Mailing List Archive: [OSPF] How to deny/permit routes in LS packet?

Hi all,
Please help me...

This is my routing table
===================================================
K>* 0.0.0.0/0 via 192.168.4.53, usb0
C>* 127.0.0.0/8 is directly connected, lo
C>* 192.168.1.0/24 is directly connected, br0
O 192.168.3.0/24 [110/10] is directly connected, gretunnel, 00:02:40
C>* 192.168.3.0/24 is directly connected, gretunnel
C>* 192.168.4.52/30 is directly connected, usb0
K>* 192.168.6.143/32 via 192.168.4.53, usb0
===================================================
If I don't want to send the route "192.168.4.52/30" to peer OSPF server,
how can I do?

If I receive some route information from peer OSPF server, but I don't want
them, how can I deny them?

Are there any configure setting or example files in quagga?

Thanks

On Tue, 11 Apr 2017, ??? wrote:

> Hi all,
> Please help me...
>
> This is my routing table
> ===================================================
> K>* 0.0.0.0/0 via 192.168.4.53, usb0
> C>* 127.0.0.0/8 is directly connected, lo
> C>* 192.168.1.0/24 is directly connected, br0
> O 192.168.3.0/24 [110/10] is directly connected, gretunnel, 00:02:40
> C>* 192.168.3.0/24 is directly connected, gretunnel
> C>* 192.168.4.52/30 is directly connected, usb0
> K>* 192.168.6.143/32 via 192.168.4.53, usb0
> ===================================================
> If I don't want to send the route "192.168.4.52/30" to peer OSPF server,
> how can I do?

Well, OSPF is a link-state routing protocol. It doesn't necessarily send
routes. The core part of OSPF sends messages that describe the links -
router and network LSAs. Another part of OSPF on top of that can
distribute routes with respect to the previous part.

So....

- To prevent the core link-state part of OSPF from describing that
connected (hence 'C') link on usb0, ensure OSPF is not enabled on that
interface.

* No 'network' statements that match its prefix (unfortunately, I
don't think we have a way to have a very wide matching network
prefix, but then a way to selectively disable OSPF for
interfaces matching sub-prefixes).

* No 'passive' interface config for it.

- To prevent the other part from injecting routes, either:

* Do not 'redistribute connected' (this usually is not a good thing to
do)

* If you must redistribute connected, use a 'distribute-list' or a
route-map to allow only the prefixes you need in OSPF through.

> If I receive some route information from peer OSPF server, but I don't want
> them, how can I deny them?

First you should read:

https://blogs.oracle.com/paulj/entry/why_can_t_i_filter

It's not always a good idea to filter things in OSPF. It doesn't work
like filtering in a DV protocol.

Second, if you must, you can apply filters in 'zebra' when it receives a
route from ospfd, by applying a route-map using the 'ip protocol ...'
command.

> Are there any configure setting or example files in quagga?

If you do some tinkering on the above, and want to submit a
documentation update as a result, that'd be great. ;)

regards,
--
Paul Jakma | paul@jakma.org | @pjakma | Key ID: 0xD86BF79464A2FF6A
Fortune:
It's easy to get on the internet and forget you have a life
-- Topic on #LinuxGER