automaty do gry

Social Icons

Thursday, April 10, 2014

CCNP ROUTE: 14. OSPF route filtering - Filtering OSPF Routes Added to the Routing Table (filtering with distribute lists)

This type of route filtering allows individual routers to filter OSPF routes from getting into their respective IP routing tables.
This type of filtering injects logic between the SPF algorithm on a router and that same router’s IP routing table.

The mechanics of the distribute-list router subcommand has a few surprises, which are summarized in this list:
■ The command requires either an in or out direction. Only the "in" direction works for filtering routes as described in this section, because it refers to adding those routes IN the routing table.
■ The command must refer to either a numbered ACL, named ACL, prefix list, or route map.
  Regardless, routes matched with a permit action are allowed into the routing table, and routes matched with a deny action are filtered.
■ Optionally, the command can include the "interface interface-name-and-number" parameters.
  The router compares these parameters to the route’s outgoing interface.

Consider R13's routing table:

R13#show ip route
...
     192.168.13.0/32 is subnetted, 1 subnets
O IA    192.168.13.13 [110/21] via 192.168.168.1, 01:32:58, FastEthernet0/0
     10.0.0.0/32 is subnetted, 5 subnets
O IA    10.0.1.3 [110/148] via 192.168.168.1, 00:41:32, FastEthernet0/0
O IA    10.0.1.2 [110/148] via 192.168.168.1, 00:41:32, FastEthernet0/0
O IA    10.0.11.11 [110/149] via 192.168.168.1, 00:38:10, FastEthernet0/0
O IA    10.0.10.10 [110/149] via 192.168.168.1, 00:38:10, FastEthernet0/0
O IA    10.0.1.1 [110/84] via 192.168.168.1, 00:41:34, FastEthernet0/0
     192.168.0.0/24 is variably subnetted, 4 subnets, 2 masks
O IA    192.168.0.12/30 [110/84] via 192.168.168.1, 01:32:51, FastEthernet0/0
O IA    192.168.0.0/29 [110/20] via 192.168.168.1, 01:32:59, FastEthernet0/0
O IA    192.168.0.16/30 [110/84] via 192.168.168.1, 01:32:51, FastEthernet0/0
O IA    192.168.0.20/30 [110/84] via 192.168.168.1, 01:32:51, FastEthernet0/0
     192.168.168.0/30 is subnetted, 1 subnets
C       192.168.168.0 is directly connected, FastEthernet0/0
     192.168.100.0/32 is subnetted, 1 subnets
O IA    192.168.100.100 [110/21] via 192.168.168.1, 01:32:52, FastEthernet0/0
C    192.168.169.0/24 is directly connected, Loopback169
     192.168.3.0/30 is subnetted, 1 subnets
O IA    192.168.3.0 [110/94] via 192.168.168.1, 01:32:52, FastEthernet0/0
     192.168.33.0/32 is subnetted, 1 subnets
O IA    192.168.33.33 [110/95] via 192.168.168.1, 01:32:52, FastEthernet0/0
O*IA 0.0.0.0/0 [110/11] via 192.168.168.1, 01:33:01, FastEthernet0/0

We don`t want routes for networks in Area 3 (192.168.3.0/30 and 192.168.33.0/32) to be known by routers in Area 1 (R13):

Option A: Create an ACL on R13 and refer to it in the distribute list:

R13(config)#access-list 25 deny 192.168.3.0 0.0.0.3
R13(config)#access-list 25 deny 192.168.33.0 0.0.0.0
R13(config)#access-list 25 permit any

