Community discussions

MUM Europe 2020
just joined
Topic Author
Posts: 6
Joined: Fri Dec 09, 2005 11:18 pm

Route filters works, but trespassing

Sun Dec 03, 2006 2:18 pm

4 routers, all connected in this way:
A <--> B <--> C <--> D
And having routing-test enabled on routers B and C (which are in the middle) and filtering all unwanted networks (distinct than like this:
/ routing filter 
add chain=ospf-out prefix= prefix-length=8-27 invert-match=no \
    action=accept comment="" disabled=no 
add chain=ospf-out invert-match=no action=discard comment="" disabled=no
Routes distinct than with prefix 28-32 doesn't appear on routers B and C, so looks like the filters are working OK, but....

Having a local route on router A like 192.168..0.0/24, which is correctly filtered on routers B and C, do appear again on router D. How it could be possible? Is there any way to avoid this? (there is no direct connection between router A and D, and what is wanted to achieve is avoid routes trespassing the filters)

Tested on 2.9.30 and 2.9.38
User avatar
Posts: 394
Joined: Sat Apr 16, 2005 6:38 pm
Location: Germany

Sun Dec 03, 2006 7:01 pm

Link state protocols such as OSPF can only filter which routes are actually installed into a routers local routing table, but they are by definition not allowed to exclude selected LSAs from their advertisements, as this would break the link state calculation on other routers. Therefore filtering routes on B and C does not prevent them from still appearing in the LSDB of router D and then being installed into the local routing table on D if you do not filter them there.


Who is online

Users browsing this forum: PROXCON and 93 guests