05-26-2016 08:47 AM - edited 03-08-2019 05:57 AM
I have a Data Center (DC) in which I have Nexus 7K working as Router and doing OSPF with my MPLS provider (Service Provider - SP) to get remote locations/offices Routes into Data Center. I have static routes pointing to Data Center Internal Network (DC-LAN). I want redistribute static routes into OSPF with assignment tag. And also I want filter routes coming from SP (remote locations/offices routes) into Data Center.
Please someone provide me solution and configuration example.
Nexus Model: 7710
Version: 6.2
05-26-2016 10:19 AM
Hi
For example purpose, let's assume that all your static routes are for a global subnet of 192.168.0.0/16 and all subnets are /24 and some static for 172.16.0.0/16. You can have static routes pointing to 192.168.10.0/24, 192.168.20.0/24, ...
For redistribution you can use standard ACL or prefix-list.
I'll show you the config by using prefix-list (I prefer prefix-list instead of ACLs).
1. You need to create prefix-list to filter which static routes you want to redistribute (optional if you want to filter):
ip prefix-list STATIC_Redistribute seq 5 permit 192.168.0.0/16 ge 24 ==> it will match all networks that are at least 24 bits in length
2. create a route-map (mandatory)
route-map STATIC_Redist_RMAP permit 10
match ip address prefix-list STATIC_Redist_RMAP ==> Optional if you want to filter static routes to redistribute
set tag 100 ==> Set the tag you want
route-map STATIC_Redist_RMAP permit 20 ==> If you used prefix-list to filter, you need to create one to indicate to the router what to do with other subnets if you want to do other stuff...
3. redistribute in OSPF
router ospf XX
redistribute static route-map STATIC_Redist_RMAP
If you use ACLs to filter, configs is the same except in the route-map, the command to call ACL is match ip address
To filters route on incoming on your Nexus, you need to use distribute-lit. All networks will be visible on the ospf database, but you can filter some to not being installed on your RIB. To do that, you need to play with distribute-list for example.
To filter, you can use multiple criteria, route tag, prefix-list, acl, route-type,...
For the example, I assume you have tagged routes coming from remote sites and we will filter by using match tag criteria.
1. you need to create a route-map
route-map FILTER deny 10 ==> Networks that will be filtered and not installed on RIB
match tag XXX
route-map FILTER permit 20 ==> To allow all others networks to be installed
2. Apply distribute-list in the ospf process:
router ospf xx
distribute-list route-map FILTER in
If you want to filter by networks, you can use prefix-list and match prefix-list criteria under the deny route-map (like I've shown on the 1st example for redistribution)
Hope this is clear.
Thanks
Those commands are valid for IOS. For Nexus, I don't have one right now but I'm quite sure (99%) that those commands are valid with the same syntax. Logic is same, maybe some syntax and/or parameters can change between IOS and NX-OS
05-27-2016 01:32 AM
Many Thanks for Solution.
NX-OS won't support distribution list and it has equivalent is filter-list but it seems to filter-list only filter LSA type 3 OSPF routes. But I need to filter all types LSAs.
Any one knows, how can achieve this ?
05-27-2016 04:55 AM
Hi
If you have a Nexus 7k, you can look table map feature.
With nexus 5k, you will not be able to do that. Maybe you need to do it on upstream router
05-27-2016 08:04 PM
OK. It is Nexus 7K with ver 6.2. So I would like to flter OSPF routes with having tag 123 and all other OSPF routes need to allow then below my configuration is correct ?
router ospf XX
table-map DC_TEST
route-map DC_TEST deny 10
match tag 123
route-map DC_TEST permit 20
05-28-2016 02:15 PM
Normally, you should add the keyword filter after the table-map like:
table-map DC_TEST filter
05-30-2016 01:34 AM
Thank You.
What is difference between with adding keyword "filter" and without adding keyword "filter" ?
05-30-2016 04:22 AM
What is difference between with adding keyword "filter" and without adding keyword "filter"
router ospf XX
table-map DC_TEST
route-map DC_TEST deny 10
match tag 123
route-map DC_TEST permit 20
OR
router ospf XX
table-map DC_TEST filter
route-map DC_TEST deny 10
match tag 123
route-map DC_TEST permit 20
Which one correct ?
05-30-2016 07:09 AM
With filter you avoid installing matching routes into RIB
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus7000/sw/unicast/command/reference/n7k_unicast_cmds/l3_cmds_t.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide