automaty do gry

Social Icons

Sunday, April 13, 2014

CCNP ROUTE: 4. Redistributing routes using route-maps

A route-map can perform the following:
- Identify the subset of the routes to filter or change based on the route’s prefix/length, plus many other factors.
- Make filtering choices about which routes are redistributed, and which are not.
- Set the metric to different values based on information matchable by the route-map.
- Set the type of External route for different redistributed routes, for example, OSPF Type 1 for some routes, Type 2 for others.
- Set a route tag, a unitless integer value that can later be matched with a route-map at another redistribution point.

The redistribute command has two mechanisms that allow filtering of routes:
- The match {internal | external 1 | external 2 | nssa-external} parameters
- The route-map map-name option

match Command Options for Redistribution:

match interface interface-type interface-number [... interface-type interface-number] - Looks at outgoing interface of routes
match ip address {[access-list-number | access-list-name] | prefix-list prefix-listname} - Examines route destination prefix and prefix length
match ip next-hop {access-list-number | access-list-name} - Examines route’s next-hop address
match ip route-source {access-list-number | access-list-name} - Matches advertising router’s IP address
match metric metric-value [+- deviation] - Matches route’s metric, or a range (plus/minus the configured deviation)
match route-type {internal | external [type–1 | type–2] | level–1 | level–2} - Matches route type
match tag tag-value [...tag-value] - Matches the route tag, which requires that another router has earlier set the tag

set Command Options for Redistribution into IGPs:

set metric metric-value - Sets the route’s metric for OSPF, RIP, and IS-IS
set metric bandwidth delay reliability loading mtu - Sets the EIGRP route’s metric values
set metric-type {type–1 | type–2} - Sets type of route for OSPF
set tag tag-value - Sets the unitless tag value in the route

In our network, we configure R4 with mutual redistribution between the EIGRP and OSPF domains.

R4#show run | s eigrp
router eigrp 1
 redistribute ospf 1 metric 1500 10 255 1 1500
 network 172.16.0.2 0.0.0.0
 network 172.16.0.12 0.0.0.3
 network 192.168.44.0
 no auto-summary
 redistribute eigrp 1 subnets
R4#show run | s ospf 
 redistribute ospf 1 metric 1500 10 255 1 1500
router ospf 1
 router-id 4.4.4.4
 log-adjacency-changes
 redistribute eigrp 1 subnets
 network 192.168.0.12 0.0.0.3 area 0
R4#show run | s redistribute
 redistribute ospf 1 metric 1500 10 255 1 1500
 redistribute eigrp 1 subnets

Let's check the routing tables on R6 and R1, which should contain redistrbuted routes from the neighbor domain.

R6#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     192.168.13.0/32 is subnetted, 1 subnets
D EX    192.168.13.13 [170/2221056] via 172.16.0.2, 00:04:10, Serial0/0
D    192.168.44.0/24 [90/2297856] via 172.16.0.2, 00:06:17, Serial0/0
     172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
D       172.16.0.12/30 [90/2195456] via 172.16.0.6, 00:06:17, FastEthernet0/1
C       172.16.0.8/30 is directly connected, Serial0/1
C       172.16.0.4/30 is directly connected, FastEthernet0/1
C       172.16.0.0/30 is directly connected, Serial0/0
C       172.16.111.0/24 is directly connected, Loopback111
D    192.168.55.0/24 [90/409600] via 172.16.0.6, 00:06:18, FastEthernet0/1
     10.0.0.0/32 is subnetted, 5 subnets
D EX    10.0.1.3 [170/2221056] via 172.16.0.2, 00:04:12, Serial0/0
D EX    10.0.1.2 [170/2221056] via 172.16.0.2, 00:04:12, Serial0/0
D EX    10.0.11.11 [170/2221056] via 172.16.0.2, 00:04:13, Serial0/0
D EX    10.0.10.10 [170/2221056] via 172.16.0.2, 00:04:13, Serial0/0
D EX    10.0.1.1 [170/2221056] via 172.16.0.2, 00:04:13, Serial0/0
     192.168.0.0/24 is variably subnetted, 4 subnets, 2 masks
D EX    192.168.0.12/30 [170/2221056] via 172.16.0.2, 00:04:13, Serial0/0
D EX    192.168.0.0/29 [170/2221056] via 172.16.0.2, 00:04:13, Serial0/0
D EX    192.168.0.16/30 [170/2221056] via 172.16.0.2, 00:04:13, Serial0/0
D EX    192.168.0.20/30 [170/2221056] via 172.16.0.2, 00:04:13, Serial0/0
     192.168.168.0/30 is subnetted, 1 subnets
D EX    192.168.168.0 [170/2221056] via 172.16.0.2, 00:04:13, Serial0/0
     192.168.100.0/32 is subnetted, 1 subnets
D EX    192.168.100.100 [170/2221056] via 172.16.0.2, 00:04:13, Serial0/0
     192.168.169.0/32 is subnetted, 1 subnets
D EX    192.168.169.170 [170/2221056] via 172.16.0.2, 00:04:13, Serial0/0
     192.168.3.0/30 is subnetted, 1 subnets
D EX    192.168.3.0 [170/2221056] via 172.16.0.2, 00:04:14, Serial0/0
     192.168.33.0/32 is subnetted, 1 subnets
D EX    192.168.33.33 [170/2221056] via 172.16.0.2, 00:04:14, Serial0/0

R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     192.168.13.0/32 is subnetted, 1 subnets
O       192.168.13.13 [110/11] via 192.168.0.3, 00:04:37, FastEthernet0/0
O E2 192.168.44.0/24 [110/20] via 192.168.0.14, 00:04:37, Serial0/1
     172.16.0.0/16 is variably subnetted, 5 subnets, 2 masks
O E2    172.16.0.12/30 [110/20] via 192.168.0.14, 00:04:37, Serial0/1
O E2    172.16.0.8/30 [110/20] via 192.168.0.14, 00:04:37, Serial0/1
O E2    172.16.0.4/30 [110/20] via 192.168.0.14, 00:04:37, Serial0/1
O E2    172.16.0.0/30 [110/20] via 192.168.0.14, 00:04:38, Serial0/1
O E2    172.16.111.0/24 [110/20] via 192.168.0.14, 00:04:38, Serial0/1
O E2 192.168.55.0/24 [110/20] via 192.168.0.14, 00:04:38, Serial0/1
     10.0.0.0/32 is subnetted, 5 subnets
O IA    10.0.1.3 [110/128] via 192.168.0.22, 00:04:38, Serial0/0
O IA    10.0.1.2 [110/128] via 192.168.0.22, 00:04:38, Serial0/0
O IA    10.0.11.11 [110/129] via 192.168.0.22, 00:04:39, Serial0/0
O IA    10.0.10.10 [110/129] via 192.168.0.22, 00:04:39, Serial0/0
O IA    10.0.1.1 [110/64] via 192.168.0.22, 00:04:39, Serial0/0
     192.168.0.0/24 is variably subnetted, 4 subnets, 2 masks
C       192.168.0.12/30 is directly connected, Serial0/1
C       192.168.0.0/29 is directly connected, FastEthernet0/0
C       192.168.0.16/30 is directly connected, Serial0/2
C       192.168.0.20/30 is directly connected, Serial0/0
     192.168.168.0/30 is subnetted, 1 subnets
O IA    192.168.168.0 [110/20] via 192.168.0.2, 00:04:39, FastEthernet0/0
C    192.168.100.0/24 is directly connected, Loopback0
     192.168.169.0/32 is subnetted, 1 subnets
O IA    192.168.169.170 [110/21] via 192.168.0.2, 00:04:39, FastEthernet0/0
     192.168.3.0/30 is subnetted, 1 subnets
O IA    192.168.3.0 [110/74] via 192.168.0.22, 00:04:39, Serial0/0
     192.168.33.0/32 is subnetted, 1 subnets
O IA    192.168.33.33 [110/75] via 192.168.0.22, 00:04:41, Serial0/0

As expected, external routes coming from the other protocol are added to each routing table.
Now, using a route map, let's filter routes being redistributed from OSPF process 1 into EIGRP AS 1.
Any routes not mentioned below, but shown in the above routing table, should be redistributed (not filtered).
Let's consider only the 192.168.0.x D EX routes in R6's routing table (due to the large total number of D EX routes in the table).

D EX    192.168.0.12/30 [170/2221056] via 172.16.0.2, 00:04:13, Serial0/0
D EX    192.168.0.0/29 [170/2221056] via 172.16.0.2, 00:04:13, Serial0/0
D EX    192.168.0.16/30 [170/2221056] via 172.16.0.2, 00:04:13, Serial0/0
D EX    192.168.0.20/30 [170/2221056] via 172.16.0.2, 00:04:13, Serial0/0

DENY: 192.168.0.0/29, 192.168.0.12/30
PERMIT: 192.168.0.16/30, 192.168.0.20/30

The route-map simply needs to match the routes to be filtered with a route-map clause that has a deny action and match the routes to not be filtered with a clause with a permit action.

