Community discussions

MUM Europe 2020
 
pkelly1603
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Mon Jun 15, 2009 11:13 pm

Routing filters problem

Tue Dec 17, 2013 11:14 pm

I am trying to filter on the OSPF-out chain but it does not work the way I expected.

I have 2 routers, "Router 1" and "Router 2". Router 1 has only one rule on the OSPF-out chain (discard all). Here is the router 1 configuration:
/routing filters
add action=discard chain=ospf-out comment="Drop all" disabled=no invert-match=\
    no set-bgp-prepend-path=""

/routing ospf instance
set [ find default=yes ] disabled=no distribute-default=never in-filter=ospf-in \
    metric-bgp=auto metric-connected=20 metric-default=1 metric-other-ospf=auto \
    metric-rip=20 metric-static=20 name=default out-filter=ospf-out \
    redistribute-bgp=no redistribute-connected=no redistribute-other-ospf=no \
    redistribute-rip=no redistribute-static=no router-id=x.x.x.x

Router 2 is receiving routes from Router 1 though and I can't understand why. Shouldn't a discard rule prevent a router from sending its routes to any other routers?

thanks,
Philip
 
samsung172
Forum Guru
Forum Guru
Posts: 1186
Joined: Sat Apr 04, 2009 3:45 am
Location: Østfold - Norway
Contact:

Re: Routing filters problem

Wed Dec 18, 2013 2:45 am

You need to match someting in rule. Usually a firewall routing mark. Chain ospf-in is just the name. not matching "all ospf in traffic"
 
pkelly1603
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Mon Jun 15, 2009 11:13 pm

Re: Routing filters problem

Wed Dec 18, 2013 4:35 pm

I don't understand, what would I match in the rule? Should I put packet marks on OSPF traffic?

I thought the routing filters could tell which chain to use based on which instance the route advertisements were received or sent on. What is the point in setting an "in filter" or "out filter" on an OSPF instance if you have to mark the packets to be filtered anyway?

thanks,
Philip
 
faisali
Member Candidate
Member Candidate
Posts: 179
Joined: Fri Oct 08, 2010 5:11 am

Re: Routing filters problem

Fri Jan 24, 2014 5:34 am

I don't understand, what would I match in the rule? Should I put packet marks on OSPF traffic?

I thought the routing filters could tell which chain to use based on which instance the route advertisements were received or sent on. What is the point in setting an "in filter" or "out filter" on an OSPF instance if you have to mark the packets to be filtered anyway?

thanks,
Philip
I believe you mis-understood the reply.

So, let me try to explain....
Using Filters for filtering routes in & routers out when configuring OSPF is optional.

If you are going to use Filters, you need to define the 'content / rule' of the filter.
What you originally posted is a partial statement about an ospf-out chain with no rule to match anything, thus it is acting as if you did not have a filter defined, i.e. allow everything..

------------ Your Configuration Statement...
/routing filters
add action=discard chain=ospf-out comment="Drop all" disabled=no invert-match=no set-bgp-prepend-path=""
-------------

A proper filter statement would be something like this...

-----------------------
/routing filters
add action=discard chain=ospf-out comment="Drop all" disabled=no invert-match=no prefix=.0.0.0.0/0 prefix-length=0 set-bgp-prepend-path=""
------------------------
Essentially the above statement is saying discard all prefixes that match 0.0.0.0/0 prefix-length=0 i.e. drop everything, do not send anything.

Hope this offers a better explanation.

Who is online

Users browsing this forum: No registered users and 13 guests