Community discussions

MikroTik App
 
sindy
Forum Guru
Forum Guru
Topic Author
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

OSPF - how to filter out routes in redistribution

Mon Dec 20, 2021 9:42 am

Hello experts,

My router (running 6.47.10) has two neighbors, A and B, and there is no other network path between A and B (for the sake of simplicity). Neighbor A advertises static routes whose destinations are outside the instance's list of networks. I can use the ospf-in filter chain to prevent these routes from being imported to my router's own routing table, but I cannot prevent them from being redistributed to Neighbor B - ospf-out seems to only process what my router exports to OSPF, not the redistribution from one neighbor to another. Is this by design or is there some hidden ospf-forward chain?
 
eduplant
Member Candidate
Member Candidate
Posts: 139
Joined: Tue Dec 19, 2017 9:45 am

Re: OSPF - how to filter out routes in redistribution

Mon Dec 20, 2021 10:42 am

I would imagine this is by design.

With a distance vector protocol, ingesting -> modifying -> propagating routes is part of normal operation and path determination. On the other hand, with a link-state protocol, every router in the network needs to have a consistent view of the topology (or at least, the area in OSPF). Allowing a router to filter type-1 and type-2 LSAs would open the door to routers having incomplete information about what the area actually looks like. Filtering type-3 LSAs is sort of reasonable (Cisco supports it) because inter-area routes are essentially a distance vector algorithm past the ABR, but I don’t think ROS supports it. I’m not entirely sure I’ve run into a real life situation where I’ve needed it.

Of course, as long as you act correctly and propagate the LSAs like you’re supposed to, there’s nothing that says that a router actually needs to use all of the routes it learns or add all of the routes that it’s capable of. I’m pretty sure this is where the inbound/outbound routing filters come in.

Out of curiosity, do you have a particular use case where this needs to happen?
 
sindy
Forum Guru
Forum Guru
Topic Author
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: OSPF - how to filter out routes in redistribution

Mon Dec 20, 2021 10:54 am

Out of curiosity, do you have a particular use case where this needs to happen?
The particular use case is to prevent routes advertised by Neighbor A due to a bug from spreading further to the network - in particular it was advertising 127.0.0.1/32. But now as I wanted to show it to you, it's not there any more under /routing ospf routes. There was a power outage in the meantime, so I guess the bug only shows up when you first configure OSPF on that device, whilst if it boots with configuration already in place, it behaves normally.
 
eduplant
Member Candidate
Member Candidate
Posts: 139
Joined: Tue Dec 19, 2017 9:45 am

Re: OSPF - how to filter out routes in redistribution

Mon Dec 20, 2021 11:01 am

The particular use case is to prevent routes advertised by Neighbor A due to a bug from spreading further to the network - in particular it was advertising 127.0.0.1/32.
Oh, strange. I suppose there isn’t a way to prevent it from being advertised on neighbor A if it’s a bug, then?

Does it have any actively harmful effects? Loopbacks obviously shouldn’t be in a routing table but I’m trying to figure out what would actually break if you did. For routers that even implement IPv4 loopback addresses automatically, nothing should believe an OSPF route over a connected route to itself … you would think?
 
User avatar
jprietove
Trainer
Trainer
Posts: 212
Joined: Fri Jun 03, 2016 3:00 pm
Location: Cádiz, Spain
Contact:

Re: OSPF - how to filter out routes in redistribution

Mon Dec 20, 2021 11:59 am

The particular use case is to prevent routes advertised by Neighbor A due to a bug from spreading further to the network
I think you can use two different OSPF Instances in your router, using redistribute-other-ospf. With different OSPF Instances, you can use ospf-filters between them.
 
sindy
Forum Guru
Forum Guru
Topic Author
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: OSPF - how to filter out routes in redistribution

Tue Dec 21, 2021 8:03 pm

Oh, strange. I suppose there isn’t a way to prevent it from being advertised on neighbor A if it’s a bug, then?

Does it have any actively harmful effects? Loopbacks obviously shouldn’t be in a routing table but I’m trying to figure out what would actually break if you did. For routers that even implement IPv4 loopback addresses automatically, nothing should believe an OSPF route over a connected route to itself … you would think?
As said - after reboot of the misbehaving router that destination cannot be found among other routers' imported routes, so it's a bug and no, the misbehaving router is a minor part of an appliance and has no route filters configurable by user.

As for actively harmful effects - yes, nothing should beat a connected route, but knowing how SW development often goes, it is hard to predict what it might actually cause at some recipient.

What may or may not be related - I have a router in the same area that now and then stopped forwarding packets from a particular source address to some destinations within a single remote subnet imported to its routing table via OSPF. To make it forward them again, I had to disable that subnet at its home router (so it disappeared from the routing table of the affected router) and then re-enable it. Then it worked for a while, and then it broke down again. To my cautious relief, it has not happened since the route to 127.0.0.1 stopped being advertised. But it's too early to conclude it was related. The home router of the affected subnet is not the same device like the one advertising the 127.0.0.1, it's its neighbor.
 
sindy
Forum Guru
Forum Guru
Topic Author
Posts: 10205
Joined: Mon Dec 04, 2017 9:19 pm

Re: OSPF - how to filter out routes in redistribution

Tue Dec 21, 2021 8:05 pm

I think you can use two different OSPF Instances in your router, using redistribute-other-ospf. With different OSPF Instances, you can use ospf-filters between them.
Definitely possible, but for five four routers in total, even multiple areas seemed an overkill to me, let alone separate instances. But definitely worth considering should the issue repeat, thank you for the idea.
 
eduplant
Member Candidate
Member Candidate
Posts: 139
Joined: Tue Dec 19, 2017 9:45 am

Re: OSPF - how to filter out routes in redistribution

Wed Dec 22, 2021 2:44 am

As for actively harmful effects - yes, nothing should beat a connected route, but knowing how SW development often goes, it is hard to predict what it might actually cause at some recipient.

Agreed. If I were in your shoes I would be looking for a way to filter it too :). Anything in 127.0.0.0/8 is a martian as far as I’m concerned even if there is no obvious harm.
 
eduplant
Member Candidate
Member Candidate
Posts: 139
Joined: Tue Dec 19, 2017 9:45 am

Re: OSPF - how to filter out routes in redistribution

Wed Dec 22, 2021 3:02 am

The particular use case is to prevent routes advertised by Neighbor A due to a bug from spreading further to the network
I think you can use two different OSPF Instances in your router, using redistribute-other-ospf. With different OSPF Instances, you can use ospf-filters between them.
Yeah with three routers in a straight line, you could. Probably want to be really careful doing that with any non-trivial topology, though. I tried to think through how you would preserve path selection while surrounding a misbehaving router with road-to-nowhere OSPF instances and gave myself a headache before I actually concluded anything :).
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: OSPF - how to filter out routes in redistribution

Wed Dec 22, 2021 3:56 am

RouterOS v7 route filtering can filter routes created by other OSPF LSA types routes I believe, not just external LSAs.
 
eduplant
Member Candidate
Member Candidate
Posts: 139
Joined: Tue Dec 19, 2017 9:45 am

Re: OSPF - how to filter out routes in redistribution

Wed Dec 22, 2021 5:18 am

RouterOS v7 route filtering can filter routes created by other OSPF LSA types routes I believe, not just external LSAs.
Documentation does say that there’s an ospf-type= matcher in routing filters … maybe I should have tested before opening my mouth :)

Who is online

Users browsing this forum: No registered users and 17 guests