This is for more general topics about networking and vendors.
1 post • Page 1 of 1
Hello,attached you will find a simple topology for which I have a few questions. We are running OSPF in our network and recently we have converted to MPLS with our provider. The routing protocol between our CE our router / CPE (providers router) and the PEs is still OSPF with areas as shown in the diagram. All major traffic engineering is done in the providers cloud. Because the provider has enabled max-lsa on PE-2 when the ISDN connection came up, due to the LSAs sent by the branch router towards PE-2 the OSPF adjacency (PE-s / CPE) came down. In order to overcome this problem, I thought of configuring "ip ospf database-filter all out" on the dialer on CE, so that it wouldn send its database to the branch router, which would in turn send it towards PE-2. This seems to work fine. When the ISDN line comes up, the branch LSA database does not change. The problem is that the branch router sends its database to CE, which as I understand sends it to PE-1 (PE-1 is also configured with max-lsa, I suspect with a higher value than that of PE-2). This is not a major issue when only one branch uses its ISDN backup (the size of the LSA database increments by a value of ~= 700), but what if more branches use their ISDN backup simultaneously??? Then the adjacency between CE (core router) and PE-1 would come down!!!!My first idea to overcome this, was to also set "database filter all out" on the branches dialer. I read in the following link "http://fengnet.com/book/Cisco.IOS.Cookb ... ECT_3.html" that: The "database-filter all out" does not block OSPF Hello packets, so the routers will still form full and normal adjacencies. Also, it only blocks the sending of LSA packets. The router will receive routes normally. So I thought that the routing will still work. After configuring the "database-filter all out" I lose connectivity with the branch!!!! Why is that? Shouldn routes be received by both ends? Thanks in advance,Katerina
Katerina, The "database-filter all out" is not the solution you are really looking for. If you want to run OSPF over your Backup ISDN link - then you need to let OSPF know that is a Dial on Demand link type. This will stop the issues you are seeing and allow you to route when the MPLS is not available. under your ISDN dailer interface @ both ends configure ip ospf demand-circut HTH>
Hello Andrew,I have not any experience on "on demand circuits", but from what I read it doesn stop the initial LSA flooding (when the adjacency first comes up), but stops periodic updates and hellos. What I want to do is stop the initial LSA flooding all together, but still have routing!!! (I don even know if this is possible). From what I read "database-filter" does what I want, but it doesn work both ways!!! I am begging to think that it cannot be done, but I will give it another shot, before I completly surrender to the power (and stubborness) of OSPF Any more suggestions are welcome
Katerina, You are suggesting that after you have used the ip ospf database-filter all out command on your interface, you lost connectivity with your branch office. That can be understandable if you consider the fact that thanks to this command, the branch router is prevented from advertising its networks to the neigbhors so they may not have a route back. I am wondering if we are trying to do the right thing when we are searching for a workaround to a problem in fact imposed by your ISP - by having its LSA limits set too low for your needs. Is there no way to talk to the ISP and make it increase the limits? Or perhaps use a different routing protocol to communicate your networks to the PE routers, say, BGP? On a completely different note, I was wondering if you or your relatives have roots in the Czech Republic. The name Katerina is a Czech name - a very nice one, actually Best regards,Peter
Hello Peter, I myself would have preferred BGP for the connection to the ISP, but since I don work alone, the company (in which I am fairly new) insisted on OSPF (hence all the problems!). So I have to work with what I got!!!! In your answer you say "That can be understandable if you consider the fact that thanks to this command, the branch router is prevented from advertising its networks to the neigbhors so they may not have a route back." I think that I understand it now... (please correct me if I am wrong, because I have put a lot of effort into trying to find a solution!) My branch has a floating static, in order to use the ISDN when everything else fails. When "database-filter" is only configured on the CE, the CE doesn send the LSA-database to the branch, nor does it send any routes. The branch still sends routes to the CE, so the CE knows how to route everything back, and because of the floating static on the branch every IP in the network can be reached. When "database-filter" is also configured on the branch, no routes and no database are sent to the CE, thus the CE doesn know how to reach anything on the branch (except for the directly connected IP!). As far as the last part of your post, Katerina is a common name I suppose in all of the Balkan region and also in Greece, where I am from Thanks for your answer!