6 Replies Latest reply: Oct 11, 2014 10:07 PM by Brian RSS

    OSPF ASBR "distribute-list route-map" redistribution don't work

    Brendan

      Getting this error:

       

      R2(config-router)#distribute-list route-map MAP1 out rip

      % OUT direction is not allowed in case of OSPF

       

       

      Doing simple test on ASBR. Redistributing RIP into OSPF:

       

      router ospf 1

      log-adjacency-changes

      redistribute rip subnets

      network 192.168.2.0 0.0.0.255 area 0

      distribute-list 1 out rip

      router rip

      version 2

      network 192.168.1.0

      no auto-summary

       

       

      access-list 1 permit 10.10.10.0 0.0.0.255

      !

      route-map MAP1 permit 10

      match ip address 1

       

       

      First, I tried this command to filter redistributed routes:


      R2(config-router)# distribute-list 1 out rip

      R2(config-router)#


      Using distribute-list with either access-lists or prefix-lists to filter routes works fine.

       

      However, if I use route-map, it gives the error.

       

      R2(config-router)#distribute-list route-map MAP1 out rip

      % OUT direction is not allowed in case of OSPF

       

       

      These are the choices:

       

      R2(config-router)#distribute-list ?

        <1-199>      IP access list number

        <1300-2699>  IP expanded access list number

        WORD         Access-list name

        gateway      Filtering incoming updates based on gateway

        prefix       Filter prefixes in routing updates

        route-map    Filter prefixes based on the route-map

       

       

      So, why can't I use route-map, when access/prefix lists work fine? I've been googling, and I see OSPF only allows "distribute-list out" on ASBR. This is an ASBR.

       

      R2#sh ip proto | incl auto

        It is an autonomous system boundary router

       

      I'm just curious why "distribute-list out" doesn't work with route-map for redistribution. Again, using access-list or prefix-list works fine with "distribute-list out" to filter redistributed routes. Testing on EIGRP shows using distribute-list route-map works fine.

       

       

      Thanks!

        • 1. Re: OSPF ASBR "distribute-list route-map" redistribution don't work
          Brendan

          I saw this thread with the error, but it doesn't seem to do with redistribution.

           

          https://learningnetwork.cisco.com/message/89493

          • 2. Re: OSPF ASBR "distribute-list route-map" redistribution don't work
            Mike Gannon

            I found this problem too:

            From testing it out on GNS with different IOS/models it appears you can only filter inbound updates in OSPF, where as EIGRP you can filter in or out.

             

            I imagine Cisco have maintained the syntax incase they want to change the options or just to make it easier to remember the configuration.

             

            You can set the distribute list up on the remote router as an inbound list and have the same effect

             

            Mike

            • 3. Re: OSPF ASBR "distribute-list route-map" redistribution don't work
              normbeef

              I believe that the reason OSPF "out" distribution lists are not required is that the LSA for a route itself cannot be suppressed (or filtered) by the outgoing distribution list. 

               

              Thus the filtering of OSPF routes should be done from an Inbound filter just before the route gets into the routing table.

               

              i.e.  EIGRP / RIP are classed as distance vector so they do not have a LSA database as such, thus they can be filtered outbound.

              • 4. Re: OSPF ASBR "distribute-list route-map" redistribution don't work
                Vijay Swaminathan

                Thanks Brendan for bringing this up..

                 

                I guess the problem is something else. May be experts might comment more on this.

                 

                Was curious to lab this up and noticed few strange behaviors.

                 

                R1-------------------R2 ----------------- R3

                 

                R1 has three loopbacks L1, L2 and L3 with ip's 1.1.1.1, 1.1.1.2,1.1.1.3

                 

                runing RIP b/w R1 and R2 and OSPF b/w R2 and R3.

                 

                the configuration at R2 is:

                 

                REDISTROUTEr(config-router)#do sh run | s router ospf|ip prefix|route-map

                router ospf 1

                router-id 1.1.1.1

                log-adjacency-changes

                redistribute rip subnets

                ip prefix-list L1 seq 10 permit 1.1.1.1/32

                route-map Loopback1 permit 10

                match ip address prefix-list L1

                 

                Question 1:

                 

                When "distribute-list prefix L1 out rip"  is applied under the ospf routing process, then the filter is actually applied to the rip subnets received (similar to inbound filter) not sure why it is behaving this way.

