How to Configure OSPF Filters
Resolution
Overview
While redistributing OSPF routes, users have the option to choose which OSPF route path type can be redistributed into other Dynamic Routing Protocols. This document shows how to use OSPF Filters that include Path type, Area and Tag. The following examples show OSPF routes redistributed into BGP.
Details
OSPF routes to a destination network can be categorized into any of the following four path types:
- Intra-Area Path: Path to reach OSPF intra-area routes within the same area denoted by the flag Oi
- Inter-Area Path: Path to reach OSPF inter-area routes in another area denoted by the flag Oo
- External Type 1 Path: Path to reach external destinations outside the OSPF autonomous system denoted by the flag O1 (Ext-Type-1 path metric is the sum of the external route's cost and the cost of the path to reach the AS Boundary Routers advertising the external route)
- External Type 2 Path: Path to reach external destinations outside the OSPF autonomous system denoted by the flag O2 (Ext-Type-2 path metric is the cost of the external route and does not include the cost of the path to reach the AS Boundary Routers advertising the external route)
To create a redistribution profile, go to Network > Virtual Router > VRName > Redistribution Profile. Click Add and enter the Name and Priority, choose "Redist." under 'General Filter > Source Type' check "OSPF", as only OSPF routes need to be redistributed as shown below:
The screenshot shown in the previous screenshot is the redistribution profile used in BGP, (Network > Virtual Router > VRName > BGP > Redist Rules):
Using Path Type
Select which OSPF path type routes need to be redistributed. The following example shows the inter-area routes 7.7.7.0/24, 192.168.32.0/24 and type-1 external route 1.1.1.1/32 from Area 0 are redistributed into BGP:
Now, the routing table of BGP shows only the inter-area and type-1 external routes redistributed and installed in its routing table.
From the CLI use the following command:
> show routing route type bgp
VIRTUAL ROUTER: default (id 1)
==========
destination nexthop metric flags age interface next-AS
3.3.3.0/24 10.66.24.31 A?B 940 87
7.7.7.0/24 10.66.24.31 A?B 698 87
192.168.32.0/24 10.66.24.31 A?B 698 87
total routes shown: 3
Using Area
The "Area" section proves useful when the OSPF routes are redistributed from an ABR. Users can choose which Area's routes can be redistributed by specifying the Area ID as shown below. Here Area 1, 0.0.0.1 has the routes 7.7.7.0/24 and 192.168.32.0/24 which are redistributed into BGP.
Now, the routing table of BGP shows the two routes of Area 1 redistributed and installed in its routing table.
From the CLI use the following command:
> show routing route type bgp
VIRTUAL ROUTER: default (id 1)
==========
destination nexthop metric flags age interface next-AS
7.7.7.0/24 10.66.24.31 A?B 247 31
192.168.32.0/24 10.66.24.31 A?B 247 31
total routes shown: 2
Using Tag
'Tag' or 'External Route Tag' is associated to an external route advertised by AS Boundary Routers that are routes to a destination external to the OSPF autonomous system. Tags are used in Type 5 AS-External-LSA or Type 7 NSSA-External-LSA if the ASBR belongs to a Not-So-Stubby Area. Tags are not used by the OSPF protocol. It provides information on external route management.
Palo Alto Networks firewalls allow users to specify the tag value which is a 32-bit field while redistributing external routes as shown below (Network > Virtual Router > VRName > OSPF > Export Rules):
If only some external routes need to be redistributed, then specify the tag values of the external routes, as shown below. Here, Tag 50.5.5.50 is associated to the external route 1.1.1.1/32 and Tag 20.2.2.20 is associated to the external route 2.2.2.2/32.
Now, the routing table of BGP shows the two external routes redistributed and installed in its routing table.
From the CLI use the following command:
> show routing route type bgp
VIRTUAL ROUTER: default (id 1)
==========
destination nexthop metric flags age interface next-AS
1.1.1.1/32 10.66.24.31 A?B 2008 31
2.2.2.2/32 10.66.24.87 A?B 2008 31
total routes shown: 2
Note: External LSAs are not associated to a specific area as they are advertised throughout the OSPF autonomous system. Hence, when "Tags" are used, Area and Path Type OSPF filters should not be specified. Path Type for ext-1 and ext-2 can be used only when the external routes use the same tag. For instance, if 1.1.1.1/32 is a type ext-1 route and 2.2.2.2/32 is a type ext-2 route and both the routes use the same tag 20.2.2.20, then path type filter can be used to advertise the required route, as shown below:
Now, the routing table of BGP shows only the type ext-1 route redistributed and installed in its routing table.
From the CLI use the following command:
> show routing route type bgp
VIRTUAL ROUTER: default (id 1)
==========
destination nexthop metric flags age interface next-AS
1.1.1.1/32 10.66.24.31 A?B 35 31
total routes shown: 1
In some scenarios a combination of OSPF Filters (Path Type, Area, Tag) may be required, such as only one Area's routes need to redistributed along with some or all external routes. In such cases, use separate redistribution profiles. The following example shows routes redistributed from Area 1 using the redistribution profile "ospf-2-bgp" and external routes redistributed using the redistribution profile "ext-ospf-2-bgp".
Now, the routing table of BGP shows both Area 1 routes (7.7.7.0/24, 192.168.32.0/24) and the external routes (1.1.1.1/32, 2.2.2.2/32) redistributed and installed in its routing table.
From the CLI use the following command:
> show routing route type bgp
VIRTUAL ROUTER: default (id 1)
==========
destination nexthop metric flags age interface next-AS
1.1.1.1/32 10.66.24.31 A?B 1097 31
2.2.2.2/32 10.66.24.87 A?B 1097 31
7.7.7.0/24 10.66.24.31 A?B 1097 31
192.168.32.0/24 10.66.24.31 A?B 1097 31
total routes shown: 4
See Also
Understanding Route Redistribution and Filtering.
owner: gchandrasenkaran