how to filterout private ip ranges

Martin Kraus martin.kraus at wujiman.net
Fri Jul 3 16:57:28 CEST 2009


On Fri, Jul 03, 2009 at 12:11:07AM +0200, Ondrej Zajicek wrote:
> On Thu, Jul 02, 2009 at 10:29:19PM +0200, Martin Kraus wrote:
> > hi. I'm trying to filter out  private ip ranges from ospf. I've defined filter:
> 
> ...
> 
> > on this router shows only public ip prefixes. however on the neighbouring router I
> > still get the private routes:
> >
> > 10.128.1.0/24      dev tap_infonet [ospf1 22:20] I (150/10)
> > 172.29.201.0/24    via 10.128.1.1 on tap_infonet [ospf1 22:21] I (150/20)
> > 172.16.7.0/24      via 10.128.1.1 on tap_infonet [ospf1 22:21] I (150/20)
> 
> ...
> 
> > what bothers me is that using show route with the defined filter works right.
> > is there something I'm doing wrong?
> 
> 
> It is answered in my answer to your previous mail:
> 
> Another change is that 'secondary' address ranges are now by default propagated
> as stub networks (You can change it using 'stubnet' option). If you propagated
> that address through OSPF, you probably exported it to OSPF as external route,
> which is not needed now.
> 
> So you probably would like to add something like:
> 
> stubnet 172.16.0.0/12 { hidden; summary; }
> 
> to your OSPF configuration.
> 
> In current version, these stub networks are generated directly by OSPF
> protocol and therefore are not filtered by export filter.

ehm. my fault. those routes propagated to the other router are indeed only 
those set up on the ospf interface. the rest going throught the filter 
are rejected as should be. 
always asumed that ospf generates all the routes on its interface without
thinking that those really can't go through export filters, so all the filters
filtered routes from direct protocol. 
as to quote a classic: "assumption is a mother of all f***kups":(

thanks
mk



More information about the Bird-users mailing list