> Is there a control mechanism I can implement to prevent Sidibou from advertizing LSAs of Marsa back to Hach?

I would suggest to consider the use of two different OSPF routing processes on the two routers under your control.

OSPF process 1 : main process towards PE 1 Hach

OSPF process 2 : secondary process towards PE 2 Mar

In order to avoid race conditions (because two different OSPF processes compete for installing routes in the IP routing table) you should increase AD for all types of routes on secondary OSPF process

router ospf 1

! current configuration

!

router ospf 2

ospf external 120 inter-area 120

redistribute connnected

see

http://www.cisco.com/en/US/docs/ios/iproute_ospf/command/reference/iro_osp1.html#wp1013195

Note:

you cannot run two different OSPF processes on the same links in the same area, so I would suggest to use redistribute connected on secondary process to advertise local subnets and network ... area on primary process

This provides also to PE routers a way to determine the primary routes (internal routes are preferred over external routes in OSPF)

Hope to help

Giuseppe

Review Cisco Networking for a $25 gift card