07-30-2017 10:02 AM - edited 03-05-2019 08:55 AM
In topology of 4 router R1 is OSPF R2 redistribution R3 RIP and R4 redistribution. In this topology R2 and R4 comes in between R1 and R4. In this we redistributed ospf and rip routes for . My question is why do we use distribution(access list) to prevent routes. In dynamic routing it will take best path for routing then why we use access list for filtering and loop prevention
Solved! Go to Solution.
08-01-2017 01:13 PM
Hi sivanet107gmail.com,
In your scenerio you have two redistribution points R2 and R4
____ R2 ____
/ \
R1(OSPF) --- ---- R3 (RIP)
\ /
------ R4 -----
When RIP routes having AD 120 redistributed into OSPF by R4 they have new AD value of 110 which is lower that RIP and R2 will select these OSPF routes from R4 as best routes (due to lower AD than RIP routes) and redistributed them into RIP again and will create a loop in network. this thing is happening vice versa too. To avoid this we need to use distribution list to filter the routes. This will not happen with RIP/EIGRP and EIGRP/OSPF. As EIGRP has two different AD values for internal and external routes.
Hope this will help you....
08-01-2017 03:06 PM
Hello
When you have mutual redistribution, you have potential of routing loops.
Ospf routes get redistributed into RIP and then RIP redistributes back to Ospf or the ohter way around, So to negate such action it always best practice to filter the redistributed route from coming back into the same routing process it originated from.
The example below is a very neat way for doing this:
route-map RIPintoOSPF deny 10 -( now rip routes with a tag of 110 will be denied from going back into OSPF
match tag 110
route-map RIPintoOSPF permit 99 - ( All other rip routes are tagged with 120 are allowed into OSPF)
set tag 120
route-map OSPFintoRIP deny 10 - ( now OSPF routes with a tag of 120 will be denied from going back into rip
match tag 120
route-map OSPFintoRIP permit 99 ( All other OSPF routes are tagged with 110 into rip)
set tag 110
router OSPF 100
redistribute rip route-map RIPintoOSPF subnets
router rip
redistribute OSPF 100 route-map OSPFintoRIP metric 1
res
Paul
07-31-2017 12:37 AM
Hello,
best path means nothing more than the route with the lowest administrative distance. RIP has 120, OSPF has 110, so the OSPF path would always be chosen. In a serial setup, where you have R1 --> R2 --> R3 --> R4, it wouldn't matter, since there would be only one path available anyway, but in more complicated scenarios with multiple redundant links, you want to control which path is taken. That is where access lists for route filtering come in handy.
Does that make sense ?
08-01-2017 01:13 PM
Hi sivanet107gmail.com,
In your scenerio you have two redistribution points R2 and R4
____ R2 ____
/ \
R1(OSPF) --- ---- R3 (RIP)
\ /
------ R4 -----
When RIP routes having AD 120 redistributed into OSPF by R4 they have new AD value of 110 which is lower that RIP and R2 will select these OSPF routes from R4 as best routes (due to lower AD than RIP routes) and redistributed them into RIP again and will create a loop in network. this thing is happening vice versa too. To avoid this we need to use distribution list to filter the routes. This will not happen with RIP/EIGRP and EIGRP/OSPF. As EIGRP has two different AD values for internal and external routes.
Hope this will help you....
08-01-2017 02:34 PM
Hello,
Spooster's explantion was great. I am just adding that the distribtion list is not the only way to avoid loop. By changing distance for external and internal routes and also using tag you can avoid loop while redistribting.
Masoud
08-01-2017 03:06 PM
Hello
When you have mutual redistribution, you have potential of routing loops.
Ospf routes get redistributed into RIP and then RIP redistributes back to Ospf or the ohter way around, So to negate such action it always best practice to filter the redistributed route from coming back into the same routing process it originated from.
The example below is a very neat way for doing this:
route-map RIPintoOSPF deny 10 -( now rip routes with a tag of 110 will be denied from going back into OSPF
match tag 110
route-map RIPintoOSPF permit 99 - ( All other rip routes are tagged with 120 are allowed into OSPF)
set tag 120
route-map OSPFintoRIP deny 10 - ( now OSPF routes with a tag of 120 will be denied from going back into rip
match tag 120
route-map OSPFintoRIP permit 99 ( All other OSPF routes are tagged with 110 into rip)
set tag 110
router OSPF 100
redistribute rip route-map RIPintoOSPF subnets
router rip
redistribute OSPF 100 route-map OSPFintoRIP metric 1
res
Paul
08-01-2017 03:32 PM
Hello Spooster
This will not happen with RIP/EIGRP and EIGRP/OSPF
Can you elaborate please has to why this would not happen- do you mean just by mutual redistribution it couldn't?
res
Paul
08-02-2017 05:54 AM
Dear Paul,
EIGRP has two different AD values for internal (90) and external routes (170).
____ R2 ____
/ \
R1(OSPF/RIP) --- ---- R3 (EIGRP)
\ /
------ R4 -----
When OSPF/RIP routes are redistributed into EIGRP by R4 then EIGRP keeps them as external routes with AD value 170 which is greater than both OSPF and RIP then R2 has OSPF/RIP routes as best routes instead of redistributed routes and vice versa when EIGRP routes are redistributed into OSPF/RIP by R4 and advertise them to R2 then R2 has EIGRP routes as best routes due to AD value of 90. Same thing happens when R2 redistribute the routes.
Hope this will help you...
08-03-2017 06:56 AM
Hello
Sounds logical however, relying on just the AD of the protocol to protect the network isn’t a good idea in my opinion
Many other factors can cause slow convergence/ sub-optimal routing or routing loops. When mutual redistribution between routing protocols is applied.
I would say it very rare to come across a medium/large size network which doesn’t have any prefix manipulation of some kind (metric values, metric-type, hop count, bw, delay etc.) or performing any internal, external summarization, route-leaking or even running out of date IOS, all of which can create some unwarranted problems when doing such redistribution.
If you didn’t try and protect against the redistributed routes being leaked back into the domain from where they originated your asking for trouble, So I would suggest and it’s just my opinion and has others have already stated on this post, That it is advisable to apply some kind of filtering
My 2 penny’s worth!
res
Paul
08-02-2017 08:46 AM
Thank you for your answer....
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: