Hi,
I see a small mistake
You need to add that route to vr3 interface when you bring it up, vr0 will
most likely be up before vr3 so that is why your route adding in the
hostname.vr0 is wrong.
Cheers
On Thu, 9 Feb 2023, 01:36 Radek, <r...@int.pl> wrote:
> Hello Bradley,
> thank you, your setup works the way I need.
>
> I can't deal with adding the static route permanently. I have to add the
> static route by hand (route add 10.1.111.11/32 10.1.111.1) after reboot.
> Did I missed something?
>
> [10.109.3.15] $ cat /etc/hostname.vr0
> -inet
> dhcp
> #inet 10.109.3.15 255.255.255.0
> !sleep 60
> !route add 10.1.111.11/32 10.1.111.1
>
> After reboot it looks like this:
>
> [10.109.3.15] $ route -n show
> Routing tables
>
> Internet:
> Destination Gateway Flags Refs Use Mtu Prio
> Iface
> default 10.109.3.254 UGS 5 15 - 8 vr0
> 224/4 127.0.0.1 URS 0 59 32768 8 lo0
> 10.1.100/24 10.1.100.1 Cn 0 0 - 4 vr1
> 10.1.100.1 00:00:24:cb:4f:cd UHLl 0 0 - 1 vr1
> 10.1.100.255 10.1.100.1 Hb 0 0 - 1 vr1
> 10.1.111/24 10.1.111.1 UCn 1 0 - 4 vr3
> 10.1.111.1 00:00:24:cb:4f:cf UHLl 0 3 - 1 vr3
> 10.1.111.11 00:00:24:cb:4f:d0 UHLc 0 2 - 3 vr3
> 10.1.111.255 10.1.111.1 UHb 0 0 - 1 vr3
> 10.1.222/24 10.109.3.16 UG 0 0 - 32 vr0
> 10.109.3/24 10.109.3.15 UCn 3 40 - 4 vr0
> 10.109.3.10 a4:bb:6d:d6:5a:a4 UHLc 1 29 - 3 vr0
> 10.109.3.15 00:00:24:cb:4f:cc UHLl 0 13 - 1 vr0
> 10.109.3.16 00:00:24:cd:90:10 UHLch 1 26 - 3 vr0
> 10.109.3.254 00:0d:b9:35:39:29 UHLch 1 31 - 3 vr0
> 10.109.3.255 10.109.3.15 UHb 0 0 - 1 vr0
> 127/8 127.0.0.1 UGRS 0 0 32768 8 lo0
> 127.0.0.1 127.0.0.1 UHhl 1 2 32768 1 lo0
>
>
> On Tue, 7 Feb 2023 17:54:27 +1100
> Bradley Latus <brad.la...@gmail.com> wrote:
>
> > Hi all,
> >
> > I have done an experiment.
> >
> > If your interface is part of an area, it will be advertised always.
> >
> > If you wanted to advertise only /32 this is how I got mine to work.
> > Ensure your interface vr3 is not in your ospf area
> >
> > Add a static route to the one you wish to advertise, it appears that
> unless
> > a route exists on the machine you cannot redistribute a random ip.
> >
> > So route add 10.1.111.11/32 10.1.111.1
> >
> > Then you can redistribute your /32
> >
> >
> >
> > router-id 10.109.3.15
> > redistribute 10.1.111.11/32
> >
> > area 0.0.0.0 {
> > interface vr0
> > }
> >
> >
> >
> > On Tue, 7 Feb 2023, 02:46 Radek, <r...@int.pl> wrote:
> >
> > > Hello,
> > > > I’d check the databases on both sides.
> > > > And flush/reload the config and fibs.
> > > I reloaded and restarted OSPFd on both sides - nothing changes. Then, I
> > > rebooted routers on both sides - nothing changes.
> > > I still can see/ping the whole 10.1.111.0/24 subnet from the far end.
> > >
> > > [10.109.3.15]$ ospfctl show database router
> > >
> > > Router Link States (Area 0.0.0.0)
> > >
> > > LS age: 238
> > > Options: -|-|-|-|-|-|E|-
> > > LS Type: Router
> > > Link State ID: 10.109.3.15
> > > Advertising Router: 10.109.3.15
> > > LS Seq Number: 0x80000016
> > > Checksum: 0x6d0a
> > > Length: 48
> > > Flags: *|*|*|*|*|-|E|-
> > > Number of Links: 2
> > >
> > > Link connected to: Stub Network
> > > Link ID (Network ID): 10.1.111.0
> > > Link Data (Network Mask): 255.255.255.0
> > > Metric: 10
> > >
> > > Link connected to: Transit Network
> > > Link ID (Designated Router address): 10.109.3.16
> > > Link Data (Router Interface address): 10.109.3.15
> > > Metric: 10
> > >
> > > LS age: 239
> > > Options: -|-|-|-|-|-|E|-
> > > LS Type: Router
> > > Link State ID: 10.109.3.16
> > > Advertising Router: 10.109.3.16
> > > LS Seq Number: 0x80000016
> > > Checksum: 0xb058
> > > Length: 36
> > > Flags: *|*|*|*|*|-|E|-
> > > Number of Links: 1
> > >
> > > Link connected to: Transit Network
> > > Link ID (Designated Router address): 10.109.3.16
> > > Link Data (Router Interface address): 10.109.3.16
> > > Metric: 10
> > >
> > >
> > > [10.109.3.16]$ ospfctl show fib
> > > flags: * = valid, O = OSPF, C = Connected, S = Static
> > > Flags Prio Destination Nexthop
> > > *S 8 0.0.0.0/0 10.109.3.254
> > > *O 32 10.1.111.0/24 10.109.3.15
> > >
> > >
> > > On Sun, 5 Feb 2023 22:20:07 +0100
> > > Diederik Schouten <dsch...@high5.net> wrote:
> > >
> > > > Hello,
> > > >
> > > > I’d check the databases on both sides.
> > > > And flush/reload the config and fibs.
> > > > Then check again which link state advertisements are in the database.
> > > > To make sure you now get the /32 advertised.
> > > >
> > > > Sent from my iPhone
> > > >
> > > > > On 5 Feb 2023, at 21:15, Radek <r...@int.pl> wrote:
> > > > >
> > > > > Hello Diederik, hello Tom,
> > > > > this is a simple lab/testing configuration, that's why there is no
> > > "passive" and other...
> > > > > The purpose of this configuration is to allow access to certain IP
> > > address and restrict access to the rest of the subnet.
> > > > > I can use PF to block/pass what I need... but I'm trying make sure
> if
> > > I can do it by announcing "not more than needed" over OSPF.
> > > > >
> > > > > "redistribute 10.1.111.11/32" seems to be what I need, but
> probally I
> > > missed something, because this option doesn't work for me as expected.
> > > > >
> > > > > $ cat /etc/ospfd.conf
> > > > > router-id 10.109.3.15
> > > > > redistribute 10.1.111.11/32
> > > > >
> > > > > area 0.0.0.0 {
> > > > > interface vr0
> > > > > interface vr3
> > > > > }
> > > > >
> > > > > Then, I can still see/ping other IPs in 10.1.111.0/24 from the far
> > > end network.
> > > > >
> > > > > On the far router I can see the whole subnet instead of somthing
> like
> > > " *O 32 10.1.111.11/24 10.109.3.15".
> > > > >
> > > > > $ ospfctl show fib
> > > > > flags: * = valid, O = OSPF, C = Connected, S = Static
> > > > > Flags Prio Destination Nexthop
> > > > > *S 8 0.0.0.0/0 10.109.3.254
> > > > > *O 32 10.1.111.0/24 10.109.3.15
> > > > >
> > > > > Any clues?
> > > > >
> > > > >> On Sat, 4 Feb 2023 23:16:57 +0000
> > > > >> Tom Smyth <tom.sm...@wirelessconnect.eu> wrote:
> > > > >>
> > > > >> Hi Radek,
> > > > >>
> > > > >> it is better practice to add ospf network statements to
> ospfd.conf
> > > > >> (if you dont want to send / recieve ospf messages on an interface
> set
> > > the
> > > > >> interface to passive in ospfd.conf
> > > > >> avoid redistribute connected
> > > > >> (add the network you want to be added to your ospf network) and
> leave
> > > the
> > > > >> other network ommitted from your ospfd.conf
> > > > >>
> > > > >>
> > > > >> I hope this helps,
> > > > >>
> > > > >>
> > > > >>> On Sat, 4 Feb 2023 at 20:02, Radek <r...@int.pl> wrote:
> > > > >>>
> > > > >>> Hello,
> > > > >>> is it possible to announce over OSPF only one (or a few
> specific) IP
> > > > >>> address instead of the whole subnet?
> > > > >>> If yes.. an ospfd.conf example would be appreciated.
> > > > >>>
> > > > >>> $ cat /etc/hostname.vr3
> > > > >>> inet 10.1.111.1 255.255.255.0
> > > > >>>
> > > > >>> $ cat /etc/ospfd.conf
> > > > >>> router-id 10.109.3.15
> > > > >>> redistribute connected
> > > > >>>
> > > > >>> area 0.0.0.0 {
> > > > >>> interface vr0
> > > > >>> interface vr3
> > > > >>> }
> > > > >>>
> > > > >>> Thanks,
> > > > >>> Radek
> > > > >>>
> > > > >>>
> > > > >>
> > > > >> --
> > > > >> Kindest regards,
> > > > >> Tom Smyth.
> > > > >
> > > > >
> > > > > Radek
> > > > >
> > > >
> > >
> > >
> > > Radek
> > >
> > >
>
>
> Radek
>
>
