Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
OSPF Database Protection Overview
OSPF database protection allows you to limit the number of link-state advertisements (LSAs) not generated by the local router in a given OSPF routing instance, helping to protect the link-state database from being flooded with excessive LSAs. This feature is particularly useful if VPN routing and forwarding is configured on your provider edge and customer edge routers using OSPF as the routing protocol. An overrun link-state database on the customer edge router can exhaust resources on the provider edge router and impact the rest of the service provider network.
When you enable OSPF database protection, the maximum number of LSAs you specify include all LSAs whose advertising router ID is not equal to the local router ID (nonself-generated LSAs). These may include external LSAs as well as LSAs with any scope such as the link, area, and autonomous system (AS).
Once the specified maximum LSA count is exceeded, the database typically enters into the ignore state. In this state, all neighbors are brought down, and nonself-generated LSAs are destroyed. In addition, the database will send out hellos but ignore all received packets, not form any full neighbors, and therefore not learn about new LSAs. However, if you had configured the warning-only option, only a warning is issued and the database does not enter the ignore state but continues to operate as before.
You may also configure one or more of the following options:
- A warning threshold for issuing a warning message before the LSA limit is reached.
- An ignore state time during which the database must remain in the ignore state and after which normal operations can be resumed.
- An ignore state count that limits the number of times the database can enter the ignore state, after which it must enter the isolate state. The isolate state is mostly similar to the ignore state, but has one important difference: once the database enters the isolate state, it must remain there until you issue a command to clear database protection before it can return to normal operations.
- A reset time during which the database must stay out of the ignore or isolate state before it is returned to a normal operating state.
