Got it

Ospf filter-policy route

936 0 0 0 0

Issue Description

We have the following requirement:

To filter OSPF routes from placing them into routing table,is needed to indicate not only the prefix, but also a neighbor who is sending an LSA.  It’s asking if is any possibility to attach extended ACL?

  1.1.1.0/24 OSPF   10   1          D   10.2.2.2        Serial1/0/0

                 OSPF    10  1           D  10.1.1.1       GigabitEthernet0/0/1


It have two routes in the routing table and it’s needed to filter only one of them


Things to check:

1) check the documentation to see if there is any filter policy for ospf filtering

2)check firmware version compatibility

3) test the solution founded in our lab


We found that it can run the if-match acl command to set a matching rule based on the ACL to match IPv4 prefixes. The if-match acl command can be used only after the route-policy command is used.

For a named ACL, when the rule command is used to configure a filtering rule, the filtering rule is effective only with the source address range that is specified by the source parameter
and with the time period that is specified by the time-range parameter.

Filter-policy ACLs can be used only in the basic type, and not advanced.

In order to filter the next hop, you should use the ip next-hop command from route-policy view.

A routing policy is used to filter routes and set route attributes for the routes that match the routing policy. A routing policy consists of multiple nodes. One node can be configured with
multiple if-match clauses.


transparent.gif Root Cause

So, we have    

#route-policy policy1 deny node 10

and 
 
#route-policy policy1 permit node 20


The first one will deny the next-hop and the network address after them have passed the ACL checking and the second one will permit any others. . Besides if match ip next –hop, you can filter also the network.


 Solution

You should create 2 ACLs :   

acl number 2000 

# rule 5 permit source 2.2.2.0 0.0.0.255

acl number 2001 

# rule 5 permit source 10.3.3.3  ( the wildcard mask should be 0 for matching the exact address)  


Create a route-policy with a deny node where you will input the if-match clauses with both acl’s. After the both acl will match , the route-policy will deny the node 10.


[HW] route-policy policy1 deny node 10

[HW-route-policy]if-match acl 2000

[HW-route-policy] if-match ip next-hop acl 2001


Create a route-policy with a permit node 20 without any if-match . The route policy will permit any other , except the node 10.

[HW]route-policy policy1 permit node 20

 

 Also,you should input the filter-policy in ospf .

[HW] ospf 1

[HW-ospf1] filter-policy route-policy policy1 import

     

After all of this are made the 10.1.1.1 route should be alone in the routing table



  • x
  • convention:

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.
Information Protection Guide
Thanks for using Huawei Enterprise Support Community! We will help you learn how we collect, use, store and share your personal information and the rights you have in accordance with Privacy Policy and User Agreement.