Solved: OSPF and Dialer Watch

bapatsubodh · ‎07-29-2006

Hi,

We are configuring Dialer watch using BRI ISDN as a back up to serial line.

This ISDN interface ( Dialer 0 ) on both the routers is also OSPF enabled.

On Cisco's website there is a confgurtaion example of configuring Dialer Watch in which there is one access-list applied to Dialer 0 which stops ospf hello packets. In explanatio it says that this access-list is applied to " To mark OSPF as uninteresting , This will prevent the OSPF hellos from keeping the link UP"

( access-list 101 deny OSPF any any )

If this access-list is appled to dialer 0 which is going to act as a back to serial line then will it form OSPF neighbor relatioship if hellos are denied ? Any explanation ?

Please see the attached PDF document

Thanx in advance

Richard Burts · ‎07-29-2006

While GNT's response is essentially correct there is a small clarification. GNT says that after the line is up the access list plays no role anymore. But this is not correct. The access list has a continuing role to play. The access list not only controls what can bring the line up but also controls what keeps the line up. Every time there is "interesting" traffic (packets which are permitted in the access list) the inactivity timer is reset and the line stays up. If the line is already up then packets which are denied in the access list are still transmitted, but the inactivity timer keeps counting and if the inactivity timer expires the line will be closed.

It is important to understand how the access list is applied. If it were applied to the dialer interface with ip access-group then the original concern would be correct and OSPF would not be transmitted. But when the access list is applied with dialer-group and dialer-list then it is not a filter on traffic being transmitted but is a filter on "interesting" traffic.

HTH

Rick

HTH

Rick

View solution in original post

globalnettech · ‎07-29-2006

Hello,

the idea behind blocking OSPF hellos in that access list is just to keep OSPF from triggering the connection. Once the line is up, all traffic flows freely, hence OSPF adjacencies will be established.

Does that make sense ?

Regards,

GNT

bapatsubodh · ‎07-29-2006

Agreed all the traffic will flow freeky. But will it not be filtered by access list ? Will it not block any OSPF hello. Or once adjacencies are formed access-list wont filter any traffic ?

globalnettech · ‎07-29-2006

Hello,

the access list (101) is only responsible for defining which traffic triggers the backup line, once the backup line is up, the access list plays no role anymore.

Think of the access list as being nothing more but a filter that defines what traffic can trigger the backup. Once the backup is up, no traffic is being blocked...

HTH,

GNT

Richard Burts · ‎07-29-2006

While GNT's response is essentially correct there is a small clarification. GNT says that after the line is up the access list plays no role anymore. But this is not correct. The access list has a continuing role to play. The access list not only controls what can bring the line up but also controls what keeps the line up. Every time there is "interesting" traffic (packets which are permitted in the access list) the inactivity timer is reset and the line stays up. If the line is already up then packets which are denied in the access list are still transmitted, but the inactivity timer keeps counting and if the inactivity timer expires the line will be closed.

It is important to understand how the access list is applied. If it were applied to the dialer interface with ip access-group then the original concern would be correct and OSPF would not be transmitted. But when the access list is applied with dialer-group and dialer-list then it is not a filter on traffic being transmitted but is a filter on "interesting" traffic.

HTH

Rick

HTH

Rick

bapatsubodh · ‎07-29-2006

Hi,

Thanks a Lot friends , that was a very amazing to see how access lists behave depending upon how those are applied.

In the example, I have potsed earlier in this topic ( Cisco example ) they have applied access list using dialer group and dialer list so traffic will be filtered by access list. But OSPF packets will not trigger the BRI ISDN line. When interesting traffic is generated it will trigger ISDN and will form OSPF adjacencies , at this time OSPF Hello packets will flow. When there is no traffic to be transmitted, inactivity timer will keep track of no traffic and when the times expires BRI LINK will be down. The link will come up again only when there is again interesting traffic. and the procedure will follow. In short once line is triggered it will not remain connected even though there is no intertesting traffic. or it will remain connected. Please guide.

Thanks in Advance.

Subodh

Richard Burts · ‎07-29-2006

Subodh

You have it correct. With the access list applied through dialer-group and dialer-list it will prevent OSPF from being interesting traffic and therefore prevent OSPF from bringing up the line and prevent OSPF from keeping up the line. As long as there is interesting traffic the line will stay up and OSPF will maintain neighbor relationship over the line. But when there has been no interesting traffic the inactivity timer will expire and the line will be brought down and the OSPF neighbor relationship will terminate.

When there is interesting traffic the line will come up and stay up and when there is not interesting traffic the line will come down.

HTH

Rick

HTH

Rick