I have a typical router with multiple networks on
192.168.1.0/25
192.168.1.128/26
192.168.1.192/28
192.168.1.255/32
etc.
This leads to a dozen or so routes advertised by OSPF, and this makes a messy routing table when there are 5 or 6 of these routers connected together.
If I add a static route for the whole /24 to the loopback interface, using "ip route add dst-address=192.168.1.0/24 gateway=bridge-loopback", and use redistribute-static in OSPF to distribute, this allows me to filter at the OSPF/BGP boundry using routing filter to only distribute prefix length of /24 and nothing smaller.
However I would ideally like just the /24 to be advertised on OSPF too. In theory using an ospf-out routing filter would work, but doesn't seem to apply to directly connected networks, which I suspect is related to "and internal (intra-area) OSPF filtering is not supported yet" in the manual.
I can filter these out on the ospf-in, but is there another way to effectively apply ospf-out to the directly connected routes - or another way to do what I want (only advertise the /24 by OSPF)
Re: Filtering OSPF originated links
It is btter advertise connected networks as it is and summarise them on abr.
Re: Filtering OSPF originated links
As Anumrak suggests, OSPF ABR (area boundary routers) were designed to do precisely this.
Configure the upstream router as follows:
Configure the router at SiteA to have an Area ID of '1' (aka 0.0.0.1). This will result in SiteA receiving a default gateway from the ABR and anything within 192.168.1.0/24 being summarised.
Configure the upstream router as follows:
Code: Select all
/routing ospf area
add area-id=0.0.0.1 default-cost=1 inject-summary-lsas=no name=SiteA type=stub
/routing ospf area range
add area=SiteA range=192.168.1.0/24
/routing ospf network
add area=SiteA network=10.0.0.0/30Re: Filtering OSPF originated links
The entire network looks like
With Box 1 / 2 / 3 being able to plug into either Edge 1 or Edge 2 depending on the day (but not into both locations at the same time). Edge 1 or Edge 2 then advertises the box into the core.
Edge1 advertises via BGP:
* 192.168.1.0/24
* 192.168.11.0/24
* 192.168.12.0/24
A route filter stops 192.168.0.0/24 from being advertises by BGP (otherwise the network would be advertised from both Edge1 and Edge2, and that's wrong)
If Box2 is removed, Edge1 no longer advertises 192.168.12.0/24. If Box2 is plugged into Edge2, then Edge2 advertises 192.168.12.0/24 instead. (Box2 can't be plugged into both as they are miles away from each other)
As OSPF is p2mp, Edge1 also advertises 192.168.0.11/32 and 192.168.0.12/32, which is good for traceroute and pingability. However Edge1's address (192.168.0.1/32) isn't advertised itself (and I block the 192.168.0.0/24 network from being advertised)
Each of the OSPF areas is independent, so in any system there's just one - area 0. I use BGP between the Core and the Edge, so multi areas and summarisation doesn't really work.
Would I be right in thinking that would mean a private area for each box - that never leaves that box - containing the local network, and summarising into the area - making each box/edge an ABR in itself?
One more question: to have 192.168.0.1/32 advertised into BGP from Edge1, I'm unsure which is best
* Add a second /ip address line to the OSPF interface
ip address add address=192.168.0.1/24 interface=ether_ospf
ip address add address=192.168.0.1/32 interface=ether_ospf
* Add a blackhole route and redistrubute statics into bgp
ip route add dst-address=192.168.0.1/32 type=blackhole
* Add a static route to the OSPF interface and redistrubute statics into bgp
ip route add dst-address=192.168.0.1/32 gateway=ether_ospf
With Box 1 / 2 / 3 being able to plug into either Edge 1 or Edge 2 depending on the day (but not into both locations at the same time). Edge 1 or Edge 2 then advertises the box into the core.
Edge1 advertises via BGP:
* 192.168.1.0/24
* 192.168.11.0/24
* 192.168.12.0/24
A route filter stops 192.168.0.0/24 from being advertises by BGP (otherwise the network would be advertised from both Edge1 and Edge2, and that's wrong)
If Box2 is removed, Edge1 no longer advertises 192.168.12.0/24. If Box2 is plugged into Edge2, then Edge2 advertises 192.168.12.0/24 instead. (Box2 can't be plugged into both as they are miles away from each other)
As OSPF is p2mp, Edge1 also advertises 192.168.0.11/32 and 192.168.0.12/32, which is good for traceroute and pingability. However Edge1's address (192.168.0.1/32) isn't advertised itself (and I block the 192.168.0.0/24 network from being advertised)
Each of the OSPF areas is independent, so in any system there's just one - area 0. I use BGP between the Core and the Edge, so multi areas and summarisation doesn't really work.
Would I be right in thinking that would mean a private area for each box - that never leaves that box - containing the local network, and summarising into the area - making each box/edge an ABR in itself?
One more question: to have 192.168.0.1/32 advertised into BGP from Edge1, I'm unsure which is best
* Add a second /ip address line to the OSPF interface
ip address add address=192.168.0.1/24 interface=ether_ospf
ip address add address=192.168.0.1/32 interface=ether_ospf
* Add a blackhole route and redistrubute statics into bgp
ip route add dst-address=192.168.0.1/32 type=blackhole
* Add a static route to the OSPF interface and redistrubute statics into bgp
ip route add dst-address=192.168.0.1/32 gateway=ether_ospf
Re: Filtering OSPF originated links
I prefer originating BGP prefixes via static routes as it provides a single control point to:
You can then write routing filter rules to:
We accept primarily a default route from our upstream BGP provider and set OSPF to 'distribute-default=if-installed-as-type-1'.
We peer each provider edge router with redundant route reflectors, but you don't need to concern yourself with that if you have 2 routers, as they will be meshed. BGP instances have 'redistribute-connected=yes redistribute-static=yes' set.
PS: The following route filter can be used to selectively avoid redistribution to BGP (simply add 'origin=egp' to selective static routes):
- Apply BGP communities
- Blackhole traffic to suppress ping pongs
- Avoid having to manage BGP 'networks'
Code: Select all
/ip route add bgp-communities=\
64512:500,64512:900,64512:4000 \
dst-address=50.50.20.0/20 bgp-origin=igp \
type=blackhole comment="originate via BGP:"- Accept and blackhole on iBGP sessions (when community contains 64512:900)
- Set outgoing MED, prepend or apply upstream BGP community to manipulate local preference (64512:4000 could designate Router 1, 64512:4010 Router 2, etc)
- Accept outgoing advertisements on eBGP sessions (filtering on 64512:500 for your own subnets, you could mark down steam customers with another and peers individually or again by location (preferably both))
We accept primarily a default route from our upstream BGP provider and set OSPF to 'distribute-default=if-installed-as-type-1'.
We peer each provider edge router with redundant route reflectors, but you don't need to concern yourself with that if you have 2 routers, as they will be meshed. BGP instances have 'redistribute-connected=yes redistribute-static=yes' set.
PS: The following route filter can be used to selectively avoid redistribution to BGP (simply add 'origin=egp' to selective static routes):
Code: Select all
/routing filter
add action=discard bgp-origin=egp chain=\
iBGP-out comment="Do not distribute where \
static and BGP origin=egp:" protocol=\
staticWho is online
Users browsing this forum: No registered users and 23 guests