                 

                Before applying the distribute-list

                 

                REDISTROUTEr(config-router)#do sh ip ospf dat | b Type-5

                                Type-5 AS External Link States

                 

                 

                Link ID         ADV Router      Age         Seq#       Checksum Tag

                1.1.1.1         1.1.1.1         675         0x80000002 0x0099FD 0

                1.1.1.2         1.1.1.1         618         0x80000001 0x009106 0

                1.1.1.3         1.1.1.1         618         0x80000001 0x00870F 0

                10.10.123.0     1.1.1.1         618         0x80000001 0x006EA1 0

                REDISTROUTEr(config-router)#

                 

                After applying the distribute-list command:

                 

                REDISTROUTEr(config-router)#do sh ip ospf dat | b Type-5

                                Type-5 AS External Link States

                 

                 

                Link ID         ADV Router      Age         Seq#       Checksum Tag

                1.1.1.1         1.1.1.1         721         0x80000002 0x0099FD 0

                REDISTROUTEr(config-router)#

                 

                but when the same is applied through route-map, it does not work and the error is shown as % OUT direction is not allowed in case of OSPF

                 

                Question 2:  Why is this not allowed?

                 

                I understand that routers in the same area should have identical database. so we cannot apply filter within area in the outbound direction . but I guess still the filter can be applied in the inbound direction while receiving route from rip.. even that does not seem to work.

                 

                REDISTROUTEr(config-router)#do sh run | s router ospf|ip prefix|route-map

                router ospf 1

                router-id 1.1.1.1

                log-adjacency-changes

                redistribute rip subnets

                distribute-list route-map Loopback1 in

                ip prefix-list L1 seq 10 permit 1.1.1.1/32

                route-map Loopback1 permit 10

                match ip address prefix-list L1

                 

                The above configuration does not seem to fiter the inbound routes from rip.

                 

                Any comments from the experts?

                 

                -Vijay

                 

                Message was edited by: Vijay Swaminathan

                • 5. Re: OSPF ASBR "distribute-list route-map" redistribution don't work
                  Brendan

                  Hi Vijay, "distribute-list in" does not filter redistributed routes. Notice you cannot specify a routing protocol. Of course, as Mike suggested, you can put this on an internal router and filter incoming external routes, which is fine. Here, I'm just testing on ASBR.

                   

                  The "distribute-list out" command has 2 different uses. It can filter outbound routes under the same routing protocol, or, if specifying a routing protocol, filter routes coming from that routing protocol. So, "distribute-list 99 out rip" means filter routes redistributed from RIP using ACL 99. The "out" part for redistribution is a little confusing. Cisco books and docs explain this okay, but you have to be careful of the context. It's like 2 different commands in one.

                   

                  So again, I'm just wondering why, for redistribution, in OSPF, "distribute-list out" works fine with ACL or Prefix List, but not with Route Map, which simply refers to ACL. Under EIGRP, there is no problem.

                  • 6. Re: OSPF ASBR "distribute-list route-map" redistribution don't work
                    Brian

                    So in OSPF we have found that we cannot combine a distribute-list with a route-map or gateway in the out direction.

                     

                    However, we can combine a distribute-list with a prefix-list or access-list in the out direction.

                     

                    So, for example, you can do this on an ASBR:

                     

                    router ospf 1

                      distribute-list FILTER out

                     

                    ip access-list standard FILTER

                      permit 1.1.1.0 0.0.0.255

                      permit 2.2.2.0 0.0.0.255

                      deny any

                     

                    This will allow only route 1.1.1.0/24 and 2.2.2.0/24 to be added to the OSPF topology database.  All other redistributed routes will be suppressed.

                     

                    So why can you combine a route-map on a distribute-list on the in direction, but not in the out direction?  That I do not know.