CCIE RS – Routing Concepts – Implement, optimize and troubleshoot redistribution between any routing protocol

Implement, Optimize and Troubleshoot Redistribution between any Routing Protocol

Redistributing Routing Protocols

I will briefly describe how redistribution works for each of the protocols. The best way to truly understand this is to lab up the scenarios and see what happens


RIP

RIP uses a hop count as it’s metric for routes, 16 being unreachable. You’ll want the metric to be defined in a way that will not allow for a routing loop to occur. A metric must be defined when redistibuting other protocols into RIP

router rip
network 10.2.0.0
redistribute static
redistribute eigrp[metric]
redistribute ospf[metric] 
redistribute isis 
default-metric [metric]

 


EIGRP

EIGRP uses a composite metric can can be computed based on: bandwidth, load, delay, reliability and MTU. A metric must be defined when redisitrubtuing other routing protocols into EIGRP

Metric order: Bandwidth (Kbps), delay (tens of microseconds), reliability (255=100%), load (0-255, 255=100%loaded), MTU (1500)

Becareful in named mode EIGRP, metric 1 1 1 1 1 no longer works because you’re using wide metrics

router eigrp [AS] 
network 10.1.0.0 
redistribute static
redistribute ospf [metric] 
redistribute rip 
redistribute isis 
default-metric 10000 100 255 1 1500

OSPF

OSPF does not require a seed metric (cost), but one can be defined . The default value is 20, except for BGP which is 1. The subnet keyword needs to be defined on the redistributed protocol or only major nets will be redistributed.

There are 4 different route types for OSPF when redistributing,

E1>E2, N1>N2

Difference is how the cost is calculated

  • E1 – Normal area, type 5 LSA, external cost plus the internal cost to reach the route
  • E2 – Normal area, type 5 LSA, cost of route is always the external (20)
  • N1 – NSSA area, type 7 LSA, external cost plus the internal cost to reach the route
  • N2 – NSSA area, type 7 LSA, cost of route is always the external (20)
router ospf [process ID] 
network 10.10.0.0 0.0.255.255 area 0 
redistribute static metric 200 [subnets]
redistribute rip metric 200 [subnets] 
redistribute eigrp 1 metric 100 [subnets] 
redistribute isis metric 10 [subnets]

BGP

BGP does not use a seed metric when redistrbuting other protocols into it.

OSPF has specicial requirements when redistributing into BGP. Only intra-area and inter-area are included by default. You’ll need to use the external keyword if you want external OSPF routes to be included

router bgp [as]
redistribute static
redistribute eigrp [as]

redistribute isis ? 
 WORD ISO routing area tag
 clns Redistribution of OSI dynamic routes
 ip Redistribution of IP dynamic routes
 level-1 IS-IS level-1 routes only
 level-1-2 IS-IS level-1 and level-2 routes
 level-2 IS-IS level-2 routes only
 metric Metric for redistributed routes
 route-map Route map reference
 <cr>

redistribute ospf [pid] match 
redistribute ospf 1 match ?
 external Redistribute OSPF external routes
 internal Redistribute OSPF internal routes
 nssa-external Redistribute OSPF NSSA external routes


ISIS

Metrics for ISIS are between 1 – 63. There is no default metric and one should be configured. The default metric is 0 if one is not included.

router isis 
network 49.1234.1111.1111.1111.00
redistribute static
redistribute rip metric 20 
redistribute eigrp 1 metric 20 
redistribute ospf 1 metric 20

 

 

CCIE RS – Routing Concepts – Implement, Optimize and Troubleshoot Filtering with any Routing Protocol

Implement, Optimize and Troubleshoot Filtering with any Routing Protocol

Options:

Control routing updates with passive interface

Control processing and advertising in routing updates

  • Distribute List – Filter prefixes inbound/outbound
  • Offset List – Change incoming/outgoing metrics
  • Administrative Distance
  • Summarization
  • Floating Routes
  • OSPF – LSA Filters
  • BGP… Will be explained in it’s own post

Match IP/Prefixes

  • Standard Access List
  • Extended Access List
  • Prefix List
  • Tag
  • Route Map
    • Match next-hop
    • Match route-source
    • Match Metric
    • Match route-type
    • Match Tag
    • Match Interface
    • Match IP address

Routing Protocol Specifics

Config snipit’s based on INE workbook

RIP

Offset List
access-list 1 permit host [ip]
access-list 2 permit host [ip]
!
router rip
 offset-list 1 in 3 [int]
 offset-list 2 out 16 [int]

Distribute List with Prefix-list
ip prefix-list NOT_FROM_R4 seq 5 deny 155.1.0.4/32
ip prefix-list NOT_FROM_R4 seq 10 permit 0.0.0.0/0 le 32
!
ip prefix-list PERMIT_ALL seq 5 permit 0.0.0.0/0 le 32
!
ip prefix-list RIP_FILTER_TO_R8 seq 5 deny 150.1.6.6/32
ip prefix-list RIP_FILTER_TO_R8 seq 15 permit 0.0.0.0/0 le 32
!
router rip
 distribute-list prefix RIP_FILTER_TO_R8 out GigabitEthernet1.58
 distribute-list prefix PERMIT_ALL gateway NOT_FROM_R4 in

Distribute List with Standard ACL
access-list 1 permit 0.0.1.0 255.255.254.255
!
router rip
 distribute-list 1 in

Distribute List with Extended ACL
access-list 100 deny ip host 155.1.0.1 host 150.1.1.1
access-list 100 permit ip any any
!
router rip
 distribute-list 100 in tunnel0

Administrative Distance
router rip
 distance 255 0.0.0.0 255.255.255.255 [acl]

EIGRP

Distribute List with Prefix List
ip prefix-list NOT_FROM_R4 seq 5 deny 155.1.146.4/32
ip prefix-list NOT_FROM_R4 seq 10 permit 0.0.0.0/0 le 32
!
ip prefix-list PERMIT_ALL seq 5 permit 0.0.0.0/0 le 32
!
router eigrp 100
 distribute-list prefix PERMIT_ALL gateway NOT_FROM_R4 in

Distribute List with Standard ACL
access-list 1 permit 0.0.0.0 255.255.254.255
!
router eigrp 100
 distribute-list 1 in GigabitEthernet1.79

Distribute List with Exteneded ACL
access-list 100 deny ip host 155.1.0.4 host 150.1.9.9
access-list 100 permit ip any any
!
router eigrp 100
 distribute-list 100 in Tunnel0

Offset List
router eigrp 100
offset-list 1 in 2000 GigabitEthernet1.37

Administrative Distance
access-list 4 permit host 150.1.4.4
!
router eigrp 100
 distance 255 0.0.0.0 255.255.255.255 4

Distribute List with Route Map
route-map FILTER_ON_TAGS deny 10
 match tag 4
!
route-map FILTER_ON_TAGS permit 20
!
router eigrp 100
 distribute-list route-map FILTER_ON_TAGS in

OSPF

OSPF can filter on more than just tags or IP addresses. You can also filter LSA types from being forwarded into other areas based on the area type.

Stub Area: Stops type 4 and 5 LSAs

Totally Stubby: Stops type 3, 4 and 5 LSA’s, only gets 1 default type 3 LSA

Not So Stubby Area: Translates type 7 into 5. Stops type 4 and 5 LSAs

Totally No So Stubby Area: Translates type 7 into 5. Stops type 3, 4 and 5 LSA’s, only gets 1 default type 3 LSA

Distribute List with Standard ACL
router ospf 1
 distribute-list 1 in
!
access-list 1 deny 150.1.1.1 0.0.0.0
access-list 1 permit any

Administrative Distance
access-list 10 permit 155.1.146.0
!
router ospf 1
 distance 255 150.1.5.5 0.0.0.0 10

Distribute List with Route Map
route-map DENY_VLAN146_FROM_R4 deny 10
 match ip address 3
 match ip next-hop 4
! 
route-map DENY_VLAN146_FROM_R4 permit 20
!
router ospf 1
 distribute-list route-map DENY_VLAN146_FROM_R4 in

ISIS

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_isis/configuration/15-mt/irs-15-mt-book/is-is_inbound_filtering.html#GUID-A2FF145F-7989-442E-A9C5-C074FB4A800F

Route filtering by route destination with ACL
access-list access-list-number {permit | deny} ip any destination-address destination-wildcard
!
interface type number
ip router isis [route-tag]
!
router isis route-tag
distribute-list access-list-number in [interface-type interface-number]

BGP

BGP is also not limited to filtering on the normal set of tags and ip addresses. Routes can be filtered based on the AS number and communities. More details of this will be in the BGP section

 

CCIE RS – Routing Concepts – Implement and Troubleshoot VRF Lite

Implement and Troubleshoot VRF Lite

VRF without MPLS

Support different routing tables on the same device

  • Allows for overlapping IP addressing as long as they are in different vrf’s
  • Uses input interfaces to distinguish routes form over vpns

TCAM resources are shared between all vrf’s

Does not support ISIS

Configuration

Following only works with IPv4
ip vrf [name]
rd [route-distinguisher] --> required
route-target {export | import | both} --> optional in vrf-lite
import map route-map

----
Following works with IPv4 and IPv6
vrf definition RED
 rd 1:1
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family

Interface > ip vrf forwarding [vrf name] --> removes current IP when applied

Router(config-if)#vrf forwarding RED

EIGRP

router eigrp [as]
address-family ipv4 vrf VRF

----

Router(config)#router eigrp NAMED
Router(config-router)#address-family ipv4 vrf RED as 1

OSPF

router ospf [process id] vrf [vrf name]

BGP

router bgp [as]
address-family ipv4 vrf [vrf name]

CCIE RS – Routing Concepts – Implement and Troubleshoot Passive Interface

Implement and Troubleshoot Passive Interface

Passive interfaces controls the advertisement of routing information

Enables suppression of routing updates over some interfaces

Restricts outgoing advertisements with the exception of EIGRP

  • EIGRP suppresses the exchange of Hellos
  • Does not allow a neighbor to form

Enabled under the routing process

passive-interface

RIP: Prevent the interface from sending RIP advertisements

router rip
passive-interface [default]
no passive-interface [interface]

EIGRP: Supresses hello messages, preventing a neighbor relationship to form. Stops routing advertisements and incoming routing updates

router eigrp [as]
passive-interface [default]
no passive-interface [interface]

--

router eigrp [NAME]
address-family [ipv4/ipv6] unicast autonomous-system [as]
af-interface [interface]
[no] passive-interface

--

router eigrp EIGRP
 !
 address-family ipv4 unicast autonomous-system 1
 !
 af-interface default
 passive-interface
 exit-af-interface
 !
 af-interface GigabitEthernet0/1
 no passive-interface
 exit-af-interface
 !
 topology base
 exit-af-topology
 exit-address-family

OSPF: Setting an interface as passive disables the sending of routing updates on that interface, adjacencies will not be formed. The subnet will continue to be advertised to other interfaces.

router ospf [instance]
 passive-interface [default]
 no passive-interface [interface]

ISIS: Suppresses the sending of routing updates through the specified interface.

router isis
passive-interface [interface]
advertise-passive-only