Configuring OSPF to Import External Routes

Procedure

1. Run system-view

   The system view is displayed.

2. Run ospf [ process-id ]

   The OSPF view is displayed.

3. Run import-route { bgp [ permit-ibgp ] | direct | rip [ process-id-rip ] | static | unr | isis [ process-id-isis ] | ospf [ process-id-ospf ] } [ cost cost | tag tag | type type | route-policy route-policy-name | route-filter route-filter-name ] ^*

   Routes are imported from another protocol.

4. (Optional) Run default { cost { cost | inherit-metric } | tag tag | type type } ^*

   The default values of parameters (the cost, number of routes, tag, and type) are set for imported routes.

   When OSPF imports external routes, you can set default values for some additional parameters, such as the cost, number of routes to be imported, route tag, and route type. The route tag is used to identify the protocol-related information. For example, it can be used to differentiate AS numbers carried in BGP routes imported by OSPF.

   

   You can run one of the following commands to set the cost of the imported route. The following commands are listed in descending order of priorities.

   • Run the apply cost command to set the cost of a route.
   • Run the import-route command to set the cost of the imported route.
   • Run the default command to set the default cost of the imported route.

5. (Optional) Run any of the following commands as required:
   • Based on the basic ACL:

     1. Run filter-policy { acl-number | acl-name acl-name } export [ direct | static | unr | bgp | { rip | isis | ospf } [ process-id ] ]

        Routes imported using 3 can be advertised only when meeting filtering conditions.

     2. Run quit

        Return to the system view.

     3. Run acl { name basic-acl-name { basic | [ basic ] number basic-acl-number } | [ number ] basic-acl-number } [ match-order { config | auto } ]

        The ACL view is displayed.

     4. Run rule [ rule-id ] [ name rule-name ] { deny | permit } [ fragment-type { fragment | non-fragment | non-subseq | fragment-subseq | fragment-spe-first } | source { source-ip-address { source-wildcard | 0 | src-netmask } | any } | time-range time-name | vpn-instance vpn-instance-name ] ^*

        A rule for the ACL is configured.

        When the rule command is run to configure rules for a named ACL, only the source address range specified by source and the time period specified by time-range are valid as the rules.

        When a filtering policy of a routing protocol is used to filter routes:

        • If the action specified in an ACL rule is permit, a route that matches the rule will be received or advertised by the system.

        • If the action specified in an ACL rule is deny, a route that matches the rule will not be received or advertised by the system.

        • If a route has not matched any ACL rules, the route will not be received or advertised by the system.

        • If an ACL does not contain any rules, all routes matching the route-policy that references the ACL will not be received or advertised by the system.

        • In the configuration order, the system first matches a route with a rule that has a smaller number and then matches the route with a rule with a larger number. Routes can be filtered using a blacklist or a whitelist:

          Route filtering using a blacklist: Configure a rule with a smaller number and specify the action deny in this rule to filter out the unwanted routes. Then, configure another rule with a larger number in the same ACL and specify the action permit in this rule to receive or advertise the other routes.

          Route filtering using a whitelist: Configure a rule with a smaller number and specify the action permit in this rule to permit the routes to be received or advertised by the system. Then, configure another rule with a larger number in the same ACL and specify the action deny in this rule to filter out unwanted routes.

     5. Run ospf [ process-id ]

        The OSPF view is displayed.

   • Based on the IP prefix list:

     Run filter-policy ip-prefix ip-prefix-name export [ direct | static | unr | bgp | { rip | isis | ospf } [ process-id ] ]

     Routes imported using 3 can be advertised only when meeting filtering conditions.

   OSPF filters the imported routes. OSPF uses Type 5 LSAs to carry routes that meet the filtering conditions and advertises these Type 5 LSAs.

   You can specify the parameter protocol [ process-id ] to filter the routes of a certain routing protocol or a certain OSPF process. If protocol [ process-id ] is not specified, OSPF filters all imported routes.

   The import-route command cannot be used to import the default route from another AS.

6. Run import-route limit limit-number [ threshold-alarm { upper-limit upper-limit-value | lower-limit lower-limit-value } ^* ]

   The maximum number of LSAs generated when an OSPF process imports external routes is set.

   If OSPF imports a large number of external routes and advertises them to a device with a smaller routing table capacity, the device may restart unexpectedly. To address this problem, run the import-route limit command to configure a limit on the number of LSAs generated when an OSPF process imports external routes. Check the overload status based on the value of the Current status field in the display ospf brief command output.

   • Normal: The number of LSAs generated when an OSPF process imports external routes is less than or equal to the lower alarm threshold (in percentage) multiplied by the maximum number allowed.
   • Approach limit: The number of LSAs generated when an OSPF process imports external routes is approaching (reaching or exceeding 90% of) the upper alarm threshold.
   • Exceed limit: The number of LSAs generated when an OSPF process imports external routes has reached or exceeded the maximum number allowed.

   Ensure that upper-limit-value is greater than or equal to lower-limit-value.

7. Run commit

   The configuration is committed.