Network Bulls
www.networkbulls.com
Best Institute for CCNA CCNP CCSP CCIP CCIE Training in India
M-44, Old Dlf, Sector-14 Gurgaon, Haryana, India
Call: +91-9654672192
In some cases, a redistribution design calls for all routes to be redistributed, all with the
same metric, and all with the same external route type (if applicable). However, in other
cases, the metrics may need to be set differently for different routes. Additionally, some
designs require that only a subset of the routes should be redistributed, for instance, when
only a few key subnets need to be exposed for connections from a partner. And with routing
protocols that have different types of external routes, such as OSPF and IS-IS, the design
may or may not allow all redistributed routes to be of the same external route type.
All these features require a tool by which IOS can identify the routes that need to be
treated differently, whether given different metrics, filtered, and assigned a different external
route type. IOS provides such a feature by allowing a reference to a route-map from
the redistribute command. In particular, the route-map can perform the following:
■ Identify the subset of the routes to filter or change based on the route’s prefix/length,
plus many other factors.
■ Make filtering choices about which routes are redistributed, and which are not.
■ Set the metric to different values based on information matchable by the route-map.
■ Set the type of External route for different redistributed routes, for example, OSPF
Type 1 for some routes, Type 2 for others.
■ Set a route tag, a unitless integer value that can later be matched with a route-map at
another redistribution point.
This section examines the mechanics of using the redistribute... route-map command option
to filter routes and set the metrics, along with a few other small features.
Note: Chapter 4’s section “Filtering by Using route-maps” describes the logic behind the
route-map command, so this chapter simply reviews the logic as needed. Refer to Chapter
4, “EIGRP Route Summarization and Filtering,” for more detail on route maps.
Overview of Using route-maps with Redistribution
The redistribute command has two mechanisms that allow filtering of routes:
■ The match {internal | external 1 | external 2 | nssa-external} parameters
■ The route-map map-name option
Of these two options, the first applies only when redistributing from OSPF, and matches
routes solely based on the types of routes listed here. However, the route-map referenced
Key
Topic
www.CareerCert.info
Chapter 10: Advanced IGP Redistribution 333
Key
Topic
Table 10-2 match Command Options for Redistribution
match Command Description
match interface interface-type interface-number
[... interface-type interface-number]
Looks at outgoing interface of routes
*match ip address {[access-list-number |
access-list-name] | prefix-list prefix-listname}
Examines route destination prefix and prefix
length
*match ip next-hop {access-list-number |
access-list-name}
Examines route’s next-hop address
*match ip route-source {access-list-number |
access-list-name}
Matches advertising router’s IP address
match metric metric-value [+- deviation] Matches route’s metric, or a range (plus/minus
the configured deviation)
match route-type {internal | external [type–1 |
type–2] | level–1 | level–2}
Matches route type
match tag tag-value [...tag-value] Matches the route tag, which requires that another
router has earlier set the tag
* Can reference multiple numbered and named ACLs on a single match command.
by the redistribute command has many options for identifying routes by matching various
facts about the route.
To identify the routes, route-maps use the match subcommand. The match command can
refer to ACLs and prefix-lists to match anything matchable by those tools, plus match
other facts more directly. Table 10-2 lists the match command options that matter when
using route-maps for IGP redistribution.
A route-map referenced by the redistribute command always attempts to filter routes. If
the route-map matches a particular route with a particular route-map clause, and the action
in that clause is permit, then the route is redistributed. However, if the first route-map
clause matched by a packet has a deny action, the packet is filtered–in other words, not
redistributed. In short, the logic matches the same logic as described in Chapter 4 for
route-maps referenced by the distribute-list command. (Chapter 4 shows how to filter
routes inside EIGRP, without redistributing.)
Additionally, for routes not filtered by the route-map, the route-map can set other values
(like the route’s metric) using the aptly-named set command. Table 10-3 lists the various
route-map set subcommands that can be used to set the values used for routes redistributed
into IGPs.
www.CareerCert.info
334 CCNP ROUTE 642-902 Official Certification Guide
RD1
EIGRP 1 Domain OSPF Domain
R2
12.0/30
R7 17.0/30 18.0/30 R8
R4
14.0/30
All addresses begin 172.30 All addresses begin 172.16
0.0/23 8.0/25
2.0/23 4.0/25
48.0/25
Area 0
26.0/23
Area 3
.101.0/24
.102.0/25
.103.0/26
.104.0/27
.105.0/28
.106.0/29
.107.0/30
Figure 10-1 Sample Internetwork Used for Redistribution Route Map Examples
Filtering Redistributed Routes with Route Maps
As usual, the best way to understand the configuration, and the methods to verify the results,
is to use an example. In this case, the same internetwork used throughout Chapter
9 is used, but with some more routes added. Figure 10-1 shows some of the detail of the
internetwork.
Table 10-3 set Command Options for Redistribution into IGPs
set Command Description
set metric metric-value Sets the route’s metric for OSPF, RIP, and
IS-IS
set metric bandwidth delay reliability
loading mtu
Sets the EIGRP route’s metric values
set metric-type {type–1 | type–2} Sets type of route for OSPF
set tag tag-value Sets the unitless tag value in the route
Key
Topic
www.CareerCert.info
Chapter 10: Advanced IGP Redistribution 335
Prefixes Action
172.16.101.0/24 deny
172.16.102.0/25
172.16.103.0/26
permit
172.16.104.0/27
172.16.105.0/28
deny
172.16.106.0/29
172.16.107.0/30
permit
The internetwork has been preconfigured with mainly defaults, as follows:
■ EIGRP works well on the left side of Figure 10-1.
■ OSPF works well on the right side.
■ Mutual redistribution has been configured on router RD1, with no filtering.
■ All routes use these metric settings: EIGRP (1500 10 255 1 1500), OSPF (20).
Example 10-1 shows the routing protocol configuration on Router RD1 at the beginning
of the example.
Example 10-1 Initial Configuration–Mutual Redistribution, No Filtering
RD1#show run
! lines omitted for brevity
router eigrp 1
redistribute ospf 2
network 172.30.0.0
default-metric 1500 10 255 1 1500
auto-summary
!
router ospf 2
router-id 1.1.1.1
log-adjacency-changes
redistribute eigrp 1 subnets
network 172.16.0.0 0.0.255.255 area 0
Configuring Route Filtering with Redistribution
The configuration shown in Example 10-1 shows mutual redistribution with no filtering.
The next example extends that same configuration to now use a route-map that should
filter routes being redistributed from OSPF process 2 into EIGRP AS 1. Any routes not
mentioned in Table 10-4, but shown in Figure 10-1, should be redistributed.
Table 10-4 Parameters Used in Route Filtering Example
www.CareerCert.info
336 CCNP ROUTE 642-902 Official Certification Guide
The route-map simply needs to match the routes to be filtered with a route-map clause
that has a deny action and match the routes to not be filtered with a clause with a permit
action. Example 10-2 shows two such potential solutions, with route-map names option1
and option2. The general style of the two options, both of which work, is as follows:
■ Option 1: Begin with a match of the routes to be filtered, using extended IP ACLs,
with a deny action so the routes are filtered. Then use a permit clause with no match
command at all, matching and allowing through all remaining routes.
■ Option 2: Begin with a match of the routes to be allowed, matching with prefix lists,
with a permit action. Then use the implicit deny all at the end of the route-map to filter
unwanted routes.
Example 10-2 Redistribution Filtering Configuration Example
! This ACL matches subnet 172.16.101.0, with mask 255.255.255.0
ip access-list extended match-101
permit ip host 172.16.101.0 host 255.255.255.0
! This ACL matches subnets 172.16.104.0 and 172.16.105.0, with masks
! 255.255.255.224 and 255.255.255.240, respectively.
ip access-list extended match-104-105
permit ip host 172.16.104.0 host 255.255.255.224
permit ip host 172.16.105.0 host 255.255.255.240
!
! This prefix list matches the five subnets in area 0
ip prefix-list match-area0-permit seq 5 permit 172.16.14.0/30
ip prefix-list match-area0-permit seq 10 permit 172.16.18.0/30
ip prefix-list match-area0-permit seq 15 permit 172.16.8.0/25
ip prefix-list match-area0-permit seq 20 permit 172.16.4.0/25
ip prefix-list match-area0-permit seq 25 permit 172.16.48.0/25
!
! This prefix list matches the two sets of two area 3 subnets that will
! be permitted to be redistributed
ip prefix-list match-area3-permit seq 5 permit 172.16.102.0/23 ge 25 le 26
ip prefix-list match-area3-permit seq 10 permit 172.16.106.0/23 ge 29 le 30
! The first alternative route-map:
route-map option1 deny 10
match ip address match-101
!
www.CareerCert.info
Chapter 10: Advanced IGP Redistribution 337
route-map option1 deny 20
match ip address match-104-105
!
route-map option1 permit 100
! The second alternative route-map:
route-map option2 permit 10
match ip address prefix-list match-area3-permit
!
route-map option2 permit 20
match ip address prefix-list match-area0-permit
! Finally, the configuration shows the enablement of option 1.
Router eigrp 1
Redistribute ospf 2 route-map option1
Route-map option1 takes the approach of denying the redistribution of some routes, and
then allowing the rest through. The last clause in this route map, with sequence number
100, does not have a match command at all, meaning that it will match any and all routes.
The permit action on this last clause overrides the implied deny all at the end of the
route-map.
The ACLs referenced by route-map option1 show some particular interesting features for
matching routes. With an extended ACL, IOS compares the source IP address parameter
to the subnet number of the route and the destination IP address to the subnet mask of
the route. For example, the permit ip host 172.16.1.0 host 255.255.255.0 command
matches the specific route for subnet 172.16.101.0, specifically with mask 255.255.255.0.
Route-map option2 takes the opposite approach compared to option1, for no other reason
than to just show an alternative. It uses two different prefix lists to match the
routes–one for subnets in area 0, all of which are redistributed, another for subnets in area
3 that should be allowed through the redistribution process. Alternatively, all routes could
have been matched with a single prefix list, with a single permit clause in the option2
route-map.
Finally, the very end of the example shows the syntax of the redistribute command, with
route-map option1 enabled.
Verifying Redistribution Filtering Operations
The redistribution process takes routes from the IP routing table of a router and adds the
appropriate entries to the destination routing protocol’s topology table. The filtering
process prevents some of the routes from being added to the topology table, so an examination
of the destination routing protocol’s topology table shows whether the filtering
www.CareerCert.info
338 CCNP ROUTE 642-902 Official Certification Guide
worked correctly. Additionally, the routing tables of other routers in the destination routing
domain can be checked.
A good redistribution verification plan should check that the correct routes are filtered
and confirm that no extra routes are filtered. In a production environment, that work
might be laborious. With the example shown in Figure 10-1 and Example 10-2, verification
takes a little less time due to the relatively small number of routes and that the subnets
in the OSPF domain all begin with 172.16.
Example 10-3 shows an abbreviated version of the EIGRP topology table on Router RD1.
The show ip route 172.16.0.0 command lists the 12 OSPF subnets that currently exist in
the OSPF domain (as shown in Figure 10-1). The show ip eigrp topology | include
172[.]16 command lists only routes that include text “172.16,” listing only nine
subnets–and omitting the three subnets that should have been filtered, which confirms
that the filtering worked.
Note: The brackets in the show ip eigrp topology | include 172[.]16 command tell IOS
to treat the period as a literal, searching for the text “172.16” in the command output,
instead of treating the period as a wildcard in an IOS regular expression.
Example 10-3 Verifying Redistribution Filtering
RD1#show ip route 172.16.0.0
Routing entry for 172.16.0.0/16, 12 known subnets
Attached (2 connections)
Variably subnetted with 7 masks
Redistributing via eigrp 1
O 172.16.48.0/25 [110/65] via 172.16.18.2, 03:25:56, Serial0/0/1
[110/65] via 172.16.14.2, 03:24:09, Serial0/1/0
C 172.16.18.0/30 is directly connected, Serial0/0/1
C 172.16.14.0/30 is directly connected, Serial0/1/0
O 172.16.8.0/25 [110/65] via 172.16.18.2, 03:25:56, Serial0/0/1
O 172.16.4.0/25 [110/65] via 172.16.14.2, 03:24:49, Serial0/1/0
O IA 172.16.104.0/27 [110/65] via 172.16.14.2, 03:24:44, Serial0/1/0
O IA 172.16.105.0/28 [110/65] via 172.16.14.2, 03:24:44, Serial0/1/0
O IA 172.16.106.0/29 [110/65] via 172.16.14.2, 03:24:44, Serial0/1/0
O IA 172.16.107.0/30 [110/65] via 172.16.14.2, 03:24:44, Serial0/1/0
O IA 172.16.101.0/24 [110/65] via 172.16.14.2, 03:24:44, Serial0/1/0
O IA 172.16.102.0/25 [110/65] via 172.16.14.2, 03:24:44, Serial0/1/0
O IA 172.16.103.0/26 [110/65] via 172.16.14.2, 03:24:44, Serial0/1/0
RD1#show ip eigrp topology | include 172[.]16
P 172.16.48.0/25, 1 successors, FD is 1709056
P 172.16.18.0/30, 1 successors, FD is 1709056
P 172.16.14.0/30, 1 successors, FD is 1709056
www.CareerCert.info
Chapter 10: Advanced IGP Redistribution 339
P 172.16.8.0/25, 1 successors, FD is 1709056
P 172.16.4.0/25, 1 successors, FD is 1709056
P 172.16.106.0/29, 1 successors, FD is 1709056
P 172.16.107.0/30, 1 successors, FD is 1709056
P 172.16.102.0/25, 1 successors, FD is 1709056
P 172.16.103.0/26, 1 successors, FD is 1709056
Besides examining the topology tables on the router doing the redistribution, a show ip
route command on other routers inside the EIGRP domain, like R2, could be used to
confirm the presence and absence of the routes according to the plan. However, the routing
table on the redistributing router will list the routes as learned from the original routing
domain.
Any ACLs or prefix lists used to match packets can also be used as a gauge to tell if the
correct statements matched routes. The show ip access-list [number|name] and show ip
prefix-list detail [name] commands list counters that increment each time IOS matches a
route for redistribution. Particularly when first using the ACL or prefix list, these commands
can confirm which statements have been matched. The counters do increment each
time the router considers whether to redistribute a route. In particular, when a route fails,
and the redistributing router removes the route from the routing table, and then later adds
the route to the routing table again, the counters for matching the ACL or prefix list will increment.
Example 10-4 shows an example of each command, and the appropriate counters.
Example 10-4 Verifying Redistribution Filtering
RD1#show access-list
Extended IP access list match-101
10 permit ip host 172.16.101.0 host 255.255.255.0 (1 match)
Extended IP access list match-104-105
10 permit ip host 172.16.104.0 host 255.255.255.224 (1 match)
20 permit ip host 172.16.105.0 host 255.255.255.240 (1 match)
RD1#show ip prefix-list detail match-area-0-permit
ip prefix-list match-area0-permit:
count: 5, range entries: 0, sequences: 5 - 25, refcount: 3
seq 5 permit 172.16.14.0/30 (hit count: 6, refcount: 1)
seq 10 permit 172.16.18.0/30 (hit count: 5, refcount: 1)
seq 15 permit 172.16.8.0/25 (hit count: 4, refcount: 2)
seq 20 permit 172.16.4.0/25 (hit count: 3, refcount: 3)
seq 25 permit 172.16.48.0/25 (hit count: 2, refcount: 2)
Setting Metrics when Redistributing
Setting a different metric for different redistributed routes requires only a minor amount
of additional configuration. The redistributing router still needs a route-map and still
needs to match the routes. Additionally, to set the metric for routes matched by a particular
clause, the route-map needs the set metric route-map subcommand. When redistributwww.
CareerCert.info
340 CCNP ROUTE 642-902 Official Certification Guide
Table 10-5 Parameters Used in Metric and Tag Setting Example
Prefix Action Metric (Bandwidth, delay, reliability, load,
MTU)
172.16.101.0 deny N/A
172.16.102.0
172.16.103.0
permit 1000 44 255 1 1500
172.16.104.0
172.16.105.0
deny N/A
172.16.106.0
172.16.107.0
permit 100 4444 255 1 1500
All others permit 1500 10 255 1 1500
ing into EIGRP, this command has five parameters (bandwidth, delay, reliability, load, and
MTU). When redistributing into OSPF or RIP, a single integer metric is used.
Configuring the Metric Settings
Continuing with the same internetwork shown in Figure 10-1, and with the same filtering
goals summarized earlier in Table 10-4, Table 10-5 further defines the goals from redistribution
from OSPF into EIGRP in this internetwork. The same routes will be filtered, but
now the metrics of the allowed routes will be set differently as listed in the table.
The requirements in Table 10-5 list three different sets of metrics for the redistributed
routes. To implement this design, the route-map needs at least three clauses: one for each
set of routes for which the metric should differ. The example route-maps listed earlier in
Example 10-2 do not happen to separate the three groups of allowed routes into different
route-map clauses, so a new route-map will be used. Example 10-5 shows the new
configuration. Note that it does make use of one of the old IP prefix-lists, namely
match-area0-permit.
Example 10-5 Route-map to Set Metrics According to Table 10-5
! First, two new prefix lists are added – one to match subnets 102 and 103,
! and another to match subnets 106 and 107.
ip prefix-list match-102-103 seq 5 permit 172.16.102.0/23 ge 25 le 26
!
ip prefix-list match-106-107 seq 5 permit 172.16.106.0/23 ge 29 le 30
! The following is a repeat of the prefix list that matches the five routes
! in area 0
ip prefix-list match-area0-permit seq 5 permit 172.16.14.0/30
ip prefix-list match-area0-permit seq 10 permit 172.16.18.0/30
www.CareerCert.info
Chapter 10: Advanced IGP Redistribution 341
ip prefix-list match-area0-permit seq 15 permit 172.16.8.0/25
ip prefix-list match-area0-permit seq 20 permit 172.16.4.0/25
ip prefix-list match-area0-permit seq 25 permit 172.16.48.0/25
! A new route map to filter and set metrics, with three clauses
route-map set-metric permit 10
match ip address prefix-list match-area0-permit
!
route-map set-metric permit 20
match ip address prefix-list match-102-103
set metric 1000 44 255 1 1500
!
route-map set-metric permit 30
match ip address prefix-list match-106-107
set metric 100 4444 255 1 1500
!
router eigrp 1
default-metric 1500 10 255 1 1500
redistribute ospf 2 route-map set-metric
The new route-map has three explicitly configured clauses, two of which explicitly set the
metric values using the set metric command. However, the first clause (sequence number
10), which matches routes for the five subnets inside area 0, does not use a set metric
command to set the metric. Instead, because this route map clauseomits the set metric
command, routes that match this clause use the metric keyword on the redistribute command,
or if not listed, the metrics as defined by the default-metric EIGRP subcommand.
In this case, because the redistribute command does not list a metric keyword, routes
matched by this clause (sequence number 30) use the metric values listed in the defaultmetric
command.
Verifying the Metric Settings
Verifying the metrics again requires an examination of the EIGRP topology table. In this
case, Example 10-6 displays a couple of views of RD1’s EIGRP topology table, focusing
on routes to 172.16.102.0/25 and 172.16.106.0/29. The configuration in Example 10-5 earlier
set the metrics to different values, and next the output in Example 10-6 shows the
differences:
Example 10-6 Verifying Metrics as Set During Redistribution
RD1#show ip eigrp topology 172.16.102.0/25
IP-EIGRP (AS 1): Topology entry for 172.16.102.0/25
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 1709056
www.CareerCert.info
342 CCNP ROUTE 642-902 Official Certification Guide
Routing Descriptor Blocks:
172.16.14.2, from Redistributed, Send flag is 0x0
Composite metric is (2571264/0), Route is External
Vector metric:
Minimum bandwidth is 1000 Kbit
Total delay is 440 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 0
External data:
Originating router is 172.30.17.1 (this system)
AS number of route is 2
External protocol is OSPF, external metric is 65
Administrator tag is 0 (0x00000000)
RD1#show ip eigrp topology 172.16.104.0/25
% IP-EIGRP (AS 1): Route not in topology table
RD1#show ip eigrp topo 172.16.106.0/29
IP-EIGRP (AS 1): Topology entry for 172.16.106.0/29
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 1709056
Routing Descriptor Blocks:
172.16.14.2, from Redistributed, Send flag is 0x0
Composite metric is (26737664/0), Route is External
Vector metric:
Minimum bandwidth is 100 Kbit
Total delay is 44440 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 0
External data:
Originating router is 172.30.17.1 (this system)
AS number of route is 2
External protocol is OSPF, external metric is 65
Administrator tag is 0 (0x00000000)
!
RD1#show ip prefix-list detail match-102-103
ip prefix-list match-102-103:
count: 1, range entries: 1, sequences: 5 - 5, refcount: 2
seq 5 permit 172.16.102.0/23 ge 25 le 26 (hit count: 14, refcount: 1)
Although you could use variations of the show ip route command to verify the new metrics,
because the redistribution process sets the EIGRP component metrics, the show ip
eigrp topology command displays much more useful verification information.
www.CareerCert.info
Chapter 10: Advanced IGP Redistribution 343
Setting the External Route Type
When redistributing into OSPF, IOS automatically sets the external route type to external
Type 2 (E2). When redistributing into OSPF, IOS can set the type to E1 or E2 by using
the set metric-type {type-1 | type-2} route-map subcommand. When a redistribute OSPF
subcommand references such a route-map, the routes matched by the route-map clause
with the set metric-type command will be designated as that external type in the Type 5
LSA created for that subnet.
Note that the redistribute command also allows the match {internal | external 1 | external
2 | nssa-external} parameters, but these parameters do not set the type or route. Instead,
these parameters match existing routes as part of the process of deciding which
routes to redistribute.
Redistribution Filtering with the distribute-list Command
Using a route-map as referenced on the redistribute command provides many features.
You can filter routes, assign different metrics for different routes, and assign external
route types. You can even assign route tags as discussed later in the section “Preventing
Domain Loops by Filtering on Route-tag Using Distribute Lists.” However, if the plan calls
for route filtering only when redistributing, but none of the other functions supplied by a
route-map are needed, and you can match all the routes with a single ACL or prefix list,
then IOS supports a second style of route filtering configuration using the distribute-list
command.
This book has reviewed two uses of the distribute-list command in earlier chapters
(Chapters 4 and 8), both of which show how to filter routes inside a single routing domain.
For example, Chapter 4 shows how to filter EIGRP routes using the distribute-list command,
both for routing updates received in and for routing updates sent out by a router.
The distribute-list command refers to the direction, and to either an ACL or IP prefix-list,
allowing the routes matched with a permit and filtering routes matched with a deny action.
The distribute-list command can be configured to refer to the routing process from which
routes are redistributed and cause the router to filter routes taken from that process. To do
so, the command must use the out direction, and it must refer to the routing process from
which routes are redistributed. For example, distribute-list 1 out ospf 2, configured under
an EIGRP process, tells EIGRP to apply ACL 1 to routes redistributed from the OSPF
2 process. For another example, under an OSPF process, the distribute-list prefix fred
out eigrp 1 command tells OSPF to apply IP prefix list fred to routes redistributed from
the EIGRP 1 process.
Finally, one note about internals of how this command works. The filtering takes place as
the routes are redistributed. As a result, routes filtered by the distribute-list command
prevent the routes from being added to the topology table of the destination routing protocol.
So, the same verification commands seen in earlier examples, with focus on the
topology tables, can be used to show whether the filtering worked. Also, the counters in
the show ip access-list and show ip prefix-list detail commands also increment to show
whether the filtering worked.
Note: I know of no industry standard name for the problem shown in Figure 10-2. For the
duration of this chapter, I refer to it simply as the domain loop problem.
Preventing Routing Domain Loops with Higher Metrics
One easy method of preventing the domain loop problem is to assign purposefully high
metric values when redistributing routes. For example, consider the case shown in Figure
10-3, with a RIP domain on the left, and OSPF on the right. In this case, the two routers
doing the redistribution (RD1 and RD2) assign OSPF metric 500 when redistributing
routes into OSPF, and metric 5 when redistributing routes into RIP.
First, focus on routes inside the RIP domain. This design prevents the domain loop problem–
routes that send packets from the RIP domain, into OSPF, and back again–if the normal
intra-domain RIP routes never exceed a hop count of 4. Then, all routes redistributed
from RIP into OSPF, and then back into RIP, will at least have a metric of 5. As a result, the
route advertisements that looped back into the RIP domain will always have less desirable
metrics than the RIP advertisements from within the RIP domain.
The same concept applies to OSPF. For routes completely internal to the OSPF domain, if
the highest cost is 499, then the redistribution of external routes as metric 500 makes prevents
the domain loop. For example, a subnet that exists in the OSPF domain could be advertised
into RIP by RD1, and then re-advertised by RD2 back into the OSPF domain–but
with a metric that begins at 500. Again, assuming all the normal OSPF routes that were
not reintroduced as external routes have a cost of less than 500, the domain loop problem
is defeated.
Note that OSPF actually defeats the domain loop problem without using the higher metrics.
OSPF always prefers internal routes over E1 routes, and E1 routes over E2 routes, before
even considering the metrics.
www.CareerCert.info
346 CCNP ROUTE 642-902 Official Certification Guide
Key
Topic
Table 10-6 Default Administrative Distances
Route Type Administrative Distance
Connected 0
Static 1
EIGRP summary route 5
eBGP 20
EIGRP (internal) 90
IGRP 100
OSPF 110
IS-IS 115
RIP 120
On-Demand Routing
(ODR)
160
EIGRP (external) 170
iBGP 200
Unreachable 255
Preventing Routing Domain Loops with Administrative Distance
Each router associates an administrative distance (AD) with every route it considers to
be added to the routing table. When a router must consider multiple routes from different
sources for the exact same prefix/length, the first item considered by the router is not the
metric, but rather the AD. The lower the AD, the better the route.
Note that the AD is a local setting on a router and cannot be advertised to neighboring
routers.
Each routing source has a default AD according to IOS. In some cases, a given routing
source has different defaults for different types of routes inside that routing source. For
example, EIGRP has a separate setting for EIGRP internal routes (AD 90) than EIGRP external
routes (AD 170). Table 10-6 lists the default settings.
EIGRP Default AD Defeats Loop from EIGRP to OSPF to EIGRP
The default AD settings for EIGRP takes care of the domain loop problem when redistributing
between EIGRP and OSPF. First, consider an EIGRP and OSPF domain with two redistribution
points (Routers RD1 and RD2), as shown in Figure 10-4. The figure shows a
general idea of route advertisements for subnet X, which exists in the EIGRP domain.
(Note: to reduce clutter, the figure shows only route advertisements that affect router
RD2’s logic; the same issue exists on both redistributing routers.)
www.CareerCert.info
Chapter 10: Advanced IGP Redistribution 347
EIGRP OSPF
RD1
RD2
Subnet X
Subnet X
Subnet X
Subnet X
Internal
EIGRP
Internal
EIGRP
Subnet X
External
OSPF
External
OSPF
Route from Left:
AD 90
Route from Right:
AD 110
Figure 10-4 Subnet X: Internal EIGRP, External OSPF, on Router RD2
Router RD2 hears about a route for subnet X as an internal EIGRP route (default AD 90)
on the left. RD2 also hears about the subnet as an external OSPF route on the right (default
AD 110). As a result, RD2 will do a couple of things that are important to this discussion:
■ RD2 considers the internal EIGRP route as the best route, because of the lower AD,
and places that route in its own IP routing table.
■ RD2 does not redistribute a route for subnet X, from OSPF back to EIGRP, because
RD2 does not have an OSPF route for subnet X.
The second point is particularly important but easily missed. Remember that routers use
the IP routing table as the basis for route redistribution. Both RD1 and RD2 redistribute
routes in both directions between both domains. However, a route must be in the routing
table before it can be redistributed. Because RD2’s route for subnet X will list its EIGRP
route, RD2’s redistribution from OSPF into EIGRP will not redistribute a route for subnet
X. Because RD2 will not advertise a route for subnet X from OSPF back into EIGRP, the
domain loop has been prevented.
EIGRP Default AD Defeats Loop from OSPF to EIGRP to OSPF
The reverse case–routes taken from OSPF, advertised into EIGRP, and then advertised
back into OSPF–is the more interesting possible domain loop case. However, the default
EIGRP AD settings still defeat the domain loop issue. Figure 10-5 shows an example similar
to Figure 10-4, but this time with subnet Y in the OSPF domain. As before, the focus
of the figure is on the routing advertisements that reach Router RD2, with other details
omitted to reduce clutter.
In this case, Router RD2 hears about a route for subnet Y as an external EIGRP route (default
AD 170) and an internal OSPF route (default AD 110). As a result, RD2 chooses the
OSPF internal route as the best route and adds that to RD2’s routing table. Because RD2
does not have an EIGRP route for subnet Y, RD2 will not redistribute a route for subnet Y
from EIGRP into OSPF, again defeating the domain loop problem.
Key
Topic
www.CareerCert.info
348 CCNP ROUTE 642-902 Official Certification Guide
EIGRP OSPF
RD1
RD2
Subnet Y
Subnet Y
Subnet Y
Subnet X
external
EIGRP
external
EIGRP
internal
OSPF
Subnet Y
internal
OSPF
Route Y from Left:
AD 170
Route Y from Right:
AD 110
Subnet Y
Figure 10-5 Avoiding Domain Loops from OSPF to EIGRP to OSPF
Setting AD per Route Source for Internal and External Routes
The reason that the default EIGRP AD settings work well can be summarized generically
as follows:
For each of the two routing protocols, the AD used for internal routes for one routing
protocol is better than the AD used for external routes by the other routing protocol.
When comparing EIGRP’s and OSPF’s defaults, both of the generic criteria are met:
■ EIGRP internal AD 90 < OSPF external AD 110
■ OSPF internal AD 110 < EIGRP external AD 170
Likewise, when redistributing between EIGRP and RIP:
■ EIGRP internal AD 90 < RIP external AD 120
■ RIP internal AD 120 < EIGRP external AD 170
Note: RIP does not have a concept of internal and external routes; the preceding references
refer to internal routes as routes that exist inside the RIP domain, and external as
routes that exist outside the RIP domain.
When redistributing between OSPF and RIP, the default AD settings do not defeat the domain
loop problem. However, IOS supports the definition of different AD settings for all
routing protocols. With EIGRP, the internal and external AD settings can be overridden,
although the defaults work well for the preventing of domain loops. OSPF can be configured
to use a different AD for external routes, intra-area routes, and interarea routes. RIP,
which does not have a concept of internal and external routes, can only be set with a single
AD value. Table 10-7 shows the router subcommands to set the AD values, per route
category.
www.CareerCert.info
Chapter 10: Advanced IGP Redistribution 349
Table 10-7 Setting AD Values with the distance Command
Routing
Protocol
Command
RIP distance ad-value
EIGRP distance eigrp internal-ad external-ad
OSPF distance ospf {external ad-value} {intra-area ad-value} {inter-area advalue}
The steps noted in the figure are as follows:
Step 1. Router R9 advertises a route for network 172.20.0.0/16 from the RIP domain
into the EIGRP domain where the route is treated with (default) AD 170 as an
external route.
Step 2. Router RD1 redistributes this EIGRP external route into OSPF where it is
treated as an E2 route, AD 110, by default.
Step 3. Router RD2 uses the AD 110 E2 route, rather than the AD 170 EIGRP external
route, as its best route for 172.20.0.0/16. As a result, RD2 can then redistribute
that OSPF route back into EIGRP as an external route.
Step 4. Router R4 learns of two external routes for 172.20.0.0/16, and the routes tie
based on AD (170). R4 may have a better EIGRP metric through RD2, depending
on the metrics used at redistribution, preferring this long route through the
OSPF domain as shown.
This is just one example case for such problems, but the problem exists because the obviously
better route and the longer domain loop route are both external routes. The two
competing routes tie on AD as a result. In the earlier cases, with only two routing domains,
this problem does not occur.
Several solutions exist for such problems. None of the solutions require a lot of extra configuration,
other than that some of the solutions require ACLs or prefix lists that match
the prefixes from the various routing domains. The next three sections address each option,
namely: using per-route AD settings, filtering routes based on prefix/length, and using
route tags.
Using Per-route Administrative Distance Settings
As seen in Table 10-7, you can use the distance router subcommand to set the AD value
per routing protocol, per type (internal and external). The distance command also supports
another syntax in which the router sets the AD for individual routes based on the
following criteria:
■ The router that advertised the routing information
■ Optionally, for the prefixes/lengths of the routes as matched by a referenced ACL
The syntax of the command in this case is
distance distance ip-adv-router wc-mask [acl-number-or-name]
In this command, the required parameters match the neighboring router that advertises a
route. The router with the distance command configured compares the advertising
router’s IP address to the range of addresses implied by the ip-adv-router and wc-mask
parameters of the command, as if these were parameters in an ACL. For routes advertised
by a matching neighbor, that router then applies the AD listed in the command.
Optionally, the distance command can also refer to an ACL. If included, that router compares
the ACL to the prefix/length of each route learned from any matched neighbors and
uses the listed AD only for routes permitted by the ACL.
Example 10-7 Long Route from RD2, into OSPF, for 172.20.0.0/16
! The following is the routing protocol configuration on RD2
router eigrp 1
redistribute ospf 2 metric 1000 200 255 1 1500
network 172.16.0.0
no auto-summary
!
router ospf 2
router-id 3.3.3.3
log-adjacency-changes
redistribute eigrp 1 subnets
network 172.30.0.0 0.0.255.255 area 0
! Next, the long route for 172.20.0.0/16 is listed. This route goes from
! RD2 back into the OSPF domain; interface S0/0/1 connects to router R2.
RD2#show ip route | include 172.20.0.0
O E2 172.20.0.0/16 [110/20] via 172.30.23.2, 00:06:57, Serial0/0/1
! Next, the source of this routing information is listed under the
! text “Known via”. RD2’s current route is learned by OSPF.
RD2#show ip route 172.20.0.0
Routing entry for 172.20.0.0/16
Known via “ospf 2”, distance 110, metric 20, type extern 2, forward metric 128
Redistributing via eigrp 1
Advertised by eigrp 1 metric 1000 200 255 1 1500
Last update from 172.30.23.2 on Serial0/0/1, 00:07:04 ago
Routing Descriptor Blocks:
* 172.30.23.2, from 1.1.1.1, 00:07:04 ago, via Serial0/0/1
Route metric is 20, traffic share count is 1
! RD2 does know a working (successor) route for the same prefix,
! but prefers the lower-AD route (110) through OSPF.
RD2#show ip eigrp topology | section 172.20.0.0
P 172.20.0.0/16, 1 successors, FD is 2611200
via Redistributed (2611200/0)
The comments inside Example 10-7 detail the current state, with the longer route, as
shown in Figure 10-6. Most important, note the “Known via...” text in the output of the
show ip route 172.20.0.0 command. This output specifically states the source of the
route that is currently in the routing table.
Next, Example 10-8 shows the configuration on RD2 to solve this problem by setting
RD2’s AD for that specific route and additional show commands.
www.CareerCert.info
Chapter 10: Advanced IGP Redistribution 353
Example 10-8 Configuring Per-Route AD on Router RD2
RD2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
RD2(config)#router ospf 2
RD2(config-router)# distance 171 1.1.1.1 0.0.0.0 match-172-20
RD2(config-router)#!
RD2(config-router)#ip access-list standard match-172-20
RD2(config-std-nacl)# permit host 172.20.0.0
RD2(config-std-nacl)#^Z
RD2#
! Now the best route for 172.20.0.0 is known from EIGRP 1.
RD2#show ip route 172.20.0.0
Routing entry for 172.20.0.0/16
Known via “eigrp 1”, distance 170, metric 3635200, type external
Redistributing via ospf 2, eigrp 1
Advertised by ospf 2 subnets
Last update from 172.16.34.2 on Serial0/0/0, 00:08:01 ago
! lines omitted for brevity
! The next command lists the matching logic of the distance command.
RD2#show ip protocols | section ospf
Routing Protocol is “ospf 2”
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Router ID 172.30.23.1
It is an autonomous system boundary router
Redistributing External Routes from,
eigrp 1, includes subnets in redistribution
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
172.30.0.0 0.0.255.255 area 0
Reference bandwidth unit is 100 mbps
Routing Information Sources:
Gateway Distance Last Update
1.1.1.1 171 00:00:35
2.2.2.2 110 00:00:35
7.7.7.7 110 00:00:35
Distance: (default is 110)
Address Wild mask Distance List
1.1.1.1 0.0.0.0 171 match-172-20
Redistributing: ospf 2, eigrp 1
www.CareerCert.info
354 CCNP ROUTE 642-902 Official Certification Guide
OSPF EIGRP
172.20.0.0/16
RIP
R9
RD1
RD2
1
2
2
4
3 3
4
Figure 10-8 Preventing Domain Loops with Route Filtering
The configuration, although short, has one possibly counterintuitive twist. The IP address
of the neighboring router, referenced in the distance command in OSPF configuration
mode, will be compared to the OSPF RID of the OSPF router that owns the LSA. In this
case, Router RD1 creates the Type 5 LSA for 172.20.0.0, and RD1’s RID happens to be
1.1.1.1. RD2’s distance 171 1.1.1.1 0.0.0.0 match-172-20 command tells OSPF to look for
LSAs owned by exactly RID 1.1.1.1, and if the prefix is permitted by the match-172-20
ACL, apply AD 171 to this route.
The show ip route 172.20.0.0 command verifies that Router RD1 now prefers its AD 170
EIGRP route for 172.20.0.0/16. The highlighted portions of this command now refers to
routing source EIGRP 1, with the outgoing interface of S0/0/0, which connects RD2 into
the EIGRP domain. Because RD2 no longer has an OSPF route for 172.20.0.0/16, RD2 will
not redistribute such an OSPF route back into EIGRP, defeating the domain loop problem.
Note: A complete solution requires all redistributing routers to perform this kind of configuration,
for all such routes from the third routing domain.
Although this example shows the OSPF version of the distance command, one notable
difference exists between the OSPF version and the RIP and EIGRP distance commands.
When used as a RIP or EIGRP subcommand, the distance command matches the interface
IP address of the neighboring router that advertises the route.
Preventing Domain Loops by Filtering on Subnet While Redistributing
The next tool prevents domain loops by filtering the routes based on prefix. Figure 10-8
shows the idea from a redistribution design perspective.
www.CareerCert.info
Chapter 10: Advanced IGP Redistribution 355
Following are the steps as listed in the figure:
Step 1. Router R9 advertises a route for network 172.20.0.0/16 from the RIP domain
into the EIGRP domain.
Step 2. Routers RD1 and RD2 both redistribute this EIGRP external route into OSPF.
Step 3. Both RD1 and RD2 flood the route advertisement for the OSPF external route
throughout the OSPF domain.
Step 4. Both RD1 and RD2 apply a route-map to their redistribution from OSPF into
EIGRP, filtering routes with prefix 172.20.0.0.
The configuration itself uses the same methods and commands as included earlier in the
section “Filtering Redistributed Routes with Route Maps.”
Interestingly, this design does prevent the long routes, as shown earlier in Figure 10-6, but
it does leave the possibility of a long route on a redistributing router. For example, if using
all default AD settings, RD2 still learns an OSPF (default AD 110) route for 172.20.0.0
from RD1, so it may choose as best route the OSPF route through RD1 as the best route.
Setting the AD for OSPF external routes to something larger than EIGRP’s external AD of
170 would prevent this particular problem as well.
Preventing Domain Loops by Filtering on route-tag Using Distribute Lists
Route tags, the last tool shown in this chapter for preventing the domain loop problem, has
a much broader use than just preventing redistribution problems.
A route tag is a unitless 32-bit integer that most routing protocols can assign to any given
route. The assignment of a tag occurs when some IOS function adds the tag–for instance, it
can be assigned by a route-map referenced by a routing protocol distribute-list or
redistribute command. That tag follows the route advertisement, even through the redistribution
process. At some later point in the flooding of routing information, other IOS tools,
typically other route-maps, can match routes with a given route tag to make a decision.
In some cases, the idea of a route tag creates a mental block because it has no one specific
purpose. The network engineer chooses the purpose of any particular route tag; the purpose
has not been predetermined by a particular protocol. The folks that created the routing
protocol provided us all with a nice, convenient place to add the equivalent of a post-it
note to each route; it’s up to us to decide what the note means.
Figure 10-9 shows one common use of route tags other than for solving the domain loop
problem. In the figure, one large company that uses EIGRP (the middle of the figure)
bought two smaller companies, both of whom use OSPF. The larger company wants to
connect both small companies into the larger network, but they want to prevent hosts in
the two smaller companies from knowing routes to the other smaller company. The figure
shows only left-to-right advertisements of routes to reduce the clutter.
The two routers on the left each redistribute routes from the smaller companies into the
EIGRP. The routers apply a route tag of 1 to each route from OSPF domain 1, and a tag of
2 to routes redistributed from OSPF domain 2. The actual numbers do not matter, as long
as they are unique. On the right, the routers know that the routes from OSPF domain 1
First, note that the configuration does rely on a couple of default route-map actions that
bear some review. In the set-tag-11 route-map, only one route-map clause exists, and that
clause has no match commands. A route-map clause with no match commands matches
all routes, so all routes are assigned tag 11. In the stop-tag-11 route-map, the first clause
lists a deny action, meaning that all routes matched by that clause (all with tag 11) are filtered.
All other routes, for example those routes for subnets native to the OSPF domain,
match the second clause (line number 20), because that second clause does not have a
match command.
Example 10-9 shows the configuration that tags routes coming from EIGRP into OSPF
and then filters routes with that same tag as they go from OSPF into EIGRP. For a complete
solution, the reverse case would also need to be configured, using a different route
tag value.
OSPF EIGRP
set tag 11
Thanks for sharing such a great blog Keep posting..
ReplyDeleteCCNA Training in Gurgaon
CCNA Training institute in Gurgaon
Nice Blog.
ReplyDeleteAlso, check CCNA training in Pune