Skip navigation
Login   |   Register
Cisco Learning Home > Certifications > Routing & Switching (CCNP) > Discussions

_Communities

1916 Views 6 Replies Latest reply: Oct 11, 2014 10:07 PM by Brian RSS

Currently Being Moderated

OSPF ASBR "distribute-list route-map" redistribution don't work

Jan 12, 2012 3:40 AM

Brendan 142 posts since
Feb 17, 2011

Getting this error:

 

R2(config-router)#distribute-list route-map MAP1 out rip

% OUT direction is not allowed in case of OSPF

 

 

Doing simple test on ASBR. Redistributing RIP into OSPF:

 

router ospf 1

log-adjacency-changes

redistribute rip subnets

network 192.168.2.0 0.0.0.255 area 0

distribute-list 1 out rip

router rip

version 2

network 192.168.1.0

no auto-summary

 

 

access-list 1 permit 10.10.10.0 0.0.0.255

!

route-map MAP1 permit 10

match ip address 1

 

 

First, I tried this command to filter redistributed routes:


R2(config-router)# distribute-list 1 out rip

R2(config-router)#


Using distribute-list with either access-lists or prefix-lists to filter routes works fine.

 

However, if I use route-map, it gives the error.

 

R2(config-router)#distribute-list route-map MAP1 out rip

% OUT direction is not allowed in case of OSPF

 

 

These are the choices:

 

R2(config-router)#distribute-list ?

  <1-199>      IP access list number

  <1300-2699>  IP expanded access list number

  WORD         Access-list name

  gateway      Filtering incoming updates based on gateway

  prefix       Filter prefixes in routing updates

  route-map    Filter prefixes based on the route-map

 

 

So, why can't I use route-map, when access/prefix lists work fine? I've been googling, and I see OSPF only allows "distribute-list out" on ASBR. This is an ASBR.

 

R2#sh ip proto | incl auto

  It is an autonomous system boundary router

 

I'm just curious why "distribute-list out" doesn't work with route-map for redistribution. Again, using access-list or prefix-list works fine with "distribute-list out" to filter redistributed routes. Testing on EIGRP shows using distribute-list route-map works fine.

 

 

Thanks!

  • Mike Gannon 558 posts since
    Jul 1, 2008

    I found this problem too:

    From testing it out on GNS with different IOS/models it appears you can only filter inbound updates in OSPF, where as EIGRP you can filter in or out.

     

    I imagine Cisco have maintained the syntax incase they want to change the options or just to make it easier to remember the configuration.

     

    You can set the distribute list up on the remote router as an inbound list and have the same effect

     

    Mike

    Join this discussion now: Login / Register
  • normbeef 78 posts since
    Jun 4, 2009

    I believe that the reason OSPF "out" distribution lists are not required is that the LSA for a route itself cannot be suppressed (or filtered) by the outgoing distribution list. 

     

    Thus the filtering of OSPF routes should be done from an Inbound filter just before the route gets into the routing table.

     

    i.e.  EIGRP / RIP are classed as distance vector so they do not have a LSA database as such, thus they can be filtered outbound.

    Join this discussion now: Login / Register
  • Vijay Swaminathan 491 posts since
    Aug 29, 2008

    Thanks Brendan for bringing this up..

     

    I guess the problem is something else. May be experts might comment more on this.

     

    Was curious to lab this up and noticed few strange behaviors.

     

    R1-------------------R2 ----------------- R3

     

    R1 has three loopbacks L1, L2 and L3 with ip's 1.1.1.1, 1.1.1.2,1.1.1.3

     

    runing RIP b/w R1 and R2 and OSPF b/w R2 and R3.

     

    the configuration at R2 is:

     

    REDISTROUTEr(config-router)#do sh run | s router ospf|ip prefix|route-map

    router ospf 1

    router-id 1.1.1.1

    log-adjacency-changes

    redistribute rip subnets

    ip prefix-list L1 seq 10 permit 1.1.1.1/32

    route-map Loopback1 permit 10

    match ip address prefix-list L1

     

    Question 1:

     

    When "distribute-list prefix L1 out rip"  is applied under the ospf routing process, then the filter is actually applied to the rip subnets received (similar to inbound filter) not sure why it is behaving this way.

     

    Before applying the distribute-list

     

    REDISTROUTEr(config-router)#do sh ip ospf dat | b Type-5

                    Type-5 AS External Link States

     

     

    Link ID         ADV Router      Age         Seq#       Checksum Tag

    1.1.1.1         1.1.1.1         675         0x80000002 0x0099FD 0

    1.1.1.2         1.1.1.1         618         0x80000001 0x009106 0

    1.1.1.3         1.1.1.1         618         0x80000001 0x00870F 0

    10.10.123.0     1.1.1.1         618         0x80000001 0x006EA1 0

    REDISTROUTEr(config-router)#

     

    After applying the distribute-list command:

     

    REDISTROUTEr(config-router)#do sh ip ospf dat | b Type-5

                    Type-5 AS External Link States

     

     

    Link ID         ADV Router      Age         Seq#       Checksum Tag

    1.1.1.1         1.1.1.1         721         0x80000002 0x0099FD 0

    REDISTROUTEr(config-router)#

     

    but when the same is applied through route-map, it does not work and the error is shown as % OUT direction is not allowed in case of OSPF

     

    Question 2:  Why is this not allowed?

     

    I understand that routers in the same area should have identical database. so we cannot apply filter within area in the outbound direction . but I guess still the filter can be applied in the inbound direction while receiving route from rip.. even that does not seem to work.

     

    REDISTROUTEr(config-router)#do sh run | s router ospf|ip prefix|route-map

    router ospf 1

    router-id 1.1.1.1

    log-adjacency-changes

    redistribute rip subnets

    distribute-list route-map Loopback1 in

    ip prefix-list L1 seq 10 permit 1.1.1.1/32

    route-map Loopback1 permit 10

    match ip address prefix-list L1

     

    The above configuration does not seem to fiter the inbound routes from rip.

     

    Any comments from the experts?

     

    -Vijay

     

    Message was edited by: Vijay Swaminathan

    Join this discussion now: Login / Register
  • Brian 10 posts since
    Apr 11, 2012

    So in OSPF we have found that we cannot combine a distribute-list with a route-map or gateway in the out direction.

     

    However, we can combine a distribute-list with a prefix-list or access-list in the out direction.

     

    So, for example, you can do this on an ASBR:

     

    router ospf 1

      distribute-list FILTER out

     

    ip access-list standard FILTER

      permit 1.1.1.0 0.0.0.255

      permit 2.2.2.0 0.0.0.255

      deny any

     

    This will allow only route 1.1.1.0/24 and 2.2.2.0/24 to be added to the OSPF topology database.  All other redistributed routes will be suppressed.

     

    So why can you combine a route-map on a distribute-list on the in direction, but not in the out direction?  That I do not know.

    Join this discussion now: Login / Register

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)