distribute-list out - The Cisco Learning Network

ginglyformweekNetworking and Communications

Oct 29, 2013 (3 years and 10 months ago)

77 views

T
h
e

following write
-
up
focuses on
“distribute
-
list out” command
and related concepts
without
addressing
the
“distribute
-
list in” command
.

A future version of this document will incorporate
the “distribute
-
list in”
command

and expand the discussion of rout
e redistribution and route advertisement
.

But this is what I have so
far.

Furthermore,
I want to say that I have validated most of the statements made in this document, but not quite
everything. The elements that have not been validated are
either a rati
onal interpolation or extrapolation of the
facts that I have validated, or else they are derived from what I have read in the Wendell Odom book or the
internet.

Lastly, there are more things to be said e.g. the “gateway” option, and I would appreciate feed
back.


distribute
-
list out


The "distribute
-
list out"
command

is optionally used
within
the configuration of
a routing process to restrict
which routes are considered for route redistribution or route advertisement. It is
rooted in
the routing

table, not
the routing protocols,
which explains
the
basis for the
“out”
direction
;
“out”
means out of the routing table, not
out of the routing process.

It
is
very useful to recognize that the
"distribute
-
list out"
command

only affects
the
routing process in which i
t
is configured
; in particular the
r
edistribution and advertisement functions of the routing process
.

In other
words, it has absolutely no impact on the
r
edistribution and advertisement functions of any
other
routing
processes



other than the one in whic
h it is configured.

This
is made obvious
by understanding that “
route redistribution
” is a function that imports selected routes
from the routing table into the routing process, and “route advertisement” is a function that exports selected
routes from the
routing table to neighbors of the routing process. In either case, routes
are selected
from the
routing table
,

and are distributed
out to
either the routing process itself, or to a neighbor of the routing process.

The fact that another routing process is
specified in the “redistribute” command can cause confusion here.
This confusion should be abated by remembering
that the routing process specified in the “redistribute”
command
merely
identifies

which routes
in the routing table
are
candidates for redist
ribution.

For a given routing process,
t
he selection of routes for route redistribution is
nominally
all viable routes
appearing in the routing table that are
owned by the routing process specified in the redistribute command.

The selection of

routes for
route advertisement

is nominally all viable routes owned by that given routing
process plus all (viable) routes redistributed into the routing process.

It is important to know that
when routes are redistributed into a routing process, those redistributed r
outes
remain in the routing table in their native form, regardless of the administrative distances of the redistributed
route or the routing process into which it is being redistributed.
Redistributed routes
cannot be
re
-
redistributed, but they are availa
ble for advertising to neighbors using the metric assigned in the
redistribution.

Within this framework

of selecting routes from the
routing table
, the
role of the
"distribute
-
list out"
command
is to further restrict

route selection for the redistribution
and advertisement functions
. The
"distribute
-
list out"

configuration applies a set of
permit

and deny criterion to the candidate routes in
various

ways.

The "distribute
-
list out" command
can specify an access list to define the match criteria for the rout
e's network
number without regard to the route's netmask, or it can use the “prefix” option to define the match criteria for
both the network number and the netmask. If the prefix option is used, then the “gateway” option can also be
used

to define the ma
tch criteria for the next
-
hop or neighbor address.

Additionally, t
he "distribute
-
list out"
command

can optionally specify
either
an interface or a routing process

to narrow
the
range of
its application
.
If a routing process is specified, then

the "distrib
ute
-
list out"
is
only
applied to
the route
redistribution
function

for the specified routing process.
If an interface is specified, then
the "distribute
-
list out"
is
only
applied to
the route advertisement function

for the specified interface.


distribute
-
list <acl> out [<interface>]

distribute
-
list <acl> out [
<routing
-
process>
]

distribute
-
list prefix <p1> [gateway <p2>] out [<interface>]

distribute
-
list prefix <p1> [gateway <p2>] out
[
<routing
-
process>
]

distribute
-
list gateway <p2> out
[
<routing
-
process>
]

(OSPF only)


The specified <routing
-
process> is in the
same
form
as used for its configuration section: “eigrp <as
-
number>”
or “ospf <process
-
id>” or “bgp <as
-
number> or just plain “rip”
.
Alternatively, the
<routing
-
process> can be
also be
one of the key

words “static” or “connected.”

Note that w
hen the “distribute
-
list out”
command

is
used
within an
OSPF
routing
process

configuration
,
the

gateway


option
can
be used
with or
without the

prefix


option.

Also note that the “interface” option is not
valid

within an OSPF routing process configuration because OSPF does not do route advertisement to peers.

T
he “interface” option is
also
not valid
within a
BGP

routing process configuration. Instead
,

BGP uses
a

distribute
-
list


option with the

neighbor


stat
ement
, which is a very different feature from the
basic
“distribute
-
list” command
.

C
urrent documentation suggests that the <acl> must be a standard access list, but current IOS still allows both
standard and extended access
-
lists. I
f
a
standa
rd access
-
lis
t

is used
, it can be either a named or a numbered
access
list, but for an
extended access
-
list
, it can only be a numbered list.
I do not know if t
his
is
a parsing
anomaly or a legacy
accommodation.

If an
extended access
-
list

is used
, and the

destination


portion
of the access
-
list specifies
the match criteria for
the route’s
network number without regard to the route’s netmask
, and the “source” portion of the access
-
list
must match 0.0.0.0 (e.g. “any”)
.

It works just like a standard access
-
list, but
it c
ounter intuitively
uses the
“destination” instead of the “source” portion
.

For a given routing process, there can be multiple
"distribute
-
list out"

commands configured
, but each one
must be unique in terms of the specified interface or the specified routin
g process

or the general case with
neither
an interface nor a routing process
specified
.

A

route that
would
nominally be selected for
redistribution or advertisement
will
be rejected
if it is denied by any applicable
"distribute
-
list out"

command.
Since
the specific
"distribute
-
list out"

commands that specify either a routing process or an interface are
mutually exclusive, this means there are potentially two chances for a route to be rejected:
either
the specific
"distribute
-
list out"

command
,

or the gen
eral
"distribute
-
list out"

command.