Redistribution

please check the attached topology, i want to deny the 1.1.1.1/32 network going thro ospf domian now the goal is to use distribution-list.

 

first i create Acl with deny statement of 1.1.1.1/32 then permit any, then under eigrp i applied the distribution-list out to ospf1.

On R2#conf t
router eigrp 100
distribution-list ACL out ospf 1.

 

here router 2 only doing mutual redistribution, so R2 have the eigrp network coming from R1 (1.1.1.1/32) and its entring to OSPF doming using redistribution, but the denied routes are still appering on R3.

image

Comments

  • I don't think that you can block the external route 1.1.1.1 since It will go to the OSPF database when you are redistributing. My advice is to use a route-map in the redistribution so that you deny the 1.1.1.1 from entering into the OSPF.

    Router2
    router ospf
    redistribute eigrp subnets route-map DENY_R1Lo 

  • i must use distribute-list the question not allow to use route-map

  • Greetings Feroz, like nersasmarin said, more usual to use route map

    Since goal is to use distribute list, use under ospf process:

    router ospf 1

    redistriribute eigrp 100 subnets

    distribute-list 1 out eigrp 100

    Filters routes between global route table and ospf process. cheers

  • why it working under eigrp process, the route generating in eigrp then it go to ospf via redistribution , if we apply under ospf with OUT statement eigrp 100 means we deny 1.1.1. prefix on eigrp

     

    But in lab i try this already it works, please explain why it not works under eigrp process

  • Hello Feroz, I just simulate your lab and I found a nice solution.
    Like I told you before, you cannot avoid from redistribution to install the route in the database, but you can stop it form get into the RIB.
    I just config the distribute-list on R3 IN and It stop the route from go to the RIB although It's in the database.

    router ospf 1

     log-adjacency-changes

     distribute-list 1 in FastEthernet0/0 

    R3#show ip route

         3.0.0.0/32 is subnetted, 1 subnets

    C       3.3.3.3 is directly connected, Loopback0

         23.0.0.0/24 is subnetted, 1 subnets

    C       23.0.0.0 is directly connected, FastEthernet0/0

         12.0.0.0/24 is subnetted, 1 subnets

    O E2    12.0.0.0 [110/20] via 23.0.0.2, 00:00:14, FastEthernet0/0

     

    R3#show ip ospf data

                OSPF Router with ID (3.3.3.3) (Process ID 1)

    Router Link States (Area 0)

    Link ID         ADV Router      Age         Seq#       Checksum Link count

    3.3.3.3         3.3.3.3         260         0x80000002 0x000AB6 2

    23.0.0.2        23.0.0.2        99          0x80000003 0x00447D 1

    Net Link States (Area 0)

    Link ID         ADV Router      Age         Seq#       Checksum

    23.0.0.2        23.0.0.2        266         0x80000001 0x00CF13

    Type-5 AS External Link States

    Link ID         ADV Router      Age         Seq#       Checksum Tag

    1.1.1.0         23.0.0.2        99          0x80000001 0x00E79C 0

    12.0.0.0        23.0.0.2        99          0x80000001 0x006F0C 0

  • Greetings Feroz and good question.

    My model of how it works:  each process is making calls to route table when it involves redistribution.  redistribute eigrp under ospf instructs ospf process to request eigrp routes.  It interacts with RT process as seen by "debug ip routing" which manages global route table.  The distribute list acts as a filter with this route exchange.  The ospf calls pass through the "distribute list out eigrp" filter before RT passes prefixes to OSPF.  Route table structure keeps track of which processes are interested in which routes.  After redistribution, do a "show ip route <prefix>" and you should see that redistributed prefixes being "Advertised by ospf".  That info is from route table.

    Placing "distribute-list out ospf" under router eigrp has the mirror effect; eigrp will not call for ospf routes that are denied by distribute-list out ospf.

    Please understand that I am not an expert, but the above is my understanding.

  • Understood now. Thanks both of you explained well :)

Sign In or Register to comment.