Problem with Export Filter in OSPF

Wendler, Daniel dwe at boreus.de
Wed Oct 24 19:01:53 CEST 2012 

Hello,


i'm new to bird and try to setup an OSPF Setup with 4 instances of bird on
Linux Systems.
The used version is 1.3.8 installed trough the Debian Squeeze Repo
provided by bird.network.cz.

At the moment i tried to establish an export filter for OSPF, and it
seems, that it isn't working
at all. Same filter works best as an import filter:

filter notrans {
        if net ~ [ 10.110.1.0/24+ ] then reject;
        accept;
}


I want this net (and all subnets) not exported to other nodes in the OSPF
Areas.

I tried to test the filter on the system where i will export some routes.
Without the filter (import all;) i got this (filtered the interface names):

172.27.129.80/28   dev [transospf 18:15] * I (150/10) [10.110.1.118]
172.27.129.64/28   dev [transospf 18:15] * I (150/10) [10.110.1.118]
172.27.129.128/26  dev [transospf 18:15] * I (150/10) [10.110.1.118]
172.27.131.0/28    dev [transospf 18:15] * I (150/10) [10.110.1.118]
172.27.131.64/27   dev [transospf 18:15] * I (150/10) [10.110.1.118]
172.27.131.192/26  dev [transospf 18:15] * I (150/10) [10.110.1.118]
172.27.129.48/28   dev [transospf 18:15] * I (150/10) [10.110.1.118]
172.27.68.0/24     dev [transospf 18:15] * I (150/10) [10.110.1.118]
10.110.1.64/26     dev [transospf 18:52] * I (150/10) [10.110.1.118]
<< net is there
10.110.1.128/26    dev [transospf 18:52] * I (150/10) [10.110.1.118]    <<
net is there
172.27.128.96/27   dev [transospf 18:15] * I (150/10) [10.110.1.118]
172.27.128.224/29  dev [transospf 18:15] * I (150/10) [10.110.1.118]
172.27.129.32/28   dev [transospf 18:15] * I (150/10) [10.110.1.118]
172.27.9.0/25      dev [transospf 18:15] * I (150/10) [10.110.1.118]
172.27.12.0/24     dev [transospf 18:15] * I (150/10) [10.110.1.118]
172.27.13.0/24     dev [transospf 18:15] * I (150/10) [10.110.1.118]


With the filter (import filter notrans;) i got:

172.27.129.80/28   dev as-doritest [transospf 18:15] * I (150/10)
[10.110.1.118]
172.27.129.64/28   dev as-dorilive [transospf 18:15] * I (150/10)
[10.110.1.118]
172.27.129.128/26  dev as-pmppu [transospf 18:15] * I (150/10)
[10.110.1.118]
172.27.131.0/28    dev im-cumulus [transospf 18:15] * I (150/10)
[10.110.1.118]
172.27.131.64/27   dev im-coback [transospf 18:15] * I (150/10)
[10.110.1.118]
172.27.131.192/26  dev im-misc [transospf 18:15] * I (150/10)
[10.110.1.118]
172.27.129.48/28   dev as-im-afadb [transospf 18:15] * I (150/10)
[10.110.1.118]
172.27.68.0/24     dev as-pg [transospf 18:15] * I (150/10) [10.110.1.118]
172.27.128.96/27   dev as-immo-dwh [transospf 18:15] * I (150/10)
[10.110.1.118]
172.27.128.224/29  dev as-pmptu [transospf 18:15] * I (150/10)
[10.110.1.118]
172.27.129.32/28   dev as-im-afaweb [transospf 18:15] * I (150/10)
[10.110.1.118]
172.27.9.0/25      dev as-immo-test [transospf 18:15] * I (150/10)
[10.110.1.118]
172.27.12.0/24     dev as-immo-web [transospf 18:15] * I (150/10)
[10.110.1.118]
172.27.13.0/24     dev as-immo-dbapp [transospf 18:15] * I (150/10)
[10.110.1.118]

As you can see, both nets are filtered, so i think the filter works as i
expected
but when i use this filter in export and look on another node i got:

172.27.129.80/28   via 10.110.1.178 on eth1 [transospf 18:20] ! IA
(150/20) [10.110.1.118]
172.27.129.64/28   via 10.110.1.178 on eth1 [transospf 18:20] ! IA
(150/20) [10.110.1.118]
172.27.129.128/26  via 10.110.1.178 on eth1 [transospf 18:20] * IA
(150/20) [10.110.1.118]
172.27.131.0/28    via 10.110.1.178 on eth1 [transospf 18:20] * IA
(150/20) [10.110.1.118]
172.27.131.64/27   via 10.110.1.178 on eth1 [transospf 18:20] ! IA
(150/20) [10.110.1.118]
172.27.131.192/26  via 10.110.1.178 on eth1 [transospf 18:20] ! IA
(150/20) [10.110.1.118]
172.27.129.48/28   via 10.110.1.178 on eth1 [transospf 18:20] ! IA
(150/20) [10.110.1.118]
172.27.68.0/24     via 10.110.1.178 on eth1 [transospf 18:20] * IA
(150/20) [10.110.1.118]
10.110.1.64/26     via 10.110.1.178 on eth1 [transospf 18:20] * IA
(150/20) [10.110.1.118]    << this should not happen i think!
10.110.1.128/26    dev eth1 [transospf 18:20] * I (150/10) [10.110.1.118]
172.27.128.96/27   via 10.110.1.178 on eth1 [transospf 18:20] ! IA
(150/20) [10.110.1.118]
172.27.128.224/29  via 10.110.1.178 on eth1 [transospf 18:20] * IA
(150/20) [10.110.1.118]
172.27.129.32/28   via 10.110.1.178 on eth1 [transospf 18:20] ! IA
(150/20) [10.110.1.118]
172.27.9.0/25      via 10.110.1.178 on eth1 [transospf 18:20] * IA
(150/20) [10.110.1.118]
172.27.12.0/24     via 10.110.1.178 on eth1 [transospf 18:20] ! IA
(150/20) [10.110.1.118]
172.27.13.0/24     via 10.110.1.178 on eth1 [transospf 18:20] ! IA
(150/20) [10.110.1.118]

You can see, away from the scope link rooute i got the second 10.110
Network.
In my eyes this schould not happen when the filter is applied.

Did I miss something? Maybe someone could help me with this?

Greetings

Daniel Wendler

More information about the Bird-users mailing list