OSPF route-map filtering question

Answered Question
Dec 18th, 2009
User Badges:

I'm trying to understand something that I can't quite get.


I am redistributing between different processes and controlling the ospf routing updates.

I can see that the networks are not injected where I do not want them to.  However with the default route configured,

networks can talk to each other even though they are not in the routing table.


So what benefit is having a route map (except maybe control topology and database), if networks can talk to each other still.

When the default route is removed, then that is when the networks excluded are not able to communicate with each other.

This is what I would expect with ospf distribution filtering, regardless of the default route.

Correct Answer by lamav about 7 years 6 months ago

Who says you have to have a default route in the first place??


Look, you can come up with many ways to bypass things, but why would you want to do it?


I can have an ACL with 10 very specific permit statements and then have a permit ip any any at the end...so I just defeated my ACL, right? Quick solution: dont "permit ip any any" at the end!

Correct Answer by Giuseppe Larosa about 7 years 6 months ago

Hello Xayavongp,


>> This is what I would expect with ospf distribution filtering, regardless of the default route.


OSPF is a routing protocol but it is not the owner of the IP routing table.

The IP routing table maintaner process receives from each routing process proposals of IP prefixes and decides what to install based on AD (routing source level of trust ) and metric (protocol specific).

The IP routing table uses the most specific route first, regardless of AD and metric. A default route is simply the less specific route in the table and it is  used only when specific information is missing.


Now, what happens when a default route is installed in the routing table?

in modern IOS images that use ip classless the default route is used for packets with a destination without an explicit route even if it is part of a major network (Class A, B, C) that the local node connects to (=has a connected interface in network 10/8 for example)


in older IOS images classful routing = no ip classless was the default setting and the installed default route was used only for destination that does not belong to locally connected major networks. That is if the router has one interface in net 10/8 and the packet is destinated to 10.250.250.2 and there is no explicit route for this the packet is dropped in classful routing mode. a packet to 20.20.20.2 can use the default route.


Going back to route-maps for redistribution, they decide what routes present in database of protocol 1 and present in IP routing table of local node are passed into the database of protocol 2.

In most cases we can distinguish a core routing protocol and an edge routing protocol and the safe solution is to redistribute the edge routing protocol into the core routing protocol and to use a default route to point to the core.

That is to avoid mutual redistribution.

Also in real world the default route has an important job: it represents the exit point to the public internet.

So also if there are a lot of scenarios with mutual redistrivbution and with appropriate route filters and route tags in place, in real world it is difficult to have a network without a default route.


Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Jon Marshall Fri, 12/18/2009 - 14:51
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

xayavongp wrote:


I'm trying to understand something that I can't quite get.


I am redistributing between different processes and controlling the ospf routing updates.

I can see that the networks are not injected where I do not want them to.  However with the default route configured,

networks can talk to each other even though they are not in the routing table.


So what benefit is having a route map (except maybe control topology and database), if networks can talk to each other still.

When the default route is removed, then that is when the networks excluded are not able to communicate with each other.

This is what I would expect with ospf distribution filtering, regardless of the default route.


Not sure i follow your reasoning. If you have a default-route that will always be used as a last resort. If you want to control which networks can talk to which networks by filtering routing updates then you can't have a default-route in the routing table that allows the networks to talk to each other. If you do have a default-route doesn't really matter what you filter.


If i have misunderstood please explain further.


Jon

tomek0001 Fri, 12/18/2009 - 18:43
User Badges:

I think if would be helpful to understand if you posted sample configs.

Correct Answer
Giuseppe Larosa Sun, 12/20/2009 - 12:41
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Xayavongp,


>> This is what I would expect with ospf distribution filtering, regardless of the default route.


OSPF is a routing protocol but it is not the owner of the IP routing table.

The IP routing table maintaner process receives from each routing process proposals of IP prefixes and decides what to install based on AD (routing source level of trust ) and metric (protocol specific).

The IP routing table uses the most specific route first, regardless of AD and metric. A default route is simply the less specific route in the table and it is  used only when specific information is missing.


Now, what happens when a default route is installed in the routing table?

in modern IOS images that use ip classless the default route is used for packets with a destination without an explicit route even if it is part of a major network (Class A, B, C) that the local node connects to (=has a connected interface in network 10/8 for example)


in older IOS images classful routing = no ip classless was the default setting and the installed default route was used only for destination that does not belong to locally connected major networks. That is if the router has one interface in net 10/8 and the packet is destinated to 10.250.250.2 and there is no explicit route for this the packet is dropped in classful routing mode. a packet to 20.20.20.2 can use the default route.


Going back to route-maps for redistribution, they decide what routes present in database of protocol 1 and present in IP routing table of local node are passed into the database of protocol 2.

In most cases we can distinguish a core routing protocol and an edge routing protocol and the safe solution is to redistribute the edge routing protocol into the core routing protocol and to use a default route to point to the core.

That is to avoid mutual redistribution.

Also in real world the default route has an important job: it represents the exit point to the public internet.

So also if there are a lot of scenarios with mutual redistrivbution and with appropriate route filters and route tags in place, in real world it is difficult to have a network without a default route.


Hope to help

Giuseppe

Correct Answer
lamav Sun, 12/20/2009 - 15:13
User Badges:
  • Blue, 1500 points or more

Who says you have to have a default route in the first place??


Look, you can come up with many ways to bypass things, but why would you want to do it?


I can have an ACL with 10 very specific permit statements and then have a permit ip any any at the end...so I just defeated my ACL, right? Quick solution: dont "permit ip any any" at the end!

xayavongp Mon, 12/21/2009 - 08:16
User Badges:

Thank you for your replies.  I believe they were useful in my understanding of the protocol.  I appreciate giuslar for the explantion as well as lamav's input.

Actions

This Discussion