Community discussions

MikroTik App
 
User avatar
nichky
Forum Guru
Forum Guru
Topic Author
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

NSSA

Tue Jan 17, 2017 7:18 am

just one short quation. Using this rule for protection NSSA,i got to two MT.

routing filter
add chain=ospf-out prefix=10.0.0.0/8 action=accept
add chain=ospf-out prefix=172.16.0.0/12 action=accept
add chain=ospf-out prefix=192.168.0.0/16 action=accept
add chain=ospf-out action=discard

and also

add action=accept chain=ospf-out prefix=10.10.3.0/30
add action=accept chain=ospf-out prefix=0.0.0.0/0 prefix-length=0
add action=discard chain=ospf-out
add action=accept chain=ospf-in prefix=10.10.3.0/30
add action=accept chain=ospf-in prefix=192.168.137.0/28 prefix-length=29-32
add action=discard chain=ospf-in

(from Tomas Kirnak)

How many address its hiding, on my case this rule hiding just one address.

Thanks.
 
faisali
Member Candidate
Member Candidate
Posts: 180
Joined: Fri Oct 08, 2010 5:11 am

Re: NSSA

Fri Jan 20, 2017 1:20 am

in regards to the routing filters..

When you define them with a prefix such as in section # 1... then you will only have an exact match ..

e.g. add chain=ospf-out prefix=10.0.0.0/8 action=accept ............will only accept 10.0.0.0/8 prefix nothing more nothing less

add action=accept chain=ospf-in prefix=192.168.137.0/28 prefix-length=29-32 ............ actually prefix-length should be=28-32 ... this will accept anything 192.168.137.0/28 or larger including single ip's in this range.
 
User avatar
nichky
Forum Guru
Forum Guru
Topic Author
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: NSSA

Fri Jan 20, 2017 11:20 am

Thanks for reply
Actually this topic is last question about NSSA. The main thing will be how NSSA decides which gateway will be allow. I made simulation on GNS3 it's working all good, but how NSSA decides...i have no idea.

Thanks again

Who is online

Users browsing this forum: No registered users and 16 guests