Resolving Path Selection Issues in Redistributed Networks

Resolving Path Selection Issues in Redistributed Networks

Now that you have an understanding of the commands to redistribute into OSPF and EIGRP, you next need to configure the router to redistribute into the edge (or interim) protocol. This edge protocol is often, but not exclusively, an IGP such as RIPv2, IGRP, and EIGRP in Cisco implementations . The process entails going into global configuration mode for the edge routing process and taking one of several approaches. You can redistribute a default route for the core AS (backbone) into the edge AS, or redistribute several static routes to the backbone into the edge system. Whenever there is two-way redistribution, however, filtering is often a necessary component of redistribution strategy. You can also tweak the administrative distance value assigned to the routes received so that they are not selected when more than one route exists to a destination network.

The passive-interface Command

You may remember the passive-interface command from your CCNA studies. It is commonly used to keep routing updates from being sent out of an interface, while still allowing the designated interface to receive update messages. The passive-interface command is also often used in the redistribution process with the OSPF to stop the router from establishing an adjacency with another router connected on the same interface as the link identified in the passive-interface command. You should not activate OSPF on the interfaces that should not be participating in OSPF. With EIGRP, all a router has to see is a hello packet from a peer, and it begins sending out its routing table through update packets. There is no requirement for two-way communications in EIGRP as there is in OSPF.

Because the Hello protocol is used to confirm the two-way exchange between the routers, an adjacency relationship is not created. A router that is configured to refrain from sending updates does not take part in the two-way communication process of link-state protocols or EIGRP. After you determine which router protocol and interfaces from which you want to prevent the sending of updates, you use the following sample syntax in router configuration mode:

 RouterA(config-router)#  passive-interface  Serial0.1 

If your network is using a single major network IP address, a static route to 0.0.0.0 is probably your best option. A default route is a route that a Cisco router utilizes when no entry exists for a destination network in the routing table. The router to which the default route points is called the gateway of last resort .

The ip default-network Command

You can also configure a default route for protocols on a Cisco router by issuing the global configuration ip default-network command. The ip default-network command is used specifically to let other internal routers know how to get to networks outside the internetwork through another major network. The command doesn't offer any real functionality for the configured router.

When you use the ip default-network command, you specify a network that is in your current routing table as the default path to take. The syntax for the ip default-network command is

 RouterA(config)#  ip default-network   network-number  

The configuration of the RIP router could look something like this:

 Router rip   network 10.10.0.0   network 172.16.0.0 ! ip classless ip default-network 10.10.0.0 

As a result, RIP sources a default route in the routing table which appears as 0.0.0.0 0.0.0.0 to its RIP neighbors. For example, assuming the IP address of the next-hop router was 10.20.1.2, the output snippet from the show ip route command would look like something like this:

 <Output Omitted> Gateway of last resort is 10.20.1.2 to network 0.0.0.0 <Output Omitted> R*  0.0.0.0/0 [120/1] via 10.20.1.2, 00:00:17, Ethernet0 

You can use ip default-network to distribute a default route to other internal RIP routers. However, if this were a router running IGRP, the default route ( 0.0.0.0 0.0.0.0 ) would not be redistributed by default. You need to add the network 0.0.0.0 command to the configuration of the IGRP process on the router.

The number of redistribution scenarios is almost unlimited. However, a typical configuration might be EIGRP running as the backbone (core) routing protocol with RIPv2 as the edge (or transitional) protocol, as shown in Figure 10.3.

In the following scenario represented in Figure 10.4, you want the OSPF core network (the backbone) to be aware of all the routes in every AS, so you configure redistribution on RouterA1 and RouterB1 so that two summarized routes, 10.10.0.0/24 and 192.168.0.0/24, are redistributed into OSPF. Both these routes are summaries of the many smaller subnets contained in the RIP areas. You also want the RIPv2 routing domains to know about only their internal edge areas and a default route to get to the backbone. Therefore, you have the ASBR's RouterA1 and RouterB1 running both routing protocols and injecting the default route into the RIP domains.

The internal RIP routers in networks 10.10.0.0/24 and 192.168.0.0/24 (A2 and A3, B2 and B3) do not need any redistribution configured because they are only loaded with RIPv2. We do not need these routers to learn any specific external route because the default gateway will do.

It is important to mention that extreme care should be taken when redistributing from a classful protocol, such as RIPv1 or IGRP, to a classless protocol, such as OSPF. As you know, classful protocols are not capable of VLSM and are unable to advertise subnet mask information.

You must issue the classless global configuration command ip classless on all the RIP routers if they are not already so configured. By default, classful routing protocols, such as RIP and IGRP, throw out packets that are intended for unrecognized or non-connected subnets of a classful network to which they are directly attached. If the RIP router has no entry in its routing table for the non-connected subnet, then the destination network is considered nonexistent. As a result, the router ignores any default route in its routing table and drops the packet. Classful routing protocols take for granted that any subnets of a directly attached major network should appear in its routing table.

The ip classless command is enabled by default in Cisco IOS release 12.0 and higher.

In classless routing mode, a RIP router uses the default route when it is unable to reach subnets that do not appear in the routing table. In Figure 10.4, the ip classless command enables the Cisco IOS to forward data packets meant for unrecognized subnets (the 10.10.0.0 subnets, for example) of directly connected networks to the optimal supernetted route, possibly the default route itself.

One-way redistribution is the recommended method for preventing routing loops and convergence issues because it allows for routes to be exchanged in a single direction only. Realize, however, that if a primary and only route goes down, the backup (suboptimal) path will be unknown because of the one-way redistribution.

Along these same lines, you must use the subnets keyword when configuring redistribution on ASBR RouterA to redistribute all subnetted and non- subnetted networks into OSPF. Even though it is automatically enabled, you do not specifically need the ip classless setting on RouterA1 because you are running OSPF. You can see the configuration of ASBR RouterA1 from Figure 10.4 in Listing 10.3.

Listing 10.3 Configuration for ASBR RouterA1

 <Output Omitted> ! RouterA1(config)# router ospf 300 RouterA1(config-router)# redistribute rip metric 30 subnets RouterA1(config-router)# network 172.16.31.1 0.0.0.0 area 0 ! RouterA1(config)# router rip RouterA1(config-router)#  network 10.0.0.0 ! RouterA1(config)# no ip classless RouterA1(config)# ip default-network 10.0.0.0 ! <Output Omitted> 

In Listing 10.3, the statement redistribute rip metric 30 subnets specifies that route updates originating from the RIP routing domain should be assigned an OSPF cost value of 30. The subnets keyword tells the router to consider subnets (in the RIP domain) as qualified for redistribution. The ip default-network command is intended to relieve administrators of the necessity of manually configuring static default routes on every router in a routing domain. After you configure redistribution on ASBR RouterA1, you can issue the show ip route command on RouterA1 and see something similar to Listing 10.4.

Listing 10.4 Routing Table of ASBR RouterA1 After Configuring Redistribution

 RouterA1# show ip route <Output Omitted> *    10.10.0.0/24 is subnetted, 6 subnets C         10.10.3.0 is directly connected, Serial0 O E2      10.20.1.0 [110/30] via 172.16.31.2, 00:23:42, Ethernet0 C         10.10.2.0 is directly connected, Serial1 R         10.10.1.0 [120/1] via 10.10.3.1, 00:00:07, Serial0                     [120/1] via 10.10.2.1, 00:00:15, Serial1 O E2      10.20.2.0 [110/30] via 172.16.31.2, 00:23:42, Ethernet0 O E2      10.20.3.0 [110/30] via 172.16.31.2, 00:23:42, Ethernet0      172.16.0.0/24 is subnetted, 1 subnets C         172.16.31.0 is directly connected, Ethernet0 

We need to follow up on the previous discussion of the ip default-network command. The internal RIPv2 routers in network 10.10.0.0/24 have a default entry to external networks through the internal interface 10.10.2.2 on RouterA1, as follows :

 R*   0.0.0.0/0 [120/1] via 10.10.2.2, 00:00:17, Serial0 

Implementing Route Filters

You can leverage the Cisco IOS access list technology to filter inbound and outbound updates. The router goes through a five-step process to filter routes.

1. The router considers the interface that is preparing to send (outbound) a routing update or is in the process of receiving (inbound) a message.

2. The router resolves whether a filter is applied to the interface or not.

3. If not, the route entry is then processed as it normally would be.

4. If there is an applicable filter, the router scrutinizes the access list to see whether there is a match for the particular update packet. If a match exists, then the route entry is either permitted or denied based on the filtering rules.

5. If there is an applicable filter, but no match is found, then the implicit deny all at the end of the access list discards the packet into the bit bucket.

You can use both the access-list and distribute-list commands to filter inbound and outbound IP routes. One commonly used technique of route filtering involves identifying the network addresses that you want to filter, generating an access list to define the packet test for routing information, and then using the distribute-list command to implement the filtering policy. The complete syntax for the distribute-list out command is as follows:

 
 [View full width] 
 RouterA(config-router)#  distribute-list  {  access-list-number   name  }  out  [  interface-name    routing-process  [  autonomous-system-number  ] 

The access-list-number name parameter designates the standard access list number or name. The out keyword binds the access-list to outbound routing update messages. The interface-name parameter is an optional parameter that represents the interface name on which updates are filtered. OSPF outbound updates cannot be filtered on the way out of an interface . The routing-process parameter can be either a routing process number for OSPF or an AS number for IGRP/EIGRP.

In Figure 10.5, the finance department in network 10.0.0.0 needs to be hidden (filtered) from the sales department at network 192.168.100.0.

You can use the following snippet to filter out network 10.0.0.0 on RouterB:

 RouterB(config)# router eigrp 10 RouterB(config-router)# network 172.16.0.0 RouterB(config-router)# network 192.168.100.0 RouterB(config-router)# distribute-list 1 out s1 ! RouterB(config)# access-list 1 permit 172.16.1.1 0.0.255.255 

The router configuration command distribute-list 1 out S1 applies access list number 1 to filter route redistribution of EIGRP updates sent outbound on Serial 1 to the sales LAN. The global configuration command access-list 1 permit 172.16.0.0 0.0.255.255 gives the access-list number, enables routes that match the parameters of the list, and provides the network and wildcard mask that is used to see which (the first two octets in this case) source addresses are qualified. This is not the only method that could be used for filtering out the finance LAN, but it shows how you can use the access-list and distribute-list in combination effectively.

Use the ip prefix-list command to create a BGP prefix list. Prefix lists are the preferred alternative to distribute lists when filtering BGP route updates. Prefix lists are more flexible and easier to configure than distribute lists.

The distance Command

You can also use the distance command instead of the default-metric command to make sure that a router chooses an optimal path over a suboptimal path for redundant network routes. You can assure the selection of routes from the preferred protocol by assigning the other redundant route(s) a larger AD through the router configuration distance command. This also serves to reduce the incidence of loops between routing domains. The command syntax is a bit different for the EIGRP and BGP routing protocols. The syntax of the distance command for any supported routing protocol other than EIGRP or BGP is as follows:

 RouterA(config-router)#  distance  weight [address mask [access-list-number  name]] [  ip  ] 

The syntax for the EIGRP routing protocol, as follows, is somewhat different and is fully explained in Table 10.4:

 RouterA(config-router)#  distance eigrp  internal-distance external-distance 

The distance command is also different for the BGP routing protocol, with more similarity to EIGRP, as shown here:

 RouterA(config-router)#  distance bgp  internal-distance external-distance local-distance 

Tables 10.4 through Table 10.6 show the definitions of the various parameters for the distance command for the routing protocols mentioned previously. You may refer back to Table 10.1 as a reference as well.

Table 10.4. distance Command Syntax Parameters for the BGP Routing Protocol

Table 10.5. distance Command Syntax Parameters for the EIGRP Routing Protocol

Table 10.6. distance Command Syntax Parameters for All Other Cisco-Supported Routing Protocols

A route with an administrative distance number of 255 should not be injected into a routing table of any routing protocol.

For instance, if you want to assign a default administrative distance of 160 to routes that match an access list number of 30, and that come from any other router, you can issue the following command in router configuration mode:

 RouterA(config-router)#  distance  160 0.0.0.0 255.255.255.255 30 

The parameter of 160 represents the AD that designated routes are assigned. The 0.0.0.0 255.255.255.255 represents the source address (any router) of the device providing the routing update. Finally, the number 30 at the end of the command stands for access list number 30. This list filters incoming routing updates to decide which ones will have their AD numbers modified.