Question on route-map match scenarios

Answered Question
Oct 27th, 2008
User Badges:

Hi, I am studying for BSCI and can't understand this route-map scenario. I have set up below scenario in my little home lab routers but cannot understand the output.


Router A has 3 interfaces to 3 routers. Rtr A connects to Rtr B with EIGRP 50 via serial 0. Rtr A connects to Rtr C with eigrp 100 via Serial 1. Rtr A connects to Rtr D with OSPF via serial 2.


1. If Rtr A has ospf redistribute into eigrp 100 with a route-map as such:


route-map abc permit 10

match ip address 1


access-list 1 permit 10.1.1.0 0.0.0.255


where 10.1.1.0/24 is the LAN subnet in Rtr D where Rtr D has advertised it within ospf.


So when I goto Rtr C and check my eigrp 100 table, I should expect to see this 10.1.1.0/24 as D EX. But I tested this with my lab routers, but I see from Rtr C 3 D EX routes. There are two LAN subnets in Rtr D. In Rtr C, I see both Rtr D's subnets and the serial interface subnet between A and D also. In Rtr A, there is no redistribute connected at all.


So my question is I have the route-map that suppose only allow 10.1.1.0/24 to redistributed into EIGRP 100, why do I see the other 2 subnets also (the /30 connected between A & D and the other LAN subnet in D).


I even modify the route-map to this:


route-map abc deny 10

match access-list 2


route-map abc permit 20

match access-list 1


access-list 1 permit 10.1.1.0 0.0.0.255

access-list 2 permit 172.16.1.0 0.0.0.255


I see from show access-list output that both access lists has a hit, so I expect 172.16.1.0 should be "denied" and won't be redistributed but yet, in Rtr C I still see it as D EX.


I must have misunderstand the use of route-map in redistribution then. My goal is to just redistributed 10.1.1.0 in eigrp 100. I know I can do distribute-list 1 out under eigrp 100 in Rtr A to filter it out. But my goal is to accomplish it via route-map instead of distribute-list.


My other puzzle is I test this same network with the match interface command.


So my route-map now is:


route-map abc permit 10

match interface serial 0

!! the serial 0 in Rtr A is the interface to Rtr B which is under eigrp 50. I am applying route-map abc under eigrp 100. My goal is I expect to see no routes being redistribute at all in eigrp 100 when I look at Rtr C. But to my surprise, in Rtr C, I still see all 3 D EX routes. It seems it doesn't matter what match interface I set it to, all 3 routes are shown in Rtr C.


thanks for your patience to read my message and your assistance.


Joyce

Correct Answer by Harold Ritter about 8 years 9 months ago

Joyce,


The issue is due to CSCee75029. This bugid is causing routes to be redistributed in spite of the route-map. It is fixed in 12.3(10) and up.



http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCee75029


Regards

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Harold Ritter Mon, 10/27/2008 - 07:29
User Badges:
  • Cisco Employee,

Joyce,


It is normal behavior for IOS to redistribute the directly connected subnet between router A and router D since this subnet is owned by ospf and that it will be considered an ospf route from a redistribution point of view.


What is not normal is that your route-map does not filter it out. Can you post the eigrp configuration from router A.


Regards

blackladyJR Mon, 10/27/2008 - 08:09
User Badges:

Thanks for your help. Yes if I don't have route-map filtering, I expect to also see the connected route between A & D to be redistributed into EIGRP 100. It's very puzzled of why in Rtr C where I can see all 3 routes belonging to D as I only expect to see 1 route being redistributed.


As for match interface scenario, I purposely choose the interface connecting to RTR B which is not part of EIGRP 100 so I want to test to see if no routes are being redistributed.

Everything looks perfectly fine such as routing table in A is what expected. The only thing that really puzzled is the routing table in C of seeing all 3 routes.


RTRC >sh ip ro


1.0.0.0/24 is subnetted, 1 subnets

C 1.1.1.0 is directly connected, Ethernet1/1

8.0.0.0/24 is subnetted, 1 subnets

C 8.1.1.0 is directly connected, Ethernet1/0

C 192.168.20.0/24 is directly connected, Serial1/0.202

130.1.0.0/24 is subnetted, 1 subnets

D EX 130.1.1.0 [170/40537600] via 192.168.20.2, 00:00:11, Serial1/0.202

D EX 192.165.1.0/24 [170/40537600] via 192.168.20.2, 00:00:11, Serial1/0.202

150.50.0.0/24 is subnetted, 1 subnets

D EX 150.50.50.0 [170/40537600] via 192.168.20.2, 00:00:31, Serial1/0.202

!

interface Ethernet1/0

ip address 8.1.1.1 255.255.255.0

half-duplex

no keepalive

!

interface Serial1/0

no ip address

encapsulation frame-relay

clockrate 64000

cdp enable

frame-relay lmi-type cisco

!

interface Serial1/0.202 point-to-point

ip address 192.168.20.1 255.255.255.0

frame-relay interface-dlci 202

!

interface Ethernet1/1

ip address 1.1.1.3 255.255.255.0

half-duplex

!

router eigrp 100

network 8.0.0.0

network 192.168.20.0

no auto-summary


RTRA#sh run

!

interface Serial0/0

no ip address

encapsulation frame-relay

clockrate 64000

cdp enable

!

interface Serial0/0.103 point-to-point

ip address 192.168.20.2 255.255.255.0

frame-relay interface-dlci 103

!

interface Serial0/0.104 point-to-point

ip address 150.50.50.2 255.255.255.0

frame-relay interface-dlci 104 IETF

!

interface Serial0/0.201 point-to-point

ip address 172.16.10.2 255.255.255.0

frame-relay interface-dlci 201 IETF

!

interface Ethernet0/1

ip address 1.1.1.2 255.255.255.0

half-duplex

!

router eigrp 100


redistribute ospf 1 route-map qwe

! route-map abc provides same result in Rtr C table


network 192.168.20.0

default-metric 64 100 255 1 1500

no auto-summary

!

router eigrp 50

network 172.16.0.0

no auto-summary

!

router ospf 1

log-adjacency-changes

network 150.50.50.0 0.0.0.255 area 0

!

access-list 1 permit 130.1.1.0 0.0.0.255

access-list 2 permit 150.50.50.0 0.0.0.255

!

route-map abc deny 10

match ip address 1

!

route-map abc permit 20

match ip address 2

!

route-map qwe permit 10

match interface Serial0/0.201

!

RTRA# sh ip ro


1.0.0.0/24 is subnetted, 1 subnets

C 1.1.1.0 is directly connected, Ethernet0/1

172.16.0.0/24 is subnetted, 1 subnets

C 172.16.10.0 is directly connected, Serial0/0.201

8.0.0.0/24 is subnetted, 1 subnets

D 8.1.1.0 [90/2195456] via 192.168.20.1, 00:01:31, Serial0/0.103

C 192.168.20.0/24 is directly connected, Serial0/0.103

130.1.0.0/24 is subnetted, 1 subnets

O IA 130.1.1.0 [110/74] via 150.50.50.1, 00:01:11, Serial0/0.104

10.0.0.0/24 is subnetted, 1 subnets

D 10.1.1.0 [90/2195456] via 172.16.10.1, 00:02:22, Serial0/0.201

O E2 192.165.1.0/24 [110/20] via 150.50.50.1, 00:01:11, Serial0/0.104

150.50.0.0/24 is subnetted, 1 subnets

C 150.50.50.0 is directly connected, Serial0/0.104


RTRD>sh ip ro


1.0.0.0/24 is subnetted, 1 subnets

C 1.1.1.0 is directly connected, Ethernet1/1

130.1.0.0/24 is subnetted, 1 subnets

C 130.1.1.0 is directly connected, Ethernet1/0

C 192.165.1.0/24 is directly connected, Ethernet1/2

150.50.0.0/24 is subnetted, 1 subnets

C 150.50.50.0 is directly connected, Serial0/0.202


Harold Ritter Mon, 10/27/2008 - 10:15
User Badges:
  • Cisco Employee,

Joyce,


What IOS version do you use? Can you try to do a "clear ip ro *" on router A and see if it makes a difference.


Regards

blackladyJR Mon, 10/27/2008 - 11:24
User Badges:

Router A 2611 - c2600-j1s3-mz.123-9.bin

Router C 3620 - c3620-ik9o3s6-mz.123-1a.bin

Router D 2613 - c2600-jk8o3s-mz.122-6f.bin


It didn't make a difference after clearing all routes in Router A and C. I even remove the ospf redistribution completely and check to make sure Router C has no D EX routes and then as soon as I put back the redistribute ospf in Router A, then all 3 routes again appear in Router C.


Am I having a wrong understanding about route-map filtering or I have wrong typo in the config?


Is it correct to assume that with the route-map abc, I should only have 150.50.50.0 being redistributed into EIGRP 100? So 192.165.1.0 and 130.1.1.0 both should not be redistributed into EIGRP 100 as 192.165.1.0 gets implicit deny and 130.1.1.0 gets explicit deny?


Also what about the match interface (I never use this before so wasn't sure about this). How should we use match interface command? Reading the definition says it will redistribute matching destination subnet. It's little confused for me. So in my scenario, if I don't have any route-map, all 3 ospf will get redistributed into eigrp 100. So what is the theortical result if I apply match interface route-map qwe to match the interface towards Rtr B? Also if the match interface changes to match the interface towards Rtr C, what is the therotical result? And lastly if the match interface actually change to matching the interface facing back Rtr D, what will happen?


thanks again,

Joyce



Harold Ritter Mon, 10/27/2008 - 11:39
User Badges:
  • Cisco Employee,

Joyce,


I just ran a quick test with 123-9 and it worked like a charm. You understanding of the route-map filtering is correct. Something must be wrong in your configuration.


Could you use route-map abc again and try adding an explicit deny all at the very beginning, such as "route-map abc deny all" and no match statement so that all routes are denied just to see if the routes will be blocked.


Regards

blackladyJR Mon, 10/27/2008 - 13:00
User Badges:

Hi Harold,


No luck, I put route-map dfg deny 10 with nothing in match, all 3 routes still show up in Rtr C. I then modify the route-map to:


route-map dfg deny 10

match ip address 3


access-list 3 permit any


With hits on the access list 3, I still see all 3 routes in Rtr C. When I apply the route-map, I first remove the redistribute completely and check Rtr C to ensure all 3 routes are gone first before re-applying the new route-map in Rtr A.


It's very puzzled why but at least it's good that you have confirmed my route-map filtering understanding of it. I have attached all 4 routers running config and a diagram and their routing tables. Is it really just I am unlucky to have some bad IOS/bug or my config is wrong somewhere?


Since I have a malfunction network so I am not able to test the match interface command to see how it suppose to work, do you mind to let me know what will it suppose to happen in theory if I apply the match interface to match all my 3 interfaces in 3 separate scenarios? I keep reading the definition and now I am confused.


thanks again for all your time.


Joyce



Attachment: 
Harold Ritter Tue, 10/28/2008 - 06:26
User Badges:
  • Cisco Employee,

Joyce,


Interesting. Can you post the output for the following commands from RouterA:


show ip eigrp topo 130.1.1.0 255.255.255.0

show ip eigrp topo 192.166.1.0 255.255.255.0

show ip eigrp topo 150.50.50.0 255.255.255.0


Regards

blackladyJR Tue, 10/28/2008 - 06:55
User Badges:

Harold,


RTRA#sh ip eigrp topo 192.165.1.0 255.255.255.0

IP-EIGRP (AS 100): Topology entry for 192.165.1.0/24

State is Passive, Query origin flag is 1, 1 Successor(s), FD is 40025600

Routing Descriptor Blocks:

150.50.50.1, from Redistributed, Send flag is 0x0

Composite metric is (40025600/0), Route is External

Vector metric:

