Monday, November 10, 2008

Redistribution filtering with distribute list

This command still gets me because of the "out" keyword but here is it how it works. It might help to remember there is no "in" keyword when you filter from a routing process.

Topology:

R1---OSPF---R2---OSPF---R5---EIGRP---R6---EIGRP---R9

R9 has loopback 9.9.9.9
R2 has loopback 2.2.2.2

We will filter these routes during redistribution but allow all others.

Will start by filtering R9's loopback from EIGRP to OSPF. On R5 we create the prefix-list:

R5(config)#ip prefix-list BLOCK9 deny 9.9.9.9/32
R5(config)#ip prefix-list BLOCK9 permit 0.0.0.0/0 le 32


Then we apply it under the OSPF process. I know it looks weird but just remember there is no "in" direction when you filter this way.

R5(config)#router ospf 1
R5(config-router)#distribute-list prefix BLOCK9 out eigrp 1


Lets' check R2, notice we see R6's loopback but not R9's

R2#show ip route | inc E2
E1 - OSPF external type 1, E2 - OSPF external type 2
O E2 6.6.6.6 [110/20] via 150.100.100.5, 00:00:11, Serial1/0.2
O E2 150.100.69.0/24 [110/20] via 150.100.100.5, 00:07:51, Serial1/0.2
O E2 150.100.56.0/24 [110/20] via 150.100.100.5, 00:07:51, Serial1/0.2


Now let's do the other direction. First Let's check R9's table:

R9#show ip route | inc EX
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
D EX 1.1.1.1 [170/2560514816] via 150.100.69.6, 00:00:06, Serial1/1
D EX 2.2.2.2 [170/2560514816] via 150.100.69.6, 00:00:06, Serial1/1
D EX 4.4.4.4 [170/2560514816] via 150.100.69.6, 00:00:06, Serial1/1
D EX 192.168.100.2 [170/2560514816] via 150.100.69.6, 00:00:06, Serial1/1
D EX 150.100.100.2/32
D EX 150.100.24.0/24 [170/2560514816] via 150.100.69.6, 00:00:06, Serial1/1
D EX 150.100.12.0/24 [170/2560514816] via 150.100.69.6, 00:00:06, Serial1/1


Configure R5. remember this blocks FROM ospf process 1:

R5(config)#ip prefix-list BLOCK2 seq 5 deny 2.2.2.2/32
R5(config)#ip prefix-list BLOCK2 seq 10 permit 0.0.0.0/0 le 32
R5(config)#router eigrp 1
R5(config-router)#distribute-list prefix BLOCK2 out ospf 1


The neighbors will resync:

*Mar 1 00:20:38.571: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor 150.100.56.6 (FastEthernet0/0) is resync: route configuration changed

Now check R9 and R2's loopback has been filtered:

R9#show ip route | inc EX
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
D EX 1.1.1.1 [170/2560514816] via 150.100.69.6, 00:02:11, Serial1/1
D EX 4.4.4.4 [170/2560514816] via 150.100.69.6, 00:02:11, Serial1/1
D EX 192.168.100.2 [170/2560514816] via 150.100.69.6, 00:02:11, Serial1/1
D EX 150.100.100.2/32
D EX 150.100.24.0/24 [170/2560514816] via 150.100.69.6, 00:02:11, Serial1/1
D EX 150.100.12.0/24 [170/2560514816] via 150.100.69.6, 00:02:11, Serial1/1

4 comments:

  1. This is best.. I am back on track.

    ReplyDelete
  2. yeah, it's weird - can't seem to find a cisco doc on it either

    Paul

    ReplyDelete
  3. it like out means out from,not outgoing to

    ReplyDelete

Note: Only a member of this blog may post a comment.