Community discussions

MikroTik App
 
dog
Member Candidate
Member Candidate
Topic Author
Posts: 186
Joined: Wed Aug 12, 2009 3:37 pm
Location: Germany

OSPF - I'm too stupid

Thu Feb 25, 2010 9:28 pm

Hi,

I have played a bit with OSPF and got it working but never in the way I like it to be.
Take the following router:
ether1  10.0.0.1/30
ether2  10.0.1.2/30
loop1   192.168.0.1/32
wlan1   192.168.0.129/25
Now everything I want to do is run OSPF on ether1 and ether2 to receive routes and redistribute them, but only "publish" this route:
192.168.0.0/24
The nearest I have come to that is enable OSPF for ether1 and ether2 and set redistribute-connected but that will result in the transfer networks being distributed and loop1 and wlan1 as two seperate routes where they could be aggregated.

Can anyone take me in the right direction?

Thanks.
 
User avatar
Ibersystems
Forum Guru
Forum Guru
Posts: 1686
Joined: Wed Apr 12, 2006 12:29 am
Location: Cabrils, Barcelona - Spain
Contact:

Re: OSPF - I'm too stupid

Fri Feb 26, 2010 1:23 am

hi,

you don't have the route you would publish.. then..
 
changeip
Forum Guru
Forum Guru
Posts: 3833
Joined: Fri May 28, 2004 5:22 pm

Re: OSPF - I'm too stupid

Fri Feb 26, 2010 1:32 am

ospf-in and ospf-out chains in routing filters? I am still learning this myself.
 
User avatar
DeVerm
just joined
Posts: 24
Joined: Thu Feb 11, 2010 2:49 am
Location: Panama
Contact:

Re: OSPF - I'm too stupid

Fri Feb 26, 2010 5:21 pm

There is a simple way to do that, much like it is done in BGP:

Set up a black hole for the /24, like a static route to a Null interface. Your normal routing will still work because you have more significant routes (higher prefix).

Next, in OSPF, setup the config to redistribute static routes with a filter list to only allow that /24 to be announced.

cheers,
Nick.
 
dog
Member Candidate
Member Candidate
Topic Author
Posts: 186
Joined: Wed Aug 12, 2009 3:37 pm
Location: Germany

Re: OSPF - I'm too stupid

Sat Feb 27, 2010 1:38 am

Hi Nick,

thank you, the blackhole tip brought me quite a bit forward.
However I am having a problem filtering out the transfer networks.
Under
/routing ospf networks
I set
add network=10.0.0.0/16 area=backbone
to start OSPF on both needed interfaces.

Then I added a routing filter
/routing filter add chain=ospf-out action=discard
That should have filterd out all networks in my opinion, but a router will still learn a transfer network it is not directly attached to :?:
 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: OSPF - I'm too stupid

Sat Feb 27, 2010 1:56 am

No routing filters installed:
[admin@rb750g] /routing filter> pri
Flags: X - disabled
[admin@rb750g] 
And an area router:
asa# show route | i E2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
O E2 172.16.1.0 255.255.255.0 [110/20] via 192.168.1.3, 0:00:53, inside
O E2 10.0.0.0 255.255.255.0 [110/20] via 192.168.1.3, 0:00:53, inside
O E2 10.255.255.255 255.255.255.255 [110/20] via 192.168.1.3, 0:00:53, inside
asa# 
Add a routing filter dropping everything:
[admin@rb750g] /routing filter> add chain=ospf-out action=discard
[admin@rb750g] /routing filter> pri
Flags: X - disabled 
 0   chain=ospf-out invert-match=no action=discard 
[admin@rb750g]
And the routes disappear from the area router:
asa# show route | i E2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
asa# 
Randomly get a little more specific:
[admin@rb750g] /routing filter> set 0 prefix-length=24
[admin@rb750g] /routing filter> pri
Flags: X - disabled 
 0   chain=ospf-out prefix-length=24 invert-match=no action=discard 
[admin@rb750g]
Routes pop back up:
asa# show route | i E2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
O E2 10.255.255.255 255.255.255.255 [110/20] via 192.168.1.3, 0:00:09, inside
asa#
 
dog
Member Candidate
Member Candidate
Topic Author
Posts: 186
Joined: Wed Aug 12, 2009 3:37 pm
Location: Germany

Re: OSPF - I'm too stupid

Sat Feb 27, 2010 2:24 am

Same experiment:
+----+                 +---+                 +---+
|RX  |-- 10.0.0.0/30 --|R1 |-- 10.0.1.0/30 --|R2 |-- 10.0.2.0/30 ...
+----+                 +---+                 +---+
                   192.168.0.1/32        192.168.1.1/32
no filters:
[admin@RX] > ip route pr
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE
 2 ADo  10.0.1.0/30                        10.0.0.1           110     
 3 ADo  10.0.2.0/30                        10.0.0.1           110     
 4 ADo  192.168.0.0/24                     10.0.0.1           110     
 5 ADo  192.168.1.0/24                     10.0.0.1           110   
(I want #2 and #3 gone)

adding filter:
[admin@R1] /routing filter> pr
Flags: X - disabled 
 0   chain=ospf-out invert-match=no action=discard
and result:
[admin@RX] > ip route pr
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 #      DST-ADDRESS        PREF-SRC        GATEWAY            DISTANCE    
 2 ADo  10.0.1.0/30                        10.0.0.1           110     
 3 ADo  10.0.2.0/30                        10.0.0.1           110     
 4 ADo  192.168.1.0/24                     10.0.0.1           110        
so even though I filtered out everything at R1 the left-side RX still receives the routes (even after restarting OSPF).
Only difference I can see is that your routes are type 2 while I set type1 for static routes and no for all other types.
Last edited by dog on Sat Feb 27, 2010 2:52 am, edited 1 time in total.
 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: OSPF - I'm too stupid

Sat Feb 27, 2010 2:36 am

Strange. When you add logging for OSPF on R1, does it show you that it's deleting LSAs?
16:32:47 route,ospf,debug Age prematurely: flushing LSA 
16:32:47 route,ospf,debug     lsa=AS-External LSA id=10.255.255.255 originator=192.168.1.3 seqnum=0x80000002 
16:32:47 route,ospf,debug Installing an LSA 
16:32:47 route,ospf,debug     lsa=AS-External LSA id=10.255.255.255 originator=192.168.1.3 seqnum=0x80000002 
16:32:47 route,ospf,debug     old=AS-External LSA id=10.255.255.255 originator=192.168.1.3 seqnum=0x80000002 
16:32:47 route,ospf,debug Adding to neighbor's retransmit list 
16:32:47 route,ospf,debug     lsa=AS-External LSA id=10.255.255.255 originator=192.168.1.3 seqnum=0x80000002 
16:32:47 route,ospf,debug     neighbor=192.168.1.1 
16:32:47 route,ospf,debug     number of retransmits=1 
16:32:47 route,ospf,debug Deleting an LSA 
16:32:47 route,ospf,debug     lsa=AS-External LSA id=10.255.255.255 originator=192.168.1.3 seqnum=0x80000002 
Does RX show anything odd in its logs?
 
dog
Member Candidate
Member Candidate
Topic Author
Posts: 186
Joined: Wed Aug 12, 2009 3:37 pm
Location: Germany

Re: OSPF - I'm too stupid

Sat Feb 27, 2010 2:48 am

01:43:27 route,ospf,debug SEND: Hello 10.0.0.2 -> 224.0.0.5 on ether2-lan 
01:43:29 route,ospf,debug RECV: Hello <- 10.0.0.1 on ether2-lan (10.0.0.2) 
01:43:29 route,ospf,debug   received options: E 
01:43:30 route,ospf,debug RECV: Link State Update <- 10.0.0.1 on ether2-lan (10.0.0.2) 
01:43:30 route,ospf,debug LSA Update received: Installing and flooding it 
01:43:30 route,ospf,debug     header=Router LSA id=192.168.0.1 originator=192.168.0.1 seqnum=0x8000001d 
01:43:30 route,ospf,debug Installing an LSA 
01:43:30 route,ospf,debug     lsa=Router LSA id=192.168.0.1 originator=192.168.0.1 seqnum=0x8000001d 
01:43:30 route,ospf,debug     old=Router LSA id=192.168.0.1 originator=192.168.0.1 seqnum=0x8000001c 
01:43:30 route,ospf,debug Flooding an LSA 
01:43:30 route,ospf,debug     lsa=Router LSA id=192.168.0.1 originator=192.168.0.1 seqnum=0x8000001d 
01:43:30 route,ospf,debug     area=backbone 
01:43:30 route,ospf,debug Deleting an LSA 
01:43:30 route,ospf,debug     lsa=Router LSA id=192.168.0.1 originator=192.168.0.1 seqnum=0x8000001c 
01:43:30 route,ospf,debug LSA Update received: Installing and flooding it 
01:43:30 route,ospf,debug     header=AS-External LSA id=192.168.0.0 originator=192.168.0.1 seqnum=0x80000001 
01:43:30 route,ospf,debug Installing an LSA 
01:43:30 route,ospf,debug     lsa=AS-External LSA id=192.168.0.0 originator=192.168.0.1 seqnum=0x80000001 
01:43:30 route,ospf,debug     old=AS-External LSA id=192.168.0.0 originator=192.168.0.1 seqnum=0x80000001 
01:43:30 route,ospf,debug Deleting an LSA 
01:43:30 route,ospf,debug     lsa=AS-External LSA id=192.168.0.0 originator=192.168.0.1 seqnum=0x80000001 
01:43:31 route,ospf,debug Deleting an LSA 
01:43:31 route,ospf,debug     lsa=AS-External LSA id=192.168.0.0 originator=192.168.0.1 seqnum=0x80000001 
01:43:31 route,ospf,debug SEND: Link State Acknowledgement 10.0.0.2 -> 224.0.0.5 on ether2-lan 
01:43:32 route,ospf,debug Recalculating all OSPFv2 intra-area routes 
01:43:32 route,ospf,debug Recalculating all inter-area routes 
01:43:32 route,ospf,debug     summary-area=backbone 
01:43:32 route,ospf,debug Recalculating AS-external routes
10.0.0.2 = RX

I took a close look and one route actually does vanish when I enable the filter: 192.168.0.0/24 which is the blackhole route on R1

Give me a hand? :)
 
awsmith
newbie
Posts: 45
Joined: Wed May 31, 2006 8:18 am

Re: OSPF - I'm too stupid

Tue Mar 02, 2010 3:32 am

I believe the reason that you cannot get the /30s to go away is (I think) that the OSPF filters are just for redistribution. As you are running OSPF on the ethers with the 10.x.x.x/30s, those aren't redistributed routes, they are native OSPF routes.

I don't think it is possible, nor desirable to actually remove LSA's used by OSPF for building the database from what is announced.

Why are you trying to prevent those /30s from being propagated when they are part of the network that OSPF needs to be aware of for generating the topology map?
 
User avatar
DeVerm
just joined
Posts: 24
Joined: Thu Feb 11, 2010 2:49 am
Location: Panama
Contact:

Re: OSPF - I'm too stupid

Wed Mar 03, 2010 3:45 pm

You can't filter out native routes (used on interfaces) because these are used as next-hop addresses in the routing table. It would break routing.

cheers,
Nick.
 
dog
Member Candidate
Member Candidate
Topic Author
Posts: 186
Joined: Wed Aug 12, 2009 3:37 pm
Location: Germany

Re: OSPF - I'm too stupid

Wed Mar 03, 2010 7:07 pm

Why should it?
I just want the routing table via OSPF to look the same as it does currently via static routes.
RX in my opinion does not need to know anything about the transfer network between R1 and R2.
It only needs to know it can reach 192.168.1.1/24 over R1.
 
awsmith
newbie
Posts: 45
Joined: Wed May 31, 2006 8:18 am

Re: OSPF - I'm too stupid

Thu Mar 04, 2010 6:33 am

If that is what you want, you don't actually want OSPF end-to-end on this network.

OSPF uses the database to build a topology of the network, which includes the sort of details you are wanting hidden. You can't expect it to just say that a certain prefix is "over in that direction" because that is not how it operates. Each router in an area is aware of the whole topology of the rest of the area.

An OSPF-speaking network is not the same as a statically routed one that just gets it's routes distributed dynamically.

Is there a specific need for those routes to be hidden, or do you just think they are unnecessary?
 
dog
Member Candidate
Member Candidate
Topic Author
Posts: 186
Joined: Wed Aug 12, 2009 3:37 pm
Location: Germany

Re: OSPF - I'm too stupid

Thu Mar 04, 2010 6:44 pm

Is there a specific need for those routes to be hidden, or do you just think they are unnecessary?
Yeah I see them mostly as clutter which makes reading the routing tables more difficult.
Also I noticed a strange behavior where the router would no longer use it's global ip (set in pref-src) but a transfer ip (probably because OSPF split the /24 on which I set the option to two /25s).
Is there a way to force all output-traffic by a router from a certain ip?

You are right in that OSPF might not be what I want, but is there something in ROS that does what I want? :)
 
HermanK
just joined
Posts: 6
Joined: Tue Mar 02, 2010 8:05 pm

Re: OSPF - I'm too stupid

Mon Mar 08, 2010 9:17 am

I need some help with OSPF, i have all the ip's but i am realy new to this.
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6263
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: OSPF - I'm too stupid

Mon Mar 08, 2010 1:22 pm

I need some help with OSPF, i have all the ip's but i am realy new to this.
first things first - you are familiar with ip address and static routing, if not, i would recommend to read up on these topics first, and then go for OSPF.

good place to read:
http://wiki.mikrotik.com/wiki/Category:Manual

there is alphabetical order, just look up topics. You should be ok, as basic OSPF quite simple.
 
dog
Member Candidate
Member Candidate
Topic Author
Posts: 186
Joined: Wed Aug 12, 2009 3:37 pm
Location: Germany

Re: OSPF - I'm too stupid

Tue Mar 16, 2010 11:04 pm

*bump*
 
gregsowell
Member Candidate
Member Candidate
Posts: 128
Joined: Tue Aug 28, 2007 1:24 am
Contact:

Re: OSPF - I'm too stupid

Sat Apr 03, 2010 9:52 pm

Ospf is incapable of filtering within an area. You can only filter at an abr(area border router) or the border between two areas. Ospf builds a link state database that is identicale for all routers in the same area. The router uses this db to build the route table. This is why you can't filter within an area. I've got a two hour training video on mtk routing over at http://gregsowell.com/?p=1611 if you guys are interested. It also includes slides :)
 
dog
Member Candidate
Member Candidate
Topic Author
Posts: 186
Joined: Wed Aug 12, 2009 3:37 pm
Location: Germany

Re: OSPF - I'm too stupid

Sun Apr 04, 2010 3:07 am

Hey greg,

yeah, the question now is: If OSPF can't do what I want - is there another way? :)
 
awsmith
newbie
Posts: 45
Joined: Wed May 31, 2006 8:18 am

Re: OSPF - I'm too stupid

Mon Apr 05, 2010 2:08 am

I'd say that you want a distance-vector (it's over that way) protocol with filtering. Try RIPv2, and at the edges, only allow the announcements you want through. It isn't nearly as capable nor as efficient as OSPF, but if your network is simple and you aren't worried about failing over to redundant paths and just want routes to show up automatically, that is the way to go.

The downside is that, since you want to filter out certain advertisements, you need to explicitly allow certain network announcements, in which case you are still typing in each network on each edge router (as a filter instead of as a static route), negating a lot of the benefits of a dynamic routing protocol, or, you need to explicitly deny your backbone network announcements, and update all your edge routers whenever you add blocks to your backbone.

This isn't going to be as scalable as other options, but, it'll do what you want done that OSPF isn't acceptable for.
 
atis
just joined
Posts: 17
Joined: Mon Sep 19, 2005 10:28 am

Re: OSPF - I'm too stupid

Tue Apr 06, 2010 11:13 am

Multi-area OSPF is a distance-vector protocol too. :)
As gregsowell said, you can filter in ABR routers, using ranges (/routing ospf area range).
External routes also can be filtered out, at their point of injection in the OSPF network.
 
dog
Member Candidate
Member Candidate
Topic Author
Posts: 186
Joined: Wed Aug 12, 2009 3:37 pm
Location: Germany

Re: OSPF - I'm too stupid

Sun Apr 18, 2010 5:06 pm

OK, I played around a bit with areas and area ranges:
areas.jpg
The problem I have now is that all area routes have the same distance i.e. at R1 both area4 and area3 are at 110.
As I understand it with this setup two routes to area4
* R1->R2->R3->R4->R5->area4
* R1->R2->Rx->area4
both would be treated equally attractive?
You do not have the required permissions to view the files attached to this post.
 
awsmith
newbie
Posts: 45
Joined: Wed May 31, 2006 8:18 am

Re: OSPF - I'm too stupid

Tue Apr 20, 2010 6:37 am

The problem I have now is that all area routes have the same distance i.e. at R1 both area4 and area3 are at 110.
As I understand it with this setup two routes to area4
* R1->R2->R3->R4->R5->area4
* R1->R2->Rx->area4
both would be treated equally attractive?
No, the "distance", or "administrative distance" is used for differentiating between routes from different methods, ie ... connected vs static vs RIP vs OSPF vs BGP. As the distance is the same (as those two routes would both be OSPF originated, and have identical distances of 110), you then move on to route type (which will both be inter-area), and then cost, which could be different, based on the topology and interface costs, and would then be the determining factor.

In fact, as long as the cost is different, you'd only have the lowest cost candidate for each prefix installed as a route, and visible in IP->Routes, and would only see the other candidate by looking at the LSAs in your OSPF database.
 
couresportivo
newbie
Posts: 42
Joined: Thu Mar 26, 2009 11:30 am

Re: OSPF - I'm too stupid

Sun Apr 25, 2010 10:41 am

I would like to rejig my poorly designed network to one running ospf, my network has grown and I will soon be able to provide a circular route back to my NOC. I am assuming that ospf will give me the resilience I need. When the circular route is in place I will have 12 backbone routers across the wlan.

My desire will be to end up with a network not too disimilar from the network example in Greg's website.

I presume this can be done live, by adding for example bridge 10 and all the interfaces as shown in the example. When complete just remove the original network setup?

thanks

Who is online

Users browsing this forum: benw and 5 guests