Mailing List Archive

Drew Weaver via cisco-nsp wrote on 15/11/2023 17:43:
> Is there a way to prevent that IP address from being seen at all by the IOS XR routers?

prefix filtering is a defining feature of a policy routing protocol.
OSPF is a link-state protocol, and doesn't support the concept of having
different visibility of prefixes inside the same area. If you want that
with OSPF, you'll need to divide your network into different areas,
which is messy. Probably better off using bgp for this.

Nick
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

On 11/28/23 17:02, Nick Hilliard via cisco-nsp wrote:

>
> prefix filtering is a defining feature of a policy routing protocol.
> OSPF is a link-state protocol, and doesn't support the concept of
> having different visibility of prefixes inside the same area.  If you
> want that with OSPF, you'll need to divide your network into different
> areas, which is messy. Probably better off using bgp for this.

Filtering in link state routing protocols is a bit of a misnomer,
technically speaking... but, you can use import/export filters on
routers with OSPF and IS-IS.

It would not necessarily limit the LSA/LSP flooding scope, but you end
up with the desired outcome (all manner of caveats apply).

All that said, the usefulness of an IGP is in its homogeneous view of
the network from and by all participating nodes. Bad things can happen
when one partitions IGP's, especially in an unintended way. As you say,
BGP is better for this kind of thing, as typically, IGP's should carry
infrastructure prefixes, and you don't really want to filter those as
they provide basic router-to-router connectivity.

Mark.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Can you point me towards a hint on how you implement import/export filters in OSPF on IOS XR?

Are you referring to 'distribute lists'?

Another thing that is a bit quirky from my standpoint is why when the remote router gets knocked offline BFD on the OSPF process doesn't kill the route immediately.

It seems like it takes 15-20 seconds for the route to be removed entirely from OSPF from when the transport goes down.

Thanks,
-Drew




-----Original Message-----
From: cisco-nsp <cisco-nsp-bounces@puck.nether.net> On Behalf Of Mark Tinka via cisco-nsp
Sent: Tuesday, November 28, 2023 10:34 AM
To: cisco-nsp@puck.nether.net
Subject: Re: [c-nsp] IOS XR filter route from OSPF?



On 11/28/23 17:02, Nick Hilliard via cisco-nsp wrote:

>
> prefix filtering is a defining feature of a policy routing protocol.
> OSPF is a link-state protocol, and doesn't support the concept of
> having different visibility of prefixes inside the same area. If you
> want that with OSPF, you'll need to divide your network into different
> areas, which is messy. Probably better off using bgp for this.

Filtering in link state routing protocols is a bit of a misnomer, technically speaking... but, you can use import/export filters on routers with OSPF and IS-IS.

It would not necessarily limit the LSA/LSP flooding scope, but you end up with the desired outcome (all manner of caveats apply).

All that said, the usefulness of an IGP is in its homogeneous view of the network from and by all participating nodes. Bad things can happen when one partitions IGP's, especially in an unintended way. As you say, BGP is better for this kind of thing, as typically, IGP's should carry infrastructure prefixes, and you don't really want to filter those as they provide basic router-to-router connectivity.

Mark.
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net https://urldefense.proofpoint.com/v2/url?u=https-3A__puck.nether.net_mailman_listinfo_cisco-2Dnsp&d=DwIGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=OPufM5oSy-PFpzfoijO_w76wskMALE1o4LtA3tMGmuw&m=vULDC6NcfEryzxgZJwBX01MI1hvcl6imhD3JeJk-APbysS6EeiyW2iYo-iNe2hyv&s=bxKox8AZsSqTO0SucoYYO20srO8SW3Ewq1Ip_709ASQ&e=
archive at https://urldefense.proofpoint.com/v2/url?u=http-3A__puck.nether.net_pipermail_cisco-2Dnsp_&d=DwIGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=OPufM5oSy-PFpzfoijO_w76wskMALE1o4LtA3tMGmuw&m=vULDC6NcfEryzxgZJwBX01MI1hvcl6imhD3JeJk-APbysS6EeiyW2iYo-iNe2hyv&s=5zW-HHWMmy0AUPIFDaod5TRgutJC7tKZzMTyflG8bS0&e=
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Are you running BFD on the link as well?

On Thu, Nov 30, 2023 at 8:33?AM Drew Weaver via cisco-nsp <
cisco-nsp@puck.nether.net> wrote:

> Can you point me towards a hint on how you implement import/export filters
> in OSPF on IOS XR?
>
> Are you referring to 'distribute lists'?
>
> Another thing that is a bit quirky from my standpoint is why when the
> remote router gets knocked offline BFD on the OSPF process doesn't kill the
> route immediately.
>
> It seems like it takes 15-20 seconds for the route to be removed entirely
> from OSPF from when the transport goes down.
>
> Thanks,
> -Drew
>
>
>
>
> -----Original Message-----
> From: cisco-nsp <cisco-nsp-bounces@puck.nether.net> On Behalf Of Mark
> Tinka via cisco-nsp
> Sent: Tuesday, November 28, 2023 10:34 AM
> To: cisco-nsp@puck.nether.net
> Subject: Re: [c-nsp] IOS XR filter route from OSPF?
>
>
>
> On 11/28/23 17:02, Nick Hilliard via cisco-nsp wrote:
>
> >
> > prefix filtering is a defining feature of a policy routing protocol.
> > OSPF is a link-state protocol, and doesn't support the concept of
> > having different visibility of prefixes inside the same area. If you
> > want that with OSPF, you'll need to divide your network into different
> > areas, which is messy. Probably better off using bgp for this.
>
> Filtering in link state routing protocols is a bit of a misnomer,
> technically speaking... but, you can use import/export filters on routers
> with OSPF and IS-IS.
>
> It would not necessarily limit the LSA/LSP flooding scope, but you end up
> with the desired outcome (all manner of caveats apply).
>
> All that said, the usefulness of an IGP is in its homogeneous view of the
> network from and by all participating nodes. Bad things can happen when one
> partitions IGP's, especially in an unintended way. As you say, BGP is
> better for this kind of thing, as typically, IGP's should carry
> infrastructure prefixes, and you don't really want to filter those as they
> provide basic router-to-router connectivity.
>
> Mark.
> _______________________________________________
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://urldefense.proofpoint.com/v2/url?u=https-3A__puck.nether.net_mailman_listinfo_cisco-2Dnsp&d=DwIGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=OPufM5oSy-PFpzfoijO_w76wskMALE1o4LtA3tMGmuw&m=vULDC6NcfEryzxgZJwBX01MI1hvcl6imhD3JeJk-APbysS6EeiyW2iYo-iNe2hyv&s=bxKox8AZsSqTO0SucoYYO20srO8SW3Ewq1Ip_709ASQ&e=
> archive at
> https://urldefense.proofpoint.com/v2/url?u=http-3A__puck.nether.net_pipermail_cisco-2Dnsp_&d=DwIGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=OPufM5oSy-PFpzfoijO_w76wskMALE1o4LtA3tMGmuw&m=vULDC6NcfEryzxgZJwBX01MI1hvcl6imhD3JeJk-APbysS6EeiyW2iYo-iNe2hyv&s=5zW-HHWMmy0AUPIFDaod5TRgutJC7tKZzMTyflG8bS0&e=
> _______________________________________________
> cisco-nsp mailing list cisco-nsp@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/