passive interface

Answered Question
Nov 23rd, 2008
User Badges:

Hi,


In ospf, I config the passve-interfce to interface. e.g.


router ospf 1

network 192.168.1.0 0.0.0.255

passive-interface fe0/0


Does it mean that the interface FE 0/0 MUST be the "stub area"?


or


does the "passive-interface" appear in stub area?

If config the stub area, the passive-interface should be config aslo.


rdgs




Correct Answer by Giuseppe Larosa about 8 years 4 months ago

Hello Anita,

the purpose of passive-interface is to allow the advertisement of the IP subnet associated to the interface without sending out:


- periodic updates for RIP and IGRP: these older protocol miss the state machine concept so they still accept routing updates heard on a passive interface. The same applies to RIPv2


- stop to send Hello packets out the interface: this applies to OSPF IS-IS and EIGRP: all of these protocols have a neighbor state machine: they cannot accept an update from someone that is not a neighbor so for them the passive interface stops sending and also receiving routing updates.


BGPv4: the passive-interface concept doesn't apply to BGP: for BGP a network is not a trigger for sending or receiving updates, hellos out the interface(s) whose IP addresses match the network command. In BGP a network command makes BGP to advertise the prefix if it is present in the routing table by any routing source (not only connected interfaces but also static routes or other routing protocols).

BGP packets are exchanged only on manually configured TCP sockets that act as communication channels for exchanging reachability information.


ODR:

ODR is based on CDP version2: if CDP is disabled on the link ODR will not work. But there is no passive-interface concept.


Hope to help

Giuseppe



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Giuseppe Larosa Sun, 11/23/2008 - 06:47
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Anita,

with passive-interface fa0/0 you tell the router that even if fa0/0's ip address match a network area statement you don't want it to build OSPF adjacencies on it: it does this by blocking hello protocol messages.


On a simpler protocol like RIP the passive-interfaces inhibits the sending of RIP updates but does not block the interface to receive RIP updates from other routers on the segment


The passive-interface is not related to stub area: you can passive also an interface in area 0.

To be noted the network associated to fa0/0 is still advertised in OSPF on other interfaces as an O route / O IA route. (if it matches a network area command)


Hope to help

Giuseppe


anitachoi3 Sun, 11/23/2008 - 07:03
User Badges:

Hi,


I check the cisco link about the passive-interface,


http://www.cisco.com/en/US/docs/ios/iproute/command/reference/irp_pi1.html#wp1015271


it mentioned that "For the Open Shortest Path First (OSPF) protocol, OSPF routing information is neither sent nor received through the specified router interface. The specified interface address appears as a stub network in the OSPF domain."


base on the description, I config "passive-interface" or "area 1 stub no summary" to achieve above result?


rdgs



Giuseppe Larosa Sun, 11/23/2008 - 07:45
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Anita,

OSPF terminology is sometimes misleading:


a stub network: a segment where there are no other routers for example a client vlan with only user Pcs on it.

Used to classify links in Router LSA.


There is no need to send out OSPF hello packets stating the router is the DR for the segment no one can use it (an inside attacker may be interested)


a stub area: an OSPF area that has a built-in filter for every LSA type 5 (external type 5) that are not allowed to pass from area 0 to the stub area.


a stub area no summary: in addition to the filter on LSA type 5 also LSA type 4 and type 3 (O IA routes) are filtered

this a totally stub area


from the point of view of a router internal to the OSPF stub area it has a minimized database with detailed info of the area and just an O IA default route to the ABR router(s) that connect it to the backbone area.



This is useful if you have old or small routers and you want to avoid to overload them with the full OSPF database


passive-interface is explained in previous post is a different matter.


Hope to help

Giuseppe



anitachoi3 Mon, 11/24/2008 - 00:39
User Badges:

Hi Giuseppe,


It means that function of the passive-interface:


-it does not send out the hello packet from that interface

-it still sends out "routes update" to that interfaces



-it can receive any incoming traffic from that interface

e.g. incoming "routes update" from that interface

e.g. incoming "hello packet" from that interface" but not take any action)


Does it have the same behaviour for all routing protocols?

eigrp

ospf

igrp

isis

rip

rip v2

bgp4

odr


rdgs



Correct Answer
Giuseppe Larosa Mon, 11/24/2008 - 02:44
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Anita,

the purpose of passive-interface is to allow the advertisement of the IP subnet associated to the interface without sending out:


- periodic updates for RIP and IGRP: these older protocol miss the state machine concept so they still accept routing updates heard on a passive interface. The same applies to RIPv2


- stop to send Hello packets out the interface: this applies to OSPF IS-IS and EIGRP: all of these protocols have a neighbor state machine: they cannot accept an update from someone that is not a neighbor so for them the passive interface stops sending and also receiving routing updates.


BGPv4: the passive-interface concept doesn't apply to BGP: for BGP a network is not a trigger for sending or receiving updates, hellos out the interface(s) whose IP addresses match the network command. In BGP a network command makes BGP to advertise the prefix if it is present in the routing table by any routing source (not only connected interfaces but also static routes or other routing protocols).

BGP packets are exchanged only on manually configured TCP sockets that act as communication channels for exchanging reachability information.


ODR:

ODR is based on CDP version2: if CDP is disabled on the link ODR will not work. But there is no passive-interface concept.


Hope to help

Giuseppe



Actions

This Discussion