4. Any way to filter OSPFv3 routes through GUI in 2.4.4-p3?

Any way to filter OSPFv3 routes through GUI in 2.4.4-p3?

  • H

    Hello,
    I noticed that in the GUI there are extensive options for route filtering of redistributed routes for OSPFv2 (IPv4) but I see nothing under the OSPFv3 (IPv6) configuration tab. Is this unsupported by FRR version 6.X or just not implemented in the package? Can I filter on a route-map via the raw-config (which is non-ideal I guess but if it is the only way....)

    Thanks!

    0
  • Rebel Alliance Developer Netgate

    I can't remember if I didn't implement that yet because it didn't work or because I just hadn't got around to it yet.

    Give it a try in the raw config and see what happens. It may work, it may not. OSPFv3 support in FRR can be a bit spotty. For example it only supports a single area.

    0
  • H

    Hi Jim,
    I have tested this and it does appear to work. Note that I have removed/changed some IP addresses in this example to maintain our privacy in some cases as this is a public post. This is on an XG-7100:

    ospf6d.conf

    password <removed>
log syslog
interface lagg0.4081
interface lagg0.4082

router ospf6
  router-id A.B.C.D
  area 0.0.0.0 range 2606:XXXX:0:10::/127 cost 1
  area 0.0.0.0 export-list MATCH-ALL
  interface lagg0.4081 area 0.0.0.0
  area 0.0.0.0 range 2606:XXXX:0:11::/127 cost 1
  area 0.0.0.0 export-list MATCH-ALL
  interface lagg0.4082 area 0.0.0.0
  redistribute static route-map OSPF6-OUT
  timers throttle spf 5000 10000 100000

# Prefix Lists
ipv6 prefix-list MATCH-DEFAULT seq 10 permit ::/0
ipv6 prefix-list MATCH-DEFAULT description Match the default route
ipv6 prefix-list MATCH-ALL seq 10 permit any
ipv6 prefix-list MATCH-ALL description Match all routes

# Route Maps
route-map OSPF6-OUT deny 10
  match ipv6 address prefix-list MATCH-DEFAULT
route-map OSPF6-OUT permit 20
  match ipv6 address prefix-list MATCH-ALL

    staticd.conf

    password <removed>

# Fallback routes in case of an OSPF issue

ipv6 route ::/0 fe80::a60c:c3ff:fea7:7043 lagg0.4081 200
ipv6 route ::/0 fe80::a60c:c3ff:fefb:2ec2 lagg0.4082 200

# Pin the larger IPv6 route as a static to null0 and redistribute that

ipv6 route 2606:XXXX:2::/48 Null0

    On the Cisco:

    Type-5 AS External Link States

ADV Router      Age         Seq#      	Prefix

A.B.C.D     61          0x80000001  2606:XXXX:2::/48

    The logic here is that I have allocated that entire /48 block for use on the LAN side of the firewall, but presently only part of it is in use. In order to ensure the full block is allocated I pinned a Null0 route as a static in FRR and then want to redistribute that rather then redistributing the connected routes. This also saves from getting a potentially long list of /64s in the routing table. I needed to make sure those fallback default routes got filtered though.

    But it all seems to work OK.

    0
  • Rebel Alliance Developer Netgate

    You should be able to do this in the GUI on the latest FRR package version (0.6.4)

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy