Hello list, I'm a new in Bird word :). I'm working on a Bird mock-up. I'm actually blocked on OSPF filters. OSPF conf for First Router: *protocol ospf OSPF {* * import filter NFRANCE_OSPF_IN;* * export filter NFRANCE_OSPF_OUT;* * rfc1583compat yes;* * area 0 {* * interface "xn1" {* * type broadcast;* * };* * interface "xn2" {* * stub;* * };* * };* *};* OSPF conf for Second Router: *protocol ospf OSPF {* * import filter NFRANCE_OSPF_IN;* * export filter NFRANCE_OSPF_OUT;* * rfc1583compat yes;* * area 0 {* * interface "xn1" {* * type broadcast;* * };* * interface "xn2" {* * stub;* * };* * };* *};* Filters: *filter NFRANCE_OSPF_IN {* * if net ~ [80.247.224.0/20{24,32} <http://80.247.224.0/20{24,32}>] && (source ~ [ RTS_OSPF_EXT1, RTS_OSPF_EXT2 ])* * then* * {* * print net, " is accepted => OSPF_IN Public Nfrance";* * accept;* * }* * if net ~ [0.0.0.0/0{30,30} <http://0.0.0.0/0{30,30}>] && (source ~ [ RTS_OSPF_EXT1, RTS_OSPF_EXT2 ])* * then* * {* * print net, " is accepted => OSPF_IN Interco /30";* * accept;* * }* * else* * {* * print net, " is rejected => non OSPF_IN compliant";* * reject;* * }* * }* 80.247.227.2/24 is installed on Router 1, xn2 interface, Export network 80.247.227.0/24 on router 1 is ok but Import on the another router is KO. Indeed, If I use the condition: *if net ~ [80.247.224.0/20{24,32} <http://80.247.224.0/20{24,32}>] && (source ~ [ RTS_OSPF_EXT1, RTS_OSPF_EXT2 ])* 80.247.227.0/24 is rejected by the OSPF neighbor filter rule* NFRANCE_OSPF_IN* 2016-11-25 16:31:28 <INFO> 80.247.227.0/24 is rejected => non OSPF_IN compliant If I use the condition: *if net ~ [80.247.224.0/20{24,32} <http://80.247.224.0/20{24,32}>] *without *&& (source ~ [ RTS_OSPF_EXT1, RTS_OSPF_EXT2 ])* 80.247.227.0/24 is accepted by the OSPF neighbor filter rule* NFRANCE_OSPF_IN* 2016-11-25 16:42:18 <INFO> 80.247.227.0/24 is accepted => OSPF_IN Public Nfrance And when I check the bird route when network is accepted, I can see "OSPF" bird> show route 0.0.0.0/0 via 192.168.0.254 on xn0 [kernel1 16:35:00] * (10) 192.168.0.221/32 dev lo0 [kernel1 16:35:00] * (10) *80.247.227.0/24 <http://80.247.227.0/24> via 172.16.51.4 on xn1 [OSPF 16:42:18] * I (150/20) [192.168.0.223]* 172.16.51.1/32 dev lo0 [kernel1 16:35:00] * (10) bird> So I don't understand why *&& (source ~ [ RTS_OSPF_EXT1, RTS_OSPF_EXT2 ]) *does not match when the rule is added to my filter ? I use FreeBSD 10, Is there an issue on FBSD regarding RTS_* ? __ *Jean-Baptiste COUPIAC*
On Fri, Nov 25, 2016 at 05:45:52PM +0100, Jean-Baptiste COUPIAC wrote:
Hello list,
I'm a new in Bird word :).
I'm working on a Bird mock-up. I'm actually blocked on OSPF filters.
... And when I check the bird route when network is accepted, I can see "OSPF" bird> show route 0.0.0.0/0 via 192.168.0.254 on xn0 [kernel1 16:35:00] * (10) 192.168.0.221/32 dev lo0 [kernel1 16:35:00] * (10) *80.247.227.0/24 <http://80.247.227.0/24> via 172.16.51.4 on xn1 [OSPF 16:42:18] * I (150/20) [192.168.0.223]* 172.16.51.1/32 dev lo0 [kernel1 16:35:00] * (10) bird>
So I don't understand why *&& (source ~ [ RTS_OSPF_EXT1, RTS_OSPF_EXT2 ]) *does not match when the rule is added to my filter ?
Hello The expression does not mach because you are matching against OSPF external route types, while the route is OSPF internal route (RTS_OSPF). You have to use: [ RTS_OSPF, RTS_OSPF_IA, RTS_OSPF_EXT1, RTS_OSPF_EXT2 ] For a set of all OSPF route types. Or just check that source = RTS_OSPF if you know the route is OSPF internal. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Hello, Thank you very much, Firstly, I've forgot OSPF import rule is check for routes learned from kernel. Secondly, I've didn't see misktake regarding RTS_OSPF. Now, It work perfectly Regards, __ *Jean-Baptiste * 2016-11-30 13:48 GMT+01:00 Ondrej Zajicek <santiago@crfreenet.org>:
On Fri, Nov 25, 2016 at 05:45:52PM +0100, Jean-Baptiste COUPIAC wrote:
Hello list,
I'm a new in Bird word :).
I'm working on a Bird mock-up. I'm actually blocked on OSPF filters.
... And when I check the bird route when network is accepted, I can see "OSPF" bird> show route 0.0.0.0/0 via 192.168.0.254 on xn0 [kernel1 16:35:00] * (10) 192.168.0.221/32 dev lo0 [kernel1 16:35:00] * (10) *80.247.227.0/24 <http://80.247.227.0/24> via 172.16.51.4 on xn1 [OSPF 16:42:18] * I (150/20) [192.168.0.223]* 172.16.51.1/32 dev lo0 [kernel1 16:35:00] * (10) bird>
So I don't understand why *&& (source ~ [ RTS_OSPF_EXT1, RTS_OSPF_EXT2 ]) *does not match when the rule is added to my filter ?
Hello
The expression does not mach because you are matching against OSPF external route types, while the route is OSPF internal route (RTS_OSPF). You have to use:
[ RTS_OSPF, RTS_OSPF_IA, RTS_OSPF_EXT1, RTS_OSPF_EXT2 ]
For a set of all OSPF route types.
Or just check that source = RTS_OSPF if you know the route is OSPF internal.
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
participants (2)
-
Jean-Baptiste COUPIAC -
Ondrej Zajicek