[c-nsp] C6500 IPv6 redistribute with route-map?

Patrick M. Hausen hausen at punkt.de
Mon Dec 9 08:05:17 EST 2013 

Hi, all,

I’m in search of a little help with the setup of our new core routers. I’ve been
running AS16188 and an internal v4 network for quite some years, so most
tasks introducing v6 should be a piece of cake - or so I thought ;-)

I’ve run a setup like this since I do not remember when:

> router ospf 1
>  redistribute connected subnets route-map ospf-redist
> 
> route-map ospf-redist permit 10
>  match ip address 10
> 
> access-list 10 remark OSPF redistribution
> access-list 10 permit 217.29.32.0 0.0.15.255
> access-list 10 deny any

Just to make sure i would not accidentally inject anything not belonging
to my AS into my IGP.

On the new systems this looks like this:

> router isis IGP
>  redistribute connected route-map redistribute
> 
> route-map redistribute permit 10
>  match ip address redistribute
>  set metric 10
> route-map redistribute deny 20
> 
> ip access-list standard redistribute
>  permit 217.29.32.0 0.0.15.255
>  deny   any

I do not intend to discuss the respective merits of OSPF vs. IS-IS right now. ;-)
My idea was since I would need to introduce a new routing protocol, anyway,
why not switch to IS-IS and run single-topology? The v4 config cited above
does indeed work as it should.

Now, let’s add v6:

> router isis IGP
>  address-family ipv6
>   redistribute connected route-map redistribute6
>  exit-address-family
> 
> route-map redistribute6 permit 10
>  match ipv6 address redistribute6
>  set metric 10
> route-map redistribute6 deny 20
> 
> ipv6 access-list redistribute6
>  permit ipv6  2A00:B580::/32 any
>  deny ipv6 any any

Redistribution per se is working fine. It’s the limitation to my own prefix
(which I want) that does not work. If I introduce an arbitrary v6 address
not belonging to me (the systems are not productive, yet), via, say, Loopback1,
this will be distributed to all IS-IS peers despite the route-map.

I first suspected my lack experience with v6 access-lists and tried various
permutations of source/destination. Then prefix- instead of access-lists - to no avail.

Then it dawned at me and I tried:

> route-map redistribute6 deny 5

This should prevent any connected routes from being injected into IS-IS, right?

Nope - all connected interfaces are visible on all peer routers. Looks like the
IS-IS routing process is ignoring the route-map alltogether.

12.2(33)SXI12 and 12.2(33)SXJ6 both show this behaviour. Am I missing something
more general, here? Or can it be remotely possible that this is not yet implemented [tm]?

Thanks for any hints and best regards
Patrick
-- 
punkt.de GmbH * Kaiserallee 13a * 76133 Karlsruhe
Tel. 0721 9109 0 * Fax 0721 9109 100
info at punkt.de       http://www.punkt.de
Gf: Jürgen Egeling      AG Mannheim 108285
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20131209/569bd498/attachment-0001.sig>

More information about the cisco-nsp mailing list