OSPF filtering with route-maps - anyone get it working filtering on route-source?

I spent ages on this - tried to get it working using a route-map that matched routes advertised by R4 using the route-source in the route-map, but no joy whatsoever. Anyone else have any success using this method?

I know this doesn't fulfil the task correctly btw, but it should work no?

ip prefix-list r4 seq 5 permit 150.1.4.4/32

 

route-map 146 deny 10

 match ip route-source prefix-list r4

!

route-map 146 permit 20

 

router ospf 1

distribute-list route-map 146 in

Comments

  • Hi,

    Try it using access-list and not prefix-list. Here's an example of it : 

    R5#sh ip rou 155.1.146.0

    Routing entry for 155.1.146.0/24

      Known via "ospf 1", distance 110, metric 1010, type inter area

      Last update from 155.1.0.1 on Tunnel0, 00:02:24 ago

      Routing Descriptor Blocks:

      * 155.1.0.4, from 150.1.4.4, 00:02:24 ago, via Tunnel0

          Route metric is 1010, traffic share count is 1

        155.1.0.1, from 150.1.1.1, 00:02:24 ago, via Tunnel0

          Route metric is 1010, traffic share count is 1

    R5#sh run | s access-list|route-map

    route-map RMAP_DENY_FROM_R4 deny 10

     match ip route-source 1

    route-map RMAP_DENY_FROM_R4 permit 20

    access-list 1 permit 150.1.4.4

     

    ----------

    R5(config)#router ospf 1

    R5(config-router)#distribute-list route-map RMAP_DENY_FROM_R4 in   

    R5(config-router)#end

     

    R5#sh ip rou 155.1.146.0           

    Routing entry for 155.1.146.0/24

      Known via "ospf 1", distance 110, metric 1010, type inter area

      Last update from 155.1.0.1 on Tunnel0, 00:00:05 ago

      Routing Descriptor Blocks:

      * 155.1.0.1, from 150.1.1.1, 00:00:05 ago, via Tunnel0

          Route metric is 1010, traffic share count is 1

     

    Hope it helps.

  • Have an entry that matches all  other routes in the traffic. 

    I feel there is nothing wrong in the prefix list. 

    R4's loopback is filtered in the routing table.

    But remember, all other routers  in the area and other areas( If you have not used LSA filter) will still have this routes as they base their calculations on LSA's.

  • Thanks for your reply. From now on I guess I'll try using an ACL if the prefix list doesn't work. I thought because using a prefix-list was an option in the parser, it should be possible to make it work using that.

     

    Cheers [H]

  • Hi,

    I can't get this task to work. I tried all possible combinations of access-lists, ext. access-lists and prefix-lists. Also, the sample solution in the workbook does not work for me.

    Has anyone been able to complete this task? I'm using the following software release:

    Cisco IOS Software, CSR1000V Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.4(2)S1, RELEASE SOFTWARE (fc4)

    Cheers,
    Florian

  • try re-enter distribute-list route-map X after making changes.

  • I always re-applied the route-map after making changes to it

  • My environment didn't work with prefix-list too.

    Access list worked.

  • Not understand why 155.1.146.0/24 stop being installed in R5 routing table with int g1.45 enabled. Because the acl only matched 150.1.4.4/32, I thought the LSA from R1 should be allowed. But the result is 155.1.146.0/24 with next hop R1 was not installed.

     

    route-map 1 deny 10

    match ip route-source 1

    route-map 1 per 20

    access-l 1 per host 150.1.4.4

    router os 1

    distr route-map 1 in


    After shut down g1.45, 155.1.146.0/24 with NH R1 was in the routing table.


    Any thoughts?
  •  

    Hi All,

    OSPF only offers its best path to the RIB.  With old code, OSPF would offer its second best route whenever the first one was rejected.

    RandyB

    Edit Note:  will reconfirm; above my recollection

    10.20.78.0/24 has two paths in OSPF route table (and two paths in RIB)

    Cost is adjusted on one interface such that OSPF has but a single path in its OSPF route table.

    A distribute list route map is created to filter out that path from going to the global RIB.

    OSPF route table is unaffected.  It doesn't calculate a second best route.

    Here with trace:

    R6#show ip ospf route

     

                OSPF Router with ID (10.1.1.6) (Process ID 1)

     

     

                    Base Topology (MTID 0)

     

     

        Area BACKBONE(0)

     

        Intra-area Route List

    *   10.20.12.0/24, Intra, cost 10, area 0, Connected

          via 10.20.12.6, Ethernet0/2

    *   10.20.69.0/24, Intra, cost 10, area 0, Connected

          via 10.20.69.6, Ethernet0/1

    *   10.20.68.0/24, Intra, cost 10, area 0, Connected

          via 10.20.68.6, Ethernet0/0

    *>  10.20.78.0/24, Intra, cost 20, area 0   <<<<<

          via 10.20.68.8, Ethernet0/0

          via 10.20.12.7, Ethernet0/2

     

    R6(config)#int Ethernet0/2

    R6(config-if)#ip ospf cost 11

    R6(config-if)#end

    R6#

    R6#show ip ospf route

     

                OSPF Router with ID (10.1.1.6) (Process ID 1)

     

     

                    Base Topology (MTID 0)

     

     

        Area BACKBONE(0)

     

        Intra-area Route List

    *   10.20.69.0/24, Intra, cost 10, area 0, Connected

          via 10.20.69.6, Ethernet0/1

    *   10.20.68.0/24, Intra, cost 10, area 0, Connected

          via 10.20.68.6, Ethernet0/0

    *   10.20.12.0/24, Intra, cost 11, area 0, Connected

          via 10.20.12.6, Ethernet0/2

    *>  10.20.78.0/24, Intra, cost 20, area 0    <<<<<<<<<<

          via 10.20.68.8, Ethernet0/0

    *>  10.20.79.0/24, Intra, cost 20, area 0

          via 10.20.69.9, Ethernet0/1

     

     

    R6(config)#do show ip route 10.20.78.0

    Routing entry for 10.20.78.0/24

      Known via "ospf 1", distance 110, metric 20, type intra area

      Last update from 10.20.68.8 on Ethernet0/0, 00:11:22 ago

      Routing Descriptor Blocks:

      * 10.20.68.8, from 10.1.1.8, 00:11:22 ago, via Ethernet0/0

          Route metric is 20, traffic share count is 1

    R6(config)#

     

    access-list 1 permit host 10.1.1.8

     

    route-map ospfDLRM deny 10

     match ip route-source 1

    route-map ospfDLRM permit 20

    router ospf 1

    distribute-list route-map ospfDLRM in

     

     

    R6#show ip ospf route

     

                OSPF Router with ID (10.1.1.6) (Process ID 1)

     

     

                    Base Topology (MTID 0)

     

     

        Area BACKBONE(0)

     

        Intra-area Route List

    *   10.20.69.0/24, Intra, cost 10, area 0, Connected

          via 10.20.69.6, Ethernet0/1

    *   10.20.68.0/24, Intra, cost 10, area 0, Connected

          via 10.20.68.6, Ethernet0/0

    *   10.20.12.0/24, Intra, cost 11, area 0, Connected

          via 10.20.12.6, Ethernet0/2

    *   10.20.78.0/24, Intra, cost 20, area 0

          via 10.20.68.8, Ethernet0/0

    *   10.20.79.0/24, Intra, cost 20, area 0

          via 10.20.69.9, Ethernet0/1

     

     

    R6#show ip route 10.20.78.0

    % Subnet not in table

    R6#

  • Hi ciprian!

    Are you able to explain to us the "Why" behind the parser only accepting the ACL and not the Prefix list option?  I too was stuck attempting to use the prefix-list and then tried using an ACL for "s and g's" and it worked. I still don't understand WHY it worked though. 

    Thanks!

Sign In or Register to comment.