Tuesday, March 24, 2015

Route Tagging OSPF Fortigates

In this post we will look at a simple deployments for tagging OSPF routes.

Why you would tag routes depends on a few things, but typically this is done for advance routing selection and manipulation. This gives you a greater luxury with route selection and controls.


>You might have 2  ISP uplink providers & both injecting a "External default route ", but you  request a unique ospf  tag for each default route to allow for routers/firewall to select the default  route by using the ospf tagged value


> you need to filter a set of routes from one router advertisements over another, like in a development network or in a redundant DataCenter recovery.

In this example we will tag our default route that we inject, and a few /24s prefixes

The tag I have chosen for the default and  the non-Default routes have  no bearing on the value selected. Typically one crafts a tag-value policy for routes redistributed by location and/or export method.

Here's an example of an route-tage policy for routes published for a router;

Here's our cfgs;

I've built 2 named prefix-list to match default and our network

The route-map matches our prefix, &  will set the tag value  that we will set 

In our router cfg, we apply the route-map to the default and under the export section  for the route-distributions. It's named redist-def .

Finally we can check our ospfdatabase for the correct tag-value

  I used a value 289 for the general set tag-value for redistributed

The route-map named  will match and apply 1st &  before any set tag values under each section. So if you apply a general set tag value + route-map, the rt-map rules will be evaluated 1st.

If I should have removed route-map named "ospfagover" than all static routes would have the value=289 applied. If no value was set, than the route-tag value in the LSA would be null

Ken Felix
NSE ( Network Security Expert) and Route/Switching Engineer.
kfelix  -----a----t---- socpuppets ---dot---com

    ^     ^
=(  :    : )=
       /   \

No comments:

Post a Comment