Solved: redistribution eigrp into ospf,redistribute and distribute-list

sarahr202 · ‎11-26-2011

Hi everybody.

Please consider the following set up.

9.0.0.0/8(loop)------R1--199.199.199.0/24(ospf area 1)--------R2

8.0.0.0/8(loop)

R1 is running eigrp1 on loop backs.

R1 config:

router eigrp 1

network 8.0.0.0

network 9.0.0.0

network 10.0.0.0

auto-summary

!

router ospf 1

log-adjacency-changes

redistribute eigrp 1 route-map zee

network 199.199.199.0 0.0.0.255 area 1

route-map zee permit 10

match ip address 1

route-map zee permit 20

access-list 1 permit 8.0.0.0 0.255.255.255

=======================================================

R2 was able to learn external routes as show below:

C 199.199.199.0/24 is directly connected, Serial0/0

O E2 8.0.0.0/8 [110/20] via 199.199.199.1, 00:02:10, Serial0/0

O E2 9.0.0.0/8 [110/20] via 199.199.199.1, 00:02:10, Serial0/0

Now we add " distribute-list 2 out eigrp 1" to R1's config as shown below:

log-adjacency-changes

redistribute eigrp 1 route-map zee

network 199.199.199.0 0.0.0.255 area 1

distribute-list 2 out eigrp 1

access-list 2 deny 9.0.0.0 0.255.255.255

!

The question is What R1 should do? should it follow " redistribute eigrp 1 route-map zee" which tells R1 to redistribute the routes as dictated by route-map zee i.e all the routes.

Should R1 follow " distribute-list 2 out eigrp 1" which tells R1 not to redistribute any eigrp 1 routes into ospf ?

In nutshell, the question boils down to order of precedence between redistribute eigrp 1 route-map zee and distribute-list 2out eigrp 1 commands.

Thanks and have a great weekend.

Peter Paluch · ‎11-27-2011

Hi Sarah,

The route-map used in redistribution constitutes a filter that specifies which networks should be retaken from the source routing protocol. The distribute-list is a filter that specifies which networks shall be advertised after they are already present in the destination routing protocol's database. From this viewpoint, first, the route-map is applied during the redistribution process, and later, the distribute-list is applied when advertising all networks in the destination routing protocol.

In your example, the net result should be that no external OSPF routes are advertised to R2:

During the redistribution, only the 8.0.0.0/8 network (and its subnets) are allowed to be redistributed from EIGRP into OSPF
During the origination of LSA-5 for networks redistributed from EIGRP, the access-list 2 is consulted due to the distribute-list. However, the ACL disallows all networks (it has only a single deny line). Hence, the redistributed 8.0.0.0/8 is not permitted and no LSA-5 for routes redistributed from EIGRP will actually be generated. Note that even if you corrected the ACL 2 to permit 9.0.0.0 0.255.255.255, such a network has not been redistributed from EIGRP into OSPF in the first place, so again, there is nothing to advertise.

Please feel welcome to ask further!

Best regards,

Peter

View solution in original post

Peter Paluch · ‎11-27-2011

Hello John,

Well, you are correct - it does not make sense to redistribute networks that are subsequently prohibited by a distribute list. I believe that Sarah simply asked about the sequence of steps taking place when both route-map and distribute lists are used.

It should be stressed that distribute lists work differently in different routing protocols. IS-IS has no support for distribute lists. RIP and EIGRP allow using distribute lists at any router in the topology, in any direction and on any interface. That is a result of the distance-vector nature of these protocols: it is always possible to not advertise or accept a route in the particular routing protocol advertisement. In OSPF, it is complicated. Distribute lists in the out direction are valid only on ASBRs and apply only to redistributed routes. Distribute lists in the in direction can be used on any router but have only local significance - they can prevent a network from entering a particular router's routing table but in contrast to distance-vector protocols, all other routers will still know about that route.

So in certain circumstances, it may be reasonable to redistribute a network that is subsequently prohibited by a distribute-list, if that distribute-list applies only to a particular set of interfaces. However, in OSPF, the distribute-list always applies to all interfaces, and thus, it is futile to redistribute networks that will be filtered out by a distribute-list.

Best regards,

Peter

Best regards,

Peter

View solution in original post

Peter Paluch · ‎11-27-2011

Hi John,

Let me see if I got this correctly. Let's say I'm running OSPF as my  routing protocol, and RouterA in my OSPF domain needs to filter out  network 10.0.0.0/24. I would need to configure a distribute-list in the  inbound direction. Now, I would assume that network 10.0.0.0/24 will  still be installed in the OSPF Link State Database, since it's a Link  State routing protocol, but it would not be included in the RIB.

Correct. This network will still be in the Link State Databases on all routers (simplified - usual rules about route dissemination between areas apply). Router A in particular will not have that route in its routing table. Other routers will. Note that this may cause traffic blackholing if the router A is on the shortest path towards that network for a set of routers.

Now, if I had an ASBR on my OSPF domain, and I wanted to redistribute 10 EIGRP routes, and one of these 10 is 5.5.5.5/32. When I issue my redistribute command I will need to include a distribute-list in the outbound direction which denies 5.5.5.5 but allows the other 9?

I do not understand what you are trying to accomplish. If you want to redistribute all networks, then you simply redistribute the entire EIGRP. If you want to redistribute only selected EIGRP networks, you will use a route map to select the routes eligible for redistribution. You do not need to use a distribute list. With OSPF, the distribute-list out can be replaced in probably all cases with route maps used in redistribution.

Please feel welcome to ask further if I have not covered your concerns.

Best regards,

Peter

View solution in original post

Peter Paluch · ‎11-27-2011

John,

Oh, and missed one of your questions.

EIGRP distribute-list = Per Interface
OSPF distribute-list = Per Router

Basically, yes. In EIGRP and RIP, you can use the distribute list for all routes received (in) or sent (out) via a particular selected interface. In OSPF, distribute lists act only on the per-router level, and in particular with 'out' distribute-lists, only on ASBRs for redistributed routes.

Best regards,

Peter

View solution in original post

Peter Paluch · ‎11-27-2011

Hi Sarah,

The route-map used in redistribution constitutes a filter that specifies which networks should be retaken from the source routing protocol. The distribute-list is a filter that specifies which networks shall be advertised after they are already present in the destination routing protocol's database. From this viewpoint, first, the route-map is applied during the redistribution process, and later, the distribute-list is applied when advertising all networks in the destination routing protocol.

In your example, the net result should be that no external OSPF routes are advertised to R2:

During the redistribution, only the 8.0.0.0/8 network (and its subnets) are allowed to be redistributed from EIGRP into OSPF
During the origination of LSA-5 for networks redistributed from EIGRP, the access-list 2 is consulted due to the distribute-list. However, the ACL disallows all networks (it has only a single deny line). Hence, the redistributed 8.0.0.0/8 is not permitted and no LSA-5 for routes redistributed from EIGRP will actually be generated. Note that even if you corrected the ACL 2 to permit 9.0.0.0 0.255.255.255, such a network has not been redistributed from EIGRP into OSPF in the first place, so again, there is nothing to advertise.

Please feel welcome to ask further!

Best regards,

Peter

JohnTylerPearce · ‎11-27-2011

Peter, would it be easier to just not redistribute 9.0.0.0/8. It seems like he doesn't want that network anywhere

except for in EIGRP. It seems to be it's extra processing power to run a distribute-list that he doesn't really need.

Please correct me if I'm wrong.

Peter Paluch · ‎11-27-2011

Hello John,

Well, you are correct - it does not make sense to redistribute networks that are subsequently prohibited by a distribute list. I believe that Sarah simply asked about the sequence of steps taking place when both route-map and distribute lists are used.

It should be stressed that distribute lists work differently in different routing protocols. IS-IS has no support for distribute lists. RIP and EIGRP allow using distribute lists at any router in the topology, in any direction and on any interface. That is a result of the distance-vector nature of these protocols: it is always possible to not advertise or accept a route in the particular routing protocol advertisement. In OSPF, it is complicated. Distribute lists in the out direction are valid only on ASBRs and apply only to redistributed routes. Distribute lists in the in direction can be used on any router but have only local significance - they can prevent a network from entering a particular router's routing table but in contrast to distance-vector protocols, all other routers will still know about that route.

So in certain circumstances, it may be reasonable to redistribute a network that is subsequently prohibited by a distribute-list, if that distribute-list applies only to a particular set of interfaces. However, in OSPF, the distribute-list always applies to all interfaces, and thus, it is futile to redistribute networks that will be filtered out by a distribute-list.

Best regards,

Peter

Best regards,

Peter

JohnTylerPearce · ‎11-27-2011

Let me see if I got this correctly. Let's say I'm running OSPF as my routing protocol, and RouterA in my OSPF domain needs to filter out network 10.0.0.0/24. I would need to configure a distribute-list in the inbound direction. Now, I would assume that network 10.0.0.0/24 will still be installed in the OSPF Link State Database, since it's a Link State routing protocol, but it would not be included in the RIB.

Now, if I had an ASBR on my OSPF domain, and I wanted to redistribute 10 EIGRP routes, and one of these 10 is 5.5.5.5/32. When I issue my redistribute command I will need to include a distribute-list in the outbound direction

which denies 5.5.5.5 but allows the other 9?

EIGRP distribute-list = Per Interface

OSPF distribute-list = Per Router

??

Peter Paluch · ‎11-27-2011

Hi John,

Let me see if I got this correctly. Let's say I'm running OSPF as my  routing protocol, and RouterA in my OSPF domain needs to filter out  network 10.0.0.0/24. I would need to configure a distribute-list in the  inbound direction. Now, I would assume that network 10.0.0.0/24 will  still be installed in the OSPF Link State Database, since it's a Link  State routing protocol, but it would not be included in the RIB.

Correct. This network will still be in the Link State Databases on all routers (simplified - usual rules about route dissemination between areas apply). Router A in particular will not have that route in its routing table. Other routers will. Note that this may cause traffic blackholing if the router A is on the shortest path towards that network for a set of routers.

Now, if I had an ASBR on my OSPF domain, and I wanted to redistribute 10 EIGRP routes, and one of these 10 is 5.5.5.5/32. When I issue my redistribute command I will need to include a distribute-list in the outbound direction which denies 5.5.5.5 but allows the other 9?

I do not understand what you are trying to accomplish. If you want to redistribute all networks, then you simply redistribute the entire EIGRP. If you want to redistribute only selected EIGRP networks, you will use a route map to select the routes eligible for redistribution. You do not need to use a distribute list. With OSPF, the distribute-list out can be replaced in probably all cases with route maps used in redistribution.

Please feel welcome to ask further if I have not covered your concerns.

Best regards,

Peter

Peter Paluch · ‎11-27-2011

John,

Oh, and missed one of your questions.

EIGRP distribute-list = Per Interface
OSPF distribute-list = Per Router

Basically, yes. In EIGRP and RIP, you can use the distribute list for all routes received (in) or sent (out) via a particular selected interface. In OSPF, distribute lists act only on the per-router level, and in particular with 'out' distribute-lists, only on ASBRs for redistributed routes.

Best regards,

Peter

JohnTylerPearce · ‎11-27-2011

Nevermind that one question about the ASBR.

sarahr202 · ‎11-27-2011

Thanks Peter and how are you doing ?

Here is my understanding;

Once the routes are redistributed into ospf, distribute-list with out option can be used to filter or allow specifics lsa5 for redistributed prefix.

JohnTylerPearce · ‎11-27-2011

That would be correct since you can only use outbound distribute-lists on ASBR's in OSPF. That way, you could

redistribute some routes, and then use an outbound distribute-list to filter it on the target routing protocol.

redistribution eigrp into ospf,redistribute and distribute-list command