We have two ways in which we can configure a route map to accomplish the required filtering:

Option 1: Begin with a match of the routes to be filtered, using extended IP ACLs, with a deny action so the routes are filtered.
Then use a permit clause with no match command at all, matching and allowing through all remaining routes.

Option 2: Begin with a match of the routes to be allowed, matching with prefix lists, with a permit action.
Then use the implicit deny all at the end of the route-map to filter unwanted routes.

Initial routes on R6:
R6#show ip route 192.168.0.0    
Routing entry for 192.168.0.0/24, 4 known subnets
  Variably subnetted with 2 masks
  Redistributing via eigrp 1

D EX    192.168.0.12/30 [170/2221056] via 172.16.0.2, 00:45:20, Serial0/0
D EX    192.168.0.0/29 [170/2221056] via 172.16.0.2, 00:45:20, Serial0/0
D EX    192.168.0.16/30 [170/2221056] via 172.16.0.2, 00:45:20, Serial0/0
D EX    192.168.0.20/30 [170/2221056] via 172.16.0.2, 00:45:20, Serial0/0

Option 1:

R4(config)#ip access-list extended match192168012
R4(config-ext-nacl)#permit ip host 192.168.0.0 host 255.255.255.248
R4(config-ext-nacl)#permit ip host 192.168.0.12 host 255.255.255.252
R4(config-ext-nacl)#end
R4#show access-lists
Extended IP access list match192168012
    10 permit ip host 192.168.0.0 host 255.255.255.248
    20 permit ip host 192.168.0.12 host 255.255.255.252

R4(config)#route-map option1 deny 10 
R4(config-route-map)#match ip address match192168012
R4(config-route-map)#exit
R4(config)#route-map option1 permit 20

R4#show route-map
route-map option1, deny, sequence 10
  Match clauses:
    ip address (access-lists): match192168012
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes
route-map option1, permit, sequence 20
  Match clauses:
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes

The last clause in this route map, with sequence number 20, does not have a match command at all, meaning that it will match any and all routes.
The permit action on this last clause overrides the implied deny all at the end of the route-map.
With an extended ACL, IOS compares the source IP address parameter to the subnet number of the route and the destination IP address to the subnet mask of the route.
For example, the permit ip host 172.16.1.0 host 255.255.255.0 command matches the specific route for subnet 172.16.101.0, specifically with mask 255.255.255.0.

R4(config)#router eigrp 1
R4(config-router)#redistribute ospf 1 route-map option1

Checking on R6 to see if subnets .0 and .12 were filtered by the route map:

R6#show ip route 192.168.0.0
Routing entry for 192.168.0.0/30, 2 known subnets
  Redistributing via eigrp 1

D EX    192.168.0.16 [170/2221056] via 172.16.0.2, 00:01:41, Serial0/0
D EX    192.168.0.20 [170/2221056] via 172.16.0.2, 00:01:41, Serial0/0

Option 2:

R4(config)#no ip access-list extended match192168012
R4(config)#no route-map option1
R4(config)#router eigrp 1 
R4(config-router)#no redistribute ospf 1 route-map option1
R4(config-router)#redistribute ospf 1 metric 1500 10 255 1 1500

Now, everything is back to normal redistributing. Checking this on R6:
R6#show ip route 192.168.0.0
Routing entry for 192.168.0.0/24, 4 known subnets
  Variably subnetted with 2 masks
  Redistributing via eigrp 1

D EX    192.168.0.12/30 [170/2221056] via 172.16.0.2, 00:01:16, Serial0/0
D EX    192.168.0.0/29 [170/2221056] via 172.16.0.2, 00:01:16, Serial0/0
D EX    192.168.0.16/30 [170/2221056] via 172.16.0.2, 00:01:16, Serial0/0
D EX    192.168.0.20/30 [170/2221056] via 172.16.0.2, 00:01:16, Serial0/0

R4(config)#ip prefix-list match1620 seq 5 permit 192.168.0.16/30
R4(config)#ip prefix-list match1620 seq 10 permit 192.168.0.20/30
R4(config)#route-map option2 permit 10 
R4(config-route-map)#match ip address prefix-list match1620

Note: Route maps have an implicit deny at the end.

R4#show ip prefix-list 
ip prefix-list match1620: 2 entries
   seq 5 permit 192.168.0.16/30
   seq 10 permit 192.168.0.20/30
R4#show route-map
route-map option2, permit, sequence 10
  Match clauses:
    ip address prefix-lists: match1620
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes

R4(config)#router eigrp 1
R4(config-router)#redistribute ospf 1 route-map option2

The same results as with option1 route map are obtained:

R6#show ip route 192.168.0.0
Routing entry for 192.168.0.0/30, 2 known subnets
  Redistributing via eigrp 1

D EX    192.168.0.16 [170/2221056] via 172.16.0.2, 00:30:02, Serial0/0
D EX    192.168.0.20 [170/2221056] via 172.16.0.2, 00:30:02, Serial0/0

Further more, along with filtering routes, route maps can also set metrics or external route types (for OSPF) when redistributing.

To set the metric for routes matched by a particular clause, the route-map needs the set metric route-map subcommand.
When redistributing into EIGRP, this command has five parameters (bandwidth, delay, reliability, load, and MTU).
When redistributing into OSPF or RIP, a single integer metric is used.

Continuing with the same internetwork as above, and with the same filtering goals, we can update the requirements to setting different metrics to different routes from OSPF to the EIGRP domain.

DENY: 192.168.0.0/29, 192.168.0.12/30
PERMIT: 192.168.0.16/30, metrics 1600 160 255 1 1500
PERMIT: 192.168.0.20/30, metrics 2000 200 255 1 1500
ALL OTHERS: metrics 1001 101 255 1 1499

Returning to the initial config:
R4(config)#no route-map option2
R4(config)#router eigrp 1
R4(config-router)#no redistribute ospf 1 route-map option2
R4(config-router)#redistribute ospf 1 metric 1500 100 255 1 1500

R6#show ip route 192.168.0.0
Routing entry for 192.168.0.0/24, 4 known subnets
  Variably subnetted with 2 masks
  Redistributing via eigrp 1

D EX    192.168.0.12/30 [170/2244096] via 172.16.0.2, 00:00:03, Serial0/0
D EX    192.168.0.0/29 [170/2244096] via 172.16.0.2, 00:00:03, Serial0/0
D EX    192.168.0.16/30 [170/2244096] via 172.16.0.2, 00:00:03, Serial0/0
D EX    192.168.0.20/30 [170/2244096] via 172.16.0.2, 00:00:03, Serial0/0

Before configuring the route map and new metrics, let's check the current metric for any of the D EX routes:
R6#show ip eigrp topology 192.168.0.16/30
IP-EIGRP (AS 1): Topology entry for 192.168.0.16/30
  State is Passive, Query origin flag is 1, 1 Successor(s), FD is 2244096
  Routing Descriptor Blocks:
  172.16.0.2 (Serial0/0), from 172.16.0.2, Send flag is 0x0
      Composite metric is (2244096/1732096), Route is External
      Vector metric:
        Minimum bandwidth is 1500 Kbit
        Total delay is 21000 microseconds
        Reliability is 255/255
        Load is 1/255
        Minimum MTU is 1500
        Hop count is 1
      External data:
        Originating router is 192.168.44.44
        AS number of route is 1
        External protocol is OSPF, external metric is 128
        Administrator tag is 0 (0x00000000)

We have to delete the previous prefix list and create four new ones, two for the permitted subnets and two for the denied ones:
R4(config)#no ip prefix-list match1620
R4(config)#ip prefix-list match0 seq 10 permit 192.168.0.0/29
R4(config)#ip prefix-list match12 seq 10 permit 192.168.0.12/30
R4(config)#ip prefix-list match16 seq 10 permit 192.168.0.16/30 
R4(config)#ip prefix-list match20 seq 10 permit 192.168.0.20/30
R4(config)#do show ip prefix-list 
ip prefix-list match0: 1 entries
   seq 10 permit 192.168.0.0/29
ip prefix-list match12: 1 entries
   seq 10 permit 192.168.0.12/30
ip prefix-list match16: 1 entries
   seq 10 permit 192.168.0.16/30
ip prefix-list match20: 1 entries
   seq 10 permit 192.168.0.20/30
 
Now, let's create the route map and set the metrics:

R4(config)#route-map setmetrics permit 10
R4(config-route-map)#match ip address prefix-list match16
R4(config-route-map)#set metric 1600 160 255 1 1500
R4(config-route-map)#route-map setmetrics permit 20
R4(config-route-map)#match ip address prefix-list match20
R4(config-route-map)#set metric 2000 200 255 1 1500
R4(config-route-map)#route-map setmetrics deny 30
R4(config-route-map)#match ip address prefix-list match0
R4(config-route-map)#route-map setmetrics deny 40
R4(config-route-map)#match ip address prefix-list match12
R4(config-route-map)#route-map setmetrics permit 50
R4(config-route-map)#end

