Title: CIS%20185%20CCNP%20ROUTE%20Ch.%204%20Manipulating%20Routing%20Updates%20Part%202
1CIS 185 CCNP ROUTECh. 4 Manipulating Routing
UpdatesPart 2
- Rick Graziani
- Cabrillo College
- graziani_at_cabrillo.edu
- Last Updated Fall 2011
2Materials
- Book
- Implementing Cisco IP Routing (ROUTE) Foundation
Learning Guide Foundation learning for the ROUTE
642-902 Exam - By Diane Teare
- Book
- ISBN-10 1-58705-882-0
- ISBN-13 978-1-58705-882-0
- eBook
- ISBN-10 0-13-255033-4
- ISBN-13 978-0-13-255033-8
3Note
- There are 155 slides in this presentation
- But we will only be covering the first 80 or so. ?
4Controlling Routing Update Traffic
5- Routing updates are critical but compete with
user data for bandwidth and router resources. - To ensure that the network operates efficiently,
you must control and tune routing updates. - The following are some ways to control or prevent
dynamic routing updates from being generated - Passive interfacePrevents routing updates from
being sent out an interface. - Default routesCan limit or eliminate the need
for other routes. - Static routesCan limit or eliminate the need for
dynamically learned routes or give greater
control for specific routes. - Route mapsComplex access lists that allow
conditions to be tested and actions taken to
modify attributes of the packet or route. - Distribute listsA distribute list allows an
access list to be applied to routing updates. - Prefix listsA prefix list is a specialized
access list designed to filter routes.
6Route Maps
7Route Map Applications
- Several of the more common applications for route
maps are as follows - Route filtering during redistribution distribute
lists can be used for this purpose but route maps
offer additional features. - Policy-based routing (PBR)Sophisticated static
routes. - NATRoute maps can better control which private
addresses are translated to public addresses - BGPRoute maps are the primary tools for
implementing BGP policy (later chapter)
8- Route maps are like complex access lists that
allow some conditions to be tested against the
packet or route in question using match commands.
- If the conditions match
- Actions can be taken to modify attributes of the
packet or route - These actions are specified by set commands.
- BIG difference between route maps and ACLs
- Route map can modify the packet or route using
set commands
9Router(config) route-map map-tag permit deny
sequence-number
- A route map consists of multiple route map
statements. - Processed top-down, similar to an access list.
- The first match found for a route is applied.
- Sequence number Used for inserting or deleting
specific route map statements in a specific place
in the route map. - The default for the route-map command is
- permit
- sequence-number of 10
10Permit everything else
- Command match condition
- Defines the condition to be checked.
- Command set condition
- If there is a match and the action to be taken is
permit - Then set defines the action to be followed
- The consequences of a deny action depend on how
the route map is being used. - Like an ACL there is an implicit deny any at the
end of a route map. - A route map statement without any match commands
will be considered a match
11If (x or y or z) and (a) match then set b and
c Else If q matches then set r Else Set nothing
- A single match statement may contain multiple
conditions. - At least one condition in the match statement
must be true for that match statement to be
considered a match - Logical OR operation
- A route map statement may contain multiple match
statements. - All match statements in the route map statement
must be considered true for the route map
statement to be considered matched. - Logical AND operation
12Configuring Route Maps to Control Routing Updates
Redistributing into EIGRP
redistribute protocol process-id as-number
metric bw delay reliability load mtu match
internal nssa-external external 1 external
2 tag tag-value route-map map-tag
Redistributing into OSPF
redistribute protocol process-id as-number
metric metric-value transparent
metric-type type-value match internal
external 1 external 2 nssa-external tag
tag-value route-map map-tag subnets
- The redistribute commands all have a route-map
option with a map-tag parameter. - When used with the redistribute command
- A route map with permit indicates that the
matched route will be redistributed. - A route map with deny indicates that the matched
route will NOT be redistributed.
13- The match condition commands are used to define
the conditions to be checked. - Some of these commands are used for
- BGP policy
- PBR
- Redistribution filtering.
- http//www.cisco.com/en/US/tech/tk365/technologies
_tech_note09186a008047915d.shtml
14Partial List
- The set condition changes or add characteristics,
such as metrics, to any routes that have - met a match criterion
- the action to be taken is permit
- The consequences of a deny action depend on how
the route map is being used. - http//www.cisco.com/en/US/tech/tk365/technologies
_tech_note09186a008047915d.shtml
15Quick Introduction Policy Based Routing (PBR)
ExampleJeff Doyle, Routing TCP/IP Vol. IMore
later in Chapter 5
- Using PBR is the best way to understand how route
maps are configured, so here is a quick
introduction (more later on PBR in chapter 5) - Policy routes are nothing more than sophisticated
static routes. - Static routes forward a packet to a specified
next hop based on destination address of the
packet. - Policy routes can forward a packet to a specified
next hop based on the source of the packet. - Policy routes can also be linked to extended IP
access lists so that routing may be based on
protocol types and port numbers. - Like a static route, policy route influences the
routing only on the router on which it is
configured.
16Match Options (a sample)
- Router(config-route-map)match length min max
- Matches the Layer 3 length of the packet.
- Router(config-route-map) match ip address
access-list-number name ...access-list-number
name - Matches the source and destination IP address
that is permitted by one or more standard or
extended access lists. - If you do not specify a match command, the route
map applies to all packets.
17Set Options (a sample)
- Router(config-route-map)set ip precedence
number name - Sets precedence value in the IP header. You can
specify either the precedence number or name. - Router(config-route-map)set ip next-hop
ip-address ... ip-address - Sets next hop to which to route the packet (the
next hop must be adjacent). - Router(config-route-map)set interface
interface-type interface-number ... type number - Sets output interface for the packet.
- Router(config-route-map)set ip default next-hop
ip-address ...ip-address - Sets next hop to which to route the packet, if
there is no explicit route for this destination. - Router(config-route-map)set default interface
interface-type interface-number ... type
...number - Sets output interface for the packet, if there is
no explicit route for this destination.
18Jeff Doyles Peanuts ExampleSingle interface
example source IP address
- We want to implement a policy on Linus such that
- Traffic from 172.16.6.0/24 subnet is forwarded to
Lucy - Traffic from 172.16.7.0/24 subnet is forwarded to
Pigpen - All other traffic is routed normally
19Linus
- inter S0
- ip policy route-map Sally
- route-map Sally permit 10
- match ip address 1
- set ip next-hop 172.16.4.2
- route-map Sally permit 15
- match ip address 2
- set ip next-hop 172.16.4.3
- access-list 1 permit 172.16.6.0 0.0.0.255
- access-list 2 permit 172.16.7.0 0.0.0.255
Any packets that do no match 15, such as from
172.16.8.0/24 are routed normally.
20Jeff Doyles Peanuts ExampleSingle interface
example destination IP address
- Suppose we want to implement a policy on Linus
such that - Traffic to host 172.16.1.1 is forwarded to Lucy
- Traffic from 172.16.7.1 to host 172.16.1.2 is
forwarded to Pigpen - All other traffic is routed normally
21Linus
- inter S0
- ip policy route-map Sally
- route-map Sally permit 10
- match ip address 101
- set ip next-hop 172.16.4.2
- route-map Sally permit 15
- match ip address 102
- set ip next-hop 172.16.4.3
- access-list 101 permit ip any host 172.16.1.1
- access-list 102 permit ip host 172.16.7.1 host
172.16.1.2
Any packets that do no match 15 are routed
normally.
22Example
OSPF
RIPv2
10.0.0.0/8
10.1.0.0/16 metric500 E1
172.16.0.0/16 metric500 E1
All other networks metric5,000 E2
- Redistribute RIP routes into OSPF with the
following - 10.1.0.0/16 and 172.16.1.0/24 networks will be
redistributed into OSPF with a metric of 500 and
be E1 routes - 10.0.0.0/8 networks will not be redistributed
- All other routes will be redistributed into OSPF
with a metric of 5000 and be E2 routes
23Configuring Route Redistribution using Route Maps
- router ospf 1
- redistribute rip route-map redis-rip subnets
- route-map redis-rip permit 10
- match ip address 23 29
- set metric 500
- set metric-type 1
- route-map redis-rip deny 20
- match ip address 37
- route-map redis-rip permit 30
- set metric 5000
- set metric-type 2
- access-list 23 permit 10.1.0.0 0.0.255.255
- access-list 29 permit 172.16.1.0 0.0.0.255
- access-list 37 permit 10.0.0.0 0.255.255.255
10.1.0.0/16 and 172.16.1.0/24 networks will be
redistributed into OSPF with a metric of 500 and
be E1 routes
10.0.0.0/8 networks will not be redistributed
into OSPF
All other routes will be redistributed into OSPF
with a metric of 5000 and be E2 routes
The decision to filter a route or allow the route
through is based on the deny or permit in the
route-map command, and not the deny or permit in
the ACL or prefix list.
24Using Route Maps to Avoid Route Feedback
OSPF
RIPv2
A
192.168.1.0/24
0 E2 192.168.1.0/24
C
D
B
- Multi-point boundary routers may cause suboptimal
routing or routing loops. - RIPv2 on Router C advertises network 192.168.1.0.
- Routers A and B redistribute the network into
OSPF. - OSPF then advertises the route to its neighbor
OSPF routers as an OSPF external route. - The route passes through the OSPF AS and
eventually makes its way back to the other edge
router. - Router B (or A) then redistributes 192.168.1.0
from OSPF back into the original RIPv2 network
this is a routing feedback loop.
25router ospf 10 redistribute rip subnets router
rip redistribute ospf 10 route-map
OSPF_into_RIP route-map OSPF_into_RIP deny 10
match ip address 1 route-map OSPF_into_RIP
permit 20 access-list 1 permit 192.168.1.0
0.0.0.255
192.168.1.0/24 network will not be redistributed
into RIP
All other routes will be redistributed into RIP
- To prevent the routing feedback loop, a route map
called OSPF_into_RIP has been applied to Routers
A and B when redistributing OSPF routes into RIP. - The decision to filter a route or allow the route
through is based on the deny or permit in the
route-map command, and not the deny or permit in
the ACL or prefix list.
26Using Route Maps With Tags
router eigrp 100 redistribute rip metric 1000
100 255 1 1500 route-map into-eigrp route-map
into-eigrp deny 10 match tag 40 route-map
into-eigrp permit 20 set tag 20
- route tag A unitless 32-bit integer that most
routing protocols can assign to any given route. - Tag follows the route advertisement, even through
the redistribution process. - Another router may use an IOS tool such as
route-maps to match routes with a given route tag
to make a decision. - Can be used to help to solve the domain loop
problem.
27EIGRP
RIPv2
Tag 40
R1
Tag 20
Tag 40
172.16.0.0/16
10.0.0.0/8
R2
Tag 20
router eigrp 100 redistribute rip metric 1000
100 255 1 1500 route-map into-eigrp router rip
redistribute eigrp 100 metric 3 route-map
into-rip route-map into-eigrp permit 20 set
tag 20 route-map into-rip permit 20 set tag
40
- Routes redistributed into EIGRP are tagged with
the value 20 - Routes redistributed into RIP are tagged with the
value 40 - BUT BEFORE we tag and allow a route into the
domain we want to deny any routes that the other
router already tagged and allowed in from the
other domain.
28EIGRP
RIPv2
Tag 40
R1
X
Tag 40
Tag 40
172.16.0.0/16 11.0.0.0.0/8
10.0.0.0/8
R2
X
Tag 40
router eigrp 100 redistribute rip metric 1000
100 255 1 1500 route-map into-eigrp router rip
redistribute eigrp 100 metric 3 route-map
into-rip route-map into-eigrp deny 10 match
tag 40 route-map into-eigrp permit 20 set tag
20 route-map into-rip deny 10 match tag
20 route-map into-rip permit 20 set tag 40
Updates with the tag 40 are not allowed to go
back into EIGRP
All other updates get a tag 20 are allowed into
EIGRP
29EIGRP
RIPv2
X
Tag 20
R1
Tag 20
X
Tag 20
172.16.0.0/16
10.0.0.0/8
R2
11.0.0.0.0/8
Tag 20
router eigrp 100 redistribute rip metric 1000
100 255 1 1500 route-map into-eigrp router rip
redistribute eigrp 100 metric 3 route-map
into-rip route-map into-eigrp deny 10 match
tag 40 route-map into-eigrp permit 20 set tag
20 route-map into-rip deny 10 match tag
20 route-map into-rip permit 20 set tag 40
Updates with the tag 20 are not allowed to go
back into RIP
All other updates get a tag 40 are allowed into
RIP
30R3
11.0.0.0.0/8
- Notice that the route tags do not appear on the
routes within the R1 and R2 routers, because
these routers learn about all routes from both
RIP and EIGRP directly.
31R3
11.0.0.0.0/8
- However, show ip route output from router R3, an
internal router in the EIGRP network. - Notice that router R3 does see network 11.0.0.0
with a tag of 20 this tag is carried with the
route as R3 advertises it to other routers in the
EIGRP network, including R1 and R2. - When routers R1 and R2 see the tag of 20, they do
not redistribute the 11.0.0.0 route back into
RIP.
32Using Distribute Lists
33- Distribute lists are another way to control
routing updates. - Distribute list allow an access list to be
applied to routing updates. - distribute-list command allow updates to be
filtered based on factors including the
following - Incoming interface
- Outgoing interface
- Redistribution from another routing protocol
34Configuring Distribute Lists to Control Routing
Updates
- An implementation plan when planning to configure
distribute lists - Will it be used to permit or deny routes?
- Will it use an access list or a route map?
- Will it be applied to the inbound or outbound
updates?
35IP Route Filtering with Distribution List
Configuration Example
172.16.0.0
10.0.0.0
RouterB router eigrp 1 network 172.16.0.0
network 192.168.5.0 distribute-list 7 out
serial 0/0/0 access-list 7 permit 172.16.0.0
0.0.255.255
- distribute-list out command applies access list 7
to packets going out interface Serial 0/0/0. - The access list allows only routing information
about network 172.16.0.0 to be distributed out
Router Bs Serial 0/0/0 interface. - The implicit deny any at the end of the access
list prevents updates about any other networks
from being advertised. - As a result, network 10.0.0.0 is hidden.
