No distribute-list "out" allowed for OSPF

Discussion in 'Cisco' started by Rob, Jan 10, 2005.

  1. Rob

    Rob Guest

    I'm converting from EIGRP to OSPF and I have a couple route filters in
    place for EIGRP that I want to maintain in my new OSPF configuration.
    However, OSPF does not allow distribute-out. What is another way I
    can accomplish the same thing since this particular command is not
    available?

    GV-DS3-Router(config-router)#distribute-list 5 out s1/0.1
    % Interface not allowed with OUT for OSPF

    Thanks,
    Rob
    Rob, Jan 10, 2005
    #1
    1. Advertising

  2. Rob

    Hansang Bae Guest

    On Mon, 10 Jan 2005 14:13:41 -0500, Rob <> wrote:

    >I'm converting from EIGRP to OSPF and I have a couple route filters in
    >place for EIGRP that I want to maintain in my new OSPF configuration.
    >However, OSPF does not allow distribute-out. What is another way I
    >can accomplish the same thing since this particular command is not
    >available?
    >
    >GV-DS3-Router(config-router)#distribute-list 5 out s1/0.1
    >% Interface not allowed with OUT for OSPF


    OSPF is a routing protocol that depends on link state databases. i.e.
    every route will maintain the database and it has to be the same (so
    everyone can make the right routing decision). As a result,
    distribute-lists are not allowed. But as in life, there are always
    exceptions. On an ASBR, outbound distribute-lists are allowed.


    I've always hated distribute-lists because people tend to get "too
    cute" with them. It allows for horrific mistakes in routing when a
    simple ACL mistake is made on routers.

    If this is for migration only of a small network, you can put inbound
    distribute-lists everywhere. While the route will be in the OSPF
    database, it will not make it to the routing table. An ugly kludge at
    best with (perhaps) unintended consequences.

    If you tell us what you're filtering, perhaps we can come up with more
    cogent answers? It just may be that you are used to EIGRP and may
    *think* you still need the distribute-lists.



    hsb


    "Somehow I imagined this experience would be more rewarding" Calvin
    ********************************************************************
    Due to the volume of email that I receive, I may not not be able to
    reply to emails sent to my account. Please post a followup instead.
    ********************************************************************
    Hansang Bae, Jan 11, 2005
    #2
    1. Advertising

  3. Rob

    Ivan Ostreš Guest

    In article <>, bobh1234
    @hotmail.com says...
    > I'm converting from EIGRP to OSPF and I have a couple route filters in
    > place for EIGRP that I want to maintain in my new OSPF configuration.
    > However, OSPF does not allow distribute-out. What is another way I
    > can accomplish the same thing since this particular command is not
    > available?
    >
    > GV-DS3-Router(config-router)#distribute-list 5 out s1/0.1
    > % Interface not allowed with OUT for OSPF
    >
    >


    This is more/less normal because OSPF is not sending routes out, just
    LSA's. You should make your filtering on ASBR's during redistribution
    (route-maps will give you a much more flexibility here) and using ABR's
    to summarize to wanted prefixes.


    --
    -Ivan.

    *** Use Rot13 to see my eMail address ***
    Ivan Ostreš, Jan 11, 2005
    #3
  4. Rob

    Rob Guest

    Cleveland is tied to Atlanta with a T1. Atlanta has a point-to-point
    link to Charlotte. All three have their own Internet T1's as well.

    Cleveland<-->Atlanta<-->Charlotte. All EIGRP now, but I need it to be
    OSPF soon for different reasons not listed here.

    I would prefer Charlotte to get to Cleveland through a VPN I created
    through the Internet. So Charlotte goes directly to Cleveland via
    VPN, not through the private T1 to Atlanta.

    Since Atlanta has a direct T1 to Charlotte, I want those two to talk
    that way. If I don't have a distribute filter in place at the
    Atlanta/Cleveland edge, then Cleveland people would go through Atlanta
    to get to Charlotte. I don't want that. So I'm taking the Charlotte
    network out of the EIGRP table in Cleveland because I'm doing a
    redistribute static command on my Cisco VPN Router in Cleveland, so
    all my Cleveland routers think that is the VPN is the best way to
    Charlotte. It has an admin distance of 170 because it is a
    redistributed EIGRP link. This has worked fine for a year.

    If I convert to OSPF, the Charlotte link becomes a distance of 110,
    and of course, more desirable. It stomps on my VPN route. Therefore,
    I want it gone. I don't want it seen in Cleveland - unless you can
    recommend another way?





    On Tue, 11 Jan 2005 06:16:35 GMT, Hansang Bae <> wrote:

    >On Mon, 10 Jan 2005 14:13:41 -0500, Rob <> wrote:
    >
    >>I'm converting from EIGRP to OSPF and I have a couple route filters in
    >>place for EIGRP that I want to maintain in my new OSPF configuration.
    >>However, OSPF does not allow distribute-out. What is another way I
    >>can accomplish the same thing since this particular command is not
    >>available?
    >>
    >>GV-DS3-Router(config-router)#distribute-list 5 out s1/0.1
    >>% Interface not allowed with OUT for OSPF

    >
    >OSPF is a routing protocol that depends on link state databases. i.e.
    >every route will maintain the database and it has to be the same (so
    >everyone can make the right routing decision). As a result,
    >distribute-lists are not allowed. But as in life, there are always
    >exceptions. On an ASBR, outbound distribute-lists are allowed.
    >
    >
    >I've always hated distribute-lists because people tend to get "too
    >cute" with them. It allows for horrific mistakes in routing when a
    >simple ACL mistake is made on routers.
    >
    >If this is for migration only of a small network, you can put inbound
    >distribute-lists everywhere. While the route will be in the OSPF
    >database, it will not make it to the routing table. An ugly kludge at
    >best with (perhaps) unintended consequences.
    >
    >If you tell us what you're filtering, perhaps we can come up with more
    >cogent answers? It just may be that you are used to EIGRP and may
    >*think* you still need the distribute-lists.
    >
    >
    >
    >hsb
    >
    Rob, Jan 11, 2005
    #4
  5. Rob

    Ivan Ostreš Guest

    In article <>, bobh1234
    @hotmail.com says...
    >
    > If I convert to OSPF, the Charlotte link becomes a distance of 110,
    > and of course, more desirable. It stomps on my VPN route. Therefore,
    > I want it gone. I don't want it seen in Cleveland - unless you can
    > recommend another way?
    >


    It is very easy to manipulate the routing protocol distance using
    'distance' keyword under routing protocol config. That should solve it
    easy and painless :).


    --
    -Ivan.

    *** Use Rot13 to see my eMail address ***
    Ivan Ostreš, Jan 11, 2005
    #5
  6. Rob

    Rob Guest

    Yes, but setting the distance doesn't traverse the routing table to
    other routers, does it?



    On Tue, 11 Jan 2005 20:42:40 +0100, Ivan Ostreš
    <> wrote:

    >In article <>, bobh1234
    >@hotmail.com says...
    >>
    >> If I convert to OSPF, the Charlotte link becomes a distance of 110,
    >> and of course, more desirable. It stomps on my VPN route. Therefore,
    >> I want it gone. I don't want it seen in Cleveland - unless you can
    >> recommend another way?
    >>

    >
    >It is very easy to manipulate the routing protocol distance using
    >'distance' keyword under routing protocol config. That should solve it
    >easy and painless :).
    Rob, Jan 13, 2005
    #6
  7. Rob

    Ivan Ostreš Guest

    In article <>, bobh1234
    @hotmail.com says...
    > Yes, but setting the distance doesn't traverse the routing table to
    > other routers, does it?
    >


    No, you have to set it on all routers that must prefer external EIGRP
    routes over OSPF.

    That is the significant difference between metric and administrative
    distance.


    --
    -Ivan.

    *** Use Rot13 to see my eMail address ***
    Ivan Ostreš, Jan 13, 2005
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Reinhard

    Cisco - Distribute-List and eigrp

    Reinhard, May 28, 2004, in forum: Cisco
    Replies:
    2
    Views:
    8,249
    Reinhard
    Jun 1, 2004
  2. Replies:
    5
    Views:
    6,039
    Barry Margolin
    Oct 15, 2004
  3. Replies:
    0
    Views:
    2,100
  4. German R
    Replies:
    6
    Views:
    1,435
    John Agosta
    Oct 10, 2006
  5. Giuen
    Replies:
    0
    Views:
    738
    Giuen
    Sep 12, 2008
Loading...

Share This Page