OSPF Interfaces question

Nans

Hello

From what I have understood OSPF sends LSA packets only on the interfaces that are added using the network command. Then an interface which is not configured will not be sending any Hello Msgs or receive those .

My question is what is the use of using the passive-interface when the task we need is already done in the beginning.

regards

networker050184

What happens if you want an interfaces network to be advertised in OSPF but you don't want to form neighbors out of that interface? For instance a network that has just hosts.

Nans

networker050184 wrote: »

What happens if you want an interfaces network to be advertised in OSPF but you don't want to form neighbors out of that interface? For instance a network that has just hosts.

Gothca. This what i inferred from what you said.. " It is used to advertise that there is a network on the other side of interface and let all other neighbours know about this from other interfaces but dont send any hello messages from that interface coz i dont want any neighbours from that side"

Is that what you were saying.!!

Thanks Mr networker.

Mooseboost

Lets say we only have hosts out of that interface, but we want to advertise them. Now, Now lets say we don't use passive interface and we don't have any authentication set for neighbor relationships.. Now we have network savy Bob who loves chaos. He uses wireshark to capture what he needs and hooks up a router and starts doing some crazy business.


Essentially, passive-interface allows us to bring those hosts into the network without risking any rogue neighbors forming either by intention or accident. If we know that no neighbors should be out of that interface, then we don't need to have hellos going out or acknowledge hellos on that interface.

networker050184

Nans wrote: »

Is that what you were saying.!!

You got it. There are several reasons why you wouldn't want hellos out of an interface while still advertising the network to neighbors. Security is an example like Mooseboost pointed out.

Nans

Mooseboost wrote: »

Lets say we only have hosts out of that interface, but we want to advertise them. Now, Now lets say we don't use passive interface and we don't have any authentication set for neighbor relationships.. Now we have network savy Bob who loves chaos. He uses wireshark to capture what he needs and hooks up a router and starts doing some crazy business.


Essentially, passive-interface allows us to bring those hosts into the network without risking any rogue neighbors forming either by intention or accident. If we know that no neighbors should be out of that interface, then we don't need to have hellos going out or acknowledge hellos on that interface.

Thankyou Mooseboost that helps .

_Gonzalo_

In case that you´re interested on going for the extra mile...

What Mooseboost explained is perfectly right for OSPF and EIGRP, but RIP still listens for updates when passive interface is enabled. That is one of the many reasons why it is obsolete...

Deathmage

This is something I've always wondered but is so far above the scope of the CCNA, but could you apply the passive-interface on an interface linking another router or OSPF area to make stub networks?

IE: core network in a triangle '3-router' network in say AREA 0 and then a distro layer with L3 switches in say AREA 1, could you essentially use the interfaces that link the routers to the L3 switches with passive-interfaces to block LSA advertisements?

I'd just do static routing between the core and distro layers, just curious if this concept could be applied in that manner too or if there is a concept I haven't learn yet for multi area OSPF.

Stevecb06

Deathmage wrote: »

This is something I've always wondered but is so far above the scope of the CCNA, but could you apply the passive-interface on an interface linking another router or OSPF area to make stub networks?

IE: core network in a triangle '3-router' network in say AREA 0 and then a distro layer with L3 switches in say AREA 1, could you essentially use the interfaces that link the routers to the L3 switches with passive-interfaces to block LSA advertisements?

I'd just do static routing between the core and distro layers, just curious if this concept could be applied in that manner too or if there is a concept I haven't learn yet for multi area OSPF.

The link below has some good information on creating "stub areas" in OSPF networks.
What Are OSPF Areas and Virtual Links? - Cisco

networker050184

Deathmage wrote: »

This is something I've always wondered but is so far above the scope of the CCNA, but could you apply the passive-interface on an interface linking another router or OSPF area to make stub networks?

IE: core network in a triangle '3-router' network in say AREA 0 and then a distro layer with L3 switches in say AREA 1, could you essentially use the interfaces that link the routers to the L3 switches with passive-interfaces to block LSA advertisements?

I'd just do static routing between the core and distro layers, just curious if this concept could be applied in that manner too or if there is a concept I haven't learn yet for multi area OSPF.

What you'd be doing there is creating two separate OSPF domains with static routing between them. So yeah, technically you could do that, but I don't know why you'd ever want to. OSPF has built in mechanisms for lowering LSA counts in areas when need be. No need to reinvent the wheel.

_Gonzalo_

Deathmage wrote: »

or if there is a concept I haven't learn yet for multi area OSPF.

Well, there are areas for OSPF. These are similar to having two separated AS in EIGRP. And they are (as was pointed out in previous posts) mechanisms to control LSA through area configuration.

Though it is creative, you would not do that static routing and independent OSPFs solution because you would negate the advantage of a dynamic routing protocol...

Also, if you are saying that you would apply that in a campus design between core and distribution, you do not fully understand campus designs or dynamic routing. Do not misunderstand me, it´s all right. CCNA only covers certain topics superficially. In CCNP you will connect a lot of dots regarding that, so just keep going!

Deathmage

networker050184 wrote: »

What you'd be doing there is creating two separate OSPF domains with static routing between them. So yeah, technically you could do that, but I don't know why you'd ever want to. OSPF has built in mechanisms for lowering LSA counts in areas when need be. No need to reinvent the wheel.

Awesome, I was sort of looking to do this at home, but I feel I need to focus on the CCNA core stuff 1st for my upcoming exam but most of the time I'm always wondering what more some of these routing protocols can do. Taking the Boson sim's shows me little tid-bit's of what more OSPF can do past the backbone and then it goes away and I'm really intrigued. So it's interesting to see that passive-interface can be used in that manner; although as you pointed out, not always the best use of the wheel.

_Gonzalo_ wrote: »

Well, there are areas for OSPF. These are similar to having two separated AS in EIGRP. And they are (as was pointed out in previous posts) mechanisms to control LSA through area configuration.

Though it is creative, you would not do that static routing and independent OSPFs solution because you would negate the advantage of a dynamic routing protocol...

Also, if you are saying that you would apply that in a campus design between core and distribution, you do not fully understand campus designs or dynamic routing. Do not misunderstand me, it´s all right. CCNA only covers certain topics superficially. In CCNP you will connect a lot of dots regarding that, so just keep going!

Naaa I didn't misunderstood you, after many posts on here I've developed a thick skin for responses. I understand I don't fully grasp or understand many things, I blatantly admit that, but I'm always seeking out what else things can do. The backbone AREA 0 in CCNA I know from the books only seems like the tip of the iceberg and there is so much under the waterline I haven't even seen yet and it very fascinating.

Like for instance, the lab I posted on Saturday in my CCENT in two days post, I know I aimed to make a Campus Design but it's essential still a Area 0 network after looking at it on my flowchart, so it doesn't really work as how I hoped but it's all good I know I still have stuff to learn above CCNA content. Can't help a guy for wondering though.

_Gonzalo_

Deathmage wrote: »

Like for instance, the lab I posted on Saturday in my CCENT in two days post, I know I aimed to make a Campus Design but it's essential still a Area 0 network after looking at it on my flowchart, so it doesn't really work as how I hoped but it's all good I know I still have stuff to learn above CCNA content.

I´ll take a look at that lab and comment on it, maybe I can give you directions.

Deathmage wrote: »

Can't help a guy for wondering though.

Hahahaha

I think that´s the way to go! If you are not interested in what you´re doing, I say do something else. When I was doing my CCNA, I started my own network design right after module 1 (it was obviously ridiculous, I laugh every time I see it). By module 4, I went to my teacher with a campus design with redundancy over two routers on a stick... hehehe He couldn´t do anything but teach me multilayer switches and HSRP so I could progress!