Perfect Claudio, if you need some tests, tell me. I will need this fix before middle june, then i can help you. I cannot get /1 from MAN routers, sorry, then i'm blocked with one router for now (and i hope the default route wouldn't be sent to the GRE tunnel :p).
If you want i would help you to implement filtering if you tell me how to do it. -- Cordialement, Loïc BLOT, Expertise en Systèmes UNIX, Sécurité et Réseaux http://www.unix-experience.fr Le jeudi 09 mai 2013 à 14:50 +0200, Claudio Jeker a écrit : > On Wed, May 01, 2013 at 11:45:04PM +0200, Loïc BLOT wrote: > > My border routers obtain a default route in fact, and OSPF must > > redistribute this route to LAN Routers. Here is a scheme > > > > > > |-------------- R1 site 1------------ R3 Site 1 > > | BGP AS 650XX | OSPF a3 | > > |-------------- R2 site 1------------ R4 Site 1 > > | | > > WAN | GRE (OSPF a3) > > | | > > |-------------- R1 site 2 ------------ R3 Site 2 > > | BGP AS 650YY | OSPF a3 | > > |-------------- R2 site 2------------- R4 Site 2 > > > > Each BGP AS redistribute a default route. > > you are right, OSPF should redistribute default route (it's the case) > > for R3/R4 routers on each site. The problem is between between the two > > border routers and on GRE. > > Please note R1 and R2 are full mesh GRE (R1S1 -> R1S2 / R1S1 -> R2S2 / > > R2S1 -> R2S1 -> R2S1 / R2S1 -> R2S2). > > When i said priority it's not route priority but protocol priority (BGP: > > 48/OSPF: 40) > > > > Any idea ? I think the only and the best solution is to filter installed > > routes > > > > OK I see your problem now. The BGP feeds are not sending you a full view > but just a default route and so you clash on the default routes. > For now the only hack that I know which would work is to have BGP > distribute to /1 (0/1 and 128/1) networks instead of the default route > because those will be more specific and win over the OSPF default route. > I know this is a ugly hack. > > My plan is two make the routing priority configurable per daemon and I > will also look into a Ext-LSA filter option for ospfd. Ext-LSA are strict > leave nodes in the LS graph and can be pruned without risk. This will take > some time so don't hold your breath. > > -- > :wq Claudio
