Re: [c-nsp] OSPF NSSA question
That does look like it would work for me. Thanks for all the input. -Original Message- From: Ivan Pepelnjak [mailto:i...@ioshints.info] Sent: Thursday, July 23, 2009 11:50 AM To: 'Ruben Alvarez'; 'Mateusz Blaszczyk' Cc: cisco-nsp@puck.nether.net Subject: RE: [c-nsp] OSPF NSSA question Hi! You gave me a good reason to finally test this command and document what it does and how it's used in a hub-and-spoke environment: http://wiki.nil.com/OSPF_flooding_filters_in_hub-and-spoke_environment It's exactly what's needed to solve the original problem (but of course you need a static default route on the spoke routers as they lose all OSPF information). Best regards Ivan http://www.ioshints.info/about http://blog.ioshints.info/ -Original Message- From: Ruben Alvarez [mailto:r...@opusnet.com] Sent: Wednesday, July 22, 2009 5:17 PM To: 'Mateusz Blaszczyk'; 'Ivan Pepelnjak' Cc: cisco-nsp@puck.nether.net Subject: RE: [c-nsp] OSPF NSSA question I'm not sure filtering 'out' would work. Three routers all have one interface, each connecting to the ABR (which has four interfaces, three to the routers in area 1 and one in area 0.) If I'm filtering out, The ABR wouldn't know which routes are on each of the three routers. Right? The three routers have thousands of single host routes spread out over each router. The ABR knows which router has each host and summarizes to area 0. -Original Message- From: Mateusz Blaszczyk [mailto:blah...@gmail.com] Sent: Wednesday, July 22, 2009 1:10 AM To: Ivan Pepelnjak Cc: Ruben Alvarez; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] OSPF NSSA question 2009/7/22 Ivan Pepelnjak i...@ioshints.info: You're probably looking for the ip ospf database-filter all out command. And how the summary LSA with 0/0 would get to the spoke router if that is filtered out? (assuming nssa scenario in OP's hub n'spoke topology) Best Regards, -mat ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF NSSA question
Hi! You gave me a good reason to finally test this command and document what it does and how it's used in a hub-and-spoke environment: http://wiki.nil.com/OSPF_flooding_filters_in_hub-and-spoke_environment It's exactly what's needed to solve the original problem (but of course you need a static default route on the spoke routers as they lose all OSPF information). Best regards Ivan http://www.ioshints.info/about http://blog.ioshints.info/ -Original Message- From: Ruben Alvarez [mailto:r...@opusnet.com] Sent: Wednesday, July 22, 2009 5:17 PM To: 'Mateusz Blaszczyk'; 'Ivan Pepelnjak' Cc: cisco-nsp@puck.nether.net Subject: RE: [c-nsp] OSPF NSSA question I'm not sure filtering 'out' would work. Three routers all have one interface, each connecting to the ABR (which has four interfaces, three to the routers in area 1 and one in area 0.) If I'm filtering out, The ABR wouldn't know which routes are on each of the three routers. Right? The three routers have thousands of single host routes spread out over each router. The ABR knows which router has each host and summarizes to area 0. -Original Message- From: Mateusz Blaszczyk [mailto:blah...@gmail.com] Sent: Wednesday, July 22, 2009 1:10 AM To: Ivan Pepelnjak Cc: Ruben Alvarez; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] OSPF NSSA question 2009/7/22 Ivan Pepelnjak i...@ioshints.info: You're probably looking for the ip ospf database-filter all out command. And how the summary LSA with 0/0 would get to the spoke router if that is filtered out? (assuming nssa scenario in OP's hub n'spoke topology) Best Regards, -mat ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF NSSA question
On Wed, 22 Jul 2009, Ruben Alvarez wrote: Yes the routers in area 1 are set to redistribute connected and static. They do DSL aggregation and if you can imagine I need some flexibility with those addresses (approx /20.) I'll move IP pools and /30 -/29 networks from router to router as customers come and go. OSPF really doesn't deal well with route filtering. I kind of wonder if iBGP and (if needed) careful redistribution of iBGP into OSPF would be a better solution. Take the router that would have been the gateway between areas 0 and 1 (I'll call it R1), and make it a route reflector for the area 1 routers. On R1, don't send the RR clients any routes except for those with next hops of other area 1 routers. This should be reasonably easily done with some route-maps and community marking of received routes on R1. -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF NSSA question
2009/7/22 Ivan Pepelnjak i...@ioshints.info: You're probably looking for the ip ospf database-filter all out command. And how the summary LSA with 0/0 would get to the spoke router if that is filtered out? (assuming nssa scenario in OP's hub n'spoke topology) Best Regards, -mat ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF NSSA question
I'm not sure filtering 'out' would work. Three routers all have one interface, each connecting to the ABR (which has four interfaces, three to the routers in area 1 and one in area 0.) If I'm filtering out, The ABR wouldn't know which routes are on each of the three routers. Right? The three routers have thousands of single host routes spread out over each router. The ABR knows which router has each host and summarizes to area 0. -Original Message- From: Mateusz Blaszczyk [mailto:blah...@gmail.com] Sent: Wednesday, July 22, 2009 1:10 AM To: Ivan Pepelnjak Cc: Ruben Alvarez; cisco-nsp@puck.nether.net Subject: Re: [c-nsp] OSPF NSSA question 2009/7/22 Ivan Pepelnjak i...@ioshints.info: You're probably looking for the ip ospf database-filter all out command. And how the summary LSA with 0/0 would get to the spoke router if that is filtered out? (assuming nssa scenario in OP's hub n'spoke topology) Best Regards, -mat ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF NSSA question
On Tue, Jul 21, 2009 at 1:54 PM, Ruben Alvarezr...@opusnet.com wrote: Now the ABR has all the N2 routes for the three routers. But so do all three routers, which isn't needed. They only have one interface and a default route. Is there a way I can ignore all routes in the area except the default route coming from the ABR? If you're set on keeping the routers in a NSSA you could simply disable redistribution into the NSSA area by adding 'no-redistribution' to the area config. This will effectively keep type 5 LSAs from being advertised into the NSSA. Realistically it makes more sense to turn the areas into totally stubby areas. I don't see what benefit you gain from keeping the routers in a NSSA. - Laurent ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF NSSA question
On Wed, 22 Jul 2009, Laurent Geyer wrote: If you're set on keeping the routers in a NSSA you could simply disable redistribution into the NSSA area by adding 'no-redistribution' to the area config. This will effectively keep type 5 LSAs from being advertised into the NSSA. Realistically it makes more sense to turn the areas into totally stubby areas. I don't see what benefit you gain from keeping the routers in a NSSA. Simpler configuration? I'm going to assume the routers in the NSSA are exporting (probably static and or connected) routes into OSPF and can't do this in a regular stub area. I have an NSSA for some layer 3 switches doing this. The switches can handle a limited number of routes and really don't gain anything by carrying our full internal routes. -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF NSSA question
Yes the routers in area 1 are set to redistribute connected and static. They do DSL aggregation and if you can imagine I need some flexibility with those addresses (approx /20.) I'll move IP pools and /30 -/29 networks from router to router as customers come and go. I like how it's setup now because area 0 gets a few summarized routes and have the flexibility to let the ABR dynamically do the routing for the aggregation routers. Only downside is the aggregation routers get all the N2 routes when a default route is sufficient. I'm reading about the area 1 no-redistribution command. It reads external routes will not be flooded into the NSSA. So I read that as a router will advertise its routes and not the routes it receives from other routers. But wouldn't aggregationrouter1 still receive routes from aggregationrouter2? It just wouldn't re-advertise them. I'm thinking the best plan would be to have each router in its own area. As far as what I read about stub, I can't redistribute static or connected routes into OSPF which is the whole reason why I'm doing this. Someone said a stub area can have multiple routers. Wikipedia says it can't. A stub area is an area which does not receive external route advertisements. It may be configured to reduce many route advertisements into an area when the routing table consists of mostly external routes. Instead of the external routes, a default route is advertised to the stub area. A stub area has only one OSPF router, cannot contain an AS boundary router (ASBR) and routes cannot be distributed from other protocols into the stub area. Can someone confirm that? Thanks all. -Original Message- From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-boun...