On Wed, May 06, 2020 at 03:23:06PM +0100, Richard Chivers wrote: > Hi, > > Thanks so much for the diff, it appears to have resolved the issue. > > We are now trying to establish whether we need the fix widely deployed or > only on the box that originates with the large LSA updates, pushing it over > the 1500mtu. > > We are going to run some tests, but our expectation is that when the DR > sends the message from the originating router on to its neighbors that they > will then see the same issue. > > Out of interest is there any way of just announcing a single network. > > In this particular case the large LS-Update is caused because we have many > interfaces, but these are all carp so will failover in one hit anyway. We > have allocated 10.128.0.0/16 to this firewall so there are many networks, > but anything in our network with a destination of 10.128.0.0/16 can end up > here. > > We tried something like *redistribute 10.128.0.0/16 <http://10.128.0.0/16> > depend on carp0*, but what that appears to do is limit advertisements to > the subnets that fall within that range, so we still have a very large LSA > update anyway. > > Just wondering if there was any workaround, as it would just simplify > processing etc. > > It is probably a non issue anyway now, with the fix, but just interested if > anyone has done anything similar.
Without the exact config it is hard to judge but you are advertising a lot of stub networks in the router lsa. stub networks are from interface rules that are passive or have no active peers. So to reduce the size of the router LSA an option is to remove some of the interfaces and change them to redistribute connected which uses Type-5 LSA instead. -- :wq Claudio
