Ospf routing filer how to ?

nabuk · February 23, 2006, 7:54pm

Hi,
I want configure some routing filter to stop /32 subnet re-distributing in ospf.
But mikrotik seem to ignore my filter:

prefix=x.x.x.x/32 prefix-lenght=32 action=reject chain=ospf-out

Any idea ?

Also, how can i stop the re-distribution of subnet smaller that /30 or /29 ?

Thanks to all

Mikrotik was 2.9.13 with routing-test

eflanery · February 23, 2006, 10:03pm

To just drop the /32s:

prefix=0.0.0.0/0 prefix-length=32 action=discard chain=ospf-out

if you want to drop everything /29 or longer:

prefix=0.0.0.0/0 prefix-length=29-32 action=discard chain=ospf-out

–Eric

nabuk · February 24, 2006, 7:25am

Thanks, but it doesn’t work. Must I enable filter somewere in ospf settings ?

eflanery · February 24, 2006, 7:01pm

Your not trying to filter routes that arrive via OSPF from being redistributed via OSPF, are you?

That won’t work, and things would be much worse if it did, OSPF really needs to be internally consistant. Ospf-out filtering must be done at the router that is injecting the routes in the first place, not somewhere in the middle.

However, asuming that is not the case, it would be interesting to see the results of a “/routing export” command.

–Eric

nabuk · February 24, 2006, 7:50pm

Eric,
I want filter on pppoe-server. It add a /32 route for every customer, and i want block the re-distribution of thoose /32 subnet.

feb/24/2006 20:47:59 by RouterOS 2.9.12

software id = 9UAC-3TT

/ routing filter
add chain=ospf-out prefix=0.0.0.0/0 prefix-length=32 action=discard comment="" disabled=no
/ routing ospf
set router-id=0.0.0.0 distribute-default=never redistribute-connected=as-type-1 redistribute-static=no redistribute-rip=no redistribute-bgp=no metric-default=1 metric-connected=20 metric-static=20
metric-rip=20 metric-bgp=20
/ routing ospf area
set backbone area-id=0.0.0.0 authentication=none prefix-list-import="" prefix-list-export="" disabled=no
add area-id=0.0.0.1 name="local_10" default-cost=1 stub=no authentication=none prefix-list-import="" prefix-list-export="" disabled=no
/ routing ospf network
add network=y.y.y.y/30 area=local_10 disabled=no
/ routing bgp instance
set default as=65530 router-id=0.0.0.0 redistribute-static=no redistribute-connected=no redistribute-rip=no redistribute-ospf=no redistribute-other-bgp=no name="default" out-filter="" disabled=no
/ routing rip
set redistribute-static=no redistribute-connected=no redistribute-ospf=no redistribute-bgp=no metric-static=1 metric-connected=1 metric-ospf=1 metric-bgp=1 update-timer=30s timeout-timer=3m
garbage-timer=2m
/ routing rip interface
add interface=all receive=v2 send=v2 authentication=none authentication-key="" in-filter="" out-filter="" key-chain=none disabled=no

eflanery · February 27, 2006, 6:24pm

I have a similar setup on a few units, and it works fine.

However, there are a couple of differences.

I’m first allowing only the networks I want, and then dropping the rest.

Sort of like:

chain=ospf-out prefix=0.0.0.0/0 prefix-length=1-24 action=accept
chain=ospf-out action=discard

Also, all the units setup like this are still running 2.9.6, so something may have changed.

I’ll give it a spin on some more recent test boxes when I get a chance.

–Eric