OSPF OUT Routing Filters issue

Byron · November 15, 2023, 2:21pm

Hi all,

I have a situation where I want to use ROS 7 OSPF filters to stop routes from being send OUT of a VPN interface but I still want to learn Routes coming IN via the VPN.

basically it should be along the lines of this: If (routes coming from VPN){accept} / IF (routes going out VPN){reject;}

I have no idea how to go about the rules and what it should be. any help if possible, im running ROS 7.12.

I goal is to just lessen the routing table so I will be adding a static block to go via the VPN instead of individual routes being learned.

payam124 · November 16, 2023, 4:19pm

Explain more about the use case

Byron · November 16, 2023, 6:32pm

Basically I have a VPN from site A to Site B.

Site A must distribute routes to site B but Site B must not Distribute to Site A. (I instead will use a static route for a signle big block to route the missing routes once they have been blocked.)

Byron · November 16, 2023, 6:33pm

Above - forgot to quote your reply.

Byron · November 27, 2023, 11:49am

got it working.

Byron · November 27, 2023, 11:51am

This is the filter rule I used.

add chain=ospf-in comment=Middle disabled=no rule=“if (gw in x.x.x.x){reject}”

Where x.x.x.x is the IP address of the said interface.