Route distribution in OSPF

rutvijbrahmbhatt · ‎06-24-2020

Hi All,

I have a firewall cisco asa 5525 in each of the two data centers where we have eBGP peering with ISP. We are advertising x.x.254.0/24 and x.x.255.0/24 networks. The way we are doing it is having a "Null0" routes on the firewalls and advertised to eBGP peer using route-map. The routes are received by ISP perfectly fine, but the problem is these routes/networks are also advertised internally via OSPF. How can I stop redistributing these networks in OSPF? I have following configuration for STATIC to OSPF redistribution.

router ospf 77
redistribute static metric-type 1 subnets route-map manage-static

route-map manage-static permit 10
match ip address manage_route-map_static

access-list manage_route-map_static extended permit ip any4 <Network removed for security>
access-list manage_route-map_static extended permit ip any4 host <host removed for security>
access-list manage_route-map_static extended permit ip any4 host <host removed for security>
access-list manage_route-map_static extended permit ip any <object removed for security>

Giuseppe Larosa · ‎06-25-2020

Hello @rutvijbrahmbhatt ,

you are using an IP extended ACL to decide which static routes to redistribute into OSPF.

This is not supposed to work correctly.

You should use a prefix-list instead

ip prefix-list ALLOWED permit 10.100.100.0/24

ip prefix-list ALLOWED permit 10.200.0.0/16 ge 18 le 24

route-map STATIC-INTO-OSPF permit 10

match ip address prefix ALLOWED

router ospf 77

redistribute static subnets route-map STATIC-INTO-OSPF

Hope to help

Giuseppe