CIS%20185%20CCNP%20ROUTE%20Ch.%204%20Manipulating%20Routing%20Updates%20Part%202 - PowerPoint PPT Presentation

About This Presentation
Title:

CIS%20185%20CCNP%20ROUTE%20Ch.%204%20Manipulating%20Routing%20Updates%20Part%202

Description:

CIS 185 CCNP ROUTE Ch. 4 Manipulating Routing Updates Part 2 Rick Graziani Cabrillo College ... 978-0-13-255033-8 Note There are 155+ s in this presentation ... – PowerPoint PPT presentation

Number of Views:197
Avg rating:3.0/5.0
Slides: 161
Provided by: rig74
Category:

less

Transcript and Presenter's Notes

Title: CIS%20185%20CCNP%20ROUTE%20Ch.%204%20Manipulating%20Routing%20Updates%20Part%202


1
CIS 185 CCNP ROUTECh. 4 Manipulating Routing
UpdatesPart 2
  • Rick Graziani
  • Cabrillo College
  • graziani_at_cabrillo.edu
  • Last Updated Fall 2011

2
Materials
  • Book
  • Implementing Cisco IP Routing (ROUTE) Foundation
    Learning Guide Foundation learning for the ROUTE
    642-902 Exam
  • By Diane Teare
  • Book
  • ISBN-10 1-58705-882-0
  • ISBN-13 978-1-58705-882-0
  • eBook
  • ISBN-10 0-13-255033-4
  • ISBN-13 978-0-13-255033-8

3
Note
  • There are 155 slides in this presentation
  • But we will only be covering the first 80 or so. ?

4
Controlling Routing Update Traffic
5
  • Routing updates are critical but compete with
    user data for bandwidth and router resources.
  • To ensure that the network operates efficiently,
    you must control and tune routing updates.
  • The following are some ways to control or prevent
    dynamic routing updates from being generated
  • Passive interfacePrevents routing updates from
    being sent out an interface.
  • Default routesCan limit or eliminate the need
    for other routes.
  • Static routesCan limit or eliminate the need for
    dynamically learned routes or give greater
    control for specific routes.
  • Route mapsComplex access lists that allow
    conditions to be tested and actions taken to
    modify attributes of the packet or route.
  • Distribute listsA distribute list allows an
    access list to be applied to routing updates.
  • Prefix listsA prefix list is a specialized
    access list designed to filter routes.

6
Route Maps
7
Route Map Applications
  • Several of the more common applications for route
    maps are as follows
  • Route filtering during redistribution distribute
    lists can be used for this purpose but route maps
    offer additional features.
  • Policy-based routing (PBR)Sophisticated static
    routes.
  • NATRoute maps can better control which private
    addresses are translated to public addresses
  • BGPRoute maps are the primary tools for
    implementing BGP policy (later chapter)

8
  • Route maps are like complex access lists that
    allow some conditions to be tested against the
    packet or route in question using match commands.
  • If the conditions match
  • Actions can be taken to modify attributes of the
    packet or route
  • These actions are specified by set commands.
  • BIG difference between route maps and ACLs
  • Route map can modify the packet or route using
    set commands

9
Router(config) route-map map-tag permit deny
sequence-number
  • A route map consists of multiple route map
    statements.
  • Processed top-down, similar to an access list.
  • The first match found for a route is applied.
  • Sequence number Used for inserting or deleting
    specific route map statements in a specific place
    in the route map.
  • The default for the route-map command is
  • permit
  • sequence-number of 10

10
Permit everything else
  • Command match condition
  • Defines the condition to be checked.
  • Command set condition
  • If there is a match and the action to be taken is
    permit
  • Then set defines the action to be followed
  • The consequences of a deny action depend on how
    the route map is being used.
  • Like an ACL there is an implicit deny any at the
    end of a route map.
  • A route map statement without any match commands
    will be considered a match

11
If (x or y or z) and (a) match then set b and
c Else If q matches then set r Else Set nothing
  • A single match statement may contain multiple
    conditions.
  • At least one condition in the match statement
    must be true for that match statement to be
    considered a match
  • Logical OR operation
  • A route map statement may contain multiple match
    statements.
  • All match statements in the route map statement
    must be considered true for the route map
    statement to be considered matched.
  • Logical AND operation

12
Configuring Route Maps to Control Routing Updates
Redistributing into EIGRP
redistribute protocol process-id as-number
metric bw delay reliability load mtu match
internal nssa-external external 1 external
2 tag tag-value route-map map-tag
Redistributing into OSPF
redistribute protocol process-id as-number
metric metric-value transparent
metric-type type-value match internal
external 1 external 2 nssa-external tag
tag-value route-map map-tag subnets
  • The redistribute commands all have a route-map
    option with a map-tag parameter.
  • When used with the redistribute command
  • A route map with permit indicates that the
    matched route will be redistributed.
  • A route map with deny indicates that the matched
    route will NOT be redistributed.

13
  • The match condition commands are used to define
    the conditions to be checked.
  • Some of these commands are used for
  • BGP policy
  • PBR
  • Redistribution filtering.
  • http//www.cisco.com/en/US/tech/tk365/technologies
    _tech_note09186a008047915d.shtml

14
Partial List
  • The set condition changes or add characteristics,
    such as metrics, to any routes that have
  • met a match criterion
  • the action to be taken is permit
  • The consequences of a deny action depend on how
    the route map is being used.
  • http//www.cisco.com/en/US/tech/tk365/technologies
    _tech_note09186a008047915d.shtml

15
Quick Introduction Policy Based Routing (PBR)
ExampleJeff Doyle, Routing TCP/IP Vol. IMore
later in Chapter 5
  • Using PBR is the best way to understand how route
    maps are configured, so here is a quick
    introduction (more later on PBR in chapter 5)
  • Policy routes are nothing more than sophisticated
    static routes.
  • Static routes forward a packet to a specified
    next hop based on destination address of the
    packet.
  • Policy routes can forward a packet to a specified
    next hop based on the source of the packet.
  • Policy routes can also be linked to extended IP
    access lists so that routing may be based on
    protocol types and port numbers.
  • Like a static route, policy route influences the
    routing only on the router on which it is
    configured.

16
Match Options (a sample)
  • Router(config-route-map)match length min max
  • Matches the Layer 3 length of the packet.
  • Router(config-route-map) match ip address
    access-list-number name ...access-list-number
    name
  • Matches the source and destination IP address
    that is permitted by one or more standard or
    extended access lists.
  • If you do not specify a match command, the route
    map applies to all packets.

17
Set Options (a sample)
  • Router(config-route-map)set ip precedence
    number name
  • Sets precedence value in the IP header. You can
    specify either the precedence number or name.
  • Router(config-route-map)set ip next-hop
    ip-address ... ip-address
  • Sets next hop to which to route the packet (the
    next hop must be adjacent).
  • Router(config-route-map)set interface
    interface-type interface-number ... type number
  • Sets output interface for the packet.
  • Router(config-route-map)set ip default next-hop
    ip-address ...ip-address
  • Sets next hop to which to route the packet, if
    there is no explicit route for this destination.
  • Router(config-route-map)set default interface
    interface-type interface-number ... type
    ...number
  • Sets output interface for the packet, if there is
    no explicit route for this destination.

18
Jeff Doyles Peanuts ExampleSingle interface
example source IP address
  • We want to implement a policy on Linus such that
  • Traffic from 172.16.6.0/24 subnet is forwarded to
    Lucy
  • Traffic from 172.16.7.0/24 subnet is forwarded to
    Pigpen
  • All other traffic is routed normally

19
Linus
  • inter S0
  • ip policy route-map Sally
  • route-map Sally permit 10
  • match ip address 1
  • set ip next-hop 172.16.4.2
  • route-map Sally permit 15
  • match ip address 2
  • set ip next-hop 172.16.4.3
  • access-list 1 permit 172.16.6.0 0.0.0.255
  • access-list 2 permit 172.16.7.0 0.0.0.255

Any packets that do no match 15, such as from
172.16.8.0/24 are routed normally.
20
Jeff Doyles Peanuts ExampleSingle interface
example destination IP address
  • Suppose we want to implement a policy on Linus
    such that
  • Traffic to host 172.16.1.1 is forwarded to Lucy
  • Traffic from 172.16.7.1 to host 172.16.1.2 is
    forwarded to Pigpen
  • All other traffic is routed normally

21
Linus
  • inter S0
  • ip policy route-map Sally
  • route-map Sally permit 10
  • match ip address 101
  • set ip next-hop 172.16.4.2
  • route-map Sally permit 15
  • match ip address 102
  • set ip next-hop 172.16.4.3
  • access-list 101 permit ip any host 172.16.1.1
  • access-list 102 permit ip host 172.16.7.1 host
    172.16.1.2

Any packets that do no match 15 are routed
normally.
22
Example
OSPF
RIPv2
10.0.0.0/8
10.1.0.0/16 metric500 E1
172.16.0.0/16 metric500 E1
All other networks metric5,000 E2
  • Redistribute RIP routes into OSPF with the
    following
  • 10.1.0.0/16 and 172.16.1.0/24 networks will be
    redistributed into OSPF with a metric of 500 and
    be E1 routes
  • 10.0.0.0/8 networks will not be redistributed
  • All other routes will be redistributed into OSPF
    with a metric of 5000 and be E2 routes

23
Configuring Route Redistribution using Route Maps
  • router ospf 1
  • redistribute rip route-map redis-rip subnets
  • route-map redis-rip permit 10
  • match ip address 23 29
  • set metric 500
  • set metric-type 1
  • route-map redis-rip deny 20
  • match ip address 37
  • route-map redis-rip permit 30
  • set metric 5000
  • set metric-type 2
  • access-list 23 permit 10.1.0.0 0.0.255.255
  • access-list 29 permit 172.16.1.0 0.0.0.255
  • access-list 37 permit 10.0.0.0 0.255.255.255

10.1.0.0/16 and 172.16.1.0/24 networks will be
redistributed into OSPF with a metric of 500 and
be E1 routes
10.0.0.0/8 networks will not be redistributed
into OSPF
All other routes will be redistributed into OSPF
with a metric of 5000 and be E2 routes
The decision to filter a route or allow the route
through is based on the deny or permit in the
route-map command, and not the deny or permit in
the ACL or prefix list.
24
Using Route Maps to Avoid Route Feedback
OSPF
RIPv2
A
192.168.1.0/24
0 E2 192.168.1.0/24
C
D
B
  • Multi-point boundary routers may cause suboptimal
    routing or routing loops.
  • RIPv2 on Router C advertises network 192.168.1.0.
  • Routers A and B redistribute the network into
    OSPF.
  • OSPF then advertises the route to its neighbor
    OSPF routers as an OSPF external route.
  • The route passes through the OSPF AS and
    eventually makes its way back to the other edge
    router.
  • Router B (or A) then redistributes 192.168.1.0
    from OSPF back into the original RIPv2 network
    this is a routing feedback loop.

25
router ospf 10 redistribute rip subnets router
rip redistribute ospf 10 route-map
OSPF_into_RIP route-map OSPF_into_RIP deny 10
match ip address 1 route-map OSPF_into_RIP
permit 20 access-list 1 permit 192.168.1.0
0.0.0.255
192.168.1.0/24 network will not be redistributed
into RIP
All other routes will be redistributed into RIP
  • To prevent the routing feedback loop, a route map
    called OSPF_into_RIP has been applied to Routers
    A and B when redistributing OSPF routes into RIP.
  • The decision to filter a route or allow the route
    through is based on the deny or permit in the
    route-map command, and not the deny or permit in
    the ACL or prefix list.

26
Using Route Maps With Tags
router eigrp 100 redistribute rip metric 1000
100 255 1 1500 route-map into-eigrp route-map
into-eigrp deny 10 match tag 40 route-map
into-eigrp permit 20 set tag 20
  • route tag A unitless 32-bit integer that most
    routing protocols can assign to any given route.
  • Tag follows the route advertisement, even through
    the redistribution process.
  • Another router may use an IOS tool such as
    route-maps to match routes with a given route tag
    to make a decision.
  • Can be used to help to solve the domain loop
    problem.

27
EIGRP
RIPv2
Tag 40
R1
Tag 20
Tag 40
172.16.0.0/16
10.0.0.0/8
R2
Tag 20
router eigrp 100 redistribute rip metric 1000
100 255 1 1500 route-map into-eigrp router rip
redistribute eigrp 100 metric 3 route-map
into-rip route-map into-eigrp permit 20 set
tag 20 route-map into-rip permit 20 set tag
40
  • Routes redistributed into EIGRP are tagged with
    the value 20
  • Routes redistributed into RIP are tagged with the
    value 40
  • BUT BEFORE we tag and allow a route into the
    domain we want to deny any routes that the other
    router already tagged and allowed in from the
    other domain.

28
EIGRP
RIPv2
Tag 40
R1
X
Tag 40
Tag 40
172.16.0.0/16 11.0.0.0.0/8
10.0.0.0/8
R2
X
Tag 40
router eigrp 100 redistribute rip metric 1000
100 255 1 1500 route-map into-eigrp router rip
redistribute eigrp 100 metric 3 route-map
into-rip route-map into-eigrp deny 10 match
tag 40 route-map into-eigrp permit 20 set tag
20 route-map into-rip deny 10 match tag
20 route-map into-rip permit 20 set tag 40
Updates with the tag 40 are not allowed to go
back into EIGRP
All other updates get a tag 20 are allowed into
EIGRP
29
EIGRP
RIPv2
X
Tag 20
R1
Tag 20
X
Tag 20
172.16.0.0/16
10.0.0.0/8
R2
11.0.0.0.0/8
Tag 20
router eigrp 100 redistribute rip metric 1000
100 255 1 1500 route-map into-eigrp router rip
redistribute eigrp 100 metric 3 route-map
into-rip route-map into-eigrp deny 10 match
tag 40 route-map into-eigrp permit 20 set tag
20 route-map into-rip deny 10 match tag
20 route-map into-rip permit 20 set tag 40
Updates with the tag 20 are not allowed to go
back into RIP
All other updates get a tag 40 are allowed into
RIP
30
R3
11.0.0.0.0/8
  • Notice that the route tags do not appear on the
    routes within the R1 and R2 routers, because
    these routers learn about all routes from both
    RIP and EIGRP directly.

31
R3
11.0.0.0.0/8
  • However, show ip route output from router R3, an
    internal router in the EIGRP network.
  • Notice that router R3 does see network 11.0.0.0
    with a tag of 20 this tag is carried with the
    route as R3 advertises it to other routers in the
    EIGRP network, including R1 and R2.
  • When routers R1 and R2 see the tag of 20, they do
    not redistribute the 11.0.0.0 route back into
    RIP.

32
Using Distribute Lists
33
  • Distribute lists are another way to control
    routing updates.
  • Distribute list allow an access list to be
    applied to routing updates.
  • distribute-list command allow updates to be
    filtered based on factors including the
    following
  • Incoming interface
  • Outgoing interface
  • Redistribution from another routing protocol

34
Configuring Distribute Lists to Control Routing
Updates
  • An implementation plan when planning to configure
    distribute lists
  • Will it be used to permit or deny routes?
  • Will it use an access list or a route map?
  • Will it be applied to the inbound or outbound
    updates?

35
IP Route Filtering with Distribution List
Configuration Example
172.16.0.0
10.0.0.0
RouterB router eigrp 1 network 172.16.0.0
network 192.168.5.0 distribute-list 7 out
serial 0/0/0 access-list 7 permit 172.16.0.0
0.0.255.255
  • distribute-list out command applies access list 7
    to packets going out interface Serial 0/0/0.
  • The access list allows only routing information
    about network 172.16.0.0 to be distributed out
    Router Bs Serial 0/0/0 interface.
  • The implicit deny any at the end of the access
    list prevents updates about any other networks
    from being advertised.
  • As a result, network 10.0.0.0 is hidden.

36
IP Route Filtering with Distribution List
Configuration Example
172.16.0.0
10.0.0.0
  • RouterB
  • router eigrp 1
  • network 172.16.0.0
  • network 192.168.5.0
  • distribute-list 7 out serial 0/0/0
  • access-list 7 deny 10.0.0.0 0.0.0.255
  • access-list 7 permit any
  • Same result.
  • More efficient if there were multiple networks to
    redistribute but only the 10.0.0.0 needed
    filtering.

37
Controlling Redistribution with Distribute Lists
OSPF
RIPv2
s0/0/1
s0/0/3
10.8.0.0/16 10.9.0.0/16 10.10.0.0/16 10.11.0.0/16
B
10.1.0.0/16 10.2.0.0/16 10.3.0.0/16
A
C
10.0.0.0/30
10.0.0.8/30
D
  • A distribute list helps prevent route feedback
    and routing loops.
  • Router B redistributes networks 10.1.0.0 to
    10.3.0.0 from RIPv2 into OSPF.
  • Route feedback could occur when Router D
    redistributes those same networks back into RIP.
  • We will use two access lists, one for each
    redistribution direction.
  • Just to show two ways of doing the same thing we
    will use
  • an ACL with deny (one direction)
  • and
  • an ACL with a permit (the other direction)

38
Denies 10.8.0.0 10.11.0.0 All other networks
permitted
RouterB (Router D would be similar)
router ospf 1 network 10.0.0.8 0.0.0.3 area 0
redistribute rip subnets distribute-list 2 out
rip router rip network 10.0.0.0 version 2
passive-interface serial 0/0/3 redistribute
ospf 1 metric 5 distribute-list 3 out ospf
1 access-list 2 deny 10.8.0.0 0.3.255.255 access-
list 2 permit any access-list 3 permit 10.8.0.0
0.3.255.255
10.8.0.0 to 10.11.0.0, originated by OSPF, are
not redistributed back into OSPF from RIPv2.
All other routes are redistributed into OSPF.
Denies the original OSPF routes (10.8.0.0
through 10.11.0.0) and permits all others
39
Permits 10.8.0.0 10.11.0.0 All other networks
denied
RouterD (Router B would be similar)
router ospf 1 network 10.0.0.8 0.0.0.3 area 0
redistribute rip subnets distribute-list 2 out
rip router rip network 10.0.0.0 version 2
passive-interface serial 0/0/3 redistribute
ospf 1 metric 5 distribute-list 3 out ospf
1 access-list 2 deny 10.8.0.0 0.3.255.255 access-
list 2 permit any access-list 3 permit 10.8.0.0
0.3.255.255
Only permits routes 10.8.0.0 through 10.11.0.0 to
be redistributed into RIPv2.
Permits OSPF networks (10.8.0.0 through
10.11.0.0) and denies all others
40
ACL Ranges
R3(config) access-list 2 deny 10.8.0.0
0.3.255.255 Low end 10. 8. 0. 0
Wildcard mask 0. 3.255.255
---------------- High end 10.11.255.255
  • Its easy!
  • Start with the addresses in ACL which is the low
    end 10.8.0.0
  • Add the wildcard mask 0.3.255.255
  • The result is the high end of the range!
  • ACL range 10.11.255.255 through 10.11.255.255

41
ACL Ranges
R3(config) access-list 2 deny 10.17.32.0
0.0.7.255 Low end 10.17.32.0 Wildcard
mask 0. 0. 7.255
-------------- High end 10.17.39.255
  • Its easy!
  • Start with the addresses in ACL which is the low
    end 10.17.32.0
  • Add the wildcard mask 0.0.7.255
  • The result is the high end of the range!
  • ACL range 10.17.32.0 through 10.17.39.255

42
Using Prefix Lists
43
Route Filtering
Distribute-List
Route-map
ACL
Prefix-List
  • Distribute lists as route filters has several
    drawbacks, including
  • A subnet mask cannot be easily matched.
  • Access-lists are evaluated sequentially for every
    IP prefix in the routing update.
  • An extended access-lists can be cumbersome to
    configure.
  • Note Distribute-list with a route map is a
    special case for OSPF
  • http//www.cisco.com/en/US/docs/ios/12_0s/feature/
    guide/routmap.html

44
  • Advantages of using prefix lists
  • Significant performance improvement over access
    lists in loading and route lookup of large lists.
    (Uses a tree structure)
  • Support for incremental modifications.
  • You can add and remove individual lines without
    removing the entire list.
  • A more user-friendly command-line interface.
  • Greater flexibility.
  • Routers can match network numbers in a routing
    update against the prefix-list using as many bits
    as indicated.
  • Routers can specify the size of the subnet mask,
    or that the subnet mask must be in a specified
    range.

45
Prefix-list concepts
ip prefix-list list-name seq seq-value deny
permit prefix/prefix-lengthge ge-value le
le-value
  • The route prefix (the subnet address)
  • The prefix length (the subnet mask)
  • Each command has a permit or deny action
  • Only used for matching routes.
  • Not used for packet filtering.
  • Just implies whether a route is matched (permit)
    or not (deny).
  • Sequence numbers are used for the insertion and
    deletion of individual commands.

46
Prefix-list Concepts
ip prefix-list list-name seq seq-value deny
permit prefix/prefix-lengthge ge-value le
le-value
  • Prefix-list Logic
  • The routes prefix must be within the range of
    addresses implied by the prefix-list commands
    prefix/prefix-length parameters.
  • The routes prefix length must match the range of
    prefixes implied by the prefix-list command's
    prefix-length, ge, and le parameters.
  • What???

47
Prefix-list concepts
ip prefix-list list-name seq seq-value deny
permit prefix/prefix-lengthge ge-value le
le-value
  • Examining the Prefix
  • prefix/prefix-length
  • Prefix Address to be used for matching.
  • Prefix length How much of the address must
    match.
  • 10.0.0.0/8
  • Any number (address) whose first 8 bits (/8)
    match 10.0.0.0.
  • Examples coming soon!

48
Prefix-list concepts
ip prefix-list list-name seq seq-value deny
permit prefix/prefix-lengthge ge-value le
le-value
  • Examining the Prefix Length
  • Blank Exact match.
  • ge ge-value Subnet mask must be at least this
    length up to /32.
  • le le-value Subnet mask must be this length or
    less, but at least the length of the
    prefix-length.
  • ge ge-value le le-value Subnet mask must fall
    within this range
  • The ge value must be larger than the configured
    prefix length in the base part of the command.
  • ip prefix-list list1 permit 1.0.0.0/8 ge 7 would
    be rejected
  • The ge value (7) is less than the configured
    prefix-length (/8).
  • Examples coming next!

49
Match the Prefix List with the appropriate routes
1. 10.0.0.0/8 2. 10.128.0.0/9 3.
10.1.1.0/24 4. 10.1.2.0/24 5.
10.128.10.4/30 6. 10.128.10.8/30
  • 10.0.0.0/8
  • Routes matched 1
  • Reason Without ge or le configured, both the
    prefix (10.0.0.0) and length (8) must be an exact
    match.

ip prefix-list list-name seq seq-value deny
permit prefix/prefix-length ge ge-value
le le-value
50
Match the Prefix List with the appropriate routes
1. 10.0.0.0/8 2. 10.128.0.0/9 3.
10.1.1.0/24 4. 10.1.2.0/24 5.
10.128.10.4/30 6. 10.128.10.8/30
  • 10.0.0.0/8 ge 9
  • Routes matched 2 - 6
  • Reason The 10.0.0.0/8 means all routes whose
    first octet is 10. The prefix length must be
    between 9 and 32, inclusive.

ip prefix-list list-name seq seq-value deny
permit prefix/prefix-length ge ge-value
le le-value
51
Match the Prefix List with the appropriate routes
1. 10.0.0.0/8 2. 10.128.0.0/9 3.
10.1.1.0/24 4. 10.1.2.0/24 5.
10.128.10.4/30 6. 10.128.10.8/30
  • 10.0.0.0/8 ge 24 le 24
  • Routes matched 3, 4
  • Reason The 10.0.0.0/8 means all routes whose
    first octet is 10, and the prefix range is 24 to
    24 meaning only routes with prefix length 24.

ip prefix-list list-name seq seq-value deny
permit prefix/prefix-length ge ge-value
le le-value
52
Match the Prefix List with the appropriate routes
1. 10.0.0.0/8 2. 10.128.0.0/9 3.
10.1.1.0/24 4. 10.1.2.0/24 5.
10.128.10.4/30 6. 10.128.10.8/30
  • 10.0.0.0/8 le 28
  • Routes matched 1 - 4
  • Reason The prefix length needs to be between 8
    and 28, inclusive.

ip prefix-list list-name seq seq-value deny
permit prefix/prefix-length ge ge-value
le le-value
53
Match the Prefix List with the appropriate routes
1. 10.0.0.0/8 2. 10.128.0.0/9 3.
10.1.1.0/24 4. 10.1.2.0/24 5.
10.128.10.4/30 6. 10.128.10.8/30
  • 0.0.0.0/0
  • Routes matched none
  • Reason
  • 0.0.0.0/0 means match all prefixes.
  • Because no le nor ge parameter is configured, the
    /0 also means that the prefix length must be
    exactly 0.
  • Only a default route would match this prefix
    list.

ip prefix-list list-name seq seq-value deny
permit prefix/prefix-length ge ge-value
le le-value
54
Match the Prefix List with the appropriate routes
1. 10.0.0.0/8 2. 10.128.0.0/9 3.
10.1.1.0/24 4. 10.1.2.0/24 5.
10.128.10.4/30 6. 10.128.10.8/30
  • 0.0.0.0/0 le 32
  • Routes matched All
  • Reason
  • The range implied by 0.0.0.0/0 is all IPv4
    addresses.
  • The le 32 then implies any prefix length between
    0 and 32, inclusive.
  • This is the syntax for match all prefix list
    logic.

ip prefix-list list-name seq seq-value deny
permit prefix/prefix-length ge ge-value
le le-value
55
Filtering with Prefix Lists
ip prefix-list list-name seq seq-value deny
permit prefix/prefix-lengthge ge-value le
le-value
  • We will use examples to see how this works!
  • Whether a prefix is permitted or denied is based
    on the following rules
  • An empty prefix list permits all prefixes.
  • If a prefix is permitted, the route is used.
  • If a prefix is denied, the route is not used.
  • Prefix lists consist of statements with sequence
    numbers.
  • The router begins the search for a match at the
    top of the prefix list, which is the statement
    with the lowest sequence number.
  • When a match occurs, the router does not need to
    go through the rest of the prefix list.
  • For efficiency, you might want to put the most
    common matches (permits or denies) near the top
    of the list (lower sequence number).
  • An implicit deny is assumed if a given prefix
    does not match any entries in a prefix list.

56
Configuring Prefix Lists
ip prefix-list list-name seq seq-value deny
permit prefix/prefix-lengthge ge-value le
le-value
57
s0/0/0
  • Permit 10.0.0.0 through 10.3.0.0 to be
    redistributed from RIP into OSPF.
  • Permit 10.8.0.0 through 10.11.0.0 to be
    redistributed from OSPF into RIP.

58
10.0.0.0/14 First 14 bits must be 00001010.000000
xxx 10.4.0.0 and higher would not be a match
00001010.000001xxx
s0/0/0
router ospf 1 network 10.0.0.8 0.0.0.0 area 0
redistribute rip route-map intoOSPF
subnets router rip network 10.0.0.0 version
2 passive-interface serial 0/0/0 redistribute
ospf 1 route-map intoRIP metric 5 route-map
intoOSPF permit 10 match ip address prefix-list
PFX1 route-map intoRIP permit 10 match ip
address prefix-list PFX2 ip prefix-list PFX1
permit 10.0.0.0/14 ip prefix-list PFX2 permit
10.8.0.0/14
Uses prefix list PFX1 this permits 10.0.0.0/14,
which includes 10.0.0.0 through 10.3.0.0
Uses prefix list PFX2 this permits 10.8.0.0/14,
which includes 10.8.0.0 through 10.11.0.0
Network/Length must be an exact match
59
Two methods for controlling routing updates
  • You can apply a combination of prefix-lists,
    distribute-lists, and route-maps on incoming or
    outgoing information, or both.

60
OSPF
EIGRP
192.168.253.0/24
.1
.1
192.168.2.0/24
.1
R1
.1
R3
10.2.7.0/24
10.3.7.0/24
.1
.2
.2
192.168.254.0/24
R2
192.168.1.0/24
.1
  • R1 is redistributing EIGRP into OSPF
  • R2 redistributing OSPF into EIGRP
  • Notice that there are links between R1 and R2,
    one in OSPF and one in EIGRP.

61
AD 170
AD 110
AD 170
AD 170 Better Metric
  • R3 injects 192.168.254.0 and 192.168.253.0 into
    EIGRP (AD 170)
  • R1 translates those EIGRP advertisements into
    OSPF (AD 110), with a specified seed metric.
  • These OSPF advertisements are translated back
    into EIGRP by router R2 (AD 170).
  • However, as we shall see, the resulting metric is
    better than the one advertised by R3, so R1
    determines that the best path to R3's loopback
    address is via R2.
  • We shall also see that there is a routing loop in
    this network.

62
AD 170
AD 170 Better Metric
  • R1 is learning about this route from router R2,
    10.3.7.2, instead of directly from router R3.
  • This is suboptimal routing..

63
AD 170
AD 170 Better Metric
  • Notice the routing loop between R1 and R2.
  • This network has a routing loop as well as
    suboptimal routing.

64
  • The metric via R2 (28160), is much lower than the
    metric via R3 (2297856).
  • This is why R1 chooses the path via R2 instead of
    via R3.
  • However, the path via R2 is the redistributed
    route from OSPF, and the route was redistributed
    into OSPF by R1.
  • The result is the routing loop and suboptimal
    routing.

