Using Distribute Lists

  • Distribute List allow you to apply access-list filtering to routing updates
  • Can be applied inbound or outbound under a routing process
  • works slightlu different with OSPF and IS-IS

The distribute-list command, given under router configuration mode, has two options:

  • distribute-list access-list in — Filters updates as they come in an interface. For OSPF, this controls routes placed in the routing table but

not the database, the OSPF process knows that route but will not use it in the routing table. For other protocols, this controls the routes the protocol

knows about.

  • distribute-list access-list out — Filters updates going out of an interface and also updates being redistributed out of another routing

protocol into this one.

Example of distribute lists under router configuration mode

Define the Access-list

Take the name of the ACLs is case sensitive.

R1(config)# ip access-list standard ROUTE_FILTRER
R1(config-std-nacl)# deny 10.50.1.0 0.0.0.255
R1(config-std-nacl)# deny 10.50.2.0 0.0.0.255
R1(config-std-nacl)# permit any
Apply to the routing process
R1(config)# router rip
R1(config-router)# distribute-list ROUTE_FILTER out

Without more details, the ACLs will be applied to all interface, and then, no routers will learn about theses filtered routes.

R1(config-router)# distribute-list ROUTE_FILTER out serial 0.2

Example of distribute lists with redistribute command

Define the Access-list
R1(config)# ip access-list standard ROUTE_FILTRER2
R1(config-std-nacl)# deny 10.50.3.0 0.0.0.255
R1(config-std-nacl)# deny 10.50.4.0 0.0.0.255
R1(config-std-nacl)# permit any
Apply to the routing redistribute command
R1(config)# router ospf 1
R1(config-router)# redistribute rip subnets 1000
R1(config-router)# distribute-list ROUTE_FILTER2 out rip

As you can see, we don't define an interface but we filter it out the RIP protocol.

Using Route-maps

  • Similar to BASIC Programming
  • Essentially a compilation of "If...Then" statements
  • Used heavily in BGP; Also used in Policy-based routing and route filtering

Configure the route-map

If you don't specified a sequence-number or a permit/deny option, the default is permit 10.

R1(config)# route-map MY-ROUTE-MAP permit 10
R1(config-route-map)# match <that>
R1(config-route-map)# set <this>

Multiple match conditions on different lines use a logical AND. For example, the router interprets the following route map statement as “match <that21>

and <that22>”.

R1(config)# route-map My-ROUTE-MAP permit 20
R1(config-route-map)# match <that21>
R1(config-route-map)# match <that22>
R1(config-route-map)# set <this2>

Multiple match conditions on the same line use a logical OR. For example, the router interprets the following route map statement as “match <that31> or

<that32>”.

R1(config)# route-map My-ROUTE-MAP permit 30
R1(config-route-map)# match <that31> <that32>
R1(config-route-map)# set <this3>

The deny command could be use for example if we don't want to apply an ACLs to a specific route.

If nothing is specified in the match command, it is equivalent as a match any, that's why it could be usefull to have a route-map deny before it, to discard

things we don't want to have a default parameter.

Possible Parameters

R1(config)#route-map NET7 permit 10
R1(config-route-map)#?
Route Map configuration commands:
  continue     Continue on a different entry within the route-map
  default      Set a command to its defaults
  description  Route-map comment
  exit         Exit from route-map configuration mode
  help         Description of the interactive help system
  match        Match values from routing table
  no           Negate a command or set its defaults
  set          Set values in destination routing protocol
R1(config-route-map)#match ?
  as-path           Match BGP AS path list
  clns              CLNS information
  community         Match BGP community list
  extcommunity      Match BGP/VPN extended community list
  interface         Match first hop interface of route
  ip                IP specific information
  ipv6              IPv6 specific information
  length            Packet length
  local-preference  Local preference for route
  metric            Match metric of route
  mpls-label        Match routes which have MPLS labels
  nlri              BGP NLRI type
  policy-list       Match IP policy list
  route-type        Match route-type of route
  source-protocol   Match source-protocol of route
  tag               Match tag of route
R1(config-route-map)#set ?
  as-path           Prepend string for a BGP AS-path attribute
  automatic-tag     Automatically compute TAG value
  clns              OSI summary address
  comm-list         set BGP community list (for deletion)
  community         BGP community attribute
  dampening         Set BGP route flap dampening parameters
  default           Set default information
  extcommunity      BGP extended community attribute
  interface         Output interface
  ip                IP specific information
  ipv6              IPv6 specific information
  level             Where to import route
  local-preference  BGP local preference path attribute
  metric            Metric value for destination routing protocol
  metric-type       Type of metric for destination routing protocol
  mpls-label        Set MPLS label for prefix
  nlri              BGP NLRI type
  origin            BGP origin code
  tag               Tag value for destination routing protocol
  traffic-index     BGP traffic classification number for accounting
  vrf               Define VRF name
  weight            BGP weight for routing table
R1(config-route-map)#set ip ?
  address     Specify IP address
  default     Set default information
  df          Set DF bit
  next-hop    Next hop address
  precedence  Set precedence field
  qos-group   Set QOS Group ID
  tos         Set type of service field

Example of a Route-map to apply to redistribute RIP into OSPF

Network Matching the ACL ACL-NET5, will have a metric of 1000 and a metric-type of 1 in the OSPF process.

R1(config)#route-map MY-ROUTE-MAP permit 10
R1(config-route-map)#match ip address ACL-NET5
R1(config-route-map)#set metric 1000
R1(config-route-map)#set metric-type type-1

Network Matching the ACL ACL-NET4, will have a metric of 5000 and a metric-type of 2 in the OSPF process.

R1(config)#route-map MY-ROUTE-MAP permit 20
R1(config-route-map)#match ip address ACL-NET4
R1(config-route-map)#set metric 5000
R1(config-route-map)#set metric-type type-2

The ACL-NET7 will not be redistributed.

R1(config)#route-map MY-ROUTE-MAP deny 30
R1(config-route-map)#match ip address ACL-NET7

All others network will have a metric of 500. Without this statement, all other traffic would be denied.

R1(config)#route-map MY-ROUTE-MAP permit 40
R1(config-route-map)#set metric 500
R1(config-route-map)#description DEFAULT

The verification shows:

R1#sh route-map
route-map MY-ROUTE-MAP, permit, sequence 10
  Match clauses:
    ip address (access-lists): ACL-NET5
  Set clauses:
    metric 1000
    metric-type type-1
  Policy routing matches: 0 packets, 0 bytes
route-map MY-ROUTE-MAP, permit, sequence 20
  Match clauses:
    ip address (access-lists): ACL-NET4
  Set clauses:
    metric 5000
    metric-type type-2
  Policy routing matches: 0 packets, 0 bytes
route-map MY-ROUTE-MAP, deny, sequence 30
  Match clauses:
    ip address (access-lists): ACL-NET7
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes
route-map MY-ROUTE-MAP, permit, sequence 40
  Match clauses:
  Set clauses:
    metric 500
  Policy routing matches: 0 packets, 0 bytes
R1#

Apply the route-map

R1(config)# router ospf 1
R1(config-router)# redistribute rip subnets route-map MY-ROUTE-MAP

Using Administrative Distance

Administrative Distance = Believability Sometimes (rare) we may need to tune the administrative distance of routing protocols or redistributed routes.

AD can be changed for all routes of a process or only for specific routes within a process. The command for all IGPs except EIGRP is:

R1(config)# router ospf 1
R1(config-router)# distance administrative_distance {address wildcard-mask} [access-list-number | name]
R1(config-router)# distance 85 0.0.0.0 255.255.255.255 MY-ACL

Using the address/mask keywords in the command changes the AD of routes learned from the neighbor with that IP address. An entry of 0.0.0.0 255.255.255.255 changes the AD of all routes. Specifying an access list number or name changes the AD only on networks permitted in the ACL.

EIGRP and BGP have different AD values for internal and external routes, so you have to list those separately when using the command with those protocols. BGP also allows you to change the AD for locally generated routes. For these protocols, the commands are:

R1(config-router)# distance eigrp internal-distance externaldistance
R1(config-router)# distance bgp external-distance internaldistance local-distance