OSPF Inbound Route Filter

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

Reply
adevine
L1 Bithead

OSPF Inbound Route Filter

Hi,

I see in the admin guide that it is possible to filter the default route so that it is not learnt by the OSPF process.

Is there any way of applying a more granular filter so that I can restrict the Palo Alto OSPF process to only learn 10.0.0.0/8 routes?  Similiar to an inbound Cisco distribute-list?

Cheers


Accepted Solutions
pkruse
L4 Transporter

With the current iteration of the product we do not provide that level of granularity, if this is an important feature you can take it up with your local SE and have a feature request submitted.

View solution in original post


All Replies
pkruse
L4 Transporter

With the current iteration of the product we do not provide that level of granularity, if this is an important feature you can take it up with your local SE and have a feature request submitted.

View solution in original post

kbrazil
L4 Transporter

Depending on the topology we might be able to do this with a redistribution profile attached to an export filter on whatever protocol you are redistributing into OSPF. 

There is no way to reliably restrict routes within the OSPF LSA database itself - that's not how it's designed to work. (That is, it's not a distance-vector protocol that allows you to directly manipulate the routing table).

Cheers,

Kelly

rroger
L1 Bithead

Hello,

Is this functionnality is implemented now?

Are we able to filter the route exchange between areas?

Regards

Rémi

rob.burgoyne
L3 Networker

Let me know if you find an answer to this.

Thanks,

mikand
L6 Presenter

Doesnt seem like that, not according to the PAN-OS_4.1_CLI_Reference_Guide.pdf

Hopefully some SE could step in here and give a hint if this is taken care of in the PANOS 5.0 which is released shortly?

rob.burgoyne
L3 Networker

That sucks, it would be really nice to be able to easily filter routes based on Areas, not really how OSPF was designed but doesn't seem like it would be that hard for them to implement something like this.

santonic
L5 Sessionator

Anyone knows if this feature has been implemented in any of the later releases? I can't find anything new on this subject, but I'm still hopeful...

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!