Re: filter ospf routes

sunilferrao · ‎06-21-2008

dear all,

i am facing the problem with ospf routeing in my network, my senario is like this

site A wanrouter -> nortel passport --wan-----> nortel passport---> lan router

site b wanrouter -> nortel passport --wan-----> nortel passport-->lan router

wanrouters and nortel passports running ospf currently.. i want block all the ospf routes reciveing from nortel passports to my wan router...

what is best way to achive this

any help highly appreciated

thanks

sunil

guruprasadr · ‎06-21-2008

HI Sunil, [Pls Rate if HELPS]

Best way to acheive this is, add the Interface that is connected to the Nortel Passport Equipment as Passive Interface.

Under OSPF Process, make the Interface as Passive Interface that is connected to the Nortel Passport.

Hope I am Informative.

Best Regards,

Guru Prasad R

Edison Ortiz · ‎06-21-2008

You can't filter intra-area routes in OSPF, you are only allowed to filter inter-area routes (LSA Type-3 filtering) and external routes.

If your requirement calls for OSPF route filtering, you must redesign your OSPF areas.

HTH,

__

Edison.

waleed_amer · ‎06-22-2008

Hi Edison,

we can't filter outbound intra-area routes because we can't filter LSA type 1&2 (topology info not routes) but we can filter inbound by filtering routes after receive it on the topology table and before install it into the routing table and we can do this by: distribute-list 1 in Ethernet0/0 under OSPF process and access-list 1 permit x.x.x.x x.x.x.x

Regards,W.Amer

Edison Ortiz · ‎06-22-2008

If you go that route, any downstream OSPF neighbor will also need a distribute-list for the same routes. They will receive the LSAs and they will install those LSAs in their routing table.

That's the reason it's not recommended to use distribute-list in an OSPF network. It creates some odd behavior which can be really difficult to troubleshoot.

__

Edison.

sunilferrao · ‎06-23-2008

Thanks Edision for your veiw.

my idea is move this site to 2nd site in BGP and run redistribution Bgp to ospf

but i have some back door link in ospf , which causing traffic not going through Bgp , its taking Prepared path from ospf because of specific routes comming from ospf.

any best way to route the traffic comming from ospf to bgp and go out

thanks

sunil

Edison Ortiz · ‎06-23-2008

Sunil,

If OSPF is preferred due to those routes having a longer mask than the ones from BGP, then the only solution is to summarize the OSPF routes so they can be identical to the BGP routes. With identical routes, then the Administrative Distance between the routing protocols will take precedence.

However, summarization in OSPF only takes place when going from one area to another area (area range command) or when going from an external routing protocol into OSPF (summary-address command).

HTH,

__

Edison

Please rate helpful posts

rohan.jhaveri · ‎06-23-2008

filter-list(i guess newly introduced for OSPF) should help

sunilferrao · ‎06-23-2008

Hi edision,

the problem is i having same are 3 for same subnet.behind passport lan i am using 10.132.130.0/22 subnet and from bgp i am advertising 10.0.0.0/8 , redundant passports having intera are routes and its taking all best path via ospf to site A

my gold partner advised to move both sites together to BGP, so avoide back door link problems , everything will redistribute via bgp to ospf.

in this senario my worry is how we load balance the traffic comming from 10.132.130.0/22 to site A (prod) and Site B (dr).

Edison Ortiz · ‎06-23-2008

Since you are advertising 10.0.0.0/8 via BGP and 10.132.130.0/22 via OSPF, OSPF will be the dynamic routing protocol of choice for the 10.132.130.0/22 network (longer mask).

OSPF supports load balancing over equal cost so I don't understand what's the problem here.

__

Edison.

sunilferrao · ‎06-24-2008

hi Edison,

Thanks for your all help. i am going to implement this after two weeks ... lets see how it goes .

thanks

sunil