Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Filter incoming OSPF routes #18031

Open
muebel opened this issue Feb 5, 2025 · 4 comments
Open

Filter incoming OSPF routes #18031

muebel opened this issue Feb 5, 2025 · 4 comments

Comments

@muebel
Copy link

muebel commented Feb 5, 2025

Hi
I would like to filter incoming routes learned by OSPF. Referring to #10022, this can be accomplished by preventing that zebra installs this routes in the kernel. I tried with the following configuration, but the route to 10.0.222.0/24 still appears in both, the OSPF (show ip ospf route) and the kernel (show ip route) routing tables.

ip prefix-list FILTER-OSPF-INCOMING seq 10 permit 10.0.222.0/24 le 32

route-map MAP-OSPF-INCOMING deny 10
 match ip address prefix-list FILTER-OSPF-INCOMING

ip protocol ospf route-map MAP-OSPF-INCOMING

Where might be the problem? I tried with frr version 8.0.1 and 10.2.1
@aceelindem
Copy link
Collaborator

Since you are permitting the route, it is going to be installed. What you want is:

ip prefix-list FILTER-OSPF-INCOMING seq 10 deny 10.0.222.0/24
ip prefix-list FILTER-OSPF-INCOMING seq 100 permit any

@muebel
Copy link
Author

muebel commented Feb 6, 2025
edited
Loading

Thanks a lot for your answer. I changed the configuration to

ip prefix-list FILTER-OSPF-INCOMING seq 10 deny 10.0.222.0/24
ip prefix-list FILTER-OSPF-INCOMING seq 100 permit any

route-map MAP-OSPF-INCOMING deny 10
 match ip address prefix-list FILTER-OSPF-INCOMING

ip protocol ospf route-map MAP-OSPF-INCOMING

This blocks all routes.

@muebel
Copy link
Author

muebel commented Feb 6, 2025

I just figured it out. This configuration filters the network 10.0.222.0/24 correctly. route-map must be set to "permit".

ip prefix-list FILTER-OSPF-INCOMING seq 10 deny 10.0.222.0/24
ip prefix-list FILTER-OSPF-INCOMING seq 100 permit any

route-map MAP-OSPF-INCOMING permit 10
 match ip address prefix-list FILTER-OSPF-INCOMING

ip protocol ospf route-map MAP-OSPF-INCOMING

Thanks a lot for guiding me in the right direction

@muebel
Copy link
Author

muebel commented Feb 6, 2025
edited
Loading

One more question. The configuration above prevents that the route to 10.0.222.0/24 is passed to the Linux kernel. Under the Linux CLI command "ip route show", the route does not appear. This is expected with the applied route-map. But the route appears under both vtysh command "show ip route ospf" and "show ip route". The documentation to "ip protocol ...." suggests, that the filter is applied before the route is passed to Zebra "...will cause all protocols that are sending routes to zebra". Why does the route appear in the Zebra routing table?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@muebel @aceelindem