 R13(config)#router ospf 1
R13(config-router)#distribute-list 25 in

Result (as expected):
R13#show ip route
...
     192.168.13.0/32 is subnetted, 1 subnets
O IA    192.168.13.13 [110/21] via 192.168.168.1, 00:00:18, FastEthernet0/0
     10.0.0.0/32 is subnetted, 5 subnets
O IA    10.0.1.3 [110/148] via 192.168.168.1, 00:00:18, FastEthernet0/0
O IA    10.0.1.2 [110/148] via 192.168.168.1, 00:00:18, FastEthernet0/0
O IA    10.0.11.11 [110/149] via 192.168.168.1, 00:00:18, FastEthernet0/0
O IA    10.0.10.10 [110/149] via 192.168.168.1, 00:00:18, FastEthernet0/0
O IA    10.0.1.1 [110/84] via 192.168.168.1, 00:00:20, FastEthernet0/0
     192.168.0.0/24 is variably subnetted, 4 subnets, 2 masks
O IA    192.168.0.12/30 [110/84] via 192.168.168.1, 00:00:20, FastEthernet0/0
O IA    192.168.0.0/29 [110/20] via 192.168.168.1, 00:00:20, FastEthernet0/0
O IA    192.168.0.16/30 [110/84] via 192.168.168.1, 00:00:20, FastEthernet0/0
O IA    192.168.0.20/30 [110/84] via 192.168.168.1, 00:00:20, FastEthernet0/0
     192.168.168.0/30 is subnetted, 1 subnets
C       192.168.168.0 is directly connected, FastEthernet0/0
     192.168.100.0/32 is subnetted, 1 subnets
O IA    192.168.100.100 [110/21] via 192.168.168.1, 00:00:21, FastEthernet0/0
C    192.168.169.0/24 is directly connected, Loopback169
O*IA 0.0.0.0/0 [110/11] via 192.168.168.1, 00:00:21, FastEthernet0/0

Option B: Create a prefix-list on R13 and refer to it in the distribute list:

R13(config)#ip prefix-list filter-area3 deny 192.168.3.0/24 ge 25
R13(config)#ip prefix-list filter-area3 deny 192.168.33.0/24 le 32
R13(config)#ip prefix-list filter-area3 permit 0.0.0.0/0 le 32

 R13(config)#router ospf 1
R13(config-router)#distribute-list prefix filter-area3 in

Result (as expected):
R13#show ip route
...
     192.168.13.0/32 is subnetted, 1 subnets
O IA    192.168.13.13 [110/21] via 192.168.168.1, 00:00:05, FastEthernet0/0
     10.0.0.0/32 is subnetted, 5 subnets
O IA    10.0.1.3 [110/148] via 192.168.168.1, 00:00:05, FastEthernet0/0
O IA    10.0.1.2 [110/148] via 192.168.168.1, 00:00:05, FastEthernet0/0
O IA    10.0.11.11 [110/149] via 192.168.168.1, 00:00:05, FastEthernet0/0
O IA    10.0.10.10 [110/149] via 192.168.168.1, 00:00:05, FastEthernet0/0
O IA    10.0.1.1 [110/84] via 192.168.168.1, 00:00:07, FastEthernet0/0
     192.168.0.0/24 is variably subnetted, 4 subnets, 2 masks
O IA    192.168.0.12/30 [110/84] via 192.168.168.1, 00:00:07, FastEthernet0/0
O IA    192.168.0.0/29 [110/20] via 192.168.168.1, 00:00:07, FastEthernet0/0
O IA    192.168.0.16/30 [110/84] via 192.168.168.1, 00:00:07, FastEthernet0/0
O IA    192.168.0.20/30 [110/84] via 192.168.168.1, 00:00:07, FastEthernet0/0
     192.168.168.0/30 is subnetted, 1 subnets
C       192.168.168.0 is directly connected, FastEthernet0/0
     192.168.100.0/32 is subnetted, 1 subnets
O IA    192.168.100.100 [110/21] via 192.168.168.1, 00:00:08, FastEthernet0/0
C    192.168.169.0/24 is directly connected, Loopback169
O*IA 0.0.0.0/0 [110/11] via 192.168.168.1, 00:00:08, FastEthernet0/0

Option C: Create a route-map (referencing an ACL) on R13 and refer to it in the distribute list:

R13(config)#ip access-list standard 10
R13(config-std-nacl)#1 permit 192.168.3.0 0.0.0.3  
R13(config-std-nacl)#2 permit 192.168.33.0 0.0.0.255

 R13(config)#route-map filter-area-3 deny 10
R13(config-route-map)#match ip address 10
R13(config)#route-map filter-area-3 permit 20

 R13(config)#router ospf 1
R13(config-router)#distribute-list route-map filter-area-3 in

