|
In
this scenario, the router will check the interface on which the
update comes in. If it is Ethernet 0, the router will apply
access-list 2 before putting it in the routing table. If, on the
basis of that check, the network is denied, no further checking is
done. However, if distribute-list 2 allows the network, then
distribute-list 1 is also checked. If both distribute lists allow
the network, it will be put in the table. The following algorithm is
followed when multiple distribute lists are used:
1. Extract
the next network from inbound update.
2. Check the interface
into which it came.
3. Is there a
distribute list applied to that interface?
Yes
Is the network denied by that list?
Yes: Network does not make it; go to Step 1.
No: Network
allowed; continue to Step 4.
No
Go to step 4.
4.
Is there a global distribute list?
Yes
Is the network denied by that list?
Yes: Network does not make it; go to Step 1.
No: Network makes it; go to Step 1.
No
Network makes it; go to Step 1.
The
syntax for the distribute-list
out command follows:
distribute-list
access-list-number out
[interface-name|routing process|autonomous-system-number]
where
access-list-number is the
standard IP access list against which the contents of the outgoing
routing update are matched. The [interface-name] argument is
optional, and specifies the interface on which the update is going
out. The [routing process|autonomous-system-number]
arguments are used when redistribution from another routing process
or autonomous system (AS) number has been specified. The list is
applied to any routes we wish to import from the specified process
into the current one.
For
example:
access-list 1 permit 1.0.0.0 0.255.255.255
router rip
redistribute igrp 20
distribute-list 1 out igrp 20
Here,
routes from igrp 20 are being redistributed into rip. Any outbound
routing update that was originally sourced from igrp 20 will be
checked against access-list 1. Only routes that match a
1.xxx.xxx.xxx format will be sent.
Note
that it is possible to specify multiple distribute lists for a given
routing process if they are applied to different interfaces or
globally. For any given routing protocol, it is possible to define
one interface-specific distribute list per interface, and one
protocol-specific distribute list for each process/AS pair.
access-list 1 permit
1.0.0.0 0.255.255.255
access-list 2 permit 1.2.3.0 0.0.0.255
router rip
distribute-list 2 out ethernet 0
distribute-list 1 out
In
this scenario, the router will send out only routes pertaining to
the 1.2.3.0 subnet out of Ethernet 0, and any updates about networks
in the 1.0.0.0 will be flooded out the rest of the interfaces,
including the 1.2.3.0 subnet. The following algorithm is followed
when multiple distribute lists are used:
1.
Select the next network for the outbound update.
2. Check the interface
into which the update is being sent.
3. Is there a
distribute list applied to that interface?
Yes
Is the network denied by that list?
Yes: Network does not go out; go to Step 1.
No: Network goes
out; continue to Step 4.
No
Go to Step 4.
4. Check the routing
process or AS from which we derive the route.
5. Is there a
distribute list applied to that process or AS?
Yes
Is the network denied by that list?
Yes: Network does not go out; go to Step 1
No: Network goes out; continue to Step 6.
No
Go to Step 6.
6. Is there a global
distribute list?
Yes
Is the network denied by that list?
Yes: Network does not go out; go to Step 1.
No: Network goes out; go to Step 1
No
Network makes it; go to Step 1.
Note
that distribute list checking is only one of the many checks that
are done against a distance vector route before including it in the
router routing table or in an update. Checks are also made for
desirability, policies, split horizon, and so on.
|