Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4221
Views
3
Helpful
34
Replies

OSPF Redistribution route-map with prefix-list not working after upgr

heinrichsra
Level 1
Level 1

‎12-29-2023 06:36 AM

Dear Cisco DevOps for OSPF on ASA,

why has the configuration of prefix-lists been removed from OSPF v3/OSPFv4 when your DevOps colleagues for BGP, IS-IS and EIGRP continue to implement prefix-list?

Furthermore, without prefix-list it is no longer possible to use "less specific" routes as a backup path.
According to the workaround in CSCwi31091, how should it be possible to filter a "less-specific" route via ACL?
Example:
route outside 10.246.2.0 255.255.255.0 [BackupPath-NextHop] 15 <=== DO NOT redistribute
route outside 10.246.2.0 255.255.255.128 [PrimaryPath-NextHop] 10 <= Prefix for redistribution
route outside 10.246.2.128 255.255.255.128 [PrimaryPath-NextHop] 10 <= Prefix for redistribution

Kind regards
Ralf

1 person had this problem
Labels:
0 Helpful
34 Replies 34

heinrichsra
Level 1
Level 1

‎01-05-2024 04:34 AM - edited ‎01-05-2024 04:38 AM

I cannot explain it right now why the redistribution works when using the prior prefix-list inside a policy-list under a route-map.

 

/* info from ASA running 9.16(4)42 about the options inside a route-map leads to "policy-list"
route-map Redistribute_VPN_OSPF permit 10
  match ?

route-map mode commands/options:
  as-path      Match BGP AS path list
  community    Match BGP community list
  interface    Match first hop interface of route
  ip           IP specific information
  ipv6         IPv6 specific information
  metric       Match metric of route
  policy-list  Match IP policy list
  route-type   Match route-type of route
  tag          Match tag of route
*/
route outside 10.247.1.0 255.255.255.0 [PrimaryPath-NextHop] 10		<= prefix for redistribution
route outside 10.247.2.0 255.255.255.0 [BackupPath-NextHop] 15		<=== DO NOT redistribute
route outside 10.247.2.0 255.255.255.128 [PrimaryPath-NextHop] 10	<= prefix for redistribution
route outside 10.247.2.128 255.255.255.128 [PrimaryPath-NextHop] 10	<= prefix for redistribution
!
prefix-list Redistribute_STATIC_OSPF seq 10  permit 10.247.1.0/24
prefix-list Redistribute_STATIC_OSPF seq 100 permit 10.247.2.0/25
prefix-list Redistribute_STATIC_OSPF seq 110 permit 10.247.2.128/25
!
policy-list Redistribute_STATIC_OSPF permit
 match ip address prefix-list Redistribute_STATIC_OSPF
!
route-map Redistribute_STATIC_OSPF permit 10
 match policy-list Redistribute_STATIC_OSPF
!
router ospf 1
 router-id 10.255.255.2
 redistribute static metric 30 metric-type 1 subnets tag 7 route-map Redistribute_STATIC_OSPF

! From OSPF router-id 10.255.255.2
		Type-5 AS External Link States
              
Link ID         ADV Router      Age         Seq#       Checksum Tag
0.0.0.0         10.255.255.2    1952        0x80003d68 0x2554 1
10.247.1.0      10.255.255.2    163         0x80000001 0xb34d 7
10.247.2.0      10.255.255.2    163         0x80000001 0xabd3 7
10.247.2.128    10.255.255.2    163         0x80000001 0xa658 7

! From OSPF router-id 10.255.255.1 (OSPF neighbor of OSPF router-id 10.255.255.2
O E1     10.247.1.0 255.255.255.0 [110/90] via ...			<=== Good
O E1     10.247.2.0 255.255.255.128 [110/90] via ...			<=== Good
O E1     10.247.2.128 255.255.255.128 [110/90] via ...			<=== Good

Routing entry for 10.247.2.0 255.255.255.128
  Known via "ospf 1", distance 110, metric 90
  Tag 7, type extern 1
  Last update from 198.18.255.18 on ec2, 0:25:08 ago
  Routing Descriptor Blocks:
  * 198.18.255.18, from 10.255.255.2, 0:25:08 ago, via ec2
      Route metric is 90, traffic share count is 1
      Route tag 7

 

Need help to understand the following: Why is prefix-list inside a policy-list under a policy-map working but it is unsupported to use the prefix-list directly under the policy-map?
Will this policy-list as a "(wo)man in the middle" be a proper solution or has a policy-list any negative impact inside OSPF?

0 Helpful

MHM Cisco World
VIP
VIP
In response to heinrichsra

‎01-05-2024 08:24 AM

  • Do not use route maps containing match policy lists for policy based routing. The match policy-list is only used for BGP.

from cisco doc 
MHM

0 Helpful

heinrichsra
Level 1
Level 1
In response to MHM Cisco World

‎01-07-2024 10:16 PM

As policy-list is only "supported" for BGP and PBR we still have no solution, regardless the fact that the config is working with OSPF.
Any other solution available?

0 Helpful

heinrichsra
Level 1
Level 1
In response to heinrichsra

‎01-14-2024 11:00 PM

Any news finding a proper as well supported solution for filtering prefixes without the ASA command "prefix-list" as matching criteria inside a route-map?

0 Helpful

heinrichsra
Level 1
Level 1

‎01-25-2024 11:00 PM

Dear Cisco DevOps for OSPF on ASA,

unfortunately, there is still no proper as well supported solution for filtering prefixes without the ASA command "prefix-list" as matching criteria inside a route-map for OSPF.
From my point of view there is no and will never be a proper as well supported solution - except the reimplementation and supporting of the prefix-list for OSPF as it already supported for BGP, IS-IS, EIGRP and RIP.

Any plans from the BA/DevOps to reimplement as well to support prefix-list in OSPF?

Kind regrads
Ralf

0 Helpful
Customers Also Viewed These Support Documents