I'm messing around with some routing policies in VyOS. My goal is to have OSPF only originate a default route if a certain route is present in the routing table. The use case for this would be failover if a link upstream dies. Something similar to this: https://community.cisco.com/t5/networking-documents/conditional-default-route-advertisement-in-ospf/ta-p/3145600
However of course it's not working quite as expected, I suppose that is typical when learning new things. :)
Here's the relevant parts of the config:
access-list 1 { rule 1 { action permit source { inverse-mask 0.0.0.255 network 33.33.33.0 } } } route-map conditional { rule 1 { action permit match { ip { address { access-list 1 } } } } } ospf { area 0 { network 10.10.10.0/30 } default-information { originate { always metric 10 metric-type 2 route-map conditional } } log-adjacency-changes { } parameters { abr-type cisco router-id 10.10.10.2 } } static { route 33.33.33.0/24 { blackhole { } } }
Here's the routing table, which shows that 33.33.33.0/24 is present:
10.10.10.0/30 dev eth1 proto kernel scope link src 10.10.10.2 blackhole 33.33.33.0/24 proto static metric 20 192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.61
I would expect this to match 33.33.33.0/24 but it does not appear to
inverse-mask 0.0.0.0 network 33.33.33.0
Nor does this:
inverse-mask 0.0.0.255 network 33.33.33.0
... And the neighbor doesn't receive the default route:
(Neighbor) 10.10.10.0/30 dev eth1 proto kernel scope link src 10.10.10.1 192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.28
Strangely, the inverse-mask 63.63.63.255 does match 33.33.33.0/24:
inverse-mask 63.63.63.255 network 33.33.33.0
And the neighbor receives the default route:
(Neighbor) default via 10.10.10.2 dev eth1 proto ospf metric 20 10.10.10.0/30 dev eth1 proto kernel scope link src 10.10.10.1 192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.28
That could be the result of some funky bitmath, but I'm still stumped on it.
Am I missing something on how inverse masks work in this situation? Ideally, I want to learn how to match a single entry, 33.33.33.0/24.
No comments:
Post a Comment