Is it possible to apply filter on OSPF interfaces within the same area?

Peter Hessler phessler at theapt.org
Wed Feb 1 11:23:38 CET 2017


Quite honestly, if you don't trust them then don't let them inject
routes into OSPF.  OSPF is an *Interior* routing protocol, which means
all participants are under the same administrative control.

BGP is a far better choice for this.


On 2017 Feb 01 (Wed) at 09:47:31 +0800 (+0800), Steve Leung wrote:
:Yea I know this is not standard, but for some reason I need to figure out
:how to handle this scenario, you know sometimes we do not have control of
:the whole network :(
:
:Best regards,
:Steve
:
:
:2017-01-27 21:52 GMT+08:00 Eelco Nieuwstad <eelco.nieuwstad at columbo.nl>:
:
:> Hi,
:>
:> this would brake OSPF completely. You can only filter routes between
:> area's and not within. This is fundamental for link state protocols like
:> OSPF
:>
:>
:> Eelco Nieuwstad
:>
:> On 27-01-17 08:53, Steve Leung wrote:
:>
:> Hi,
:>
:> Using OSPF, when receiving some routes from a network interface, by
:> default all routes will be re-advertised to other interfaces within the
:> same area without applying the filter rules.
:>
:> Say in the below example.
:>
:> ===
:> protocol ospf myospf {
:>         table t_ospf;
:>         import filter ifilter;
:>         export filter ofilter;
:>         area 0 {
:>                 interface "eth*" {
:>                         hello 10; retransmit 2; wait 10; dead 300; cost 10;
:>                 };
:>         };
:> }
:> ===
:>
:> Routes received from "eth1" will be _forwarded_ to "eth2" and bypassed all
:> the filters. Is it possible to configure bird.conf so only some of the
:> routes will be re-advertised? (aka apply filters to interface within the
:> same OSPF area)
:>
:> Creating multiple ospf instance and treat the routes as "external routes"
:> (so filter will apply) is not a good idea for me because the environment is
:> quite dynamic, may even have hundreds of dynamic virtual interface, and I
:> hope I do not need to edit the config file all the time.
:>
:> Thank you so much for your time.
:>
:>
:> Best regards,
:> Steve
:>
:>
:>
:>

-- 
An effective way to deal with predators is to taste terrible.


More information about the Bird-users mailing list