OSPF - I'm too stupid

Hi,

I have played a bit with OSPF and got it working but never in the way I like it to be.
Take the following router:

ether1  10.0.0.1/30
ether2  10.0.1.2/30
loop1   192.168.0.1/32
wlan1   192.168.0.129/25

Now everything I want to do is run OSPF on ether1 and ether2 to receive routes and redistribute them, but only “publish” this route:

192.168.0.0/24

The nearest I have come to that is enable OSPF for ether1 and ether2 and set redistribute-connected but that will result in the transfer networks being distributed and loop1 and wlan1 as two seperate routes where they could be aggregated.

Can anyone take me in the right direction?

Thanks.

hi,

you don’t have the route you would publish.. then..

ospf-in and ospf-out chains in routing filters? I am still learning this myself.

There is a simple way to do that, much like it is done in BGP:

Set up a black hole for the /24, like a static route to a Null interface. Your normal routing will still work because you have more significant routes (higher prefix).

Next, in OSPF, setup the config to redistribute static routes with a filter list to only allow that /24 to be announced.

cheers,
Nick.

Hi Nick,

thank you, the blackhole tip brought me quite a bit forward.
However I am having a problem filtering out the transfer networks.
Under

/routing ospf networks

I set

add network=10.0.0.0/16 area=backbone

to start OSPF on both needed interfaces.

Then I added a routing filter

/routing filter add chain=ospf-out action=discard

That should have filterd out all networks in my opinion, but a router will still learn a transfer network it is not directly attached to

No routing filters installed:

[admin@rb750g] /routing filter> pri
Flags: X - disabled
[admin@rb750g]

And an area router:

asa# show route | i E2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
O E2 172.16.1.0 255.255.255.0 [110/20] via 192.168.1.3, 0:00:53, inside
O E2 10.0.0.0 255.255.255.0 [110/20] via 192.168.1.3, 0:00:53, inside
O E2 10.255.255.255 255.255.255.255 [110/20] via 192.168.1.3, 0:00:53, inside
asa#

Add a routing filter dropping everything:

[admin@rb750g] /routing filter> add chain=ospf-out action=discard
[admin@rb750g] /routing filter> pri
Flags: X - disabled 
 0   chain=ospf-out invert-match=no action=discard 
[admin@rb750g]

And the routes disappear from the area router:

asa# show route | i E2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
asa#

Randomly get a little more specific:

[admin@rb750g] /routing filter> set 0 prefix-length=24
[admin@rb750g] /routing filter> pri
Flags: X - disabled 
 0   chain=ospf-out prefix-length=24 invert-match=no action=discard 
[admin@rb750g]

Routes pop back up:

asa# show route | i E2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
O E2 10.255.255.255 255.255.255.255 [110/20] via 192.168.1.3, 0:00:09, inside
asa#

Same experiment:

+----+                 +---+                 +---+
|RX  |-- 10.0.0.0/30 --|R1 |-- 10.0.1.0/30 --|R2 |-- 10.0.2.0/30 ...
+----+                 +---+                 +---+
                   192.168.0.1/32        192.168.1.1/32

no filters:

[admin@RX] > ip route pr
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 2 ADo  10.0.1.0/30                        10.0.0.1           110     
 3 ADo  10.0.2.0/30                        10.0.0.1           110     
 4 ADo  192.168.0.0/24                     10.0.0.1           110     
 5 ADo  192.168.1.0/24                     10.0.0.1           110

(I want #2 and #3 gone)

adding filter:

[admin@R1] /routing filter> pr
Flags: X - disabled 
 0   chain=ospf-out invert-match=no action=discard

and result:

[admin@RX] > ip route pr
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE    
 2 ADo  10.0.1.0/30                        10.0.0.1           110     
 3 ADo  10.0.2.0/30                        10.0.0.1           110     
 4 ADo  192.168.1.0/24                     10.0.0.1           110

so even though I filtered out everything at R1 the left-side RX still receives the routes (even after restarting OSPF).
Only difference I can see is that your routes are type 2 while I set type1 for static routes and no for all other types.

Strange. When you add logging for OSPF on R1, does it show you that it’s deleting LSAs?

16:32:47 route,ospf,debug Age prematurely: flushing LSA 
16:32:47 route,ospf,debug     lsa=AS-External LSA id=10.255.255.255 originator=192.168.1.3 seqnum=0x80000002 
16:32:47 route,ospf,debug Installing an LSA 
16:32:47 route,ospf,debug     lsa=AS-External LSA id=10.255.255.255 originator=192.168.1.3 seqnum=0x80000002 
16:32:47 route,ospf,debug     old=AS-External LSA id=10.255.255.255 originator=192.168.1.3 seqnum=0x80000002 
16:32:47 route,ospf,debug Adding to neighbor's retransmit list 
16:32:47 route,ospf,debug     lsa=AS-External LSA id=10.255.255.255 originator=192.168.1.3 seqnum=0x80000002 
16:32:47 route,ospf,debug     neighbor=192.168.1.1 
16:32:47 route,ospf,debug     number of retransmits=1 
16:32:47 route,ospf,debug Deleting an LSA 
16:32:47 route,ospf,debug     lsa=AS-External LSA id=10.255.255.255 originator=192.168.1.3 seqnum=0x80000002

Does RX show anything odd in its logs?

01:43:27 route,ospf,debug SEND: Hello 10.0.0.2 -> 224.0.0.5 on ether2-lan 
01:43:29 route,ospf,debug RECV: Hello <- 10.0.0.1 on ether2-lan (10.0.0.2) 
01:43:29 route,ospf,debug   received options: E 
01:43:30 route,ospf,debug RECV: Link State Update <- 10.0.0.1 on ether2-lan (10.0.0.2) 
01:43:30 route,ospf,debug LSA Update received: Installing and flooding it 
01:43:30 route,ospf,debug     header=Router LSA id=192.168.0.1 originator=192.168.0.1 seqnum=0x8000001d 
01:43:30 route,ospf,debug Installing an LSA 
01:43:30 route,ospf,debug     lsa=Router LSA id=192.168.0.1 originator=192.168.0.1 seqnum=0x8000001d 
01:43:30 route,ospf,debug     old=Router LSA id=192.168.0.1 originator=192.168.0.1 seqnum=0x8000001c 
01:43:30 route,ospf,debug Flooding an LSA 
01:43:30 route,ospf,debug     lsa=Router LSA id=192.168.0.1 originator=192.168.0.1 seqnum=0x8000001d 
01:43:30 route,ospf,debug     area=backbone 
01:43:30 route,ospf,debug Deleting an LSA 
01:43:30 route,ospf,debug     lsa=Router LSA id=192.168.0.1 originator=192.168.0.1 seqnum=0x8000001c 
01:43:30 route,ospf,debug LSA Update received: Installing and flooding it 
01:43:30 route,ospf,debug     header=AS-External LSA id=192.168.0.0 originator=192.168.0.1 seqnum=0x80000001 
01:43:30 route,ospf,debug Installing an LSA 
01:43:30 route,ospf,debug     lsa=AS-External LSA id=192.168.0.0 originator=192.168.0.1 seqnum=0x80000001 
01:43:30 route,ospf,debug     old=AS-External LSA id=192.168.0.0 originator=192.168.0.1 seqnum=0x80000001 
01:43:30 route,ospf,debug Deleting an LSA 
01:43:30 route,ospf,debug     lsa=AS-External LSA id=192.168.0.0 originator=192.168.0.1 seqnum=0x80000001 
01:43:31 route,ospf,debug Deleting an LSA 
01:43:31 route,ospf,debug     lsa=AS-External LSA id=192.168.0.0 originator=192.168.0.1 seqnum=0x80000001 
01:43:31 route,ospf,debug SEND: Link State Acknowledgement 10.0.0.2 -> 224.0.0.5 on ether2-lan 
01:43:32 route,ospf,debug Recalculating all OSPFv2 intra-area routes 
01:43:32 route,ospf,debug Recalculating all inter-area routes 
01:43:32 route,ospf,debug     summary-area=backbone 
01:43:32 route,ospf,debug Recalculating AS-external routes

10.0.0.2 = RX

I took a close look and one route actually does vanish when I enable the filter: 192.168.0.0/24 which is the blackhole route on R1

Give me a hand?

I believe the reason that you cannot get the /30s to go away is (I think) that the OSPF filters are just for redistribution. As you are running OSPF on the ethers with the 10.x.x.x/30s, those aren’t redistributed routes, they are native OSPF routes.

I don’t think it is possible, nor desirable to actually remove LSA’s used by OSPF for building the database from what is announced.

Why are you trying to prevent those /30s from being propagated when they are part of the network that OSPF needs to be aware of for generating the topology map?

You can’t filter out native routes (used on interfaces) because these are used as next-hop addresses in the routing table. It would break routing.

cheers,
Nick.

Why should it?
I just want the routing table via OSPF to look the same as it does currently via static routes.
RX in my opinion does not need to know anything about the transfer network between R1 and R2.
It only needs to know it can reach 192.168.1.1/24 over R1.

If that is what you want, you don’t actually want OSPF end-to-end on this network.

OSPF uses the database to build a topology of the network, which includes the sort of details you are wanting hidden. You can’t expect it to just say that a certain prefix is “over in that direction” because that is not how it operates. Each router in an area is aware of the whole topology of the rest of the area.

An OSPF-speaking network is not the same as a statically routed one that just gets it’s routes distributed dynamically.

Is there a specific need for those routes to be hidden, or do you just think they are unnecessary?

Is there a specific need for those routes to be hidden, or do you just think they are unnecessary?

Yeah I see them mostly as clutter which makes reading the routing tables more difficult.
Also I noticed a strange behavior where the router would no longer use it’s global ip (set in pref-src) but a transfer ip (probably because OSPF split the /24 on which I set the option to two /25s).
Is there a way to force all output-traffic by a router from a certain ip?

You are right in that OSPF might not be what I want, but is there something in ROS that does what I want?

I need some help with OSPF, i have all the ip’s but i am realy new to this.

first things first - you are familiar with ip address and static routing, if not, i would recommend to read up on these topics first, and then go for OSPF.

good place to read:
http://wiki.mikrotik.com/wiki/Category:Manual

there is alphabetical order, just look up topics. You should be ok, as basic OSPF quite simple.

bump

Ospf is incapable of filtering within an area. You can only filter at an abr(area border router) or the border between two areas. Ospf builds a link state database that is identicale for all routers in the same area. The router uses this db to build the route table. This is why you can’t filter within an area. I’ve got a two hour training video on mtk routing over at http://gregsowell.com/?p=1611 if you guys are interested. It also includes slides

Hey greg,

yeah, the question now is: If OSPF can’t do what I want - is there another way?

I’d say that you want a distance-vector (it’s over that way) protocol with filtering. Try RIPv2, and at the edges, only allow the announcements you want through. It isn’t nearly as capable nor as efficient as OSPF, but if your network is simple and you aren’t worried about failing over to redundant paths and just want routes to show up automatically, that is the way to go.

The downside is that, since you want to filter out certain advertisements, you need to explicitly allow certain network announcements, in which case you are still typing in each network on each edge router (as a filter instead of as a static route), negating a lot of the benefits of a dynamic routing protocol, or, you need to explicitly deny your backbone network announcements, and update all your edge routers whenever you add blocks to your backbone.

This isn’t going to be as scalable as other options, but, it’ll do what you want done that OSPF isn’t acceptable for.