Example for Filtering the Routes to Be Advertised and Receiving
Network Requirement
Figure 1 shows on an OSPF network, how SwitchA receives routes from the Internet and provides these routes for the OSPF network. By configuring the routing map, users on the OSPF network are only allowed to access only the network segments 172.16.17.0/24, 172.16.18.0/24, and 172.16.19.0/24, and do not allow Area 1 to access the IP 1.1.1.1/32 of the loopback address of SwitchA.
Figure 1. Networking diagram for filtering the advertised routes
To implement the route filtering function as above, follow the configuration described below:
- Configure a routing policy on SwitchA and apply the routing policy during route advertisement. When routes are advertised, the routing policy allows SwitchA to provide routes from network segments 172.16.17.0/24, 172.16.18.0/24, and 172.16.19.0/24 for SwitchB, and allows devices on the OSPF network to access the three network segments.
- To implement that not allow Area 1 to access the IP 1.1.1.1/32 of the loopback address of SwitchA. Configure a prefix list of "deny 1.1.1.1/32" and a "prefix-any", and apply to OSPF filter in policy on SwitchB.
Procedure
Switch A
Step1 Configure the VLANs and VLAN interfaces.
admin@SwitchA# set vlans vlan-id 10 l3-interface 10 admin@SwitchA# set interface gigabit-ethernet ge-1/1/1 family ethernet-switching native-vlan-id 10 admin@SwitchA# set l3-interface vlan-interface 10 address 192.168.1.1 prefix-length 24 admin@SwitchA# set l3-interface loopback lo address 1.1.1.1 prefix-length 32
Step2 Configure basic OSPF functions.
admin@SwitchA# set protocols ospf router-id 1.1.1.1 admin@SwitchA# set protocols ospf area 0 admin@SwitchA# set protocols ospf network 192.168.1.0/24 area 0 admin@SwitchA# set protocols ospf network 1.1.1.1/32 area 0
Step3 Commit the configurations.
admin@SwitchA# commit
Switch B
Step1 Configure the VLANs and VLAN interfaces.
admin@SwitchB# set vlans vlan-id 10 l3-interface 10 admin@SwitchB# set vlans vlan-id 20 l3-interface 20 admin@SwitchB# set interface gigabit-ethernet ge-1/1/1 family ethernet-switching native-vlan-id 10 admin@SwitchB# set interface gigabit-ethernet ge-1/1/2 family ethernet-switching native-vlan-id 20 admin@SwitchB# set l3-interface vlan-interface 10 address 192.168.1.2 prefix-length 24 admin@SwitchB# set l3-interface vlan-interface 20 address 192.168.2.1 prefix-length 24
Step2 Configure basic OSPF functions.
admin@SwitchB# set protocols ospf router-id 2.2.2.2 admin@SwitchB# set protocols ospf area 0 admin@SwitchB# set protocols ospf area 1 admin@SwitchB# set protocols ospf network 192.168.1.0/24 area 0 admin@SwitchB# set protocols ospf network 192.168.2.0/24 area 1
Step3 Commit the configurations.
admin@SwitchB# commit
Switch C
Step1 Configure the VLANs and VLAN interfaces.
admin@SwitchC# set vlans vlan-id 20 l3-interface 20 admin@SwitchC# set interface gigabit-ethernet ge-1/1/1 family ethernet-switching native-vlan-id 20 admin@SwitchC# set l3-interface vlan-interface 20 address 192.168.2.1 prefix-length 24
Step2 Configure basic OSPF functions.
admin@SwitchC# set protocols ospf router-id 3.3.3.3 admin@SwitchC# set protocols ospf area 1 admin@SwitchC# set protocols ospf network 192.168.2.0/24 area 1
Step3 Commit the configurations.
admin@SwitchC# commit
Configure Static Routes on SwitchA
Configure five static routes on SwitchA and import these routes into OSPF.
admin@SwitchA# set protocols static route 172.16.16.0/24 null0 admin@SwitchA# set protocols static route 172.16.17.0/24 null0 admin@SwitchA# set protocols static route 172.16.18.0/24 null0 admin@SwitchA# set protocols static route 172.16.19.0/24 null0 admin@SwitchA# set protocols static route 172.16.20.0/24 null0 admin@SwitchA# set protocols ospf redistribute static admin@SwitchA# commit
Check the IP routing table on SwitchB. You can see that the five static routes are imported into OSPF.