65
  • We confirm this by examining R2's routing table
    entry for 192.168.254.0
  • Notice that this route is known by OSPF.
  • Also notice that this route is being
    redistributed into EIGRP, and a seed metric of
    10000000 0 255 1 500 is specified.
  • It seems that R1 views this seed metric as better
    than R3's metric for the 192.168.254.0 network.

66
Tag 1000 AD 170
AD 170
X
AD 170 Tag 1000
  • Goal
  • Have all EIGRP routers use R3 to forward traffic
    to the 192.168.253.0 and 192.168.254.0 networks
  • Process
  • At R1/R2 Tag 1000 to 192.168.253.0 and
    192.168.254.0 networks as they are redistributed
    into OSPF
  • At R1/R2 Deny all routes with a Tag of 1000 as
    they are redistributed into EIGRP
  • This will ensure that EIGRP routers only have the
    route to R3 for the 192.168.253.0 and
    192.168.254.0 networks in their routing tables.

67
SETTAG
s0/0/0
s0/0/0
MATCHTAG
  • R1(config) router ospf 1
  • R1(config-router) redistribute eigrp 1 metric 4
    subnets route-map SETTAG
  • R1(config) router eigrp 1
  • R1(config-router) redistribute ospf 1 metric 100
    100 125 125 1500 match external 1 external 2
    route-map MATCHTAG
  • R1(config) route-map SETTAG permit 10
  • R1(config-route-map) match ip address prefix-list
    EXTERNAL
  • R1(config-route-map) set tag 1000
  • R1(config-route-map) exit
  • R1(config) route-map SETTAG permit 20
  • R1(config-route-map) exit
  • R1(config) route-map MATCHTAG deny 10
  • R1(config-route-map) match tag 1000
  • R1(config-route-map) exit
  • R1(config) route-map MATCHTAG permit 20
  • R1(config) ip prefix-list EXTERNAL seq 5 permit
    192.168.253.0/24 le 32

68
SETTAG
Used two tags, one for each redistribution
direction.
s0/0/0
MATCHTAG
  • R1(config) router ospf 1
  • R1(config-router) redistribute eigrp 1 metric 4
    subnets route-map SETTAG
  • R1(config) router eigrp 1
  • R1(config-router) redistribute ospf 1 metric 100
    100 125 125 1500 match external 1 external 2
    route-map MATCHTAG
  • R1(config) route-map SETTAG permit 10
  • R1(config-route-map) match ip address prefix-list
    EXTERNAL
  • R1(config-route-map) set tag 1000
  • R1(config-route-map) exit
  • R1(config) route-map SETTAG permit 20
  • R1(config-route-map) exit
  • R1(config) route-map MATCHTAG deny 10
  • R1(config-route-map) match tag 1000
  • R1(config-route-map) exit
  • R1(config) route-map MATCHTAG permit 20
  • R1(config) ip prefix-list EXTERNAL seq 5 permit
    192.168.253.0/24 le 32

69
Verify
70
  • Verify

71
  • No Feasible Successor because the route was
    denied.
  • Didnt even have a chance to try.

72
  • Type-5 LSA (192.168.254.0) has a Tag of 1000

73
  • Notice the hit counts for each sequence number in
    the prefix list in the command output, indicating
    how many times the prefix list matched the
    networks.

74
Alternative Approach
TAGS
Tag 1000 AD 170
AD 170
X
AD 170 Tag 1000
s0/0/0
TAGS
  • R1(config) router ospf 1
  • R1(config-router) redistribute eigrp 1 metric 4
    subnets route-map TAGS
  • R1(config) router eigrp 1
  • R1(config-router) redistribute ospf 1 metric
    1000000 0 255 1 800 route-map TAGS
  • R1(config) route-map TAGS deny 10
  • R1(config-route-map) match tag 1000
  • R1(config-route-map) exit
  • R1(config) route-map TAGS permit 20
  • R1(config-route-map) set tag 1000
  • An alternative, simpler, configuration for the R1
    and R2 routers
  • This configuration uses only one route map, TAGS,
    applied to both OSPF and EIGRP redistribution.
  • The route map
  • Denies (does not redistribute) routes that are
    tagged
  • Permits (redistributes) all other routes after
    setting their tag

75
Alternative Approach
Tag 1000 AD 170
AD 170
X
AD 170 Tag 1000
  • We solved the routing loop problem however we
    still have suboptimal routing

76
Alternative Approach
Tag 1000 AD 170
AD 170
X
AD 170 Tag 1000
  • Comparing the routing tables of R1 and R2 for the
    192.168.254.0 network
  • Notice the administrative distance of the routes.
  • R2 is learns the route from R1 with an
    administrative distance of 110 (from OSPF).
  • R2 also learns the route from R3, just as R1
    does, with an administrative distance of 170
    (from external EIGRP).
  • R2 chooses the route with the lowest
    administrative distance, and therefore chooses
    the route via R1

77
Alternative Approach
Tag 1000 AD 170
AD 170
X
AD 170 Tag 1000
  • The trace output confirms the route R2 is taking.

78
Alternative Approach
TAGS
Tag 1000 AD 180
AD 170
X
AD 170 Tag 1000
s0/0/0
TAGS
  • R1(config) router ospf 1
  • R1(config-router) redistribute eigrp 1 metric 4
    subnets route-map TAGS
  • R1(config-router) distance ospf external 180
  • R1(config) router eigrp 1
  • R1(config-router) redistribute ospf 1 metric
    1000000 0 255 1 800 route-map TAGS
  • R1(config) route-map TAGS deny 10
  • R1(config-route-map) match tag 1000
  • R1(config-route-map) exit
  • R1(config) route-map TAGS permit 20
  • R1(config-route-map) set tag 1000
  • distance ospf external 180 command in OSPF
    configuration mode results in the following,
    assuming all other AD values default
  • OSPF internal AD 110 lt EIGRP external AD 180
  • EIGRP external AD 170 lt EIGRP -gt OSPF external AD
    180
  • R2 to R3 is now the preferred route

79
A few more samples if you care to review the rest
of the slides
80
Prefixes Action
172.16.101.0/24 deny
172.16.102.0/25 172.16.103.0/26 permit
172.16.104.0/27 172.16.105.0/28 deny
172.16.106.0/29 172.16.107.0/30 permit
  • Option1 Match of the routes to be filtered
    (denied), using extended IP ACLs, using a deny
    action so the routes are filtered.
  • Then use a permit clause with no match command to
    matching and allow all remaining routes to be
    redistributed.
  • Note This will also permit all other routes.

81
router eigrp 1 redistribute ospf 2 route-map
option1 route-map option1 deny 10 match ip
address match-101 route-map option1 deny 20
match ip address match-104-105 route-map option1
permit 100 ip access-list extended match-101
permit ip host 172.16.101.0 host
255.255.255.0 ip access-list extended
match-104-105 permit ip host 172.16.104.0 host
255.255.255.224 permit ip host 172.16.105.0 host
255.255.255.240
Match and Deny Permit all
Extended ACL compares the source IP address
parameter to the subnet number of the route, and
the destination IP address to the subnet mask of
the route. Could have used standard ACL subnet
and wildcard mask
  • Could be a single route-map and single ACL
  • Two statements because we will modify this later

The decision to filter a route or allow the route
through is based on the deny or permit in the
route-map command, and not the deny or permit in
the ACL or prefix list.
82
1500 10 255 1 1500
1000 44 255 1 1500
100 4444 255 1 1500
Prefixes Action Metric (Bandwidth, delay, reliability, load, MTU)
172.16.101.0 permit Default 1500 10 255 1
172.16.102.0 172.16.103.0 permit 1000 44 255 1 1500
172.16.104.0 172.16.105.0 permit Default 1500 10 255 1
172.16.106.0 172.16.107.0 permit 100 4444 255 1 1500
All others permit 1500 10 255 1 1500
  • Redistribution from OSPF into EIGRP.
  • This time all routes will be redistributed.
  • But now the metrics of the allowed routes will be
    set differently as listed in the table .
  • We will need at least three clauses one for each
    set of routes for which the metric should differ.

83
1500 10 255 1 1500
1000 44 255 1 1500
100 4444 255 1 1500
router eigrp 1 default-metric 1500 10 255 1
1500 redistribute ospf 1 route-map
set-metric route-map set-metric permit 10 match
ip address prefix-list match-102-103 set metric
1000 44 255 1 1500 route-map set-metric permit
20 match ip address prefix-list match-106-107
set metric 100 4444 255 1 1500 route-map
set-metric permit 30 ip prefix-list
match-102-103 seq 5 permit 172.16.102.0/23 ge 25
le 26 ip prefix-list match-106-107 seq 5 permit
172.16.106.0/23 ge 29 le 30
Match, Permit, Set Metric Match, Permit, Set
Metric Permit All (default-metric)
84
All other routes default E2
E1
  • When redistributing into OSPF, IOS automatically
    sets the external route type to external type 2
    (E2).
  • However, we want the 172.31.0.0/16 route to have
    the external type 2 (E2)

85
All other routes default E2
E1
router ospf 1 redistribute eigrp 1 route-map
set-external subnets route-map set-external 10
match ip address prefix-list match-172-31 set
metric-type type-1 route-map set-external 20 ip
prefix-list match-172-31 seq 5 permit
172.31.0.0/16
Permits all other routes but leaves external
route type as the default E2.
  • When redistributing into OSPF, IOS can set the
    type to E1 or E2 by using the set metric-type
    type-1 type-2 route-map subcommand.

86
We will end here but here are some additional
examplesfor your enjoyment (FYI)
87
Highly Recommended
  • This presentation is based on the approach from
    Wendell Odoms book, BSCI Exam Certification
    Guide (Cisco Press).
  • For anyone wishing to take this exam and/or get
    additional information, this book is highly
    recommended.

88
Distribute-list (review)
89
Distribute Lists and Prefix Lists
Distribute List
Route-Map
ACL
Prefix-List
  • Prefix-list uses a distribute-list router
    subcommand.
  • Another tool for matching routes.
  • Can examine both the prefix (network address) and
    the prefix length (subnet mask).
  • Or a range of ether
  • ACLs matched only the prefix of the route (subnet
    number), IP prefix lists always examine both the
    prefix and prefix length.

90
Verifying - BEFORE Distribute List
R4 show ip route include 10. 10.0.0.0/8 is
variably subnetted, 8 subnets, 4 masks D
10.0.0.8/30 90/2681856 via 10.0.0.13, 000628,
Ser0/0 C 10.0.0.12/30 is directly connected,
Serial0/0 D 10.0.0.0/30 90/3193856 via
10.0.0.13, 000628, Ser0/0 D 10.0.0.4/30
90/2681856 via 10.0.0.13, 000628, Ser0/0 D
10.17.35.0/25 90/2684416 via 10.0.0.13,
000615, Ser0/0 D 10.17.34.0/24
90/2684416 via 10.0.0.13, 000304, Ser0/0 D
10.17.32.0/23 90/2684416 via 10.0.0.13,
000558, Ser0/0 D 10.17.36.0/26
90/2172416 via 10.0.0.13, 000628, Ser0/0 D
10.17.36.64/26 90/2172416 via 10.0.0.13,
000628,Ser0/0
  • Notice the option with the pipe!

91
Verifying BEFORE Distribute List
R4 show ip route include 10.17 D
10.17.35.0/25 90/2684416 via 10.0.0.13,
000416, Ser0/0 D 10.17.34.0/24 90/2684416
via 10.0.0.13, 000304, Ser0/0 D
10.17.32.0/23 90/2684416 via 10.0.0.13,
000359, Ser0/0 D 10.17.36.0/26 90/2172416
via 10.0.0.13, 000429, Ser0/0 D
10.17.36.64/26 90/2172416 via 10.0.0.13,
000429,Ser0/0
92
Distribute List
R3(config) router eigrp 1 R3(config-router)
distribute-list 2 out ser 0/2 R3(config)
access-list 2 deny 10.17.32.0 0.0.7.255 R3(config)
access-list 2 permit any 013134
DUAL-5-NBRCHANGE IP-EIGRP 1 Neighbor 10.0.0.14
(Serial0/2) is down route configuration
changed 013138 DUAL-5-NBRCHANGE IP-EIGRP 1
Neighbor 10.0.0.14 (Serial0/2) is up new
adjacency
  • This distribute list filters all EIGRP updates
    for the LANs, 10.17.32.0 through 10.17.36.64,
    going to R4.

93
Verifying Distribute List - AFTER
R4 show ip route 172.16.0.0/24 is
subnetted, 2 subnets C 172.16.1.0 is
directly connected, FastEthernet0/0 C
172.16.2.0 is directly connected,
FastEthernet0/1 10.0.0.0/30 is subnetted, 4
subnets D 10.0.0.8 90/2681856 via
10.0.0.13, 000126, Serial0/0 C 10.0.0.12
is directly connected, Serial0/0 D 10.0.0.0
90/3193856 via 10.0.0.13, 000126, Serial0/0 D
10.0.0.4 90/2681856 via 10.0.0.13,
000126, Serial0/0
  • Only has serial 10 networks which were not in
    the range ACL range 10.17.32.0 through
    10.17.36.64

94
Verifying Distribute List - AFTER
R4 show ip route include 10.17 R4 R1 show
ip route include 10.17 D 10.17.35.0/25
90/2172416 via 10.0.0.2, 002550, Ser0/0 C
10.17.34.0/24 is directly connected,
FastEthernet0/1 C 10.17.32.0/23 is directly
connected, FastEthernet0/0 D 10.17.36.0/26
90/2172416 via 10.0.0.6, 002550, Ser0/1 D
10.17.36.64/26 90/2172416 via 10.0.0.6,
002550,Ser0/1 R1
  • R4 does not have any of the 10.17 routes.
  • R1 still has all the routes, including the
    10.17 routes.

95
Redistribution into EIGRP
96
Our Topology
OSPF 1
EIGRP 1
  • R2-E-O is running
  • EIGRP for 172.30.0.0 network
  • OSPF for 172.6.0.0 network
  • No longer using 192.168.1.0 or 10.0.0.0, R2s
    directly connected networks, from previous
    presentation.
  • Additional networks on R4.

