ospf route filtering

kelvin604 · July 31, 2009, 1:13am

Hi guys,

I’m new to routeros and the forum. If a solution already exists somewhere, please point me to the right place.

I have a network connected using EOIP tunnels. All routes are statically set and I would like to setup a single area OSPF for it. I’m just experimenting on two routers with following config.

Router A:
public address A.public_addr = 1.1.1.1/24 (my isp gives me /24)
public interface A.public_intf
private address A.private_addr = 192.168.1.0/24
eoip address A.eoip_addr = 10.0.0.5/30

Router B:
public address B.public_addr = 2.2.2.2/24
public interface B.public_intf
private address B.private_addr = 192.168.255.0/24
eoip address B.eoip_addr = 10.0.0.6/30

After I set the backbone network with proper EOIP tunnel address, OSPF started running.
/routing ospf network add network=10.0.0.4/30 area=backbone

However, it created a routing loop. A route pointing to B.public_addr via B.eoip_addr appeared in A and vice versa for B.
In A:
dst-address = 1.1.1.0/24
gateway = 10.0.0.5
interface = eoip_tunnel1

In B:
dst-address = 2.2.2.0/24
gateway = 10.0.0.6
interface = eoip_tunnel1

I’m not sure where to add route filters in routeros to discard all non-private routes. Any ideas?

mrz · July 31, 2009, 6:38am

/routing filter add chain=ospf-out action=discard prefix=x.x.x.x/yy

kelvin604 · July 31, 2009, 5:16pm

i tried this but doesn’t work,

/routing filter
add chain=ospf-out prefix=10.0.0.0/8 action=accept
add chain=ospf-out prefix=172.16.0.0/12 action=accept
add chain=ospf-out prefix=192.168.0.0/16 action=accept
add chain=ospf-out prefix=0.0.0.0/0 action=discard

do you mind to explain a bit why this doesn’t work?
anyhow, i’ll try your method.

Chupaka · August 2, 2009, 12:58pm

not

add chain=ospf-out prefix=0.0.0.0/0 action=discard

but

add chain=ospf-out action=discard

prefix=0.0.0.0/0 catches only default routes (see prefix-length parameter)

kelvin604 · August 20, 2009, 10:57pm

gee! what was I thinking.

Many thanks, it works now.

nzliam · June 29, 2016, 7:47am

Hi,

Im am having a similar issue

Flags: X - disabled 
 0   chain=ospf-out prefix=10.0.0.0/8 invert-match=no action=accept 
     set-bgp-prepend-path="" 

 1   chain=ospf-out prefix=172.16.0.0/12 invert-match=no action=accept 
     set-bgp-prepend-path="" 

 2   chain=ospf-out prefix=192.168.0.0/16 invert-match=no action=accept 
     set-bgp-prepend-path="" 

 3   chain=ospf-out invert-match=no action=discard set-bgp-prepend-path=""

Rejects everything including 192.168.75.0/24

e.g. With rule 3 enabled

With rule 3 disabled

It’s like the accept ruled basically don’t work??!!

ZeroByte · June 29, 2016, 6:59pm

It sounds like you want your filters to allow anything that is a subset of 10.0.0.0/8 etc…
As written, your rules only allow EXACTLY those three prefixes.
To each rule, add the criteria: prefix-length=0-32
(or if you’re a perfectionist, make it 8-32 on the 10.0.0.0/8, and 12-32 on 172.16.0.0/12, and 24-32 on 192.168.0.0/16)

nzliam · June 30, 2016, 7:33am

You sir, I owe a beer! (Also if you drink beer and live somewhere that the internet ship it to let me know).

ZeroByte · June 30, 2016, 2:49pm

Thanks for the virtual beer, man.