Any way to filter OSPFv3 routes through GUI in 2.4.4-p3?



  • Hello,
    I noticed that in the GUI there are extensive options for route filtering of redistributed routes for OSPFv2 (IPv4) but I see nothing under the OSPFv3 (IPv6) configuration tab. Is this unsupported by FRR version 6.X or just not implemented in the package? Can I filter on a route-map via the raw-config (which is non-ideal I guess but if it is the only way....)

    Thanks!


  • Rebel Alliance Developer Netgate

    I can't remember if I didn't implement that yet because it didn't work or because I just hadn't got around to it yet.

    Give it a try in the raw config and see what happens. It may work, it may not. OSPFv3 support in FRR can be a bit spotty. For example it only supports a single area.



  • Hi Jim,
    I have tested this and it does appear to work. Note that I have removed/changed some IP addresses in this example to maintain our privacy in some cases as this is a public post. This is on an XG-7100:

    ospf6d.conf

    password <removed>
    log syslog
    interface lagg0.4081
    interface lagg0.4082
    
    router ospf6
      router-id A.B.C.D
      area 0.0.0.0 range 2606:XXXX:0:10::/127 cost 1
      area 0.0.0.0 export-list MATCH-ALL
      interface lagg0.4081 area 0.0.0.0
      area 0.0.0.0 range 2606:XXXX:0:11::/127 cost 1
      area 0.0.0.0 export-list MATCH-ALL
      interface lagg0.4082 area 0.0.0.0
      redistribute static route-map OSPF6-OUT
      timers throttle spf 5000 10000 100000
    
    # Prefix Lists
    ipv6 prefix-list MATCH-DEFAULT seq 10 permit ::/0
    ipv6 prefix-list MATCH-DEFAULT description Match the default route
    ipv6 prefix-list MATCH-ALL seq 10 permit any
    ipv6 prefix-list MATCH-ALL description Match all routes
    
    # Route Maps
    route-map OSPF6-OUT deny 10
      match ipv6 address prefix-list MATCH-DEFAULT
    route-map OSPF6-OUT permit 20
      match ipv6 address prefix-list MATCH-ALL
    

    staticd.conf

    password <removed>
    
    # Fallback routes in case of an OSPF issue
    
    ipv6 route ::/0 fe80::a60c:c3ff:fea7:7043 lagg0.4081 200
    ipv6 route ::/0 fe80::a60c:c3ff:fefb:2ec2 lagg0.4082 200
    
    # Pin the larger IPv6 route as a static to null0 and redistribute that
    
    ipv6 route 2606:XXXX:2::/48 Null0
    

    On the Cisco:

    Type-5 AS External Link States
    
    ADV Router      Age         Seq#      	Prefix
    
    A.B.C.D     61          0x80000001  2606:XXXX:2::/48
    

    The logic here is that I have allocated that entire /48 block for use on the LAN side of the firewall, but presently only part of it is in use. In order to ensure the full block is allocated I pinned a Null0 route as a static in FRR and then want to redistribute that rather then redistributing the connected routes. This also saves from getting a potentially long list of /64s in the routing table. I needed to make sure those fallback default routes got filtered though.

    But it all seems to work OK.


  • Rebel Alliance Developer Netgate

    You should be able to do this in the GUI on the latest FRR package version (0.6.4)


Log in to reply