Finer control of inter-domain routing using route policy

The wide variety of match types available with route policy allows you to make finer distinctions when distributing routes across routing domain boundaries.

Suppose that you want to limit the distribution of the "non-connected" routes in the northern RIP domain to the "odd-numbered" prefixes—that is, to 10.1.11.x and 10.1.13.x. You can accomplish that by creating a prefix list:


 ip prefix-list "Odds" seq 5 permit 10.1.11.1 255.255.255.0 ge 24 le 24 
 ip prefix-list "Odds" seq 10 permit 10.1.13.1 255.255.255.0 ge 24 le 24 

Then matching that prefix-list in a route map:


route-map "PermitOdds" permit seq 10 
   match ip address prefix-list "Odds" 
   exit 

And finally applying that route map to the redistribution of RIP routes in the North router:


router ospf 
   area backbone 
   redistribute connected 
   redistribute rip route-map "PermitOdds" 
   exit 

The result of this is to permit redistribution of routes 10.1.11.x and 10.1.13.x, and to deny redistribution of routes 10.1.12.x and 10.1.14.x. (Routes 10.1.15.x and 10.1.16.x are redistributed by the redistribute connected command.) This occurs throughout the OSPF domain, and is propagated through redistribution by the South router into the southern RIP domain.

For instance, in the OSPF domain the route map of the East router becomes:

 East(config)# show ip route 
 
                              IP Route Entries 

  Destination     Gateway         VLAN Type      Sub-Type   Metric     Dist. 
  --------------- --------------- ---- --------- ---------- ---------- ----- 
  10.1.11.0/24    10.3.32.1       32   ospf      External2  10         110 
  10.1.13.0/24    10.3.32.1       32   ospf      External2  10         110 
  10.1.15.0/24    10.3.32.1       32   ospf      External2  10         110 
  10.1.16.0/24    10.3.32.1       32   ospf      External2  10         110 
  10.2.21.0/24    10.3.33.2       33   ospf      External2  10         110 
  10.2.22.0/24    10.3.33.2       33   ospf      External2  10         110 
  10.2.23.0/24    10.3.33.2       33   ospf      External2  10         110 
  10.2.29.0/24    10.3.33.2       33   ospf      External2  10         110 
  10.3.31.0/24    10.3.32.1       32   ospf      IntraArea  2          110 
  10.3.31.0/24    10.3.33.2       33   ospf      IntraArea  2          110 
  10.3.32.0/24    VLAN32          32   connected            1          0 
  10.3.33.0/24    VLAN33          33   connected            1          0 
  10.3.34.0/24    VLAN34          34   connected            1          0 
  10.3.37.0/24    10.3.33.2       33   ospf      IntraArea  2          110 
  127.0.0.0/8     reject               static               0          0 
  127.0.0.1/32    lo0                  connected            1          0 

In the southern RIP domain, the route map of the Southeast router becomes:

 Southeast(config)# show ip route 
 
                         IP Route Entries 

  Destination     Gateway         VLAN Type      Sub-Type   Metric     Dist. 
  --------------- --------------- ---- --------- ---------- ---------- ----- 
 10.1.11.0/24     10.2.21.1       21   rip                  2          120
 10.1.13.0/24     10.2.21.1       21   rip                  2          120
 10.1.15.0/24     10.2.21.1       21   rip                  2          120
 10.1.16.0/24     10.2.21.1       21   rip                  2          120
 10.2.21.0/24     VLAN21          21   connected            1          0
 10.2.22.0/24     VLAN22          22   connected            1          0
 10.2.23.0/24     VLAN23          23   connected            1          0
 10.2.29.0/24     10.2.21.1       21   rip                  2          120
 10.3.31.0/24     10.2.21.1       21   rip                  2          120
 10.3.32.0/24     10.2.21.1       21   rip                  2          120
 10.3.33.0/24     10.2.21.1       21   rip                  2          120
 10.3.34.0/24     10.2.21.1       21   rip                  2          120
 10.3.37.0/24     10.2.21.1       21   rip                  2          120
 127.0.0.0/8      reject               static               0          0
 127.0.0.1/32     lo0                  connected            1          0

To not lose the "even-numbered" routes (10.1.12.x and 10.1.14.x) in the OSPF domain, reinstate the original redistribution in the North router:

router ospf
   area backbone
   redistribute connected
   redistribute rip
   exit

And move the prefix list, route map, and redistribution from the North router to the South router. To get the same distribution of routes from the northern RIP to the southern RIP domain, add the 10.1.15.x and 10.1.16.x routes to the prefix list—they will not be redistributed by the redistribute connected command because they are not directly connected to the South router. The prefix list would expand to:

ip prefix-list "Odds" seq 5 permit 10.1.11.1 255.255.255.0 ge 24 le 24
ip prefix-list "Odds" seq 10 permit 10.1.13.1 255.255.255.0 ge 24 le 24
ip prefix-list "Odds" seq 15 permit 10.1.15.1 255.255.255.0 ge 24 le 24
ip prefix-list "Odds" seq 20 permit 10.1.16.1 255.255.255.0 ge 24 le 24

The route map would move from North to South with no changes:

route-map "Odds" permit seq 10
   match ip address prefix-list "PermitOdds"
   exit

And the route redistribution would move from the router ospf context to the router rip context:

router rip
   redistribute connected
   redistribute ospf route-map "PermitOdds"
   exit

This has the desired effect of redistributing all the routes in the OSPF domain, as indicated by the East router's route table:

East(config)# show ip route
 
IP Route Entries 

 Destination     Gateway         VLAN Type      Sub-Type   Metric     Dist. 
 --------------- --------------- ---- --------- ---------- ---------- ----- 
 10.1.11.0/24    10.3.32.1       32   ospf      External2  10         110
 10.1.12.0/24    10.3.32.1       32   ospf      External2  10         110
 10.1.13.0/24    10.3.32.1       32   ospf      External2  10         110
 10.1.14.0/24    10.3.32.1       32   ospf      External2  10         110
 10.1.15.0/24    10.3.32.1       32   ospf      External2  10         110
 10.1.16.0/24    10.3.32.1       32   ospf      External2  10         110
 10.2.21.0/24    10.3.33.2       33   ospf      External2  10         110
 10.2.22.0/24    10.3.33.2       33   ospf      External2  10         110
 10.2.23.0/24    10.3.33.2       33   ospf      External2  10         110
 10.2.29.0/24    10.3.33.2       33   ospf      External2  10         110
 10.3.31.0/24    10.3.32.1       32   ospf      IntraArea  2          110
 10.3.31.0/24    10.3.33.2       33   ospf      IntraArea  2          110
 10.3.32.0/24    VLAN32          32   connected            1          0
 10.3.33.0/24    VLAN33          33   connected            1          0
 10.3.34.0/24    VLAN34          34   connected            1          0
 10.3.37.0/24    10.3.33.2       33   ospf      IntraArea  2          110
 127.0.0.0/8     reject               static               0          0
 127.0.0.1/32    lo0                  connected            1          0

However, it falls short in the southern RIP domain. The northern RIP routes are distributed as expected, but some of the routes from the OSPF domain are missing —10.3.32.x and 10.3.34.x. Here is the Southeast router's route table:

Southeast(config)# show ip route
 
                          IP Route Entries 

 Destination     Gateway         VLAN Type      Sub-Type   Metric     Dist. 
 --------------- --------------- ---- --------- ---------- ---------- ----- 
 10.1.11.0/24    10.2.21.1       21   rip                  2          120
 10.1.13.0/24    10.2.21.1       21   rip                  2          120
 10.1.15.0/24    10.2.21.1       21   rip                  2          120
 10.1.16.0/24    10.2.21.1       21   rip                  2          120
 10.2.21.0/24    VLAN21          21   connected            1          0
 10.2.22.0/24    VLAN22          22   connected            1          0
 10.2.23.0/24    VLAN23          23   connected            1          0
 10.2.29.0/24    10.2.21.1       21   rip                  2          120
 10.3.31.0/24    10.2.21.1       21   rip                  2          120
 10.3.33.0/24    10.2.21.1       21   rip                  2          120
 10.3.37.0/24    10.2.21.1       21   rip                  2          120
 127.0.0.0/8     reject               static               0          0
 127.0.0.1/32    lo0                  connected            1          0

You can solve this problem by adding a second sequence to the route map to deal with the routes from the OSPF domain. The expanded route map becomes:

route-map "PermitOdds" permit seq 10
   match ip address prefix-list "Odds"
   exit
route-map "PermitOdds" permit seq 20
   match source-protocol ospf
   exit

Now all the desired routes show up in the Southeast router's route table:

Southeast(config)# show ip route

IP Route Entries 

 Destination     Gateway         VLAN Type      Sub-Type   Metric     Dist. 
 --------------- --------------- ---- --------- ---------- ---------- ----- 
 10.1.11.0/24    10.2.21.1       21   rip                  2          120
 10.1.13.0/24    10.2.21.1       21   rip                  2          120
 10.1.15.0/24    10.2.21.1       21   rip                  2          120
 10.1.16.0/24    10.2.21.1       21   rip                  2          120
 10.2.21.0/24    VLAN21          21   connected            1          0
 10.2.22.0/24    VLAN22          22   connected            1          0
 10.2.23.0/24    VLAN23          23   connected            1          0
 10.2.29.0/24    10.2.21.1       21   rip                  2          120
 10.3.31.0/24    10.2.21.1       21   rip                  2          120
 10.3.32.0/24    10.2.21.1       21   rip                  2          120
 10.3.33.0/24    10.2.21.1       21   rip                  2          120
 10.3.34.0/24    10.2.21.1       21   rip                  2          120
 10.3.37.0/24    10.2.21.1       21   rip                  2          120
 127.0.0.0/8     reject               static               0          0
 127.0.0.1/32    lo0                  connected            1          0

In addition to using route maps to filter routes, you can also use them to apply properties to the routes. For example, to apply a route metric when redistributing routes from the northern RIP domain to the OSPF domain, you could apply the metric with a set metric command in a route map in the North router:

route-map "Metric25" permit seq 10
   match source-protocol rip
   set metric 25
   exit

Then you could redistribute from the router ospf context:

router ospf
   area backbone
   redistribute connected
   redistribute rip route-map "Metric25"
   exit

The results are displayed in the Metric column of the East router's route map:

East(config)# show ip route

                     IP Route Entries 

 Destination     Gateway         VLAN Type      Sub-Type   Metric     Dist. 
 --------------- --------------- ---- --------- ---------- ---------- ----- 
 10.1.11.0/24    10.3.32.1       32   ospf      External2  25         110
 10.1.12.0/24    10.3.32.1       32   ospf      External2  25         110
 10.1.13.0/24    10.3.32.1       32   ospf      External2  25         110
 10.1.14.0/24    10.3.32.1       32   ospf      External2  25         110
 10.1.15.0/24    10.3.32.1       32   ospf      External2  10         110
 10.1.16.0/24    10.3.32.1       32   ospf      External2  10         110
 10.2.21.0/24    10.3.33.2       33   ospf      External2  10         110
 10.2.22.0/24    10.3.33.2       33   ospf      External2  10         110
 10.2.23.0/24    10.3.33.2       33   ospf      External2  10         110
 10.2.29.0/24    10.3.33.2       33   ospf      External2  10         110
 10.3.31.0/24    10.3.32.1       32   ospf      IntraArea  2          110
 10.3.31.0/24    10.3.33.2       33   ospf      IntraArea  2          110
 10.3.32.0/24    VLAN32          32   connected            1          0
 10.3.33.0/24    VLAN33          33   connected            1          0
 10.3.34.0/24    VLAN34          34   connected            1          0
 10.3.37.0/24    10.3.33.2       33   ospf      IntraArea  2          110
 127.0.0.0/8     reject               static               0          0
 127.0.0.1/32    lo0                  connected            1          0