Tuesday, December 24, 2013

cisco IOS-XR route-policy issues

In my attempt at trying to write a more specific  route-policy for ospf route rejection, I ran across a interesting things that I would like to point out, & that deals with IOS-XR specifically.

Our main  goal; "  was to filter routes being injected via a a few down stream  ospf speakers,  and to prevent the possible corruptiing our route table ".

In order to filter these ospf routers  advertisements, a simple distribute list was attached to our interface using the following route-policy;

and the corresponding  prefix-sets where defined ;

here's our new  route-policy that's more specific & looks good ;

Now if one would try to apply this to our distribution in interface we get the following error and the  configuration is rejected;

It's strange that cisco IOS-XR behaves in this manner. You can craft a route-policy that pass the parser, but one  can not use at  the attach point.  Since IOS-XR is trying to duplicate what's already been done via other  router OSes, I found this error quite interesting.

1: In classic traditional  IOS,  one could easily build  the same  using a route-map

2: And in Junos one could easily build the same, by using a import policy

Be advised, none of these  methods  will drop the LSA from entering the ospf database.

Stay tune, as I research more into this strange behavior and for alternatives means at  ospf filtering.

Ken Felix
Freelance Network / Security Engineer
kfelix  ----a---t---socpuppets ---d---o---t---com

     ^      ^
=(   ^   ^  )=
       /     \

No comments:

Post a Comment