@puck.nether.net] On Behalf Of Jon Lewis Sent: Wednesday, July 22, 2009 10:44 AM To: Laurent Geyer Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] OSPF NSSA question On Wed, 22 Jul 2009, Laurent Geyer wrote: If you're set on keeping the routers in a NSSA you could simply disable redistribution into the NSSA area by adding 'no-redistribution' to the area config. This will effectively keep type 5 LSAs from being advertised into the NSSA. Realistically it makes more sense to turn the areas into totally stubby areas. I don't see what benefit you gain from keeping the routers in a NSSA. Simpler configuration? I'm going to assume the routers in the NSSA are exporting (probably static and or connected) routes into OSPF and can't do this in a regular stub area. I have an NSSA for some layer 3 switches doing this. The switches can handle a limited number of routes and really don't gain anything by carrying our full internal routes. -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF NSSA question
Thanks. that's sounds like what I want, but it says: Configure this command on NSSA ABRs only. After you define the NSSA totally stub area, Area 1 has these characteristics in addition to the NSSA characteristics: -No type 3 or 4 summary LSAs are allowed in Area 1. This means no inter-area routes are allowed in Area 1. -A default route is injected into the NSSA totally stub area as a type 3 summary LSA. So no IA routes are allowed in area 1. But I have N2 routes? From: samuel vuillaume [mailto:vuillau...@gmail.com] Sent: Wednesday, July 22, 2009 12:02 PM To: Ruben Alvarez Subject: Re: [c-nsp] OSPF NSSA question Hi there, you should take a peak to http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094a88 .shtml#definestub NSSA totally Stubby area On Tue, Jul 21, 2009 at 1:54 PM, Ruben Alvarez r...@opusnet.com wrote: Hello, I have a question. I have recently setup a second OSPF area. The ABR has three routers connected to it (area 1) in a hub and spoke configuration. The routers get a default route to the ABR via default information originate. Now the ABR has all the N2 routes for the three routers. But so do all three routers, which isn't needed. They only have one interface and a default route. Is there a way I can ignore all routes in the area except the default route coming from the ABR? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF NSSA question
On Wed, Jul 22, 2009 at 4:13 PM, Ruben Alvarezr...@opusnet.com wrote: A stub area is an area which does not receive external route advertisements. It may be configured to reduce many route advertisements into an area when the routing table consists of mostly external routes. Instead of the external routes, a default route is advertised to the stub area. A stub area has only one OSPF router, cannot contain an AS boundary router (ASBR) and routes cannot be distributed from other protocols into the stub area. Can someone confirm that? Thanks all. Like Jon mentioned, you cannot redistribute connected and statics into OSPF from a totally stubby area. If your main concern with your NSSA right now are the external routes that are being advertised into your NSSA from the ABR, you can eliminate those advertisements by disabling redistribution. On the ABR: router ospf process area 1 nssa no-redistribution no-summary - Laurent ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
[c-nsp] OSPF NSSA question
Hello, I have a question. I have recently setup a second OSPF area. The ABR has three routers connected to it (area 1) in a hub and spoke configuration. The routers get a default route to the ABR via default information originate. Now the ABR has all the N2 routes for the three routers. But so do all three routers, which isn't needed. They only have one interface and a default route. Is there a way I can ignore all routes in the area except the default route coming from the ABR? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF NSSA question
Are you sure you want to use NSSA areas instead of totally stubby areas? http://packetlife.net/blog/2008/jun/24/ospf-area-types/ Ruben Alvarez wrote: Hello, I have a question. I have recently setup a second OSPF area. The ABR has three routers connected to it (area 1) in a hub and spoke configuration. The routers get a default route to the ABR via default information originate. Now the ABR has all the N2 routes for the three routers. But so do all three routers, which isn't needed. They only have one interface and a default route. Is there a way I can ignore all routes in the area except the default route coming from the ABR? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Walter Keen Network Technician Rainier Connect (o) 360-832-4024 (c) 253-302-0194 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF NSSA question
Ruben, All routers in an OSPF area have to have the same OSPF topology database. So unless you put each router in its own area there is no really a good way around it. Best Regards, -mat 2009/7/21 Ruben Alvarez r...@opusnet.com: Hello, I have a question. I have recently setup a second OSPF area. The ABR has three routers connected to it (area 1) in a hub and spoke configuration. The routers get a default route to the ABR via default information originate. Now the ABR has all the N2 routes for the three routers. But so do all three routers, which isn't needed. They only have one interface and a default route. Is there a way I can ignore all routes in the area except the default route coming from the ABR? ___ cisco-nsp mailing list cisco-...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF NSSA question
But then, I believe, you cannot redistribute C and S routes from inside the are out, that's why NSSA Exist. What we need is a totally stubby not so stubby area, no? On 21-Jul-09, at 2:49 PM, Walter Keen wrote: Are you sure you want to use NSSA areas instead of totally stubby areas? http://packetlife.net/blog/2008/jun/24/ospf-area-types/ Ruben Alvarez wrote: Hello, I have a question. I have recently setup a second OSPF area. The ABR has three routers connected to it (area 1) in a hub and spoke configuration. The routers get a default route to the ABR via default information originate. Now the ABR has all the N2 routes for the three routers. But so do all three routers, which isn't needed. They only have one interface and a default route. Is there a way I can ignore all routes in the area except the default route coming from the ABR? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ -- Walter Keen Network Technician Rainier Connect (o) 360-832-4024 (c) 253-302-0194 ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF NSSA question
Ok thanks. that answers my question. It's not a big deal, I just was wondering. As for the one who suggested totally stubby or stub, I understood a stub area can only have one OSPF router. -Original Message- From: Mateusz Blaszczyk [mailto:blah...@gmail.com] Sent: Tuesday, July 21, 2009 12:34 PM To: Ruben Alvarez Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] OSPF NSSA question Ruben, All routers in an OSPF area have to have the same OSPF topology database. So unless you put each router in its own area there is no really a good way around it. Best Regards, -mat 2009/7/21 Ruben Alvarez r...@opusnet.com: Hello, I have a question. I have recently setup a second OSPF area. The ABR has three routers connected to it (area 1) in a hub and spoke configuration. The routers get a default route to the ABR via default information originate. Now the ABR has all the N2 routes for the three routers. But so do all three routers, which isn't needed. They only have one interface and a default route. Is there a way I can ignore all routes in the area except the default route coming from the ABR? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
Re: [c-nsp] OSPF NSSA question
You're probably looking for the ip ospf database-filter all out command. And there can be more than one router in the OSPF stub area. Ivan http://www.ioshints.info/about http://blog.ioshints.info/ Ok thanks. that answers my question. It's not a big deal, I just was wondering. As for the one who suggested totally stubby or stub, I understood a stub area can only have one OSPF router. -Original Message- From: Mateusz Blaszczyk [mailto:blah...@gmail.com] Sent: Tuesday, July 21, 2009 12:34 PM To: Ruben Alvarez Cc: cisco-nsp@puck.nether.net Subject: Re: [c-nsp] OSPF NSSA question Ruben, All routers in an OSPF area have to have the same OSPF topology database. So unless you put each router in its own area there is no really a good way around it. Best Regards, -mat 2009/7/21 Ruben Alvarez r...@opusnet.com: Hello, I have a question. I have recently setup a second OSPF area. The ABR has three routers connected to it (area 1) in a hub and spoke configuration. The routers get a default route to the ABR via default information originate. Now the ABR has all the N2 routes for the three routers. But so do all three routers, which isn't needed. They only have one interface and a default route. Is there a way I can ignore all routes in the area except the default route coming from the ABR? ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ___ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
