Our main goal; " was to filter routes being injected via a a few down stream ospf speakers, and to prevent the possible corruptiing our route table ".
In order to filter these ospf routers advertisements, a simple distribute list was attached to our interface using the following route-policy;
and the corresponding prefix-sets where defined ;
here's our new route-policy that's more specific & looks good ;
Now if one would try to apply this to our distribution in interface we get the following error and the configuration is rejected;
It's strange that cisco IOS-XR behaves in this manner. You can craft a route-policy that pass the parser, but one can not use at the attach point. Since IOS-XR is trying to duplicate what's already been done via other router OSes, I found this error quite interesting.
1: In classic traditional IOS, one could easily build the same using a route-map
2: And in Junos one could easily build the same, by using a import policy
Be advised, none of these methods will drop the LSA from entering the ospf database.
Stay tune, as I research more into this strange behavior and for alternatives means at ospf filtering.
Ken Felix
Freelance Network / Security Engineer
kfelix ----a---t---socpuppets ---d---o---t---com
^ ^
=( ^ ^ )=
o
/ \
No comments:
Post a Comment