Hi Russ, OSPFv2, as specified in RFC 2328, states that a multi-access network's subnet is specified by the DR's Network-LSA LSID/mask and installed during the SPF graph traversal. Hence, without some form of signaling, there is no way to prevent other routers in the OSPF area from installing the subnet route (whether or not it is really needed for any purpose in the OSPF network deployment).
Thanks, Acee On Feb 23, 2011, at 9:27 AM, Russ White wrote: > >> Given all the discussions on OSPFv2 security, we've neglected discussion on >> some of the other drafts. Please send you views, positive, or negative, as >> to whether or not this draft should be a WG document. > > I have some questions on 2.2.2.1... > > == > To hide a transit-only broadcast network, a special network mask > value 255.255.255.255 MUST be used in the network LSA. While a > broadcast network connects more than routers, using 255.255.255.255 > will not hide an access broadcast network accidentally. > == > > I'm never really "happy" with "magic numbers" like this... I know we are > forced to resort to them from time to time, but I think avoidance is the > better part of design, if possible. > > With that in mind --do we really need it? In an SPF from "off link," > doesn't a broadcast link really just look like a bunch of point to > points (hub and spoke), on which all the routers are attached to the > same ip subnet? Why, if so, do we actually need the connection to the > shared broadcast network off link, if so? IE, the TWCC should be running > id-to-id across the apparent point-to-points, and routers off link don't > much care about the shared broadcast network in the middle. > > On link, we care about the shared broadcast link (to make certain we're > actually on the same IP subnet to go full), but that's not carried in > the type 2, and the trick of representing this as a host route would > break that anyway (if we were relying on it). > > So I'm not certain we even need the magic number here. Just advertise > the connection to the other routers as p-2-p in the type 2 (by the DR), > and advertise the p-2-p connection in the type 1 from all the other > routers on the link, and you're done (?)... You can just pull the > attached subnet out, like you would with a type 1? > > Thoughts? > > :-) > > Russ > > > > >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OSPF mailing list [email protected] https://www.ietf.org/mailman/listinfo/ospf
