I would like to ignore some of the routes learned by OSFP so they don't install in the forwarding table. Important, I'm not talking about suppress/filter routes that my PA announce through OSPF.
For explaining me better, I'm looking for "OSPF Inbound Filtering" in the language of Cisco:
Thanks in advance!!!
Gerardo, thanks for your answer. I will look for the way to make that suggestion to Palo Alto Team.
Meanwhile, I've to found a way to prioritize static routes over dynamic routes. The administrative distance works when the prefix length of the routes are equal but it appears that longer prefix length routes take precedence over shorter independent of administrative distance.
Yes, that's expected behavior shorther prefix lenghts will take over. Admin distance will only matter when you have the same route (including prefix lenght) coming from different routing protocols (static, ospf, bgp...). In adittion OSPF is an internal gateway protocol so is asummed that the the routes are coming from controled sources (where only the requiered routes are advertised), the only options left are changing to BGP (EGP) or configure static routes using the same prefix lenght.
As side note to check the installed routes in the dataplane you can use the following command,
>show routing fib
Your other option here is to switch to BGP for route distribution. This would then give you full control of import and export policies throughout the enterprise to handle this cases as you desire.
Gerardo and Steve, thank you for your suggestions. The problem is that OSPF is forced by my provider and I can't change this 😞
Gerardo, you're right I shouldn't receive these routes through OSPF. The plan B is that my provider filter these routes.
Steve, I see that you found this other thread by yourself 😉
You could perhaps move your provider peering via OSPF into a separate virtual router. Then use BGP from this VR to your main VR with the controls you need to have in place.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!