Problem and solution when an OSPF route filtering policy does not take effect

24

The reason that an OSPF route filtering policy does not take effect is as follows:
For example:
User ---------- MA5200F ---------- Firewall---------- NE80 ---------- Internet
Open Shortest Path First (OSPF) is run on three devices, and the firewall acts as the NAT device. The NE80E cannot learn routes to private network segments. Firewall configurations are as follows:
acl number 2999
rule 5 deny source 10.0.0.0 0.255.255.255 /*Filtered private network segments*/
rule 10 deny source 192.168.0.0 0.0.255.255 /*Filtered private network segments*/
rule 15 permit
ospf 1
filter-policy export 2999
area 0.0.0.0
network 218.206.107.220 0.0.0.3
The routing table of the NE80 still has routes to private network segments.
[JSNJ-MB-CMNET-RT01-HJL_NE80]display ip routing-table 10.33.16.192
Destination/Mask Protocol Pre Cost Nexthop Interface
10.33.16.192/26 O_ASE 50 1 218.206.97.234 Ethernet5/0/13
0.0.0.0/0 STATIC 40 0 218.206.97.109 GigabitEthernet1/0/
The route policy in the OSPF view of the firewall that uses the VRP3.30 platform takes effect only for local routes, not the LSA transmitted by the firewall to the NE80.
In conclusion, because OSPF is a dynamic routing protocol based on link status and routing information is expressed through link status, OSPF cannot filter advertised or received LSAs. The filter-policy import command filters the routes calculated by OSPF. Only routes that match the filtering conditions are added to the routing table. The filter-policy export command enables a device to filter routes advertised by the device. Only routes that match the filtering conditions can be advertised.

Other related questions:
Problem and solution when the round robin load balancing policy of NMP does not take effect in HP_UX
You can perform the following operation when round robin load balancing policy of NMP does not take effect in HP_UX as follows: 1. Issue Description What can I do when the round robin load balancing policy of NMP does not take effect in HP_UX? Situation: HP 11i v3 is delivered with the Native Multi-Path multipathing software and the default load balancing policy round robin. Multiple paths from the hosts to controller A or controller B on the storage array do not take effect, and you can only deliver I/Os through one path. 2. Solution a. Enter scsimgr get_attr -a leg_mpath_enable on the host to check whether the current system has enabled NMP multipathing software. b. Enter scsimgr get_attr -D /dev/rdisk/diskXX -a leg_mpath_enable to check whether LUN has enabled the NMP software. c. Enter scsimgr get_attr -D /dev/rdisk/diskXX to check whether LUN has a default load balancing policy round robin. d. Enter scsimgr lun_map -D /dev/rdisk/diskxx to check which LUN has active status of all paths. e. Enter scsimgr get_stat -H Hardware path to check the I/O statistics of each path to the LUN. If the I/Os of one path is small, nearly no I/O is delivered on this path. f. Above all, although the NMP multipath configuration does not cause any failure, there is a problem which is referred on released notes. You solve the problem by setting alua_enabled of a LUN to false. However, based on lab tests, this method can deliver I/Os through multiple paths but the performance of this method degrades compared to I/Os delivered through one path. You are advised to use one path not to use multiple paths.

Problem and solution when the firewall system upgrade does not take effect
During firewall upgrade, you need to replace system software. After you set the system file for the next startup, you must restart the device for the configuration to take effect.

Does the traffic-policy or traffic-filter command first take effect
The traffic-filter command is supported from V200R002C00. When the traffic-policy and traffic-filter commands are simultaneously executed, the traffic-filter command takes effect first.

How to configure OSPF to filter routes based on a routing policy
OSPF can use routing policies to filter routes. By default, OSPF does not filter routes. To configure OSPF to filter the routes to be received, run the filter-policy import command. To configure OSPF to filter the routes to be sent, run the filter-policy export command. You can use one of the following routing policies: 1. Basic ACL 2. Advanced ACL 3. IP prefix list 4. Route-policy

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top