Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Filtering unwanted routes from OSPF distribution

    Scheduled Pinned Locked Moved FRR
    4 Posts 2 Posters 747 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bruor
      last edited by

      I've got FRR OSPF working between 2 sites. I've needed to enable connected networks and kernel route distribution to get everything I want included in distribution, but now I'd like to filter things back a bit but I can't seem to wrap my head around the way that this needs to be done (in gui)

      I'd like to stop the pfblocker VIP route from being distributed among sites, it would be easiest for me to tell FRR not to disctribute any routes within 10.10.0.0/16. It looks like the right approach is to use a prefix-list, but no clue how to get FRR to actually evaluate it.

      FRR seems to also pick up remote IPsec endpoints and publish routes for those public IPs as well, looking for an elegant way to block those from distributing as well. (endpoints are not static IPs) I was hoping there might be a way to filer out routes unless they are a certain size since these all appear to be /32

      1 Reply Last reply Reply Quote 0
      • Z
        Zawi
        last edited by

        Use route map , apply it to Route Redistribution.

        create prefix list. allow/deny what you need.
        7eacce1a-8e00-48d9-915c-159b0fd9b2f1-image.png

        match it in route map.
        ecee3521-8fd8-4dd8-b738-48a6f9127b71-image.png

        apply it to Route Redistribution
        656efa5c-cb6f-4dea-98a5-230290d39657-image.png

        1 Reply Last reply Reply Quote 0
        • B
          bruor
          last edited by

          Maybe there's a different/better way to approach this. Is there a way to tell frr that I only want to distribute connected routes if they are for networks within a specific netmask?

          Are route maps sort of like firewall rules? Would I define 2 allows with a deny for 0.0.0.0? And apply that?

          I use a dedicated 10.0.0.0/16 and a 192.168.0.0/16 at each site.

          1 Reply Last reply Reply Quote 0
          • B
            bruor
            last edited by

            I just gave that a shot and it appears to work as expected.

            Thanks for your help working out how the parts inter-operate

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.