cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1226
Views
0
Helpful
5
Replies

OSPF route-map filtering question

xayavongp
Level 1
Level 1

I'm trying to understand something that I can't quite get.

I am redistributing between different processes and controlling the ospf routing updates.

I can see that the networks are not injected where I do not want them to.  However with the default route configured,

networks can talk to each other even though they are not in the routing table.

So what benefit is having a route map (except maybe control topology and database), if networks can talk to each other still.

When the default route is removed, then that is when the networks excluded are not able to communicate with each other.

This is what I would expect with ospf distribution filtering, regardless of the default route.

2 Accepted Solutions

Accepted Solutions

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Xayavongp,

>> This is what I would expect with ospf distribution filtering, regardless of the default route.

OSPF is a routing protocol but it is not the owner of the IP routing table.

The IP routing table maintaner process receives from each routing process proposals of IP prefixes and decides what to install based on AD (routing source level of trust ) and metric (protocol specific).

The IP routing table uses the most specific route first, regardless of AD and metric. A default route is simply the less specific route in the table and it is  used only when specific information is missing.

Now, what happens when a default route is installed in the routing table?

in modern IOS images that use ip classless the default route is used for packets with a destination without an explicit route even if it is part of a major network (Class A, B, C) that the local node connects to (=has a connected interface in network 10/8 for example)

in older IOS images classful routing = no ip classless was the default setting and the installed default route was used only for destination that does not belong to locally connected major networks. That is if the router has one interface in net 10/8 and the packet is destinated to 10.250.250.2 and there is no explicit route for this the packet is dropped in classful routing mode. a packet to 20.20.20.2 can use the default route.

Going back to route-maps for redistribution, they decide what routes present in database of protocol 1 and present in IP routing table of local node are passed into the database of protocol 2.

In most cases we can distinguish a core routing protocol and an edge routing protocol and the safe solution is to redistribute the edge routing protocol into the core routing protocol and to use a default route to point to the core.

That is to avoid mutual redistribution.

Also in real world the default route has an important job: it represents the exit point to the public internet.

So also if there are a lot of scenarios with mutual redistrivbution and with appropriate route filters and route tags in place, in real world it is difficult to have a network without a default route.

Hope to help

Giuseppe

View solution in original post

Who says you have to have a default route in the first place??

Look, you can come up with many ways to bypass things, but why would you want to do it?

I can have an ACL with 10 very specific permit statements and then have a permit ip any any at the end...so I just defeated my ACL, right? Quick solution: dont "permit ip any any" at the end!

View solution in original post

5 Replies 5

Jon Marshall
Hall of Fame
Hall of Fame

xayavongp wrote:

I'm trying to understand something that I can't quite get.

I am redistributing between different processes and controlling the ospf routing updates.

I can see that the networks are not injected where I do not want them to.  However with the default route configured,

networks can talk to each other even though they are not in the routing table.

So what benefit is having a route map (except maybe control topology and database), if networks can talk to each other still.

When the default route is removed, then that is when the networks excluded are not able to communicate with each other.

This is what I would expect with ospf distribution filtering, regardless of the default route.

Not sure i follow your reasoning. If you have a default-route that will always be used as a last resort. If you want to control which networks can talk to which networks by filtering routing updates then you can't have a default-route in the routing table that allows the networks to talk to each other. If you do have a default-route doesn't really matter what you filter.

If i have misunderstood please explain further.

Jon

tomek0001
Level 4
Level 4

I think if would be helpful to understand if you posted sample configs.

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Xayavongp,

>> This is what I would expect with ospf distribution filtering, regardless of the default route.

OSPF is a routing protocol but it is not the owner of the IP routing table.

The IP routing table maintaner process receives from each routing process proposals of IP prefixes and decides what to install based on AD (routing source level of trust ) and metric (protocol specific).

The IP routing table uses the most specific route first, regardless of AD and metric. A default route is simply the less specific route in the table and it is  used only when specific information is missing.

Now, what happens when a default route is installed in the routing table?

in modern IOS images that use ip classless the default route is used for packets with a destination without an explicit route even if it is part of a major network (Class A, B, C) that the local node connects to (=has a connected interface in network 10/8 for example)

in older IOS images classful routing = no ip classless was the default setting and the installed default route was used only for destination that does not belong to locally connected major networks. That is if the router has one interface in net 10/8 and the packet is destinated to 10.250.250.2 and there is no explicit route for this the packet is dropped in classful routing mode. a packet to 20.20.20.2 can use the default route.

Going back to route-maps for redistribution, they decide what routes present in database of protocol 1 and present in IP routing table of local node are passed into the database of protocol 2.

In most cases we can distinguish a core routing protocol and an edge routing protocol and the safe solution is to redistribute the edge routing protocol into the core routing protocol and to use a default route to point to the core.

That is to avoid mutual redistribution.

Also in real world the default route has an important job: it represents the exit point to the public internet.

So also if there are a lot of scenarios with mutual redistrivbution and with appropriate route filters and route tags in place, in real world it is difficult to have a network without a default route.

Hope to help

Giuseppe

Who says you have to have a default route in the first place??

Look, you can come up with many ways to bypass things, but why would you want to do it?

I can have an ACL with 10 very specific permit statements and then have a permit ip any any at the end...so I just defeated my ACL, right? Quick solution: dont "permit ip any any" at the end!

Thank you for your replies.  I believe they were useful in my understanding of the protocol.  I appreciate giuslar for the explantion as well as lamav's input.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: