Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Redistribution with Tags

hi,

In this topology Rip and Ospf redistributing routes each other. R2 and R3 is ASBR and both routers doing mutual redistribution. Rip routes have tag 200 and Ospf 300. i use route filter tag to avoid routing loops in this topology but when R3 try to ping R1 loop it going via ospf domain to reach the destination.We can use distance cmd to solve this issue but i must use route tag to achieve the goal.

 

R2:-

router ospf 1
 log-adjacency-changes
 redistribute rip subnets route-map TAG200-DENY300
 network 192.168.24.0 0.0.0.255 area 0
!
router rip
 version 2
 redistribute ospf 1 metric 5 route-map TAG300-DENY200
 network 10.0.0.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!         
no cdp log mismatch duplex
!
route-map TAG200-DENY300 deny 10
 match tag 300
!
route-map TAG200-DENY300 permit 20
 set tag 200
!
route-map TAG300-DENY200 deny 10
 match tag 200
!
route-map TAG300-DENY200 permit 20
 set tag 300

------------------------------------------------------------------------------------------------

R3:-

router ospf 1
 log-adjacency-changes
 redistribute rip subnets route-map TAG300-DENY200
 network 192.168.35.0 0.0.0.255 area 0
!
router rip
 version 2
 redistribute ospf 1 metric 5 route-map TAG300-DENY200
 network 10.0.0.0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
route-map TAG200-DENY300 deny 10
 match tag 300
!
route-map TAG200-DENY300 permit 20
 set tag 200
!
route-map TAG300-DENY200 deny 10
 match tag 200
!
route-map TAG300-DENY200 permit 20
 set tag 300
--------------------------------------------------------------------------------------------------

 

R2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
Gateway of last resort is not set

O    192.168.45.0/24 [110/11] via 192.168.24.4, 00:59:53, FastEthernet1/0
C    192.168.24.0/24 is directly connected, FastEthernet1/0
     10.0.0.0/24 is subnetted, 3 subnets
C       10.1.12.0 is directly connected, FastEthernet0/0
R       10.1.1.0 [120/1] via 10.1.12.1, 00:00:09, FastEthernet0/0
C       10.1.23.0 is directly connected, FastEthernet0/1
O    192.168.35.0/24 [110/21] via 192.168.24.4, 00:59:53, FastEthernet1/0

------------------------------------------------------------------------------------------------------------

R3#sh ip route
 

Gateway of last resort is not set

O    192.168.45.0/24 [110/20] via 192.168.35.5, 01:00:36, FastEthernet0/1
O    192.168.24.0/24 [110/30] via 192.168.35.5, 01:00:36, FastEthernet0/1
     10.0.0.0/24 is subnetted, 3 subnets
O E2    10.1.12.0 [110/20] via 192.168.35.5, 00:58:47, FastEthernet0/1
O E2    10.1.1.0 [110/20] via 192.168.35.5, 00:58:33, FastEthernet0/1
C       10.1.23.0 is directly connected, FastEthernet0/0
C    192.168.35.0/24 is directly connected, FastEthernet0/1
R3#

 

2 ACCEPTED SOLUTIONS

Accepted Solutions

AFAIK, only OSPF is supported

AFAIK, only OSPF is supported.

But it should be enough in your case.
 

Hall of Fame Super Blue

FerodYou don't need to.The

Ferod

You don't need to.

The issue is with the RIP routes redistributed into OSPF because OSPF has the lower AD.

If you use a distribue list with a route map to match the tag on R2 and R3 under OSPF to stop the redistributed RIP routes learnt via OPSF being installed in the local IP routing table it will work ie. R3 would use the direct RIP route to R1's loopback instead of the OSPF route.

The problem with this solution is you have no redundancy ie. if R3's link to R2 goes down R3 has no alternate path to R1 via the other OSPF routers because you have filtered the routes.

I appreciate you don't want to change the AD but that would be a better solution because then you would have redundancy if either of R3's links fails.

Jon

17 REPLIES

Hi, you might use the

Hi,

 

you might use the distribution-list route-map command here possibly?

See http://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/routmap.html

for details.

 

Best regards,

Milan
 

New Member

i think using route-map on

i think using route-map on redistribution is the best way to filter.

If you filter on

If you filter on redistribution already, ALL routers within the OSPF area will loose the routing info for the filtered prefixes.

If you apply distribution-list route-map command under the OSPF process on R3 (and R2) only, the other routers within the OSPF area will be still able to reach R1 loop, I guess?


 

Best regards,

Milan



 

New Member

Let me to check first with

Let me to check first with Distribution list then will post the result smiley

New Member

How could you use route-map

How could you use route-map for distribution list in rip protocol

AFAIK, only OSPF is supported

AFAIK, only OSPF is supported.

But it should be enough in your case.
 

Hall of Fame Super Blue

FerodYou don't need to.The

Ferod

You don't need to.

The issue is with the RIP routes redistributed into OSPF because OSPF has the lower AD.

If you use a distribue list with a route map to match the tag on R2 and R3 under OSPF to stop the redistributed RIP routes learnt via OPSF being installed in the local IP routing table it will work ie. R3 would use the direct RIP route to R1's loopback instead of the OSPF route.

The problem with this solution is you have no redundancy ie. if R3's link to R2 goes down R3 has no alternate path to R1 via the other OSPF routers because you have filtered the routes.

I appreciate you don't want to change the AD but that would be a better solution because then you would have redundancy if either of R3's links fails.

Jon

Hi Jon, sure changing

Hi Jon,


 

sure changing external OSPF routes AD to 150 on R3 and R2, e.g., would be a solution to the problem described originally.

But it would change the AD of ALL external OSPF prefixes, which might not be the acceptable solution as I understood from the original post?


