IP-Prefix List Faults

Publication Date:  2012-07-27 Views:  2046 Downloads:  0
Issue Description

The networking diagram is shown in Figure 3-1.

In the network, USG A adopts the IP-Prefix list to filter the route received from USG B.

The configuration on USG A:

#
ospf 100  
#
ip ip-prefix rta index 20 deny 2.2.2.2 32
#

The configuration on USG B:

#  
OSPF 200 
 #
  network 1.1.1.1 255.255.255.255
  network 2.2.2.2 255.255.255.255 
#

Run the display ip routing-table command to view the route received on USG A. The route 1.1.1.1/32 should be received. The route does not appear in the routing table.

Alarm Information
None.
Handling Process
  1. Replace the original filtering rule with the ip ip-prefix rta index 10 permit 1.1.1.1 32 command.
  2. Run the display ip routing-table command to check the route received on Router A. If the route 1.1.1.1/32 appears in the routing table, the fault is removed.
Root Cause

To locate the fault, follow the steps described below:

  1. Check the routing table on USG B to confirm whether all the routes are advertised to USG A.

    On USG B, run the display ip routing-table command to display information of the routing table. If the routes 1.1.1.1/32 and 2.2.2.2/32 have been advertised to USG A, the fault occurs on USG A.

  2. Check the OSPF configuration on USG A to confirm if the filter is enabled when the route is received.

    On USG A, run the display current-configuration configuration ospf command to check the ospf configuration. If the IP-Prefix filter is adopted when USG A receives the route from USG B, there is a possibility that all the routes are filtered out.

  3. Check the configuration of the IP-Prefix list and confirming if the route is filtered out by the IP-Prefix list.

    On USG A, run the display ip ip-prefix rta command to view the filter configuration. If only the route 2.2.2.2/32 is configured with deny but the route 1.1.1.1/32 is not configured with permit. Thus, the fault is located.

When USG A adopts the IP-Prefix list to filter the route received from USG B and for the non-matched route, the system returns deny by default. The route 1.1.1.1/32 is , therefore, filtered out.

Suggestions

When only the deny node is configured in the IP-Prefix list, the route outside the matching address/mask range is denied by default.

Configure the permit node to allow the specified route to pass through, or after the deny node is configured, define an entry of permit 0.0.0.0 0 greater-equal 0 less-equal 32 to permit all routes to pass through.

END