How can I stop OSPF from publishing routes to Private IP ranges?
I havn't added the private IP ranges into the ospf area in "/routing ospf network" but they can still be seen in the routing tables of other routers. The area is displayed as "unknown" in the ospf routing table on the other routers.
All routers are either v3.10 or v3.11
If you need more information let me know.
Regards,
Re: OSPF and private IP ranges
"/routing ospf network" defines ranges, and when addresses on some interface are in these ranges, the interface participates in OSFP distribution, and distributes all routes. if you want to filter some routes, you must use "/routing filter"
Re: OSPF and private IP ranges
I cant find much information regarding "/routing filter"
Could you or anyone provide an example of how to stop a specific subnet from being distributed via OSPF?
Cheers
Could you or anyone provide an example of how to stop a specific subnet from being distributed via OSPF?
Cheers
Re: OSPF and private IP ranges
Don't worry it's actually very straight forward:
e.g.
/routing filter add chain=ospf-out prefix=10.6.50.0/24 action=discard
Cheers.
e.g.
/routing filter add chain=ospf-out prefix=10.6.50.0/24 action=discard
Cheers.
Re: OSPF and private IP ranges
Hello. I have a following problem.
I have a router with 3 interfaces and OSPF routing enabled. I need to hide one of the interfaces from other routers.
I've tried everything:
* I do not add network of this interface to OSPF
* I've set up routing filters for this network
* I've added some firewall rules to filter traffic.
But this seemed not enough.
My setup looks like this:
Interfaces
Addresses
OSPF
OSPF Filters
the problem is that when i disable 3.254 address then everything is OK:
192.168.105.13 -- our designated router (not under my control)
But when i enable it, i've got pings with "redirected" flag (currently i solved problem with firewall filters, but this is NOT OK). 3.x network should be hidden completely from outside.
Currently network is hidden (regardless of 3.254 address enabled) but 3.254 is visible.
Pls help.
PS: in routing table there is no records with 3.x addresses
I have a router with 3 interfaces and OSPF routing enabled. I need to hide one of the interfaces from other routers.
I've tried everything:
* I do not add network of this interface to OSPF
* I've set up routing filters for this network
* I've added some firewall rules to filter traffic.
But this seemed not enough.
My setup looks like this:
Interfaces
Code: Select all
# NAME TYPE RX-RATE TX-RATE MTU
0 R KN ether 0 0 1500
1 R MainGate ether 0 0 1500
2 X 702 ether 0 0 1500
Code: Select all
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.108.254/24 192.168.108.0 192.168.108.255 KN # local network
1 192.168.105.34/24 192.168.105.0 192.168.105.255 MainGate # Local network to backbone area
2 *.*.*.*/27 91.198.10.0 91.198.10.31 MainGate # real IP here
3 192.168.158.254/24 192.168.158.0 192.168.158.255 KN # local network
4 X 192.168.3.254/24 192.168.3.0 192.168.3.255 702 # This one should be hidden (currently disabled)
Code: Select all
/routing ospf interface print
0 interface=KN cost=10 priority=0 authentication-key="12345678"
network-type=broadcast retransmit-interval=5s transmit-delay=1s
hello-interval=10s dead-interval=40s
1 interface=MainGate cost=10 priority=0 authentication-key="12345678"
network-type=broadcast retransmit-interval=5s transmit-delay=1s
hello-interval=10s dead-interval=40s
Code: Select all
/routing ospf network print
Flags: X - disabled, I - invalid
# NETWORK AREA
0 192.168.105.0/24 backbone
1 192.168.108.0/24 backbone
2 192.168.158.0/24 backbone
Code: Select all
/routing filter print
Flags: X - disabled
0 chain=ospf-out prefix=192.168.3.0/24 type=ospf invert-match=no
action=discard
1 chain=ospf-out prefix=192.168.3.254 type=ospf invert-match=no
action=discard
2 chain=ospf-out prefix=192.168.3.0/24 prefix-length=24 type=ospf
invert-match=no action=discard
Code: Select all
1 <1 мс <1 мс <1 мс 192.168.122.254
2 <1 мс 1 ms 1 ms 192.168.105.13
3 192.168.105.13 reports: Destination host unreachable.But when i enable it, i've got pings with "redirected" flag (currently i solved problem with firewall filters, but this is NOT OK). 3.x network should be hidden completely from outside.
Currently network is hidden (regardless of 3.254 address enabled) but 3.254 is visible.
Pls help.
PS: in routing table there is no records with 3.x addresses
Re: OSPF and private IP ranges
hm... ip firewall filter add chain=input dst-address=3.254 action=reject reject-with=icmp-network-unreachable ?
Re: OSPF and private IP ranges
yes, I've setup this currently.hm... ip firewall filter add chain=input dst-address=3.254 action=reject reject-with=icmp-network-unreachable ?
But this leads to 192.168.105.34 reports: destination host unreachable
...
but this is not what i need.
I need that this 3.x network should not be announced to 105.13 so 105.13 should reject with this message. ('Couse 105.13 is default GW here)
Re: OSPF and private IP ranges
Put the interface you don't require in passive mode. That essentially will disable OSPF on that single interface
Based on your original post, I presume this is what you're looking for...
http://www.cisco.com/en/US/tech/tk365/t ... 4704.shtmlQ. How do I stop individual interfaces from developing adjacencies in an OSPF network?
A. To stop routers from becoming OSPF neighbors on a particular interface, issue the passive-interface command at the interface.
In Internet service provider (ISP) and large enterprise networks, many of the distribution routers have more than 200 interfaces. Configuring passive-interface on each of the 200 interfaces can be difficult. The solution in such situations is to configure all the interfaces as passive by default using a single passive-interface default command. Then, configure individual interfaces where adjacencies are desired using the no passive-interface command. For more information, refer to Default Passive Interface Feature.
There are some known problems with the passive-interface default command. Workarounds are listed in Cisco bug ID CSCdr09263 ( registered customers only) .
Based on your original post, I presume this is what you're looking for...
Re: OSPF and private IP ranges
How could I accomplish that on MikroTik?Put the interface you don't require in passive mode. That essentially will disable OSPF on that single interface
...
Based on your original post, I presume this is what you're looking for...
Re: OSPF and private IP ranges
/routing ospf interface set 1 passive=yes
?
?
Re: OSPF and private IP ranges
i didn't add that interface to OSPF at all, that's "702" interface and it's not listed on OSPF
Re: OSPF and private IP ranges
Are you sure that 192.168.105.13 is receiving an announcement for 192.168.3.0/24 or does it perhaps have a static route? See if someone can check its routing table and see if that route is being learned via OSPF, or see if it perhaps has a route for 192.168.0.0/16 pointing to 105.13.yes, I've setup this currently.hm... ip firewall filter add chain=input dst-address=3.254 action=reject reject-with=icmp-network-unreachable ?
But this leads to 192.168.105.34 reports: destination host unreachable
...
but this is not what i need.
I need that this 3.x network should not be announced to 105.13 so 105.13 should reject with this message. ('Couse 105.13 is default GW here)
Re: OSPF and private IP ranges
192.168.105.13 DO NOT receive announcement for 192.168.3.0/24 but do receive for 192.168.3.254/32 (IP address on 702 interface of my router) This route is not listed in IP routes list on other OSPF servers, but when i do traceroute to 192.168.3.254 it goes (not dirrectly through my interface 105.34) through 192.168.105.13.
Is that happening because of presence of all IP addresses on router in OSPF hello packet?
Any way to hide this single address?
Is that happening because of presence of all IP addresses on router in OSPF hello packet?
Any way to hide this single address?