[AusNOG] Cisco & Router OS help

Mark ZZZ Smith markzzzsmith at yahoo.com.au
Mon Nov 4 14:01:36 EST 2013 




----- Original Message -----
> From: Alex Samad - Yieldbroker <Alex.Samad at yieldbroker.com>
> To: "ausnog at lists.ausnog.net" <ausnog at lists.ausnog.net>
> Cc: 
> Sent: Monday, 4 November 2013 1:01 PM
> Subject: [AusNOG] Cisco & Router OS help
> 
> Hi
> 
> I got lots of help with my RouterOS problem before, wondering if I can find 
> somebody to help with my new problem.
> 
> OSPF & Cisco & RouterOS, this is an issue of filter OSPF LSA's at a 
> ABR.
> 
> What I am ref is 
> http://www.cisco.com/en/US/tech/tk365/technologies_white_paper09186a0080531fd2.shtml#prefixadmin
> ""
> There can be several reasons for redistribution between multiple processes. 
> These are a few examples:
> To filter an OSPF route from part of the domain
> To separate different OSPF domains
> To migrate between separate domains
> ""
> 
> The first option "To filter an OSPF route from part of the domain" 
> just doesn't seem to be working for me and I am not sure if it's my 
> reading of the cisco or some strange thing of RouterOS or ...
> 
> I am sure I am running into a gotcha that I don't know about.
> 
> If you can email me off list please
> 

I think on-list might be better so that archive/Internet searches etc. later show it up.

It's a long time since I've done it/knew about it, however my guess is that you might be falling into the Cisco "reverse bitmask" problem of subnet masks verses ACLs. Route filters using ACLs use ACL format masks, not subnet masks, so if you want to filter e.g. 192.168.0.0/24, your Cisco "ACL" route filter would look something like "192.168.0.0 0.0.0.255". Check the details, my memory might be incorrect.  

This was one of the reasons why using route-maps for route filtering was much more intuitive, as they could then refer to prefix-lists, and prefix lists followed standard subnet/prefix length conventions. If you have the option of using route-maps to do your OSPF redistribution, I'd use them instead.

(There are some traps with them too though - if there is a deny statement at the end of one of the match prefix-lists (which I do to make the deny explicit, similar to the ACL convention of doing it), it bails on that route-map clause and then moves onto the next one. I've literally spent a day trying to work out why there were never any matches on my second prefix list in the match statement. A good rule is to never try to match multiple prefix lists in one route-map clause, and to create another to match on it.)


Regards,
Mark.

More information about the AusNOG mailing list