Controlling Routing Updates with Filtering

Despite all the mechanisms for controlling and reducing the routing updates on your network, it is sometimes necessary to wield greater and more flexible power. This comes in the form of access lists, which when applied to routing updates are referred to as distribute lists.

The logic used in the distribute lists is similar to that of an access list. It is summarized in the flowchart in Figure 10-11 and the process listed in the following text.

Figure 10-11 Distribute List Logic on an Incoming Update

Figure 10-11 Distribute List Logic on an Incoming Update

1 The router receives a routing update or is about to send a routing update about one or more networks.

2 The router looks at the appropriate interface involved with the action to check for filtering.

3 The router determines whether a filter is associated with the interface.

4 If a filter is present, the router examines the access list to see if there is a match on any of the networks in the routing update.

5 If there is no filter on the interface, the routing update is sent directly to the routing process as normal.

6 If there is a match, then the route entry is processed as configured.

7 If no match is found in the access list, the implicit deny any at the end of the access list will cause the update to be dropped.

Routing updates can be filtered for any routing protocol by defining an access list and applying it to a specific routing protocol.

When creating a routing filter or distribute list, the following steps should be taken:

• Write out in longhand what you are trying to achieve.

• Identify the network addresses to be filtered, and create an access list.

• Determine whether you are filtering routing updates coming into the router or updates to be propagated to other routers.

• Assign the access list using the distribute-list command.

Use the following command syntax to configure the distribute list to filter incoming updates:

distribute-list {access-list-number | name} in [type number] Table 10-9 explains the options of this command.

Table 10-9 Explanation of the distribute-list in Command Options

Command

Description

access-list-number 1 name

Gives the standard access list number or name

in

Applies the access list to incoming routing updates

type number

Gives the optional interface type and number from which updates will be

filtered

Use the following command syntax to configure the distribute list to filter outgoing updates:

distribute-list {access-list-number | name} out [interface-name | routing-process lautonomous-system-number]

Table 10-10 explains the options of this command.

Table 10-10 Explanation of the distribute-list out Command Options

Command

Description

access-list-number 1 name

Gives the standard access list number or name

out

Applies the access list to outgoing routing updates

interface-name

Gives the optional interface name out which updates will be filtered

routing-process

Gives the optional name of the routing process, or the keyword static or

connected, from which updates will be filtered

autonomous-system- Gives the optional autonomous system number of routing process number

NOTE It is not possible to filter OSPF outgoing updates at the interface.

Was this article helpful?

0 0

Post a comment