In fact, this isn't really an interarea problem but a inter protocol problem.
Next month i'll have two border routers which are connecter to MAN by BGP. In my LAN and on my tunnels i'm in a "LAN backbone" area. Because of the priority of OSPF and the default route redistribution, the default route will be redistributed on my GRE tunnel and also between the two border routers and those routes are prior to BGP routes. A problem is also redistribute default is a global function, then the default route will be redistributed (and also taken) everywhere) . If we could configure redistribute default/static/connected on area, i could split my "LAN backbone" area into 3 areas (1 per site + 1 for GRE), and do not redistribute default route on GRE, but the redistribution between the two border routers is not fixed. Then the only way to resolve this issue is to filter entries to kernel routing table, you are right. -- Best regards, Loïc BLOT, UNIX systems, security and network expert http://www.unix-experience.fr Le mercredi 01 mai 2013 à 21:35 +0200, Claudio Jeker a écrit : > On Wed, May 01, 2013 at 08:56:32PM +0300, Dan Shechter wrote: > > You can't filter OSPF routes inside an area. It will break the OSPF > > shortest path tree. > > > > I don't know about ospfd, but on Cisco IOS you can filter routes > > (LSAs) between areas and you can also prevent prefixes from being > > inserted to the routing table of the router where the filtering > > commands are entered (you can't influence other routers' decisions for > > intra area routes) . > > > > Not having routes from the LSDB (RIB) in the routing table (FIB) is a good > way to melt down your network with routing loops. > In OSPF there is the assumption that if there is a path in the link-state > DB passing router A-B-C that the traffic will also flow that way. This is > only possible if the FIB and the RIB are in sync. You can't use a > link-state routing protocol with a distributed DB when you want to filter. > > Sure we could add inter-area filtering but even there you may end up with > some strange behaviours. The somewhat big hammer is to use a stub area in > that case. Until now I never saw a good reason for complex filter logic > and so I never implemented it. > > -- > :wq Claudio [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
