02-03-2010 11:23 AM - edited 03-04-2019 07:23 AM
I want to distribute some static routes to an OSPF neighbor on the same subnet, but only that one neighbor--I have two other neighbor relationships. Is there a way to redistribute static routes to only one neighbor--with a route-map maybe, or another way?
Thanks,
James
02-03-2010 12:20 PM
james.bastnagel wrote:
I want to distribute some static routes to an OSPF neighbor on the same subnet, but only that one neighbor--I have two other neighbor relationships. Is there a way to redistribute static routes to only one neighbor--with a route-map maybe, or another way?
Thanks,
James
James
Yes, you use a route-map to do this ie.
ip route 192.168.5.0 255.255.255.0 172.16.10.1
ip route 192.168.6.0 255.255.255.0 172.16.10.1
ip route 10.5.1.0 255.255.255.0 172.16.10.1
you only want to redistribute the 10.5.1.0/24 route
router ospf 10
redistribute static subnets route-map OSPF
access-list 10 permit 10.5.1.0 0.0.0.255
route-map OSPF permit 10
match ip address 10
Jon
02-03-2010 12:24 PM
Hello Jon,
James would like to advertise the external route to a specific neighbor only.
It is a different matter with a negative answer for link state nature of OSPF
Hope to help
Giuseppe
02-03-2010 12:28 PM
giuslar wrote:
Hello Jon,
James would like to advertise the external route to a specific neighbor only.
It is a different matter with a negative answer for link state nature of OSPF
Hope to help
Giuseppe
Giuseppe
I am a little confused. James's request was can you redistribute static routes to some neigbors and not others. I have just labbed it up and you can indeed do this with a route-map.
Are we talking about the same thing ?
Jon
02-03-2010 12:35 PM
Hello Jon,
let's read again original post:
>> I want to distribute some static routes to an OSPF neighbor on the same subnet, but only that one neighbor--I have two other neighbor relationships. Is there a way to redistribute static routes to only one neighbor--with a route-map maybe, or another way?
my understanding is that James would like to distribute some static routes but only to one neighbor on a LAN segment and not to other OSPF neighbors.
Your test is good in filtering what static routes should be injected in the OSPF domain, but it cannot achieve the desired result to send these external routes only to specific OSPF neighbor and not to others the OSPF LSAs is flooded out in the whole domain.
Only way would be to use a distribute-list to avoid installation of undesired route but it has to be done on the two neighbors that should not install the routes.
But this is not usually considered best practice.
Hope to help
Giuseppe
02-03-2010 12:38 PM
So I could distribute the static routes, but apply a filter of some sort to
my ASA so it doesnt use the routes that are distributed? is that accurate?
On Wed, Feb 3, 2010 at 12:35 PM, giuslar
02-03-2010 12:56 PM
Hello James,
distribute-list can be used in a regular router.
On ASA it should be checked against ASA config reference.
The command is present since ver. 7.2
http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/d2.html#wp1951054
Note: Be aware that the distribution list will not block LSA propagation so the same distribution list should be implemented on ALL devices downstream the ASA or a routing black hole would be formed (this is why it is not best practice : it is not scalable in a big scenario)
this is because the filter acts on the IP routing table and not on the OSPF database
Again, I would try to implement PBR instead if possible.
Hope to help
Giuseppe
02-03-2010 12:41 PM
giuslar wrote:
Hello Jon,
let's read again original post:
>> I want to distribute some static routes to an OSPF neighbor on the same subnet, but only that one neighbor--I have two other neighbor relationships. Is there a way to redistribute static routes to only one neighbor--with a route-map maybe, or another way?
my understanding is that James would like to distribute some static routes but only to one neighbor on a LAN segment and not to other OSPF neighbors.
Your test is good in filtering what static routes should be injected in the OSPF domain, but it cannot achieve the desired result to send these external routes only to specific OSPF neighbor and not to others the OSPF LSAs is flooded out in the whole domain.
Only way would be to use a distribute-list to avoid installation of undesired route but it has to be done on the two neighbors that should not install the routes.
But this is not usually considered best practice.
Hope to help
Giuseppe
Giuseppe
Yep, your'e right of course. Got myself a little confused there i should have read the question more closely.
Jon
02-03-2010 12:37 PM
02-03-2010 12:21 PM
Hello James,
this is not possible:
OSPF external routes cannot be filtered outbound.
It couldn't work even if the other neighors were in a different interface and different IP subnet.
You probably need to consider PBR again but it has to be applied on the neighbor that should have received that redistributed static route.
Hope to help
Giuseppe
02-03-2010 01:18 PM
Yeah, Guisseppe is totally correct. The nature of OSPF is that an LSA is propogated throughout the entire domain. Unfortunaltely, you cannot filter a route to only 1 peer, and the only way to do what you want is a distribute list on every single router that you don't want to see the routes.
There are other methods such as PBR, configuring static routes on the one router, multiple routing protocols that you can use, but it gets rather ugly.
02-03-2010 01:28 PM
I think what I am going to try is adding static routes to the firewall, then
redistribute my selected static routes from the core to the providers
router, then I will use PBR on the core to route my test stations to the
firewall rather then the "old" connection.
When I redistribute my statics, will the core switch appear as the next hop
for those routes, or will it distribute the entire static route including
the next hop? Either way is fine I think, i will have to configure PBR on a
2nd device if it doesnt advertise itself as the next hop though.
Thanks again everyone!!!
02-03-2010 01:38 PM
Hello James,
>>
When I redistribute my statics, will the core switch appear as the next hop
for those routes, or will it distribute the entire static route including
the next hop?
the external LSA data structure will have an advertising router field = ASBR core switch OSPF router id
Hope to help
Giuseppe
02-03-2010 01:42 PM
Giuseppe,
Thank you for the information.
I just want to clarify my understanding though.
Because my core switch is distributing the routes, it will appear as the
next hop for those routes in the neighbors routing table--NOT the next hop
that is actually configured on my core switch. Is that correct?
Thanks again!
On Wed, Feb 3, 2010 at 1:38 PM, giuslar
02-03-2010 01:45 PM
Hello James,
your understanding is correct
Hope to help
Giuseppe
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide