Hi all,
I have done an experiment.
If your interface is part of an area, it will be advertised always.
If you wanted to advertise only /32 this is how I got mine to work.
Ensure your interface vr3 is not in your ospf area
Add a static route to the one you wish to advertise, it appears that unless
a route exists on the machine you cannot redistribute a random ip.
So route add 10.1.111.11/32 10.1.111.1
Then you can redistribute your /32
router-id 10.109.3.15
redistribute 10.1.111.11/32
area 0.0.0.0 {
interface vr0
}
On Tue, 7 Feb 2023, 02:46 Radek, <r...@int.pl> wrote:
> Hello,
> > I’d check the databases on both sides.
> > And flush/reload the config and fibs.
> I reloaded and restarted OSPFd on both sides - nothing changes. Then, I
> rebooted routers on both sides - nothing changes.
> I still can see/ping the whole 10.1.111.0/24 subnet from the far end.
>
> [10.109.3.15]$ ospfctl show database router
>
> Router Link States (Area 0.0.0.0)
>
> LS age: 238
> Options: -|-|-|-|-|-|E|-
> LS Type: Router
> Link State ID: 10.109.3.15
> Advertising Router: 10.109.3.15
> LS Seq Number: 0x80000016
> Checksum: 0x6d0a
> Length: 48
> Flags: *|*|*|*|*|-|E|-
> Number of Links: 2
>
> Link connected to: Stub Network
> Link ID (Network ID): 10.1.111.0
> Link Data (Network Mask): 255.255.255.0
> Metric: 10
>
> Link connected to: Transit Network
> Link ID (Designated Router address): 10.109.3.16
> Link Data (Router Interface address): 10.109.3.15
> Metric: 10
>
> LS age: 239
> Options: -|-|-|-|-|-|E|-
> LS Type: Router
> Link State ID: 10.109.3.16
> Advertising Router: 10.109.3.16
> LS Seq Number: 0x80000016
> Checksum: 0xb058
> Length: 36
> Flags: *|*|*|*|*|-|E|-
> Number of Links: 1
>
> Link connected to: Transit Network
> Link ID (Designated Router address): 10.109.3.16
> Link Data (Router Interface address): 10.109.3.16
> Metric: 10
>
>
> [10.109.3.16]$ ospfctl show fib
> flags: * = valid, O = OSPF, C = Connected, S = Static
> Flags Prio Destination Nexthop
> *S 8 0.0.0.0/0 10.109.3.254
> *O 32 10.1.111.0/24 10.109.3.15
>
>
> On Sun, 5 Feb 2023 22:20:07 +0100
> Diederik Schouten <dsch...@high5.net> wrote:
>
> > Hello,
> >
> > I’d check the databases on both sides.
> > And flush/reload the config and fibs.
> > Then check again which link state advertisements are in the database.
> > To make sure you now get the /32 advertised.
> >
> > Sent from my iPhone
> >
> > > On 5 Feb 2023, at 21:15, Radek <r...@int.pl> wrote:
> > >
> > > Hello Diederik, hello Tom,
> > > this is a simple lab/testing configuration, that's why there is no
> "passive" and other...
> > > The purpose of this configuration is to allow access to certain IP
> address and restrict access to the rest of the subnet.
> > > I can use PF to block/pass what I need... but I'm trying make sure if
> I can do it by announcing "not more than needed" over OSPF.
> > >
> > > "redistribute 10.1.111.11/32" seems to be what I need, but probally I
> missed something, because this option doesn't work for me as expected.
> > >
> > > $ cat /etc/ospfd.conf
> > > router-id 10.109.3.15
> > > redistribute 10.1.111.11/32
> > >
> > > area 0.0.0.0 {
> > > interface vr0
> > > interface vr3
> > > }
> > >
> > > Then, I can still see/ping other IPs in 10.1.111.0/24 from the far
> end network.
> > >
> > > On the far router I can see the whole subnet instead of somthing like
> " *O 32 10.1.111.11/24 10.109.3.15".
> > >
> > > $ ospfctl show fib
> > > flags: * = valid, O = OSPF, C = Connected, S = Static
> > > Flags Prio Destination Nexthop
> > > *S 8 0.0.0.0/0 10.109.3.254
> > > *O 32 10.1.111.0/24 10.109.3.15
> > >
> > > Any clues?
> > >
> > >> On Sat, 4 Feb 2023 23:16:57 +0000
> > >> Tom Smyth <tom.sm...@wirelessconnect.eu> wrote:
> > >>
> > >> Hi Radek,
> > >>
> > >> it is better practice to add ospf network statements to ospfd.conf
> > >> (if you dont want to send / recieve ospf messages on an interface set
> the
> > >> interface to passive in ospfd.conf
> > >> avoid redistribute connected
> > >> (add the network you want to be added to your ospf network) and leave
> the
> > >> other network ommitted from your ospfd.conf
> > >>
> > >>
> > >> I hope this helps,
> > >>
> > >>
> > >>> On Sat, 4 Feb 2023 at 20:02, Radek <r...@int.pl> wrote:
> > >>>
> > >>> Hello,
> > >>> is it possible to announce over OSPF only one (or a few specific) IP
> > >>> address instead of the whole subnet?
> > >>> If yes.. an ospfd.conf example would be appreciated.
> > >>>
> > >>> $ cat /etc/hostname.vr3
> > >>> inet 10.1.111.1 255.255.255.0
> > >>>
> > >>> $ cat /etc/ospfd.conf
> > >>> router-id 10.109.3.15
> > >>> redistribute connected
> > >>>
> > >>> area 0.0.0.0 {
> > >>> interface vr0
> > >>> interface vr3
> > >>> }
> > >>>
> > >>> Thanks,
> > >>> Radek
> > >>>
> > >>>
> > >>
> > >> --
> > >> Kindest regards,
> > >> Tom Smyth.
> > >
> > >
> > > Radek
> > >
> >
>
>
> Radek
>
>
