Hi

I am trying to do some ospf filtering of routes when then move from one area to another.

my area 0 is my backbone, also my WAN (10.31.19.0/24), I have 2 routerOS (r1 & r2) boxes here at dc2 and at the office I have 2 cisco switches doing ospf/routing (c1 & c2) and at the office I have another 2 routerOS (r3 & r4) boxes which BGP peer with a premium service provider.

So r3 & r4 are cross peered with 2 routers from the provider and I take the BGP peer info and redistribute into OSPF. the area in the office is 10.172.0.0 and setup as nssa !

all the the routers make it back to c1 & c2, these cisco's are the bridge between area 10.172.0.0 to 0.0.0.0, but I can't find any way to block any network that is not 10.172.0.0/16. all of the routers make it through to r1 & r2.

How can I block non 10.172.0.0/24 networks from entering r1 & r2 ?

Thanks

I'm not quite sure if my situation is the same as yours , but I hide/deny certain routes from propagating in my network via Route Filters.If you google Route Filters Mikrotik you should find some good examples.

http://wiki.mikrotik.com/wiki/Manual:Ro ... s#Examples
http://forum.mikrotik.com/viewtopic.php?f=2&t=29406

I'm not quite sure if my situation is the same as yours , but I hide/deny certain routes from propagating in my network via Route Filters.If you google Route Filters Mikrotik you should find some good examples.

http://wiki.mikrotik.com/wiki/Manual:Ro ... s#Examples
http://forum.mikrotik.com/viewtopic.php?f=2&t=29406

Thanks I looked at this before, problem for me is the routeros box is not the ABR, but the ASBR and its at the ABR that I want to do the filtering. But I might have to replace the cisco's with routeros to make it work ....

Thought I would come here and see if any one has seen this. Its just been along time since I did OSPF..
A

Hi Alex , it's been a while since I've worked with Catalysts' but couldn't you use the route-map function on them to do this ?

thanks I will have a google !

You can use routing filters to drop routes. But note that only routes advertised as external can be filtered with filters.
If you have multi area network then area ranges can be used to aggregate routes.

You can use routing filters to drop routes. But note that only routes advertised as external can be filtered with filters.
If you have multi area network then area ranges can be used to aggregate routes.

I am using multi areas but the /route ospf area range (used to summerize routes) only works on ABR. The router connected to the backbone. If I am on the other end of the area2 for example. The route summary dont work. How can I achieve this goal?

Dallas

In OSPF, you can only summarize at the ABR or ASBR. This is by design as all routers in an Area should have the same Link State DB.

If I remember right, you are working on implementing MPLS for an ISP....just as an FYI, most large Carrier MPLS networks use OSPF (or ISIS) only to advertise transit subnets and loopbacks. Then BGP is used to advertise subnets that carry traffic. The main reason for this is the severe limitation OSPF has with respect to routing policy - BGP can filter any route in or out for the most part depending on what your needs are. You may be able to get by for a while by tuning OSPF, but eventually you'll hit a wall and need the flexibility of BGP to solve some of the more complex problems you will be faced with as an ISP. You certainly don't have to go this way, just sharing some of what we have experienced in MPLS design and operation.

Here is a MUM presentation we did on building an OSPF/BGP provider core in 2013:

http://mum.mikrotik.com/presentations/US13/kevin.pdf

Having said that, you could decide to use OSPF just on the PE/CE segments if you want to but we tend to use BGP when designing a Service Provider network. Here is an overview

https://learningnetwork.cisco.com/docs/DOC-10782

How does this apply then in the following situation:

[ABR RTR1 ether2] ----VLAN2---- [ether2 ABR RTR2]
________________----VLAN3----_________________

VLAN2 = Area2
VLAN3 = Area3

Both routers terminate PPP links that are summarized, the cross link is for redundancy, but you don't want Area2 networks advertised over Area3 VLAN and vice-versa. I've been trying with filters but I'm not sure I'm doing it right...

From what I learned you cant /router filter a summerized route. You can only filter external routes.

technically they aren't summarized by default, as they are PPP tunnel terminating on each ABR, so I could enter them in individually, it's just they are summarize-able and that was how I had attempted to filter them...

If you can make them external routes then you will be able to use them in the routing filter.

Well the PPP interfaces create dynamic statics once they connect and they are all redistributed into each OSPF area as ext type 1.

So I should be able to filter them, but how to set up the filter based on the above is my question...

I can try to help you.

For networks for /24 and smaller do
/routing filter
add action=discard chain=ospf-out prefix=10.xx.xx.0/24 prefix-length=24-32

For /32 networks only
/routing filter
add action=discard chain=ospf-out prefix=10.xx.xx.1/32 prefix-length=32

Look in your /routing ospf lsa pr to see what networks you want to block and what state ospf sees them as.

dallas

If ospf-in and opsf-out are on both areas, how does it distinguish between the two? I want the networks to be advertised on their own Area VLANs, but not across each others... ?

If ospf-in and opsf-out are on both areas, how does it distinguish between the two? I want the networks to be advertised on their own Area VLANs, but not across each others... ?

I dont have an answer for that. Maybe I need to know more about your network. Maybe take screenshot of what you got? I dont use vlans in my network. I am migrating to the cool mpls setup.

Dallas

It's literally as I drew above. 2 x CCRs directly connected with 2 VLANs going over the same link, but each VLAN is in a different network. Right now the routing tables sees the redistributed routes for both Areas across both VLANs, but I only want to advertise the neighbour routes for each Area on it's own VLAN as they are different networks.

I dont know all your needs but I can try to help. Go to your /rout ospf routes. Find those vlan routes. For the state. How are they labeled. If they are not external routes. You can filter them.

You can however dont use redistrubute-connected so ospf dont see it and maybe you could goto /rout ospf netw and specify the networks you want in their. Dont specify one of the vlans in their. As kind of an experiment.

Dallas