Welcome to the Network Engineering Domain
Pape O. Fall's Blog

Distribute-List Explained

A distribute-list is typically used to filter routing updates either inbound or outbound from a router perspectives usually running some form of dynamic routing protocol. Even though there is the keyword “distribute”, this is not to be confused with route distribution. Again, I think the choice of the terms here could have been better but that’s my personal opinion. The basic idea behind packet filtering is fairly simple, you just specify filter rules and packets are measured against those rules. Packets are then either accepted except those prohibited by a rule or all packets are dropped.

Today, I’m going to show you how to use distribute to filter prefixes. For the sake of this topic, we will use the following topology…

Distribute-list File 1

Here we have an OSPF domain and an EIGRP domain which has a couple of Loppback addresses that are redistributed into the OSPF domain. Everything has been pre-configured up to this point, let’s check R1 and make sure the redistributed loopback addresses are received and installed in the routing table…

Distribute-list File 2

All right ! We are good at this point ! Now, let’s filter some prefixes using “distribute-list”.

Let’s say we would like to filter Loopback 3 and Loopback 4 from being advertised to R1. So basically, we should not see the 3.0.0.0/24 and the 4.0.0.0/24 prefixes once the filter is in place. Here is what we need to do:

-Create ACL(s) to explicitly permit prefixes or deny prefixes
-Create a Distribute-List calling the ACL(s) and define a direction (Inbound or Outbound)
-Verify route filtering at the remote side

Since R2 is the guy doing the redistribution, we have to configure the above on R2. Let’s configure our ACL(s)…

Distribute-list File 4

Here, we have created ACLs to permit Loopback 1 and Loopback 2 prefixes. Note that there is an implicit deny at the end of the ACLs. Let’s configure our “Distribute-List”…

Distribute-list File 5

Here, under the OSPF process we’ve configured a distribute-list statement calling ACL 23 and apply it in the outbound direction since we are preventing prefixes sourcing from R3 to R1. Notice how we can call a route-map as well which is nice ! Let’s check the output of the “show ip protocols” and make sure we are seeing the filter list applied…

Distribute-list File 6

Fantastic ! Let’s now check R1 routing table and make sure the prefixes are filtered…

Distribute-list File 7

Very good ! We have successfully filtered Loopback 3 and Loopback 4 from being advertised out from R2 perspective.

We can use “Distribute-List” in many different scenarios but understanding this topic should do it for now. Please let me know if you have any questions.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

A Little About Myself

Hello I'm Pape. My friends call me Pop. I'm CCIE #48357. I enjoy my field and love to share it with others. I love to write so I'm sharing my blog with you.

Sign up to receive notifications and updates whenever new topics or videos are uploaded!

RouteLeak Calendar

November 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
252627282930