12-29-2013 10:03 PM - edited 03-04-2019 09:57 PM
Hi all,
I have some problem on route filtering.
I have two sites have OSPF neighbor relationship. I would like to filter OSPF route by route tag. I want to only permit only specifi route tag, and deny the rest.
SITE A <--OSPF--> SITE B
SITE B router have redistributed static route into OSPF process with route tag 200. Below is the command i applied in SITE A router.
-----------------------------------------------------
route-map filter permit 10
match tag 200
route-map filter deny 20
router ospf 100
distribute-list route-map filter in
-----------------------------------------------------
But, once i applied the distribute-list command, i lost all routing learned from SITE B router. Before apply the command, i did "sho ip route x.x.x.x" in SITE A(for the matching prefix) , i could see the route tag as "200" . But why it block all the subnets from SITE B router?
I did reverse testing, as below, and it works as suppose. Why its not working the other way ?
-----------------------------------------------------
route-map filter deny 10
match tag 200
route-map filter permit 20
-----------------------------------------------------
Regards,
Nagis
Solved! Go to Solution.
12-29-2013 10:34 PM
Nagis,
if my understanding is correct, the router at site B is an ASBR and you want to filter out certain external OSPF routes on the router at site A based on tags.
All the external routes will be in the LSBD, the distribute-list in command just defines which routes will be installed in the local routing table.
In order to install external routes, the ASBR has to be reachable; I suppose that your route-map filters out ASBR connectivity too.
Could you check that (show ip ospf border-routers) and make sure that router A knows how to reach the ASBR (router B)?
HTH
Rolf
12-29-2013 11:59 PM
Ok, I think this is causing the problem:
Forward Address: 192.168.35.254
OSPF is enabled on the corresponding interface on router B and the forwarding address is set to non-zero for path-optimization.
So you could either make sure that this network is reachable from router A (changing the route-map) or, if suitable, you could disable OSPF on this network on router B.
Link: Common Routing Problem with OSPF Forwarding Address
Regards
Rolf
12-29-2013 10:34 PM
Nagis,
if my understanding is correct, the router at site B is an ASBR and you want to filter out certain external OSPF routes on the router at site A based on tags.
All the external routes will be in the LSBD, the distribute-list in command just defines which routes will be installed in the local routing table.
In order to install external routes, the ASBR has to be reachable; I suppose that your route-map filters out ASBR connectivity too.
Could you check that (show ip ospf border-routers) and make sure that router A knows how to reach the ASBR (router B)?
HTH
Rolf
12-29-2013 10:48 PM
Hi Rolf,
Yes, SITE B router is ASBR. Fyi, both router is connected via GRE tunnel. After applied the command, i still can see route to reach SITE B router, as its directly connected subnet. But still cant see any route from SITE B router. Any other mistakes?
Regards,
Nagis
12-29-2013 10:58 PM
Can you see Site B's LSAs in the LSDB of router A (show ip ospf database adv-router
12-29-2013 11:13 PM
Hi Rolf,
Yes. As shown below
----------------------------------------------------------------------------------------------------------
Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag
192.168.38.0 3.3.3.3 1663 0x8000000A 0x003761 2000
192.168.39.0 3.3.3.3 1663 0x8000000E 0x00246F 2000
Regards,
Nagis
12-29-2013 11:19 PM
Nagis,
Link ID ADV Router Age Seq# Checksum Tag
192.168.38.0 3.3.3.3 1663 0x8000000A 0x003761 2000
192.168.39.0 3.3.3.3 1663 0x8000000E 0x00246F 2000
-----------------------------------------------------
route-map filter permit 10
match tag 200
route-map filter deny 20
router ospf 100
distribute-list route-map filter in
-----------------------------------------------------
Looks like the routes are tagged with 2000 but you filter on tag 200?
HTH
Rolf
[EDIT]:
If this was just a typo, could you please post the output of "show ip ospf database external 192.168.38.0"? Perhaps we have a connectivity issue with a non-zero forwarding address.
12-29-2013 11:50 PM
HI Rolf,
Yes , it was type. Actual Tag is 2000.
---------------------------------------------------------------------
Show command before apply distribute-list
RTR#sho ip ospf database external 192.168.38.0
OSPF Router with ID (10.166.100.2) (Process ID 100)
Type-5 AS External Link States
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 194
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 192.168.38.0 (External Network Number )
Advertising Router: 3.3.3.3
LS Seq Number: 8000000C
Checksum: 0x56EF
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 100
Forward Address: 192.168.35.254
External Route Tag: 2000
-----------------------------------------------------------------------------------------------
Show command after apply distribute-list
RTR#sho ip ospf database external 192.168.38.0
OSPF Router with ID (10.166.100.2) (Process ID 100)
Type-5 AS External Link States
LS age: 315
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 192.168.38.0 (External Network Number )
Advertising Router: 3.3.3.3
LS Seq Number: 8000000C
Checksum: 0x56EF
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 100
Forward Address: 192.168.35.254
External Route Tag: 2000
--------------------------------------------------------------------------------------------------
Regards,
Nagis
12-29-2013 11:59 PM
Ok, I think this is causing the problem:
Forward Address: 192.168.35.254
OSPF is enabled on the corresponding interface on router B and the forwarding address is set to non-zero for path-optimization.
So you could either make sure that this network is reachable from router A (changing the route-map) or, if suitable, you could disable OSPF on this network on router B.
Link: Common Routing Problem with OSPF Forwarding Address
Regards
Rolf
12-30-2013 12:10 AM
Hi Rolf,
Thank you so much. That works!! Now i understand the reason behind the issue. Thanks again for your time.
Regards,
Nagis
12-30-2013 12:13 AM
Nagis,
you're welcome. Thanks for the ratings and marking as answered!
Regards,
Rolf
[EDIT/CORRECTION]:
OSPF is enabled on the corresponding interface on router B and the forwarding address is set to non-zero for path-optimization.
So you could either make sure that this network is reachable from router A (changing the route-map) or, if suitable, you could disable OSPF on this network on router B.
"Disable" could be a misleading term; actually it's sufficient to make the interface OSPF passive or change the network-type (point-to-[multi]point), you can find the details in the linked document:
These conditions set the forwarding address field to a non-zero address:
OSPF is enabled on the ASBR's next hop interface AND
ASBR's next hop interface is non-passive under OSPF AND
ASBR's next hop interface is not point-to-point AND
ASBR's next hop interface is not point-to-multipoint AND
ASBR's next hop interface address falls under the network range specified in the router ospf command.
Any other conditions besides these set the forwarding address to 0.0.0.0.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide