Community discussions

 
reliableComputer
just joined
Topic Author
Posts: 8
Joined: Tue Sep 12, 2006 8:51 pm

Route Filter, OSPF, and PPPoE

Thu Jan 25, 2007 12:57 am

Searching for my answers, I came across this thread:
http://forum.mikrotik.com//viewtopic.ph ... ting+filer

Their problem was exactly what I am trying to accomplish now. Of course an answer was never posted.

Currently I have a PPPoE server setup within a /16 network. It has just one ethernet on the /16 to connect it. I want it to receive all the routes from the other routers sending information along the /16.

What I can tell is, when a PPPoE client connects, their route is added to the server, and everything's fine. However, once OSPF realized there's a new "interface/ip", it starts sending out a route on how to get to the network. This is what I want to stop. Since there is no "network", because it's PPPoE. If ospf doesn't add in it's inactive route, then everything propogates properly.

Hopefully this makes some sense. And if there's a better way that I can't see because I'm in the forest, please let me know.

Thanks for any help.
-Keith-
 
User avatar
sadistiko
just joined
Posts: 5
Joined: Sun Aug 31, 2008 11:25 pm

Re: Route Filter, OSPF, and PPPoE

Thu Mar 04, 2010 9:07 am

So, did you fix it?
I also looking for solution. I use V4.5 ROS and have same problem and
Flags: X - disabled 
 0   chain=ospf-out prefix=0.0.0.0/0 prefix-length=32 protocol=ospf 
     invert-match=no action=discard set-disabled=no
doesn't work. This is set on my router that accept PPTP for my clients that have connection to ADSL trough my MTik.
It add this to OSPF routing table and I can't get rid of it.
 
User avatar
martini
Member Candidate
Member Candidate
Posts: 296
Joined: Tue Dec 21, 2004 12:13 am

Re: Route Filter, OSPF, and PPPoE

Thu Mar 04, 2010 9:26 am

its always working.
prefix=0.0.0.0/0 prefix-length=32
must be (for RoS < 4.5)
0 chain=ospf-out prefix=0.0.0.0/0 prefix-length=0-32 protocol=ospf
invert-match=no action=discard set-disabled=no
must be (for RoS > 4.5)
0 chain=ospf-out prefix=0.0.0.0/0 prefix-length=0-128 protocol=ospf
invert-match=no action=discard set-disabled=no
 
User avatar
sadistiko
just joined
Posts: 5
Joined: Sun Aug 31, 2008 11:25 pm

Re: Route Filter, OSPF, and PPPoE

Thu Mar 04, 2010 9:50 am

I still doesn't know what it's wrong with my settings?

I set prefix 32 because I get this routes in my route list:
 7 ADC  10.46.4.0/24       10.46.4.1       Bridge.Sadistiko1  0       
 8 ADC  10.46.4.181/32     10.46.4.1       <pptp-02.dragec>   0       
 9 ADC  10.46.4.182/32     10.46.4.1       <pptp-03.dundich>  0       
10 ADC  10.46.4.187/32     10.46.4.1       <pptp-08.leteci>   0       
11 ADC  10.46.4.188/32     10.46.4.1       <pptp-09.marac>    0       
12 ADo  10.46.5.0/27                       10.46.3.22         110     
13 ADo  10.46.5.32/27                      10.46.1.21         110   
So, I want get rid of those routes: 8,9,10,11

This is listing from my OSPF interfaces:
[leteci@Sadistiko] /routing ospf interface> print
Flags: X - disabled, I - inactive, D - dynamic, P - passive 
 #    INTERFACE                COST  PRI NETWORK-TYPE   AUT... AUTHENTICATIO...
 0    KLIENT.Sadistiko.Silo... 55    1   broadcast      simple 5netospf        
 1    LINK.Sadistiko-Sajmi\... 37    1   broadcast      simple 5netospf        
 2 X  5net.AP proba            37    1   broadcast      simple 5netospf        
 3    Bridge.Sadistiko1        10    1   broadcast      simple 5netospf        
 4 D  <pptp-08.leteci>         10    1   point-to-point none                   
 5 D  <pptp-03.dundich>        10    1   point-to-point none                   
 6 D  <pptp-02.dragec>         10    1   point-to-point none                   
 7 D  <pptp-09.marac>          10    1   point-to-point none
And I already wrote this:
Flags: X - disabled 
0   chain=ospf-out prefix=0.0.0.0/0 prefix-length=32 protocol=ospf 
     invert-match=no action=discard set-disabled=no
And it still send those routes to other routers in network.
Do I need to reboot to take effect maybe?
 
User avatar
martini
Member Candidate
Member Candidate
Posts: 296
Joined: Tue Dec 21, 2004 12:13 am

Re: Route Filter, OSPF, and PPPoE

Thu Mar 04, 2010 12:12 pm

why you need ospf on pptp ????
if you whant that router dont send routes to neighbour - change the config like in my last post
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5942
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Route Filter, OSPF, and PPPoE

Thu Mar 04, 2010 1:53 pm

For pppoe. Make all pppoe interfaces passiv in ospf interface configuration. Add pppoe /16 network to different area than backbone and use area range. to aggregate all /32 routes into on e/16 network. This is the proper way how to set up ospf in such cases.
 
User avatar
sadistiko
just joined
Posts: 5
Joined: Sun Aug 31, 2008 11:25 pm

Re: Route Filter, OSPF, and PPPoE

Fri Mar 05, 2010 6:52 am

@martini
why you need ospf on pptp ????
if you whant that router dont send routes to neighbour - change the config like in my last post
You didn't understand me. I don't want ospf to propagate pptp to other parts of network. This, mine, ROS is part of our network and it is part of OSPF routers that actively route our network. I doesn't see difference from what you wrote and what I made on router. Sorry.

@mrz
For pppoe. Make all pppoe interfaces passiv in ospf interface configuration. Add pppoe /16 network to different area than backbone and use area range. to aggregate all /32 routes into on e/16 network. This is the proper way how to set up ospf in such cases.
I made as you said. My pptp clients now gets 172.16.254.x IP's and now ospf doesn't propagate those IP's anymore. My area on network covers only 10.0.0.0/8 subnets so 172.16.x.x is out of bussiness. I can't set those pptp interaces as passive in OSPF interface properties because those pptp interfaces are made dinamicaly when clients connect.. For now it works. Thanks
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5942
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Route Filter, OSPF, and PPPoE

Fri Mar 05, 2010 9:08 am

Yo can set them passive, add ethernet interfaces explicitly and add one more entry for interface all with property passive=yes. In such configuration all dynamic interfaces will be passive.
 
Altare
just joined
Posts: 10
Joined: Wed Jun 22, 2016 1:11 pm

Re: Route Filter, OSPF, and PPPoE

Wed Jun 22, 2016 1:29 pm

For pppoe. Make all pppoe interfaces passiv in ospf interface configuration. Add pppoe /16 network to different area than backbone and use area range. to aggregate all /32 routes into on e/16 network. This is the proper way how to set up ospf in such cases.
Sorry to drag up an old thread, but it's top of the searches on the subject so here goes.
While the solution from mrz is correct for an OSPF design where all routers are backbone routers, in larger networks this wont always be the case. The problem here then is filtering the PPPoE interfaces from the backbone, but using an area range command on the ABR then causes loss of routing for non-PPPoE devices on the same subnet. I think I have an easier solution for filtering PPPoE, even intra-area. Either configure a blackhole route and redistribute this into OSPF for the subnet and don't add an area command for the PPPoE subnet, or configure a loopback for the subnet and set the OSPF instance to redistribute connected interfaces, but set an ospf-out filter on the subnet with /32 prefix length. I chose the latter as it allows engineers to connect on site without having to use PPPoE.
 
mducharme
Trainer
Trainer
Posts: 874
Joined: Tue Jul 19, 2016 6:45 pm

Re: Route Filter, OSPF, and PPPoE

Tue Jul 19, 2016 6:47 pm

For pppoe. Make all pppoe interfaces passiv in ospf interface configuration. Add pppoe /16 network to different area than backbone and use area range. to aggregate all /32 routes into on e/16 network. This is the proper way how to set up ospf in such cases.
Sorry to drag up an old thread, but it's top of the searches on the subject so here goes.
While the solution from mrz is correct for an OSPF design where all routers are backbone routers, in larger networks this wont always be the case. The problem here then is filtering the PPPoE interfaces from the backbone, but using an area range command on the ABR then causes loss of routing for non-PPPoE devices on the same subnet. I think I have an easier solution for filtering PPPoE, even intra-area. Either configure a blackhole route and redistribute this into OSPF for the subnet and don't add an area command for the PPPoE subnet, or configure a loopback for the subnet and set the OSPF instance to redistribute connected interfaces, but set an ospf-out filter on the subnet with /32 prefix length. I chose the latter as it allows engineers to connect on site without having to use PPPoE.
Hi, can you explain exactly how you did this? We have an ospf-out filter but it seems to be having no affect on intra-area routes.
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 5942
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: Route Filter, OSPF, and PPPoE

Wed Jul 20, 2016 10:32 am

Routing filters can filter only external routes. Inter and intra routes cannot be filtered.
 
mducharme
Trainer
Trainer
Posts: 874
Joined: Tue Jul 19, 2016 6:45 pm

Re: Route Filter, OSPF, and PPPoE

Mon Jul 25, 2016 11:17 pm

Routing filters can filter only external routes. Inter and intra routes cannot be filtered.
Hi,

Yes, we figured this out already and figured out how to do it.

The trick, which wasn't clear, is you purposely do not add the PPPoE subnets into the "networks" list on the Mikrotik under OSPF. Instead you redistribute connected (either as type 1 or type 2), and then the PPPoE subnets appear as type 5 (external) LSAs, and the ospf-out filter works on them.

The filter can then remove the /32's for the individual tunnels, leaving behind the larger subnet.

The end result is that you get rid of the tunnel IPs without having to set up a separate stub area; the only change is that the PPPoE subnet appears as external (LSA type 5) instead of intra-area type 1, but I do not see any issues with this - unless you do, mrz? (we are already using this in production and it seems fine)

Who is online

Users browsing this forum: Google [Bot] and 113 guests