Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7807
Views
0
Helpful
7
Replies

ospf - redistribute static

Go to solution
Network Pro
Level 1
Level 1

‎07-12-2011 03:06 AM - edited ‎03-07-2019 01:10 AM

hi,

We have a voice gateway (external) and we have given them a static address on our network for the router. so all traffic to voice network will pass through their gateway

ip route 211.222.11.2 255.255.248.0 172.22.11.1

we have a few more static address which are advertised through ospf with the redristrubite static command

we have another site with the same external vocie gateway provider who have installed a dedicated cirucit for voice. they again are using hte same 211.111.11.2/21 address. we will give them a static address for their router and again point 211.111.11.2/21 to this address (their router).  but the problem we are having is that since the above ip route is redistrubuted through ospf all traffic (on doiung traceroute) seems to go through the first site and not through the local voice gateway (however on the removing the cable to the local voice gateway stops all phones working !! - not sure why ) - but traceroute definetly takes it through the first site.

just wondering is there a way to exclude just 1 statement from redistrubiute static command on ospf ?

Thanks

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
andrew.prince
Level 10
Level 10

‎07-12-2011 03:34 AM

Yes - write a route-map that references an access-list that defines which static route subnets you want to redistribute.

HTH>

View solution in original post

0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎07-12-2011 03:36 AM

Hello,

I am not entirely sure I understand your problem correctly so please consider my answer limited to just a small part of your original question, not as a complete solution.

just wondering is there a way to exclude just 1 statement from redistrubiute static command on ospf ?

If you are asking if there is a way to select which static routes are to be redistributed and which should not be redistributed then yes - there is a construct called route-map that allows you to filter the routes as they are redistributed, and pick just a selected subset.

Assume that you do not want to redistribute static networks 192.0.2.0/28 and 192.0.2.32/29 but you want to redistribute all other static networks. The configuration would be as follows:

ip prefix-list Static2OSPF deny 192.0.2.0/28
ip prefix-list Static2OSPF deny 192.0.2.32/29
ip prefix-list Static2OSPF permit 0.0.0.0/0 le 32
!
route-map Red_S2OSPF permit 10
 match ip prefix-list Static2OSPF
!
router ospf 1
 redistribute static subnets route-map Red_S2OSPF

The ip prefix-list is something similar to an ACL, optimized for network/mask matching. The deny clauses select the networks you do not want to redistribute, the permit clause as written here permits everything else. The route-map is only a wrapper around the prefix list because usually, the redistribute command does not allow you to directly refer to a prefix list but it always allows you to point to a route-map. So the prefix list Static2OSPF is wrapped inside the route-map Red_S2OSPF which merely filters all redistributed networks according to this prefix list. The route-map could do much more, such as set the metric of redistributed routes or their metric type, but it is not necessary to do it right now, so let's keep things as simple as it gets.

Perhaps this helps a bit.

Best regards,

Peter

View solution in original post

0 Helpful
7 Replies 7

Go to solution
andrew.prince
Level 10
Level 10

‎07-12-2011 03:34 AM

Yes - write a route-map that references an access-list that defines which static route subnets you want to redistribute.

HTH>

0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎07-12-2011 03:36 AM

Hello,

I am not entirely sure I understand your problem correctly so please consider my answer limited to just a small part of your original question, not as a complete solution.

just wondering is there a way to exclude just 1 statement from redistrubiute static command on ospf ?

If you are asking if there is a way to select which static routes are to be redistributed and which should not be redistributed then yes - there is a construct called route-map that allows you to filter the routes as they are redistributed, and pick just a selected subset.

