cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3930
Views
0
Helpful
8
Replies

Route Filtering and Redistribution in OSPF in Nexus 7K

I have a Data Center (DC) in which I have Nexus 7K working as Router and doing OSPF with my MPLS provider (Service Provider - SP) to get remote locations/offices Routes into Data Center. I have static routes pointing to Data Center Internal Network (DC-LAN). I want redistribute static routes into OSPF with assignment tag. And also I want filter routes coming from SP (remote locations/offices routes) into Data Center. 

Please someone provide me solution and configuration example.  

Nexus Model: 7710

Version: 6.2

8 Replies 8

Francesco Molino
VIP Alumni
VIP Alumni

Hi

For example purpose, let's assume that all your static routes are for a global subnet of 192.168.0.0/16 and all subnets are /24 and some static for 172.16.0.0/16. You can have static routes pointing to 192.168.10.0/24, 192.168.20.0/24, ...

For redistribution you can use standard ACL or prefix-list.

I'll show you the config by using prefix-list (I prefer prefix-list instead of ACLs).

1. You need to create prefix-list to filter which static routes you want to redistribute (optional if you want to filter):

  ip prefix-list STATIC_Redistribute seq 5 permit 192.168.0.0/16 ge 24 ==> it will match all networks that are at least 24 bits in length

2. create a route-map (mandatory)

route-map STATIC_Redist_RMAP permit 10

 match ip address prefix-list STATIC_Redist_RMAP ==> Optional if you want to filter static routes to redistribute

 set tag 100 ==> Set the tag you want

route-map STATIC_Redist_RMAP permit 20 ==> If you used prefix-list to filter, you need to create one to indicate to the router what to do with other subnets if you want to do other stuff...

3. redistribute in OSPF

router ospf XX

 redistribute static route-map STATIC_Redist_RMAP

If you use ACLs to filter, configs is the same except in the route-map, the command to call ACL is  match ip address

To filters route on incoming on your Nexus, you need to use distribute-lit. All networks will be visible on the ospf database, but you can filter some to not being installed on your RIB. To do that, you need to play with distribute-list for example.

To filter, you can use multiple criteria, route tag, prefix-list, acl, route-type,...

For the example, I assume you have tagged routes coming from remote sites and we will filter by using match tag criteria.

1. you need to create a route-map

route-map FILTER deny 10 ==> Networks that will be filtered and not installed on RIB

 match tag XXX

route-map FILTER permit 20 ==> To allow all others networks to be installed

2. Apply distribute-list in the ospf process:

router ospf xx

 distribute-list route-map FILTER in

If you want to filter by networks, you can use prefix-list and match prefix-list criteria under the deny route-map (like I've shown on the 1st example for redistribution)

Hope this is clear.

Thanks

Those commands are valid for IOS. For Nexus, I don't have one right now but I'm quite sure (99%) that those commands are valid with the same syntax. Logic is same, maybe some syntax and/or parameters can change between IOS and NX-OS


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Many Thanks for Solution. 

NX-OS won't support distribution list and it has equivalent is filter-list but it seems to filter-list only filter LSA type 3 OSPF routes. But I need to filter all types LSAs.

Any one knows, how can achieve this ? 

Hi

If you have a Nexus 7k, you can look table map feature.

With nexus 5k, you will not be able to do that. Maybe you need to do it on upstream router


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

OK. It is Nexus 7K with ver 6.2. So I would like to flter OSPF routes with having tag 123 and all other OSPF routes need to allow then below my configuration is correct ?

router ospf XX

    table-map DC_TEST

route-map DC_TEST deny 10
match tag 123
route-map DC_TEST permit 20

Normally, you should add the keyword filter after the table-map like:

table-map DC_TEST filter


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Thank You. 

What is difference between with adding keyword "filter" and without  adding keyword "filter" ?

What is difference between with adding keyword "filter" and without  adding keyword "filter"

router ospf XX
    table-map DC_TEST

route-map DC_TEST deny 10
match tag 123
route-map DC_TEST permit 20

OR

router ospf XX
    table-map DC_TEST filter

route-map DC_TEST deny 10
match tag 123
route-map DC_TEST permit 20

Which one correct ? 

With filter you avoid installing matching routes into RIB

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus7000/sw/unicast/command/reference/n7k_unicast_cmds/l3_cmds_t.html


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: