What is the impact of unstable network advertisement in to OSFP AS

Unanswered Question
Oct 19th, 2008

Hi All,

General query. I have ASA which redistributes the EZVPN client's subnets (via redistribute connected subnets) in to the internal OSPF domain with multiple areas. Question is incase if the remote client has flapping connectivity to ASA, will it creates any instability in the inside OSPF domain..? If so, is there any way to supress those subnets for time being (till the link gets stable).

Thank you

MS

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Calin Chiorean Sun, 10/19/2008 - 21:46

Hello!

I don't know exactly how EZVPN is working, but if you redistribute connected than you will have no problem with OSPF, not matter how stable is your link to VPN remote site. You will always have an interface into the direct connected subnet which is redistributed to OSPF, and OSPF will always see this (as log as the IP is there) and advertise the subnet.

The problem is that your packet from LAN, to a remote VPN site reach OSPF router which is forwarding the packets through it's directed connected interface. If the remote end is not reachable the packet is discarded on the interface.

If you would have OSPF process with your VPN remote end, and this is flapping a lot, that's another story. You can have bigger hello time interval and dead interval and this will make OSPF process reconverge not so often.

Hope this is clear!

Cheers,

Calin

Actions

This Discussion