cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1807
Views
4
Helpful
8
Replies

Redistribution router filtering

sivanet107
Level 1
Level 1

In topology of 4 router R1 is OSPF R2 redistribution R3 RIP and R4 redistribution. In this topology R2 and R4 comes in between R1 and R4. In this we redistributed ospf and rip routes for . My question is why do we use distribution(access list) to prevent routes. In dynamic routing it will take best path for routing then why we use access list for filtering and loop prevention  

2 Accepted Solutions

Accepted Solutions

Hi sivanet107gmail.com,

In your scenerio you have two redistribution points R2 and R4

                           ____  R2  ____

                         /                            \

R1(OSPF) ---                                   ----  R3 (RIP)

                       \                              /

                          ------   R4   -----

When RIP routes having AD 120 redistributed into OSPF by R4 they have new AD value of 110 which is lower that RIP and  R2 will select these OSPF routes from R4 as best routes (due to lower AD than RIP routes) and redistributed them into RIP again and will create a loop in network. this thing is happening vice versa too. To avoid this we need to use distribution list to filter the routes. This will not happen with RIP/EIGRP and EIGRP/OSPF.  As EIGRP has two different AD values for internal and external routes.

Hope this will help you....

Spooster IT Services Team

View solution in original post

Hello

When you have mutual redistribution, you have potential of routing loops.

Ospf routes get redistributed into RIP and then RIP redistributes back to Ospf or the ohter way around, So to negate such action it always best practice to filter the redistributed route from coming back into the same routing process it originated from.

The example below is a very neat way for doing this:

route-map RIPintoOSPF deny 10    -( now rip routes with a tag of 110 will be denied from going back into OSPF
match tag 110

route-map RIPintoOSPF permit 99   - ( All other rip routes are tagged with 120 are allowed into OSPF)
set tag 120

route-map OSPFintoRIP deny 10   - (  now OSPF routes with a tag of 120 will be denied from going back into rip
match tag 120

route-map OSPFintoRIP permit 99   ( All other OSPF routes are tagged with 110 into rip)
set tag 110

router OSPF 100
redistribute rip route-map RIPintoOSPF subnets

router rip
redistribute OSPF 100 route-map OSPFintoRIP metric 1

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

8 Replies 8

Hello,

best path means nothing more than the route with the lowest administrative distance. RIP has 120, OSPF has 110, so the OSPF path would always be chosen. In a serial setup, where you have R1 --> R2 --> R3 --> R4, it wouldn't matter, since there would be only one path available anyway, but in more complicated scenarios with multiple redundant links, you want to control which path is taken. That is where access lists for route filtering come in handy.

Does that make sense ? 

Hi sivanet107gmail.com,

In your scenerio you have two redistribution points R2 and R4

                           ____  R2  ____

                         /                            \

R1(OSPF) ---                                   ----  R3 (RIP)

                       \                              /

                          ------   R4   -----

When RIP routes having AD 120 redistributed into OSPF by R4 they have new AD value of 110 which is lower that RIP and  R2 will select these OSPF routes from R4 as best routes (due to lower AD than RIP routes) and redistributed them into RIP again and will create a loop in network. this thing is happening vice versa too. To avoid this we need to use distribution list to filter the routes. This will not happen with RIP/EIGRP and EIGRP/OSPF.  As EIGRP has two different AD values for internal and external routes.

Hope this will help you....

Spooster IT Services Team

Hello,

Spooster's explantion was great. I am just adding that the distribtion list is not the only way to avoid loop. By changing distance for external and internal routes and also using tag you can avoid loop while redistribting.

Masoud

Hello

When you have mutual redistribution, you have potential of routing loops.

Ospf routes get redistributed into RIP and then RIP redistributes back to Ospf or the ohter way around, So to negate such action it always best practice to filter the redistributed route from coming back into the same routing process it originated from.

The example below is a very neat way for doing this:

route-map RIPintoOSPF deny 10    -( now rip routes with a tag of 110 will be denied from going back into OSPF
match tag 110

route-map RIPintoOSPF permit 99   - ( All other rip routes are tagged with 120 are allowed into OSPF)
set tag 120

route-map OSPFintoRIP deny 10   - (  now OSPF routes with a tag of 120 will be denied from going back into rip
match tag 120

route-map OSPFintoRIP permit 99   ( All other OSPF routes are tagged with 110 into rip)
set tag 110

router OSPF 100
redistribute rip route-map RIPintoOSPF subnets

router rip
redistribute OSPF 100 route-map OSPFintoRIP metric 1

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hello Spooster

This will not happen with RIP/EIGRP and EIGRP/OSPF

Can you elaborate please has to why this would not happen-  do you mean just by mutual redistribution it couldn't?

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Dear Paul,

EIGRP has two different AD values for internal (90) and external routes (170).

                                ____  R2  ____

                             /                             \

R1(OSPF/RIP) ---                                   ----  R3 (EIGRP)

                             \                              /

                                 ------   R4   -----

When OSPF/RIP routes are redistributed into EIGRP by R4 then EIGRP keeps them as external routes with AD value 170 which is greater than both OSPF and RIP then R2 has  OSPF/RIP routes as best routes instead of redistributed routes and vice versa when EIGRP routes are redistributed into OSPF/RIP by R4 and advertise them to R2 then R2 has EIGRP routes as best routes due to AD value of 90. Same thing happens when R2 redistribute the routes.

Hope this will help you...

Spooster IT Services Team

Hello

Sounds logical however, relying on just the AD of the protocol to protect the network isn’t a good idea in my opinion

Many other factors can cause slow convergence/ sub-optimal routing or routing loops. When mutual redistribution between routing protocols is applied.

I would say it very rare to come across a medium/large size network which doesn’t have any prefix manipulation of some kind (metric values, metric-type, hop count, bw, delay etc.) or performing any internal, external summarization, route-leaking or even running out of date IOS, all of which can create some unwarranted problems when doing such redistribution.

If you didn’t try and protect against the redistributed routes being leaked back into the domain from where they originated your asking for trouble, So I would suggest and it’s just my opinion and has others have already stated on this post, That it is advisable to apply some kind of filtering

My 2 penny’s worth!

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hi, Spooster IT Services

                                        Thank you for your answer....

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco