Hello team,
Looking for help on this. We have dual-homed setup with two local routers running ospf and isis upstream routers. If we have the following RPL policy to redistribute OSPF routes into ISIS, it seems like a bit much that all routes are dropped if we dont have an explicit pass when the same policy has been substituted in another policy. Anyone has any experience with it on ASR9K.
Example:
R1:
prefix-set CRS-SITE1-LINKS
1.1.1.1/32,
1.1.1.2/32,
1.1.1.3/32,
204.23.10.52/30,
4.4.4.4/32
end-set
!
prefix-set CRS-SITE2-LINKS
124.48.18.0/19 le 24,
240.31.12.0/20 le 24,
17.23.96.0/20 le 24,
64.12.108.0/30,
19.20.14.0/21
end-set
!
prefix-set IPV4-DEFAULT-ROUTE
0.0.0.0/0
end-set
!
route-policy ACCESS-DENY-DEFAULT-IN
if destination in IPV4-DEFAULT-ROUTE then
drop
elseif tag eq 300 then
drop
else
pass
endif
end-policy
!
route-policy ISIS-LINKS-LOOPS-ONLY
if (destination in CRS-SITE1-LINKS and destination in CRS-SITE2-LINKS) then
set tag 200
pass
endif
end-policy
!
route-policy ISIS-REDIST-OSPF-ACCESS
## APPLY ISIS-LINKS LOOPS ONLY
apply ISIS-LINKS-LOOPS-ONLY
end-policy
!
router ospf access
default-information originate always
address-family ipv4 unicast
area 0.0.0.0
distribute-list route-policy ACCESS-DENY-DEFAULT-IN in
router isis inet
address-family ipv4 unicast
redistribute ospf access level-2 route-policy ISIS-REDIST-OSPF-ACCESS
R2:
prefix-set CRS-SITE1-LINKS
1.1.1.1/32,
1.1.1.2/32,
1.1.1.3/32,
204.23.10.56/30,
4.4.4.4/32
end-set
!
prefix-set CRS-SITE2-LINKS
124.48.18.0/19 le 24,
240.31.12.0/20 le 24,
17.23.96.0/20 le 24,
64.12.108.4/30,
19.20.14.0/21
end-set
!
prefix-set IPV4-DEFAULT-ROUTE
0.0.0.0/0
end-set
!
route-policy ACCESS-DENY-DEFAULT-IN
if destination in IPV4-DEFAULT-ROUTE then
drop
elseif tag eq 200 then
drop
else
pass
endif
end-policy
!
route-policy ISIS-LINKS-LOOPS-ONLY
if (destination in CRS-SITE1-LINKS and destination in CRS-SITE2-LINKS) then
set tag 300
pass
endif
end-policy
!
route-policy ISIS-REDIST-OSPF-ACCESS
## APPLY ISIS-LINKS LOOPS ONLY
apply ISIS-LINKS-LOOPS-ONLY
end-policy
!
router ospf access
default-information originate always
address-family ipv4 unicast
area 0.0.0.0
distribute-list route-policy ACCESS-DENY-DEFAULT-IN in
!
router isis inet
address-family ipv4 unicast
redistribute ospf access level-2 route-policy ISIS-REDIST-OSPF-ACCESS
Thank you,
AmyEST.