0% found this document useful (0 votes)

229 views11 pages

Itcertnotes - Manipulating Routing Updates

Distribute lists allow network administrators to filter routing updates by applying access lists to control which routes are advertised, received, or redistributed. The key methods for manipulating routing updates include distribute lists, route maps, and administrative distance. Distribute lists are configured on interfaces and routing processes to filter updates based on the interface or protocol.

Uploaded by

kim teha

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

229 views11 pages

Itcertnotes - Manipulating Routing Updates

Uploaded by

kim teha

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

4/17/2015

itcertnotes:ManipulatingRoutingUpdates
0

More NextBlog

CreateBlog SignIn

itcertnotes
[Link]
Sunday,January15,2012

ManipulatingRoutingUpdates
Routingupdatescompetewithuserdataforbandwidthandrouterresourcesyettheyarecriticalastheycarry
[Link]
[Link]
[Link]
followingavailablemethodsformanipulatingroutingupdates:
Distributelistsapplyaccesslistsuponroutingupdatestofilterunnecessaryroutes.
Routemapspowerfulbutcomplicatedroutefilteringandmanipulationtools.
Administrativedistancecontrollingtheroutepreference.

SubscribeTo
Posts
Comments

AboutMe

Viewmy
complete
profile

Blockingtheadvertisementofcertainroutes(routefiltering)isasolutionthatisoftenbeingimplementedtoprevent
domainloopswhenimplementingtwowayrouteredistributionwithmultipleredistributionpoints.
Accesslistareconfiguredinglobalconfigurationmodeandtheassociateddistributelistisconfiguredunderarouting
[Link],advertised,orredistributedand
[Link]
[Link]{[aclnum|aclname]|prefix{ipprefixname}|routemap{map
tag}}{in[intftypeintfnum]|out[intftypeintfnum|routingprocess[asnum]]}router
subcommandfiltersroutingupdatesbasedonincominginterface,outgoinginterface,andredistributionfromanother
routingprotocol.

Followers
Jointhissite
withGoogleFriendConnect

Members(72) More

Alreadyamember?Signin

DistributeListProcessingBasedontheIncomingorOutgoingInterface
Routingupdatescanbecontrolledatboththeinterfaceandroutingprotocollevels.
Figureaboveshowstheprocessofarouterwhenfilteringroutingupdatesusingadistributelistthatisbasedonthe
[Link]:
Therouterreceivesorpreparestosendaroutingupdateaboutoneormorenetworks.
Therouterdeterminestheinterfaceonwhichanincomingroutingupdatehasarrivedortheinterfaceoutofwhich
anoutgoingroutingupdateshouldbeadvertised.
Therouterdeterminesifafilter(distributelist)isassociatedwiththeinterface.
Ifafilter(distributelist)isnotassociatedwiththeinterface,theupdateisprocessednormally.
Ifafilter(distributelist)isassociatedwiththeinterface,therouterprocessestheaccesslistreferencedbythe
distributelistforamatchupontheroutespecifiedintheroutingupdate.
Ifthereisamatchintheaccesslist,therouteentryisprocessedasconfiguredwhichiseitherpermittedor
deniedbythematchingaccessliststatement.
Ifnomatchisfoundintheaccesslist,theimplicitdenyanyattheendoftheaccesslistdropstherouteentry.
Thedistributelistoutroutersubcommandcannotbeusedwithlinkstateroutingprotocolstoblockoutbound
[Link],butarestillplacedinthelinkstate
database.
Thedistributelistinroutersubcommandfiltersroutingupdatesgoingintotheinterfacespecifiedinthecommand
intotheroutingprocessunderwhichitisconfigured.
Thedistributelistoutroutersubcommandfiltersroutingupdatesgoingoutfromtheinterfaceorroutingprotocol
specifiedinthecommand,intotheroutingprocessunderwhichitisconfigured.

PopularPosts
IPsecStuckin
MM_SA_SETUPand
MM_NO_STATE
CiscoIOSTCPPorts2002,
4002,6002,and9002
InstallingVMwareToolson
debian6
TheWindowsXPand
Windows7GratuitousARPs
NativeVLANMismatchand
VTPDomain
CiscoRouter"unknown
protocoldrops"
ChangingMACAddressin
RedHatEnterpriseLinux
SuppressingInactiveBGP
RouteAdvertisement

Labels

[Link]

1/11

4/17/2015

itcertnotes:ManipulatingRoutingUpdates
acl(6)
acs(2)
arista(1)
arp(4)
asafw(1)
bgp(40)
bug(10)
c3750(1)
c6500(2)
IPRouteFiltering

BelowshowstheroutingtableonRT3beforeandaftertheroutefilteringconfigurationonRT2:

cmdref(28)
crypto(3)

RT3#shiproute

dcnm(3)

Gatewayoflastresortisnotset

debian(2)

[Link]/24issubnetted,1subnets
D172.16.1.0[90/30720]via192.168.1.1,[Link],FastEthernet0/0
[Link]/24issubnetted,1subnets
D10.10.10.0[90/33280]via192.168.1.1,[Link],FastEthernet0/0
C192.168.1.0/24isdirectlyconnected,FastEthernet0/0
RT3#
[Link]%DUAL5NBRCHANGE:IPEIGRP(0)100:Neighbor192.168.1.1(FastEthernet0/0)isdown
:InterfaceGoodbyereceived
[Link]%DUAL5NBRCHANGE:IPEIGRP(0)100:Neighbor192.168.1.1(FastEthernet0/0)isup:
newadjacency
RT3#shiproute

dhcp(4)

Gatewayoflastresortisnotset
[Link]/24issubnetted,1subnets
D172.16.1.0[90/30720]via192.168.1.1,[Link],FastEthernet0/0
C192.168.1.0/24isdirectlyconnected,FastEthernet0/0
RT3#

Thealternativewaytoachievethefilteringofnetwork10.0.0.0isdenynetwork10.0.0.0andpermitothernetworks.
Thisisanefficientapproachiftheroutinginformationcontainedmultiplenetworksbutonlynetwork10.0.0.0neededto
befiltered.
accesslist1deny10.[Link].255.255
accesslist1permitany

eigrp(24)
ethernet(3)
gre(1)
hardening(2)
hsrp(1)
http(1)
ip(1)
ipsla(1)
ipv6(17)
isis(18)
linkagg(7)
linux(4)
lms(1)
mcast(6)
miscrouting(30)
miscswitching(17)
n5k(3)
n7k(4)
nat(6)
nemesis(1)
netmgmt(6)
nmap(1)
nxos(15)
odr(1)
ospf(38)
pagent(2)
pbr(1)
ppp(3)
proxysg(10)

DistributeListsForTwoway/MutualRedistribution
ThesamplenetworkaboveimplementedtwowayredistributionbetweenEIGRPandOSPF.BelowshowsthatRT2will
redistributetheOSPFroutes172.16.0.0/22,whichredistributedbyRT3fromOSPFintoEIGRP,backtoRT4when
modifyingtheadministrativedistanceforEIGRPexternalroutesandremovingthedistributelistforOSPFonRT2:
RT2#shiproute

[Link]

quickshot(13)
reallifetshoot(22)
rhel(5)
rip(5)

2/11

4/17/2015

itcertnotes:ManipulatingRoutingUpdates

Gatewayoflastresortisnotset
[Link]/24issubnetted,1subnets
C12.12.12.0isdirectlyconnected,FastEthernet0/0
[Link]/24issubnetted,1subnets
D13.13.13.0[90/30720]via12.12.12.1,[Link],FastEthernet0/0
[Link]/24issubnetted,1subnets
C24.24.24.0isdirectlyconnected,FastEthernet1/0
[Link]/24issubnetted,1subnets
O34.34.34.0[110/2]via24.24.24.4,[Link],FastEthernet1/0
O172.16.0.0/16[110/2]via24.24.24.4,[Link],FastEthernet1/0
O172.17.0.0/16[110/2]via24.24.24.4,[Link],FastEthernet1/0
O172.18.0.0/16[110/2]via24.24.24.4,[Link],FastEthernet1/0
O172.19.0.0/16[110/2]via24.24.24.4,[Link],FastEthernet1/0
D192.168.0.0/24[90/156160]via12.12.12.1,[Link],FastEthernet0/0
D192.168.1.0/24[90/156160]via12.12.12.1,[Link],FastEthernet0/0
D192.168.2.0/24[90/156160]via12.12.12.1,[Link],FastEthernet0/0
D192.168.3.0/24[90/156160]via12.12.12.1,[Link],FastEthernet0/0
RT2#
RT2#conft
Enterconfigurationcommands,[Link]/Z.
RT2(config)#routereigrp100
RT2(configrouter)#distanceeigrp9080
RT2(configrouter)#
[Link]%DUAL5NBRCHANGE:IPEIGRP(0)100:Neighbor12.12.12.1(FastEthernet0/0)isdown:
routeconfigurationchanged
[Link]%DUAL5NBRCHANGE:IPEIGRP(0)100:Neighbor12.12.12.1(FastEthernet0/0)isup:n
ewadjacency
RT2(configrouter)#doshiproute
Gatewayoflastresortisnotset
[Link]/24issubnetted,1subnets
C12.12.12.0isdirectlyconnected,FastEthernet0/0
[Link]/24issubnetted,1subnets
D13.13.13.0[90/30720]via12.12.12.1,[Link],FastEthernet0/0
[Link]/24issubnetted,1subnets
C24.24.24.0isdirectlyconnected,FastEthernet1/0
[Link]/24issubnetted,1subnets
DEX34.34.34.0[80/1336320]via12.12.12.1,[Link],FastEthernet0/0
DEX172.16.0.0/16[80/1336320]via12.12.12.1,[Link],FastEthernet0/0
DEX172.17.0.0/16[80/1336320]via12.12.12.1,[Link],FastEthernet0/0
DEX172.18.0.0/16[80/1336320]via12.12.12.1,[Link],FastEthernet0/0
DEX172.19.0.0/16[80/1336320]via12.12.12.1,[Link],FastEthernet0/0
D192.168.0.0/24[90/156160]via12.12.12.1,[Link],FastEthernet0/0
D192.168.1.0/24[90/156160]via12.12.12.1,[Link],FastEthernet0/0
D192.168.2.0/24[90/156160]via12.12.12.1,[Link],FastEthernet0/0
D192.168.3.0/24[90/156160]via12.12.12.1,[Link],FastEthernet0/0
RT2(configrouter)#
RT2(configrouter)#doshaccesslists
StandardIPaccesslist1
10deny192.168.0.0,wildcardbits0.0.3.255(4matches)
20permitany(24matches)
StandardIPaccesslist2
10deny172.16.0.0,wildcardbits0.3.255.255(4matches)
20permitany(19matches)
RT2(configrouter)#
RT2(configrouter)#routerospf100
RT2(configrouter)#nodistributelist2outeigrp100
RT2(configrouter)#doshipospfdatabase

rmon(1)
security(8)
stp(2)
tcp(3)
tips(7)
tools(17)
tricks(21)
vlan(1)
vmware(3)
vpc(3)
vrf(1)
vtp(1)
wan(1)
wcna(9)
whenyapisbored(2)
windows(1)
wireshark(1)
wlan(3)
WYSINWYRG(3)

BlogRolls
TheNetworkJournal

outputomitted
Type5ASExternalLinkStates
LinkIDADVRouterAgeSeq#ChecksumTag
[Link].2.2.22760x800000010x00F97A0
[Link].3.3.32500x800000030x00D7960
[Link].2.2.2450x800000050x00CD9F0
[Link].3.3.32650x800000010x00B7B50
[Link].2.2.2500x800000010x00DE530
[Link].2.2.230x800000010x0026B50
[Link].2.2.230x800000010x001AC00
[Link].2.2.230x800000010x000ECB0
[Link].2.2.230x800000010x0002D60
[Link].2.2.2450x800000050x00F1390
[Link].3.3.32500x800000030x00D7510
[Link].2.2.2450x800000050x00E6430
[Link].3.3.32500x800000030x00CC5B0
[Link].2.2.2450x800000050x00DB4D0
[Link].3.3.32500x800000030x00C1650
[Link].2.2.2450x800000050x00D0570
[Link].3.3.32500x800000030x00B66F0
RT2(configrouter)#

Usingasingleroutertoredistributeroutesmeansintroducingasinglepointoffailurethatcancauseproductionissues
uponhardwarefailure.Mostredistributionscenariosimplementaminimumof2routersperformingredistributionfor
redundancyandevenforloadsharing.
Theexistenceofmultipleredistributionpointsbetween2routingdomainsintroducessomecomplexandtrickyissues,

[Link]

3/11

4/17/2015

itcertnotes:ManipulatingRoutingUpdates

inwhicharoutefromaroutingdomaincanberedistributedintoanotherroutingdomain,andthenbeingredistributed
[Link]
theoriginalroutingdomainwitharelativelylowmetricandbeingpreferredovertheroutethatwasadvertisedonly
[Link]
loop.
Interestingly,EIGRPandOSPFwithdefaultsettingsisnotpronetodomainloopproblemswheneitheroneofthemis
[Link]
values(90forinternal170forexternal)defeatsthedomainloopproblemwhenredistributingbetweenEIGRPand
OSPF.OSPFalwaysprefersinternalroutesoverE1routes,andE1routesoverE2routes,beforeevenconsidering
themetrics.
Distributelistshidesnetworkinformation,[Link]:Inanetworkwith
redundantpaths,[Link]
[Link],the
backuppathsarenotused,[Link],othertechniques,
eg:manipulatingtheadministrativedistanceormetric,shouldbeusedinsteadofdistributelists,toenabletheuseof
analternativepath(withaworseadministrativedistanceormetric)whentheprimarypathgoesdown.
Ciscorecommendedusingroutemapstomanipulateandcontrolroutingupdates.
AllIProutingprotocolscanuseroutemapsforredistributionfiltering.
RoutemapsarecomplexACLsthatusematchcommandstotestsomeconditionsuponinterestingpacketsor
[Link],theactionsspecifiedbysetcommandswillbetakentomodifythe
attributesofthepacketorroutes.
[Link],each
[Link],thereisanimplicitdenyanyat
[Link].
Theroutemap{maptag}[permit|deny][seqnum]globalconfigurationcommandcanbeusedtodefine
[Link]
[Link]
numberindicatesthepositionforanewroutemapstatementinanalreadyexistedroutemap(usedforinsertingor
deletingspecificroutemapstatementsinaroutemap).
[Link]
routemapstatementwiththepermitactionmatchesaparticularroute,therouteisredistributedascontrolledbythe
setactionsforpolicyrouting,[Link]
matchesaparticularroute,therouteisfilterednotredistributedforpolicyrouting,thepacketisnotpolicyrouted.
Asinglematchstatementmaycontainmultipleconditionsjustasingleconditionneedstobetrueforthematch
statementtobeconsideredmatched.(LogicalOR)
Asingleroutemapstatementmaycontainmultiplematchstatementsallmatchstatementsintheroutemap
statementmustbetruefortheroutemapstatementtobeconsideredmatched.(LogicalAND)
Multiplematchconditions>Amatchstatement/clause.
Multiplematchstatements/clauses>Aroutemapstatement.
Multipleroutemapstatements>Aroutemap.

RouteMapInterpretation
Thesampleroutemapnameddemo01inthefigureaboveisinterpretedas:
if((aorborc)andd)
seteandf
elseif(g)
seth
else
setnothing

Note:Thedefaultactionfortheroutemapcommandispermit,[Link]
withtheset{condition}routemapconfigurationcommandwillbeeffectiveonlywhentheactionoftheroutemapis
permit.
Note:Donotleaveouttheseqnumwheneditingandaddingstatementsinaroutemaplist,orelseonlythe1st
[Link]
automaticallyincrementaswithACLconfiguration!

[Link]

4/11

4/17/2015

itcertnotes:ManipulatingRoutingUpdates

[Link]:
[Link]
usedforthispurpose,routemapsoffergreaterflexibilitiesformatchingandmanipulatingroutingupdatesusing
matchcriterionsandsetactions.
PolicyBasedRouting(PBR).Routemapsareabletomatchsourceanddestinationaddresses,protocoltypes,
[Link],asetactioncanbeusedto
[Link]
routingpolicyratherthanrelyupontheroutingtableforbasicdestinationbasedrouting.
[Link]
thatavailabletomonitortheaddresstranslationprocess.
[Link]
routemapstospecificBGPsessions/neighborstocontrolwhichroutesareallowedtoflowinandoutoftheBGP
[Link],routemapsalsoprovidesophisticatedmanipulationuponBGPpathattributes.
Routemapsusethematchsubcommandtoidentifyroutes.
ThematchcommandcanrefertoACLsandprefixliststomatchanythingmatchablebythem.
Belowliststhematchcommandsthatmatterwhenusingroutemapsforredistribution.
matchinterface{intftypeintfnum}[intftype
intfnum]

Matchesroutesthatoutgoingfromoneofthe
specifiedinterfaces.

matchipaddress{[aclnum|aclname]|prefix
list{prefixname}}

Matchesroutesthatmatchedbytheaccesslistor
prefixlist.[*]

matchipnexthop{[aclnum|aclname]|prefix Matchesroutesthathavethenexthopaddress
matchedbytheaccesslistorprefixlist.[*]
list{prefixname}}
matchiproutesource{[aclnum|aclname]|
prefixlist{prefixname}}

MatchesroutesthatadvertisedbytheIPaddress
(router)thatmatchedbytheaccesslistorprefixlist.
[*]

matchmetric{metric}[metric]

Matchesrouteswiththespecifiedmetrics.

matchroutetype{internal|external[type1|
MatchesrouteswiththespecifiedEIGRP,OSPF,IS
type2]|level1|level2|local|nssaexternal} IS,andBGProutetypes.
matchtag{tagvalue}[tagvalue]

Matchestheroutetagthatsetbyanotherrouter.

[*]Multipleaccesslistsorprefixlistscanbeassociatedwithasinglematchaction.
Belowliststhesetactionsthatmatterwhenusingroutemapsforredistribution.
setmetric{metricvalue|bandwidthdelay
reliabilityloadingmtu}

SetsthemetricforRIP,OSPF,ISIS,andEIGRP
routes.

setmetrictype{type1|type2|internal|
external}

Setsthetype(E1orE2)forOSPFexternalroutes
andISISroutes.

settag{tagvalue}

Setsthetagvaluefortheredistributedroutes.

PrefixlistsareusedtomatchIPprefixes,[Link]
[Link]
[Link].
TheformatsofaprefixlistentryandanIPaccesscontrollist(ACL)[Link]
name,anaction(denyorpermit),theprefixnumber,[Link]
list{listname}[seqseqnum]{deny|permit}{prefix/length}[gegevalue][lelevalue].The
networknumbercanbeanyvalidIPaddressorprefix,[Link]
automaticallyconvertedtomatchtheprefixlengthvalue,eg:entering10.11.12.0/8wouldresultin10.0.0.0/8.
Note:Ifaprefixispermitted,theroutewillbeusedifaprefixisdenied,therouteisnotused.
[Link]
[Link]/32,thegevalue(greaterthanorequalto)
[Link]/lengthparameter,andless
[Link],theprefixeswithmasklengthfromthegevalueto32(inclusive)will
bematched.
Iftheprefixlengthdoesnotendat/32,thele(lessthanorequalto)[Link]
andleparametersarespecified,theprefixeswithmasklengthbetweenthegevalueandlevalue(inclusive)willbe
[Link]:
prefixlength<gevalue<levalue32

[Link]

5/11

4/17/2015

itcertnotes:ManipulatingRoutingUpdates
RepresentationofPrefixLengthRangesfortheipprefixlistCommand

Belowisanexampleofusingboththegeandleparameterstomatchaportionof172.16.1.0/24:
ipprefixlistpltestpermit172.16.1.0/24ge25le30
Notethat172.16.1.0/24andallthe/31sand/32sarenotintherange.
Belowliststheprefixesthatarebeingmatchedbytheprefixrange:
2/25s

[Link]/25,[Link]/25.

4/26s

[Link]/26,[Link]/26,[Link]/26,[Link]/26.

8/27s

[Link]/27,[Link]/27172.16.1.192/27,[Link]/27.

16/28s [Link]/28,[Link]/28172.16.1.224/28,[Link]/28.
32/29s [Link]/29,[Link]/29172.16.1.240/29,[Link]/29.
64/30s [Link]/30,[Link]/30172.16.1.248/30,[Link]/30.
Whenaprefixlistisconfiguredwithoutasequencenumber,thedefaultsequencenumberof5willbeappliedtothe
prefixlist,andsubsequentprefixlistentrieswillbeincrementedby5,eg:5,10,15,[Link]
enteredforthefirstprefixlistentrybutnotsubsequententries,thesubsequententrieswillalsobeincrementedby5,
eg:ifthefirstconfiguredsequencenumberis3,thenthesubsequentsequencenumberswillbe8,13,18,etc.
Belowlistssomeexamplesofprefixlists:
ipprefixlistpltestpermit0.0.0.0/0
Aprefixlistentryconfiguredtomatchonlythedefaultroute0.0.0.0/0.
ipprefixlistpltestpermit0.0.0.0/0le32
Aprefixlistentryconfiguredtomatchanyaddressorsubnetmatchall(permitanyany).
ipprefixlistpltestpermit0.0.0.0/0ge8le24
Aprefixlistentryconfiguredtomatchanyprefixthathasaprefixlengthfrom8to24bits.
ipprefixlistpltestpermit0.0.0.0/0ge30le30
Aprefixlistentryconfiguredtomatchanyprefixwithprefixlengthof30.
ipprefixlistpltestpermit172.16.1.0/24
Aprefixlistentryconfiguredtomatchthe172.16.1.0/24subnet.
ipprefixlistpltestpermit10.0.0.0/8le24
Aprefixlistentryconfiguredtomatchsubnetsfromthe10.0.0.0/8networkthathaveaprefixlengththatislessthan
orequalto24bits.
ipprefixlistpltestpermit10.0.0.0/8ge25
Aprefixlistentryconfiguredtomatchsubnetsfromthe10.0.0.0/8networkthathaveaprefixlengththatisgreater
thanorequalto25bits.

NetworkSetupforIPPrefixLists
ThesamplenetworkabovewassetuptoobservehowRT2usesprefixliststodeterminewhichsubnetstobe
redistributedfromOSPFintoEIGRP.

[Link]

6/11

4/17/2015

itcertnotes:ManipulatingRoutingUpdates

BelowshowstheconfigurationonRT2:
!
routerospf100
network12.[Link].0.0area0
!
routereigrp100
redistributeospf100routemapOSPFEIGRP
network23.[Link].0.0
defaultmetric1000010025511500
noautosummary
!
ipprefixlistOSPFEIGRProutesseq5permit10.0.0.0/8
ipprefixlistOSPFEIGRProutesseq10permit11.0.0.0/8ge9
ipprefixlistOSPFEIGRProutesseq15permit12.0.0.0/8ge9
ipprefixlistOSPFEIGRProutesseq20permit13.0.0.0/8ge9le24
ipprefixlistOSPFEIGRProutesseq25permit172.16.0.0/16
ipprefixlistOSPFEIGRProutesseq30permit172.17.0.0/16ge24
ipprefixlistOSPFEIGRProutesseq35permit172.18.0.0/16ge24
ipprefixlistOSPFEIGRProutesseq40permit172.19.0.0/16ge24le30
!
routemapOSPFEIGRPpermit10
matchipaddressprefixlistOSPFEIGRProutes
!

BelowshowstheroutingtableonRT3:
RT3#shiproute
Gatewayoflastresortisnotset
[Link]/24issubnetted,1subnets
C23.23.23.0isdirectlyconnected,FastEthernet0/0
DEX172.16.0.0/16[170/284160]via23.23.23.2,[Link],FastEthernet0/0
[Link]/16isvariablysubnetted,2subnets,2masks
DEX172.19.2.0/30[170/284160]via23.23.23.2,[Link],FastEthernet0/0
DEX172.19.1.0/28[170/284160]via23.23.23.2,[Link],FastEthernet0/0
[Link]/24issubnetted,1subnets
DEX172.18.1.0[170/284160]via23.23.23.2,[Link],FastEthernet0/0
DEX10.0.0.0/8[170/284160]via23.23.23.2,[Link],FastEthernet0/0
[Link]/8isvariablysubnetted,3subnets,2masks
DEX12.11.0.0/16[170/284160]via23.23.23.2,[Link],FastEthernet0/0
DEX12.12.12.0/24[170/284160]via23.23.23.2,[Link],FastEthernet0/0
DEX12.13.14.0/24[170/284160]via23.23.23.2,[Link],FastEthernet0/0
[Link]/8isvariablysubnetted,2subnets,2masks
DEX13.12.0.0/16[170/284160]via23.23.23.2,[Link],FastEthernet0/0
DEX13.14.15.0/24[170/284160]via23.23.23.2,[Link],FastEthernet0/0
RT3#

RouteFilteringusingRouteMaps
[Link]
prefixesarebeingredistributedfromEIGRPtoOSPF,andviceversa.
Theroutemapssimplyneedtohaveroutemapstatementswithdenyandpermitactionstomatchtheroutestobe
filteredandnottobefilteredcorrespondingly.
Thereare2differentapproachestoperformthementionedtask:
Approach#1:BeginwithamatchoftheroutestobefilteredusingextendedIPACLsorIPprefixlists,withadeny
[Link],matchingand
allowingallremainingroutes.
Approach#2:BeginwithamatchofroutesnottobeallowedusingextendedIPACLsorIPprefixlists,witha
[Link]
filterunwantedroutes.
[Link]#1tofilterroutesfromEIGRPtoOSPF,andapproach#2to
filterroutesfromOSPFtoEIGRP.
!FilteringredistributedroutesfromEIGRPtoOSPF(Approach#1):
!
ipaccesslistextendedmatch192.168.1.0_24
permitiphost192.168.1.0host255.255.255.0
!
ipaccesslistextendedmatch192.168.4.0_27*192.168.5.0_28

[Link]

7/11

4/17/2015

itcertnotes:ManipulatingRoutingUpdates

permitiphost192.168.4.0host255.255.255.224
permitiphost192.168.5.0host255.255.255.240
!
routemapredisteigrp*ospfdeny10
matchipaddressmatch192.168.1.0_24
!
routemapredisteigrp*ospfdeny20
matchipaddressmatch192.168.4.0_27*192.168.5.0_28
!
routemapredisteigrp*ospfpermit100
!
routerospf100
redistributeeigrp100subnetsroutemapredisteigrp*ospf
!
!======================================================================
!FilteringredistributedroutesfromOSPFtoEIGRP(Approach#2):
!
ipprefixlistmatchospfroutesseq5permit172.16.2.0/23ge25le26
ipprefixlistmatchospfroutesseq10permit172.16.6.0/23ge29le30
!
routemapredistospf*eigrppermit10
matchipaddressprefixlistmatchospfroutes
!
routereigrp100
redistributeospf100metric200020025511500routemapredistospf*eigrp
!

Belowshows2alternativeconfigurationsforApproach#1tofilterroutesfromEIGRPtoOSPF.
!Approach#1Alternative#1:
!
ipaccesslistextendedmatch192.168.1.0_24
permitip192.[Link].0.255host255.255.255.0
!
ipaccesslistextendedmatch192.168.4.0_27*192.168.5.0_28
permitip192.[Link].0.31host255.255.255.224
permitip192.[Link].0.15host255.255.255.240
!
routemapredisteigrp*ospfdeny10
matchipaddressmatch192.168.1.0_24match192.168.4.0_27*192.168.5.0_28
!
routemapredisteigrp*ospfpermit100
!
routerospf100
redistributeeigrp100subnetsroutemapredisteigrp*ospf
!
======================================================================
!Approach#1Alternative#2:
!
ipprefixlistmatcheigrproutesseq5permit192.168.1.0/24
ipprefixlistmatcheigrproutesseq10permit192.168.4.0/23ge27le28
!
routemapredisteigrp*ospfdeny10
matchipaddressprefixlistmatcheigrproutes
!
routemapredisteigrp*ospfpermit100
!
routerospf100
redistributeeigrp100subnetsroutemapredisteigrp*ospf
!

RoutingtablesonRT1andRT3afterimplementedtheredistributionconfigurationonRT2:
RT1#shiproute
Gatewayoflastresortisnotset
[Link]/24issubnetted,1subnets
C12.12.12.0isdirectlyconnected,FastEthernet0/0
[Link]/16isvariablysubnetted,4subnets,4masks
DEX172.16.2.0/25[170/1333760]via12.12.12.2,[Link],FastEthernet0/0
DEX172.16.3.0/26[170/1333760]via12.12.12.2,[Link],FastEthernet0/0
DEX172.16.6.0/29[170/1333760]via12.12.12.2,[Link],FastEthernet0/0
DEX172.16.7.0/30[170/1333760]via12.12.12.2,[Link],FastEthernet0/0
C192.168.1.0/24isdirectlyconnected,Loopback1
[Link]/25issubnetted,1subnets
C192.168.2.0isdirectlyconnected,Loopback2
[Link]/26issubnetted,1subnets
C192.168.3.0isdirectlyconnected,Loopback3RT1#
[Link]/27issubnetted,1subnets
C192.168.4.0isdirectlyconnected,Loopback4
[Link]/28issubnetted,1subnets
C192.168.5.0isdirectlyconnected,Loopback5
[Link]/29issubnetted,1subnets
C192.168.6.0isdirectlyconnected,Loopback6
[Link]/30issubnetted,1subnets
C192.168.7.0isdirectlyconnected,Loopback7
======================================================================
RT3#shiproute

[Link]

8/11

4/17/2015

itcertnotes:ManipulatingRoutingUpdates

Gatewayoflastresortisnotset
[Link]/24issubnetted,1subnets
OE212.12.12.0[110/20]via23.23.23.2,[Link],FastEthernet0/0
[Link]/24issubnetted,1subnets
C23.23.23.0isdirectlyconnected,FastEthernet0/0
[Link]/16isvariablysubnetted,7subnets,7masks
C172.16.1.0/24isdirectlyconnected,Loopback1
C172.16.2.0/25isdirectlyconnected,Loopback2
C172.16.3.0/26isdirectlyconnected,Loopback3
C172.16.4.0/27isdirectlyconnected,Loopback4
C172.16.5.0/28isdirectlyconnected,Loopback5
C172.16.6.0/29isdirectlyconnected,Loopback6
C172.16.7.0/30isdirectlyconnected,Loopback7
[Link]/25issubnetted,1subnets
OE2192.168.2.0[110/20]via23.23.23.2,[Link],FastEthernet0/0
[Link]/26issubnetted,1subnets
OE2192.168.3.0[110/20]via23.23.23.2,[Link],FastEthernet0/0
[Link]/29issubnetted,1subnets
OE2192.168.6.0[110/20]via23.23.23.2,[Link],FastEthernet0/0
[Link]/30issubnetted,1subnets
OE2192.168.7.0[110/20]via23.23.23.2,[Link],FastEthernet0/0

RouteTaggingForTwoway/MutualRedistribution
[Link]
routingprocessesonRT2andRT3canthenperformroutefilteringuponmutualredistribution.
Aroutetagfollowstherouteadvertisement,[Link]
routeswitharoutetagtomakearoutefilteringdecision.
Withtheconfigurationabove,RT2andRT3areabletoidentifyOSPFandEIGRPexternalrouteswithtagsof1and2
respectively.RT2andRT3willfilterOSPFandEIGRPexternalroutesthatadvertisedbackintotheoriginalrouting
domainsusingroutemapstatementswithdenyaction.
Settagswhenredistributingdenytaggedroutesattheredistributionpoints.
[Link]
[Link]
valuesonlyaftercarefulplanningandconsideredthespecificrequirementsuponthenetworkdesignandsetup.
Thedistance{adweight}[advrouterwildcardmask[aclnum|aclname]][ip]routersubcommand
[Link]
wildcardmaskpairmatchesroutesaccordingtotheIPaddress(es)oftheadvertisingrouter(s)thatsupplythe
[Link]/maskof0.0.0.0255.255.255.255tomatchanyadvertisingroutersupplyingthe
[Link]
neighborstousethespecifiedadministrativedistancePrefixBasedAdministrativeDistance.
Note:TheipkeywordspecifiesIPderivedroutesforIntegratedISIS.
Thedistanceeigrp{internaldistanceexternaldistance}EIGRProutersubcommanddefinesthe
administrativedistancesforEIGRPinternalandexternalroutesrespectively.

[Link]

9/11

4/17/2015

itcertnotes:ManipulatingRoutingUpdates

Thedistanceospf{externaldist1|interareadist2|intraareadist3}OSPFroutersubcommand
[Link]
[Link],thiscommandprovidesthecapabilitytoset
anadministrativedistanceforanentiregroupofroutes,ratherthanspecificroutesthatmatchedbyanaccesslist.A
commonusageofthiscommandiswhenimplementingOSPFprocesseswithmutualredistribution,whichisoften
requiredtopreferinternalroutesfromaprocessoverexternalroutesfromanotherprocess.

RouteFilteringusingAdministrativeDistance
Theroutesarebeingredistributedwithmetricvalueshigherthanthenativemetricsforroutesinbothroutingdomains
inordertoprotectagainstsuboptimalrouting.
BelowshowsthatsuboptimalroutingoccurredonRT3duetotheRIPv2routesredistributedintoOSPFasE2routes
havealoweradministrativedistanceandbeingpreferredovertheRIPv2routes.
RT3#shiproute
Gatewayoflastresortisnotset
[Link]/24issubnetted,1subnets
C35.35.35.0isdirectlyconnected,Serial1/0
[Link]/24issubnetted,1subnets
OE224.24.24.0[110/100]via123.123.123.2,[Link],FastEthernet0/0
[Link]/24issubnetted,1subnets
C123.123.123.0isdirectlyconnected,FastEthernet0/0
OE2192.168.1.0/24[110/100]via123.123.123.2,[Link],FastEthernet0/0
OE2192.168.2.0/24[110/100]via123.123.123.2,[Link],FastEthernet0/0
[Link]/24issubnetted,1subnets
OE245.45.45.0[110/100]via123.123.123.2,[Link],FastEthernet0/0
RT3#

Note:OSPFhasanadministrativedistanceof110RIPv2hasanadministrativedistanceof120.
TheredistributionconfigurationonRT2hasresultedinsuboptimalroutingtomanydestinations.RT3takesthelonger
(worse)OSPFpathsthanthemoredirectRIPv2pathstothosenetworks.
BelowimplementsthesolutiononRT3bychangingtheadministrativedistanceforredistributedRIPv2routes(OSPF
externalroutes)advertisedbyRT2.WhenRT3learnaboutthenetworksthatmatchedbytheaccesslistfromboth
RIPv2andOSPF,itselectstherouteslearnedfromRIPv2:
RT3#debugiprouting
IProutingdebuggingison
RT3#
RT3#conft
Enterconfigurationcommands,[Link]/Z.
RT3(config)#accesslist1permit24.24.24.0
RT3(config)#accesslist1permit45.45.45.0
RT3(config)#accesslist1permit192.168.1.0
RT3(config)#accesslist1permit192.168.2.0
RT3(config)#
RT3(config)#routerospf100
RT3(configrouter)#distance1250.0.0.0255.255.255.2551
RT3(configrouter)#end
RT3#
[Link]RT:closeradmindistancefor24.24.24.0,flushing1routes
[Link]RT:add24.24.24.0/24via35.35.35.5,ripmetric[120/2]
[Link]RT:closeradmindistancefor45.45.45.0,flushing1routes
[Link]RT:add45.45.45.0/24via35.35.35.5,ripmetric[120/1]
[Link]RT:closeradmindistancefor192.168.1.0,flushing1routes
[Link]RT:add192.168.1.0/24via35.35.35.5,ripmetric[120/2]
[Link]RT:closeradmindistancefor192.168.2.0,flushing1routes

[Link]

10/11

4/17/2015

itcertnotes:ManipulatingRoutingUpdates

[Link]RT:add192.168.2.0/24via35.35.35.5,ripmetric[120/1]
RT3#
RT3#shaccesslist
StandardIPaccesslist1
permit24.24.24.0(1match)
permit45.45.45.0(1match)
permit192.168.1.0(1match)
permit192.168.2.0(1match)
RT3#
RT3#shiproute
Gatewayoflastresortisnotset
[Link]/24issubnetted,1subnets
C35.35.35.0isdirectlyconnected,Serial1/0
[Link]/24issubnetted,1subnets
R24.24.24.0[120/2]via35.35.35.5,[Link],Serial1/0
[Link]/24issubnetted,1subnets
C123.123.123.0isdirectlyconnected,FastEthernet0/0
R192.168.1.0/24[120/2]via35.35.35.5,[Link],Serial1/0
R192.168.2.0/24[120/1]via35.35.35.5,[Link],Serial1/0
[Link]/24issubnetted,1subnets
R45.45.45.0[120/1]via35.35.35.5,[Link],Serial1/0
RT3#

[Link]
thatthedistancecommandisimplementedundertheOSPFprocess,astheadministrativedistanceshouldbe
changedforroutesthatlearnedviaOSPF,notRIPv2.
Themainadvantageofusingadministrativedistancetocontrolroutepreferenceisthatnopathinformationislost
theOSPFinformationstillresidesintheOSPFLSDB.WhentheprimarypathtoRIPv2networks(theRT3RT5link)
fails,theOSPFroutesreassertsthemselves,andRT3resumesconnectivitywiththoseRIPv2networksthroughRT2.
Asaconclusion,itisimportanttoknowthenetworkdesignandsetupinsideoutandthoroughlypriortoimplementing
redistribution,andcloselymonitorstheredistributedroutes,particularlyonnetworkswithredundantpaths,asrouters
aremorelikelytoselectsuboptimalpaths.
PostedbyYapChinHoongat9:45PM

Recommend this on Google

Labels:miscrouting

Nocomments:
PostaComment
Enteryourcomment...

Commentas:

Publish

GoogleAccount

Preview

PostaComment

NewerPost

Home

OlderPost

[Link].

[Link]

11/11

Route Optimization Techniques Explained
No ratings yet
Route Optimization Techniques Explained
7 pages
Managing Routing Updates and Filters
No ratings yet
Managing Routing Updates and Filters
3 pages
Cis185 Lecture RouteOptimization Part1
No ratings yet
Cis185 Lecture RouteOptimization Part1
67 pages
Routing Update Manipulation Techniques
No ratings yet
Routing Update Manipulation Techniques
24 pages
Next-Hop Routing 2. Network-Specific Routing: A B C D R2 R4
100% (1)
Next-Hop Routing 2. Network-Specific Routing: A B C D R2 R4
9 pages
Chapter-IV (NetworkLayer)
No ratings yet
Chapter-IV (NetworkLayer)
91 pages
Network Layer Routing & Congestion Control
No ratings yet
Network Layer Routing & Congestion Control
105 pages
Network Routing Algorithms Explained
No ratings yet
Network Routing Algorithms Explained
42 pages
Fine-Grained Control of Routing Updates
No ratings yet
Fine-Grained Control of Routing Updates
57 pages
Applications of Graph Theory in Routing
No ratings yet
Applications of Graph Theory in Routing
26 pages
Routing Algorithms and Network Performance
No ratings yet
Routing Algorithms and Network Performance
31 pages
Routing Protocols Overview and Types
No ratings yet
Routing Protocols Overview and Types
25 pages
Understanding Routing Protocols and Techniques
No ratings yet
Understanding Routing Protocols and Techniques
25 pages
Data Communication and Network Management
No ratings yet
Data Communication and Network Management
3 pages
EIGRP Route Summarization Best Practices
No ratings yet
EIGRP Route Summarization Best Practices
5 pages
Chapter - 4 - Routing Protocols and Algorithm
No ratings yet
Chapter - 4 - Routing Protocols and Algorithm
63 pages
Essential Networking Information Guide
No ratings yet
Essential Networking Information Guide
3 pages
Routing Protocols Overview
No ratings yet
Routing Protocols Overview
91 pages
Routing: George Coularis, Jean Dollimore and Tim Kindberg Portions From George Blank
No ratings yet
Routing: George Coularis, Jean Dollimore and Tim Kindberg Portions From George Blank
31 pages
Traffic Engineering and Load-Sensitive Routing
No ratings yet
Traffic Engineering and Load-Sensitive Routing
40 pages
Understanding Computer Routers
No ratings yet
Understanding Computer Routers
6 pages
Routing Algorithms
No ratings yet
Routing Algorithms
25 pages
Nmap Course: Ethical Hacking & Security
No ratings yet
Nmap Course: Ethical Hacking & Security
2 pages
Unit 03
No ratings yet
Unit 03
46 pages
Network Layer
No ratings yet
Network Layer
17 pages
Access Control LABSHEET
No ratings yet
Access Control LABSHEET
11 pages
Congestion Control and Routing Techniques
No ratings yet
Congestion Control and Routing Techniques
29 pages
Chapter - 2 - NET-351 Introduction To Routing
No ratings yet
Chapter - 2 - NET-351 Introduction To Routing
29 pages
CCNA LAB Manual Corvit
75% (4)
CCNA LAB Manual Corvit
151 pages
Unit 3
No ratings yet
Unit 3
131 pages
Centralized vs. Distributed Routing
100% (1)
Centralized vs. Distributed Routing
49 pages
Route Manipulation
No ratings yet
Route Manipulation
3 pages
Dynamic Routing Protocols Explained
No ratings yet
Dynamic Routing Protocols Explained
41 pages
Overview of Routing Algorithms in Networking
No ratings yet
Overview of Routing Algorithms in Networking
9 pages
Routing Algorithms Overview
No ratings yet
Routing Algorithms Overview
10 pages
Routing
No ratings yet
Routing
15 pages
Updated Windows Basics
No ratings yet
Updated Windows Basics
37 pages
Understanding Routing Exploits in Networks
No ratings yet
Understanding Routing Exploits in Networks
2 pages
Routing Algorithms in Computer Networks
No ratings yet
Routing Algorithms in Computer Networks
25 pages
2 1network Layer
No ratings yet
2 1network Layer
11 pages
Datagram Forwarding: Asst. Prof. Chaiporn Jaikaeo, PH.D
No ratings yet
Datagram Forwarding: Asst. Prof. Chaiporn Jaikaeo, PH.D
39 pages
OSPF Distribute List Configuration Guide
No ratings yet
OSPF Distribute List Configuration Guide
2 pages
Routing Techniques in Packet-Switched Networks
No ratings yet
Routing Techniques in Packet-Switched Networks
43 pages
Routing Strategies in Data Networks
No ratings yet
Routing Strategies in Data Networks
54 pages
5 Networking For Dummies Cheat Sheet - Navid 323195.HTML
No ratings yet
5 Networking For Dummies Cheat Sheet - Navid 323195.HTML
4 pages
Routing Fundamentals and Security Controls
No ratings yet
Routing Fundamentals and Security Controls
58 pages
Routing Algorithms Overview and Types
No ratings yet
Routing Algorithms Overview and Types
35 pages
CN Unit 4
No ratings yet
CN Unit 4
21 pages
Add Static Routes in Windows
No ratings yet
Add Static Routes in Windows
3 pages
Understanding Computer Network Routing
No ratings yet
Understanding Computer Network Routing
61 pages
UNIT 3 - Network Layer
No ratings yet
UNIT 3 - Network Layer
10 pages
VyOS 1.4.3 Access Control Lists Guide
No ratings yet
VyOS 1.4.3 Access Control Lists Guide
6 pages
CCNA Routing: Router Basics & Configurations
No ratings yet
CCNA Routing: Router Basics & Configurations
46 pages
Chapter 2 - Introduction To Routing - Part 2
No ratings yet
Chapter 2 - Introduction To Routing - Part 2
80 pages
Router and Switch Configuration Basics
No ratings yet
Router and Switch Configuration Basics
17 pages
Sikandar CCIE-RS-v5-Security Workbook PDF
100% (2)
Sikandar CCIE-RS-v5-Security Workbook PDF
187 pages
Network Engineer with Cybersecurity Expertise
No ratings yet
Network Engineer with Cybersecurity Expertise
8 pages
CCNA Training Border Gateway Protocol BGP Tutorial
No ratings yet
CCNA Training Border Gateway Protocol BGP Tutorial
4 pages
09
No ratings yet
09
75 pages
Exam Revision Questions May 13
0% (1)
Exam Revision Questions May 13
4 pages
Enarsi - 5
No ratings yet
Enarsi - 5
74 pages
NEW Cisco CCNA 200-125 Exam Dumps Latest Version 2018 For Free (PDFDrive)
No ratings yet
NEW Cisco CCNA 200-125 Exam Dumps Latest Version 2018 For Free (PDFDrive)
70 pages
Ccna Interview Questions and Answers
No ratings yet
Ccna Interview Questions and Answers
18 pages
Network Engineering Exam Prep
0% (1)
Network Engineering Exam Prep
30 pages
Understanding RIP in Computer Networks
No ratings yet
Understanding RIP in Computer Networks
26 pages
EIGRP Configuration for AS 10
No ratings yet
EIGRP Configuration for AS 10
5 pages
CCNA Cheat Sheet: Experts in Networking
No ratings yet
CCNA Cheat Sheet: Experts in Networking
8 pages
Network Interview Questions CCNA MCSA
No ratings yet
Network Interview Questions CCNA MCSA
4 pages
CCNP ROUTE Chapter 4 Exam Answers (Version 7) - Score 100%
No ratings yet
CCNP ROUTE Chapter 4 Exam Answers (Version 7) - Score 100%
5 pages
EIGRP With IP SLA - Cisco Community
No ratings yet
EIGRP With IP SLA - Cisco Community
11 pages
CCIE Enterprise Infrastructure - A Complete Guide: Authored by
100% (3)
CCIE Enterprise Infrastructure - A Complete Guide: Authored by
655 pages
Ccna 2
No ratings yet
Ccna 2
6 pages
Cheat Sheet On CCNA Terminologies
100% (1)
Cheat Sheet On CCNA Terminologies
12 pages
CCNA Network Lab Challenge
No ratings yet
CCNA Network Lab Challenge
3 pages
DCCN Lab Manual For Students PDF
100% (1)
DCCN Lab Manual For Students PDF
45 pages
Primary ISP Connection Configuration Guide
No ratings yet
Primary ISP Connection Configuration Guide
81 pages
Network Administration and Design
No ratings yet
Network Administration and Design
37 pages
CCNA Routing and Switching ICND2 200 105 Official Cert Guide Academic Edition Wendell Odom
No ratings yet
CCNA Routing and Switching ICND2 200 105 Official Cert Guide Academic Edition Wendell Odom
423 pages
Rohit Singh - IT Professional Resume
No ratings yet
Rohit Singh - IT Professional Resume
4 pages
Brkarc-2350 - 2014
No ratings yet
Brkarc-2350 - 2014
128 pages
200-120 CCNA New Sylabus
No ratings yet
200-120 CCNA New Sylabus
6 pages
Network Routing Protocols Guide
No ratings yet
Network Routing Protocols Guide
2 pages
8.5.6 Packet Tracer - Configure Numbered Standard IPv4 ACLs
No ratings yet
8.5.6 Packet Tracer - Configure Numbered Standard IPv4 ACLs
3 pages
IGP Interview Prep for CCNA/CCNP
No ratings yet
IGP Interview Prep for CCNA/CCNP
11 pages
Intelligent Wan Configuration Files Guide: Cisco Validated Design
No ratings yet
Intelligent Wan Configuration Files Guide: Cisco Validated Design
38 pages
Unified
No ratings yet
Unified
11 pages

Itcertnotes - Manipulating Routing Updates

Uploaded by

Itcertnotes - Manipulating Routing Updates

Uploaded by

4/17/2015

Recommend this on Google

You might also like