OSPF Static Route redistribution to one neighbor?

Unanswered Question
Feb 3rd, 2010
User Badges:

I want to distribute some static routes to an OSPF neighbor on the same subnet, but only that one neighbor--I have two other neighbor relationships. Is there a way to redistribute static routes to only one neighbor--with a route-map maybe, or another way?


Thanks,


James

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Jon Marshall Wed, 02/03/2010 - 12:20
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

james.bastnagel wrote:


I want to distribute some static routes to an OSPF neighbor on the same subnet, but only that one neighbor--I have two other neighbor relationships. Is there a way to redistribute static routes to only one neighbor--with a route-map maybe, or another way?


Thanks,


James


James


Yes, you use a route-map to do this ie.


ip route 192.168.5.0 255.255.255.0 172.16.10.1

ip route 192.168.6.0 255.255.255.0 172.16.10.1

ip route 10.5.1.0 255.255.255.0 172.16.10.1


you only want to redistribute the 10.5.1.0/24 route


router ospf 10

redistribute static subnets route-map OSPF


access-list 10 permit 10.5.1.0 0.0.0.255


route-map OSPF permit 10

match ip address 10


Jon

Giuseppe Larosa Wed, 02/03/2010 - 12:24
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Jon,

James would like to advertise the external route to a specific neighbor only.


It is a different matter with a negative answer for link state nature of OSPF



Hope to help

Giuseppe

Jon Marshall Wed, 02/03/2010 - 12:28
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

giuslar wrote:


Hello Jon,

James would like to advertise the external route to a specific neighbor only.


It is a different matter with a negative answer for link state nature of OSPF



Hope to help

Giuseppe


Giuseppe


I am a little confused. James's request was can you redistribute static routes to some neigbors and not others. I have just labbed it up and you can indeed do this with a route-map.


Are we talking about the same thing ?


Jon

Giuseppe Larosa Wed, 02/03/2010 - 12:35
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Jon,

let's read again original post:


>> I want to distribute some static routes to an OSPF neighbor on the same subnet, but only that one neighbor--I have two other neighbor relationships. Is there a way to redistribute static routes to only one neighbor--with a route-map maybe, or another way?


my understanding is that James would like to distribute some static routes but only to one neighbor on a LAN segment and not to other OSPF neighbors.


Your test is good in filtering what static routes should be injected in the OSPF domain, but it cannot achieve the desired result to send these external routes only to specific OSPF neighbor and not to others the OSPF LSAs is flooded out in the whole domain.

Only way would be to use a distribute-list to avoid installation of undesired route but it has to be done on the two neighbors that should not install the routes.

But this is not usually considered best practice.


Hope to help

Giuseppe

james.bastnagel Wed, 02/03/2010 - 12:38
User Badges:

So I could distribute the static routes, but apply a filter of some sort to

my ASA so it doesnt use the routes that are distributed? is that accurate?


On Wed, Feb 3, 2010 at 12:35 PM, giuslar

Giuseppe Larosa Wed, 02/03/2010 - 12:56
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello James,

distribute-list can be used in a regular router.


On ASA it should be checked against ASA config reference.


The command is present since ver. 7.2


http://www.cisco.com/en/US/docs/security/asa/asa82/command/reference/d2.html#wp1951054


Note: Be aware that the distribution list will not block LSA propagation so the same distribution list should be implemented on ALL devices downstream the ASA or a routing black hole would be formed (this is why it is not best practice : it is not scalable in a big scenario)


this is because the filter acts on the IP routing table and not on the OSPF database


Again, I would try to implement PBR instead if possible.


Hope to help

Giuseppe

Jon Marshall Wed, 02/03/2010 - 12:41
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

giuslar wrote:


Hello Jon,

let's read again original post:


>> I want to distribute some static routes to an OSPF neighbor on the same subnet, but only that one neighbor--I have two other neighbor relationships. Is there a way to redistribute static routes to only one neighbor--with a route-map maybe, or another way?


my understanding is that James would like to distribute some static routes but only to one neighbor on a LAN segment and not to other OSPF neighbors.


Your test is good in filtering what static routes should be injected in the OSPF domain, but it cannot achieve the desired result to send these external routes only to specific OSPF neighbor and not to others the OSPF LSAs is flooded out in the whole domain.

Only way would be to use a distribute-list to avoid installation of undesired route but it has to be done on the two neighbors that should not install the routes.

But this is not usually considered best practice.


Hope to help

Giuseppe


Giuseppe


Yep, your'e right of course. Got myself a little confused there i should have read the question more closely.


Jon

james.bastnagel Wed, 02/03/2010 - 12:37
User Badges:

I know i can distribute specific routes with a route-map, but would like to

send specific routes to only 1 of my OSPF neighbors. The network segment

crudely looks like my ASCII art below


-


[Core Switch Vlan 1

172.21.2.3 | vlan5 172.21.5.2]

Giuseppe Larosa Wed, 02/03/2010 - 12:21
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello  James,

this is not possible:

OSPF external routes cannot be filtered outbound.


It couldn't  work even if the other neighors were in a different interface and different IP subnet.


You probably need to consider PBR again but it has to be applied on the neighbor that should have received that redistributed static route.


Hope to help

Giuseppe

dbass Wed, 02/03/2010 - 13:18
User Badges:

Yeah, Guisseppe is totally correct.  The nature of OSPF is that an LSA is propogated throughout the entire domain.  Unfortunaltely, you cannot filter a route to only 1 peer, and the only way to do what you want is a distribute list on every single router that you don't want to see the routes.


There are other methods such as PBR, configuring static routes on the one router, multiple routing protocols that you can use, but it gets rather ugly.

james.bastnagel Wed, 02/03/2010 - 13:28
User Badges:

I think what I am going to try is adding static routes to the firewall, then

redistribute my selected static routes from the core to the providers

router, then I will use PBR on the core to route my test stations to the

firewall rather then the "old" connection.


When I redistribute my statics, will the core switch appear as the next hop

for those routes, or will it distribute the entire static route including

the next hop? Either way is fine I think, i will have to configure PBR on a

2nd device if it doesnt advertise itself as the next hop though.


Thanks again everyone!!!

Giuseppe Larosa Wed, 02/03/2010 - 13:38
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello James,


>>

When I redistribute my statics, will the core switch appear as the next hop

for those routes, or will it distribute the entire static route including

the next hop?


the external LSA data structure will have an advertising router field = ASBR core switch OSPF router id


Hope to help

Giuseppe

james.bastnagel Wed, 02/03/2010 - 13:42
User Badges:

Giuseppe,


Thank you for the information.


I just want to clarify my understanding though.


Because my core switch is distributing the routes, it will appear as the

next hop for those routes in the neighbors routing table--NOT the next hop

that is actually configured on my core switch. Is that correct?


Thanks again!


On Wed, Feb 3, 2010 at 1:38 PM, giuslar

Giuseppe Larosa Wed, 02/03/2010 - 13:45
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello James,

your understanding is correct


Hope to help

Giuseppe

mshahzadqadir Thu, 02/04/2010 - 05:11
User Badges:

Another way of doing it might be, assign different area to the router you want to send prefix than the other neighbors (who you don't want to send  prefixes). then on area boundry of the routers where you don't want routes to be advertised, apply a filter-list that way routes will not go to lsdb and not to routing table.

Giuseppe Larosa Thu, 02/04/2010 - 05:26
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Shahzad,

inter area filtering works only for internal routes, external OSPF routes cannot be filtered in this way and original poster was speaking of static routes redistributed into OSPF.

In other cases what you suggest is feasible and it is a good reason for using network ... area commands + passive interface instead of redistribute connected: it provides more control


Hope to help

Giuseppe

mshahzadqadir Thu, 02/04/2010 - 06:44
User Badges:

Hi Giuseppe,


Sure you are right, that solution is only for inter-area routes - missed routes we are talking here are RED routes.


You can still filter routes using forward address filters. Here is the idea:


For all redistributed routes in normal areas (not NSSA) ospf records forward address of 0.0.0.0 but if you filfill following conditions ospf will start using next hop address of ASBR. Conditions are:


1. ASBR's next hop interface should be included in ospf process

2. Next hop interface should not be point-to-point

3. Next hop interface should not be point to multipoint

4. interface address should not be included using redistribution.


if these conditions are met router records next hop address instead of 0.0.0.0 (and this way just using advertising router as next hop). Now all the downstream routers will record the red routes as far as they have reachability to the next hop advertising. If you divide the router you want prefixes go through in separate then other routers. you can filter next hop address on area boundry of routers not required to have redistributed routes. this way these routers will not receive next hop address for ASBR and will hence not install external routes.


Example:


R1#s
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            172.16.10.1     YES manual up                    up
Serial0/0                  10.10.10.1      YES manual up                    up
FastEthernet0/1            unassigned      YES unset  administratively down down
Serial0/1                  10.10.10.5      YES manual up                    up
Loopback5                  5.5.5.5         YES manual up                    up

R1#sh run | b router ospf
router ospf 1
log-adjacency-changes
area 2 filter-list prefix filter-external in
redistribute static subnets
network 10.10.10.0 0.0.0.3 area 1
network 10.10.10.4 0.0.0.3 area 2
network 172.16.10.1 0.0.0.0 area 0

------

R2#sh run | b router ospf

router ospf 1
log-adjacency-changes
network 10.10.10.0 0.0.0.3 area 1

O E2 192.168.30.0/24 [110/20] via 10.10.10.1, 00:13:09, Serial0/0
O E2 192.168.10.0/24 [110/20] via 10.10.10.1, 00:13:19, Serial0/0
     172.16.0.0/24 is subnetted, 1 subnets
O IA    172.16.10.0 [110/74] via 10.10.10.1, 00:23:48, Serial0/0
O E2 192.168.20.0/24 [110/20] via 10.10.10.1, 00:13:14, Serial0/0
     10.0.0.0/30 is subnetted, 3 subnets
C       10.10.10.12 is directly connected, Serial0/1
C       10.10.10.0 is directly connected, Serial0/0
O IA    10.10.10.4 [110/128] via 10.10.10.1, 00:33:52, Serial0/0

------


R3#sh run | b  router ospf
router ospf 1
log-adjacency-changes
network 10.10.10.4 0.0.0.3 area 2

C       10.10.10.8 is directly connected, Serial0/1
O IA    10.10.10.0 [110/128] via 10.10.10.5, 00:12:32, Serial0/0
C       10.10.10.4 is directly connected, Serial0/0

********


you can see R2 is having external routes but R3 don't.



Shahzad.

wassim.alex Mon, 04/02/2012 - 17:37
User Badges:

Hey James,


I believe the answer is pretty simple. You can tag all the static routes you want to distribute to a certain neighbor with tag value 100 for instance and use a route-map under ospf doing the following


On the neighbor you want to receive those certain routes, configure a route-map that matches the source of updates with tag 100


route-map AllowRoutes permit 10

match ip route-source x.x.x.x

match tag 100


while on the other 2 neighbors, configure route-maps that permit everything except the static route


route-map OmitRoutes deny 10

match ip route-source x.x.x.x

match tag 100


The problem is that you can't control which neighbor will be a recipient for some particular routes from the source of updates. However, you can control the recipients to allow certain routes or not.


Hope this helps, my first post ever


Wassim

CCNP

Actions

This Discussion