8-4 Filtering Routing Information

Previous page
Table of content
Next page


  • Routing updates from a routing protocol can be completely suppressed on an interface if desired.

  • The administrative distance can be tuned such that one routing protocol is more trusted than another within the local router.

  • The routes advertised by a routing protocol can be closely controlled so that route filtering takes place toward neighboring routers.

  • The routes received and processed by a routing protocol can be closely controlled so that inbound route filtering takes place from neighboring routers.

Route filtering is useful for distance vector routing protocols, because routes are sent and received among neighbors. However, filtering is not useful for link state protocols, such as OSPF, because all routers in a domain have an identical copy of the link-state database. In this case, filtering is useful only at link state advertisement boundaries, such as an OSPF ASBR.

Route filtering is also useful when mutual route redistribution is configured between two routing protocols. In some cases, routes redistributed into another routing protocol can be redistributed again in return. Route filters can be used to prevent this from happening.

Configuration

  1. Enable the routing processes: RIP (see Section 7-2), IGRP (see Section 7-3), EIGRP (see Section 7-4), IS-IS (see Section 7-5), OSPF (see Section 7-6), or BGP (see Section 7-7): 

     (global)  router   protocol  [  process-id  ]

  2. (Optional) Prevent all outbound routing updates on an interface: 

     (router)  passive-interface   type number

    No routes will be advertised using this routing protocol and interface. Incoming routing updates will still be listened to and processed, except in the case of EIGRP: The router will also stop sending and receiving EIGRP hello packets on the interface, resulting in the loss of neighbor adjacencies.

  3. (Optional) Make a routing protocol more trusted than another, to filter the source of routing information: 

     (router)  distance   weight  [  address mask  [  access-list-num   name  ]] [  ip  ]

    Assign an administrative distance value to a routing information source. The distance or weight ranges from 0 to 255 and is significant only to the local router. Every routing information source has a default administrative distance; the lower the distance, the more trusted the source. Table 8-4 documents administrative distances for routing information sources.

    The address and mask (inverted mask: 0 = match, 1 = don't care) fields can be given to match the IP addresses of routers sending routing information and to set the administrative distance for these sources alone. Also, either a named or standard IP access list can be used to more closely match IP addresses of advertising routers.

    Note that EIGRP has two forms of this command to assign independent distances to internal (intra-AS) and external (inter-AS) routes: distance eigrp internal-distance external-distance.

Table 8-4. Default Administrative Distances
Routing Info Source Default Admin Distance
Connected interface
Static route 1
EIGRP summary route 5
External BGP 20
Internal EIGRP 90
IGRP 100
OSPF 110
IS-IS 115
RIP 120
EGP 140
Internal BGP 200
Unknown (not trusted; ignored) 255

  1. (RIP, IGRP, EIGRP only) Increase the routing metric on matching routes: 

     (router)  offset-list   access-list  {  in   out  }  offset  [  type number  ]

    Routes are matched against the named or numbered IP access list, and a fixed offset (positive number) is added to the route metric. The in and out keywords are used to select an offset for incoming or outgoing routes. If desired, the offset list can be applied to a specific interface type and number.

  2. (Optional) Filter routes being advertised in outbound routing updates: 

     (router)  distribute-list  {  access-list-num   name  }  out  [  interface  ]

    Routes being advertised are first passed through the standard IP or named access list. Matching routes are either permitted to be advertised or are denied , according to the access list statements. The distribute list can be applied to only a single outbound interface if desired.

  3. (Optional) Filter routes received from incoming advertisements: 

     (router)  distribute-list  {  access-list-num   name  }  in  [  interface  ]

    Routes received in routing updates are passed through the standard IP or named access list before being processed by the local routing protocol. Matching routes are either permitted to be used or are denied, according to the access list statements. The distribute list can be applied to only a single inbound interface if desired.

    NOTE

    Inbound route filtering does not apply to the link-state protocols OSPF or IS-IS. By definition, the entire routing topology database is kept on each router. Therefore, specific routes are not received and processed independently.

Example

For EIGRP, suppress routing updates on interface serial 1. Filter incoming routing updates to include only the 192.168.1.0 route. Filter outbound updates to include all but the 10.2.0.0 route. Adjust the administrative distance for EIGRP to 100 (instead of the default 90) on updates from EIGRP neighbors with IP addresses within the range 192.168.3.x: 

  router eigrp 101   network 10.0.0.0   passive-interface serial 1   distribute-list 5 in   distribute-list 6 out   distance 100 192.168.3.0 0.0.0.255   access-list 5 permit 192.168.1.0   access-list 6 deny 10.2.0.0   access-list 6 permit any

Previous page
Table of content
Next page
Cisco Field Manual[c] Router Configuration
Cisco Field Manual[c] Router Configuration
ISBN: 1587050242
EAN: N/A
Year: 2005
Pages: 185
BUY ON AMAZON
Java I/O
MySQL Stored Procedure Programming
Java How to Program (6th Edition) (How to Program (Deitel))
Cisco CallManager Fundamentals (2nd Edition)
Competency-Based Human Resource Management
Programming Microsoft ASP.NET 3.5
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy