• Save
CCIE Lab -  IGP Routing
Upcoming SlideShare
Loading in...5
×
 

CCIE Lab - IGP Routing

on

  • 7,650 views

Training Cisco IGP Routing

Training Cisco IGP Routing

Statistics

Views

Total Views
7,650
Views on SlideShare
7,471
Embed Views
179

Actions

Likes
29
Downloads
0
Comments
5

7 Embeds 179

http://www.preparena.com 144
http://www.slideshare.net 18
http://www.linkedin.com 11
http://www.techgig.com 3
http://preparena.com 1
https://www.linkedin.com 1
https://www.blogger.com 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • 1

CCIE Lab -  IGP Routing  CCIE Lab - IGP Routing Presentation Transcript

  • IP Routing Kristof De Brouwer
  • Agenda
    • RIPv2
    • EIGRP
    • OSPF
    • Redistribution
  • IGP RIP
  • RIP
    • Widely available
    • Hop count metric
    • Periodic update
    • Easy to implement
    • Usually free
    • RFC 1058
    • Simple = limited
    • Slow convergence
    • No VLSM
    • No discontiguous subnets
    • Routing loops
    • Count to infinity
  • RIP V2
    • RFC 1723
    • Cisco IOS ™ 11.1 support
    • Variable length subnet masks
    • Route summarization
    • Classless InterDomain Routing (CIDR)
    • Multicast routing updates (TTL 2)
    • Authenticated updates using MD5
  • RIP
    • Default classful  no auto-summary
    • Force unicast  neighbor statement
    • Passive-interface  still receive updates and advertise network but stops sending updates out that interface
    • Route Filtering – Inbound
      • Distribute-list  ACL or Prefix-list
        • ACL:
        • Prefix:
      • Offset-list  Metric 16, poison the route
      • Distance  255, poisoning the route
    access-list 100 permit ip host source host route Distribute-list prefix route gateway source  /32 prefix
  • RIP
    • Route Filtering – Outbound
      • Distribute-list  ACL or Prefix-list
      • Passive-interface
    • Advertise 204.12.1.0/24, but do not send or receive RIP updates on this interafce
    Router rip redistribute connected route-map connected->rip metric 1 Route-map connected->rip permit match interface interface
  • RIP
    • Default-information originate  can be filtered by interface using route-map matching on interface
    Router rip default-information orignate route-map Default Route-map Default permit match interface interface
  • RIP
            • Configure R4 to load balance traffic destined for the OSPF domain between both R5 and SW2
    Router rip offset-list 0 in 1 Serial0/1
  • RIP interface summaries cause routing loops
    • ip summary-address rip network mask
      • No summary route pointing to Null 0 installed in Routing table
  • RIP interface summaries cause routing loops hostname A1 ! interface Loopback0 ip address 10.0.1.1 255.255.255.255 ! interface FastEthernet0/0 description LAN 0 (A1-A2) ip address 10.2.1.1 255.255.255.0 ! interface Serial1/0 description Link to R1(ROUTER) S1/0 ip address 10.0.7.9 255.255.255.252 ip summary-address rip 10.0.1.0 255.255.255.0 ! router rip version 2 network 0.0.0.0
  • RIP interface summaries cause routing loops A2#show ip route rip 10.0.0.0/8 is variably subnetted, 9 subnets, 3 masks R 10.0.7.8/30 [120/1] via 10.2.1.1, 00:00:01, FastEthernet0/0 R 10.0.1.1/32 [120/1] via 10.2.1.1, 00:00:01, FastEthernet0/0 R 10.0.1.0/24 [120/3] via 10.0.7.14, 00:00:04, Serial1/0 R 10.0.1.5/32 [120/1] via 10.0.7.14, 00:00:04, Serial1/0 R 10.0.1.4/32 [120/2] via 10.2.1.1, 00:00:01, FastEthernet0/0 [120/2] via 10.0.7.14, 00:00:04, Serial1/0 R 10.0.7.20/30 [120/1] via 10.0.7.14, 00:00:04, Serial1/0 A1#show ip route rip 10.0.0.0/8 is variably subnetted, 11 subnets, 3 masks R 10.0.1.0/24 [120/4] via 10.2.1.2, 00:00:02, FastEthernet0/0 R 10.0.1.2/32 [120/1] via 10.2.1.2, 00:00:02, FastEthernet0/0 R 10.0.1.4/32 [120/1] via 10.0.7.10, 00:00:04, Serial1/0 R 10.0.1.5/32 [120/2] via 10.2.1.2, 00:00:02, FastEthernet0/0 [120/2] via 10.0.7.10, 00:00:04, Serial1/0 R 10.0.7.12/30 [120/1] via 10.2.1.2, 00:00:02, FastEthernet0/0 R 10.0.7.20/30 [120/1] via 10.0.7.10, 00:00:04, Serial1/0
  • RIP interface summaries cause routing loops A1#trace 10.0.1.18 Type escape sequence to abort. Tracing the route to 10.0.1.18 1 10.2.1.2 4 msec 4 msec 4 msec 2 10.0.7.14 16 msec 4 msec 4 msec 3 10.0.7.22 4 msec 8 msec 8 msec 4 10.0.7.9 16 msec 12 msec 8 msec 5 10.2.1.2 20 msec 12 msec 12 msec 6 10.0.7.14 20 msec 24 msec 20 msec 7 10.0.7.22 28 msec 32 msec 28 msec 8 10.0.7.9 24 msec 24 msec 16 msec 9 10.2.1.2 28 msec 40 msec 20 msec 10 10.0.7.14 28 msec 24 msec 32 msec 11 10.0.7.22 28 msec 32 msec 36 msec 12 10.0.7.9 36 msec 60 msec 32 msec 13 10.2.1.2 40 msec 36 msec 36 msec 14 10.0.7.14 40 msec 40 msec 36 msec
  • RIP interface summaries cause routing loops A2#show ip route rip 10.0.0.0/8 is variably subnetted, 8 subnets, 3 masks R 10.0.7.8/30 [120/1] via 10.2.1.1, 00:00:05, FastEthernet0/0 R 10.0.1.1/32 [120/1] via 10.2.1.1, 00:00:05, FastEthernet0/0 R 10.0.1.5/32 [120/1] via 10.0.7.14, 00:00:07, Serial1/0 R 10.0.1.4/32 [120/2] via 10.2.1.1, 00:00:05, FastEthernet0/0 [120/2] via 10.0.7.14, 00:00:07, Serial1/0 R 10.0.7.20/30 [120/1] via 10.0.7.14, 00:00:07, Serial1/0
  • IGP EIGRP
  • EIGRP
    • Extremely fast convergence
    • VLSM support
    • Discontiguous subnets
    • Route summarization
    • Easy to configure
    • Best of DV and LS
    • Low overhead
    • Guaranteed loop-free
    • Reliable, incremental update based
    • Multiprotocol: IP, IPX ® , AppleTalk
  • EIGRP
    • Protocol 88
    • Multicast 224.0.0.10 (0010.5e00.000a)
      • Blocking EIGRP multicast on L2 :
    • Neighbor statement  Force Unicast
    no ip igmp snooping vlan vlan ! interface interface switchport ip access-group DENY_EIGRP in  only allowed inbound ! ip access-list extended DENY_EIGRP deny eigrp any any permit ip any any ! mac-address-table static 0100.5e00.000a vlan 1363 interface FastEthernet0/1 FastEthernet0/3 FastEthernet0/6
  • EIGRP
    • EIGRP Advertising Routes
    Router eigrp 109 network route wildcard redistribute connected route-map connected->eigrp Route-map connected->eigrp permit 10 match interface interface
  • EIGRP Stub
    • When a router running EIGRP loses its connection to a network, it first searches for alternate loop free paths
    • If it finds none, it then sends queries to each of its neighbors, looking for an alternate path
    B A 10.1.1.0/24 router-a#sho ip eigrp topo IP-EIGRP Topology Table .... P 10.1.1.0/24, 1 successors, FD is 281600 via Connected, Ethernet1/2 router-a#show ip eigrp events Event information for AS 100: .... 12 Active net/peers: 10.1.1.0/24 1 14 FC not sat Dmin/met: 4294967295 128256 15 Find FS: 10.1.1.0/24 128256 .... 18 Conn rt down: 10.1.1.0/24 Ethernet 3/1
  • EIGRP Stub
    • If the neighbor has no path to this destination, it replies
    • The router then removes all references to this route from its local tables
    • In large hub and spoke networks, the hub routers have to build queries and process replies from each of the spokes
    • This limits scaling!
    B A 10.1.1.0/24 router-a#show ip eigrp events Event information for AS 100: 1 NDB delete: 10.1.1.0/24 1 .... 12 Active net/peers: 10.1.1.0/24 1 14 FC not sat Dmin/met: 4294967295 128256 15 Find FS: 10.1.1.0/24 128256 .... 18 Conn rt down: 10.1.1.0/24 Ethernet 3/1
  • EIGRP Stub
    • If these spokes are remotes sites, they have two connections for resiliency, not so they can transit traffic between A and B
    • A should never use the spokes as a path to anything, so there’s no reason to learn about, or query for, routes through these spokes
    B A 10.1.1.0/24 don’t use these paths
  • EIGRP Stub
    • To signal A and B that the paths through the spokes should not be used, the spoke routers can be configured as stubs
    B A 10.1.1.0/24 router#config t# router(config)#router eigrp 100 router(config-router)#EIGRP stub connected
  • EIGRP Stub
    • Marking the spokes as stubs allows them to signal A and B that they are not valid transit paths
    • A will not query stubs, reducing the total number of queries in this example to 1
    • Marking the remotes as stubs also reduces the complexity of this topology; B now believes it only has 1 path to 10.1.1.0/24, rather than 5
    marked as stubs B A 10.1.1.0/24
  • EIGRP Stub
    • If stub connected is configured
      • B will advertise 10.1.2.0/24 to A
      • B will not advertise 10.1.2.0/23 or 10.1.4.0/24
    • If stub summary is configured
      • B will advertise 10.1.2.0/23 to A
      • B will not advertise 10.1.2.0/24 or 10.1.4.0/24
    ip route 10.1.4.0 255.255.255.0 10.1.1.10 ! interface serial 0 ip summary-address eigrp 10.1.2.0 255.255.254.0 ! router eigrp 100 redistribute static 1000 1 255 1 1500 network 10.2.2.2 0.0.0.3 network 10.1.2.0 0.0.0.255 eigrp stub connected eigrp stub summary 10.1.2.0/24 A B 10.2.2.2/30
  • EIGRP Stub
    • If stub static is configured
      • B will advertise 10.1.4.0/24 to A
      • B will not advertise 10.1.2.0/24 or 10.1.2.0/23
    • If stub receive-only is configured
      • B won’t advertise anything to A, so A needs to have a static route to the networks behind B to reach them
    ip route 10.1.4.0 255.255.255.0 10.1.1.10 ! interface serial 0 ip summary-address eigrp 10.1.2.0 255.255.254.0 ! router eigrp 100 redistribute static 1000 1 255 1 1500 network 10.2.2.2 0.0.0.1 network 10.1.2.0 0.0.0.255 eigrp stub static eigrp stub receive-only A B 10.2.2.2/30 10.1.2.0/24
  • EIGRP Stub
    • Any combination of the route types can be specified on the eigrp stub statement, except receive-only , which cannot be used with any other option
    • For example:
      • eigrp stub connected summary redistributed
    • If eigrp stub is specified without any options, it will send connected and summary routes
  • EIGRP Stub
    • At A, you can tell B is a stub using show ip eigrp neighbor detail.
    10.1.2.0/24 A B 10.2.2.2/30 router-a#show ip eigrp neighbor detail IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq Type (sec) (ms) Cnt Num 0 10.2.2.3 Et1/2 10 00:00:50 320 1920 0 7 Version 12.2/1.2, Retrans: 0, Retries: 0 Stub Peer Advertising ( CONNECTED ) Routes
  • EIGRP Stub leak maps
  • EIGRP Stub leak maps R1: router eigrp 10 network 150.1.12.1 0.0.0.0 network 150.1.13.1 0.0.0.0 network 150.1.14.1 0.0.0.0 eigrp stub connected no auto-summary ! R2: router eigrp 10 network 150.1.12.2 0.0.0.0 no auto-summary R3: router eigrp 10 network 150.1.13.3 0.0.0.0 auto-summary R4: router eigrp 10 network 150.1.14.4 0.0.0.0 no auto-summary redistribute rip met 1 1 1 1 1 router rip redistribute eigrp 10 met 1 R2#sh ip route eigrp 150.1.0.0/24 is subnetted, 3 subnets D 150.1.14.0 [90/2195456] via 150.1.12.1, 00:00:23, Serial1/0 D 150.1.13.0 [90/2195456] via 150.1.12.1, 00:00:23, Serial1/0 R3#sh ip route eigrp 150.1.0.0/24 is subnetted, 3 subnets D 150.1.14.0 [90/307200] via 150.1.13.1, 00:01:15, Ethernet0/0 D 150.1.12.0 [90/2195456] via 150.1.13.1, 00:01:15, Ethernet0/0
  • EIGRP Stub leak maps access-list 1 permit 5.5.0.0 0.0.0.255 access-list 1 permit 5.5.1.0 0.0.0.255 route-map EIGRP_LEAK match ip address 1 router eigrp 10 eigrp stub connected leak-map EIGRP_LEAK R2#sh ip route eigrp 5.0.0.0/24 is subnetted, 2 subnets D EX 5.5.0.0 [170/2560537856] via 150.1.12.1, 00:00:28, Serial1/0 D EX 5.5.1.0 [170/2560537856] via 150.1.12.1, 00:00:28, Serial1/0 150.1.0.0/24 is subnetted, 3 subnets D 150.1.14.0 [90/2195456] via 150.1.12.1, 00:00:28, Serial1/0 D 150.1.13.0 [90/2195456] via 150.1.12.1, 00:00:28, Serial1/0 R3#sh ip route eigrp 5.0.0.0/24 is subnetted, 2 subnets D EX 5.5.0.0 [170/2560051456] via 150.1.13.1, 00:00:20, Ethernet0/0 D EX 5.5.1.0 [170/2560051456] via 150.1.13.1, 00:00:20, Ethernet0/0 150.1.0.0/24 is subnetted, 3 subnets D 150.1.14.0 [90/307200] via 150.1.13.1, 00:00:20, Ethernet0/0 D 150.1.12.0 [90/2195456] via 150.1.13.1, 00:00:20, Ethernet0/0
  • EIGRP Stub leak maps
  • EIGRP Stub leak maps
    • If “match interface” options is not used, routes are leaked on all interfaces.
    • If “match interface” option is used, routes are ONLY leaked on the interface matched.
    access-list 1 permit 5.5.0.0 0.0.0.255 access-list 1 permit 5.5.1.0 0.0.0.255 route-map EIGRP_LEAK match ip address 1 match interface e0/0 router eigrp 10 eigrp stub connected leak-map EIGRP_LEAK
  • EIGRP Metric
    • Calculate EIGRP load variance (delay value)
      • Feasible Distance: ((10 7 /BW min ) + (sum of delays))*256
      • Sucessor Metric * Configured Variance Value = Target Metric
      • Target Metric - (10 7 / BW min ) = delay/256
      • set this value as interface delay subtracting the existing interface delay
  • IGP OSPF
  • OSPF
    • Dynamic routing protocol
    • Link state or SPF technology
    • Developed by OSPF working group of IETF (RFC 1253)
    • Intra-autonomous system (IGP)
    • Designed expressly for TCP/IP Internet environment
    • Fast convergence
    • Variable-length subnet masks
    • Discontiguous subnets
    • No periodic updates
    • Route authentication
    • Delivered two years after IGRP
  • OSPF Metric
    • Derived from bandwidth
      • 10 8 /bandwith in bps
    • Configured via
      • Interface sub-command: bandwidth
      • Interface sub-command: ip ospf cost
      • Router sub-command:
      • ospf auto-cost reference-bandwidth
      • neighbor x.x.x.x cost
  • OSPF Areas
    • Rules
      • Backbone area must be present
      • All other areas must have connection to backbone
      • Backbone must be contiguous
      • Always pass through backbone
  • Classification of OSPF Routers
    • Four overlapping categories of routers
    Backbone Routers Internal Routers Area Border Router Autonomous System Boundary Router
  • OSPF Algorithm
    • Network changes generate link-state advertisements (LSA)
    • All routers exchange LSAs to build and maintain a consistent database
    • The protocol remains relatively quiet during steady-state conditions
      • Periodic refresh of LSAs every 30 minutes
      • Otherwise, updates only sent when there are changes
  • OSPF Hello packets
    • Multicast 224.0.0.5, 224.0.0.6 on all router interfaces
    • Hello interval 10 sec. LAN, 30 sec. NBMA
    • Used to form adjacencies between routers
    • Describes the optional capabilities
  • OSPF LSA
    • Type 1 - Represents a router
    • Type 2 - Represents the pseudonode (designated router) for a multiaccess link
    • Type 3 - A network link summary (internal route)
    • Type 4 - Represents an ASBR
    • Type 5 - A route external to the OSPF domain
    • Type 7 - Used in stub areas in place of a type 5 LSA
  • OSPF Areas - Standard
  • OSPF Areas - Stub
  • OSPF Areas – Totally Stuby Area
  • OSPF Areas – Not So Stuby Area
  • OSPF Media Options
    • Point-to-Point
    • Non-Broadcast Multi-Access (NBMA)
    • Multi-access media
  • OSPF Point-to-Point
    • Default on HDLC, PPP and Frame-relay Point-to-Point
    • Hello Interval 10 seconds
    • Dead Interval 40 seconds
    • No DR/BDR Election
    • Multicast updates to 224.0.0.5
    • Next hop address is that of the advertising router
  • OSPF Non-Broadcast Multi-Access
    • Default on Multipoint interface like Frame-relay
    • Hello interval 30 seconds
    • Dead Interval 120 seconds
    • DR/BDR election
    • Updates are sent as unicast
    • Neighbor command required on hub router
    • Next hop is not changed and remains the ip address of the originating router
  • OSPF Multi-access media
    • Default on Ethernet
    • Hello interval 10 seconds
    • Dead Interval 40 seconds
    • DR/BDR election
    • Updates are sent as multicast
    • Next hop  is not changed and remains the ip address of the originating router
  • OSPF MTU Mismatch Issue
    • This problem is common when running OSPF between a switch (i.e 3550 or 3560) and a router. The error message that is generated when this problem occurs is:
    • The resolution is to either adjust the system MTU on the switch or have OSPF ignore the MTU.
      • Change the system MTU on the switch ( system mtu routing 1500 )
      • Have the router and/or switch ignore the MTU ( ip ospf mtu-ignore )
      • Change the interface MTU on the router
    %OSPF-5-ADJCHG: Process 1, Nbr 150.8.5.5 on Vlan258 from DOWN to DOWN, Neighbor Down: Dead timer expired %OSPF-5-ADJCHG: Process 1, Nbr 150.8.2.2 on Vlan258 from EXSTART to DOWN, Neighbor Down: Too many DBD retransmitions
  • External default route in NSSA area
    • Conditional
      • ABR
      • non-OSPF default route
    router ospf 1 log-adjacency-changes area 22 nssa default-information-originate metric 100 metric-type 1 network 0.0.0.0 255.255.255.255 area 22 ! ip route 0.0.0.0 0.0.0.0 Serial0/0
  • External default route in NSSA area ABR-A#show ip ospf database nssa-external | exclude LS|Check OSPF Router with ID (10.0.1.9) (Process ID 1) Type-7 AS External Link States (Area 22) Options: (No TOS-capability, Type 7/5 translation, DC) Link State ID: 0.0.0.0 (External Network Number ) Advertising Router: GW Length: 36 Network Mask: /0 Metric Type: 1 (Comparable directly to link state metric) Metric: 100 Forward Address: 10.0.1.8 External Route Tag: 0 B1#show ip ospf database external | exclude LS|Check OSPF Router with ID (172.16.1.1) (Process ID 1) Type-5 AS External Link States Options: (No TOS-capability, DC) Link State ID: 0.0.0.0 (External Network Number ) Advertising Router: ABR-A Length: 36 Network Mask: /0 Metric Type: 1 (Comparable directly to link state metric) Metric: 100 Forward Address: 10.0.1.8 External Route Tag: 0
  • OSPF Filtering area area-id range ip-address mask not-advertise Interface interface ip ospf database-filter all out 150.1.0.0/16
  • OSPF Filtering based on next hop R1#sh ip route 2.2.2.0 Routing entry for 2.2.2.0/24 Known via "ospf 1", distance 110, metric 74, type intra area Last update from 192.168.1.1 on Serial1/0, 00:00:46 ago Routing Descriptor Blocks: 192.168.1.2 , from 192.168.1.2 , 00:00:46 ago, via Serial1/0 Route metric is 74, traffic share count is 1 * 192.168.1.3 , from 192.168.1.3 , 00:00:46 ago, via Serial1/0 Route metric is 74, traffic share count is 1
  • OSPF Filtering based on next hop router ospf 1 distribute-list route-map ROUTE_FROM_R2 in ! access-list 2 permit 192.168.1.2 ! access-list 12 permit 2.2.2.0 0.0.0.255 ! route-map ROUTE_FROM_R2 deny 10 match ip address 12 match ip next-hop 2 ! route-map ROUTE_FROM_R2 permit 20 R3#sh ip route 2.2.2.0 Routing entry for 2.2.2.0/24 Known via "ospf 1", distance 110, metric 74, type intra area Last update from 192.168.1.1 on Serial1/0, 00:00:46 ago Routing Descriptor Blocks: 192.168.1.3 , from 192.168.1.3 , 00:00:46 ago, via Serial1/0 Route metric is 74, traffic share count is 1
  • OSPF Type 3 LSA Filtering Router(config)# router ospf 1 log-adjacency-changes area 1 filter-list prefix AREA_1_OUT out area 3 filter-list prefix AREA_3_IN in network 10.0.0.0 0.255.255.255 area 3 network 172.16.1.0 0.0.0.255 area 0 network 192.168.0.0 0.255.255.255 area 1 ! ip prefix-list AREA_1_OUT seq 10 permit 10.25.0.0/8 ge 16 ip prefix-list AREA_1_OUT seq 20 permit 172.20.20.0/24 ! ip prefix-list AREA_3_IN seq 10 permit 172.31.0.0/16
  • Challenge: Establish OSPF adjacency on a LAN
    • R1 and R2 should establish OSPF adjacency, but you cannot change or remove any of the existing configuration commands.
    hostname R1 ! interface FastEthernet 0/0 ip address 192.168.1.17 255.255.255.0 ip ospf 1 area 1 ! router ospf 1 hostname R2 ! interface FastEthernet 0/0 ip address 192.168.1.18 255.255.255.252 ip ospf 1 area 1 ! router ospf 1 hostname R1 ! interface FastEthernet 0/0 ip address 192.168.1.17 255.255.255.0 ip ospf 1 area 1 ip ospf network point-to-point ! router ospf 1 hostname R2 ! interface FastEthernet 0/0 ip address 192.168.1.18 255.255.255.252 ip ospf 1 area 1 ip ospf network point-to-point ! router ospf 1
  • Challenge: Establish OSPF adjacency on a LAN
    • Subnet mask checked only on multi-access interfaces
    • Subnet mask ignored on point-to-point links.
    RFC 2328 The generic input processing of OSPF packets will have checked the validity of the IP header and the OSPF packet header. Next, the values of the Network Mask, HelloInterval, and RouterDeadInterval fields in the received Hello packet must be checked against the values configured for the receiving interface . Any mismatch causes processing to stop and the packet to be dropped. In other words, the above fields are really describing the attached network's configuration. However, there is one exception to the above rule: on point-to-point networks and on virtual links, the Network Mask in the received Hello Packet should be ignored .
  • Redistribution
  • Redistribution Fundamentals
    • Routes can be redistributed from one routing protocol to another
    • Routes really aren’t redistributed between protocols
      • Routes are taken from the RIB, not another protocol!
      • The redistributing protocol knows which routes to take from the RIB based on the “known via” information
    EIGRP OSPF Topology Database RIB router#show ip route 10.0.0.0 .... Routing entry for 10.0.0.0/8 Known via “eigrp 100", distance 90, metric 3072256, type internal Redistributing via eigrp 100
  • Redistribution Considerations
    • Routing feedback
      • Suboptimal path selection
      • Routing loops
    • Incompatible routing information
    • Inconsistent convergence time
    172.16 OSPF 172.16 RIP 172.16 OSPF 172.16 RIP Area 300 OSPF RIP 172.16.0.0 ASBR ASBR
  • Filter to Avoid Redistribution Feedback
    • Impose split horizon when redistributing
    EIGRP Process RIP Process Filter 172.16.1.0 Allow 172.16.2.0 Filter 172.16.2.0 Allow 172.16.1.0 172.16.1.0 172.16.2.0
  • Redistribution Filters
    • Filters can control what information is injected into a routing protocol through redistribution
    • Filters can also be used to stop routing loops when mutual redistribution between two routing protocols is configured
    • What information about installed routes does the RIB have (what information can we filter on)?
  • Redistribution Filters
    • Route maps can filter on these fields in the RIB:
    • Match metric
      • Filtering is possible between all protocols based on metric
      • It’s very tricky, as the metric must be exact to match
    • Match tag
      • Some protocols carry route tags: EIGRP, OSPF externals
      • This normally works well, but is sometimes tricky, if the protocol can carry more than one tag
    • Match ip address
      • Matches the prefix, possibly the network mask, depending on the access list type used, etc.
      • More on this in the section on route filtering, later in this presentation
  • Redistribution Filters
    • Route maps can filter on these fields in the RIB:
    • Match ip next-hop
      • Matches on the next hop listed in the routing table
    • Match route-type
      • Internal: EIGRP or OSPF internal routes
      • External: EIGRP or OSPF external routes, type-1 and type-2 options for OSPF
    • Match interface
      • The interface through which the router is forwarding traffic to the destination, as listed in the RIB
  • Redistribution Filters
    • A route is injected into EIGRP as an external; this route is redistributed through B into OSPF
    • The route is transmitted to A through OSPF, and redistributed into EIGRP
    • The metric is set manually in redistribution at A to something lower than the original external injected into EIGRP
    • B prefers this route, building a routing loop
    A EIGRP OSPF B metric 10 metric 2816000 10.1.1.0/24 metric 2560256 metric 2688000 metric 25 metric 2560256
  • Redistribution Filters
    • To filter based on prefixes, configure access lists which match the address ranges used by each section of the network.
    • Use these access lists to filter routes redistributed between protocols.
    access-list 10 permit 10.1.0.0 0.0.255.255 access-list 20 permit 10.2.0.0 0.0.255.255 .... router ospf 100 redistribute eigrp 100 metric 10 distribute-list 10 .... router eigrp 100 redistribute ospf 100 metric 1000 1 255 1 1500 distribute-list 20 .... EIGRP 10.1.0.0/16 OSPF 10.2.0.0/16 A B
  • Redistribution Filters
    • A route is injected into EIGRP as an external; this route is redistributed through B into OSPF
    • The route is transmitted to A through OSPF, and redistributed into EIGRP
    • The route is now blocked by distribute list 10, which breaks the routing loop
    A EIGRP OSPF B metric 10 metric 2816000 10.1.1.0/24 metric 2560256 metric 25
  • Redistribution Filters
    • EIGRP & OSPF can set tags on their external routes
    • Set the tag when redistributing between the protocols. Deny tagged routes at the redistribution point
    route-map ospf->eigrp deny 10 match tag 90 route-map ospf->eigrp permit 20 set tag 110 route-map eigrp->ospf deny 10 match tag 110 route-map eigrp->ospf permit 20 set tag 90 .... router ospf 100 redistribute eigrp 100 metric 10 route-map eigrp->ospf .... router eigrp 100 redistribute ospf 100 metric 1000 1 255 1 1500 route-map ospf->eigrp .... EIGRP 10.1.0.0/16 OSPF 10.2.0.0/16 A B
  • Redistribution Filters
    • 10.1.1.0/24 route is injected into EIGRP as an external; it is redistributed through B into OSPF, and tagged
    • 10.1.1.0/24 is transmitted to A through OSPF; the route is blocked from being redistributed into EIGRP because of the route tag
    A EIGRP OSPF B metric 10 metric 2816000 10.1.1.0/24 metric 2560256 metric 25
  • Redistribution Filters
    • If live routing data is only needed in one direction (normally, this is true), redistribute a static in one direction, and between protocols in the other direction
    ip route 10.2.0.0 255.255.0.0 serial 0/0 .... router ospf 100 redistribute eigrp 100 metric 10 .... router eigrp 100 redistribute static 100 metric 1000 1 255 1 1500 .... EIGRP 10.1.0.0/16 OSPF 10.2.0.0/16 A B
  • Redistribution Filters
    • A route is injected into EIGRP as an external; this route is redistributed through B into OSPF
    • The route is transmitted to A through OSPF; the route is not redistributed back into EIGRP, since redistribution between OSPF and EIGRP is not configured
    A EIGRP OSPF B metric 10 metric 2816000 10.1.1.0/24 metric 2560256 metric 25
  • Route Loops
    • When crossing a redistribution boundary, information is lost
    • A physical or logical loop causes a route to be advertised back to the redistributing router that first advertised it
    • How does the router know which route to accept?
      • Answer: it can’t know
      • Humans have to re-insert the lost information
      • Distribute-lists are the mechanism
  • Ground Rules
    • Under normal operation, there should be exactly one interior routing protocol on any network segment
      • Use “passive-interface” as necessary to ensure this
    • The number of redistribution boundaries should be kept to a minimum
    • Run as few routing protocols as possible
  • Questions? 161