Hello Folks!

We have a complex network with many subnets and routers, all routing is fully static all over, and it has been successful for almost 8 years, not at all any problems has been observed.

We tried to implement OSPF in order to be able "route around" failing l2tp links. Well that was not a problem.
I made two L2TP links from each remote device connected to two different routers connected to different ISP.
Then I made OSPF distribute routes to connected networks by checking redistribute directly connected networks. It become a disaster in few moments, whole l2tp network collapsed and started to go up and down.
It seems like OSPF distributed also the public network that the vpn routers were connected to. Then I put in route filters to reject sending out those public networks. Then in worked very nicely, failover between l2tp links worked perfectly and fast.

Then next problems arrived, I have to remove and older ipsec + nat configuration between two offices.
I made lt2p links the same way as for the clients, using filters the same way as before, all seemed fine some moments. Then all break down again, looking around in the routers again the public networks was distributed, and yes filters are in all ospf routers. Other oddities arrived, several routers not at all using ospf not enabled on them, rebooted.....

routing filters... hmm...

How can I prevent ospf replicating our routes to network attached based on interface level instead of some strange mask+prefix that does not work anyway ?

For example)
I have local networks attached to an ospf router: eth1=192.168.1.0/24, eth2=172.16.1.0/24 and eth3=192.168.16.0/24.
But I want ospf to replicate out only the two first ones ?

Hello Folks!

I have gained some knowledge about OSPF in practice now. There are still a lot of strange things about it.

I made the routing filters working and then many problems went away. Now I am struggling with the migration from static routes to OSPF, it is a mess and feels a bit dangerous to loose control this way, but hopefully to the better and no need to sit manage the static routes all over. Just hope OSPF not suddenly want to mess all network up.

It was very nice to put dual l2tp tunnels from all remote mikrotik office devices to two different central mikrotik devices using different public networks, and then let OSPF do the magics if one l2tp tunnel fails, usually it become a BIG mess, I had to wake up in middle of night and manually switch over, scripts has been tested with various progress in past.

I was also able to "stage" from one very old l2tp specialized router to two new mikrotik routers during full production without customers notifying anything, then stage from some old copper based internet to fiber based. Very nice!

OSPF is great when it works but is most frustrating when on your core router the only item effected after a "glitch" is OSPF which justs gets stuck at "Exchange" to connected devices, what a "showstopper" network with no routing?
This has been occurring for a long time and checking and rechecking configurations on *ALL* devices, MTU, PTP, NBMA,Loopbacks, ..............etc
This showstopper event has made us ask - do we really need OSPF in all the network and what sections would function equally well with or without?

Still no solution but thankfully this issue occurrence rare?

How can I prevent ospf replicating our routes to network attached based on interface level instead of some strange mask+prefix that does not work anyway ?

For example)
I have local networks attached to an ospf router: eth1=192.168.1.0/24, eth2=172.16.1.0/24 and eth3=192.168.16.0/24.
But I want ospf to replicate out only the two first ones ?

One way to do this is via filters, as you have figured out...
the other way to do this is to use the osfp / passive interface feature..

e.g. in your example, if you add eth1, eth2, and eth3 to the OSFP interface list, and then set eth2 & eth3 as passive, you will be able to run osfp on eth1, and not on eth2 & eth3

Hello !

Great, I was just wondering what passive interface was for!

I will have to put passive on my vrrp interfaces that is only used for clients who do not understand ospf to reach default gw in case of router is off line by somne reasons. Dont know yet if I need to do it on some more interfaces.

Is there any more nice to have features ?
In the routing tables I see blue colored text at some places, also what does tha text in front of each route in the routing list means ?

Is there any benefit of also activatinig ospf to all customer wireless antennas setup as router between our network and theirs, as for now I have added static routes in access points (also working as routers) that ospf replicates out to our routers ?

We have two main offices that has some large networks inside, they are connected with vpn tunnels between, currently they belong to same ospf area, is there, is there any gain of stability to make two areas of it ?

Very many thanks!

Your questions are appropriate but there is no simple answer to them.
I would suggest that you google for OSPF best practices, and or ISP/NSP Best Practices to get familiar with the why to do and why not to do arguments.