English Forums > High availability
Filtering routes with FRR and OSPF
clarknova:
I don't understand your recommendation. I have added nothing in the Networks tab. If I try to add an entry in the Networks tab there are references to the prefix lists I created, but I don't know the purpose of this dialogue.
mimugmail:
Leave the Interface tab empty beside type and PW. Area and Network in network tab .. also the prefix list. Direction in is filtering received routes, out is adjusting sending routes
clarknova:
Ok, I set up a pair of test boxes and tried to follow your advice. This is what I have for a config on test box A:
--- Code: ---Current configuration:
!
frr version 7.4
frr defaults datacenter
hostname ldc01a.localdomain
log syslog
!
router ospf
redistribute connected
network 192.168.1.0/24 area 0.0.0.0
area 0.0.0.0 filter-list prefix wan out
!
ip prefix-list wan seq 10 deny 207.228.103.128/26
!
line vty
!
end
--- End code ---
Here's the routing table on test box B:
--- Code: ---N 192.168.1.0/24 100 0.0.0.0 Directly Attached em1
R 207.228.103.a 100 0.0.0.0 192.168.1.252 em1
N E2 10.2.0.0/24 100 192.168.1.252 em1
N E2 207.228.103.128/26 100 192.168.1.252 em1
--- End code ---
The problems:
* I am seeing the WAN address of test box A in the routing table of B (line 2)
* I am seeing the WAN network of A in the routing table of B (line 4)I tried removing "redistribute connected" from the config but then no routes are shared from A to B. I also tried adding the 10.2.0.0/24 interface as a passive interface but this did not have the desired effect of sharing that route to B in the absence of "redistribute connected".
bimbar:
I didn't have much luck with OSPF over my openvpn tunnel, but I can share a BGP config that works, if that helps:
--- Code: ---router bgp 65530
bgp router-id 172.28.24.1
no bgp ebgp-requires-policy
neighbor 172.28.29.1 remote-as 65530
!
address-family ipv4 unicast
redistribute connected
redistribute static
neighbor 172.28.29.1 next-hop-self
neighbor 172.28.29.1 prefix-list marvin-in in
neighbor 172.28.29.1 prefix-list marvin-out out
exit-address-family
!
ip prefix-list marvin-in seq 10 permit 172.28.31.0/24 le 32
ip prefix-list marvin-out seq 10 permit 172.28.30.0/24
--- End code ---
bill.gertz:
--- Quote ---
--- End quote ---
I went through the same issue; You need to configure a route redistribution filter into OSPF from the local route table. OSPF does not allow Link State Advertisements (LSAs) to be filtered - it's not built into the protocol. That's why trying a prefix filter on an OSPF interface does not work. Rather you configure route redistribution by specifying a Redistribution Map Under Routing: OSPF. With this filter you can control which routes OSPF will receive and then pass on as LSAs.
So the details: this requires a Route Map that points to a Prefix List. WARNING: The interface is confusing at best, and simple errors like:
* Using a space in the Route Map, or Prefix List name
* Selecting two or more Prefix Lists for a Route Mapresult in silent or obtuse errors. If you need to stop a route from being redistributed into OSPF, but accept others, you must set up multiple Prefix List entries using the same name with different Sequence Numbers
I can confirm that this solution prevented routes from 10.69.x.x from being propagated into my connected routers.
The generated config looks like this:
--- Code: ---router ospf
ospf router-id x.x.x.x
redistribute connected route-map No-Management-Routes
redistribute static route-map No-Management-Routes
passive-interface xn2
passive-interface xn3
passive-interface xn4
network x.x.0.0/24 area x.0.0.0
!
ip prefix-list Accept-Connected seq 10 deny 10.69.0.0/16 le 32
ip prefix-list Accept-Connected seq 11 permit 10.0.0.0/8 le 32
!
route-map No-Management-Routes permit 10
match ip address prefix-list Accept-Connected
!
--- End code ---
Hope this helps!
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version