Hi,
I'd like to do the following:
network 1 O1 --- wan1 ---------- O2 ---- network2 --- O4 --- Internet
\-- R1 -- wan2 --- O3 --/
R1 is a non-OSPF speaking router, O1, O2, O3, and O4 are OSPF-speaking
routers (O3 still being a Cisco). Anyway, as you can already guess, the
idea is to have failover between wan1 and wan2 via OSPF, and Internet
connectivity at network 1.
To do this, I should announce a default route from O2 and O3 to O1. I
designed the network to have two areas, network1 and network 2, but in
O2, I can't say "redistribute default" because that should screw up
routing in network 2. I only want to announce the default route in area
1 (network 2 = backbone, network 1 = area 1). The man page suggest that
this isn't possible right now in OpenOSPFD.
How do I solve this problem with 4.0, except using a hack with
script-based manipulation of static routes?
Before I tried this, I wanted to do this in BGP (setting NO_EXPORT on
routes announced by O1), but no luck either. The small networks (eg.
/28) don't seem to get injected... bgpctl shows the networks to be
announced, but on the receiving box (O2) bgpctl show neighbor says that
it has not received any prefix.
O1, O2, and O4 are OpenBSD 4.0 systems.
The BGP filter section in O1 looks like this ($peer2 == O2 in this
scenario):
---------- cut
allow quick from $peer2
allow quick to $peer2 set community NO_EXPORT
# filter bogus networks
deny from any prefix 10.0.0.0/8 prefixlen >= 8
deny from any prefix 172.16.0.0/12 prefixlen >= 12
deny from any prefix 192.168.0.0/16 prefixlen >= 16
deny from any prefix 169.254.0.0/16 prefixlen >= 16
deny from any prefix 192.0.2.0/24 prefixlen >= 24
deny from any prefix 224.0.0.0/4 prefixlen >= 4
deny from any prefix 240.0.0.0/4 prefixlen >= 4
---------- cut
On a side note, it would be nice if I could say something like
deny source-as 65000..65535
in bgpd.conf... or is using communities computationally more efficient?
TIA!
Best,
--Toni++