Result (as expected);
R13#show ip route
...
     192.168.13.0/32 is subnetted, 1 subnets
O IA    192.168.13.13 [110/21] via 192.168.168.1, 00:00:04, FastEthernet0/0
     10.0.0.0/32 is subnetted, 5 subnets
O IA    10.0.1.3 [110/148] via 192.168.168.1, 00:00:04, FastEthernet0/0
O IA    10.0.1.2 [110/148] via 192.168.168.1, 00:00:04, FastEthernet0/0
O IA    10.0.11.11 [110/149] via 192.168.168.1, 00:00:04, FastEthernet0/0
O IA    10.0.10.10 [110/149] via 192.168.168.1, 00:00:04, FastEthernet0/0
O IA    10.0.1.1 [110/84] via 192.168.168.1, 00:00:06, FastEthernet0/0
     192.168.0.0/24 is variably subnetted, 4 subnets, 2 masks
O IA    192.168.0.12/30 [110/84] via 192.168.168.1, 00:00:06, FastEthernet0/0
O IA    192.168.0.0/29 [110/20] via 192.168.168.1, 00:00:06, FastEthernet0/0
O IA    192.168.0.16/30 [110/84] via 192.168.168.1, 00:00:06, FastEthernet0/0
O IA    192.168.0.20/30 [110/84] via 192.168.168.1, 00:00:06, FastEthernet0/0
     192.168.168.0/30 is subnetted, 1 subnets
C       192.168.168.0 is directly connected, FastEthernet0/0
     192.168.100.0/32 is subnetted, 1 subnets
O IA    192.168.100.100 [110/21] via 192.168.168.1, 00:00:08, FastEthernet0/0
C    192.168.169.0/24 is directly connected, Loopback169
O*IA 0.0.0.0/0 [110/11] via 192.168.168.1, 00:00:08, FastEthernet0/0

Option D: Create a route-map (referencing a prefix-list) on R13 and refer to it in the distribute list:

R13(config)#ip prefix-list filter3 permit 192.168.3.0/24 ge 25
R13(config)#ip prefix-list filter3 permit 192.168.33.0/24 le 32

 R13(config)#route-map filter-area-3 deny 10
R13(config-route-map)#match ip address prefix-list filter3
R13(config)#route-map filter-area-3 permit 20

 R13(config)#router ospf 1
R13(config-router)#distribute-list route-map filter-area-3 in

Result (as expected):
R13#show ip route
...
     192.168.13.0/32 is subnetted, 1 subnets
O IA    192.168.13.13 [110/21] via 192.168.168.1, 00:02:13, FastEthernet0/0
     10.0.0.0/32 is subnetted, 5 subnets
O IA    10.0.1.3 [110/148] via 192.168.168.1, 00:02:13, FastEthernet0/0
O IA    10.0.1.2 [110/148] via 192.168.168.1, 00:02:13, FastEthernet0/0
O IA    10.0.11.11 [110/149] via 192.168.168.1, 00:02:13, FastEthernet0/0
O IA    10.0.10.10 [110/149] via 192.168.168.1, 00:02:13, FastEthernet0/0
O IA    10.0.1.1 [110/84] via 192.168.168.1, 00:02:15, FastEthernet0/0
     192.168.0.0/24 is variably subnetted, 4 subnets, 2 masks
O IA    192.168.0.12/30 [110/84] via 192.168.168.1, 00:02:15, FastEthernet0/0
O IA    192.168.0.0/29 [110/20] via 192.168.168.1, 00:02:15, FastEthernet0/0
O IA    192.168.0.16/30 [110/84] via 192.168.168.1, 00:02:15, FastEthernet0/0
O IA    192.168.0.20/30 [110/84] via 192.168.168.1, 00:02:15, FastEthernet0/0
     192.168.168.0/30 is subnetted, 1 subnets
C       192.168.168.0 is directly connected, FastEthernet0/0
     192.168.100.0/32 is subnetted, 1 subnets
O IA    192.168.100.100 [110/21] via 192.168.168.1, 00:02:17, FastEthernet0/0
C    192.168.169.0/24 is directly connected, Loopback169
O*IA 0.0.0.0/0 [110/11] via 192.168.168.1, 00:02:17, FastEthernet0/0

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)