I think you could use areas for this purpose or mark the router as stub - as far as I understand it should do exactly what you want.
On Tue, Oct 10, 2017 at 12:41 PM, Войнович Андрей Александрович < [email protected]> wrote: > Yes, absolutely right, I want linux box to be available when any but one > of its two Phy intarfeces would fail, but not route any traffic over > himself. > > > > ------------------------------------------ > > Служба поддержки серверов > > Группа сетевого администрирования > > ДПП.УТП.СПС > > АО «ПФ «СКБ-Контур», > > [email protected] > > Тел. +7 (343) 344-11-50 доб. 75352 > > > > *From:* [email protected] [mailto:[email protected]] *On Behalf > Of *Alexander Zubkov > *Sent:* Tuesday, October 10, 2017 3:36 PM > > *To:* Войнович Андрей Александрович <[email protected]> > *Cc:* [email protected] > *Subject:* Re: OSPF routes not filtered > > > > And what is you big idea? You do not want you bird router to route traffic > between external R1 and external R2 for examle? > > > > On Tue, Oct 10, 2017 at 12:30 PM, Alexander Zubkov <[email protected]> > wrote: > > Hi, > > Yes, that should work. But it will be separate OSPF clouds if this matter. > > > > On Tue, Oct 10, 2017 at 12:17 PM, Войнович Андрей Александрович < > [email protected]> wrote: > > Hi, > > > > I thought about it too, so one option is to split two internal legs into > two different “protocols” inside BIRD cfg and filters will work as expected? > > > > ------------------------------------------ > > Служба поддержки серверов > > Группа сетевого администрирования > > ДПП.УТП.СПС > > АО «ПФ «СКБ-Контур», > > [email protected] > > Тел. +7 (343) 344-11-50 доб. 75352 > > > > *From:* [email protected] [mailto:[email protected]] *On Behalf > Of *Alexander Zubkov > *Sent:* Tuesday, October 10, 2017 2:59 PM > *To:* Войнович Андрей Александрович <[email protected]> > *Cc:* [email protected] > *Subject:* Re: OSPF routes not filtered > > > > Hi. > > If I understand correctly, import/export filters are not applied to OSPF > internals - LSDB announces, etc. They are applied to prefixes imported into > OSPF protocol from router and exported from it to its table. > > > > On Tue, Oct 10, 2017 at 10:36 AM, Войнович Андрей Александрович < > [email protected]> wrote: > > > > Hi all! > > > > I am facing strange problem with OSPF – my router has 2 Phy links and 4 > VLAN links to two different routers: > > Phy 1 Vlan 1400 internal link to R1 > > Phy 1 Vlan 1401 external link to R1 > > Phy 2 Vlan 1402 internal link to R2 > > Phy 2 Vlan 1403 external link to R2 > > R1 and R2 has direct connection and are OSPF neighbors in Area 0. > > > > So I am trying to achieve ECMP load balancing and fault tolerance. > > > > Linux box addresses: > > > > lo > > inet 99.99.99.99 > > enp1s0f0.1402 > > inet 10.16.0.10/30 brd 10.16.0.11 > > enp1s0f0.1403 > > inet 10.16.0.14/30 brd 10.16.0.15 > > enp1s0f1.1400 > > inet 10.16.0.2/30 brd 10.16.0.3 > > enp1s0f1.1401 > > inet 10.16.0.6/30 brd 10.16.0.7 > > > > Linux box BIRD cfg: > > > > > > router id 99.99.99.99; > > > > filter deny_default { > > if net = 0.0.0.0/0 then reject; > > else accept; > > } > > > > filter permit_white { > > if net ~ [ > > 99.99.99.99/32 > > ] > > then accept; > > else reject; > > } > > > > filter change_src { > > if net = 0.0.0.0/0 > > then { > > krt_prefsrc = 99.99.99.99; > > accept; > > } > > else accept; > > } > > > > filter deny_all { > > reject; > > } > > > > protocol kernel { > > scan time 20; > > import all; > > export filter change_src; > > } > > > > protocol device { > > scan time 10; # Scan interfaces every 10 seconds > > } > > > > protocol direct { > > interface "enp1s0f1.1400, enp1s0f0.1402, enp1s0f1.1401, > enp1s0f0.1403", "lo"; > > } > > > > protocol ospf Internal { > > rfc1583compat yes; > > import filter deny_default; > > export filter deny_all; > > area 0.0.0.20 { > > interface "enp1s0f1.1400" { > > type pointopoint; > > }; > > interface "enp1s0f0.1402" { > > type pointopoint; > > }; > > }; > > } > > > > protocol ospf External { > > rfc1583compat yes; > > import all; > > export filter permit_white; > > area 100.0.0.0 { > > interface "enp1s0f1.1401" { > > type pointopoint; > > }; > > interface "enp1s0f0.1403" { > > type pointopoint; > > }; > > }; > > } > > > > When I enable only one Phy link, everything works fine and as expected: > > > > R1# sh ip ro next-hop 10.16.0.2 > > 10.16.0.2/32, ubest/mbest: 1/0, attached > > *via 10.16.0.2, Vlan1400, [250/0], 01:09:29, am > > 10.16.0.8/30, ubest/mbest: 1/0 > > *via 10.16.0.2, Vlan1400, [110/1010], 00:10:43, ospf-10, intra > > > > R2# sh ip ro next-hop 10.16.0.10 > > <nothing, as expected, link disabled> > > > > But when I enable second Phy link, I see following: > > > > R1# sh ip ro next-hop 10.16.0.2 > > 0.0.0.0/0, ubest/mbest: 1/0 > > via 10.16.0.2, Vlan1400, [110/1], 0.000000, ospf-10, type-2 > > 10.1.1.44/30, ubest/mbest: 1/0 > > *via 10.16.0.2, Vlan1400, [110/2010], 0.000000, ospf-10, intra > > 10.1.1.224/30, ubest/mbest: 1/0 > > *via 10.16.0.2, Vlan1400, [110/2010], 0.000000, ospf-10, intra > > 10.16.0.2/32, ubest/mbest: 1/0, attached > > *via 10.16.0.2, Vlan1400, [250/0], 01:09:31, am > > 10.16.0.8/30, ubest/mbest: 1/0 > > *via 10.16.0.2, Vlan1400, [110/1010], 00:10:45, ospf-10, intra > > > > R2# sh ip ro next-hop 10.16.0.10 > > > > 0.0.0.0/0, ubest/mbest: 1/0 > > via 10.16.0.10, Vlan1402, [110/1], 00:00:05, ospf-10, type-2 > > 10.1.1.60/30, ubest/mbest: 1/0 > > *via 10.16.0.10, Vlan1402, [110/2010], 00:00:05, ospf-10, intra > > 10.1.1.216/30, ubest/mbest: 1/0 > > *via 10.16.0.10, Vlan1402, [110/2010], 00:00:05, ospf-10, intra > > 10.16.0.0/30, ubest/mbest: 1/0 > > *via 10.16.0.10, Vlan1402, [110/1010], 00:00:05, ospf-10, intra > > 10.16.0.10/32, ubest/mbest: 1/0, attached > > *via 10.16.0.10, Vlan1402, [250/0], 00:00:13, am > > > > > > So on linux box intafaces vlan1400 and vlan 1402 are in the same area and > it is expected that they will have idaentical lsdbs and will send all the > LSA they receive via all interfaces in the same area, so saying simply - > whey will interchange routes. But in BIRD cfg I apply filters to avoid > doing it, however routes are not filtered, and even default route received > > Am I missing something? > > Thanks. > > > > > > > > > > >
