Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
768
Views
0
Helpful
0
Replies

Nesting RPL Route Policy with the Apply option

AmyEST
Level 1
Level 1

‎11-09-2022 10:36 AM

Hello team,

Looking for help on this. We have dual-homed setup with two local routers running ospf and isis upstream routers. If we have the following RPL policy to redistribute OSPF routes into ISIS, it seems like a bit much that all routes are dropped if we dont have an explicit pass when the same policy has been substituted in another policy. Anyone has any experience with it on ASR9K.

Example:

 


R1:

prefix-set CRS-SITE1-LINKS
1.1.1.1/32,
1.1.1.2/32,
1.1.1.3/32,
204.23.10.52/30,
4.4.4.4/32
end-set
!

prefix-set CRS-SITE2-LINKS
124.48.18.0/19 le 24,
240.31.12.0/20 le 24,
17.23.96.0/20 le 24,
64.12.108.0/30,
19.20.14.0/21
end-set
!
prefix-set IPV4-DEFAULT-ROUTE
0.0.0.0/0
end-set
!
route-policy ACCESS-DENY-DEFAULT-IN
if destination in IPV4-DEFAULT-ROUTE then
drop
elseif tag eq 300 then
drop
else
pass
endif
end-policy
!

route-policy ISIS-LINKS-LOOPS-ONLY
if (destination in CRS-SITE1-LINKS and destination in CRS-SITE2-LINKS) then
set tag 200
pass
endif
end-policy
!

route-policy ISIS-REDIST-OSPF-ACCESS
## APPLY ISIS-LINKS LOOPS ONLY
apply ISIS-LINKS-LOOPS-ONLY
end-policy
!

router ospf access
default-information originate always
address-family ipv4 unicast
area 0.0.0.0
distribute-list route-policy ACCESS-DENY-DEFAULT-IN in

router isis inet
address-family ipv4 unicast
redistribute ospf access level-2 route-policy ISIS-REDIST-OSPF-ACCESS

R2:

prefix-set CRS-SITE1-LINKS
1.1.1.1/32,
1.1.1.2/32,
1.1.1.3/32,
204.23.10.56/30,
4.4.4.4/32
end-set
!

prefix-set CRS-SITE2-LINKS
124.48.18.0/19 le 24,
240.31.12.0/20 le 24,
17.23.96.0/20 le 24,
64.12.108.4/30,
19.20.14.0/21
end-set
!
prefix-set IPV4-DEFAULT-ROUTE
0.0.0.0/0
end-set
!
route-policy ACCESS-DENY-DEFAULT-IN
if destination in IPV4-DEFAULT-ROUTE then
drop
elseif tag eq 200 then
drop
else
pass
endif
end-policy
!

route-policy ISIS-LINKS-LOOPS-ONLY
if (destination in CRS-SITE1-LINKS and destination in CRS-SITE2-LINKS) then
set tag 300
pass
endif
end-policy
!

route-policy ISIS-REDIST-OSPF-ACCESS
## APPLY ISIS-LINKS LOOPS ONLY
apply ISIS-LINKS-LOOPS-ONLY
end-policy
!
router ospf access
default-information originate always
address-family ipv4 unicast
area 0.0.0.0
distribute-list route-policy ACCESS-DENY-DEFAULT-IN in
!
router isis inet
address-family ipv4 unicast
redistribute ospf access level-2 route-policy ISIS-REDIST-OSPF-ACCESS

Thank you,

AmyEST.

 

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents