This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Queries on OSPF Route Summarization

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Queries on OSPF Route Summarization

Go to solution
Purushotham
L2 Linker

‎01-07-2024 02:29 PM

Customer have configured OSPF peering with firewall and switches.

Have multiple OSPF peering with different ZONEs via each sub interfaces. Currently we are receiving around 4k routes at DCE-ES for each peering. Since ES switch hardware not supporting that much routing entries, we need to do summarization for those routes.

Need to know how to do route-summarization in OSPF on Palo-Alto firewall as our downstream cisco switch is having host-limitation with maximum entries in routing table which caused high CPU in switch.

 

  • Advertising – Palo Alto
  • Exhaustion- Cisco Switch (routing table full)
  • BFD- None

Queries:

  • How can we summarize the advertise-routes in OSPF in PA FW ?
  • If we create a new area (area-1), does it impact to the existing production area-0 function ?
  • If we add OSPF interfaces in above new area(area-1) and summarize the routes in that area under range, does it impact to the existing area-0 routing ?
  • If we advertise default-route in that area-1 under range towards that assigned new interface only, does it advertise to other interfaces as well and is there any impact from it ?
  • If we create new area in addition to the area-0, is there any impact to the CPU, memory or other resources of the device 

 

0 Likes Likes
2 accepted solutions

Accepted Solutions

Go to solution
seb_rupik
L4 Transporter

‎01-08-2024 03:05 AM

Hi there,

I'll answer your questions in order:

  • To summarise routes you must configure the PA as an ABR, to do this you must configure at least two areas (one area 0 and another area of your choosing). The PA must have OSPF enabled on at least one interface in each area.
  • The only impact having another area configured on area 0 is the possible introduction of different LSA types, depending on the additional area type you have configured.
  • Using summarisation and the range feature will only impact routing entries for that area. It will have no impact on Area 0.
  • Not sure I quite understand this question, but the LSAs will only be sent via the interfaces enabled within the new area.
  • I'd imagine there will be some additional resource consumption, but nothing that would impact performance.

cheers,

Seb.

 

View solution in original post

0 Likes Likes

Go to solution
seb_rupik
L4 Transporter
In response to TomYoung

‎01-08-2024 03:12 PM

@TomYoung , from reading the original post it would appear that @Purushotham wants to reduce the size of the routing table on the downsteam Cisco switch, therefore it is a range command on area 0 which will summarise the routes into area 1 that is required.

Having read it a second time, you are right, it is asking about the impact of summarisation towards area 0.

 

@Purushotham thinking a bit more about this it may make sense to set area 1 as a Totally Stub area, reducing the routing table to a singe default IA LSA in the area 1 LSDB.

 

cheers,

Seb.

View solution in original post

0 Likes Likes
3 REPLIES 3

Go to solution
seb_rupik
L4 Transporter

‎01-08-2024 03:05 AM

Hi there,

I'll answer your questions in order:

  • To summarise routes you must configure the PA as an ABR, to do this you must configure at least two areas (one area 0 and another area of your choosing). The PA must have OSPF enabled on at least one interface in each area.
  • The only impact having another area configured on area 0 is the possible introduction of different LSA types, depending on the additional area type you have configured.
  • Using summarisation and the range feature will only impact routing entries for that area. It will have no impact on Area 0.
  • Not sure I quite understand this question, but the LSAs will only be sent via the interfaces enabled within the new area.
  • I'd imagine there will be some additional resource consumption, but nothing that would impact performance.

cheers,

Seb.

 

0 Likes Likes

Go to solution
TomYoung
Cyber Elite
Cyber Elite

‎01-08-2024 06:30 AM

Hi @seb_rupik ,

 

Thank you for your excellent response!  I wasn't sure where to begin with this question, and you nailed the answers with one minor exception.

 

With regard to your 3rd bullet, summarization will impact (decrease) the routing entries in area 0.  That is it's purpose.  Type 1, 2, and 7 LSAs are flooded within an area so that every area router has an identical LSDB.  Type 3,4, and 5 LSAs are flooded to area 0.

 

You can click on the dropdown in the upper right to edit your response if you like so that others don't have to read multiple response for this discussion.

 

Thanks,

 

Tom

Help the community: Like helpful comments and mark solutions.
(1)

Go to solution
seb_rupik
L4 Transporter
In response to TomYoung

‎01-08-2024 03:12 PM

@TomYoung , from reading the original post it would appear that @Purushotham wants to reduce the size of the routing table on the downsteam Cisco switch, therefore it is a range command on area 0 which will summarise the routes into area 1 that is required.

Having read it a second time, you are right, it is asking about the impact of summarisation towards area 0.

 

@Purushotham thinking a bit more about this it may make sense to set area 1 as a Totally Stub area, reducing the routing table to a singe default IA LSA in the area 1 LSDB.

 

cheers,

Seb.

0 Likes Likes
  • 2 accepted solutions
  • 2201 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks