I have two BGP routers connecting to same ISP (MPLS/VPN), more than 500 routes are learnt from the PE router, I am running OSPF as IGP. Now I need to redistribute BGP into OSPF, but I need the neighbor OSPF router to know exact routes learnt from BGP. and don't want any downstream routers know any redistributed routes.
have thought about
1. distribution list - cannot stop sending out or receiving LSA
2. summary - on ASBR only (first OSPF router wouldn't be able to see routes)
| BGP |
OSPF \ / OSPF
R3 <-need to see all redistributed routes
R4 <-NO need to see all redistributed routes(saving resource)
Thanks in advance.
The distribute-list solution is clearly inferior - while it will prevent external routes from entering the routing table on R4, the LSA-5 will still be flooded towards R4 and installed into its LSDB. The summarization on R1/R2 will make the LSDB and the routing tables smaller but will break your requirement that R3 needs to see all redistributed routes.
My immediate idea is to put R4 into a separate stubby or totally stubby area and making R3 the ABR. With R4 placed into a stubby/totally stubby area, LSA-5 will not be flooded to it, and instead, all redistributed routes will be automatically replaced with a default route.
Would this solution be acceptable for you?
Thanks Peter for you reply.
R4 has to be in Area 0, because there are many other routers behind R4. Now question comes down to what methods can be used to filter LSA-5.
I can tag redistributed routes and put R1 and R2 into different area(not 0), but how to stop ABR from advertising LSA-5 to area 0?
I am afraid that if you can not afford to move the R4 and the routers behind it into a separate stubby area or perform summarization on R1/R2 then OSPF is not going to give us any more help. Link state routing protocols flood topological elements (LSAs), not prefixes. That makes the filtering very difficult, as topological details can not be tampered with, and much less flexible than in distance vector protocols. In OSPF, LSAs generated by a router may not be modified by any other router. That means that LSA-5 originated at R1 and R2 will not be modified (i.e. summarized or filtered) by any other router except an ABR towards a stubby area, and because of its domain-wide flooding scope, it will be flooded to all regular areas.
What I suggest is a different approach here: do not redistribute BGP into OSPF. Rather, run BGP also on R3 and create iBGP peerings between R3 and R1/R2. This will allow R3 to know about every network that would otherwise be redistributed into OSPF. In addition, configure R1 and R2 to inject a default route into OSPF (make sure it does not get advertised back to BGP in case of OSPF-to-BGP redistribution). This will make all routers behind and including R4 to forward packets towards R3, and assuming that R3 will have more specific subnets towards the destinations learned via iBGP, it will properly choose R1 or R2 as the next hop.
Alternatively, R3 could also be configured to inject a default route into OSPF. With iBGP between R3 and R1/R2, the OSPF between R1, R2 and R3 is basically useless - you could redistribute OSPF into BGP on R3.
Would this approach be perhaps more acceptable?
given your requirements I agree that a possible option is to have iBGP sessions between R3-R2 and R3-R1 without redistributing BGP into OSPF, or all OSPF domain will know about the redistributed routes.
R1 and R2 should inject an OSPF default route conditioned to the fact that PE-CE eBGP session is up. This can be done with a route-map that checks specific BGP routes and the BGP next-hop. OSPF default route should be of type O E1 because there are two exit points from OSPF domain.
The route-map is invoked in OSPF process in default-information originate command.
All this under the hyphotesis that injecting a default route at R1, R2 does not cause problems (for example competition with an indipendent internet access).
Hope to help