Categories R&S

OSPF – Implement and troubleshoot filtering – Route-map

Let’s move one to another way of filtering traffic in OSPF.

 

Theory:

Route-maps can be used in conjunction with distribute-list to filter traffic.

Only inbound filtering is supported and this is local to the router routing table.

 

OSPF database advertisement are not affected when using route-map filtering.

 

 

Requirements:

Make sure traffic from R2 to R10 loopback (10.10.10.10) goes via R3 and not R1.

 

 

Diagram:

Not-so-totally-stubby area

 

Configuration and verification:

 

What’s the current status, R2 see only one route through R1 to reach R10’s loopback. In the OSPF database, we can see there is a path via R3 but the metric is higher.

R2#sh ip route 10.10.10.10
Routing entry for 10.10.10.10/32
  Known via "ospf 10", distance 110, metric 4, type inter area
  Last update from 10.10.1.1 on Ethernet0/0, 00:04:01 ago
  Routing Descriptor Blocks:
  * 10.10.1.1, from 11.11.11.11, 00:04:01 ago, via Ethernet0/0
      Route metric is 4, traffic share count is 1

R2#sh ip ospf data sum 10.10.10.10
            OSPF Router with ID (22.22.22.22) (Process ID 10)
                Summary Net Link States (Area 0)
  Routing Bit Set on this LSA in topology Base with MTID 0
  LS age: 256
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 10.10.10.10 (summary Network Number)
  Advertising Router: 11.11.11.11
  LS Seq Number: 80000001
  Checksum: 0x8E57
  Length: 28
  Network Mask: /32
        MTID: 0         Metric: 3

  LS age: 251
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 10.10.10.10 (summary Network Number)
  Advertising Router: 33.33.33.33
  LS Seq Number: 80000001
  Checksum: 0xACCE
  Length: 28
  Network Mask: /32
        MTID: 0         Metric: 21

 

Let’s try to influence the path.

First create two access-list, one for the destination and one for the next hop. In our case we couldn’t set an exit interface because R2 use the same to R1 or R3:

R2(config)#access-list 1 permit 10.10.10.10 0.0.0.0
R2(config)#access-list 2 permit 10.10.1.1 0.0.0.0

 

Next we create a route map to deny when both access-list are match:

R2(config)#route-map DENY-TO-R1 deny 10
R2(config-route-map)#match ip address 1
R2(config-route-map)#match ip next-hop 2
R2(config-route-map)#route-map DENY-TO-R1 permit 20

 

Last we apply it under the OSPF process using a distribute-list (note that outbound is not allowed):

R2(config-router)#distribute-list route-map DENY-TO-R1 out
% OUT direction is not allowed in case of OSPF
R2(config-router)#distribute-list route-map DENY-TO-R1 in

 

So how is this going?

The route to 10.10.10.10 is not in the routing table anymore but the route via R3 is not there too…

R2#sh ip route 10.10.10.10
% Subnet not in table

 

We still see it in the OSPF database, but the route via R1 is still seen as the preferred one.

R2#sh ip ospf database sum 10.10.10.10
            OSPF Router with ID (22.22.22.22) (Process ID 10)
                Summary Net Link States (Area 0)
  Routing Bit Set on this LSA in topology Base with MTID 0
  LS age: 1093
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 10.10.10.10 (summary Network Number)
  Advertising Router: 11.11.11.11
  LS Seq Number: 80000001
  Checksum: 0x8E57
  Length: 28
  Network Mask: /32
        MTID: 0         Metric: 3

  LS age: 1088
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 10.10.10.10 (summary Network Number)
  Advertising Router: 33.33.33.33
  LS Seq Number: 80000001
  Checksum: 0xACCE
  Length: 28
  Network Mask: /32
        MTID: 0         Metric: 21

 

To make this work, we need to have both routes (from R3 or from R1) seen as equal.

I have changed the OSPF cost on the link so that both routes have an equal cost, and here we are, the route via R3 is now installed:

R2#sh ip route 10.10.10.10
Routing entry for 10.10.10.10/32
  Known via "ospf 10", distance 110, metric 4, type inter area
  Last update from 10.10.1.3 on Ethernet0/0, 00:00:01 ago
  Routing Descriptor Blocks:
  * 10.10.1.3, from 33.33.33.33, 00:00:01 ago, via Ethernet0/0
      Route metric is 4, traffic share count is 1

R2#sh ip ospf data sum 10.10.10.10
            OSPF Router with ID (22.22.22.22) (Process ID 10)
                Summary Net Link States (Area 0)
  Routing Bit Set on this LSA in topology Base with MTID 0
  LS age: 1368
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 10.10.10.10 (summary Network Number)
  Advertising Router: 11.11.11.11
  LS Seq Number: 80000001
  Checksum: 0x8E57
  Length: 28
  Network Mask: /32
        MTID: 0         Metric: 3

  LS age: 48
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 10.10.10.10 (summary Network Number)
  Advertising Router: 33.33.33.33
  LS Seq Number: 80000003
  Checksum: 0xF397
  Length: 28
  Network Mask: /32
        MTID: 0         Metric: 3

 

Route-map can gives you more control on how to influence the traffic path.

I will play more with it in some later posts.

 

Thank you for reading.

 

OSPF – Implement and troubleshoot filtering – Route-map