Hello,
I read the NRSII book, and I can not understand the difference between passive interface and export policies.
For example when we have some OSPF subnet and we would like to advertise external routes to this OSPF subnet we should use export policies, and later I read the explanation of the passive interface. Thats mean passive interface shoulb use when the interface is not part of the OSPF routing domain. Hmm.... so can we use this two commands alternately?
Passive Interface VS Export Policies
Re: Passive Interface VS Export Policies
If you look online you will find lots of discussion about in which cases it is better to redistribute connected routes into OSPF (i.e. use an export policy) and when to add the connected interface to OSPF (with other vendors this is often called "using a network statement"). If you choose to add the interface to OSPF, you would configure the interface as passive if it does not need to form an adjacency with anything. One method produces OSPF external routes, the other internals. If for example you have things like stub areas this may be important to you.
There is not an overall right answer, each method has its merits depending on your OSPF design.
There is not an overall right answer, each method has its merits depending on your OSPF design.
-
arm11
Re: Passive Interface VS Export Policies
Ok, I see, so we should use the passive interface on the interface when we have directly connection to the host or beyond our subnet, for example to save bandwidth or CPU cycles. Am I right?
And, export policies we should use to export one protocol routing to another, for example BGP into OSPF (and vice-versa).
And, export policies we should use to export one protocol routing to another, for example BGP into OSPF (and vice-versa).
Re: Passive Interface VS Export Policies
Not exactly.
If you have a subnet on a connected interface and you want other routers in your network to know how to get to that subnet via OSPF then you have two choices. One choice is redistributing from the protocol called "direct" using an export policy. The other is enabling OSPF on the interface and making the interface passive if you don't want the router to try and form an OSPF adjacency with anything on that interface. Which you choose to do is up to you. In more complicated OSPF designs each method has its own advantages and disadvantages but for something simple, I would say just enable OSPF on the interface and make it passive.
It's good practice to make an OSPF interface passive if you know there is not another OSPF speaker at the other end of the interface, for example for security reasons.
If you want to redistribute from another routing protocol such as BGP to OSPF you have to use an export policy.
If you have a static route that you want to add to OSPF you also have to use an export policy.
If you have a subnet on a connected interface and you want other routers in your network to know how to get to that subnet via OSPF then you have two choices. One choice is redistributing from the protocol called "direct" using an export policy. The other is enabling OSPF on the interface and making the interface passive if you don't want the router to try and form an OSPF adjacency with anything on that interface. Which you choose to do is up to you. In more complicated OSPF designs each method has its own advantages and disadvantages but for something simple, I would say just enable OSPF on the interface and make it passive.
It's good practice to make an OSPF interface passive if you know there is not another OSPF speaker at the other end of the interface, for example for security reasons.
If you want to redistribute from another routing protocol such as BGP to OSPF you have to use an export policy.
If you have a static route that you want to add to OSPF you also have to use an export policy.
