I try to find a solution to my issue :
I have an ospf area (0) with several routers and what I need is to deny "relaying" routes.
Let's say I have :
R1 <==> R2 <==> R3 <==> R1
all are in area0
if the link R1<==>R3 is broken, I don't want that R1 goes to R2 to join R3
I know in ospf all routers have the same database but maybe I could hide route... and in this case, I could hide on R1 routes to go to R3 by R2 ?
If it's possible, I have to "filter" on R1 automaticaly and not with ACLs
if you have an idea, that would be great
The database on all routers in a single area needs to be the same not the routing table,
On R1 apply :
distribute-list 199 in interface
This way R1 will never learn R3 from R2.
Let me know if it works.
sorry not possible for me to do that (I knew this technic) :
- in reality, I'm in a full meshed VPN that uses ospf inside tunnel to exchange all routes between all routers
- I have about 50 routers and for each around 20 networks
- my request is to disable on routers to relay routes learned from an other router
=> I think you see it's not possible for me to do that with ACL
Righ now I just use ACLs to deny source being other things that own routes from router, problem is that packet is received and dropped whereas I would like never been sent.
is there any solution ?
Unfortunately outbound route-filtering only works for inter-area/external routes.The command distribute-list out works only on the routes being redistributed by the Autonomous System Boundary Routers (ASBRs) into OSPF. It can be applied to external type 2 and external type 1 routes, but not to intra-area and interarea routes.So unless you can divide your OSPF domian into multiple areas or find a way to make each advertising router an ASBR it's not possible.
Not by metric but by distance and that too only inbound.
What we are doing is setting distance of all routes matching on ACL 199 and received from source A.B.C.D to 255 which is unreachable.
This might help you to get more understanding of prefferred routes: