From: Brandon Smithson (thesmithsons@verizon.net)
Date: Sat Jul 21 2007 - 13:14:59 ART
Ben,
http://www.groupstudy.com/archives/ccielab/200706/msg01341.html
Here is an interesting inter-area route filtering technique using
distribute-list in that has not been mentioned in this thread.
It even seems to contradict Cisco's expected behavior:
http://www.cisco.com/en/US/tech/tk365/technologies_q_and_a_item09186a0080094
704.shtml#q12
Brandon
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Ben
Sent: Saturday, July 21, 2007 9:53 AM
To: Antonio Soares
Cc: Cisco certification
Subject: Re: OSPF Filtering
Hi Antonio
Instead of area filter-list, I typed area prefix-list in the earlier post. I
believe that's the feature in the link. Any other obscure ABR filter i
should be aware of, besides the two? I keep getting surprises when I least
expect them.
Thanks
Ben
On 7/21/07, Antonio Soares <amsoares@netcabo.pt> wrote:
>
> Hello Ben,
>
> At the ABR, you have available the feature "OSPF ABR Type 3 LSA
> Filtering":
>
>
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hirp_c
/
ch15/habrt3f.htm
>
>
>
> Regards,
>
> Antonio Soares
> CCIE #18473, CCNP, CCIP
>
>
> ------------------------------
> *From:* Ben [mailto:bmunyao@gmail.com]
> *Sent:* sabado, 21 de Julho de 2007 12:47
> *To:* Antonio Soares
> *Cc:* Cisco certification
> *Subject:* Re: OSPF Filtering
>
>
> Hi
>
> Thank you all for responding.
>
> Derek - the ACL solution works like a charm, and so far its what i use for
> this kind of a question. I envisage a situation where cisco tells you not
to
> use a distribute list. Other IGPs (DV protocols) have many options for
doing
> this, including distance, offset-list, distribute-list ACL,
distribute-list
> route-map etc. OSPF is rather limited comparatively.
>
> Antonio - the information about match ip route-source is a gem. I had no
> idea. Thanks for the link.
>
> In summary, within an ospf area, the solution is as follows:
> 1.you can use an extended ACL as indicated in example1.
> 2.You can also use a route-map with match ip next-hop, provided the next
> hop is identified with an access-list, not a prefix-list.
> 3.Lastly, you can use a route-map with match ip route-source, with the
> route-source IP matching the router-id of the router that sent the LSA. I
> presume the route-source IP would also need to be defined in an ACL, not
ip
> prefex-list.
>
> I will try labbing the last two again at the next opportunity.
> I wonder if there are other alternatives.
>
>
> At ABRs, I'm aware of the following ways to filter routes across area
> boundaries:
>
> area 1 prefix-list
> area 1 range no-advertise
>
> This is from Wendell Odom's CCIE R&S Exam guide. Are there any other ways
> besides the above?
>
>
> Thank you all once again.
>
> Ben
>
>
>
>
> On 7/21/07, Antonio Soares <amsoares@netcabo.pt> wrote:
> >
> > Hello Ben,
> >
> > I'm not sure but i think the "OSPF Route Map Inbound Filtering" feature
> > does
> > not support prefix-lists. In your example #2 and #3 replace your
> > prefix-lists with standard acl's and it should work. Don't forget that
> > when
> > matching the route-source, you need to specify the Router-Id. See the
> > details here:
> >
> >
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hirp_c
> >
> > /ch15/hroutma.htm
> >
> >
> > Regards,
> >
> > Antonio Soares
> > CCIE #18473, CCNP, CCIP
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto: nobody@groupstudy.com] On Behalf Of
> > Ben
> > Sent: sexta-feira, 20 de Julho de 2007 23:19
> > To: Cisco certification
> > Subject: OSPF Filtering
> >
> > Hi
> >
> > This is a scenario I encountered in an IE lab. IGP is OSPF and the
> > requirement is to have R1 get the 10.10.4.0/24 subnet from only one
> > source.
> >
> > 10.10.1.0/24
> > /-------------R2----|
> > / |
> > R1------/ |10.10.4.0/24
> > s0/0 \ |
> > \ |
> > \--------------R3---|
> >
> >
> > R1 gets the route 10.10.4.0/24 from R2 and R3 thro OSPF
> >
> > O 10.10.4.0 [110/65] via 10.10.1.2 .......
> > [110/65] via 10.10.1.3 ........
> >
> > In order to filter out the advert from R3 and use only R2 for
> > forwarding,
> > one can use an extended ACL as follows:
> >
> > Solution 1
> >
> > access-l 100 deny host 10.10.1.3 host 10.10.4.0
> >
> > router ospf 1
> > distribute-list 100 in s0/0
> >
> > I tried using a route-map to do the same without much success. Here is
> > what
> > i did:
> >
> > Solution 2
> >
> > ip pref vl4 permit 10.10.4.0/24
> > ip pref R3 permit 10.10.1.3/32
> >
> > route-m FILTER deny 10
> > match ip add pref vl4
> > match ip next-hop pref R3
> > route-m FILTER permit 20
> >
> > router ospf 1
> > distribute-list route-m FILTER in
> >
> > Solution 3
> >
> > p pref vl4 permit 10.10.4.0/24
> > ip pref R3 permit 10.10.1.3/32
> >
> > route-m FILTER deny 10
> > match ip add pref vl4
> > match ip route-source pref R3
> > route-m FILTER permit 20
> >
> > router ospf 1
> > distribute-list route-m FILTER in
> >
> >
> > Neither solution 2 nor solution 3 worked for me. Logically they appear
> > sound. i would appreciate any comments on these approaches.
> >
> > TIA
> > Ben
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Aug 18 2007 - 08:17:41 ART