Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
376
Views
1
Helpful
8
Replies

Removing summary route from the core switch

Go to solution
sasanka1912
Level 1
Level 1

‎02-27-2025 01:08 PM

Hi ,

we have cisco 9400 series core switches and that connect to SD-WAN routers .

Now in Core switches , we have many SVI's and they are acting as a gateway for the Vlans. We have OSPF routing protocol that performs l3 routing and  all the connected interfaces are redistribute into ospf using redistribute connected configuration.

Our Core switch part of the  configuration is as below

router ospf 1 

summary-address xxxxx

redistributed connected

================================

Now i been asked to add a route-map associated with "redistributed connected" for more control routing advertisement  and remove summary address statement as well.

My question is i have prepared the prefix-list and  prepared the routemap as below

ip prefix-list FILTERTHIS seq 5 permit xxxx/24

route-map  connected_ospf permit 10

match ip address prefix-list FILTERTHIS 

route-map  connected_ospf deny 20

 

router ospf 1

redistributed connected subnets route-map  connected_ospf

 

============================================================

i tested this above configuration seems all ok but when i try to remove the summary address i can some few ping drops and would like to get some ideas how to perform this operation without any network blips/outages.

we are doing external route summarization using the summary-address xxxx and any ideas would be greatly appreciated,

 

 

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎02-27-2025 07:33 PM

Hello @sasanka1912 ,

first of all using redistribute connnected is poor design because you create unnecessary OSPF LSA type 5 prefixes that can only be filterered on the ASBR node(s) that generated them.

A better approach is to use

router ospf 1

passive-interface default

no passive-interface typex/y

no passive-interface type z/k

You can use an SVI between the two core switches where the L2 VLAN is allowed on a port-channel between them

You will also have a routed port to the SD WAN appliance in area 0.0.0.0.0 and all connected routes in area 0.0.0.50.

This way you make the two core switches to behave like ABR nodes connecting area 0.0.0.0 and area 0.0.0.50

you can create one or more aggregate routes using area range commands

You can suppress advertisement of a specific area range command using

area 0.0.0.50 filter-list prefix <prefix-name> out

in your case the summary route you are trying to remove cover some subnets some components that are not advertised allowed in the prefix-list.

The suggestion is that you can keep your current design but you should break the summary route in two or four more specific summay routes so that you can find out which can be removed with no issue.

Check also show ip route static the summary route may be covering some compoments that are learned via static routes or you need to add components routes in the prefix list as allowed to be able to remove the summary route.

Hope to help

Giuseppe

 

View solution in original post

Go to solution
M02@rt37
VIP
VIP

‎02-27-2025 10:38 PM

Hello @sasanka1912 

In addition to @Giuseppe Larosa, a more structured approach would be to use pasive interfaces for SVIs while enabling OSPF on only the required routed interfaces, avoiding the need for redistribution...

So, by segmenting the OSPF topology with a dedicated vlan SVI for inter_core communication and a routed link to the SD-WAN appliance, you can form an ABR architecture between area 0 and an internal area (area 50). This allows better control over route advertisement using area range commands for summarization while enabling filter-list to selectively suppress unecessary prefixes.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Flavio Miranda
VIP
VIP

‎02-27-2025 03:05 PM

@sasanka1912 

 You need to better understand what this route sumarization is doing and only remove it if this is not importante.  If you see packet drops when removing, you probably are using it somehow. 

 

0 Helpful

Go to solution
sasanka1912
Level 1
Level 1
In response to Flavio Miranda

‎02-28-2025 12:20 AM

Hi Falvio, 

we have quite a few SVI's and those SVI's were summarized under ospf summary-address xxxx. Now as routes are already summarized in SD-WAN end, hence requested me to remove the summarization from Lan end.

0 Helpful

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎02-27-2025 07:33 PM

Hello @sasanka1912 ,

first of all using redistribute connnected is poor design because you create unnecessary OSPF LSA type 5 prefixes that can only be filterered on the ASBR node(s) that generated them.

A better approach is to use

router ospf 1

passive-interface default

no passive-interface typex/y

no passive-interface type z/k

You can use an SVI between the two core switches where the L2 VLAN is allowed on a port-channel between them

You will also have a routed port to the SD WAN appliance in area 0.0.0.0.0 and all connected routes in area 0.0.0.50.

This way you make the two core switches to behave like ABR nodes connecting area 0.0.0.0 and area 0.0.0.50

you can create one or more aggregate routes using area range commands

You can suppress advertisement of a specific area range command using

area 0.0.0.50 filter-list prefix <prefix-name> out

in your case the summary route you are trying to remove cover some subnets some components that are not advertised allowed in the prefix-list.

The suggestion is that you can keep your current design but you should break the summary route in two or four more specific summay routes so that you can find out which can be removed with no issue.

Check also show ip route static the summary route may be covering some compoments that are learned via static routes or you need to add components routes in the prefix list as allowed to be able to remove the summary route.

Hope to help

Giuseppe

 

Go to solution
sasanka1912
Level 1
Level 1
In response to sasanka1912

‎02-28-2025 01:20 AM

Thanks for your informative details @Giuseppe Larosa 

0 Helpful

Go to solution
M02@rt37
VIP
VIP

‎02-27-2025 10:38 PM

Hello @sasanka1912 

In addition to @Giuseppe Larosa, a more structured approach would be to use pasive interfaces for SVIs while enabling OSPF on only the required routed interfaces, avoiding the need for redistribution...

So, by segmenting the OSPF topology with a dedicated vlan SVI for inter_core communication and a routed link to the SD-WAN appliance, you can form an ABR architecture between area 0 and an internal area (area 50). This allows better control over route advertisement using area range commands for summarization while enabling filter-list to selectively suppress unecessary prefixes.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
sasanka1912
Level 1
Level 1
In response to M02@rt37

‎02-28-2025 12:41 AM

Thanks M02@rt37 

0 Helpful

Go to solution
M02@rt37
VIP
VIP
In response to sasanka1912

‎02-28-2025 12:46 AM

You're so welcome, have a nice day.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful
Customers Also Viewed These Support Documents