- Identify the subset of the routes to filter or change based on the route’s prefix/length, plus many other factors.
- Make filtering choices about which routes are redistributed, and which are not.
- Set the metric to different values based on information matchable by the route-map.
- Set the type of External route for different redistributed routes, for example, OSPF Type 1 for some routes, Type 2 for others.
- Set a route tag, a unitless integer value that can later be matched with a route-map at another redistribution point.
The redistribute command has two mechanisms that allow filtering of routes:
- The match {internal | external 1 | external 2 | nssa-external} parameters
- The route-map map-name option
match Command Options for Redistribution:
match interface interface-type interface-number [... interface-type interface-number] - Looks at outgoing interface of routes
match ip address {[access-list-number | access-list-name] | prefix-list prefix-listname} - Examines route destination prefix and prefix length
match ip next-hop {access-list-number | access-list-name} - Examines route’s next-hop address
match ip route-source {access-list-number | access-list-name} - Matches advertising router’s IP address
match metric metric-value [+- deviation] - Matches route’s metric, or a range (plus/minus the configured deviation)
match route-type {internal | external [type–1 | type–2] | level–1 | level–2} - Matches route type
match tag tag-value [...tag-value] - Matches the route tag, which requires that another router has earlier set the tag
set Command Options for Redistribution into IGPs:
set metric metric-value - Sets the route’s metric for OSPF, RIP, and IS-IS
set metric bandwidth delay reliability loading mtu - Sets the EIGRP route’s metric values
set metric-type {type–1 | type–2} - Sets type of route for OSPF
set tag tag-value - Sets the unitless tag value in the route
In our network, we configure R4 with mutual redistribution between the EIGRP and OSPF domains.
R4#show run | s eigrp
router eigrp 1
redistribute ospf 1 metric 1500 10 255 1 1500
network 172.16.0.2 0.0.0.0
network 172.16.0.12 0.0.0.3
network 192.168.44.0
no auto-summary
redistribute eigrp 1 subnets
R4#show run | s ospf
redistribute ospf 1 metric 1500 10 255 1 1500
router ospf 1
router-id 4.4.4.4
log-adjacency-changes
redistribute eigrp 1 subnets
network 192.168.0.12 0.0.0.3 area 0
R4#show run | s redistribute
redistribute ospf 1 metric 1500 10 255 1 1500
redistribute eigrp 1 subnets
Let's check the routing tables on R6 and R1, which should contain redistrbuted routes from the neighbor domain.
R6#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
192.168.13.0/32 is subnetted, 1 subnets
D EX 192.168.13.13 [170/2221056] via 172.16.0.2, 00:04:10, Serial0/0
D 192.168.44.0/24 [90/2297856] via 172.16.0.2, 00:06:17, Serial0/0
172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
D 172.16.0.12/30 [90/2195456] via 172.16.0.6, 00:06:17, FastEthernet0/1
C 172.16.0.8/30 is directly connected, Serial0/1
C 172.16.0.4/30 is directly connected, FastEthernet0/1
C 172.16.0.0/30 is directly connected, Serial0/0
C 172.16.111.0/24 is directly connected, Loopback111
D 192.168.55.0/24 [90/409600] via 172.16.0.6, 00:06:18, FastEthernet0/1
10.0.0.0/32 is subnetted, 5 subnets
D EX 10.0.1.3 [170/2221056] via 172.16.0.2, 00:04:12, Serial0/0
D EX 10.0.1.2 [170/2221056] via 172.16.0.2, 00:04:12, Serial0/0
D EX 10.0.11.11 [170/2221056] via 172.16.0.2, 00:04:13, Serial0/0
D EX 10.0.10.10 [170/2221056] via 172.16.0.2, 00:04:13, Serial0/0
D EX 10.0.1.1 [170/2221056] via 172.16.0.2, 00:04:13, Serial0/0
192.168.0.0/24 is variably subnetted, 4 subnets, 2 masks
D EX 192.168.0.12/30 [170/2221056] via 172.16.0.2, 00:04:13, Serial0/0
D EX 192.168.0.0/29 [170/2221056] via 172.16.0.2, 00:04:13, Serial0/0
D EX 192.168.0.16/30 [170/2221056] via 172.16.0.2, 00:04:13, Serial0/0
D EX 192.168.0.20/30 [170/2221056] via 172.16.0.2, 00:04:13, Serial0/0
192.168.168.0/30 is subnetted, 1 subnets
D EX 192.168.168.0 [170/2221056] via 172.16.0.2, 00:04:13, Serial0/0
192.168.100.0/32 is subnetted, 1 subnets
D EX 192.168.100.100 [170/2221056] via 172.16.0.2, 00:04:13, Serial0/0
192.168.169.0/32 is subnetted, 1 subnets
D EX 192.168.169.170 [170/2221056] via 172.16.0.2, 00:04:13, Serial0/0
192.168.3.0/30 is subnetted, 1 subnets
D EX 192.168.3.0 [170/2221056] via 172.16.0.2, 00:04:14, Serial0/0
192.168.33.0/32 is subnetted, 1 subnets
D EX 192.168.33.33 [170/2221056] via 172.16.0.2, 00:04:14, Serial0/0
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
192.168.13.0/32 is subnetted, 1 subnets
O 192.168.13.13 [110/11] via 192.168.0.3, 00:04:37, FastEthernet0/0
O E2 192.168.44.0/24 [110/20] via 192.168.0.14, 00:04:37, Serial0/1
172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
O E2 172.16.0.12/30 [110/20] via 192.168.0.14, 00:04:37, Serial0/1
O E2 172.16.0.8/30 [110/20] via 192.168.0.14, 00:04:37, Serial0/1
O E2 172.16.0.4/30 [110/20] via 192.168.0.14, 00:04:37, Serial0/1
O E2 172.16.0.0/30 [110/20] via 192.168.0.14, 00:04:38, Serial0/1
O E2 172.16.111.0/24 [110/20] via 192.168.0.14, 00:04:38, Serial0/1
O E2 192.168.55.0/24 [110/20] via 192.168.0.14, 00:04:38, Serial0/1
10.0.0.0/32 is subnetted, 5 subnets
O IA 10.0.1.3 [110/128] via 192.168.0.22, 00:04:38, Serial0/0
O IA 10.0.1.2 [110/128] via 192.168.0.22, 00:04:38, Serial0/0
O IA 10.0.11.11 [110/129] via 192.168.0.22, 00:04:39, Serial0/0
O IA 10.0.10.10 [110/129] via 192.168.0.22, 00:04:39, Serial0/0
O IA 10.0.1.1 [110/64] via 192.168.0.22, 00:04:39, Serial0/0
192.168.0.0/24 is variably subnetted, 4 subnets, 2 masks
C 192.168.0.12/30 is directly connected, Serial0/1
C 192.168.0.0/29 is directly connected, FastEthernet0/0
C 192.168.0.16/30 is directly connected, Serial0/2
C 192.168.0.20/30 is directly connected, Serial0/0
192.168.168.0/30 is subnetted, 1 subnets
O IA 192.168.168.0 [110/20] via 192.168.0.2, 00:04:39, FastEthernet0/0
C 192.168.100.0/24 is directly connected, Loopback0
192.168.169.0/32 is subnetted, 1 subnets
O IA 192.168.169.170 [110/21] via 192.168.0.2, 00:04:39, FastEthernet0/0
192.168.3.0/30 is subnetted, 1 subnets
O IA 192.168.3.0 [110/74] via 192.168.0.22, 00:04:39, Serial0/0
192.168.33.0/32 is subnetted, 1 subnets
O IA 192.168.33.33 [110/75] via 192.168.0.22, 00:04:41, Serial0/0
As expected, external routes coming from the other protocol are added to each routing table.
Now, using a route map, let's filter routes being redistributed from OSPF process 1 into EIGRP AS 1.
Any routes not mentioned below, but shown in the above routing table, should be redistributed (not filtered).
Let's consider only the 192.168.0.x D EX routes in R6's routing table (due to the large total number of D EX routes in the table).
D EX 192.168.0.12/30 [170/2221056] via 172.16.0.2, 00:04:13, Serial0/0
D EX 192.168.0.0/29 [170/2221056] via 172.16.0.2, 00:04:13, Serial0/0
D EX 192.168.0.16/30 [170/2221056] via 172.16.0.2, 00:04:13, Serial0/0
D EX 192.168.0.20/30 [170/2221056] via 172.16.0.2, 00:04:13, Serial0/0
DENY: 192.168.0.0/29, 192.168.0.12/30
PERMIT: 192.168.0.16/30, 192.168.0.20/30
The route-map simply needs to match the routes to be filtered with a route-map clause that has a deny action and match the routes to not be filtered with a clause with a permit action.
We have two ways in which we can configure a route map to accomplish the required filtering:
Option 1: Begin with a match of the routes to be filtered, using extended IP ACLs, with a deny action so the routes are filtered.
Then use a permit clause with no match command at all, matching and allowing through all remaining routes.
Option 2: Begin with a match of the routes to be allowed, matching with prefix lists, with a permit action.
Then use the implicit deny all at the end of the route-map to filter unwanted routes.
Initial routes on R6:
R6#show ip route 192.168.0.0
Routing entry for 192.168.0.0/24, 4 known subnets
Variably subnetted with 2 masks
Redistributing via eigrp 1
D EX 192.168.0.12/30 [170/2221056] via 172.16.0.2, 00:45:20, Serial0/0
D EX 192.168.0.0/29 [170/2221056] via 172.16.0.2, 00:45:20, Serial0/0
D EX 192.168.0.16/30 [170/2221056] via 172.16.0.2, 00:45:20, Serial0/0
D EX 192.168.0.20/30 [170/2221056] via 172.16.0.2, 00:45:20, Serial0/0
Option 1:
R4(config)#ip access-list extended match192168012
R4(config-ext-nacl)#permit ip host 192.168.0.0 host 255.255.255.248
R4(config-ext-nacl)#permit ip host 192.168.0.12 host 255.255.255.252
R4(config-ext-nacl)#end
R4#show access-lists
Extended IP access list match192168012
10 permit ip host 192.168.0.0 host 255.255.255.248
20 permit ip host 192.168.0.12 host 255.255.255.252
R4(config)#route-map option1 deny 10
R4(config-route-map)#match ip address match192168012
R4(config-route-map)#exit
R4(config)#route-map option1 permit 20
R4#show route-map
route-map option1, deny, sequence 10
Match clauses:
ip address (access-lists): match192168012
Set clauses:
Policy routing matches: 0 packets, 0 bytes
route-map option1, permit, sequence 20
Match clauses:
Set clauses:
Policy routing matches: 0 packets, 0 bytes
The last clause in this route map, with sequence number 20, does not have a match command at all, meaning that it will match any and all routes.
The permit action on this last clause overrides the implied deny all at the end of the route-map.
With an extended ACL, IOS compares the source IP address parameter to the subnet number of the route and the destination IP address to the subnet mask of the route.
For example, the permit ip host 172.16.1.0 host 255.255.255.0 command matches the specific route for subnet 172.16.101.0, specifically with mask 255.255.255.0.
R4(config)#router eigrp 1
R4(config-router)#redistribute ospf 1 route-map option1
Checking on R6 to see if subnets .0 and .12 were filtered by the route map:
R6#show ip route 192.168.0.0
Routing entry for 192.168.0.0/30, 2 known subnets
Redistributing via eigrp 1
D EX 192.168.0.16 [170/2221056] via 172.16.0.2, 00:01:41, Serial0/0
D EX 192.168.0.20 [170/2221056] via 172.16.0.2, 00:01:41, Serial0/0
Option 2:
R4(config)#no ip access-list extended match192168012
R4(config)#no route-map option1
R4(config)#router eigrp 1
R4(config-router)#no redistribute ospf 1 route-map option1
R4(config-router)#redistribute ospf 1 metric 1500 10 255 1 1500
Now, everything is back to normal redistributing. Checking this on R6:
R6#show ip route 192.168.0.0
Routing entry for 192.168.0.0/24, 4 known subnets
Variably subnetted with 2 masks
Redistributing via eigrp 1
D EX 192.168.0.12/30 [170/2221056] via 172.16.0.2, 00:01:16, Serial0/0
D EX 192.168.0.0/29 [170/2221056] via 172.16.0.2, 00:01:16, Serial0/0
D EX 192.168.0.16/30 [170/2221056] via 172.16.0.2, 00:01:16, Serial0/0
D EX 192.168.0.20/30 [170/2221056] via 172.16.0.2, 00:01:16, Serial0/0
R4(config)#ip prefix-list match1620 seq 5 permit 192.168.0.16/30
R4(config)#ip prefix-list match1620 seq 10 permit 192.168.0.20/30
R4(config)#route-map option2 permit 10
R4(config-route-map)#match ip address prefix-list match1620
Note: Route maps have an implicit deny at the end.
R4#show ip prefix-list
ip prefix-list match1620: 2 entries
seq 5 permit 192.168.0.16/30
seq 10 permit 192.168.0.20/30
R4#show route-map
route-map option2, permit, sequence 10
Match clauses:
ip address prefix-lists: match1620
Set clauses:
Policy routing matches: 0 packets, 0 bytes
R4(config)#router eigrp 1
R4(config-router)#redistribute ospf 1 route-map option2
The same results as with option1 route map are obtained:
R6#show ip route 192.168.0.0
Routing entry for 192.168.0.0/30, 2 known subnets
Redistributing via eigrp 1
D EX 192.168.0.16 [170/2221056] via 172.16.0.2, 00:30:02, Serial0/0
D EX 192.168.0.20 [170/2221056] via 172.16.0.2, 00:30:02, Serial0/0
Further more, along with filtering routes, route maps can also set metrics or external route types (for OSPF) when redistributing.
To set the metric for routes matched by a particular clause, the route-map needs the set metric route-map subcommand.
When redistributing into EIGRP, this command has five parameters (bandwidth, delay, reliability, load, and MTU).
When redistributing into OSPF or RIP, a single integer metric is used.
Continuing with the same internetwork as above, and with the same filtering goals, we can update the requirements to setting different metrics to different routes from OSPF to the EIGRP domain.
DENY: 192.168.0.0/29, 192.168.0.12/30
PERMIT: 192.168.0.16/30, metrics 1600 160 255 1 1500
PERMIT: 192.168.0.20/30, metrics 2000 200 255 1 1500
ALL OTHERS: metrics 1001 101 255 1 1499
Returning to the initial config:
R4(config)#no route-map option2
R4(config)#router eigrp 1
R4(config-router)#no redistribute ospf 1 route-map option2
R4(config-router)#redistribute ospf 1 metric 1500 100 255 1 1500
R6#show ip route 192.168.0.0
Routing entry for 192.168.0.0/24, 4 known subnets
Variably subnetted with 2 masks
Redistributing via eigrp 1
D EX 192.168.0.12/30 [170/2244096] via 172.16.0.2, 00:00:03, Serial0/0
D EX 192.168.0.0/29 [170/2244096] via 172.16.0.2, 00:00:03, Serial0/0
D EX 192.168.0.16/30 [170/2244096] via 172.16.0.2, 00:00:03, Serial0/0
D EX 192.168.0.20/30 [170/2244096] via 172.16.0.2, 00:00:03, Serial0/0
Before configuring the route map and new metrics, let's check the current metric for any of the D EX routes:
R6#show ip eigrp topology 192.168.0.16/30
IP-EIGRP (AS 1): Topology entry for 192.168.0.16/30
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 2244096
Routing Descriptor Blocks:
172.16.0.2 (Serial0/0), from 172.16.0.2, Send flag is 0x0
Composite metric is (2244096/1732096), Route is External
Vector metric:
Minimum bandwidth is 1500 Kbit
Total delay is 21000 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1500
Hop count is 1
External data:
Originating router is 192.168.44.44
AS number of route is 1
External protocol is OSPF, external metric is 128
Administrator tag is 0 (0x00000000)
We have to delete the previous prefix list and create four new ones, two for the permitted subnets and two for the denied ones:
R4(config)#no ip prefix-list match1620
R4(config)#ip prefix-list match0 seq 10 permit 192.168.0.0/29
R4(config)#ip prefix-list match12 seq 10 permit 192.168.0.12/30
R4(config)#ip prefix-list match16 seq 10 permit 192.168.0.16/30
R4(config)#ip prefix-list match20 seq 10 permit 192.168.0.20/30
R4(config)#do show ip prefix-list
ip prefix-list match0: 1 entries
seq 10 permit 192.168.0.0/29
ip prefix-list match12: 1 entries
seq 10 permit 192.168.0.12/30
ip prefix-list match16: 1 entries
seq 10 permit 192.168.0.16/30
ip prefix-list match20: 1 entries
seq 10 permit 192.168.0.20/30
Now, let's create the route map and set the metrics:
R4(config)#route-map setmetrics permit 10
R4(config-route-map)#match ip address prefix-list match16
R4(config-route-map)#set metric 1600 160 255 1 1500
R4(config-route-map)#route-map setmetrics permit 20
R4(config-route-map)#match ip address prefix-list match20
R4(config-route-map)#set metric 2000 200 255 1 1500
R4(config-route-map)#route-map setmetrics deny 30
R4(config-route-map)#match ip address prefix-list match0
R4(config-route-map)#route-map setmetrics deny 40
R4(config-route-map)#match ip address prefix-list match12
R4(config-route-map)#route-map setmetrics permit 50
R4(config-route-map)#end
R4#show route-map
route-map setmetrics, permit, sequence 10
Match clauses:
ip address prefix-lists: match16
Set clauses:
metric 1600 160 255 1 1500
Policy routing matches: 0 packets, 0 bytes
route-map setmetrics, permit, sequence 20
Match clauses:
ip address prefix-lists: match20
Set clauses:
metric 2000 200 255 1 1500
Policy routing matches: 0 packets, 0 bytes
route-map setmetrics, deny, sequence 30
Match clauses:
ip address prefix-lists: match0
Set clauses:
Policy routing matches: 0 packets, 0 bytes
route-map setmetrics, deny, sequence 40
Match clauses:
ip address prefix-lists: match12
Set clauses:
Policy routing matches: 0 packets, 0 bytes
route-map setmetrics, permit, sequence 50
Match clauses:
Set clauses:
Policy routing matches: 0 packets, 0 bytes
Finally, we should apply the route map to the redistribution process:
R4(config)#router eigrp 1
R4(config-router)#default-metric 1001 101 255 1 1499
R4(config-router)#redistribute ospf 1 route-map setmetrics
First, we can see that the denied routes do not appear in R6's routing tabel anymore:
R6#show ip route 192.168.0.0
Routing entry for 192.168.0.0/30, 2 known subnets
Redistributing via eigrp 1
D EX 192.168.0.16 [170/2210816] via 172.16.0.2, 00:04:20, Serial0/0
D EX 192.168.0.20 [170/2221056] via 172.16.0.2, 00:04:20, Serial0/0
Secondly, we can check if the requested metric were applied for the .16, .20 and all other subnets on R6:
R6#show ip eigrp topology 192.168.0.16/30
IP-EIGRP (AS 1): Topology entry for 192.168.0.16/30
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 3072512
Routing Descriptor Blocks:
172.16.0.2 (Serial0/0), from 172.16.0.2, Send flag is 0x0
Composite metric is (3072512/2560512), Route is External
Vector metric:
Minimum bandwidth is 1016 Kbit
Total delay is 21600 microseconds
Reliability is 255/255
Load is 16/255
Minimum MTU is 1500
Hop count is 1
External data:
Originating router is 192.168.44.44
AS number of route is 1
External protocol is OSPF, external metric is 128
Administrator tag is 0 (0x00000000)
R6#show ip eigrp topology 192.168.0.20/30
IP-EIGRP (AS 1): Topology entry for 192.168.0.20/30
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 3072768
Routing Descriptor Blocks:
172.16.0.2 (Serial0/0), from 172.16.0.2, Send flag is 0x0
Composite metric is (3072768/2560768), Route is External
Vector metric:
Minimum bandwidth is 1020 Kbit
Total delay is 22000 microseconds
Reliability is 255/255
Load is 20/255
Minimum MTU is 1500
Hop count is 1
External data:
Originating router is 192.168.44.44
AS number of route is 1
External protocol is OSPF, external metric is 128
Administrator tag is 0 (0x00000000)
R6#show ip eigrp topology 10.0.1.3/32
IP-EIGRP (AS 1): Topology entry for 10.0.1.3/32
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 3095296
Routing Descriptor Blocks:
172.16.0.2 (Serial0/0), from 172.16.0.2, Send flag is 0x0
Composite metric is (3095296/2583296), Route is External
Vector metric:
Minimum bandwidth is 1001 Kbit
Total delay is 21010 microseconds
Reliability is 255/255
Load is 1/255
Minimum MTU is 1499
Hop count is 1
External data:
Originating router is 192.168.44.44
AS number of route is 1
External protocol is OSPF, external metric is 192
Administrator tag is 0 (0x00000000)
Setting the External Route Type
When redistributing into OSPF, IOS automatically sets the external route type to external Type 2 (E2).
When redistributing into OSPF, IOS can set the type to E1 or E2 by using the set metric-type {type-1 | type-2} route-map subcommand.
Note that the redistribute command also allows the match {internal | external 1 | external 2 | nssa-external} parameters, but these parameters do not set the type or route.
Instead, these parameters match existing routes as part of the process of deciding which routes to redistribute.
No comments:
Post a Comment