Re: Filter OSPF redistribution towards specific neighbour.

zenta2000 · ‎11-19-2004

Hi ...

I have to deny redistribution of specific routes , learned by OSPF , towards specific neighbour.

Example:

(A) --- (X) --- (Y) --- B

X and Y receiving routes , learned by OSPF , from A and B.

X and Y can share these routes between themselfs.

But , A should not get routes redistributed by B from X , and B should not get route redistributed by A from X.

X and Y can redistribute all other routes to A and B, but not routes got from them.

How can I do that ?

Thanx.

Richard Burts · ‎11-19-2004

I do not understand your questions clearly, especially where you talk about routes being redistributed. I wonder if you really mean just routes being advertised, or do you really mean redistributed routes?

There is not a good way within OSPF to filter routes to a neighbor based on where they were learned. But I can think of a couple of ways that you might get it to work. They would involve the concept of having two OSPF processes on X and Y and controlling redistribution. On router X configure two OSPF processes where process 1 runs the interface connecting to A and learns routes from A. Process 2 runs the interface to Y and learns routes from Y. Router X would redistribute from process 1 into 2 so that it can advertise routes from A to Y. Router X would redistribute from process 2 into 1 with a filter to prevent routes from B being redistributed. One possibility is to redistribute only internal routes (the routes from B would be external routes and thus would be filtered). Or the other possibility is to configure a filter which denies the routes from B (assuming that you know what the routes are).

Similarly you would run two processes on Y. Process 1 would run the inteface conneting to B and learn routes from B. Process 2 would run the interface connecting to X and would learn routes from X. Router Y would redistribute process 1 into 2 so that it could advertise B routes to X. Router Y would redistribute process 2 to 1 with some filter. It could control redistribution to redistribute only internal routes

Another alternative is possible if there are two interfaces connecting X and Y (parallel links). Say for example serial 0 and serial 1. In this case Router X runs OSPF process 1 on the interface to A and on serial 0. So Router X will learn routes from A and advertise them to Y on serial 0. Router X configures a second OSPF process to run on serial 1. Router Y configures OSPF process 2 to run on the interface to B and on serial 1. Router B configures process 1 to run on serial 0. Router Y leans routes from B and advertises them to X on serial 1. Router X and Y do not redistribute between process 1 and 2. Therefore Router X knows the routes from A and from B but will not advertise the routes from B to A because they were learned on process 2 which is not redistributed into process 1.

HTH

Rick

HTH

Rick

zenta2000 · ‎11-19-2004

Hi ,

Thanx for reply.

Yes I thought about multiple OSPF adjacency , but forgot to tell one more thing.

First of all , OSPF routes from A to B through X and Y are advertised (learned automatically by OSPF ) , if this is a right description for that.

Routes redistributed from A and B are identical and couldn't be published by A and B in same time . Only one neighbour will redistribute these routes to X or Y.

Here the all picture of my environment:

.Network (z)

......|

.....PC Z

..../....\

.../......\

..A........B

..|........|

..X--------Y

..|........|

.(x)......(y)

Routers A and B can recognize the state of link from

A to Z and B to Z . Only one link must be active.

If link from A to Z is chosen , B to Z link is set down. In this case , A should redistribute network (z) to router X . X will advertise this route to Y.

So , network (x) and (y) will know how to reach network (z) , in this case (x) is going through X to A and (y) through Y -> X -> A.

Vice versa process will happened when link from A to Z will set down and B to Z up.

This is nice idea to make filter on external and internal routes , but maybe there is another way to filter route advertising to a specific device , due to a fact that the route are exactly the same.

Thanx again .

Zheka.

barneyrygiel · ‎11-19-2004

Hello, I can think of a few ways to accomplish... one would be using distribute-lists that rely on the ACLs. How to do we do it?

1) In router X, create a standard access-list denying the IPs sourcing from A towards B (let's assume you use extended ACL 1). A similar configuration has to be done in router Y, denying sourcing IPs from B to A (let's assume you use extended ACL 2).

NOTE: Ensure that these ACLs have a permit any statement at the end, otherwise you could be blocking more than desired.

2) In global configuration mode, under the router configuration mode, type "distribute-list 1" in router X and "distribute-list 2" in router Y.

Example:

RouterX(config)#access-list 1 deny ip [sourceIP] [wildcard mask]

RouterX(config)#access-list 1 permit ip any

RouterX(config)#router ospf 1

RouterX(config-router)#distribute-list 1

RouterY(config)#access-list 2 deny ip [sourceIP] [wildcard mask]

RouterX(config)#access-list 2 permit ip any

RouterY(config)#router ospf 1

RouterY(config-router)#distribute-list 2

Let me know if this is what you are looking for... thanks,

zenta2000 · ‎11-19-2004

Hi ,

Thanx for reply .

My problem that routes from A and B are exactly the same.

Take a look on my description of issue in this thread of above.

thanx again .

Zheka.