admin@SwitchA# run show route ospf RIB entry for ospf ================== Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued route, r - rejected route O>* 172.16.16.0/24 [110/20] via 192.168.1.1, 10, weight 1, 00:02:01 O>* 172.16.17.0/24 [110/20] via 192.168.1.1, 10, weight 1, 00:02:01 O>* 172.16.18.0/24 [110/20] via 192.168.1.1, 10, weight 1, 00:02:01 O>* 172.16.19.0/24 [110/20] via 192.168.1.1, 10, weight 1, 00:02:01 O>* 172.16.20.0/24 [110/20] via 192.168.1.1, 10, weight 1, 00:02:01 O 192.168.1.0/24 [110/10] is directly connected, 10, weight 1, 00:36:27 O 192.168.2.0/24 [110/10] is directly connected, 20, weight 1, 00:34:56
Configure a Policy for Advertising Routes on SwitchA
Configure an IP prefix list named a2b on SwitchA.
admin@SwitchA# set routing prefix-list ipv4-family a2b seq 10 permit prefix 172.16.17.0/24 admin@SwitchA# set routing prefix-list ipv4-family a2b seq 20 permit prefix 172.16.18.0/24 admin@SwitchA# set routing prefix-list ipv4-family a2b seq 30 permit prefix 172.16.19.0/24
Configure a policy for advertising routes on SwitchA, and use the IP prefix list a2b to filter routes.
admin@SwitchA# set routing route-map a2b order 1 match ipv4-addr address prefix-list a2b admin@SwitchA# set routing route-map a2b order 1 matching-policy permit admin@SwitchA# commit
Add route-map a2b when redistribute static route to OSPF route table.
admin@SwitchA# set protocols ospf redistribute static route-map a2b admin@SwitchA# commit
Check the IP routing table on SwitchB. You can see that SwitchB receives only three routes defined in a2b.
admin@SwitchB# run show route ospf RIB entry for ospf ================== Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued route, r - rejected route O>* 172.16.17.0/24 [110/20] via 192.168.1.1, 10, weight 1, 00:02:01 O>* 172.16.18.0/24 [110/20] via 192.168.1.1, 10, weight 1, 00:02:01 O>* 172.16.19.0/24 [110/20] via 192.168.1.1, 10, weight 1, 00:02:01 O 192.168.1.0/24 [110/10] is directly connected, 10, weight 1, 00:36:27 O 192.168.2.0/24 [110/10] is directly connected, 20, weight 1, 00:34:56
Configure a Policy for Receiving Routes on SwitchB
Configure an IP prefix list named filter_in on SwitchB to deny route with prefix 1.1.1.1/32. Note that as there is a "deny all" command implicitly configured at the end of all prefix list, do not forget to configure a "permit prefix-any" command to allow other routes.
admin@SwitchB# set routing prefix-list ipv4-family filter_in seq 10 deny prefix 1.1.1.1/32 admin@SwitchB# set routing prefix-list ipv4-family filter_in seq 20 permit prefix-any
Configure a OSPF filter policy for receiving routes on SwitchB, and use the IP prefix list filter_in to filter routes.
admin@SwitchB# set protocols ospf area 1 in filter-list prefix filter_in admin@SwitchB# commit
Check the IP routing table on SwitchC. You can see that SwitchC does not receive the route 1.1.1.1/32.
admin@SwitchC# run show route ospf RIB entry for ospf ================== Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued route, r - rejected route O>* 172.16.17.0/24 [110/20] via 192.168.2.1, 20, weight 1, 00:27:16 O>* 172.16.18.0/24 [110/20] via 192.168.2.1, 20, weight 1, 00:27:16 O>* 172.16.19.0/24 [110/20] via 192.168.2.1, 20, weight 1, 00:27:16 O>* 192.168.1.0/24 [110/20] via 192.168.2.1, 20, weight 1, 00:27:17 O 192.168.2.0/24 [110/10] is directly connected, 20, weight 1, 00:28:32
Copyright © 2024 Pica8 Inc. All Rights Reserved.