Solved: Redistribution Route-map Explanation

roger perkin · ‎05-31-2011

I have an OSPF to BGP / BGP to OSPF redistribution going on between our network and our MPLS provider.

Basic diagram attached.

I am just a bit confused about the route-maps being used for redistribution.

As I understand it the first line of the route map says do not redistribute this address space (access-l 1)

The second line says you can redistribute 10.10.0.0 & 10.11.0.0 subnets

The third line confuses me as I understand it to say redistribute anything else? Or does this just mean a default route?

router bgp

redistribute ospf 1 route-map SET_MED_20K

route-map SET_MED_20K deny 5
match ip address 1
!
route-map SET_MED_20K permit 10
match ip address prefix-list permit-subnets
set metric 20000
!
route-map SET_MED_20K permit 30
match ip address 2
set metric 20000

access-l 1 permit 1**.59.0.0

ip prefix-list permit-subnets seq 10 permit 10.10.0.0/16 le 32
ip prefix-list permit-subnets seq 20 permit 10.11.0.0/16 le 32

access-l 2 permit 0.0.0.0

The 1**.59.0.0 is our internet address space

Giuseppe Larosa · ‎05-31-2011

Hello Roger,

the third clause of the route-map (permit 30) invokes access-list 2 that matches 0.0.0.0 including default route = 0.0.0.0/0

In IOS the default route is a special case and probably it cannot be passed from a routing protocol to another one.

So statement

redistribute ospf 1 route-map SET_MED_20K

doesn't work for 0.0.0.0/0 but it can work for other prefixes that can be matched by first two clauses of the route-map.

so my guess is that later the network route-map statement has been added.

A network route-map statement allows to set some attributes of the route that matches the network command in this case the MED is set to 20000

The first two clauses of the route-map clearly does not apply to prefix 0.0.0.0/0.

Edit:

a more clean configuration could use two different route-maps one used for redistribution of OSPF into BGP and one to be used in the network statement

This is my suggestion.

Hope to help

Giuseppe

View solution in original post

milan.kulik · ‎06-01-2011

Hi Roger,

yes, you are right.

You need to need to add a line to the route-map permitting 10.13.0.0 to get it redistributed to BGP.

Don't forget if you use

access-list 2 permit 10.13.0.0

for matching, it will permit not only 10.13.0.0/16 but also 10.13.0.0/17, /18,.., /32 (if they exist in your network).

(That's why I'm recommending using prefix-lists instead.)

You can check using sh ip bgp 10.13.0.0/16 longer

command which 10.13.0.0 subnets are present in your BGP table.

HTH,

Milan

View solution in original post

roger perkin · ‎05-31-2011

Also noticed in the BGP statement

router bgp 6500
no synchronization
bgp log-neighbor-changes
network 0.0.0.0 route-map SET_MED_20K

redistribute ospf 1 route-map SET_MED_20K

If anyone can add the relevance of SET_MED_20K in the network statement as well?

Many Thanks

Roger

Giuseppe Larosa · ‎05-31-2011

Hello Roger,

the third clause of the route-map (permit 30) invokes access-list 2 that matches 0.0.0.0 including default route = 0.0.0.0/0

In IOS the default route is a special case and probably it cannot be passed from a routing protocol to another one.

So statement

redistribute ospf 1 route-map SET_MED_20K

doesn't work for 0.0.0.0/0 but it can work for other prefixes that can be matched by first two clauses of the route-map.

so my guess is that later the network route-map statement has been added.

A network route-map statement allows to set some attributes of the route that matches the network command in this case the MED is set to 20000

The first two clauses of the route-map clearly does not apply to prefix 0.0.0.0/0.

Edit:

a more clean configuration could use two different route-maps one used for redistribution of OSPF into BGP and one to be used in the network statement

This is my suggestion.

Hope to help

Giuseppe

milan.kulik · ‎05-31-2011

Hi,

IMHO,

route-map SET_MED_20K permit 30
match ip address 2
set metric 20000

does not match anything when

access-l 2 permit 0.0.0.0
is used.

See

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00801310cb.shtml#acclists

or http://www.cisco.com/application/pdf/paws/13750/22.pdf

for details.

That's probably why the network 0.0.0.0 route-map SET_MED_20K

command was used to get the default route to the BGP table with proper MED - that hopefully answers your second question.

That's interesting the same ACL 2 works when used with the network command but is not working when used with redistribute command.

I'd strongly recommend using prefix-list to avoid all the confusions with ACL syntax here.

HTH,

Milan

roger perkin · ‎06-01-2011

So with this current setup woudl this stop a 10.13.0.0/16 network from being redistributed from OSPF into BGP?

I was thinking the 0.0.0.0 entry was covering everything else, but now see this is a default route.

I want to get another subnet into the BGP so do I just need to add a line to the route-map permitting 10.13.0.0 ?

Thanks

Roger

milan.kulik · ‎06-01-2011

Hi Roger,

yes, you are right.

You need to need to add a line to the route-map permitting 10.13.0.0 to get it redistributed to BGP.

Don't forget if you use

access-list 2 permit 10.13.0.0

for matching, it will permit not only 10.13.0.0/16 but also 10.13.0.0/17, /18,.., /32 (if they exist in your network).

(That's why I'm recommending using prefix-lists instead.)

You can check using sh ip bgp 10.13.0.0/16 longer

command which 10.13.0.0 subnets are present in your BGP table.

HTH,

Milan

roger perkin · ‎06-01-2011

Thanks Milan,

This is much clearer now, I was seeing this as permitting the two subnets and then everything else with the 0.0.0.0

I know see this is the default route and if I need to get any other subnets into BGP I will neeed to add another line to the redistribution prefix-list.

I will lab this up and prove it finally and then make the changes I need to.

Thanks guys

Roger