But if you are connecting something using an installer, why wouldn’t you have your “dev/lab/testing” routes in a separate VRF or routing instance anyways?
I know it’s religious topic and may even border on best practices somewhere… but a LOT of networks redistribute connected/static/direct routes into backbone area of OSPF…. Personally I’ve never been burnt by it but I also have certain safeguards I maintain such as complete control over where OSPF is used… From: Af [mailto:af-boun...@afmug.com] On Behalf Of Shayne Lebrun Sent: Thursday, May 21, 2015 12:20 PM To: af@afmug.com Subject: Re: [AFMUG] mt ospf question For me, it’s just a matter of the principal of least harm, or keep it simple stupid, or ‘fail safe,’ or something along those lines. If you have your router set to distribute all routes, there will be a time you happen to want to put an address on the router and not distribute it. Say, for example, an installer goes out with an unconfigured, or misconfigured, piece of equipment. You can put an address on the router, and telnet in, SSH in, make a nat rule, use the web proxy, or SOMETHING to get into it and program it. But meanwhile, you’re distributing a route you might not want to. On the other hand, if instead of going ‘/ip address add address=x.x.x.x/x interface=y’, you go ‘/ip address add address=x.x.x.x/x interface=y[enter]/routing ospf network add network=x.x.x.x/x area=whatever’ you’re absolutely, positively sure that you’re only advertising routes you’ve specifically chosen to. From: Af [mailto:af-boun...@afmug.com] On Behalf Of That One Guy /sarcasm Sent: Thursday, May 21, 2015 12:00 PM To: af@afmug.com <mailto:af@afmug.com> Subject: Re: [AFMUG] mt ospf question i dont understand why the pop routers wouldnt just distribute connected. In not questioning to be a dick, I just dont understand. I cant see any reason there would be a route on a pop router under normal circumstances that i wouldnt want distributed? I have a total of three days of production OSPF so, though I know this makes me a secialist, Im wanting to learn On Thu, May 21, 2015 at 8:59 AM, Stefan Englhardt <s...@genias.net <mailto:s...@genias.net> > wrote: Ok. That’s a way ;-)). Von: Af [mailto:af-boun...@afmug.com <mailto:af-boun...@afmug.com> ] Im Auftrag von Faisal Imtiaz Gesendet: Donnerstag, 21. Mai 2015 15:52 An: af@afmug.com <mailto:af@afmug.com> Betreff: Re: [AFMUG] mt ospf question >>. Doing this you enable ospf on the interfaces with addresses within >>x.x.x.x/x. This is not wanted on all edge networks/customer networks. You are absolutely right Stefan, my colleagues failed to mention (assumed), that you should put all your physical interfaces in the OSPF interface and set them up as passive :) Faisal Imtiaz Snappy Internet & Telecom 7266 SW 48 Street Miami, FL 33155 Tel: 305 663 5518 x 232 <tel:305%20663%205518%20x%20232> Help-desk: (305)663-5518 <tel:%28305%29663-5518> Option 2 or Email: supp...@snappytelecom.net <mailto:supp...@snappytelecom.net> _____ From: "Stefan Englhardt" <s...@genias.net <mailto:s...@genias.net> > To: af@afmug.com <mailto:af@afmug.com> Sent: Thursday, May 21, 2015 9:45:04 AM Subject: Re: [AFMUG] mt ospf question Doing this you enable ospf on the interfaces with addresses within x.x.x.x/x. This is not wanted on all edge networks/customer networks. Von: Af [mailto:af-boun...@afmug.com] Im Auftrag von Shayne Lebrun Gesendet: Donnerstag, 21. Mai 2015 15:33 An: af@afmug.com <mailto:af@afmug.com> Betreff: Re: [AFMUG] mt ospf question You tell the router what routes to redistribute, rather than telling the router to redistribute everything that’s there. There’s never a reason not to simply take the extra five seconds to type ‘/routing ospf network add network=x.x.x.x/x area=whatever’. There’s a lot of very good reasons not to, however. From: Af [mailto:af-boun...@afmug.com] On Behalf Of Stefan Englhardt Sent: Thursday, May 21, 2015 8:16 AM To: af@afmug.com <mailto:af@afmug.com> Subject: Re: [AFMUG] mt ospf question Looked twice at this. How does your network know the route to a network connected to one of your routers if he does not redistribute this information into ospf? Von: Af [mailto:af-boun...@afmug.com] Im Auftrag von Dennis Burgess Gesendet: Donnerstag, 21. Mai 2015 14:10 An: af@afmug.com <mailto:af@afmug.com> Betreff: Re: [AFMUG] mt ospf question There are about 0 times when you should distribute connected, just a FYI. 99% of the time it causes issues with unintended and/or unneeded distribution of routes .. Dennis Burgess, CTO, Link Technologies, Inc. den...@linktechs.net <mailto:den...@linktechs.net> – 314-735-0270 <tel:314-735-0270> – www.linktechs.net <http://www.linktechs.net> From: Af [mailto:af-boun...@afmug.com] On Behalf Of Gilbert Gutierrez Sent: Wednesday, May 20, 2015 3:47 PM To: af@afmug.com <mailto:af@afmug.com> Subject: Re: [AFMUG] mt ospf question Are you redistributing Connected? If the /30 is not on the networks tab, then you will need to redistribute connected routes. If you add static routes pointing to places you will want to redistribute static routes as well. Gilbert On 5/20/2015 1:03 PM, That One Guy /sarcasm wrote: So I have this here mikrotik Ive been implementing ospf on Right now because this is transition, all MT ports hit the same switch Eth6 is on a /30 that is going to a powercode BMU thats distributing the default route, it works fine Eth2 is on a /30 that is going to a fortigate, it works fine the routes propagate as they should I initially tried to add another /30 to Eth2 for a second fortigate, but it wouldnt let me add the netwok so I put that /30 on eth3 it comes up in a state designated router I moved it to eth4, same thing designated router the other two that are working have said backup all along is there something about adding a third ospf interface to mikrotik i need to know here? -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team. -- If you only see yourself as part of the team but you don't see your team as part of yourself you have already failed as part of the team.
