Hello, i'm new to bird and try to setup an OSPF Setup with 4 instances of bird on Linux Systems. The used version is 1.3.8 installed trough the Debian Squeeze Repo provided by bird.network.cz. At the moment i tried to establish an export filter for OSPF, and it seems, that it isn't working at all. Same filter works best as an import filter: filter notrans { if net ~ [ 10.110.1.0/24+ ] then reject; accept; } I want this net (and all subnets) not exported to other nodes in the OSPF Areas. I tried to test the filter on the system where i will export some routes. Without the filter (import all;) i got this (filtered the interface names): 172.27.129.80/28 dev [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.129.64/28 dev [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.129.128/26 dev [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.131.0/28 dev [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.131.64/27 dev [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.131.192/26 dev [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.129.48/28 dev [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.68.0/24 dev [transospf 18:15] * I (150/10) [10.110.1.118] 10.110.1.64/26 dev [transospf 18:52] * I (150/10) [10.110.1.118] << net is there 10.110.1.128/26 dev [transospf 18:52] * I (150/10) [10.110.1.118] << net is there 172.27.128.96/27 dev [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.128.224/29 dev [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.129.32/28 dev [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.9.0/25 dev [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.12.0/24 dev [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.13.0/24 dev [transospf 18:15] * I (150/10) [10.110.1.118] With the filter (import filter notrans;) i got: 172.27.129.80/28 dev as-doritest [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.129.64/28 dev as-dorilive [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.129.128/26 dev as-pmppu [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.131.0/28 dev im-cumulus [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.131.64/27 dev im-coback [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.131.192/26 dev im-misc [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.129.48/28 dev as-im-afadb [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.68.0/24 dev as-pg [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.128.96/27 dev as-immo-dwh [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.128.224/29 dev as-pmptu [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.129.32/28 dev as-im-afaweb [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.9.0/25 dev as-immo-test [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.12.0/24 dev as-immo-web [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.13.0/24 dev as-immo-dbapp [transospf 18:15] * I (150/10) [10.110.1.118] As you can see, both nets are filtered, so i think the filter works as i expected but when i use this filter in export and look on another node i got: 172.27.129.80/28 via 10.110.1.178 on eth1 [transospf 18:20] ! IA (150/20) [10.110.1.118] 172.27.129.64/28 via 10.110.1.178 on eth1 [transospf 18:20] ! IA (150/20) [10.110.1.118] 172.27.129.128/26 via 10.110.1.178 on eth1 [transospf 18:20] * IA (150/20) [10.110.1.118] 172.27.131.0/28 via 10.110.1.178 on eth1 [transospf 18:20] * IA (150/20) [10.110.1.118] 172.27.131.64/27 via 10.110.1.178 on eth1 [transospf 18:20] ! IA (150/20) [10.110.1.118] 172.27.131.192/26 via 10.110.1.178 on eth1 [transospf 18:20] ! IA (150/20) [10.110.1.118] 172.27.129.48/28 via 10.110.1.178 on eth1 [transospf 18:20] ! IA (150/20) [10.110.1.118] 172.27.68.0/24 via 10.110.1.178 on eth1 [transospf 18:20] * IA (150/20) [10.110.1.118] 10.110.1.64/26 via 10.110.1.178 on eth1 [transospf 18:20] * IA (150/20) [10.110.1.118] << this should not happen i think! 10.110.1.128/26 dev eth1 [transospf 18:20] * I (150/10) [10.110.1.118] 172.27.128.96/27 via 10.110.1.178 on eth1 [transospf 18:20] ! IA (150/20) [10.110.1.118] 172.27.128.224/29 via 10.110.1.178 on eth1 [transospf 18:20] * IA (150/20) [10.110.1.118] 172.27.129.32/28 via 10.110.1.178 on eth1 [transospf 18:20] ! IA (150/20) [10.110.1.118] 172.27.9.0/25 via 10.110.1.178 on eth1 [transospf 18:20] * IA (150/20) [10.110.1.118] 172.27.12.0/24 via 10.110.1.178 on eth1 [transospf 18:20] ! IA (150/20) [10.110.1.118] 172.27.13.0/24 via 10.110.1.178 on eth1 [transospf 18:20] ! IA (150/20) [10.110.1.118] You can see, away from the scope link rooute i got the second 10.110 Network. In my eyes this schould not happen when the filter is applied. Did I miss something? Maybe someone could help me with this? Greetings Daniel Wendler
On Wed, Oct 24, 2012 at 07:01:53PM +0200, Wendler, Daniel wrote:
Hello,
i'm new to bird and try to setup an OSPF Setup with 4 instances of bird on Linux Systems. The used version is 1.3.8 installed trough the Debian Squeeze Repo provided by bird.network.cz.