Minimum bandwidth is 64 Kbit

Total delay is 1000 microseconds

Reliability is 255/255

Load is 1/255

Minimum MTU is 1500

Hop count is 0

External data:

Originating router is 192.168.20.2 (this system)

AS number of route is 1

External protocol is OSPF, external metric is 20

Administrator tag is 0 (0x00000000)

% IP-EIGRP (AS 50): Route not in topology table

RTRA#sh ip eigrp topo 130.1.1.0 255.255.255.0

IP-EIGRP (AS 100): Topology entry for 130.1.1.0/24

State is Passive, Query origin flag is 1, 1 Successor(s), FD is 40025600

Routing Descriptor Blocks:

150.50.50.1, from Redistributed, Send flag is 0x0

Composite metric is (40025600/0), Route is External

Vector metric:

Minimum bandwidth is 64 Kbit

Total delay is 1000 microseconds

Reliability is 255/255

Load is 1/255

Minimum MTU is 1500

Hop count is 0

External data:

Originating router is 192.168.20.2 (this system)

AS number of route is 1

External protocol is OSPF, external metric is 74

Administrator tag is 0 (0x00000000)

% IP-EIGRP (AS 50): Route not in topology table

RTRA#sh ip eigrp topo 150.50.50.0 255.255.255.0

IP-EIGRP (AS 100): Topology entry for 150.50.50.0/24

State is Passive, Query origin flag is 1, 1 Successor(s), FD is 40025600

Routing Descriptor Blocks:

0.0.0.0, from Redistributed, Send flag is 0x0

Composite metric is (40025600/0), Route is External

Vector metric:

Minimum bandwidth is 64 Kbit

Total delay is 1000 microseconds

Reliability is 255/255

Load is 1/255

Minimum MTU is 1500

Hop count is 0

External data:

Originating router is 192.168.20.2 (this system)

AS number of route is 1

External protocol is OSPF, external metric is 0

Administrator tag is 0 (0x00000000)

% IP-EIGRP (AS 50): Route not in topology table

RTRA#sh ip ro 192.165.1.0

Routing entry for 192.165.1.0/24

Known via "ospf 1", distance 110, metric 20, type extern 2, forward metric 64

Redistributing via eigrp 100

Advertised by eigrp 100 route-map dfg

Last update from 150.50.50.1 on Serial0/0.104, 00:15:28 ago

Routing Descriptor Blocks:

* 150.50.50.1, from 192.165.1.1, 00:15:28 ago, via Serial0/0.104

Route metric is 20, traffic share count is 1


RTRA#sh ip ro 130.1.1.0

Routing entry for 130.1.1.0/24

Known via "ospf 1", distance 110, metric 74, type inter area

Redistributing via eigrp 100

Advertised by eigrp 100 route-map dfg

Last update from 150.50.50.1 on Serial0/0.104, 00:15:41 ago

Routing Descriptor Blocks:

* 150.50.50.1, from 192.165.1.1, 00:15:41 ago, via Serial0/0.104

Route metric is 74, traffic share count is 1


RTRA#sh ip ro 150.50.50.0

Routing entry for 150.50.50.0/24

Known via "connected", distance 0, metric 0 (connected, via interface)

Redistributing via eigrp 100

Advertised by eigrp 100

Routing Descriptor Blocks:

* directly connected, via Serial0/0.104

Route metric is 0, traffic share count is 1


thanks again to help me solving this mystery.


Joyce

blackladyJR Tue, 10/28/2008 - 10:10
User Badges:

Harold,


Thank you so much for all your time to help me. You are absolutely correct, I have upgraded the IOS and wah lah, it works! Now it works on match interface also so I know how it works. I set Rtr B to remove eigrp 50 and enable ospf on it also so I can use match interface to choose either Rtr B or Rtr D routes to be redistributed into eigrp 100 via match interface command.


thank you again for all your help to test run test and search bug for me.


thanks,

Joyce


Actions

This Discussion