This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Wolfgang
Authority
Authority
‎2023-12-05 11:53 PM
Jump to solution

max interfaces OSPF ?

We migrate a ClusterXL to Maestro with VSX R81.20. We have a lot of interfaces and most of them are doing OSPF. Now we are getting a limitation, after adding 128. OSPF interface:

"Can only configure a maximum of 127 OSPF interfaces"

Will this be a limitation of VSX or Maestro ?

Any solution for this ?

0 Kudos
1 Solution

Accepted Solutions
Lari_Luoma
Ambassador Ambassador
Ambassador
‎2023-12-07 09:53 AM
Jump to solution

This limitation is based on best practices that you shouldn't have more than 60 OSPF neighbors per router. Thus the number of OSPF interfaces per SGW/VS is 127 I talked this with R&D and they also confirmed the same.

See the article from Cisco below.
Designing Scalable OSPF Design > Designing Cisco Network Service Architectures (ARCH): Developing an...

If you need more interfaces, you should segment your network.

View solution in original post

4 Replies
_Val_
Admin
Admin
‎2023-12-06 12:24 AM
Jump to solution

Best to open a TAC request to get an official answer.

0 Kudos
Lari_Luoma
Ambassador Ambassador
Ambassador
‎2023-12-07 09:53 AM
Jump to solution

This limitation is based on best practices that you shouldn't have more than 60 OSPF neighbors per router. Thus the number of OSPF interfaces per SGW/VS is 127 I talked this with R&D and they also confirmed the same.

See the article from Cisco below.
Designing Scalable OSPF Design > Designing Cisco Network Service Architectures (ARCH): Developing an...

If you need more interfaces, you should segment your network.

Wolfgang
Authority
Authority
‎2023-12-07 01:01 PM
In response to Lari_Luoma
Jump to solution

@Lari_Luoma 

maybe I don‘t understand this. We have only two OSPF neighbours (these are external routers) and we have a gateway with 180 interfaces. We want to distribute via OSPF the routing information for the networks of these interfaces. We are doing this since 10 years with a Check Point Gateway without problems. The production system running R80.30 has no problem with all these interfaces.

0 Kudos
Lari_Luoma
Ambassador Ambassador
Ambassador
‎2023-12-07 01:22 PM
In response to Wolfgang
Jump to solution

Including every interface in the OSPF process is not redistribution. I believe you have added them as passive so far. Probably we haven't enforced this limitation before, not 100% sure.

If you want to redistribute your connected routes there are two options:

1. Use redistribution

2. Use route-maps

Routemaps allow you to be more flexible allowing modification of the routes.

Benefit of including the interfaces in OSPF process itself is that they will appear as internal OSPF routes (Type 1 LSA), show route shows them with O.

If you redistribute them, they are automatically external routes (O E1 or O E2). This can become an issue only if you have the same routes coming from different sources. In this case the internal routes are prioritized over the external ones. However, you can change this designation with a routemap.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
 
Upcoming Maestro Events

    CheckMates Events