how to filterout private ip ranges
Ondrej Zajicek
santiago at crfreenet.org
Fri Jul 3 00:11:07 CEST 2009
On Thu, Jul 02, 2009 at 10:29:19PM +0200, Martin Kraus wrote:
> hi. I'm trying to filter out private ip ranges from ospf. I've defined filter:
...
> on this router shows only public ip prefixes. however on the neighbouring router I
> still get the private routes:
>
> 10.128.1.0/24 dev tap_infonet [ospf1 22:20] I (150/10)
> 172.29.201.0/24 via 10.128.1.1 on tap_infonet [ospf1 22:21] I (150/20)
> 172.16.7.0/24 via 10.128.1.1 on tap_infonet [ospf1 22:21] I (150/20)
...
> what bothers me is that using show route with the defined filter works right.
> is there something I'm doing wrong?
It is answered in my answer to your previous mail:
Another change is that 'secondary' address ranges are now by default propagated
as stub networks (You can change it using 'stubnet' option). If you propagated
that address through OSPF, you probably exported it to OSPF as external route,
which is not needed now.
So you probably would like to add something like:
stubnet 172.16.0.0/12 { hidden; summary; }
to your OSPF configuration.
In current version, these stub networks are generated directly by OSPF
protocol and therefore are not filtered by export filter.
--
Elen sila lumenn' omentielvo
Ondrej 'SanTiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20090703/df62a72e/attachment-0001.asc>
More information about the Bird-users
mailing list