Quite honestly, if you don't trust them then don't let them inject routes into OSPF. OSPF is an *Interior* routing protocol, which means all participants are under the same administrative control.
BGP is a far better choice for this. On 2017 Feb 01 (Wed) at 09:47:31 +0800 (+0800), Steve Leung wrote: :Yea I know this is not standard, but for some reason I need to figure out :how to handle this scenario, you know sometimes we do not have control of :the whole network :( : :Best regards, :Steve : : :2017-01-27 21:52 GMT+08:00 Eelco Nieuwstad <[email protected]>: : :> Hi, :> :> this would brake OSPF completely. You can only filter routes between :> area's and not within. This is fundamental for link state protocols like :> OSPF :> :> :> Eelco Nieuwstad :> :> On 27-01-17 08:53, Steve Leung wrote: :> :> Hi, :> :> Using OSPF, when receiving some routes from a network interface, by :> default all routes will be re-advertised to other interfaces within the :> same area without applying the filter rules. :> :> Say in the below example. :> :> === :> protocol ospf myospf { :> table t_ospf; :> import filter ifilter; :> export filter ofilter; :> area 0 { :> interface "eth*" { :> hello 10; retransmit 2; wait 10; dead 300; cost 10; :> }; :> }; :> } :> === :> :> Routes received from "eth1" will be _forwarded_ to "eth2" and bypassed all :> the filters. Is it possible to configure bird.conf so only some of the :> routes will be re-advertised? (aka apply filters to interface within the :> same OSPF area) :> :> Creating multiple ospf instance and treat the routes as "external routes" :> (so filter will apply) is not a good idea for me because the environment is :> quite dynamic, may even have hundreds of dynamic virtual interface, and I :> hope I do not need to edit the config file all the time. :> :> Thank you so much for your time. :> :> :> Best regards, :> Steve :> :> :> :> -- An effective way to deal with predators is to taste terrible.