36IP Route Filtering with Distribution List
Configuration Example
172.16.0.0
10.0.0.0
- RouterB
- router eigrp 1
- network 172.16.0.0
- network 192.168.5.0
- distribute-list 7 out serial 0/0/0
- access-list 7 deny 10.0.0.0 0.0.0.255
- access-list 7 permit any
- Same result.
- More efficient if there were multiple networks to
redistribute but only the 10.0.0.0 needed
filtering.
37Controlling Redistribution with Distribute Lists
OSPF
RIPv2
s0/0/1
s0/0/3
10.8.0.0/16 10.9.0.0/16 10.10.0.0/16 10.11.0.0/16
B
10.1.0.0/16 10.2.0.0/16 10.3.0.0/16
A
C
10.0.0.0/30
10.0.0.8/30
D
- A distribute list helps prevent route feedback
and routing loops. - Router B redistributes networks 10.1.0.0 to
10.3.0.0 from RIPv2 into OSPF. - Route feedback could occur when Router D
redistributes those same networks back into RIP. - We will use two access lists, one for each
redistribution direction. - Just to show two ways of doing the same thing we
will use - an ACL with deny (one direction)
- and
- an ACL with a permit (the other direction)
38Denies 10.8.0.0 10.11.0.0 All other networks
permitted
RouterB (Router D would be similar)
router ospf 1 network 10.0.0.8 0.0.0.3 area 0
redistribute rip subnets distribute-list 2 out
rip router rip network 10.0.0.0 version 2
passive-interface serial 0/0/3 redistribute
ospf 1 metric 5 distribute-list 3 out ospf
1 access-list 2 deny 10.8.0.0 0.3.255.255 access-
list 2 permit any access-list 3 permit 10.8.0.0
0.3.255.255
10.8.0.0 to 10.11.0.0, originated by OSPF, are
not redistributed back into OSPF from RIPv2.
All other routes are redistributed into OSPF.
Denies the original OSPF routes (10.8.0.0
through 10.11.0.0) and permits all others
39Permits 10.8.0.0 10.11.0.0 All other networks
denied
RouterD (Router B would be similar)
router ospf 1 network 10.0.0.8 0.0.0.3 area 0
redistribute rip subnets distribute-list 2 out
rip router rip network 10.0.0.0 version 2
passive-interface serial 0/0/3 redistribute
ospf 1 metric 5 distribute-list 3 out ospf
1 access-list 2 deny 10.8.0.0 0.3.255.255 access-
list 2 permit any access-list 3 permit 10.8.0.0
0.3.255.255
Only permits routes 10.8.0.0 through 10.11.0.0 to
be redistributed into RIPv2.
Permits OSPF networks (10.8.0.0 through
10.11.0.0) and denies all others
40ACL Ranges
R3(config) access-list 2 deny 10.8.0.0
0.3.255.255 Low end 10. 8. 0. 0
Wildcard mask 0. 3.255.255
---------------- High end 10.11.255.255
- Its easy!
- Start with the addresses in ACL which is the low
end 10.8.0.0 - Add the wildcard mask 0.3.255.255
- The result is the high end of the range!
- ACL range 10.11.255.255 through 10.11.255.255
41ACL Ranges
R3(config) access-list 2 deny 10.17.32.0
0.0.7.255 Low end 10.17.32.0 Wildcard
mask 0. 0. 7.255
-------------- High end 10.17.39.255
- Its easy!
- Start with the addresses in ACL which is the low
end 10.17.32.0 - Add the wildcard mask 0.0.7.255
- The result is the high end of the range!
- ACL range 10.17.32.0 through 10.17.39.255
42Using Prefix Lists
43Route Filtering
Distribute-List
Route-map
ACL
Prefix-List
- Distribute lists as route filters has several
drawbacks, including - A subnet mask cannot be easily matched.
- Access-lists are evaluated sequentially for every
IP prefix in the routing update. - An extended access-lists can be cumbersome to
configure. - Note Distribute-list with a route map is a
special case for OSPF - http//www.cisco.com/en/US/docs/ios/12_0s/feature/
guide/routmap.html
44- Advantages of using prefix lists
- Significant performance improvement over access
lists in loading and route lookup of large lists.
(Uses a tree structure) - Support for incremental modifications.
- You can add and remove individual lines without
removing the entire list. - A more user-friendly command-line interface.
- Greater flexibility.
- Routers can match network numbers in a routing
update against the prefix-list using as many bits
as indicated. - Routers can specify the size of the subnet mask,
or that the subnet mask must be in a specified
range.
45Prefix-list concepts
ip prefix-list list-name seq seq-value deny
permit prefix/prefix-lengthge ge-value le
le-value
- The route prefix (the subnet address)
- The prefix length (the subnet mask)
- Each command has a permit or deny action
- Only used for matching routes.
- Not used for packet filtering.
- Just implies whether a route is matched (permit)
or not (deny). - Sequence numbers are used for the insertion and
deletion of individual commands.
46Prefix-list Concepts
ip prefix-list list-name seq seq-value deny
permit prefix/prefix-lengthge ge-value le
le-value
- Prefix-list Logic
- The routes prefix must be within the range of
addresses implied by the prefix-list commands
prefix/prefix-length parameters. - The routes prefix length must match the range of
prefixes implied by the prefix-list command's
prefix-length, ge, and le parameters. - What???
47Prefix-list concepts
ip prefix-list list-name seq seq-value deny
permit prefix/prefix-lengthge ge-value le
le-value
- Examining the Prefix
- prefix/prefix-length
- Prefix Address to be used for matching.
- Prefix length How much of the address must
match. - 10.0.0.0/8
- Any number (address) whose first 8 bits (/8)
match 10.0.0.0. - Examples coming soon!
48Prefix-list concepts
ip prefix-list list-name seq seq-value deny
permit prefix/prefix-lengthge ge-value le
le-value
- Examining the Prefix Length
- Blank Exact match.
- ge ge-value Subnet mask must be at least this
length up to /32. - le le-value Subnet mask must be this length or
less, but at least the length of the
prefix-length. - ge ge-value le le-value Subnet mask must fall
within this range - The ge value must be larger than the configured
prefix length in the base part of the command. - ip prefix-list list1 permit 1.0.0.0/8 ge 7 would
be rejected - The ge value (7) is less than the configured
prefix-length (/8). - Examples coming next!
49Match the Prefix List with the appropriate routes
1. 10.0.0.0/8 2. 10.128.0.0/9 3.
10.1.1.0/24 4. 10.1.2.0/24 5.
10.128.10.4/30 6. 10.128.10.8/30
- 10.0.0.0/8
- Routes matched 1
- Reason Without ge or le configured, both the
prefix (10.0.0.0) and length (8) must be an exact
match.
ip prefix-list list-name seq seq-value deny
permit prefix/prefix-length ge ge-value
le le-value
50Match the Prefix List with the appropriate routes
1. 10.0.0.0/8 2. 10.128.0.0/9 3.
10.1.1.0/24 4. 10.1.2.0/24 5.
10.128.10.4/30 6. 10.128.10.8/30
- 10.0.0.0/8 ge 9
- Routes matched 2 - 6
- Reason The 10.0.0.0/8 means all routes whose
first octet is 10. The prefix length must be
between 9 and 32, inclusive.
ip prefix-list list-name seq seq-value deny
permit prefix/prefix-length ge ge-value
le le-value
51Match the Prefix List with the appropriate routes
1. 10.0.0.0/8 2. 10.128.0.0/9 3.
10.1.1.0/24 4. 10.1.2.0/24 5.
10.128.10.4/30 6. 10.128.10.8/30
- 10.0.0.0/8 ge 24 le 24
- Routes matched 3, 4
- Reason The 10.0.0.0/8 means all routes whose
first octet is 10, and the prefix range is 24 to
24 meaning only routes with prefix length 24.
ip prefix-list list-name seq seq-value deny
permit prefix/prefix-length ge ge-value
le le-value
52Match the Prefix List with the appropriate routes
1. 10.0.0.0/8 2. 10.128.0.0/9 3.
10.1.1.0/24 4. 10.1.2.0/24 5.
10.128.10.4/30 6. 10.128.10.8/30
- 10.0.0.0/8 le 28
- Routes matched 1 - 4
- Reason The prefix length needs to be between 8
and 28, inclusive.
ip prefix-list list-name seq seq-value deny
permit prefix/prefix-length ge ge-value
le le-value
53Match the Prefix List with the appropriate routes
1. 10.0.0.0/8 2. 10.128.0.0/9 3.
10.1.1.0/24 4. 10.1.2.0/24 5.
10.128.10.4/30 6. 10.128.10.8/30
- 0.0.0.0/0
- Routes matched none
- Reason
- 0.0.0.0/0 means match all prefixes.
- Because no le nor ge parameter is configured, the
/0 also means that the prefix length must be
exactly 0. - Only a default route would match this prefix
list.
ip prefix-list list-name seq seq-value deny
permit prefix/prefix-length ge ge-value
le le-value
54Match the Prefix List with the appropriate routes
1. 10.0.0.0/8 2. 10.128.0.0/9 3.
10.1.1.0/24 4. 10.1.2.0/24 5.
10.128.10.4/30 6. 10.128.10.8/30
- 0.0.0.0/0 le 32
- Routes matched All
- Reason
- The range implied by 0.0.0.0/0 is all IPv4
addresses. - The le 32 then implies any prefix length between
0 and 32, inclusive. - This is the syntax for match all prefix list
logic.
ip prefix-list list-name seq seq-value deny
permit prefix/prefix-length ge ge-value
le le-value
55Filtering with Prefix Lists
ip prefix-list list-name seq seq-value deny
permit prefix/prefix-lengthge ge-value le
le-value
- We will use examples to see how this works!
- Whether a prefix is permitted or denied is based
on the following rules - An empty prefix list permits all prefixes.
- If a prefix is permitted, the route is used.
- If a prefix is denied, the route is not used.
- Prefix lists consist of statements with sequence
numbers. - The router begins the search for a match at the
top of the prefix list, which is the statement
with the lowest sequence number. - When a match occurs, the router does not need to
go through the rest of the prefix list. - For efficiency, you might want to put the most
common matches (permits or denies) near the top
of the list (lower sequence number). - An implicit deny is assumed if a given prefix
does not match any entries in a prefix list.
56Configuring Prefix Lists
ip prefix-list list-name seq seq-value deny
permit prefix/prefix-lengthge ge-value le
le-value
57s0/0/0
- Permit 10.0.0.0 through 10.3.0.0 to be
redistributed from RIP into OSPF. - Permit 10.8.0.0 through 10.11.0.0 to be
redistributed from OSPF into RIP.
5810.0.0.0/14 First 14 bits must be 00001010.000000
xxx 10.4.0.0 and higher would not be a match
00001010.000001xxx
s0/0/0
router ospf 1 network 10.0.0.8 0.0.0.0 area 0
redistribute rip route-map intoOSPF
subnets router rip network 10.0.0.0 version
2 passive-interface serial 0/0/0 redistribute
ospf 1 route-map intoRIP metric 5 route-map
intoOSPF permit 10 match ip address prefix-list
PFX1 route-map intoRIP permit 10 match ip
address prefix-list PFX2 ip prefix-list PFX1
permit 10.0.0.0/14 ip prefix-list PFX2 permit
10.8.0.0/14
Uses prefix list PFX1 this permits 10.0.0.0/14,
which includes 10.0.0.0 through 10.3.0.0
Uses prefix list PFX2 this permits 10.8.0.0/14,
which includes 10.8.0.0 through 10.11.0.0
Network/Length must be an exact match
59Two methods for controlling routing updates
- You can apply a combination of prefix-lists,
distribute-lists, and route-maps on incoming or
outgoing information, or both.
60OSPF
EIGRP
192.168.253.0/24
.1
.1
192.168.2.0/24
.1
R1
.1
R3
10.2.7.0/24
10.3.7.0/24
.1
.2
.2
192.168.254.0/24
R2
192.168.1.0/24
.1
- R1 is redistributing EIGRP into OSPF
- R2 redistributing OSPF into EIGRP
- Notice that there are links between R1 and R2,
one in OSPF and one in EIGRP.
61AD 170
AD 110
AD 170
AD 170 Better Metric
- R3 injects 192.168.254.0 and 192.168.253.0 into
EIGRP (AD 170) - R1 translates those EIGRP advertisements into
OSPF (AD 110), with a specified seed metric. - These OSPF advertisements are translated back
into EIGRP by router R2 (AD 170). - However, as we shall see, the resulting metric is
better than the one advertised by R3, so R1
determines that the best path to R3's loopback
address is via R2. - We shall also see that there is a routing loop in
this network.
62AD 170
AD 170 Better Metric
- R1 is learning about this route from router R2,
10.3.7.2, instead of directly from router R3. - This is suboptimal routing..
63AD 170
AD 170 Better Metric
- Notice the routing loop between R1 and R2.
- This network has a routing loop as well as
suboptimal routing.
64- The metric via R2 (28160), is much lower than the
metric via R3 (2297856). - This is why R1 chooses the path via R2 instead of
via R3. - However, the path via R2 is the redistributed
route from OSPF, and the route was redistributed
into OSPF by R1. - The result is the routing loop and suboptimal
routing.
65- We confirm this by examining R2's routing table
entry for 192.168.254.0 - Notice that this route is known by OSPF.
- Also notice that this route is being
redistributed into EIGRP, and a seed metric of
10000000 0 255 1 500 is specified. - It seems that R1 views this seed metric as better
than R3's metric for the 192.168.254.0 network.
66Tag 1000 AD 170
AD 170
X
AD 170 Tag 1000
- Goal
- Have all EIGRP routers use R3 to forward traffic
to the 192.168.253.0 and 192.168.254.0 networks - Process
- At R1/R2 Tag 1000 to 192.168.253.0 and
192.168.254.0 networks as they are redistributed
into OSPF - At R1/R2 Deny all routes with a Tag of 1000 as
they are redistributed into EIGRP - This will ensure that EIGRP routers only have the
route to R3 for the 192.168.253.0 and
192.168.254.0 networks in their routing tables.
67SETTAG
s0/0/0
s0/0/0
MATCHTAG
- R1(config) router ospf 1
- R1(config-router) redistribute eigrp 1 metric 4
subnets route-map SETTAG - R1(config) router eigrp 1
- R1(config-router) redistribute ospf 1 metric 100
100 125 125 1500 match external 1 external 2
route-map MATCHTAG - R1(config) route-map SETTAG permit 10
- R1(config-route-map) match ip address prefix-list
EXTERNAL - R1(config-route-map) set tag 1000
- R1(config-route-map) exit
- R1(config) route-map SETTAG permit 20
- R1(config-route-map) exit
- R1(config) route-map MATCHTAG deny 10
- R1(config-route-map) match tag 1000
- R1(config-route-map) exit
- R1(config) route-map MATCHTAG permit 20
- R1(config) ip prefix-list EXTERNAL seq 5 permit
192.168.253.0/24 le 32
68SETTAG
Used two tags, one for each redistribution
direction.
s0/0/0
MATCHTAG
- R1(config) router ospf 1
- R1(config-router) redistribute eigrp 1 metric 4
subnets route-map SETTAG - R1(config) router eigrp 1
- R1(config-router) redistribute ospf 1 metric 100
100 125 125 1500 match external 1 external 2
route-map MATCHTAG - R1(config) route-map SETTAG permit 10
- R1(config-route-map) match ip address prefix-list
EXTERNAL - R1(config-route-map) set tag 1000
- R1(config-route-map) exit
- R1(config) route-map SETTAG permit 20
- R1(config-route-map) exit
- R1(config) route-map MATCHTAG deny 10
- R1(config-route-map) match tag 1000
- R1(config-route-map) exit
- R1(config) route-map MATCHTAG permit 20
- R1(config) ip prefix-list EXTERNAL seq 5 permit
192.168.253.0/24 le 32
69Verify
70 71- No Feasible Successor because the route was
denied. - Didnt even have a chance to try.
72- Type-5 LSA (192.168.254.0) has a Tag of 1000
73- Notice the hit counts for each sequence number in
the prefix list in the command output, indicating
how many times the prefix list matched the
networks.
74Alternative Approach
TAGS
Tag 1000 AD 170
AD 170
X
AD 170 Tag 1000
s0/0/0
TAGS
- R1(config) router ospf 1
- R1(config-router) redistribute eigrp 1 metric 4
subnets route-map TAGS - R1(config) router eigrp 1
- R1(config-router) redistribute ospf 1 metric
1000000 0 255 1 800 route-map TAGS - R1(config) route-map TAGS deny 10
- R1(config-route-map) match tag 1000
- R1(config-route-map) exit
- R1(config) route-map TAGS permit 20
- R1(config-route-map) set tag 1000
- An alternative, simpler, configuration for the R1
and R2 routers - This configuration uses only one route map, TAGS,
applied to both OSPF and EIGRP redistribution. - The route map
- Denies (does not redistribute) routes that are
tagged - Permits (redistributes) all other routes after
setting their tag
75Alternative Approach
Tag 1000 AD 170
AD 170
X
AD 170 Tag 1000
- We solved the routing loop problem however we
still have suboptimal routing
76Alternative Approach
Tag 1000 AD 170
AD 170
X
AD 170 Tag 1000
- Comparing the routing tables of R1 and R2 for the
192.168.254.0 network - Notice the administrative distance of the routes.
- R2 is learns the route from R1 with an
administrative distance of 110 (from OSPF). - R2 also learns the route from R3, just as R1
does, with an administrative distance of 170
(from external EIGRP). - R2 chooses the route with the lowest
administrative distance, and therefore chooses
the route via R1
77Alternative Approach
Tag 1000 AD 170
AD 170
X
AD 170 Tag 1000
- The trace output confirms the route R2 is taking.
78Alternative Approach
TAGS
Tag 1000 AD 180
AD 170
X
AD 170 Tag 1000
s0/0/0
TAGS
- R1(config) router ospf 1
- R1(config-router) redistribute eigrp 1 metric 4
subnets route-map TAGS - R1(config-router) distance ospf external 180
- R1(config) router eigrp 1
- R1(config-router) redistribute ospf 1 metric
1000000 0 255 1 800 route-map TAGS - R1(config) route-map TAGS deny 10
- R1(config-route-map) match tag 1000
- R1(config-route-map) exit
- R1(config) route-map TAGS permit 20
- R1(config-route-map) set tag 1000
- distance ospf external 180 command in OSPF
configuration mode results in the following,
assuming all other AD values default - OSPF internal AD 110 lt EIGRP external AD 180
- EIGRP external AD 170 lt EIGRP -gt OSPF external AD
180 - R2 to R3 is now the preferred route
79A few more samples if you care to review the rest
of the slides
80Prefixes Action
172.16.101.0/24 deny
172.16.102.0/25 172.16.103.0/26 permit
172.16.104.0/27 172.16.105.0/28 deny
172.16.106.0/29 172.16.107.0/30 permit
- Option1 Match of the routes to be filtered
(denied), using extended IP ACLs, using a deny
action so the routes are filtered. - Then use a permit clause with no match command to
matching and allow all remaining routes to be
redistributed. - Note This will also permit all other routes.
81router eigrp 1 redistribute ospf 2 route-map
option1 route-map option1 deny 10 match ip
address match-101 route-map option1 deny 20
match ip address match-104-105 route-map option1
permit 100 ip access-list extended match-101
permit ip host 172.16.101.0 host
255.255.255.0 ip access-list extended
match-104-105 permit ip host 172.16.104.0 host
255.255.255.224 permit ip host 172.16.105.0 host
255.255.255.240
Match and Deny Permit all
Extended ACL compares the source IP address
parameter to the subnet number of the route, and
the destination IP address to the subnet mask of
the route. Could have used standard ACL subnet
and wildcard mask
- Could be a single route-map and single ACL
- Two statements because we will modify this later
The decision to filter a route or allow the route
through is based on the deny or permit in the
route-map command, and not the deny or permit in
the ACL or prefix list.
821500 10 255 1 1500
1000 44 255 1 1500
100 4444 255 1 1500
Prefixes Action Metric (Bandwidth, delay, reliability, load, MTU)
172.16.101.0 permit Default 1500 10 255 1
172.16.102.0 172.16.103.0 permit 1000 44 255 1 1500
172.16.104.0 172.16.105.0 permit Default 1500 10 255 1
172.16.106.0 172.16.107.0 permit 100 4444 255 1 1500
All others permit 1500 10 255 1 1500
- Redistribution from OSPF into EIGRP.
- This time all routes will be redistributed.
- But now the metrics of the allowed routes will be
set differently as listed in the table . - We will need at least three clauses one for each
set of routes for which the metric should differ.
831500 10 255 1 1500
1000 44 255 1 1500
100 4444 255 1 1500
router eigrp 1 default-metric 1500 10 255 1
1500 redistribute ospf 1 route-map
set-metric route-map set-metric permit 10 match
ip address prefix-list match-102-103 set metric
1000 44 255 1 1500 route-map set-metric permit
20 match ip address prefix-list match-106-107
set metric 100 4444 255 1 1500 route-map
set-metric permit 30 ip prefix-list
match-102-103 seq 5 permit 172.16.102.0/23 ge 25
le 26 ip prefix-list match-106-107 seq 5 permit
172.16.106.0/23 ge 29 le 30
Match, Permit, Set Metric Match, Permit, Set
Metric Permit All (default-metric)
84All other routes default E2
E1
- When redistributing into OSPF, IOS automatically
sets the external route type to external type 2
(E2). - However, we want the 172.31.0.0/16 route to have
the external type 2 (E2)
85All other routes default E2
E1
router ospf 1 redistribute eigrp 1 route-map
set-external subnets route-map set-external 10
match ip address prefix-list match-172-31 set
metric-type type-1 route-map set-external 20 ip
prefix-list match-172-31 seq 5 permit
172.31.0.0/16
Permits all other routes but leaves external
route type as the default E2.
- When redistributing into OSPF, IOS can set the
type to E1 or E2 by using the set metric-type
type-1 type-2 route-map subcommand.
86We will end here but here are some additional
examplesfor your enjoyment (FYI)
87Highly Recommended
- This presentation is based on the approach from
Wendell Odoms book, BSCI Exam Certification
Guide (Cisco Press). - For anyone wishing to take this exam and/or get
additional information, this book is highly
recommended.
88Distribute-list (review)
89Distribute Lists and Prefix Lists
Distribute List
Route-Map
ACL
Prefix-List
- Prefix-list uses a distribute-list router
subcommand. - Another tool for matching routes.
- Can examine both the prefix (network address) and
the prefix length (subnet mask). - Or a range of ether
- ACLs matched only the prefix of the route (subnet
number), IP prefix lists always examine both the
prefix and prefix length.
90Verifying - BEFORE Distribute List
R4 show ip route include 10. 10.0.0.0/8 is
variably subnetted, 8 subnets, 4 masks D
10.0.0.8/30 90/2681856 via 10.0.0.13, 000628,
Ser0/0 C 10.0.0.12/30 is directly connected,
Serial0/0 D 10.0.0.0/30 90/3193856 via
10.0.0.13, 000628, Ser0/0 D 10.0.0.4/30
90/2681856 via 10.0.0.13, 000628, Ser0/0 D
10.17.35.0/25 90/2684416 via 10.0.0.13,
000615, Ser0/0 D 10.17.34.0/24
90/2684416 via 10.0.0.13, 000304, Ser0/0 D
10.17.32.0/23 90/2684416 via 10.0.0.13,
000558, Ser0/0 D 10.17.36.0/26
90/2172416 via 10.0.0.13, 000628, Ser0/0 D
10.17.36.64/26 90/2172416 via 10.0.0.13,
000628,Ser0/0
- Notice the option with the pipe!
91Verifying BEFORE Distribute List
R4 show ip route include 10.17 D
10.17.35.0/25 90/2684416 via 10.0.0.13,
000416, Ser0/0 D 10.17.34.0/24 90/2684416
via 10.0.0.13, 000304, Ser0/0 D
10.17.32.0/23 90/2684416 via 10.0.0.13,
000359, Ser0/0 D 10.17.36.0/26 90/2172416
via 10.0.0.13, 000429, Ser0/0 D
10.17.36.64/26 90/2172416 via 10.0.0.13,
000429,Ser0/0
92Distribute List
R3(config) router eigrp 1 R3(config-router)
distribute-list 2 out ser 0/2 R3(config)
access-list 2 deny 10.17.32.0 0.0.7.255 R3(config)
access-list 2 permit any 013134
DUAL-5-NBRCHANGE IP-EIGRP 1 Neighbor 10.0.0.14
(Serial0/2) is down route configuration
changed 013138 DUAL-5-NBRCHANGE IP-EIGRP 1
Neighbor 10.0.0.14 (Serial0/2) is up new
adjacency
- This distribute list filters all EIGRP updates
for the LANs, 10.17.32.0 through 10.17.36.64,
going to R4.
93Verifying Distribute List - AFTER
R4 show ip route 172.16.0.0/24 is
subnetted, 2 subnets C 172.16.1.0 is
directly connected, FastEthernet0/0 C
172.16.2.0 is directly connected,
FastEthernet0/1 10.0.0.0/30 is subnetted, 4
subnets D 10.0.0.8 90/2681856 via
10.0.0.13, 000126, Serial0/0 C 10.0.0.12
is directly connected, Serial0/0 D 10.0.0.0
90/3193856 via 10.0.0.13, 000126, Serial0/0 D
10.0.0.4 90/2681856 via 10.0.0.13,
000126, Serial0/0
- Only has serial 10 networks which were not in
the range ACL range 10.17.32.0 through
10.17.36.64
94Verifying Distribute List - AFTER
R4 show ip route include 10.17 R4 R1 show
ip route include 10.17 D 10.17.35.0/25
90/2172416 via 10.0.0.2, 002550, Ser0/0 C
10.17.34.0/24 is directly connected,
FastEthernet0/1 C 10.17.32.0/23 is directly
connected, FastEthernet0/0 D 10.17.36.0/26
90/2172416 via 10.0.0.6, 002550, Ser0/1 D
10.17.36.64/26 90/2172416 via 10.0.0.6,
002550,Ser0/1 R1
- R4 does not have any of the 10.17 routes.
- R1 still has all the routes, including the
10.17 routes.
95Redistribution into EIGRP
96Our Topology
OSPF 1
EIGRP 1
- R2-E-O is running
- EIGRP for 172.30.0.0 network
- OSPF for 172.6.0.0 network
- No longer using 192.168.1.0 or 10.0.0.0, R2s
directly connected networks, from previous
presentation. - Additional networks on R4.
97Redistribution Part 1
R2 summary router eigrp 1 redistribute
connected redistribute ospf 1 network
172.30.0.0 default-metric 1000 33 255 1 1500
auto-summary ! router ospf 1 redistribute
connected redistribute eigrp 1 subnets
metric-type 1 network 10.0.0.0 0.0.0.255 area 0
network 172.16.0.0 0.0.0.3 area 0
- Some cases
- All routes need to be redistributed from one
routing protocol to another. - Same metrics
- Same external route type if applicable
98Redistribution
1500 10 255 1 1500
1000 44 255 1 1500
100 4444 255 1 1500
E1
All other routes default E2
- Other cases
- Not all routes need to be redistributed.
- Different metrics for different routes
- Different external route types for different
routes
99Redistribution
Redistribution into EIGRP
redistribute protocol process-id as-number
metric bw delay reliability load mtu match
internal nssa-external external 1 external
2 tag tag-value route-map map-tag
Redistribution into OSPF
redistribute protocol process-id as-number
metric metric-value transparent
metric-type type-value match internal
external 1 external 2 nssa-external tag
tag-value route-map map-tag subnets
- Route-maps
- Tool for identifying routes to be treated
differently. - Different metrics
- Different external route types
- Tagging a route to be used at another
redistribution point - Filtered
100- To identify routes, route-maps use the match
subcommand
route-map map-tag permit deny
sequence-number match
Can reference multiple numbered and named ACLs
on a single match command.
101Redistribution and Route-maps
redistribute protocol route-map map-tag
route-map map-tag deny seq
deny action, the route is filtered (not
redistributed)
match ACL prefix-list
route-map map-tag permit seq
permit action, the route is redistributed set
is optional
match ACL prefix-list
set metric metric-type
ip access-list extended ACL
permit
ip prefix-list prefix-list
- A route-map referenced by the redistribute
command always attempts to filter routes.
102Redistribution and Route-maps
set Command Description
set metric metric-value Sets the routes metric for OSPF, RIP, and IS-IS
set metric bandwidth delay reliability loading mtu Sets the EIGRP routes metric and MTU values
set metric-type type-1 type-2 Sets type of route for IS-IS and OSPF
set tag tag-value Sets the unitless tag value in the route
- Optional set command For routes not filtered by
the route-map, the route-map can set other values
like the route's metric.
103Current R2
R2-E-O Redistribution router eigrp 1
redistribute ospf 1 network 172.30.0.0
default-metric 1500 10 255 1 1500
auto-summary ! router ospf 1 router-id 1.1.1.1
log-adjacency-changes redistribute eigrp 1
subnets network 172.16.0.0 0.0.0.3 area 0
- Current R2 Redistribution
- Same metrics
- Same external route type (All EIGRP routes are E2
going into OSPF)
104R1s routing table
R1-E show ip route D EX 172.17.0.0/16
170/2221056 via 172.30.0.2, 003057,
Serial0/0 172.16.0.0/16 is variably
subnetted, 11 subnets, 7 masks D EX
172.16.0.4/30 170/2221056 via 172.30.0.2,
003057, Serial0/0 D EX 172.16.0.0/30
170/2221056 via 172.30.0.2, 003057,
Serial0/0 D EX 172.16.1.0/24 170/2221056 via
172.30.0.2, 003057, Serial0/0 D EX
172.16.2.0/24 170/2221056 via 172.30.0.2,
003057, Serial0/0 D EX 172.16.104.0/27
170/2221056 via 172.30.0.2, 000042,
Serial0/0 D EX 172.16.105.0/28 170/2221056
via 172.30.0.2, 000033, Serial0/0 D EX
172.16.106.0/29 170/2221056 via 172.30.0.2,
000033, Serial0/0 D EX 172.16.107.0/30
170/2221056 via 172.30.0.2, 000023,
Serial0/0 D EX 172.16.101.0/24 170/2221056
via 172.30.0.2, 000113, Serial0/0 D EX
172.16.102.0/25 170/2221056 via 172.30.0.2,
000053, Serial0/0 D EX 172.16.103.0/26
170/2221056 via 172.30.0.2, 000043,
Serial0/0 C 172.31.0.0/16 is directly
connected, Loopback31 172.30.0.0/16 is
variably subnetted, 6 subnets, 3 masks C
172.30.2.0/24 is directly connected,
FastEthernet0/1 C 172.30.3.0/24 is directly
connected, Loopback0 C 172.30.0.0/30 is
directly connected, Serial0/0 D
172.30.0.0/16 is a summary, 004301, Null0 C
172.30.1.0/24 is directly connected,
FastEthernet0/0 C 172.30.4.0/24 is directly
connected, Loopback1
All OSPF routes redistributed into EIGRP with the
same metric.
105R2s routing table
R2-E-O show ip route O 172.17.0.0/16
110/846 via 172.16.0.1, 000103, Serial0/1
172.16.0.0/16 is variably subnetted, 11 subnets,
7 masks O 172.16.0.4/30 110/845 via
172.16.0.1, 000103, Serial0/1 C
172.16.0.0/30 is directly connected, Serial0/1 O
172.16.1.0/24 110/782 via 172.16.0.1,
000103, Serial0/1 O 172.16.2.0/24
110/846 via 172.16.0.1, 000103, Serial0/1 O
172.16.104.0/27 110/846 via 172.16.0.1,
000103, Serial0/1 O 172.16.105.0/28
110/846 via 172.16.0.1, 000104, Serial0/1 O
172.16.106.0/29 110/846 via 172.16.0.1,
000104, Serial0/1 O 172.16.107.0/30
110/846 via 172.16.0.1, 000104, Serial0/1 O
172.16.101.0/24 110/846 via 172.16.0.1,
000104, Serial0/1 O 172.16.102.0/25
110/846 via 172.16.0.1, 000104, Serial0/1 O
172.16.103.0/26 110/846 via 172.16.0.1,
000104, Serial0/1 D 172.31.0.0/16
90/20640000 via 172.30.0.1, 004340,
Serial0/0 172.30.0.0/16 is variably
subnetted, 5 subnets, 2 masks D
172.30.2.0/24 90/20514560 via 172.30.0.1,
004340, Serial0/0 D 172.30.3.0/24
90/20640000 via 172.30.0.1, 004340,
Serial0/0 C 172.30.0.0/30 is directly
connected, Serial0/0 D 172.30.1.0/24
90/20514560 via 172.30.0.1, 004340,
Serial0/0 D 172.30.4.0/24 90/20640000 via
172.30.0.1, 004340, Serial0/0
Participates in EIGRP and OSPF.
106R3s routing table
R3-O show ip route O 172.17.0.0/16 110/65
via 172.16.0.6, 000143, Serial0/2
172.16.0.0/16 is variably subnetted, 11 subnets,
7 masks C 172.16.0.4/30 is directly
connected, Serial0/2 C 172.16.0.0/30 is
directly connected, Serial0/1 C
172.16.1.0/24 is directly connected,
FastEthernet0/0 O 172.16.2.0/24 110/65
via 172.16.0.6, 000143, Serial0/2 O
172.16.104.0/27 110/65 via 172.16.0.6,
000143, Serial0/2 O 172.16.105.0/28
110/65 via 172.16.0.6, 000143, Serial0/2 O
172.16.106.0/29 110/65 via 172.16.0.6,
000144, Serial0/2 O 172.16.107.0/30
110/65 via 172.16.0.6, 000144, Serial0/2 O
172.16.101.0/24 110/65 via 172.16.0.6,
000144, Serial0/2 O 172.16.102.0/25
110/65 via 172.16.0.6, 000144, Serial0/2 O
172.16.103.0/26 110/65 via 172.16.0.6,
000144, Serial0/2 O E2 172.31.0.0/16 110/20
via 172.16.0.2, 000145, Serial0/1
172.30.0.0/16 is variably subnetted, 5 subnets, 2
masks O E2 172.30.2.0/24 110/20 via
172.16.0.2, 000145, Serial0/1 O E2
172.30.3.0/24 110/20 via 172.16.0.2, 000145,
Serial0/1 O E2 172.30.0.0/30 110/20 via
172.16.0.2, 000145, Serial0/1 O E2
172.30.1.0/24 110/20 via 172.16.0.2, 000145,
Serial0/1 O E2 172.30.4.0/24 110/20 via
172.16.0.2, 000145, Serial0/1
All EIGRP routes redistributed into OSPF with the
same metric and type E2.
