OSPF Route Filtering on Vyatta Device – How to Implement

ciscoospfroute-filterroutingvyatta

We have a connection between our Vyatta Router to our MPLS VPN Service Provider which is a Cisco device.

We would like to know how to filter the OSPF advertisement routes on Brocade Vrouter 5400 (Vyatta). We are open to any other free or lowcost option.

In order to find a solution, we tried to simulate it with GNS3.

We are trying to filter from the vyatta to Cisco.

The big picture :

topology

Vyatta VPN_2 configuration :

interfaces {
    ethernet eth0 {
        address 10.0.0.5/24
        duplex auto
        smp_affinity auto
        speed auto
    }
    ethernet eth1 {
        duplex auto
        smp_affinity auto
        speed auto
        vif 1419 {
            address 10.14.250.249/29
            description VLAN-VPN_2
        }
    }
}
policy {
    access-list 10 {
        rule 5 {
            action permit
            source {
                inverse-mask 0.0.255.255
                network 10.14.0.0
            }
        }
    }
}
protocols {
    ospf {
        access-list 10 {
            import
        }
        area 0 {
            network 10.14.250.248/29
            network 10.0.0.0/24
        }
    }
}

But we are still getting the routes from the vyatta, as we can see on CE_1 routing table. 

CE_1#show ip route vrf VPN_2
<ommited> 
     10.0.0.0/8 is variably subnetted, 11 subnets, 4 masks
O       10.0.0.0/24 [110/2] via 10.14.250.249, 00:27:11, FastEthernet0/0.1419
O E2    10.15.10.146/32 
           [110/100] via 10.14.250.249, 00:27:11, FastEthernet0/0.1419
O       10.25.250.0/29 
           [110/3] via 10.14.250.249, 00:27:11, FastEthernet0/0.1419
C       10.19.144.72/30 is directly connected, FastEthernet1/0.1224
B       10.14.250.0/29 [20/0] via 10.19.144.73, 01:03:31
O E2    10.11.248.0/29 
           [110/100] via 10.14.250.249, 00:27:12, FastEthernet0/0.1419
O       10.11.249.0/24 
           [110/3] via 10.14.250.249, 00:27:12, FastEthernet0/0.1419
C       10.14.250.248/29 is directly connected, FastEthernet0/0.1419
O       10.23.13.38/32 
           [110/4] via 10.14.250.249, 00:27:13, FastEthernet0/0.1419
B       10.23.18.55/32 [20/0] via 10.19.144.73, 01:03:33
O E2    10.25.250.248/29 
           [110/100] via 10.14.250.249, 00:27:13, FastEthernet0/0.1419
CE_1#

Don't understand why I'm getting from the Vyatta_VPN_2 the routes 10.25.250.0/29 and
10.11.249.0/24 on CE_1 and CE_2 which are redistributed on MPLS VPN.

Best Answer

Every OSPF router in an area has a full topology map so it can calculate the shortest path to every network. If you attempt to filter routes, you break the router's ability to calculate the path. While some routers will let you filter routes (and not all do), it's a bad idea to do so.

If you want to filter routes between your MPLS cloud and data center, I recommend you use a protocol like BGP; it was designed to do that sort of thing.

Related Topic