Re: How to announce over OSPF only one IP address

Radek Wed, 08 Feb 2023 06:34:55 -0800

Hello Bradley,
thank you, your setup works the way I need.

I can't deal with adding the static route permanently. I have to add the static 
route by hand (route add 10.1.111.11/32 10.1.111.1) after reboot. 
Did I missed something?


[10.109.3.15] $ cat /etc/hostname.vr0
-inet
dhcp
#inet 10.109.3.15 255.255.255.0
!sleep 60
!route add 10.1.111.11/32 10.1.111.1

After reboot it looks like this:

[10.109.3.15] $ route -n show
Routing tables

Internet:
Destination        Gateway            Flags   Refs      Use   Mtu  Prio Iface
default            10.109.3.254       UGS        5       15     -     8 vr0
224/4              127.0.0.1          URS        0       59 32768     8 lo0
10.1.100/24        10.1.100.1         Cn         0        0     -     4 vr1
10.1.100.1         00:00:24:cb:4f:cd  UHLl       0        0     -     1 vr1
10.1.100.255       10.1.100.1         Hb         0        0     -     1 vr1
10.1.111/24        10.1.111.1         UCn        1        0     -     4 vr3
10.1.111.1         00:00:24:cb:4f:cf  UHLl       0        3     -     1 vr3
10.1.111.11        00:00:24:cb:4f:d0  UHLc       0        2     -     3 vr3
10.1.111.255       10.1.111.1         UHb        0        0     -     1 vr3
10.1.222/24        10.109.3.16        UG         0        0     -    32 vr0
10.109.3/24        10.109.3.15        UCn        3       40     -     4 vr0
10.109.3.10        a4:bb:6d:d6:5a:a4  UHLc       1       29     -     3 vr0
10.109.3.15        00:00:24:cb:4f:cc  UHLl       0       13     -     1 vr0
10.109.3.16        00:00:24:cd:90:10  UHLch      1       26     -     3 vr0
10.109.3.254       00:0d:b9:35:39:29  UHLch      1       31     -     3 vr0
10.109.3.255       10.109.3.15        UHb        0        0     -     1 vr0
127/8              127.0.0.1          UGRS       0        0 32768     8 lo0
127.0.0.1          127.0.0.1          UHhl       1        2 32768     1 lo0


On Tue, 7 Feb 2023 17:54:27 +1100
Bradley Latus <brad.la...@gmail.com> wrote:

> Hi all,
> 
> I have done an experiment.
> 
> If your interface is part of an area, it will be advertised always.
> 
> If you wanted to advertise only /32 this is how I got mine to work.
> Ensure your interface vr3 is not in your ospf area
> 
> Add a static route to the one you wish to advertise, it appears that unless
> a route exists on the machine you cannot redistribute a random ip.
> 
> So  route add 10.1.111.11/32 10.1.111.1
> 
> Then you can redistribute your /32
> 
> 
> 
> router-id 10.109.3.15
> redistribute 10.1.111.11/32
> 
> area 0.0.0.0 {
>   interface vr0
> }
> 
> 
> 
> On Tue, 7 Feb 2023, 02:46 Radek, <r...@int.pl> wrote:
> 
> > Hello,
> > > I’d check the databases on both sides.
> > > And flush/reload the config and fibs.
> > I reloaded and restarted OSPFd on both sides - nothing changes. Then, I
> > rebooted routers on both sides - nothing changes.
> > I still can see/ping the whole 10.1.111.0/24 subnet from the far end.
> >
> > [10.109.3.15]$ ospfctl show database router
> >
> >                 Router Link States (Area 0.0.0.0)
> >
> > LS age: 238
> > Options: -|-|-|-|-|-|E|-
> > LS Type: Router
> > Link State ID: 10.109.3.15
> > Advertising Router: 10.109.3.15
> > LS Seq Number: 0x80000016
> > Checksum: 0x6d0a
> > Length: 48
> > Flags: *|*|*|*|*|-|E|-
> > Number of Links: 2
> >
> >     Link connected to: Stub Network
> >     Link ID (Network ID): 10.1.111.0
> >     Link Data (Network Mask): 255.255.255.0
> >     Metric: 10
> >
> >     Link connected to: Transit Network
> >     Link ID (Designated Router address): 10.109.3.16
> >     Link Data (Router Interface address): 10.109.3.15
> >     Metric: 10
> >
> > LS age: 239
> > Options: -|-|-|-|-|-|E|-
> > LS Type: Router
> > Link State ID: 10.109.3.16
> > Advertising Router: 10.109.3.16
> > LS Seq Number: 0x80000016
> > Checksum: 0xb058
> > Length: 36
> > Flags: *|*|*|*|*|-|E|-
> > Number of Links: 1
> >
> >     Link connected to: Transit Network
> >     Link ID (Designated Router address): 10.109.3.16
> >     Link Data (Router Interface address): 10.109.3.16
> >     Metric: 10
> >
> >
> > [10.109.3.16]$ ospfctl show fib
> > flags: * = valid, O = OSPF, C = Connected, S = Static
> > Flags  Prio Destination          Nexthop
> > *S        8 0.0.0.0/0            10.109.3.254
> > *O       32 10.1.111.0/24        10.109.3.15
> >
> >
> > On Sun, 5 Feb 2023 22:20:07 +0100
> > Diederik Schouten <dsch...@high5.net> wrote:
> >
> > > Hello,
> > >
> > > I’d check the databases on both sides.
> > > And flush/reload the config and fibs.
> > > Then check again which link state advertisements are in the database.
> > > To make sure you now get the /32 advertised.
> > >
> > > Sent from my iPhone
> > >
> > > > On 5 Feb 2023, at 21:15, Radek <r...@int.pl> wrote:
> > > >
> > > > Hello Diederik, hello Tom,
> > > > this is a simple lab/testing configuration, that's why there is no
> > "passive" and other...
> > > > The purpose of this configuration is to allow access to certain IP
> > address and restrict access to the rest of the subnet.
> > > > I can use PF to block/pass what I need... but I'm trying make sure if
> > I can do it by announcing "not more than needed" over OSPF.
> > > >
> > > > "redistribute 10.1.111.11/32" seems to be what I need, but probally I
> > missed something, because this option doesn't work for me as expected.
> > > >
> > > > $ cat /etc/ospfd.conf
> > > > router-id 10.109.3.15
> > > > redistribute 10.1.111.11/32
> > > >
> > > > area 0.0.0.0 {
> > > >        interface vr0
> > > >        interface vr3
> > > > }
> > > >
> > > > Then, I can still see/ping other IPs in 10.1.111.0/24 from the far
> > end network.
> > > >
> > > > On the far router I can see the whole subnet instead of somthing like
> > " *O       32 10.1.111.11/24        10.109.3.15".
> > > >
> > > > $ ospfctl show fib
> > > > flags: * = valid, O = OSPF, C = Connected, S = Static
> > > > Flags  Prio Destination          Nexthop
> > > > *S        8 0.0.0.0/0            10.109.3.254
> > > > *O       32 10.1.111.0/24        10.109.3.15
> > > >
> > > > Any clues?
> > > >
> > > >> On Sat, 4 Feb 2023 23:16:57 +0000
> > > >> Tom Smyth <tom.sm...@wirelessconnect.eu> wrote:
> > > >>
> > > >> Hi Radek,
> > > >>
> > > >> it is better practice to add ospf network statements  to ospfd.conf
> > > >> (if you dont want to send / recieve ospf messages on an interface set
> > the
> > > >> interface to passive in ospfd.conf
> > > >> avoid redistribute connected
> > > >> (add the network you want to be added to your ospf network) and leave
> > the
> > > >> other network ommitted from your ospfd.conf
> > > >>
> > > >>
> > > >> I hope this helps,
> > > >>
> > > >>
> > > >>> On Sat, 4 Feb 2023 at 20:02, Radek <r...@int.pl> wrote:
> > > >>>
> > > >>> Hello,
> > > >>> is it possible to announce over OSPF only one (or a few specific) IP
> > > >>> address instead of the whole subnet?
> > > >>> If yes.. an ospfd.conf example would be appreciated.
> > > >>>
> > > >>> $ cat /etc/hostname.vr3
> > > >>> inet 10.1.111.1 255.255.255.0
> > > >>>
> > > >>> $ cat /etc/ospfd.conf
> > > >>> router-id 10.109.3.15
> > > >>> redistribute connected
> > > >>>
> > > >>> area 0.0.0.0 {
> > > >>>        interface vr0
> > > >>>        interface vr3
> > > >>> }
> > > >>>
> > > >>> Thanks,
> > > >>> Radek
> > > >>>
> > > >>>
> > > >>
> > > >> --
> > > >> Kindest regards,
> > > >> Tom Smyth.
> > > >
> > > >
> > > > Radek
> > > >
> > >
> >
> >
> > Radek
> >
> >


Radek

Re: How to announce over OSPF only one IP address

Reply via email to