Solved: Redistribution with Tags

feroz syed · ‎04-14-2014

hi,

In this topology Rip and Ospf redistributing routes each other. R2 and R3 is ASBR and both routers doing mutual redistribution. Rip routes have tag 200 and Ospf 300. i use route filter tag to avoid routing loops in this topology but when R3 try to ping R1 loop it going via ospf domain to reach the destination.We can use distance cmd to solve this issue but i must use route tag to achieve the goal.

R2:-

router ospf 1
log-adjacency-changes
redistribute rip subnets route-map TAG200-DENY300
network 192.168.24.0 0.0.0.255 area 0
!
router rip
version 2
redistribute ospf 1 metric 5 route-map TAG300-DENY200
network 10.0.0.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
route-map TAG200-DENY300 deny 10
match tag 300
!
route-map TAG200-DENY300 permit 20
set tag 200
!
route-map TAG300-DENY200 deny 10
match tag 200
!
route-map TAG300-DENY200 permit 20
set tag 300

------------------------------------------------------------------------------------------------

R3:-

router ospf 1
log-adjacency-changes
redistribute rip subnets route-map TAG300-DENY200
network 192.168.35.0 0.0.0.255 area 0
!
router rip
version 2
redistribute ospf 1 metric 5 route-map TAG300-DENY200
network 10.0.0.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
route-map TAG200-DENY300 deny 10
match tag 300
!
route-map TAG200-DENY300 permit 20
set tag 200
!
route-map TAG300-DENY200 deny 10
match tag 200
!
route-map TAG300-DENY200 permit 20
set tag 300
--------------------------------------------------------------------------------------------------

R2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
Gateway of last resort is not set

O 192.168.45.0/24 [110/11] via 192.168.24.4, 00:59:53, FastEthernet1/0
C 192.168.24.0/24 is directly connected, FastEthernet1/0
10.0.0.0/24 is subnetted, 3 subnets
C 10.1.12.0 is directly connected, FastEthernet0/0
R 10.1.1.0 [120/1] via 10.1.12.1, 00:00:09, FastEthernet0/0
C 10.1.23.0 is directly connected, FastEthernet0/1
O 192.168.35.0/24 [110/21] via 192.168.24.4, 00:59:53, FastEthernet1/0

------------------------------------------------------------------------------------------------------------

R3#sh ip route

Gateway of last resort is not set

O 192.168.45.0/24 [110/20] via 192.168.35.5, 01:00:36, FastEthernet0/1
O 192.168.24.0/24 [110/30] via 192.168.35.5, 01:00:36, FastEthernet0/1
10.0.0.0/24 is subnetted, 3 subnets
O E2 10.1.12.0 [110/20] via 192.168.35.5, 00:58:47, FastEthernet0/1
O E2 10.1.1.0 [110/20] via 192.168.35.5, 00:58:33, FastEthernet0/1
C 10.1.23.0 is directly connected, FastEthernet0/0
C 192.168.35.0/24 is directly connected, FastEthernet0/1
R3#

milan.kulik · ‎04-14-2014

AFAIK, only OSPF is supported.

But it should be enough in your case.

View solution in original post

Jon Marshall · ‎04-14-2014

Ferod

You don't need to.

The issue is with the RIP routes redistributed into OSPF because OSPF has the lower AD.

If you use a distribue list with a route map to match the tag on R2 and R3 under OSPF to stop the redistributed RIP routes learnt via OPSF being installed in the local IP routing table it will work ie. R3 would use the direct RIP route to R1's loopback instead of the OSPF route.

The problem with this solution is you have no redundancy ie. if R3's link to R2 goes down R3 has no alternate path to R1 via the other OSPF routers because you have filtered the routes.

I appreciate you don't want to change the AD but that would be a better solution because then you would have redundancy if either of R3's links fails.

Jon

View solution in original post

milan.kulik · ‎04-14-2014

Hi,

you might use the distribution-list route-map command here possibly?

See http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/routmap.html

for details.

Best regards,

Milan

feroz syed · ‎04-14-2014

i think using route-map on redistribution is the best way to filter.

milan.kulik · ‎04-14-2014

If you filter on redistribution already, ALL routers within the OSPF area will loose the routing info for the filtered prefixes.

If you apply distribution-list route-map command under the OSPF process on R3 (and R2) only, the other routers within the OSPF area will be still able to reach R1 loop, I guess?

Best regards,

Milan

feroz syed · ‎04-14-2014

Let me to check first with Distribution list then will post the result

feroz syed · ‎04-14-2014

How could you use route-map for distribution list in rip protocol

milan.kulik · ‎04-14-2014

AFAIK, only OSPF is supported.

But it should be enough in your case.

Jon Marshall · ‎04-14-2014

Ferod

You don't need to.

The issue is with the RIP routes redistributed into OSPF because OSPF has the lower AD.

If you use a distribue list with a route map to match the tag on R2 and R3 under OSPF to stop the redistributed RIP routes learnt via OPSF being installed in the local IP routing table it will work ie. R3 would use the direct RIP route to R1's loopback instead of the OSPF route.

The problem with this solution is you have no redundancy ie. if R3's link to R2 goes down R3 has no alternate path to R1 via the other OSPF routers because you have filtered the routes.

I appreciate you don't want to change the AD but that would be a better solution because then you would have redundancy if either of R3's links fails.

Jon

milan.kulik · ‎04-14-2014

Hi Jon,

sure changing external OSPF routes AD to 150 on R3 and R2, e.g., would be a solution to the problem described originally.

But it would change the AD of ALL external OSPF prefixes, which might not be the acceptable solution as I understood from the original post?

Best regards,

Milan

Jon Marshall · ‎04-14-2014

Hi Milan

It would change the AD of all routes but you can use an acl with the distance command to change just some of the routes if you needed to.

I agree if the requirement is to use the route tags using a distribute list with a route map would be a solution but i just wanted to point out that by using this solution you are losing redundancy.

Jon

milan.kulik · ‎04-14-2014

Hi Jon,

sure, you can use the distance command with the ACL.

But then you need to know quite precisely for which particular prefixes you want to modify the AD.

I was thinking about another possibility:

What about using the distribute-list with a route-map not denying the tagged prefixes but changing their AD?

Probably would not work as set distance command is not available under OSPF (and this solution is not described anywhere)?

Best regards,

Milan

Jon Marshall · ‎04-14-2014

Hi Milan

But then you need to know quite precisely for which particular prefixes you want to modify the AD.

You do but -

1) there aren't really that many RIP routes

2) it is still better in my opinion to do that than lose redundancy by denying the routes from ever being installed in the IP routing table.

Being able set the AD based on tag would mean you wouldn't have to know and match all the RIP routes so it would be easier. In addition if there were other sources of external routes it would most definitely be the preferred method.

But looking at the topology posted simply changing the AD (with ot without an acl) would be better in my opinion.

Jon

Jon Marshall · ‎04-14-2014

Hi Milan

Yes, just did a quick lab and unfortunately can't see a way to set AD other than matching on prefixes in an acl.

As you say you can't set the AD in a route map.

I thought of setting something you could actually match in an acl such as DSCP or ToS value but the distance command only supports standard and not extended acls, which makes sense, so you can't do that either.

Jon

feroz syed · ‎04-14-2014

hi jon,

R3 take 4 hop to reach R1,if the link between R3 to R5 goes down then it go directly to R1.

can we use policy base route to redirect the traffic ??

Jon Marshall · ‎04-14-2014

Ferod

You could use PBR but i wouldn't recommend it because it complicates things and you can achieve the same thing by just modifying the routes in some way.

As discussed if you want R3 to go direct then you can use a distribute list with a route map as suggested by Milan.

But thiis would break any redundancy.

You may or may need redundancy but if you do changing the AD would be a better solution.

Jon