NSSA

nichky · January 17, 2017, 5:18am

just one short quation. Using this rule for protection NSSA,i got to two MT.

routing filter
add chain=ospf-out prefix=10.0.0.0/8 action=accept
add chain=ospf-out prefix=172.16.0.0/12 action=accept
add chain=ospf-out prefix=192.168.0.0/16 action=accept
add chain=ospf-out action=discard

and also

add action=accept chain=ospf-out prefix=10.10.3.0/30
add action=accept chain=ospf-out prefix=0.0.0.0/0 prefix-length=0
add action=discard chain=ospf-out
add action=accept chain=ospf-in prefix=10.10.3.0/30
add action=accept chain=ospf-in prefix=192.168.137.0/28 prefix-length=29-32
add action=discard chain=ospf-in

(from Tomas Kirnak)

How many address its hiding, on my case this rule hiding just one address.

Thanks.

faisali · January 19, 2017, 11:20pm

in regards to the routing filters..

When you define them with a prefix such as in section # 1… then you will only have an exact match ..

e.g. add chain=ospf-out prefix=10.0.0.0/8 action=accept …will only accept 10.0.0.0/8 prefix nothing more nothing less

add action=accept chain=ospf-in prefix=192.168.137.0/28 prefix-length=29-32 … actually prefix-length should be=28-32 … this will accept anything 192.168.137.0/28 or larger including single ip’s in this range.

nichky · January 20, 2017, 9:20am

Thanks for reply
Actually this topic is last question about NSSA. The main thing will be how NSSA decides which gateway will be allow. I made simulation on GNS3 it’s working all good, but how NSSA decides…i have no idea.

Thanks again