At the moment i tried to establish an export filter for OSPF, and it seems, that it isn't working at all. Same filter works best as an import filter:
filter notrans { if net ~ [ 10.110.1.0/24+ ] then reject; accept; }
I want this net (and all subnets) not exported to other nodes in the OSPF Areas.
I tried to test the filter on the system where i will export some routes. ... 10.110.1.64/26 via 10.110.1.178 on eth1 [transospf 18:20] * IA (150/20) [10.110.1.118] << this should not happen i think! 172.27.128.96/27 via 10.110.1.178 on eth1 [transospf 18:20] ! IA ...
For OSPF, the export filter controls just the propagation of external routes to OSPF. If some OSPF-claimed iface uses that prefix, OSPF will propagate that regardless of filters. See this for similar question and hints how to handle it: http://www.mail-archive.com/bird-users@atrey.karlin.mff.cuni.cz/msg02194.htm... -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Hello, Ok, so i missed out this. This wasn't clear for me after reading the doku. So i will apply such an filter on the "receiving" side. Thanks for your help. Greetings Daniel Am 24.10.12 21:03 schrieb "Ondrej Zajicek" unter <santiago@crfreenet.org>:
On Wed, Oct 24, 2012 at 07:01:53PM +0200, Wendler, Daniel wrote:
Hello,
i'm new to bird and try to setup an OSPF Setup with 4 instances of bird on Linux Systems. The used version is 1.3.8 installed trough the Debian Squeeze Repo provided by bird.network.cz.
At the moment i tried to establish an export filter for OSPF, and it seems, that it isn't working at all. Same filter works best as an import filter:
filter notrans { if net ~ [ 10.110.1.0/24+ ] then reject; accept; }
I want this net (and all subnets) not exported to other nodes in the OSPF Areas.
I tried to test the filter on the system where i will export some routes. ... 10.110.1.64/26 via 10.110.1.178 on eth1 [transospf 18:20] * IA (150/20) [10.110.1.118] << this should not happen i think! 172.27.128.96/27 via 10.110.1.178 on eth1 [transospf 18:20] ! IA ...
For OSPF, the export filter controls just the propagation of external routes to OSPF. If some OSPF-claimed iface uses that prefix, OSPF will propagate that regardless of filters. See this for similar question and hints how to handle it:
http://www.mail-archive.com/bird-users@atrey.karlin.mff.cuni.cz/msg02194.h tml
-- Elen sila lumenn' omentielvo
Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Hello...again, maybe another simple question and/or problem for me... Following output is produced, when i type "birdc show ospf state": BIRD 1.3.8 ready. area 0.0.0.0 router 10.110.1.118 distance 0 xnetwork 0.0.0.0/0 metric 0 area 0.0.0.18 router 10.110.1.118 distance 0 stubnet 172.27.9.0/25 metric 10 stubnet 172.27.13.0/24 metric 10 stubnet 172.27.12.0/24 metric 10 stubnet 172.27.68.0/24 metric 10 stubnet 172.27.128.96/27 metric 10 stubnet 172.27.128.224/29 metric 10 stubnet 172.27.129.32/28 metric 10 stubnet 172.27.129.48/28 metric 10 stubnet 172.27.129.64/28 metric 10 stubnet 172.27.129.80/28 metric 10 stubnet 172.27.129.128/26 metric 10 stubnet 172.27.131.0/28 metric 10 stubnet 172.27.131.64/27 metric 10 stubnet 172.27.131.192/26 metric 10 xnetwork 10.110.1.64/26 metric 10 xnetwork 10.110.1.128/26 metric 10 area 10.110.1.64 router 10.110.1.66 distance 10 network 10.110.1.64/26 metric 10 router 10.110.1.67 distance 10 network 10.110.1.64/26 metric 10 router 10.110.1.116 distance 10 network 10.110.1.64/26 metric 10 xnetwork 10.110.1.128/26 metric 10 xnetwork 10.111.108.0/28 metric 10 xnetwork 10.111.110.0/24 metric 10 xnetwork 10.111.111.0/28 metric 10 xnetwork 10.111.130.0/26 metric 10 xnetwork 10.111.130.64/26 metric 10 xnetwork 10.111.130.128/26 metric 10 xnetwork 10.111.254.0/27 metric 10 xnetwork 10.111.254.32/27 metric 10 xnetwork 10.111.255.0/24 metric 10 router 10.110.1.118 distance 0 network 10.110.1.64/26 metric 10 xnetwork 172.27.9.0/25 metric 10 xnetwork 172.27.12.0/24 metric 10 xnetwork 172.27.13.0/24 metric 10 xnetwork 172.27.68.0/24 metric 10 xnetwork 172.27.128.96/27 metric 10 xnetwork 172.27.128.224/29 metric 10 xnetwork 172.27.129.32/28 metric 10 xnetwork 172.27.129.48/28 metric 10 xnetwork 172.27.129.64/28 metric 10 xnetwork 172.27.129.80/28 metric 10 xnetwork 172.27.129.128/26 metric 10 xnetwork 172.27.131.0/28 metric 10 xnetwork 172.27.131.64/27 metric 10 xnetwork 172.27.131.192/26 metric 10 xnetwork 10.110.1.128/26 metric 10 network 10.110.1.64/26 dr 10.110.1.118 distance 10 router 10.110.1.118 router 10.110.1.67 router 10.110.1.116 router 10.110.1.66 area 10.110.1.128 router 10.110.1.116 distance 10 network 10.110.1.128/26 metric 10 xnetwork 10.110.1.64/26 metric 10 xnetwork 10.111.108.0/28 metric 10 xnetwork 10.111.110.0/24 metric 10 xnetwork 10.111.111.0/28 metric 10 xnetwork 10.111.130.0/26 metric 10 xnetwork 10.111.130.64/26 metric 10 xnetwork 10.111.130.128/26 metric 10 xnetwork 10.111.254.0/27 metric 10 xnetwork 10.111.254.32/27 metric 10 xnetwork 10.111.255.0/24 metric 10 router 10.110.1.118 distance 0 network 10.110.1.128/26 metric 10 xnetwork 172.27.9.0/25 metric 10 xnetwork 172.27.12.0/24 metric 10 xnetwork 172.27.13.0/24 metric 10 xnetwork 172.27.68.0/24 metric 10 xnetwork 172.27.128.96/27 metric 10 xnetwork 172.27.128.224/29 metric 10 xnetwork 172.27.129.32/28 metric 10 xnetwork 172.27.129.48/28 metric 10 xnetwork 172.27.129.64/28 metric 10 xnetwork 172.27.129.80/28 metric 10 xnetwork 172.27.129.128/26 metric 10 xnetwork 172.27.131.0/28 metric 10 xnetwork 172.27.131.64/27 metric 10 xnetwork 172.27.131.192/26 metric 10 xnetwork 10.110.1.64/26 metric 10 router 10.110.1.137 distance 10 network 10.110.1.128/26 metric 10 router 10.110.1.138 distance 10 network 10.110.1.128/26 metric 10 network 10.110.1.128/26 dr 10.110.1.118 distance 10 router 10.110.1.118 router 10.110.1.116 router 10.110.1.137 router 10.110.1.138 But when I type "birdc show route" i only see following routes: BIRD 1.3.8 ready. 172.27.129.80/28 dev [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.129.64/28 dev [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.129.128/26 dev [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.131.0/28 dev [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.131.64/27 dev [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.131.192/26 dev [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.129.48/28 dev [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.68.0/24 dev [transospf 18:15] * I (150/10) [10.110.1.118] 10.110.1.64/26 dev [transospf 09:38] * I (150/10) [10.110.1.118] 10.110.1.128/26 dev [transospf 09:38] * I (150/10) [10.110.1.118] 172.27.128.96/27 dev [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.128.224/29 dev [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.129.32/28 dev [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.9.0/25 dev [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.12.0/24 dev [transospf 18:15] * I (150/10) [10.110.1.118] 172.27.13.0/24 dev [transospf 18:15] * I (150/10) [10.110.1.118] I can not see any of the 10.111. Routes from Router ID 10.110.1.116. On none of the both Systems are any filters set (import all; / export all;) Any idea about this? Thanks in advance Greetings Daniel Wendler
On Thu, Oct 25, 2012 at 11:03:43AM +0200, Wendler, Daniel wrote:
Hello...again,
maybe another simple question and/or problem for me... Following output is produced, when i type "birdc show ospf state":
BIRD 1.3.8 ready.
area 0.0.0.0
router 10.110.1.118 distance 0 xnetwork 0.0.0.0/0 metric 0
area 0.0.0.18 ...
I can not see any of the 10.111. Routes from Router ID 10.110.1.116. On none of the both Systems are any filters set (import all; / export all;)
Any idea about this?
This is because you have a broken backbone (area 0.0.0.0, see above in show ospf state, it contains just 10.110.1.118 ). Area boundary routers have to be connected by backbone. You have to setup some vlinks or merge some areas to the backbone. And, as i wrote before in this mailing list, some OSPF area hints: 1. rule of OSPF areas: Don't use it unless you know exactly what are you doing. 2. rule of OSPF areas: If you still want to use it, stick to stub and NSSA areas and avoid transit areas and vlinks. Just change transit areas to the backbone. -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
participants (2)
-
Ondrej Zajicek -
Wendler, Daniel