107R4s routing table
R4-0show ip route C 172.17.0.0/16 is
directly connected, FastEthernet0/1
172.16.0.0/16 is variably subnetted, 11 subnets,
7 masks C 172.16.0.4/30 is directly
connected, Serial0/0 O 172.16.0.0/30
110/128 via 172.16.0.5, 000238, Serial0/0 O
172.16.1.0/24 110/65 via 172.16.0.5,
000238, Serial0/0 C 172.16.2.0/24 is
directly connected, FastEthernet0/0 C
172.16.104.0/27 is directly connected,
Loopback104 C 172.16.105.0/28 is directly
connected, Loopback105 C 172.16.106.0/29 is
directly connected, Loopback106 C
172.16.107.0/30 is directly connected,
Loopback107 C 172.16.101.0/24 is directly
connected, Loopback101 C 172.16.102.0/25 is
directly connected, Loopback102 C
172.16.103.0/26 is directly connected,
Loopback103 O E2 172.31.0.0/16 110/20 via
172.16.0.5, 000240, Serial0/0
172.30.0.0/16 is variably subnetted, 5 subnets, 2
masks O E2 172.30.2.0/24 110/20 via
172.16.0.5, 000240, Serial0/0 O E2
172.30.3.0/24 110/20 via 172.16.0.5, 000240,
Serial0/0 O E2 172.30.0.0/30 110/20 via
172.16.0.5, 000240, Serial0/0 O E2
172.30.1.0/24 110/20 via 172.16.0.5, 000240,
Serial0/0 O E2 172.30.4.0/24 110/20 via
172.16.0.5, 000240, Serial0/0
All EIGRP routes redistributed into OSPF with the
same metric and type E2.
108Configuring Route Filtering with Redistribution
109Prefixes Action
172.16.101.0/24 deny
172.16.102.0/25 172.16.103.0/26 permit
172.16.104.0/27 172.16.105.0/28 deny
172.16.106.0/29 172.16.107.0/30 permit
- Option1 Match of the routes to be filtered
(denied), using extended IP ACLs, using a deny
action so the routes are filtered. - Then use a permit clause with no match command to
matching and allow all remaining routes to be
redistributed. - Note This will also permit all other routes.
110router eigrp 1 redistribute ospf 2 route-map
option1 route-map option1 deny 10 match ip
address match-101 route-map option1 deny 20
match ip address match-104-105 route-map option1
permit 100 ip access-list extended match-101
permit ip host 172.16.101.0 host
255.255.255.0 ip access-list extended
match-104-105 permit ip host 172.16.104.0 host
255.255.255.224 permit ip host 172.16.105.0 host
255.255.255.240
Match and Deny Permit all
Extended ACL compares the source IP address
parameter to the subnet number of the route, and
the destination IP address to the subnet mask of
the route.
- Could be a single route-map and single ACL
- Two statements because we will modify this later
The decision to filter a route or allow the route
through is based on the deny or permit in the
route-map command, and not the deny or permit in
the ACL or prefix list.
111R2-E-O show ip route O 172.17.0.0/16
110/846 via 172.16.0.1, 003045, Serial0/1
172.16.0.0/16 is variably subnetted, 11 subnets,
7 masks O 172.16.0.4/30 110/845 via
172.16.0.1, 003045, Serial0/1 C
172.16.0.0/30 is directly connected, Serial0/1 O
172.16.1.0/24 110/782 via 172.16.0.1,
003045, Serial0/1 O 172.16.2.0/24
110/846 via 172.16.0.1, 003045, Serial0/1 O
172.16.104.0/27 110/846 via 172.16.0.1,
003045, Serial0/1 O 172.16.105.0/28
110/846 via 172.16.0.1, 003047, Serial0/1 O
172.16.106.0/29 110/846 via 172.16.0.1,
003047, Serial0/1 O 172.16.107.0/30
110/846 via 172.16.0.1, 003047, Serial0/1 O
172.16.101.0/24 110/846 via 172.16.0.1,
003047, Serial0/1 O 172.16.102.0/25
110/846 via 172.16.0.1, 003047, Serial0/1 O
172.16.103.0/26 110/846 via 172.16.0.1,
003047, Serial0/1 D 172.31.0.0/16
90/20640000 via 172.30.0.1, 003123,
Serial0/0 172.30.0.0/16 is variably
subnetted, 5 subnets, 2 masks D
172.30.2.0/24 90/20514560 via 172.30.0.1,
003123, Serial0/0 D 172.30.3.0/24
90/20640000 via 172.30.0.1, 003123,
Serial0/0 C 172.30.0.0/30 is directly
connected, Serial0/0 D 172.30.1.0/24
90/20514560 via 172.30.0.1, 003123,
Serial0/0 D 172.30.4.0/24 90/20640000 via
172.30.0.1, 003123, Serial0/0
All routes still in routing table
112R2-E-O show ip eigrp top ltNon-redistributed
routes omittedgt P 172.16.0.4/30, 1 successors, FD
is 1709056 via Redistributed
(1709056/0) P 172.16.0.0/30, 1 successors, FD is
1709056 via Redistributed (1709056/0) P
172.17.0.0/16, 1 successors, FD is 1709056
via Redistributed (1709056/0) P 172.16.1.0/24, 1
successors, FD is 1709056 via
Redistributed (1709056/0) P 172.16.2.0/24, 1
successors, FD is 1709056 via
Redistributed (1709056/0) P 172.16.106.0/29, 1
successors, FD is 1709056 via
Redistributed (1709056/0) P 172.16.107.0/30, 1
successors, FD is 1709056 via
Redistributed (1709056/0) P 172.16.102.0/25, 1
successors, FD is 1709056 via
Redistributed (1709056/0) P 172.16.103.0/26, 1
successors, FD is 1709056 via
Redistributed (1709056/0)
Denied routes not redistributed into EIGRP.
113R1-Eshow ip route D EX 172.17.0.0/16
170/2221056 via 172.30.0.2, 003219,
Serial0/0 172.16.0.0/16 is variably
subnetted, 8 subnets, 5 masks D EX
172.16.0.4/30 170/2221056 via 172.30.0.2,
003242, Serial0/0 D EX 172.16.0.0/30
170/2221056 via 172.30.0.2, 003252,
Serial0/0 D EX 172.16.1.0/24 170/2221056 via
172.30.0.2, 003242, Serial0/0 D EX
172.16.2.0/24 170/2221056 via 172.30.0.2,
003219, Serial0/0 D EX 172.16.106.0/29
170/2221056 via 172.30.0.2, 003219,
Serial0/0 D EX 172.16.107.0/30 170/2221056
via 172.30.0.2, 003220, Serial0/0 D EX
172.16.102.0/25 170/2221056 via 172.30.0.2,
003220, Serial0/0 D EX 172.16.103.0/26
170/2221056 via 172.30.0.2, 003220,
Serial0/0 C 172.31.0.0