97
Redistribution Part 1
R2 summary router eigrp 1 redistribute
connected redistribute ospf 1 network
172.30.0.0 default-metric 1000 33 255 1 1500
auto-summary ! router ospf 1 redistribute
connected redistribute eigrp 1 subnets
metric-type 1 network 10.0.0.0 0.0.0.255 area 0
network 172.16.0.0 0.0.0.3 area 0
  • Some cases
  • All routes need to be redistributed from one
    routing protocol to another.
  • Same metrics
  • Same external route type if applicable

98
Redistribution
1500 10 255 1 1500
1000 44 255 1 1500
100 4444 255 1 1500
E1
All other routes default E2
  • Other cases
  • Not all routes need to be redistributed.
  • Different metrics for different routes
  • Different external route types for different
    routes

99
Redistribution
Redistribution into EIGRP
redistribute protocol process-id as-number
metric bw delay reliability load mtu match
internal nssa-external external 1 external
2 tag tag-value route-map map-tag
Redistribution into OSPF
redistribute protocol process-id as-number
metric metric-value transparent
metric-type type-value match internal
external 1 external 2 nssa-external tag
tag-value route-map map-tag subnets
  • Route-maps
  • Tool for identifying routes to be treated
    differently.
  • Different metrics
  • Different external route types
  • Tagging a route to be used at another
    redistribution point
  • Filtered

100
  • To identify routes, route-maps use the match
    subcommand

route-map map-tag permit deny
sequence-number match
Can reference multiple numbered and named ACLs
on a single match command.
101
Redistribution and Route-maps
redistribute protocol route-map map-tag
route-map map-tag deny seq
deny action, the route is filtered (not
redistributed)
match ACL prefix-list
route-map map-tag permit seq
permit action, the route is redistributed set
is optional
match ACL prefix-list
set metric metric-type
ip access-list extended ACL
permit
ip prefix-list prefix-list
  • A route-map referenced by the redistribute
    command always attempts to filter routes.

102
Redistribution and Route-maps
set Command Description
set metric metric-value Sets the routes metric for OSPF, RIP, and IS-IS
set metric bandwidth delay reliability loading mtu Sets the EIGRP routes metric and MTU values
set metric-type type-1 type-2 Sets type of route for IS-IS and OSPF
set tag tag-value Sets the unitless tag value in the route
  • Optional set command For routes not filtered by
    the route-map, the route-map can set other values
    like the route's metric.

103
Current R2
R2-E-O Redistribution router eigrp 1
redistribute ospf 1 network 172.30.0.0
default-metric 1500 10 255 1 1500
auto-summary ! router ospf 1 router-id 1.1.1.1
log-adjacency-changes redistribute eigrp 1
subnets network 172.16.0.0 0.0.0.3 area 0
  • Current R2 Redistribution
  • Same metrics
  • Same external route type (All EIGRP routes are E2
    going into OSPF)

104
R1s routing table
R1-E show ip route D EX 172.17.0.0/16
170/2221056 via 172.30.0.2, 003057,
Serial0/0 172.16.0.0/16 is variably
subnetted, 11 subnets, 7 masks D EX
172.16.0.4/30 170/2221056 via 172.30.0.2,
003057, Serial0/0 D EX 172.16.0.0/30
170/2221056 via 172.30.0.2, 003057,
Serial0/0 D EX 172.16.1.0/24 170/2221056 via
172.30.0.2, 003057, Serial0/0 D EX
172.16.2.0/24 170/2221056 via 172.30.0.2,
003057, Serial0/0 D EX 172.16.104.0/27
170/2221056 via 172.30.0.2, 000042,
Serial0/0 D EX 172.16.105.0/28 170/2221056
via 172.30.0.2, 000033, Serial0/0 D EX
172.16.106.0/29 170/2221056 via 172.30.0.2,
000033, Serial0/0 D EX 172.16.107.0/30
170/2221056 via 172.30.0.2, 000023,
Serial0/0 D EX 172.16.101.0/24 170/2221056
via 172.30.0.2, 000113, Serial0/0 D EX
172.16.102.0/25 170/2221056 via 172.30.0.2,
000053, Serial0/0 D EX 172.16.103.0/26
170/2221056 via 172.30.0.2, 000043,
Serial0/0 C 172.31.0.0/16 is directly
connected, Loopback31 172.30.0.0/16 is
variably subnetted, 6 subnets, 3 masks C
172.30.2.0/24 is directly connected,
FastEthernet0/1 C 172.30.3.0/24 is directly
connected, Loopback0 C 172.30.0.0/30 is
directly connected, Serial0/0 D
172.30.0.0/16 is a summary, 004301, Null0 C
172.30.1.0/24 is directly connected,
FastEthernet0/0 C 172.30.4.0/24 is directly
connected, Loopback1
All OSPF routes redistributed into EIGRP with the
same metric.
105
R2s routing table
R2-E-O show ip route O 172.17.0.0/16
110/846 via 172.16.0.1, 000103, Serial0/1
172.16.0.0/16 is variably subnetted, 11 subnets,
7 masks O 172.16.0.4/30 110/845 via
172.16.0.1, 000103, Serial0/1 C
172.16.0.0/30 is directly connected, Serial0/1 O
172.16.1.0/24 110/782 via 172.16.0.1,
000103, Serial0/1 O 172.16.2.0/24
110/846 via 172.16.0.1, 000103, Serial0/1 O
172.16.104.0/27 110/846 via 172.16.0.1,
000103, Serial0/1 O 172.16.105.0/28
110/846 via 172.16.0.1, 000104, Serial0/1 O
172.16.106.0/29 110/846 via 172.16.0.1,
000104, Serial0/1 O 172.16.107.0/30
110/846 via 172.16.0.1, 000104, Serial0/1 O
172.16.101.0/24 110/846 via 172.16.0.1,
000104, Serial0/1 O 172.16.102.0/25
110/846 via 172.16.0.1, 000104, Serial0/1 O
172.16.103.0/26 110/846 via 172.16.0.1,
000104, Serial0/1 D 172.31.0.0/16
90/20640000 via 172.30.0.1, 004340,
Serial0/0 172.30.0.0/16 is variably
subnetted, 5 subnets, 2 masks D
172.30.2.0/24 90/20514560 via 172.30.0.1,
004340, Serial0/0 D 172.30.3.0/24
90/20640000 via 172.30.0.1, 004340,
Serial0/0 C 172.30.0.0/30 is directly
connected, Serial0/0 D 172.30.1.0/24
90/20514560 via 172.30.0.1, 004340,
Serial0/0 D 172.30.4.0/24 90/20640000 via
172.30.0.1, 004340, Serial0/0
Participates in EIGRP and OSPF.
106
R3s routing table
R3-O show ip route O 172.17.0.0/16 110/65
via 172.16.0.6, 000143, Serial0/2
172.16.0.0/16 is variably subnetted, 11 subnets,
7 masks C 172.16.0.4/30 is directly
connected, Serial0/2 C 172.16.0.0/30 is
directly connected, Serial0/1 C
172.16.1.0/24 is directly connected,
FastEthernet0/0 O 172.16.2.0/24 110/65
via 172.16.0.6, 000143, Serial0/2 O
172.16.104.0/27 110/65 via 172.16.0.6,
000143, Serial0/2 O 172.16.105.0/28
110/65 via 172.16.0.6, 000143, Serial0/2 O
172.16.106.0/29 110/65 via 172.16.0.6,
000144, Serial0/2 O 172.16.107.0/30
110/65 via 172.16.0.6, 000144, Serial0/2 O
172.16.101.0/24 110/65 via 172.16.0.6,
000144, Serial0/2 O 172.16.102.0/25
110/65 via 172.16.0.6, 000144, Serial0/2 O
172.16.103.0/26 110/65 via 172.16.0.6,
000144, Serial0/2 O E2 172.31.0.0/16 110/20
via 172.16.0.2, 000145, Serial0/1
172.30.0.0/16 is variably subnetted, 5 subnets, 2
masks O E2 172.30.2.0/24 110/20 via
172.16.0.2, 000145, Serial0/1 O E2
172.30.3.0/24 110/20 via 172.16.0.2, 000145,
Serial0/1 O E2 172.30.0.0/30 110/20 via
172.16.0.2, 000145, Serial0/1 O E2
172.30.1.0/24 110/20 via 172.16.0.2, 000145,
Serial0/1 O E2 172.30.4.0/24 110/20 via
172.16.0.2, 000145, Serial0/1
All EIGRP routes redistributed into OSPF with the
same metric and type E2.
107
R4s routing table
R4-0show ip route C 172.17.0.0/16 is
directly connected, FastEthernet0/1
172.16.0.0/16 is variably subnetted, 11 subnets,
7 masks C 172.16.0.4/30 is directly
connected, Serial0/0 O 172.16.0.0/30
110/128 via 172.16.0.5, 000238, Serial0/0 O
172.16.1.0/24 110/65 via 172.16.0.5,
000238, Serial0/0 C 172.16.2.0/24 is
directly connected, FastEthernet0/0 C
172.16.104.0/27 is directly connected,
Loopback104 C 172.16.105.0/28 is directly
connected, Loopback105 C 172.16.106.0/29 is
directly connected, Loopback106 C
172.16.107.0/30 is directly connected,
Loopback107 C 172.16.101.0/24 is directly
connected, Loopback101 C 172.16.102.0/25 is
directly connected, Loopback102 C
172.16.103.0/26 is directly connected,
Loopback103 O E2 172.31.0.0/16 110/20 via
172.16.0.5, 000240, Serial0/0
172.30.0.0/16 is variably subnetted, 5 subnets, 2
masks O E2 172.30.2.0/24 110/20 via
172.16.0.5, 000240, Serial0/0 O E2
172.30.3.0/24 110/20 via 172.16.0.5, 000240,
Serial0/0 O E2 172.30.0.0/30 110/20 via
172.16.0.5, 000240, Serial0/0 O E2
172.30.1.0/24 110/20 via 172.16.0.5, 000240,
Serial0/0 O E2 172.30.4.0/24 110/20 via
172.16.0.5, 000240, Serial0/0
All EIGRP routes redistributed into OSPF with the
same metric and type E2.
108
Configuring Route Filtering with Redistribution
109
Prefixes Action
172.16.101.0/24 deny
172.16.102.0/25 172.16.103.0/26 permit
172.16.104.0/27 172.16.105.0/28 deny
172.16.106.0/29 172.16.107.0/30 permit
  • Option1 Match of the routes to be filtered
    (denied), using extended IP ACLs, using a deny
    action so the routes are filtered.
  • Then use a permit clause with no match command to
    matching and allow all remaining routes to be
    redistributed.
  • Note This will also permit all other routes.

110
router eigrp 1 redistribute ospf 2 route-map
option1 route-map option1 deny 10 match ip
address match-101 route-map option1 deny 20
match ip address match-104-105 route-map option1
permit 100 ip access-list extended match-101
permit ip host 172.16.101.0 host
255.255.255.0 ip access-list extended
match-104-105 permit ip host 172.16.104.0 host
255.255.255.224 permit ip host 172.16.105.0 host
255.255.255.240
Match and Deny Permit all
Extended ACL compares the source IP address
parameter to the subnet number of the route, and
the destination IP address to the subnet mask of
the route.
  • Could be a single route-map and single ACL
  • Two statements because we will modify this later

The decision to filter a route or allow the route
through is based on the deny or permit in the
route-map command, and not the deny or permit in
the ACL or prefix list.
111
R2-E-O show ip route O 172.17.0.0/16
110/846 via 172.16.0.1, 003045, Serial0/1
172.16.0.0/16 is variably subnetted, 11 subnets,
7 masks O 172.16.0.4/30 110/845 via
172.16.0.1, 003045, Serial0/1 C
172.16.0.0/30 is directly connected, Serial0/1 O
172.16.1.0/24 110/782 via 172.16.0.1,
003045, Serial0/1 O 172.16.2.0/24
110/846 via 172.16.0.1, 003045, Serial0/1 O
172.16.104.0/27 110/846 via 172.16.0.1,
003045, Serial0/1 O 172.16.105.0/28
110/846 via 172.16.0.1, 003047, Serial0/1 O
172.16.106.0/29 110/846 via 172.16.0.1,
003047, Serial0/1 O 172.16.107.0/30
110/846 via 172.16.0.1, 003047, Serial0/1 O
172.16.101.0/24 110/846 via 172.16.0.1,
003047, Serial0/1 O 172.16.102.0/25
110/846 via 172.16.0.1, 003047, Serial0/1 O
172.16.103.0/26 110/846 via 172.16.0.1,
003047, Serial0/1 D 172.31.0.0/16
90/20640000 via 172.30.0.1, 003123,
Serial0/0 172.30.0.0/16 is variably
subnetted, 5 subnets, 2 masks D
172.30.2.0/24 90/20514560 via 172.30.0.1,
003123, Serial0/0 D 172.30.3.0/24
90/20640000 via 172.30.0.1, 003123,
Serial0/0 C 172.30.0.0/30 is directly
connected, Serial0/0 D 172.30.1.0/24
90/20514560 via 172.30.0.1, 003123,
Serial0/0 D 172.30.4.0/24 90/20640000 via
172.30.0.1, 003123, Serial0/0
All routes still in routing table
112
R2-E-O show ip eigrp top ltNon-redistributed
routes omittedgt P 172.16.0.4/30, 1 successors, FD
is 1709056 via Redistributed
(1709056/0) P 172.16.0.0/30, 1 successors, FD is
1709056 via Redistributed (1709056/0) P
172.17.0.0/16, 1 successors, FD is 1709056
via Redistributed (1709056/0) P 172.16.1.0/24, 1
successors, FD is 1709056 via
Redistributed (1709056/0) P 172.16.2.0/24, 1
successors, FD is 1709056 via
Redistributed (1709056/0) P 172.16.106.0/29, 1
successors, FD is 1709056 via
Redistributed (1709056/0) P 172.16.107.0/30, 1
successors, FD is 1709056 via
Redistributed (1709056/0) P 172.16.102.0/25, 1
successors, FD is 1709056 via
Redistributed (1709056/0) P 172.16.103.0/26, 1
successors, FD is 1709056 via
Redistributed (1709056/0)
Denied routes not redistributed into EIGRP.
113
R1-Eshow ip route D EX 172.17.0.0/16
170/2221056 via 172.30.0.2, 003219,
Serial0/0 172.16.0.0/16 is variably
subnetted, 8 subnets, 5 masks D EX
172.16.0.4/30 170/2221056 via 172.30.0.2,
003242, Serial0/0 D EX 172.16.0.0/30
170/2221056 via 172.30.0.2, 003252,
Serial0/0 D EX 172.16.1.0/24 170/2221056 via
172.30.0.2, 003242, Serial0/0 D EX
172.16.2.0/24 170/2221056 via 172.30.0.2,
003219, Serial0/0 D EX 172.16.106.0/29
170/2221056 via 172.30.0.2, 003219,
Serial0/0 D EX 172.16.107.0/30 170/2221056
via 172.30.0.2, 003220, Serial0/0 D EX
172.16.102.0/25 170/2221056 via 172.30.0.2,
003220, Serial0/0 D EX 172.16.103.0/26
170/2221056 via 172.30.0.2, 003220,
Serial0/0 C 172.31.0.0
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "CIS%20185%20CCNP%20ROUTE%20Ch.%204%20Manipulating%20Routing%20Updates%20Part%202" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!