NXOS - redistribute direct routes, but only from interface Loopback0, into isis

ulf-sp · ‎04-05-2017

Hi,

with IOS the configuration looks like this:

router isis 1
 advertise passive-only
 passive-interface Loopback0

interface Loopback0
 ip address 10.15.144.32 255.255.255.255

with this configuration is very clean and easy to get only the Loopbacks into isis - as I said with IOS.

Now I need to migrate this configuration into NXOS. There is a configuration option isis passive (passive-interface) but it does the complete oposite what I want to achieve:

"Prevents the interface from forming adjacencies but still advertises the prefix associated with the interface."

- I will have all my transfer networks in isis and it will prevent to form an isis adjacency.

I have tried several different ways with isis passive (passive-interface) for example:

router isis 1
 passive-interface default level-2

interface port-channel1
 ip address 10.15.144.140/31
 ip router isis 1
 isis metric 1 level-2
 isis network point-to-point

interface Loopback0
 ip address 10.15.144.32 255.255.255.255
 no isis passive-interface level-2

I was not able to only get the Loopback (10.15.144.32/32) into isis. If there is a way without using route-map/prefix list I would like to know how.

I was also not able to solve my problem using route-map and prefix lists - here are some relevant show commands:

# sh ip route
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

10.15.144.32/32, ubest/mbest: 2/0, attached
 *via 10.15.144.32, Lo0, [0/0], 06:11:55, local
 *via 10.15.144.32, Lo0, [0/0], 06:11:55, direct
10.15.144.140/31, ubest/mbest: 1/0, attached
 *via 10.15.144.140, Po1, [0/0], 06:05:35, direct
10.15.144.140/32, ubest/mbest: 1/0, attached
 *via 10.15.144.140, Po1, [0/0], 06:05:35, local

# sh isis route
IS-IS process: 1 VRF: default
IS-IS IPv4 routing table

10.15.144.140/31, L2, direct
 *via port-channel1, metric 1, L2, direct

# sh route isis
route-map ISIS-DIRECT-ALLOW, permit, sequence 10 
 Match clauses:
 ip address prefix-lists: ISIS-DIRECT-ALLOW-LOOPBACK 
 Set clauses:
route-map ISIS-DIRECT-ALLOW, permit, sequence 20 
 Match clauses:
 ip address prefix-lists: DENY-ALL 
 Set clauses:

# sh isis redistribute route
IS-IS process: 1 VRF: default
IS-IS IPv4 redistribute route

10.15.144.32/32, direct, 
 Redistributed into L2, metric 10

# sh isis route-map statistics redistribute direct 
IS-IS process: 1
VRF: default
C: No. of comparisions, M: No. of matches

route-map ISIS-DIRECT-ALLOW permit 10
 match ip address prefix-list ISIS-DIRECT-ALLOW-LOOPBACK C: 3 M: 1 
route-map ISIS-DIRECT-ALLOW permit 20
 match ip address prefix-list DENY-ALL C: 2 M: 2 

Total accept count for policy: 1 
Total reject count for policy: 2

Here is the relevant configuration:

router isis 1
 redistribute direct route-map ISIS-DIRECT-ALLOW

route-map ISIS-DIRECT-ALLOW permit 10
 match ip address prefix-list ISIS-DIRECT-ALLOW-LOOPBACK 
route-map ISIS-DIRECT-ALLOW permit 20
 match ip address prefix-list DENY-ALL 

ip prefix-list ISIS-DIRECT-ALLOW-LOOPBACK seq 10 permit 10.15.144.32/32
ip prefix-list DENY-ALL seq 10 deny 0.0.0.0/0 le 32

interface port-channel1
 ip address 10.15.144.140/31
 ip router isis 1
 isis metric 1 level-2
 isis network point-to-point

interface Loopback0
 ip address 10.15.144.32 255.255.255.255

On all other connected isis routers I still see the Prefix from Port-Channel1 (10.15.144.140/31) in my isis and also routing table.

For me this looks like a bug, but I also tried with different NXOS versions and got the same results that's why I hope to find some helpful hints here.

thank you.

regards,

ulf