• February 09, 2012, 01:33:45 PM
Welcome, Guest. Please login or register.
Did you miss your activation email?
« previous next »
Pages: [1]

Author Topic: Route Policy & Ospf in 8600  (Read 800 times)

0 Members and 1 Guest are viewing this topic.

Offline steven

  • Rookie
  • **
  • Posts: 3
Route Policy & Ospf in 8600
« on: August 15, 2010, 08:37:21 PM »
Hi,

I'm new in this forum, but i like this forum as well as the blog. Really appreciate all the contributions especially from Michael that help me to learn a lots. I hope i can contribute in the future too.

Last week, I'm trying to create a route policy in 8600(Core#A) to filter some of the OSPF routes learned from the neighbour router(Core#B). However, the route policy & filter seems not working, i still can see the route(20.20.20.0) that i've filter in my routeing table. I'm not sure whether i have miss any important steps. I coudn't find any clue else where.

So I hope somebody can share your experience in how to configure Route Policy with OSPF accept filter successfully. Thanks in advance.

Below are partial configuration,
Core A:
show ip route info
============================================================================
                        IP Route - GlobalRouter
============================================================================
                                              NH         INTER
DST              MASK            NEXT         VRF   COST FACE  PROT AGE TYPE PRF
--------------------------------------------------------------------------------
20.20.20.0     255.255.255.0   192.168.1.6    Glob~ 20   100   OSPF 0   IB   20
172.16.0.1     255.255.255.255 172.16.0.1      -    1    0     LOC  0   DB   0
172.16.1.0     255.255.255.0   172.16.1.1      -    1    2     LOC  0   DB   0
172.16.2.0     255.255.255.0   192.168.1.6    Glob~ 20   100   OSPF 0   IB   20
172.16.11.0    255.255.255.0   172.16.11.1     -    1    10    LOC  0   DB   0
172.116.116.0  255.255.255.0   172.116.116.1   -    1    116   LOC  0   DB   0
172.216.216.0  255.255.255.0   172.216.216.1   -    1    216   LOC  0   DB   0
192.168.1.4    255.255.255.252 192.168.1.5     -    1    100   LOC  0   DB   0

config

vlan 100 ip create 192.168.1.6/255.255.255.252 mac_offset 5
vlan 100 ip ospf enable

#
# IP PREFIX LIST CONFIGURATION - GlobalRouter
#

ip prefix-list "net 20.20.20.0" add-prefix 20.20.20.0/24  maskLenFrom 24 maskLenTo

24


#
# IP ROUTE POLICY CONFIGURATION - GlobalRouter
#

ip route-policy "reject 20.20.20.0" seq 1 create
ip route-policy "reject 20.20.20.0" seq 1 enable
ip route-policy "reject 20.20.20.0" seq 1 action deny
ip route-policy "reject 20.20.20.0" seq 1 match-network "reject network 20.20.20,net 20.20.20.0"
ip route-policy "reject 20.20.20.0" seq 1 match-protocol ospf
ip route-policy "reject 20.20.20.0" seq 1 set-metric-type type2
ip route-policy "reject 20.20.20.0" seq 1 set-nssa-pbit enable

#
# CIRCUITLESS IP INTERFACE CONFIGURATION - GlobalRouter
#

ip circuitless-ip-int  1 create 172.16.0.1/255.255.255.255

#
# OSPF CONFIGURATION - GlobalRouter
#

ip ospf admin-state enable
ip ospf enable

#
# OSPF ACCEPT CONFIGURATION - GlobalRouter
#

ip ospf accept adv-rtr 0.0.0.0 create
ip ospf accept adv-rtr 0.0.0.0 enable
ip ospf accept adv-rtr 0.0.0.0 route-policy "reject 20.20.20.0"

back
Core#A:5#

Core B:
show ip route info

============================================================================
                            IP Route - GlobalRouter
============================================================================
                                              NH         INTER
DST              MASK            NEXT         VRF   COST FACE  PROT AGE TYPE PRF
--------------------------------------------------------------------------------
20.20.20.0     255.255.255.0   20.20.20.20     -    1    22    LOC  0   DB   0
172.16.0.2     255.255.255.255 172.16.0.2      -    1    0     LOC  0   DB   0
172.16.1.0     255.255.255.0   172.16.1.2      -    1    10    LOC  0   DB   0
172.16.2.0     255.255.255.0   172.16.2.2      -    1    2     LOC  0   DB   0
172.116.116.0  255.255.255.0   172.116.116.2   -    1    116   LOC  0   DB   0
172.216.216.0  255.255.255.0   172.216.216.2   -    1    216   LOC  0   DB   0
192.168.1.4    255.255.255.252 192.168.1.6     -    1    100   LOC  0   DB   0


config
 
vlan 100 ip create 192.168.1.6/255.255.255.252 mac_offset 5
vlan 100 ip ospf enable

#
# CIRCUITLESS IP INTERFACE CONFIGURATION - GlobalRouter
#

ip circuitless-ip-int  1 create 172.16.0.2/255.255.255.255

#
# OSPF CONFIGURATION - GlobalRouter
#

ip ospf router-id 172.16.0.2
ip ospf admin-state enable
ip ospf enable

back
Core#B:5#
« Last Edit: August 16, 2010, 11:31:12 PM by steven »
Logged

Offline steven

  • Rookie
  • **
  • Posts: 3
Re: Route Policy & Ospf in 8600
« Reply #1 on: August 16, 2010, 07:25:04 PM »
any clue ?
Logged

Offline Michael McNamara

  • Administrator
  • Hero Member
  • *****
  • Posts: 2157
    • Michael McNamara
Re: Route Policy & Ospf in 8600
« Reply #2 on: August 16, 2010, 09:01:27 PM »
Hi Steven and welcome to the forums!

I've only personally built routing policies to filter BGP and/or control which BGP routes are injected into an IGP (OSPF) protocol. I've never had the need to intentionally filter a route from the OSPF routing table.

Why are you trying to filter the routes? I ask because it might be easier to just create an IP ACL filter to block/deny traffic if that is your intention. You can also create local static-routes that point to a blackhole address.

In any event I'm not sure that this line is correct;

ip route-policy "reject 20.20.20.0" seq 1 match-network "reject network 20.20.20,net 20.20.20.0"

It looks wrong to me... I noticed that you created a prefix-list "net 20.20.20.0" which is fine. Shouldn't the command above just match that single prefix-list? Why the additional of "reject network 20.20.20"? I don't see a prefix-list for that name.

I'll try and run a quick test in my lab to see if this is even possible, never tried it before myself.

Cheers!

Logged
If you've found this site useful and helpful, please help me spread the word. Link to us in your blog or homepage or Tweet about us! - Thanks!

Offline steven

  • Rookie
  • **
  • Posts: 3
Re: Route Policy & Ospf in 8600
« Reply #3 on: August 16, 2010, 11:29:38 PM »
Hi Michael,

Thanks for looking into my post.
The reason for doing this is because the customer is interested in the Route Policy functions. They want us to simulate a portion of their network and prove the OSPF filter working by hidding some network from the user without changing anything in their routing protocol.

Yes, I agreed with the good suggestions - the IP ACL is working and customer have seen the ACL function properly but not what they want. The static route may not suitable,  because their policy standard only allow to use dynamic routing protocol(OSPF in their case)

You're right the "reject network 20.20.20" can be ignored, sorry i've missed that. I forget to copy that prefix line to this post. What happen was i suspect i've wrong prefix setting, so i kept on trying with different combination, disable ospf and enable ospf again but with no luck.

I'm now at outstation for customer meeting, hope i've time to try some other setting again tonight. Will post the result if it's working.

Thanks for the support. :)
Logged
Pages: [1]
« previous next »