 R4#show route-map
route-map setmetrics, permit, sequence 10
  Match clauses:
    ip address prefix-lists: match16
  Set clauses:
    metric 1600 160 255 1 1500
  Policy routing matches: 0 packets, 0 bytes
route-map setmetrics, permit, sequence 20
  Match clauses:
    ip address prefix-lists: match20
  Set clauses:
    metric 2000 200 255 1 1500
  Policy routing matches: 0 packets, 0 bytes
route-map setmetrics, deny, sequence 30
  Match clauses:
    ip address prefix-lists: match0
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes
route-map setmetrics, deny, sequence 40
  Match clauses:
    ip address prefix-lists: match12
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes
route-map setmetrics, permit, sequence 50
  Match clauses:
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes

Finally, we should apply the route map to the redistribution process:

R4(config)#router eigrp 1
R4(config-router)#default-metric 1001 101 255 1 1499
R4(config-router)#redistribute ospf 1 route-map setmetrics

First, we can see that the denied routes do not appear in R6's routing tabel anymore:
R6#show ip route 192.168.0.0
Routing entry for 192.168.0.0/30, 2 known subnets
  Redistributing via eigrp 1

D EX    192.168.0.16 [170/2210816] via 172.16.0.2, 00:04:20, Serial0/0
D EX    192.168.0.20 [170/2221056] via 172.16.0.2, 00:04:20, Serial0/0

Secondly, we can check if the requested metric were applied for the .16, .20 and all other subnets on R6:

R6#show ip eigrp topology 192.168.0.16/30
IP-EIGRP (AS 1): Topology entry for 192.168.0.16/30
  State is Passive, Query origin flag is 1, 1 Successor(s), FD is 3072512
  Routing Descriptor Blocks:
  172.16.0.2 (Serial0/0), from 172.16.0.2, Send flag is 0x0
      Composite metric is (3072512/2560512), Route is External
      Vector metric:
        Minimum bandwidth is 1016 Kbit
        Total delay is 21600 microseconds
        Reliability is 255/255
        Load is 16/255
        Minimum MTU is 1500
        Hop count is 1
      External data:
        Originating router is 192.168.44.44
        AS number of route is 1
        External protocol is OSPF, external metric is 128
        Administrator tag is 0 (0x00000000)

R6#show ip eigrp topology 192.168.0.20/30
IP-EIGRP (AS 1): Topology entry for 192.168.0.20/30
  State is Passive, Query origin flag is 1, 1 Successor(s), FD is 3072768
  Routing Descriptor Blocks:
  172.16.0.2 (Serial0/0), from 172.16.0.2, Send flag is 0x0
      Composite metric is (3072768/2560768), Route is External
      Vector metric:
        Minimum bandwidth is 1020 Kbit
        Total delay is 22000 microseconds
        Reliability is 255/255
        Load is 20/255
        Minimum MTU is 1500
        Hop count is 1
      External data:
        Originating router is 192.168.44.44
        AS number of route is 1
        External protocol is OSPF, external metric is 128
        Administrator tag is 0 (0x00000000)

R6#show ip eigrp topology 10.0.1.3/32    
IP-EIGRP (AS 1): Topology entry for 10.0.1.3/32
  State is Passive, Query origin flag is 1, 1 Successor(s), FD is 3095296
  Routing Descriptor Blocks:
  172.16.0.2 (Serial0/0), from 172.16.0.2, Send flag is 0x0
      Composite metric is (3095296/2583296), Route is External
      Vector metric:
        Minimum bandwidth is 1001 Kbit
        Total delay is 21010 microseconds
        Reliability is 255/255
        Load is 1/255
        Minimum MTU is 1499
        Hop count is 1
      External data:
        Originating router is 192.168.44.44
        AS number of route is 1
        External protocol is OSPF, external metric is 192
        Administrator tag is 0 (0x00000000)

Setting the External Route Type

When redistributing into OSPF, IOS automatically sets the external route type to external Type 2 (E2).
When redistributing into OSPF, IOS can set the type to E1 or E2 by using the set metric-type {type-1 | type-2} route-map subcommand.

Note that the redistribute command also allows the match {internal | external 1 | external 2 | nssa-external} parameters, but these parameters do not set the type or route.
Instead, these parameters match existing routes as part of the process of deciding which routes to redistribute.

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)