OSPF dsitribute in

EdTheLad

Below i've tested different ways to filter routes from entering the rib.
1) Using standard access-list and distribute in, which worked as expected.
2) Using a route-map which matches using an extended access-list, which worked as expected.
3) Using an extended access-list with the distribute command, which didn't work. The extended access-list with IGPs and distribute-list uses the source portion to match the route source and the destination portion to match the network as opposed to my access-list used in (2) which matched the network/mask.

So what am i missing here? is this supposed to work for OSPF?


R1(config-router)#do sh ip route 3.3.3.0
Routing entry for 3.3.3.0/24
Known via "ospf 1", distance 110, metric 21, type inter area
Last update from 192.168.12.2 on Ethernet0/0, 00:00:44 ago
Routing Descriptor Blocks:
* 192.168.12.2, from 2.2.2.2, 00:00:44 ago, via Ethernet0/0
Route metric is 21, traffic share count is 1
R1(config-router)#



R1#sh access-lists
Standard IP access list 10
10 deny 3.3.3.0
20 permit any
Extended IP access list 100
10 deny ip host 2.2.2.2 host 3.3.3.0
20 permit ip any any
Extended IP access list 101
10 permit ip host 3.3.3.0 host 255.255.255.0
R1#
R1#
R1#sh route-map
route-map FILTER, deny, sequence 10
Match clauses:
ip address (access-lists): 101
Set clauses:
Policy routing matches: 0 packets, 0 bytes
route-map FILTER, permit, sequence 20
Match clauses:
Set clauses:
Policy routing matches: 0 packets, 0 bytes
R1#


Filtering using distribute-list and standard access-list


R1(config)#router ospf 1
R1(config-router)#distribute-list 10 in
R1(config-router)#
*Mar 5 08:44:11.524: RT: delete route to 3.3.3.0/24
*Mar 5 08:44:11.524: RT: delete route to 33.33.33.0/24
*Mar 5 08:44:11.525: RT: delete route to 192.168.23.0/24
*Mar 5 08:44:11.558: RT: updating ospf 192.168.23.0/24 (0x0):
via 192.168.12.2 Et0/0

*Mar 5 08:44:11.558: RT: add 192.168.23.0/24 via 192.168.12.2, ospf metric [110/20]
*Mar 5 08:44:11.558: RT: updating ospf 33.33.33.0/24 (0x0):
via 192.168.12.2 Et0/0

*Mar 5 08:44:11.558: RT: add 33.33.33.0/24 via 192.168.12.2, ospf metric [110/21]
*Mar 5 08:44:11.558: RT: rib validate nexthop return code: 3
R1(config-router)#
R1(config-router)#do sh ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is not set

33.0.0.0/24 is subnetted, 1 subnets
O IA 33.33.33.0 [110/21] via 192.168.12.2, 00:00:08, Ethernet0/0
O IA 192.168.23.0/24 [110/20] via 192.168.12.2, 00:00:08, Ethernet0/0
R1(config-router)#do sh ip route ospf ?
% Ambiguous command: "do sh ip route ospf "
R1(config-router)#do sh ip route 3.3.3.0
% Network not in table
R1(config-router)#



R1(config-router)#no distribute-list 10 in
R1(config-router)#
*Mar 5 08:45:11.805: RT: delete route to 33.33.33.0/24
*Mar 5 08:45:11.805: RT: delete route to 192.168.23.0/24
*Mar 5 08:45:11.845: RT: updating ospf 192.168.23.0/24 (0x0):
via 192.168.12.2 Et0/0

*Mar 5 08:45:11.845: RT: add 192.168.23.0/24 via 192.168.12.2, ospf metric [110/20]
*Mar 5 08:45:11.845: RT: updating ospf 33.33.33.0/24 (0x0):
via 192.168.12.2 Et0/0

*Mar 5 08:45:11.845: RT: add 33.33.33.0/24 via 192.168.12.2, ospf metric [110/21]
*Mar 5 08:45:11.845: RT: updating ospf 3.3.3.0/24 (0x0):
via 192.168.12.2 Et0/0

*Mar 5 08:45:11.845: RT: add 3.3.3.0/24 via 192.168.12.2, ospf metric [110/21]
R1(config-router)#
R1(config-router)#do sh ip route 3.3.3.0
Routing entry for 3.3.3.0/24
Known via "ospf 1", distance 110, metric 21, type inter area
Last update from 192.168.12.2 on Ethernet0/0, 00:00:06 ago
Routing Descriptor Blocks:
* 192.168.12.2, from 2.2.2.2, 00:00:06 ago, via Ethernet0/0
Route metric is 21, traffic share count is 1
R1(config-router)#




Filtering using distribute-list with ROUTE-MAP and extended access-list



R1(config-router)#distribute-list route-map FILTER in
R1(config-router)#
*Mar 5 08:48:03.705: RT: delete route to 3.3.3.0/24
*Mar 5 08:48:03.705: RT: delete route to 33.33.33.0/24
*Mar 5 08:48:03.705: RT: delete route to 192.168.23.0/24
*Mar 5 08:48:03.739: RT: updating ospf 192.168.23.0/24 (0x0):
via 192.168.12.2 Et0/0

*Mar 5 08:48:03.739: RT: add 192.168.23.0/24 via 192.168.12.2, ospf metric [110/20]
*Mar 5 08:48:03.739: RT: updating ospf 33.33.33.0/24 (0x0):
via 192.168.12.2 Et0/0

*Mar 5 08:48:03.739: RT: add 33.33.33.0/24 via 192.168.12.2, ospf metric [110/21]
*Mar 5 08:48:03.739: RT: rib validate nexthop return code: 3
R1(config-router)#do sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is not set

33.0.0.0/24 is subnetted, 1 subnets
O IA 33.33.33.0 [110/21] via 192.168.12.2, 00:00:07, Ethernet0/0
192.168.12.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.12.0/24 is directly connected, Ethernet0/0
L 192.168.12.1/32 is directly connected, Ethernet0/0
O IA 192.168.23.0/24 [110/20] via 192.168.12.2, 00:00:07, Ethernet0/0
R1(config-router)#do sh ip route 3.3.3.0
% Network not in table
R1(config-router)#
R1(config-router)#no distribute-list route-map FILTER in
R1(config-router)#
*Mar 5 08:48:34.344: RT: delete route to 33.33.33.0/24
*Mar 5 08:48:34.344: RT: delete route to 192.168.23.0/24
*Mar 5 08:48:34.356: RT: updating ospf 192.168.23.0/24 (0x0):
via 192.168.12.2 Et0/0

*Mar 5 08:48:34.356: RT: add 192.168.23.0/24 via 192.168.12.2, ospf metric [110/20]
*Mar 5 08:48:34.356: RT: updating ospf 33.33.33.0/24 (0x0):
via 192.168.12.2 Et0/0

*Mar 5 08:48:34.356: RT: add 33.33.33.0/24 via 192.168.12.2, ospf metric [110/21]
*Mar 5 08:48:34.356: RT: updating ospf 3.3.3.0/24 (0x0):
via 192.168.12.2 Et0/0

*Mar 5 08:48:34.356: RT: add 3.3.3.0/24 via 192.168.12.2, ospf metric [110/21]
R1(config-router)#do sh ip route 3.3.3.0
Routing entry for 3.3.3.0/24
Known via "ospf 1", distance 110, metric 21, type inter area
Last update from 192.168.12.2 on Ethernet0/0, 00:00:04 ago
Routing Descriptor Blocks:
* 192.168.12.2, from 2.2.2.2, 00:00:04 ago, via Ethernet0/0
Route metric is 21, traffic share count is 1
R1(config-router)#




Filtering using distribute-list and extended access-list



R1(config-router)#do sh ip rout 3.3.3.0
Routing entry for 3.3.3.0/24
Known via "ospf 1", distance 110, metric 21, type inter area
Last update from 192.168.12.2 on Ethernet0/0, 00:03:55 ago
Routing Descriptor Blocks:
* 192.168.12.2, from 2.2.2.2, 00:03:55 ago, via Ethernet0/0
Route metric is 21, traffic share count is 1
R1(config-router)#do sh access-list 100
Extended IP access list 100
10 deny ip host 2.2.2.2 host 3.3.3.0
20 permit ip any any
R1(config-router)#distribt
R1(config-router)#distrib
R1(config-router)#distribute-list 100 in
R1(config-router)#
*Mar 5 08:52:58.073: RT: delete route to 3.3.3.0/24
*Mar 5 08:52:58.073: RT: delete route to 33.33.33.0/24
*Mar 5 08:52:58.073: RT: delete route to 192.168.23.0/24
*Mar 5 08:52:58.112: RT: updating ospf 192.168.23.0/24 (0x0):
via 192.168.12.2 Et0/0

*Mar 5 08:52:58.112: RT: add 192.168.23.0/24 via 192.168.12.2, ospf metric [110/20]
*Mar 5 08:52:58.112: RT: updating ospf 33.33.33.0/24 (0x0):
via 192.168.12.2 Et0/0

*Mar 5 08:52:58.112: RT: add 33.33.33.0/24 via 192.168.12.2, ospf metric [110/21]
*Mar 5 08:52:58.112: RT: updating ospf 3.3.3.0/24 (0x0):
via 192.168.12.2 Et0/0

*Mar 5 08:52:58.112: RT:
R1(config-router)#add 3.3.3.0/24 via 192.168.12.2, ospf metric [110/21]
R1(config-router)#do sh ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is not set

3.0.0.0/24 is subnetted, 1 subnets
O IA 3.3.3.0 [110/21] via 192.168.12.2, 00:00:09, Ethernet0/0
33.0.0.0/24 is subnetted, 1 subnets
O IA 33.33.33.0 [110/21] via 192.168.12.2, 00:00:09, Ethernet0/0
O IA 192.168.23.0/24 [110/20] via 192.168.12.2, 00:00:09, Ethernet0/0
R1(config-router)#do sh ip route 3.3.3.0
Routing entry for 3.3.3.0/24
Known via "ospf 1", distance 110, metric 21, type inter area
Last update from 192.168.12.2 on Ethernet0/0, 00:00:17 ago
Routing Descriptor Blocks:
* 192.168.12.2, from 2.2.2.2, 00:00:17 ago, via Ethernet0/0
Route metric is 21, traffic share count is 1
R1(config-router)#

fredrikjj

Using an extended ACL with the prefix in the source field and mask in destination is a legacy method. It's ancient, and prefix lists were introduced like 15-20 years ago to replace it. You probably know this; I'm just giving some context.

The likely reason for your problem is that it's simply not implemented in code in OSPF or it's broken in your version of IOS and no one bothered to report it/fix it.

PS.
I'm assuming your configuration etc is correct.