| Title: | DEC Network Integration Server (DECNIS) |
| Notice: | Please read note 1 to use this conference effectively |
| Moderator: | MARVIN::WELCH |
| Created: | Wed Sep 18 1991 |
| Last Modified: | Thu Jun 05 1997 |
| Last Successful Update: | Fri Jun 06 1997 |
| Number of topics: | 3660 |
| Total number of notes: | 15082 |
Hi,
I was wondering if someone familiar with subnet filtering under OSPF
could look at this information from my customer and tell me if they see
anything obviously wrong with his commands. He is using DECnis V3.0.
The compile goes o.k. but he gets a preocess failure message on the
enable command.
Why does the following ncl code fail with a "process failure" message
on the enable command? (Commands are attempting to filter the route to
subnet 31.16.3.0 within previously defined ospf area ospf-area-31-16.
An address domain is defined, then a filter with an action of "block"
on routes matching the domain and received from OSPF.) There are no
errors or warnings encountered in the compile prior to the enable
failure.
In _extra_create file:
CREATE ROUTING NETWORK PROTOCOL IP DOMAIN Sub_31_16_3
CREATE ROUTING CONTROL PROTOCOL ospf-area-31-16 -
RECEIVE DESTINATION Sub_filter FILTER ACTION BLOCK, -
SOURCE ROUTE ATTRIBUTES {OSPF Intra Area}
In _extra_set file:
SET ROUTING NETWORK PROTOCOL IP DOMAIN sub_31_16_3 -
IP ADDRESS {{address = 31.16.3.0, mask = 255.255.255.0}}
SET ROUTING CONTROL PROTOCOL ospf-area-31-16 RECEIVE DESTINATION -
sub_filter DOMAIN {{ROUTING NETWORK PROTOCOL IP DOMAIN sub_31_16_3}}
SET ROUTING CONTROL PROTOCOL ospf-area-31-16 RECEIVE DESTINATION -
sub_filter ADDRESS MATCH TYPE PREFIX
Following command in _extra_enable file fails with "process failure"
message
ENABLE ROUTING CONTROL PROTOCOL ospf-area-31-16 -
RECEIVE DESTINATION sub_filter
Thank you in advance,
Walt McGaw
Digital Network Services Unit
USCSC/CS
| T.R | Title | User | Personal Name | Date | Lines |
|---|---|---|---|---|---|
| 3576.1 | Are your enables the right way round? | MARVIN::BRADBURY | Wed Mar 19 1997 12:26 | 15 | |
Hi Walt,
I think you may have an ordering problem. The receive destination filter
must be enabled before the OSPF area gets enabled, so your extra enable
commands should look something like:
ENABLE ROUTING CONTROL PROTOCOL ospf-area-31-16 -
RECEIVE DESTINATION sub_filter
enable ROUTING CONTROL PROTOCOL ospf-area-31-16
Hope this helps,
Colin.
| |||||
| 3576.2 | Will try it and let you know. | GADWAL::W_MCGAW | Wed Mar 19 1997 16:04 | 7 | |
Hi Colin,
I'll have the customer try that and see what happens. I'll give you an
updaate either way.
Thanks!
Walt
| |||||
| 3576.3 | Suggestion worked. | GADWAL::W_MCGAW | Thu Mar 27 1997 11:34 | 19 | |
Hi Colin,
Here is an update from the customer on your recommendation. It appears
it worked but he is mentioning something about a "black hole"?
Walt-
Thanks for the follow-up.
Route filtering works after placing the "enable filter" command in the
extra file preceding the "enable ospf-area" commands as DEC advised.
o OSPF route filters do create "black holes". The router advertises a
route even though this route is blocked. Packet addressed to blocked
route is sent up to the next hop (filtering) router but the router
just drops the packet.
| |||||
| 3576.4 | MARVIN::HART | Tony Hart, InterNetworking Prod. Eng. Group | Wed Apr 02 1997 04:25 | 13 | |
> o OSPF route filters do create "black holes". The router advertises a > route even though this route is blocked. Packet addressed to blocked > route is sent up to the next hop (filtering) router but the router > just drops the packet. This looks like an extract from the manual. Its simply stating the fact that when you block routes using RPF they are prevented from being inserted into the forwarding table but they are still advertised by the protocol. So other routers will still think that you have a route to the blocked network(s). This is normal behaviour and is a characteristic of all route filtering mechanisms. Tony | |||||
| 3576.5 | Thanks for the explanation. | GADWAL::W_MCGAW | Wed Apr 02 1997 09:46 | 4 | |
Thank you for the explanation Tony!
Walt
| |||||