OSFP distributing routes just using Access Lists, not bothering with interfaces (expect the VTi ones...)

nzkiwi68

Am I doing this right? It works great, but I'm not using route maps at all.
I hope it's a valid way of doing things. It's making for a very straight forward and simpler FRR OSFP config.

It's working perfectly, only distributing kernel routes that I specify in the KERNELallowALC access list and only distributing connected networks listed in the CONNECTallowACL list, plus my OpenVPN network is distributed using an FRR static route.

I'd like anyone knowledgeable to comment if what I'm doing it valid or invalid.

If it's valid (it is working great) then it's a good guide for anyone else who might find it useful....

Thanks.

Services > FRR > OSPF > OSPF Settings
OSFP Route Distribution.PNG

OSFP Access Lists.PNG
OSFP Kernel ACL.PNG
OSFP Connect ACL.PNG

These are just the WAN1 and WAN2 VTi interfaces, WAN1 preferred
OSFP interfaces.PNG
OSFP Global settings.PNG

jimp

Looks OK to me. Depending on the number of networks you have, and how they are arranged, it might be easier setting up multiple areas and summary routes. Though if what you have is working wel for you, then it's fine.

nzkiwi68

Thanks, I'm happy that it's quite a simple setup, one set of ACL's to manage for the routes distributed.

It's working great.

Thank you and the whole pfSense team!