RE: Distribute-list gateway for OSPF

From: Chris Lewis \(chrlewis\) (chrlewis@cisco.com)
Date: Tue Sep 06 2005 - 16:18:01 GMT-3

• Next message: Brian McGahan: "RE: no arp frame-relay"
• Previous message: brad ellis: "Re: Recert Prometric/VUE issue [bcc][faked-from]"
• Maybe in reply to: gladston@br.ibm.com: "RE: Distribute-list gateway for OSPF"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Gladston,

Ithin kwhat you show is correct. My tests showed that if you put the
router-ID in the gateway prefix-list, the route was not filtered, but if
you put the adjacent interface address of the gateqay, the route was
filtered. I don't think you can enter multiple distribute-list gateway
configurations for a multi-access network.

Chris

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
gladston@br.ibm.com
Sent: Tuesday, September 06, 2005 11:39 AM
To: Chris Lewis (chrlewis)
Cc: ccielab@groupstudy.com
Subject: RE: Distribute-list gateway for OSPF

Chris,

Would you mind to test it once more?

I tested again and again, and, for version 12.2T, it does not take into
account what is specified on gateway; it always filter based on the
prefix.

Tests:

router ospf 1
 distribute-list prefix Prefix-ospf gateway Gateway-ospf in !
ip prefix-list Gateway-ospf seq 5 permit 77.77.77.77/32 ip prefix-list
Prefix-ospf seq 5 deny 148.5.4.1/32 ip prefix-list Prefix-ospf seq 10
permit 0.0.0.0/0 le 32

This time I tested on LAN segment (previous post was on NBMA).
R4 and R7 announces route 148.5.4.1/32.

Before applying the distribute-list:

Rack2R6#sir 148.5.4.1
Routing entry for 148.5.4.1/32
  Known via "ospf 1", distance 110, metric 2, type intra area
  Redistributing via ospf 694
  Advertised by ospf 694 subnets
  Last update from 148.5.46.4 on FastEthernet4/0.46, 00:21:56 ago
  Routing Descriptor Blocks:
  * 148.5.146.4, from 4.4.4.4, 00:21:56 ago, via FastEthernet4/0.146
      Route metric is 2, traffic share count is 1
    148.5.46.4, from 4.4.4.4, 00:21:56 ago, via FastEthernet4/0.46
      Route metric is 2, traffic share count is 1

After applying it:

Rack2R6#sir 148.5.4.1
% Subnet not in table
Rack2R6#

Also trying specifying the IP address of the interface of R4, but it
also filter the route from R7:

Rack2R6(config)#no ip prefix-list R4 permit 4.4.4.4/32
Rack2R6(config)#ip prefix-list R4 permit 148.5.46.4/32

Rack2R6#sir 148.5.253.253
% Subnet not in table

Also tested with EIGRP. Here it takes in account the gateway, but the
result is similar to OSPF. It is not possible to filter from one gateway
and receive from another if they are on the same subnet.

My conclusion is:
        If specifying the gateway keyword, as the following example, IOS
really takes in account the source, which can be checked with 'sh ip
prefix-list detail eigrp-from-r6', but it does not allow any other
sources. That would be different if IOS acepts another line of
'distribute-list prefix x.x.x.x gateway y.y.y.y', which is not the case;
just the last line typed is configured.

router eigrp 467
 distribute-list prefix p148.5.251.0/24 gateway eigrp-from-r6 in

Rack2R4#sh ip prefix-list detail eigrp-from-r6 ip prefix-list
eigrp-from-r6:
   count: 1, range entries: 0, sequences: 5 - 5, refcount: 3
   seq 5 permit 148.5.46.6/32 (hit count: 3, refcount: 1)

Any other tests appreciated.

Cordially,
------------------------------------------------------------------
 Gladston

"Chris Lewis \(chrlewis\)" <chrlewis@cisco.com>
22/08/2005 23:10

To
Alaerte Gladston Vidali/Brazil/IBM@IBMBR, <ccielab@groupstudy.com> cc

Subject
RE: Distribute-list gateway for OSPF

This works for me. The difference is you have to specify the IP address
of the interface on the gateway sending you the OSPF LSAs instead of the
router ID of the gateway.

Chris

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
gladston@br.ibm.com
Sent: Monday, August 22, 2005 1:37 PM
To: ccielab@groupstudy.com
Subject: Distribute-list gateway for OSPF

Can distribute-list filter based on gateway for OSPF?

Tests shows it can't.

Tests:

148.5.3.1 is filtered, don't matter if the gateway is 3.3.3.3 or
another.
3.3.3.3 is the router ID of R3.
R3 and R2 advertises net 148.5.3.1.

router ospf 1
distribute-list prefix Distribute-filter gateway Gateway in !
ip prefix-list Distribute-filter seq 5 deny 148.5.3.1/32 ip prefix-list
Distribute-filter seq 10 permit 0.0.0.0/0 le 32 !
ip prefix-list Gateway seq 5 permit 3.3.3.3/32

Rack2R5#sh ip prefix-list det Gateway
ip prefix-list Gateway:
count: 1, range entries: 0, sequences: 5 - 5, refcount: 3 seq 5 permit
3.3.3.3/32 (hit count: 0, refcount: 1)

Rack2R5#clear ip rou *
Rack2R5#sh ip prefix-list det Gateway
ip prefix-list Gateway:
count: 1, range entries: 0, sequences: 5 - 5, refcount: 3 seq 5 permit
3.3.3.3/32 (hit count: 0, refcount: 1)

Rack2R5#sh ip prefix-list det Distribute-filter ip prefix-list
Distribute-filter:
count: 2, range entries: 1, sequences: 5 - 10, refcount: 2 seq 5 deny
148.5.3.1/32 (hit count: 6, refcount: 1) seq 10 permit 0.0.0.0/0 le 32
(hit count: 108, refcount: 1)

Rack2R5#clear ip rou *
Rack2R5#sh ip prefix-list det Distribute-filter ip prefix-list
Distribute-filter:
count: 2, range entries: 1, sequences: 5 - 10, refcount: 2 seq 5 deny
148.5.3.1/32 (hit count: 8, refcount: 1) seq 10 permit 0.0.0.0/0 le 32
(hit count: 143, refcount: 1)

• Next message: Brian McGahan: "RE: no arp frame-relay"
• Previous message: brad ellis: "Re: Recert Prometric/VUE issue [bcc][faked-from]"
• Maybe in reply to: gladston@br.ibm.com: "RE: Distribute-list gateway for OSPF"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:14 GMT-3