OSPF: Route not being filtered

ubuntu118 · Mon Sep 17, 2018 7:16 am

Hi.
I have a complex topology and a problem. First, the complete scenario:

HQ - (PPTP over Intranet) - HAS - (Wireless Link) - K1 - (PPTP over Intranet) - K2
And also:
HQ - (PPTP over Intranet) - K1Backup - (Cable) - K1
HQ - (PPTP over Intranet) - K2Backup - (Cable) - K2

K1Backup and K2Backups are connected through LTE for failover connecting to HQ. There are 5 other routers not running OSPF connected to this network via static routes.

And configurations (only non-OSPF routes displayed):

HQ:

/ip address print
Flags: X - disabled, I - invalid, D - dynamic
 #   ADDRESS            NETWORK         INTERFACE
 0   192.168.134.30/24  192.168.134.0   Local
 1   w.x.y.z/29         w.x.y.z         Internet
 2   192.168.126.220/29 192.168.126.216 Intranet
 3   192.168.125.202/25 192.168.125.128 Local
 4   172.15.0.1/32      172.15.0.1      loopback
 5 D 192.168.134.30/32  192.168.124.102 <pptp-PSJ>
 6 D 192.168.134.30/32  192.168.124.52  <pptp-BIK>
 7 D 172.16.2.9/32      172.16.2.10     K1
 8 D 172.16.2.13/32     172.16.2.14     K2
 9 D 172.16.2.5/32      172.16.2.6      HAS
10 D 192.168.134.30/32  192.168.183.102 <pptp-MYZ>

/ip route print where !ospf
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  0.0.0.0/0                          w.x.y.z                   1
 1 ADC  w.x.y.z/29         w.x.y.x         Internet                  0
 2 ADC  172.15.0.1/32      172.15.0.1      loopback                  0
 3 A S  172.16.0.0/12                      192.168.134.10            1
 4 ADC  172.16.2.6/32      172.16.2.5      HAS                       0
 5 ADC  172.16.2.10/32     172.16.2.9      K1                        0
 6 ADC  172.16.2.14/32     172.16.2.13     K2                        0
 7 A S  192.168.0.0/16                     192.168.134.10            1
 8 A S  192.168.23.168/29                  192.168.126.217           1
 9 A S  192.168.52.208/29                  192.168.126.217           1
10 A S  192.168.111.184/29                 192.168.126.217           1
11 A S  192.168.124.0/26                   192.168.124.52            1
12 ADC  192.168.124.52/32  192.168.134.30  <pptp-BIK>                0
13 A S  192.168.124.64/26                  192.168.124.102           1
14 ADC  192.168.124.102/32 192.168.134.30  <pptp-PSJ>                0
15 ADC  192.168.125.128/25 192.168.125.202 Local                     0
16 ADC  192.168.126.216/29 192.168.126.220 Intranet                  0
17 ADC  192.168.134.0/24   192.168.134.30  Local                     0
18 A S  192.168.183.64/26                  192.168.183.102           1
19 ADC  192.168.183.102/32 192.168.134.30  <pptp-MYZ>                0

/routing ospf export
/routing ospf area
add area-id=1.0.0.0 name=KFI
/routing ospf instance
set [ find default=yes ] metric-connected=1 metric-static=10 redistribute-connected=as-type-1 redistribute-static=as-type-1 router-id=172.15.0.1
/routing ospf interface
add cost=100 interface=K1 network-type=point-to-point
add cost=100 interface=K2 network-type=point-to-point
add interface=HAS network-type=point-to-point
/routing ospf network
add area=KFI network=192.168.0.0/16
add area=KFI network=172.16.0.0/12
add area=backbone network=172.16.2.4/30
add area=backbone network=172.16.2.8/30
add area=backbone network=172.16.2.12/30

/routing filter print
Flags: X - disabled 
 0   chain=ospf-out prefix=w.x.y.z/29 invert-match=no action=discard set-bgp-prepend-path="" 
 1   chain=ospf-out prefix=192.168.23.168/29 invert-match=no action=discard set-bgp-prepend-path="" 
 2   chain=ospf-in prefix=192.168.23.168/29 invert-match=no action=discard set-bgp-prepend-path="" 
 3   chain=ospf-out prefix=192.168.52.208/29 invert-match=no action=discard set-bgp-prepend-path="" 
 4   chain=ospf-in prefix=192.168.52.208/29 invert-match=no action=discard set-bgp-prepend-path="" 
 5   chain=ospf-out prefix=192.168.111.184/29 invert-match=no action=discard set-bgp-prepend-path="" 
 6   chain=ospf-in prefix=192.168.111.184/29 invert-match=no action=discard set-bgp-prepend-path="" 
 7   chain=ospf-out prefix=192.168.126.216/29 invert-match=no action=discard set-bgp-prepend-path="" 
 8   chain=ospf-in prefix=192.168.126.216/29 invert-match=no action=discard set-bgp-prepend-path=""

HAS:

/ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE
 0   192.168.23.174/29  192.168.23.168  Intranet                                                                                                                                                      
 1   172.16.2.17/30     172.16.2.16     K1
 2   172.27.2.2/24      172.27.2.0      PSJ       
 3   172.27.5.2/24      172.27.5.0      GBB
 4   172.15.0.2/32      172.15.0.2      loopback
 5 D 172.16.2.6/32      172.16.2.5      HQ
 
 /ip route print where !ospf
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  0.0.0.0/0                          172.16.2.5                1
 1 ADC  172.15.0.2/32      172.15.0.2      loopback                  0
 2 ADC  172.16.2.5/32      172.16.2.6      HQ                        0
 3 ADC  172.16.2.16/30     172.16.2.17     K1                        0
 4 ADC  172.27.2.0/24      172.27.2.2      PSJ                       0
 5 ADC  172.27.5.0/24      172.27.5.2      GBB                       0
 6 ADC  192.168.23.168/29  192.168.23.174  Intranet                  0
 7 A S  192.168.25.128/27                  172.27.5.1                1
 8 A S  192.168.52.208/29                  192.168.23.169            1
 9 A S  192.168.111.184/29                 192.168.23.169            1
10 A S  192.168.126.216/29                 192.168.23.169            1
11 A S  192.168.169.0/25                   172.27.2.1                1

/routing ospf export
/routing ospf area
add area-id=1.0.0.0 name=KFI
/routing ospf instance
set [ find default=yes ] metric-connected=1 metric-static=10 redistribute-connected=as-type-1 redistribute-static=as-type-1 router-id=172.15.0.2
/routing ospf network
add area=KFI network=172.27.2.0/24
add area=backbone network=172.16.2.16/30
add area=KFI network=172.27.5.0/24
add area=backbone network=172.16.2.4/30

/routing filter print
Flags: X - disabled 
 0   chain=ospf-out prefix=192.168.23.168/29 invert-match=no action=discard set-bgp-prepend-path="" 
 1   chain=ospf-in prefix=192.168.23.168/29 invert-match=no action=discard set-bgp-prepend-path="" 
 2   chain=ospf-out prefix=192.168.52.208/29 invert-match=no action=discard set-bgp-prepend-path="" 
 3   chain=ospf-in prefix=192.168.52.208/29 invert-match=no action=discard set-bgp-prepend-path="" 
 4   chain=ospf-out prefix=192.168.111.184/29 invert-match=no action=discard set-bgp-prepend-path="" 
 5   chain=ospf-in prefix=192.168.111.184/29 invert-match=no action=discard set-bgp-prepend-path="" 
 6   chain=ospf-out prefix=192.168.126.216/29 invert-match=no action=discard set-bgp-prepend-path="" 
 7   chain=ospf-in prefix=192.168.126.216/29 invert-match=no action=discard set-bgp-prepend-path=""

K1:

/ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE
 0   192.168.125.102/25 192.168.125.0   Local
 1   172.16.2.18/30     172.16.2.16     HAS
 2   172.19.0.0/24      172.19.0.0      Local
 3   172.20.0.0/24      172.20.0.0      Local
 4   172.31.7.126/30    172.31.7.124    TCI
 5   172.16.2.25/30     172.16.2.24     Backup
 6   172.15.0.3/32      172.15.0.3      loopback
 7 D 172.16.2.21/32     172.16.2.22     <pptp-K2>
 
 /ip route print where !ospf
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  0.0.0.0/0                          172.16.2.17               1
 1 A S  10.139.2.0/24                      172.31.7.125              1
 2 ADC  172.15.0.3/32      172.15.0.3      loopback                  0
 3 ADC  172.16.2.16/30     172.16.2.18     HAS                       0
 4 ADC  172.16.2.22/32     172.16.2.21     <pptp-K2>                 0
 5 ADC  172.16.2.24/30     172.16.2.25     Backup                    0
 6 ADC  172.19.0.0/24      172.19.0.0      Local                     0
 7 ADC  172.20.0.0/24      172.20.0.0      Local                     0
 8 ADC  172.31.7.124/30    172.31.7.126    TCI                       0
 9 ADC  192.168.125.0/25   192.168.125.102 Local                     0

/routing ospf export
/routing ospf area
add area-id=1.0.0.0 name=KFI
/routing ospf instance
set [ find default=yes ] metric-connected=1 metric-static=10 redistribute-connected=as-type-1 redistribute-static=as-type-1 router-id=172.15.0.3
/routing ospf network
add area=KFI network=192.168.125.0/25
add area=KFI network=172.19.0.0/24
add area=KFI network=172.20.0.0/24
add area=backbone network=172.16.2.16/30
add area=backbone network=172.16.2.20/30
add area=backbone network=172.16.2.24/30

K1Backup:

/ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE
 0   172.16.2.26/30     172.16.2.24     K1
 1   172.15.0.5/32      172.15.0.5      loopback
 2 D 199.168.88.254/24  199.168.88.0    Internet
 3 D 172.16.2.10/32     172.16.2.9      HQ
 
 /ip route print where !ospf
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADS  0.0.0.0/0                          199.168.88.1              1
 1 ADC  172.15.0.5/32      172.15.0.5      loopback                  0
 2 ADC  172.16.2.9/32      172.16.2.10     HQ                        0
 3 ADC  172.16.2.24/30     172.16.2.26     K1                        0
 4 ADC  199.168.88.0/24    199.168.88.254  Internet                  0

/routing ospf export
/routing ospf area
add area-id=1.0.0.0 name=KFI
/routing ospf instance
set [ find default=yes ] metric-connected=1 metric-static=10 redistribute-connected=as-type-1 redistribute-static=as-type-1 router-id=172.15.0.5
/routing ospf interface
add cost=100 interface=HQ network-type=point-to-point
/routing ospf network
add area=backbone network=172.16.2.24/30
add area=backbone network=172.16.2.8/30

/routing filter print
Flags: X - disabled 
 0   chain=ospf-out prefix=199.168.88.0/24 invert-match=no action=discard set-bgp-prepend-path=""

K2:

/ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE
 0   192.168.179.52/25  192.168.179.0   Local
 1   172.21.0.0/24      172.21.0.0      Local
 2   10.139.2.2/24      10.139.2.0      TCI
 3   172.16.2.29/30     172.16.2.28     Backup
 4   172.15.0.4/32      172.15.0.4      loopback
 5 D 172.16.2.22/32     172.16.2.21     K1
 
 /ip route print where !ospf
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 A S  0.0.0.0/0                          172.16.2.21               1
 1 ADC  10.139.2.0/24      10.139.2.2      TCI                       0
 2 ADC  172.15.0.4/32      172.15.0.4      loopback                  0
 3 ADC  172.16.2.21/32     172.16.2.22     K1                        0
 4 ADC  172.16.2.28/30     172.16.2.29     Backup                    0
 5 ADC  172.21.0.0/24      172.21.0.0      Local                     0
 6 A S  172.31.7.124/30                    10.139.2.1                1
 7 ADC  192.168.179.0/25   192.168.179.52  Local                     0

/routing ospf export
/routing ospf area
add area-id=1.0.0.0 name=KFI
/routing ospf instance
set [ find default=yes ] metric-connected=1 metric-static=10 redistribute-connected=as-type-1 redistribute-static=as-type-1 router-id=172.15.0.4
/routing ospf network
add area=KFI network=172.21.0.0/24
add area=KFI network=192.168.179.0/25
add area=backbone network=172.16.2.28/30
add area=backbone network=172.16.2.20/30

K2Backup:

/ip address print
Flags: X - disabled, I - invalid, D - dynamic 
 #   ADDRESS            NETWORK         INTERFACE
 0   172.16.2.30/30     172.16.2.28     K2
 1   172.15.0.6/32      172.15.0.6      loopback
 2 D 199.168.89.254/24  199.168.89.0    Internet
 3 D 172.16.2.14/32     172.16.2.13     HQ
 
 /ip route print where !ospf  
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 0 ADS  0.0.0.0/0                          199.168.89.1              1
 1 ADC  172.15.0.6/32      172.15.0.6      loopback                  0
 2 ADC  172.16.2.13/32     172.16.2.14     HQ                        0
 3 ADC  172.16.2.28/30     172.16.2.30     K2                        0
 4 ADC  199.168.89.0/24    199.168.89.254  Internet                  0

/routing ospf export
/routing ospf area
add area-id=1.0.0.0 name=KFI
/routing ospf instance
set [ find default=yes ] metric-connected=1 metric-static=10 redistribute-connected=as-type-1 redistribute-static=as-type-1 router-id=172.15.0.6
/routing ospf interface
add cost=100 interface=HQ network-type=point-to-point
/routing ospf network
add area=backbone network=172.16.2.28/30
add area=backbone network=172.16.2.12/30
/routing ospf virtual-link
add disabled=yes neighbor-id=172.15.0.1
add disabled=yes neighbor-id=172.15.0.4

/routing filter print
Flags: X - disabled 
 0   chain=ospf-out prefix=199.168.89.0/24 invert-match=no action=discard set-bgp-prepend-path=""

Now, the problem: 192.168.126.216/29 appears everywhere in routing tables, but all of the other route filters work great. If the problem was that this subnet is a part of 192.168.0.0/16 (in KFI area), then 192.168.23.168/29 (HAS Intranet interface) would have been advertised like this, too. But routing tables show that this doesn't happen. The problem with this advertisement is that when HQ-HAS link is dropped, HAS makes its PPTP connection to HQ via K1-K1Backup, which shouldn't. A similar issue appears when K1-K2 link is dropped (I haven't have tried to filter routes on K1 or K2 because I'm stuck in this case). I'm currently preventing these by filtering PPTP connections on K1Backup and K2Backup, but this isn't a good idea. Please help.
Thanks

Mon Sep 17, 2018 11:14 am

Onlu "external" routes can be filtered. Based on your configuration 192.168.126.216/29 is not advertised as "external".

ubuntu118 · Mon Sep 17, 2018 11:56 am

OK, but how can I make it "external"? Is there any way or it will continue to be this way forever? And something else: This route is advertised as to be in backbone area. Why?

mducharme · Mon Sep 17, 2018 9:39 pm

OK, but how can I make it "external"? Is there any way or it will continue to be this way forever? And something else: This route is advertised as to be in backbone area. Why?

The reason you can't filter it (and why it is not 'external' type) is here:

/routing ospf network
add area=KFI network=192.168.0.0/16

You are including 192.168.x.x as normal (non-external) routes in the KFI area. Instead you'll need remove that line and replace it with several lines to advertise the individual 192.168 networks, except purposely do not include the network that you wish to filter. It will then be advertised as an external route and your filters should work.

ubuntu118 · Tue Sep 18, 2018 7:29 am

So, why doesn't this apply to 192.168.23.168/29 sunbet?! For logic's sake, don't say that it's because 192.168.0.0/16 is defined on HQ and 23.168/29 is defined on HAS!!! If you do, the only conclusion will be that in OSPF every router decides on its own, disregarding the structure of the entire network which should work seamlessly as a whole. Why this conclusion? Because I have defined the same area name and ID on all routers and I expect that routers understand that these areas are parts of a whole! If there is a logic in part of a network, it should apply to the entire network! Basicaly, I don't have any problem in partitioning my 192.168.0.0/16 using a few more lines of code, but this behavior doesn't seam logical to me.

mducharme · Tue Sep 18, 2018 8:01 am

So, why doesn't this apply to 192.168.23.168/29 sunbet?! For logic's sake, don't say that it's because 192.168.0.0/16 is defined on HQ and 23.168/29 is defined on HAS!!! If you do, the only conclusion will be that in OSPF every router decides on its own, disregarding the structure of the entire network which should work seamlessly as a whole. Why this conclusion? Because I have defined the same area name and ID on all routers and I expect that routers understand that these areas are parts of a whole! If there is a logic in part of a network, it should apply to the entire network! Basicaly, I don't have any problem in partitioning my 192.168.0.0/16 using a few more lines of code, but this behavior doesn't seam logical to me.

Yes, it is because on HAS you are not advertising the network as a 'regular' OSPF network, you are only advertising it as external on that router, and so it is filtered. On HQ you have the 'network' statement that tells the HQ router to share those subnets as 'regular' OSPF routes instead of external routes.

And yes, in OSPF every router decides on its own what to share, "disregarding the structure of the entire network" as you put it. But how did you not think this was how it worked? Isn't it logical that each router should control what it shares with others? I don't understand how you think that the entirely logical behavior of OSPF is not logical. OSPF isn't some magic thing where all routers talk together and decide in tandem what networks they have should be shared with others. OSPF isn't magic.

Suppose you have 6 IP addresses on a router in different subnets. You would add an OSPF network statement for each subnet (6 in total) to advertise those 6 subnets to the other routers. Those other routers will have their own subnets and they will have their own network statements for those subnets. On each router, you advertise the subnets that router has. By adding the network, you are telling your router that you want it to advertise those specified subnets to other routers. It does not define what networks other routers will share or how they will share them.

Suppose you log into computer A and share the D: drive as a Windows share. Great, you are happy. Now you go to computer B and you find that Windows has not immediately decided to share the D: drive of that computer upon your login. I assume you would get really angry and say it is not logical, and how could Microsoft be so stupid to design a system that would not know that you wanted to share D: drive on every single computer you went on, just because you shared it on one? Any system that isn't magic and doesn't read minds is not logical?

ubuntu118 · Tue Sep 18, 2018 8:42 am

Your example of Windows shares, isn't related to my problem with OSPF as Windows machines do not speak to each other about what they have and what they don't have. But in OSPF this happens and I thought that this should help me to have a seamless network. Anyway I think this is a problem in OSPF design, at least in a network which all routers trust each other (no authentication). Something like this either should not happen or happen in the entire network.

mducharme · Tue Sep 18, 2018 8:48 am

Your example of Windows shares, isn't related to my problem with OSPF as Windows machines do not speak to each other about what they have and what they don't have. But in OSPF this happens and I thought that this should help me to have a seamless network. Anyway I think this is a problem in OSPF design, at least in a network which all routers trust each other (no authentication). Something like this either should not happen or happen in the entire network.

So in OSPF design, you tell router A to share all networks in 192.168.0.0/16, and it has two networks in that range, and, great, it is sharing them. Now you go to router B and you are mad that it is connected to two other networks in that range and it is not sharing them? Because you told router A to do so you expect router B to share its networks in the same way even though you never told it to do so?

It is the same situation - the only difference here is that router B will relay any advertisements of 192.168.0.0/16 networks connected to router A that were advertised by router A, but it won't share its own networks that happen to fall in that range, just because you configured router A to do so.

You seem to misunderstand what OSPF does and doesn't do. Once a network is advertised on a router, yes OSPF will forward that advertisement to other routers automatically. But other routers will not magically decide "oh, I see that you want the other router over there to advertise this range, you must want me also advertise any subnets I have in this range without needing to configure anything!". It doesn't work that way.

mducharme · Tue Sep 18, 2018 8:54 am

Let me put it in another, simpler way.

You have OSPF on four routers, router A, B, C and D. You tell router A to share all of the networks it is connected to with the other routers. Do you expect router B, C and D to suddenly jump up and say "oh, ubuntu118 must want me to share all of my networks with all of the other routers, too, even though he never configured it! He set it on router A, so he must want us all to do the same thing!". Is that what you expect? Is that logical to you?

Maybe on router A you have three networks you want to advertise, 192.168.4.0/24, 192.168.5.0/24 and 192.168.6.0/24, and you decide just to keep it simple just to advertise 192.168.0.0/16, since that will advertise 4 5 and 6 in one shot. Router B is maybe connected to another network 192.168.7.0/24 that you don't want to advertise, maybe due to security reasons or some other reason. The way OSPF works, this other network 192.168.7.0/24 connected to router B will not be advertised unless you tell Router B to advertise it. You seem to want Router B to advertise this network it has without being told to because you told router A to do something similar. If OSPF routers actually worked this way, randomly sharing their own networks based on what you told other routers to share, you could trigger major routing issues and security holes in a network. Imagine if you start advertising a network on one router and some other router then thinks "oh I have a network in the same range, you probably want me advertise my network too!" and meanwhile you don't want that and sharing it would cause problems. That is the reason it doesn't work that way.

Also, is there a reason you are using redistribute-connected and redistribute-static for OSPF on all of the routers? This goes against normal OSPF design recommendations. I rarely need to enable these settings, and I am wondering why you felt the need to do so on all routers on your network. You may have turned on too much automatic stuff ("share everything!" features) and that may be why you are facing your current challenges needing to filter networks in the first place. Fixing your OSPF design -- thereby bringing it in line with normal OSPF design practices -- may obviate the need for you to filter networks.

ubuntu118 · Tue Sep 18, 2018 9:36 am

Is there a reason you are using redistribute-connected and redistribute-static for OSPF on all of the routers? This goes against normal OSPF design recommendations. I rarely need to enable these settings, and I am wondering why you felt the need to do so on all routers on your network. You may have turned on too much automatic stuff ("share everything!" features) and that may be why you are facing your current challenges needing to filter networks in the first place. Fixing your OSPF design, bringing it in line with normal OSPF design practices, may obviate the need for you to filter networks.

My network is part of a much larger corporate network (connected via another router with static routes between) and changes frequently according to company's needs. The reason I introduced OSPF is my backup links and the need for rapid routing table updates in case of link failures and the reason for this amount of automation is decreasing labor in case of changes.

mducharme · Tue Sep 18, 2018 9:39 am

My network is part of a much larger corporate network (connected via another router with static routes between) and changes frequently according to company's needs. The reason I introduced OSPF is my backup links and the need for rapid routing table updates in case of link failures and the reason for this amount of automation is decreasing labor in case of changes.

Yes that's good, and that makes sense, but that's not what I asked - why are you using redistribute-connected and redistribute-static, instead of the normal and recommended way of advertising OSPF networks (i.e. using an individual network statement for each network)? You are probably causing more problems for yourself than you need by having redistribute-connected and redistribute-static enabled. If you can, I would shut off those features and advertise the OSPF networks the "right" way, with individual network statements. You would probably remove the need for most of your filters in the process and make the network easier to manage.

ubuntu118 · Tue Sep 18, 2018 9:44 am

As I said, just for less labor on changes as in normal implementarion, I have to take care of OSPF configurations on every change. The problem is solvable via partitioning of network as this will be done once. After that there will be no more problem(s) ... I hope!

mducharme · Tue Sep 18, 2018 9:51 am

As I said, just for less labor on changes as in normal implementarion, I have to take care of OSPF configurations on every change. The problem is solvable via partitioning of network as this will be done once. After that there will be no more problem(s) ... I hope!

The redistribute-connected and redistribute-static may seem to save work, but I think it just ends up creating more work in the long run. I understand the desire to try to save time and automate things, but it is not worth doing where it causes more problems that you end up having to fix manually. It takes all of 30 seconds to log into a router and add a network to OSPF when you make a change. It is not hard. It takes less time to add an OSPF network than to get a cup of coffee -- in that context, "Less labor" generally should not be a concern.

Also, I'm not clear if these are your only OSPF routers, but I don't really see the need for the separate area, given what you have shown above. If these are your only OSPF routers, your network is small enough that everything can simply be in backbone without any issues really.

OSPF: Route not being filtered [SOLVED]

OSPF: Route not being filtered

Re: OSPF: Route not being filtered

Re: OSPF: Route not being filtered

Re: OSPF: Route not being filtered [SOLVED]

Re: OSPF: Route not being filtered

Re: OSPF: Route not being filtered

Re: OSPF: Route not being filtered

Re: OSPF: Route not being filtered

Re: OSPF: Route not being filtered

Re: OSPF: Route not being filtered

Re: OSPF: Route not being filtered

Re: OSPF: Route not being filtered

Re: OSPF: Route not being filtered

Who is online