Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

route-map permit {match tag}

Hi all,

I have some problem on route filtering.

I have two sites have OSPF neighbor relationship. I would like to filter OSPF route by route tag. I want to only permit only specifi route tag, and deny the rest.

SITE A <--OSPF--> SITE B

SITE B router have redistributed static route into OSPF process with route tag 200. Below is the command i applied in SITE A router.

-----------------------------------------------------

route-map filter permit 10

match tag 200

route-map filter deny 20

router ospf 100

distribute-list route-map filter in

-----------------------------------------------------

But, once i applied the distribute-list command, i lost all routing learned from SITE B router. Before apply the command, i did "sho ip route x.x.x.x" in SITE A(for the matching prefix) , i could see the route tag as "200" . But why it block all the subnets from SITE B router?

I did reverse testing, as below, and it works as suppose. Why its not working the other way ?

-----------------------------------------------------

route-map filter deny 10

match tag 200

route-map filter permit 20

-----------------------------------------------------

Regards,

Nagis       

Regards, Nagis
  • WAN Routing and Switching
Everyone's tags (4)
2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: route-map permit {match tag}

Nagis,

if my understanding is correct, the router at site B is an ASBR and you want to filter out certain external OSPF routes on the router at site A based on tags.

All the external routes will be in the LSBD, the distribute-list in command just defines which routes will be installed in the local routing table.

In order to install external routes, the ASBR has to be reachable; I suppose that your route-map filters out ASBR connectivity too.

Could you check that (show ip ospf border-routers) and make sure that router A knows how to reach the ASBR (router B)?

HTH

Rolf

Re: route-map permit {match tag}

Ok, I think this is causing the problem:

Forward Address: 192.168.35.254

OSPF is enabled on the corresponding interface on router B and the forwarding address is set to non-zero for path-optimization.

So you could either make sure that this network is reachable from router A (changing the route-map) or, if suitable, you could disable OSPF on this network on router B.

Link: Common Routing Problem with OSPF Forwarding Address

Regards

Rolf

9 REPLIES

Re: route-map permit {match tag}

Nagis,

if my understanding is correct, the router at site B is an ASBR and you want to filter out certain external OSPF routes on the router at site A based on tags.

All the external routes will be in the LSBD, the distribute-list in command just defines which routes will be installed in the local routing table.

In order to install external routes, the ASBR has to be reachable; I suppose that your route-map filters out ASBR connectivity too.

Could you check that (show ip ospf border-routers) and make sure that router A knows how to reach the ASBR (router B)?

HTH

Rolf

New Member

Re: route-map permit {match tag}

Hi Rolf,

Yes, SITE B router is ASBR. Fyi, both router is connected via GRE tunnel. After applied the command, i still can see route to reach SITE B router, as its directly connected subnet. But still cant see any route from SITE B router. Any other mistakes?

Regards,

Nagis

Regards, Nagis

route-map permit {match tag}

Can you see Site B's LSAs in the LSDB of router A (show ip ospf database adv-router )?

New Member

Re: route-map permit {match tag}

Hi Rolf,

Yes. As shown below

----------------------------------------------------------------------------------------------------------

                Type-5 AS External Link States

Link ID         ADV Router      Age         Seq#       Checksum Tag

192.168.38.0    3.3.3.3         1663        0x8000000A 0x003761 2000

192.168.39.0    3.3.3.3         1663        0x8000000E 0x00246F 2000

Regards,

Nagis

Regards, Nagis

Re: route-map permit {match tag}

Nagis,

Link ID         ADV Router      Age         Seq#       Checksum Tag

192.168.38.0    3.3.3.3         1663        0x8000000A 0x003761 2000

192.168.39.0    3.3.3.3         1663        0x8000000E 0x00246F 2000

-----------------------------------------------------

route-map filter permit 10

match tag 200

route-map filter deny 20

router ospf 100

distribute-list route-map filter in

-----------------------------------------------------

Looks like the routes are tagged with 2000 but you filter on tag 200?

HTH

Rolf

[EDIT]:

If this was just a typo, could you please post the output of "show ip ospf database external 192.168.38.0"? Perhaps we have a connectivity issue with a non-zero forwarding address.

New Member

route-map permit {match tag}

HI Rolf,

Yes , it was type. Actual Tag is 2000.

---------------------------------------------------------------------

Show command before apply distribute-list

RTR#sho ip ospf database external 192.168.38.0

            OSPF Router with ID (10.166.100.2) (Process ID 100)

                Type-5 AS External Link States

  Routing Bit Set on this LSA in topology Base with MTID 0

  LS age: 194

  Options: (No TOS-capability, DC, Upward)

  LS Type: AS External Link

  Link State ID: 192.168.38.0 (External Network Number )

  Advertising Router: 3.3.3.3

  LS Seq Number: 8000000C

  Checksum: 0x56EF

  Length: 36

  Network Mask: /24

        Metric Type: 2 (Larger than any link state path)

        MTID: 0

        Metric: 100

        Forward Address: 192.168.35.254

        External Route Tag: 2000

-----------------------------------------------------------------------------------------------

Show command after apply distribute-list

RTR#sho ip ospf database external 192.168.38.0

           OSPF Router with ID (10.166.100.2) (Process ID 100)

               Type-5 AS External Link States

LS age: 315

Options: (No TOS-capability, DC, Upward)

LS Type: AS External Link

Link State ID: 192.168.38.0 (External Network Number )

Advertising Router: 3.3.3.3

LS Seq Number: 8000000C

Checksum: 0x56EF

Length: 36

Network Mask: /24

       Metric Type: 2 (Larger than any link state path)

       MTID: 0

       Metric: 100

       Forward Address: 192.168.35.254

       External Route Tag: 2000

--------------------------------------------------------------------------------------------------

Regards,

Nagis

Regards, Nagis

Re: route-map permit {match tag}

Ok, I think this is causing the problem:

Forward Address: 192.168.35.254

OSPF is enabled on the corresponding interface on router B and the forwarding address is set to non-zero for path-optimization.

So you could either make sure that this network is reachable from router A (changing the route-map) or, if suitable, you could disable OSPF on this network on router B.

Link: Common Routing Problem with OSPF Forwarding Address

Regards

Rolf

New Member

route-map permit {match tag}

Hi Rolf,

Thank you so much. That works!! Now i understand the reason behind the issue. Thanks again for your time.

Regards,

Nagis

Regards, Nagis

Re: route-map permit {match tag}

Nagis,

you're welcome. Thanks for the ratings and marking as answered!

Regards,

Rolf

[EDIT/CORRECTION]:

OSPF is enabled on the corresponding interface on router B and the forwarding address is set to non-zero for path-optimization.

So  you could either make sure that this network is reachable from router A  (changing the route-map) or, if suitable, you could disable OSPF on  this network on router B.

"Disable" could be a misleading term; actually it's sufficient to make the interface OSPF passive or change the network-type (point-to-[multi]point), you can find the details in the linked document:

  • These conditions set the forwarding address field to a non-zero address:

    • OSPF is enabled on the ASBR's next hop interface AND

    • ASBR's next hop interface is non-passive under OSPF AND

    • ASBR's next hop interface is not point-to-point AND

    • ASBR's next hop interface is not point-to-multipoint AND

    • ASBR's next hop interface address falls under the network range specified in the router ospf command.

  • Any other conditions besides these set the forwarding address to 0.0.0.0.

  • 486
    Views
    0
    Helpful
    9
    Replies
    This widget could not be displayed.