Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
406
Views
0
Helpful
1
Replies

OSPF LSA filtering

Go to solution
olly ahmed
Level 1
Level 1

‎07-21-2016 01:37 AM - edited ‎03-07-2019 12:14 AM

can anyone help me to understand the effect of this command step by step.- " max-lsa 1 ignore-time 10 reset-time 7 ignore-count 15". And how this command will follow the sequence ?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎07-22-2016 07:23 AM

Hello,

This command limits the number of foreign LSAs (that is, LSAs you have not originated yourself) in your link-state database. Usually, it is used in VPN scenarios where you want to protect the provider's router against a denial of service attack caused by the customer generating inordinate numbers of LSAs.

max-lsa 1 ignore-time 10 reset-time 7 ignore-count 15

What the command above does is this:

  • It allows at most 1 foreign LSA in your LSDB
  • If this maximum number of foreign LSAs is exceeded and keeps being over this limit for 1 minute (this is a constant), your OSPF process will move to a so-called ignore state in which it becomes absolutely silent - it stops sending any OSPF packets, and it ignores any OSPF packets received. This ignore state will last for 10 minutes.
  • Each time the router enters the ignore state, an internal counter called the ignore counter is incremented. This counter records how many times you have entered the ignore state. If, after leaving the ignore state, your OSPF process has been working normally for 7 minutes, this ignore counter is reset to 0.
  • If the OSPF process keeps entering the ignore state so often that the ignore counter keeps incrementing, then after the ignore counter reaches the value of 15, your OSPF process will remain in the ignore state indefinitely and won't come back on its own. You will need to manually restart it using the clear ip ospf process command.

You may want to read the documentation on this feature:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-mt/iro-15-mt-book/iro-lk-state-db.html

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/command/iro-cr-book/ospf-i1.html#wp1053145515

Best regards,
Peter

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎07-22-2016 07:23 AM

Hello,

This command limits the number of foreign LSAs (that is, LSAs you have not originated yourself) in your link-state database. Usually, it is used in VPN scenarios where you want to protect the provider's router against a denial of service attack caused by the customer generating inordinate numbers of LSAs.

max-lsa 1 ignore-time 10 reset-time 7 ignore-count 15

What the command above does is this:

  • It allows at most 1 foreign LSA in your LSDB
  • If this maximum number of foreign LSAs is exceeded and keeps being over this limit for 1 minute (this is a constant), your OSPF process will move to a so-called ignore state in which it becomes absolutely silent - it stops sending any OSPF packets, and it ignores any OSPF packets received. This ignore state will last for 10 minutes.
  • Each time the router enters the ignore state, an internal counter called the ignore counter is incremented. This counter records how many times you have entered the ignore state. If, after leaving the ignore state, your OSPF process has been working normally for 7 minutes, this ignore counter is reset to 0.
  • If the OSPF process keeps entering the ignore state so often that the ignore counter keeps incrementing, then after the ignore counter reaches the value of 15, your OSPF process will remain in the ignore state indefinitely and won't come back on its own. You will need to manually restart it using the clear ip ospf process command.

You may want to read the documentation on this feature:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-mt/iro-15-mt-book/iro-lk-state-db.html

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/command/iro-cr-book/ospf-i1.html#wp1053145515

Best regards,
Peter

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card