Assume that you do not want to redistribute static networks 192.0.2.0/28 and 192.0.2.32/29 but you want to redistribute all other static networks. The configuration would be as follows:

ip prefix-list Static2OSPF deny 192.0.2.0/28
ip prefix-list Static2OSPF deny 192.0.2.32/29
ip prefix-list Static2OSPF permit 0.0.0.0/0 le 32
!
route-map Red_S2OSPF permit 10
 match ip prefix-list Static2OSPF
!
router ospf 1
 redistribute static subnets route-map Red_S2OSPF

The ip prefix-list is something similar to an ACL, optimized for network/mask matching. The deny clauses select the networks you do not want to redistribute, the permit clause as written here permits everything else. The route-map is only a wrapper around the prefix list because usually, the redistribute command does not allow you to directly refer to a prefix list but it always allows you to point to a route-map. So the prefix list Static2OSPF is wrapped inside the route-map Red_S2OSPF which merely filters all redistributed networks according to this prefix list. The route-map could do much more, such as set the metric of redistributed routes or their metric type, but it is not necessary to do it right now, so let's keep things as simple as it gets.

Perhaps this helps a bit.

Best regards,

Peter

0 Helpful

Go to solution
Network Pro
Level 1
Level 1
In response to Peter Paluch

‎07-12-2011 04:47 AM

hi,

Thanks to Andrew and Peter..I have added the static ip route on the core router as well so there are two static routes (on locally advertised) and the other advertised on the core - ospf picks up the nearest one and sends the traffic there. but i think route map will work as well but just going with the first optio to keep things simple..

@peter - thanks for the lovely explanation..just wondering can i go with access list as well (just for my understanding) - if i use access list how do i use them instead of the prefix list - 

Thanks

0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to Network Pro

‎07-12-2011 05:29 AM

Hello,

Yes, you can use access lists instead of prefix lists to control the redistribution. However, their usage is very unintuitive because of the way they match network addresses and netmasks:

  • The source part of an ACL used in route-map for redistribution matches the network address
  • The destination part of an ACL used in route-map for redistribution matches the network netmask

So, for example, the following ACL would be a direct transcription of the prefix list I have used before:

access-list 100 deny ip host 192.0.2.0 host 255.255.255.240
access-list 100 deny ip host 192.0.2.32 host 255.255.255.248
access-list 100 permit ip any any

Note how strange that looks... in fact, I am not using any wildcard masks at all. I am pretty specific in how exactly the network address and its netmask shall look like. You may find this either understandable or awkward, but in any case, the prefix lists are much more clear in this manner.

This ACL would be then used as follows:

route-map Red_S2OSPF permit 10
 match ip address 100

The route-map itself would be used identically to my previous example - no changes there.

The prefix lists are more optimized for network/netmask matching and also have some favorable properties when used in BGP, and because of all these advantages, it is strongly recommended to use them in distribute lists, redistribution and generally in routing update filtering and manipulation whenever possible.

Best regards,

Peter

0 Helpful

Go to solution
Network Pro
Level 1
Level 1
In response to Peter Paluch

‎07-12-2011 05:32 AM

thanks but the above access-list, will they deny the entire range or just the hosts - since it mention just host to host ?

0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to Network Pro

‎07-12-2011 06:02 AM

Hello,

That is the funny and most confusing part of using ACLs in redistribution - the ACL in this case is not filtering packets. It is filtering routes, i.e. network/mask combinations that are being injected into OSPF. Now, if the route in the routing table looks exactly like:

S    1.0.0.0/8 [1/0] via 192.0.2.3

then the network is exactly 1.0.0.0 and the netmask is exactly 255.0.0.0. There is no need to be unspecific in either of them. The ACL will see these values exactly as present in the routing table (note - not packets! just routes!) so to match this network, I can simply write

access-list 100 permit/deny ip host 1.0.0.0 host 255.0.0.0

Does this make at least a little sense? Remember once again: if the ACL is used in a route-map for redistribution, then the ACL is used to filter routes that are being redistributed. It is not filtering packets flowing through the router.

Best regards,

Peter

0 Helpful

Go to solution
Network Pro
Level 1
Level 1
In response to Peter Paluch

‎07-12-2011 06:07 AM

oh ok interesting !! Thanks

0 Helpful
Customers Also Viewed These Support Documents