OSPF Inbound Filtering Using Route Maps with a Distribute List

Feature History for OSPF Inbound Filtering using Route Maps with a Distribute List

This table provides release and platform support information for the features explained in this module.

These features are available in all the releases subsequent to the one they were introduced in, unless noted otherwise.

Release

Feature Name and Description

Supported Platform

Cisco IOS XE 17.18.1

OSPF Inbound Filtering Using Route Maps with a Distribute List: The OSPF Inbound Filtering Using Route Maps with a Distribute List is an enhancement feature that enables administrators to control which OSPF-learned routes are installed in the local routing table.

Cisco C9350 Series Smart Switches

Cisco C9610 Series Smart Switches

OSPF Inbound Filtering using Route Maps with a Distribute List

The OSPF Inbound Filtering Using Route Maps with a Distribute List is an enhancement feature that enables administrators to control which OSPF-learned routes are installed in the local routing table. With this enhancement, you can apply more granular filtering criteria based on route attributes instead of relying solely on prefix lists or access lists.

Match criteria in route maps and practical use cases

Match Criteria in Route Maps

Users can match on the following route attributes:

  • match interface : The outgoing interface for the route OSPF is installing.

  • match ip address : The route’s prefix (prefix-lists or access-lists).

  • match ip next-hop : The next-hop IP address for the route.

  • match ip route-source : The OSPF Router ID that originated the LSA advertising the prefix.

  • match metric : The route’s OSPF metric.

  • match route-type : The OSPF route type (e.g., intra-area, inter-area, external Type 1, external Type 2).

  • match tag : A tag value assigned to the route, often used during redistribution.

Practical use cases

Filter type

Use case

Filtering based on route tag

Assign tags to routes during redistribution (e.g., on an ASBR). Use a route map to deny or permit installation of routes with specific tags.

Filtering based on route type

Match on external Type 1 or Type 2 routes or internal (intra-area or inter-area) routes to filter specific types.

Filtering based on route source

Match on the OSPF Router ID of the LSA originator.

Filtering based on interface

Match on the local interface that OSPF would use to reach the route.

Filtering based on next-hop

Match on the next-hop IP for further control.

How OSPF Inbound Filtering using Route Maps with a Distribute list works

Traditionally, OSPF inbound filtering uses prefix-lists or access-lists to filter routes. With this enhancement, you can use a route map with a distribute-list to filter OSPF routes. Route maps allow for matching on multiple route attributes, such as prefix, next-hop, metric, tag, and more. Only OSPF routes that match the criteria in the route map will be installed in the local routing table; others are discarded.

Configure OSPF Inbound Filtering using a Route Map

Perform this procedure to configure OSPF inbound filtering using a route map.

Procedure

Step 1

enable

Example:

Device> enable

Enables privileged EXEC mode.

Enter your password, if prompted.

Step 2

configure terminal

Example:

Device# configure terminal

Enters global configuration mode.

Step 3

route-map map-tag [permit | deny] [sequence-number]

Example:

Device(config)# route-map tag-filter deny 10

Defines a route map to control filtering.

  • map-tag : A name to identify the route map (for example, OSPF-INBOUND-FILTER).

  • permit | deny : Specifies whether matched routes will be permitted (allowed into the routing table) or denied (filtered out).

  • sequence-number : (Optional) Used to order multiple match conditions within the same route map.

Step 4

match tag tag-name

Example:

Device(config-router)# match tag 777

Matches routes with a specified name, to be used as the route map is referenced.

tag-value : The numeric tag value assigned to the route (typically set during redistribution).

  • At least one match command is required, but it need not be this match command. This example illustrates one possible configuration.

  • The available match commands for this type of route map are listed in the distribute-list in command reference page.

  • This type of route map does not include any set commands.

Step 5

Repeat Steps 3 and 4 with other route-map and match commands if you choose.

Step 6

exit

Example:

Device(config-router)# exit

Exits router configuration mode.

Step 7

router ospf process-id [vrf vrf-name]

Example:

Device(config)# router ospf 15

Enables OSPF routing and enters router configuration mode.

  • process-id : The process ID is an internally used identification parameter that is locally assigned. Each OSPF process has a unique process ID.

    Process ID can be a positive integer from 1 to 65535.

  • vrf: Indicates that the OSPF process is being configured for a specific VRF.

  • vrf-name : Specifies the name of the VRF for which this OSPF process is being created.

Step 8

distribute-list route-map map-tag in

Example:

Device(config-router)# distribute-list route-map tag-filter in

Enables filtering based on an OSPF route map.

Step 9

end

Example:

Device(config-router)# end

Exits router configuration mode.

Configuration example for OSPF Route-Map based Giltering

This example shows how to configure OSPF route-map based filtering.

In this example, the device is set up to filter OSPF external routes based on their tag values. A route map called tag-filter is created with two statements:

  • the first denies any route with a tag value of 777, and

  • the second permits all other routes by default since it has no specific match conditions.

This route map is then applied as an inbound distribute-list to OSPF process 1. As a result, when OSPF routes are received, any external route tagged with 777 is filtered out and not installed in the routing table, while all other routes are permitted. This approach ensures that only routes without the specific tag are allowed, effectively controlling which external OSPF prefixes are accepted by the device. 

Device> enable
Device# configure terminal
Device(config)# route-map tag-filter deny 10
Device(config-router)# match tag 777
Device(config-router)# route-map tag-filter permit 20
Device(config-router)# exit
Device(config)# router ospf 1
Device(config-router)# router-id 10.0.0.2
Device(config-router)# log-adjacency-changes
Device(config-router)# network 172.16.2.1 0.0.0.255 area 0
Device(config-router)# distribute-list route-map tag-filter in