Example for Filtering the Routes to Be Advertised and Receiving


Network Requirement

Figure 1 shows on an OSPF network, how SwitchA receives routes from the Internet and provides these routes for the OSPF network. By configuring the routing map, users on the OSPF network are only allowed to access only the network segments 172.16.17.0/24, 172.16.18.0/24, and 172.16.19.0/24, and do not allow Area 1 to access the IP 1.1.1.1/32 of the loopback address of SwitchA.

 Figure 1. Networking diagram for filtering the advertised routes

To implement the route filtering function as above, follow the configuration described below:

  1.  Configure a routing policy on SwitchA and apply the routing policy during route advertisement. When routes are advertised, the routing policy allows SwitchA to provide routes from network segments 172.16.17.0/24, 172.16.18.0/24, and 172.16.19.0/24 for SwitchB, and allows devices on the OSPF network to access the three network segments.
  2. To implement that not allow Area 1 to access the IP 1.1.1.1/32 of the loopback address of SwitchA. Configure a prefix list of "deny 1.1.1.1/32" and a "prefix-any", and apply to OSPF filter in policy on SwitchB.

Procedure

Switch A

Step1         Configure the VLANs and VLAN interfaces.

admin@SwitchA# set vlans vlan-id 10 l3-interface 10
admin@SwitchA# set interface gigabit-ethernet ge-1/1/1 family ethernet-switching native-vlan-id 10
admin@SwitchA# set l3-interface vlan-interface 10 address 192.168.1.1 prefix-length 24
admin@SwitchA# set l3-interface loopback lo address 1.1.1.1 prefix-length 32

Step2        Configure basic OSPF functions.

admin@SwitchA# set protocols ospf router-id 1.1.1.1
admin@SwitchA# set protocols ospf area 0
admin@SwitchA# set protocols ospf network 192.168.1.0/24 area 0
admin@SwitchA# set protocols ospf network 1.1.1.1/32 area 0

Step3         Commit the configurations.

admin@SwitchA# commit

Switch B

Step1         Configure the VLANs and VLAN interfaces.

admin@SwitchB# set vlans vlan-id 10 l3-interface 10
admin@SwitchB# set vlans vlan-id 20 l3-interface 20
admin@SwitchB# set interface gigabit-ethernet ge-1/1/1 family ethernet-switching native-vlan-id 10
admin@SwitchB# set interface gigabit-ethernet ge-1/1/2 family ethernet-switching native-vlan-id 20
admin@SwitchB# set l3-interface vlan-interface 10 address 192.168.1.2 prefix-length 24
admin@SwitchB# set l3-interface vlan-interface 20 address 192.168.2.1 prefix-length 24

Step2        Configure basic OSPF functions.

admin@SwitchB# set protocols ospf router-id 2.2.2.2
admin@SwitchB# set protocols ospf area 0
admin@SwitchB# set protocols ospf area 1
admin@SwitchB# set protocols ospf network 192.168.1.0/24 area 0
admin@SwitchB# set protocols ospf network 192.168.2.0/24 area 1

Step3         Commit the configurations.

admin@SwitchB# commit

Switch C

Step1         Configure the VLANs and VLAN interfaces.

admin@SwitchC# set vlans vlan-id 20 l3-interface 20
admin@SwitchC# set interface gigabit-ethernet ge-1/1/1 family ethernet-switching native-vlan-id 20
admin@SwitchC# set l3-interface vlan-interface 20 address 192.168.2.1 prefix-length 24

Step2        Configure basic OSPF functions.

admin@SwitchC# set protocols ospf router-id 3.3.3.3
admin@SwitchC# set protocols ospf area 1
admin@SwitchC# set protocols ospf network 192.168.2.0/24 area 1

Step3         Commit the configurations.

admin@SwitchC# commit

Configure Static Routes on SwitchA

Configure five static routes on SwitchA and import these routes into OSPF.

admin@SwitchA# set protocols static route 172.16.16.0/24 null0
admin@SwitchA# set protocols static route 172.16.17.0/24 null0
admin@SwitchA# set protocols static route 172.16.18.0/24 null0
admin@SwitchA# set protocols static route 172.16.19.0/24 null0
admin@SwitchA# set protocols static route 172.16.20.0/24 null0
admin@SwitchA# set protocols ospf redistribute static
admin@SwitchA# commit

Check the IP routing table on SwitchB. You can see that the five static routes are imported into OSPF.

admin@SwitchA# run show route ospf 
RIB entry for ospf
==================
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued route, r - rejected route

O>* 172.16.16.0/24 [110/20] via 192.168.1.1, 10, weight 1, 00:02:01
O>* 172.16.17.0/24 [110/20] via 192.168.1.1, 10, weight 1, 00:02:01
O>* 172.16.18.0/24 [110/20] via 192.168.1.1, 10, weight 1, 00:02:01
O>* 172.16.19.0/24 [110/20] via 192.168.1.1, 10, weight 1, 00:02:01
O>* 172.16.20.0/24 [110/20] via 192.168.1.1, 10, weight 1, 00:02:01
O   192.168.1.0/24 [110/10] is directly connected, 10, weight 1, 00:36:27
O   192.168.2.0/24 [110/10] is directly connected, 20, weight 1, 00:34:56

Configure a Policy for Advertising Routes on SwitchA

Configure an IP prefix list named a2b on SwitchA.

admin@SwitchA# set routing prefix-list ipv4-family a2b seq 10 permit prefix 172.16.17.0/24
admin@SwitchA# set routing prefix-list ipv4-family a2b seq 20 permit prefix 172.16.18.0/24
admin@SwitchA# set routing prefix-list ipv4-family a2b seq 30 permit prefix 172.16.19.0/24

Configure a policy for advertising routes on SwitchA, and use the IP prefix list a2b to filter routes.

admin@SwitchA# set routing route-map a2b order 1 match ipv4-addr address prefix-list a2b
admin@SwitchA# set routing route-map a2b order 1 matching-policy permit
admin@SwitchA# commit

Add route-map a2b when redistribute static route to OSPF route table.

admin@SwitchA# set protocols ospf redistribute static route-map a2b
admin@SwitchA# commit

Check the IP routing table on SwitchB. You can see that SwitchB receives only three routes defined in a2b.

admin@SwitchB# run show route ospf 
RIB entry for ospf
==================
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued route, r - rejected route

O>* 172.16.17.0/24 [110/20] via 192.168.1.1, 10, weight 1, 00:02:01
O>* 172.16.18.0/24 [110/20] via 192.168.1.1, 10, weight 1, 00:02:01
O>* 172.16.19.0/24 [110/20] via 192.168.1.1, 10, weight 1, 00:02:01
O   192.168.1.0/24 [110/10] is directly connected, 10, weight 1, 00:36:27
O   192.168.2.0/24 [110/10] is directly connected, 20, weight 1, 00:34:56

Configure a Policy for Receiving Routes on SwitchB

Configure an IP prefix list named filter_in on SwitchB to deny route with prefix 1.1.1.1/32. Note that as there is a "deny all" command implicitly configured at the end of all prefix list, do not forget to configure a "permit prefix-any" command to allow other routes.

admin@SwitchB# set routing prefix-list ipv4-family filter_in seq 10 deny prefix 1.1.1.1/32
admin@SwitchB# set routing prefix-list ipv4-family filter_in seq 20 permit prefix-any

Configure a OSPF filter policy for receiving routes on SwitchB, and use the IP prefix list filter_in to filter routes.

admin@SwitchB# set protocols ospf area 1 in filter-list prefix filter_in
admin@SwitchB# commit

Check the IP routing table on SwitchC. You can see that SwitchC does not receive the route 1.1.1.1/32.

admin@SwitchC# run show route ospf
RIB entry for ospf
==================
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued route, r - rejected route

O>* 172.16.17.0/24 [110/20] via 192.168.2.1, 20, weight 1, 00:27:16
O>* 172.16.18.0/24 [110/20] via 192.168.2.1, 20, weight 1, 00:27:16
O>* 172.16.19.0/24 [110/20] via 192.168.2.1, 20, weight 1, 00:27:16
O>* 192.168.1.0/24 [110/20] via 192.168.2.1, 20, weight 1, 00:27:17
O   192.168.2.0/24 [110/10] is directly connected, 20, weight 1, 00:28:32

Copyright © 2024 Pica8 Inc. All Rights Reserved.