v7.12 ospf learn from neibor
DIo 192.168.100.0/27 100.64.128.1%ether2 110
DIo 172.17.6.0/26 100.64.128.1%ether2 110
DIo 10.1.236.0/24 100.64.128.1%ether2 110
DIo 10.1.238.0/25 100.64.128.1%ether2 110
DIo 10.1.238.128/26 100.64.128.1%ether2 110
DIo 10.1.239.128/25 100.64.128.1%ether2 110
DIo 10.1.240.0/24 100.64.128.1%ether2 110
DIo 10.1.241.32/27 100.64.128.1%ether2 110
DIo 10.1.242.0/27 100.64.128.1%ether2 110
DIo 10.1.243.0/24 100.64.128.1%ether2 110
DAo 10.1.243.8/32 100.64.128.1%ether2 110
DIo 10.1.244.0/25 100.64.128.1%ether2 110
/ospf instance/ name=ospf-1 in-filter=ospf-in
/ospf filter rule/ chain=ospf-in rule="if (dst in mylist && dst-len in 16-32) {accept;}"
/ip a a add list=mylist address=10.0.0.0/8
but just one entry is active
DAo 10.1.243.8/32 100.64.128.1%ether2 110
if i change the script to "if (dst in 10.0.0.0/8 && dst-len in 16-32) {accept;}"
the Rule execution is correct
DIo 192.168.100.0/27 100.64.128.1%ether2 110
DIo 172.17.6.0/26 100.64.128.1%ether2 110
DAo 10.1.236.0/24 100.64.128.1%ether2 110
DAo 10.1.238.0/25 100.64.128.1%ether2 110
DAo 10.1.238.128/26 100.64.128.1%ether2 110
DAo 10.1.239.128/25 100.64.128.1%ether2 110
DAo 10.1.240.0/24 100.64.128.1%ether2 110
DAo 10.1.241.32/27 100.64.128.1%ether2 110
DAo 10.1.242.0/27 100.64.128.1%ether2 110
DAo 10.1.243.0/24 100.64.128.1%ether2 110
DAo 10.1.243.8/32 100.64.128.1%ether2 110
DAo 10.1.244.0/25 100.64.128.1%ether2 110
SO rule use address-list "dst in list_name" has any question? , and when use address-list ,why just /32 entry be matched ?
Re: routing filter rule use address-list problem
test found, use address-list just can do the Accurate matching
if add the list like:
/ip a a add list=mylist address=10.1.238.128/26
/ip a a add list=mylist address=10.1.240.0/24
/ip a a add list=mylist address=10.1.243.0/24
/ospf filter rule/ chain=ospf-in rule="if (dst in mylist && dst-len in 16-32) {accept;}"
then the result:
DIo 192.168.100.0/27 100.64.128.1%ether2 110
DIo 172.17.6.0/26 100.64.128.1%ether2 110
DIo 10.1.236.0/24 100.64.128.1%ether2 110
DIo 10.1.238.0/25 100.64.128.1%ether2 110
DAo 10.1.238.128/26 100.64.128.1%ether2 110
DIo 10.1.239.128/25 100.64.128.1%ether2 110
DAo 10.1.240.0/24 100.64.128.1%ether2 110
DIo 10.1.241.32/27 100.64.128.1%ether2 110
DIo 10.1.242.0/27 100.64.128.1%ether2 110
DAo 10.1.243.0/24 100.64.128.1%ether2 110
DAo 10.1.243.8/32 100.64.128.1%ether2 110
DIo 10.1.244.0/25 100.64.128.1%ether2 110
BUT Since it's an exact match,it can match /32 entry !!
So this is very difficult to use
if add the list like:
/ip a a add list=mylist address=10.1.238.128/26
/ip a a add list=mylist address=10.1.240.0/24
/ip a a add list=mylist address=10.1.243.0/24
/ospf filter rule/ chain=ospf-in rule="if (dst in mylist && dst-len in 16-32) {accept;}"
then the result:
DIo 192.168.100.0/27 100.64.128.1%ether2 110
DIo 172.17.6.0/26 100.64.128.1%ether2 110
DIo 10.1.236.0/24 100.64.128.1%ether2 110
DIo 10.1.238.0/25 100.64.128.1%ether2 110
DAo 10.1.238.128/26 100.64.128.1%ether2 110
DIo 10.1.239.128/25 100.64.128.1%ether2 110
DAo 10.1.240.0/24 100.64.128.1%ether2 110
DIo 10.1.241.32/27 100.64.128.1%ether2 110
DIo 10.1.242.0/27 100.64.128.1%ether2 110
DAo 10.1.243.0/24 100.64.128.1%ether2 110
DAo 10.1.243.8/32 100.64.128.1%ether2 110
DIo 10.1.244.0/25 100.64.128.1%ether2 110
BUT Since it's an exact match,it can match /32 entry !!
So this is very difficult to use
Who is online
Users browsing this forum: No registered users and 8 guests