 

Best regards,

Milan

 

Hall of Fame Super Blue

Hi MilanIt would change the

Hi Milan

It would change the AD of all routes but you can use an acl with the distance command to change just some of the routes if you needed to. 

I agree if the requirement is to use the route tags using a distribute list with a route map would be a solution but i just wanted to point out that by using this solution you are losing redundancy.

Jon

Hi Jon, sure, you can use the

Hi Jon,

 

sure, you can use the distance command with the ACL.

But then you need to know quite precisely for which particular prefixes you want to modify the AD.

 

I was thinking about another possibility:

What about using the distribute-list with a route-map not denying the tagged prefixes but changing their AD?

Probably would not work as set distance command is not available under OSPF (and this solution is not described anywhere)?

 

Best regards,

Milan


 

Hall of Fame Super Blue

Hi MilanBut then you need to

Hi Milan

But then you need to know quite precisely for which particular prefixes you want to modify the AD.

You do but -

1) there aren't really that many RIP routes

2) it is still better in my opinion to do that than lose redundancy by denying the routes from ever being installed in the IP routing table.

Being able set the AD based on tag would mean you wouldn't have to know and match all the RIP routes so it would be easier. In addition if there were other sources of external routes it would most definitely be the preferred method.

But looking at the topology posted simply changing the AD (with ot without an acl) would be better in my opinion.

Jon

Hall of Fame Super Blue

Hi MilanYes, just did a quick

Hi Milan

Yes, just did a quick lab and unfortunately can't see a way to set AD other than matching on prefixes in an acl.

As you say you can't set the AD in a route map.

I thought of setting something you could actually match in an acl such as DSCP or ToS value but the distance command only supports standard and not extended acls, which makes sense, so you can't do that either.

Jon

New Member

hi jon, R3 take 4 hop to

hi jon,

 

R3 take 4 hop to reach R1,if the link between R3 to R5 goes down then it go directly to R1. 

can we use policy base route to redirect the traffic ??

Hall of Fame Super Blue

FerodYou could use PBR but i

Ferod

You could use PBR but i wouldn't recommend it because it complicates things and you can achieve the same thing by just modifying the routes in some way. 

As discussed if you want R3 to go direct then you can use a distribute list with a route map as suggested by Milan.

But thiis would break any redundancy.

You may or may need redundancy but if you do changing the AD would be a better solution.

Jon

New Member

Awesome!!! Understood well

Awesome!!! Understood well sir smiley, am going to remake this lab again.

 

Thanks a lot to Milan, Jon and Yap Chin.

New Member

Hi Feroz thanks for this

Hi Feroz thanks for this interesting network setup and questions. smiley

I have recreated the network setup in Dynagen/Dynamips (https://db.tt/uz0xMBJp).

Below shows the IP routing tables on RT2 and RT3 upon the initial routers bootup.

Note that OSPF is not up yet due to the 40-second OSPF Wait timer for broadcast networks and DR/BDR election.

RT2#sh ip route

Gateway of last resort is not set

C    192.168.24.0/24 is directly connected, FastEthernet1/0
     10.0.0.0/24 is subnetted, 3 subnets
C       10.1.12.0 is directly connected, FastEthernet0/0
R       10.1.1.0 [120/1] via 10.1.12.1, 00:00:07, FastEthernet0/0
C       10.1.23.0 is directly connected, FastEthernet0/1
R    192.168.35.0/24 [120/5] via 10.1.23.3, 00:00:08, FastEthernet0/1
RT2#
================================================================================
RT3#sh ip route

Gateway of last resort is not set

R    192.168.24.0/24 [120/5] via 10.1.23.2, 00:00:16, FastEthernet0/0
     10.0.0.0/24 is subnetted, 3 subnets
R       10.1.12.0 [120/1] via 10.1.23.2, 00:00:16, FastEthernet0/0
R       10.1.1.0 [120/2] via 10.1.23.2, 00:00:16, FastEthernet0/0
C       10.1.23.0 is directly connected, FastEthernet0/0
C    192.168.35.0/24 is directly connected, FastEthernet0/1
RT3#

 

Below shows the IP routing tables on RT2 and RT3 after OSPF is up and running.

RT2#
*Mar  1 00:00:51.167: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.45.4 on FastEtherne
t1/0 from LOADING to FULL, Loading Done
RT2#
================================================================================
RT3#
*Mar  1 00:00:51.399: %OSPF-5-ADJCHG: Process 1, Nbr 192.168.45.5 on FastEtherne
t0/1 from LOADING to FULL, Loading Done
RT3#
================================================================================
RT2#sh ip route

Gateway of last resort is not set

O    192.168.45.0/24 [110/11] via 192.168.24.4, 00:01:05, FastEthernet1/0
C    192.168.24.0/24 is directly connected, FastEthernet1/0
     10.0.0.0/24 is subnetted, 3 subnets
C       10.1.12.0 is directly connected, FastEthernet0/0
O E2    10.1.1.0 [110/20] via 192.168.24.4, 00:01:05, FastEthernet1/0
C       10.1.23.0 is directly connected, FastEthernet0/1
O    192.168.35.0/24 [110/21] via 192.168.24.4, 00:01:05, FastEthernet1/0
RT2#
================================================================================
RT3#sh ip route

Gateway of last resort is not set

O    192.168.45.0/24 [110/20] via 192.168.35.5, 00:01:12, FastEthernet0/1
O    192.168.24.0/24 [110/30] via 192.168.35.5, 00:01:02, FastEthernet0/1
     10.0.0.0/24 is subnetted, 3 subnets
O E2    10.1.12.0 [110/20] via 192.168.35.5, 00:01:02, FastEthernet0/1
R       10.1.1.0 [120/5] via 10.1.23.2, 00:00:10, FastEthernet0/0
C       10.1.23.0 is directly connected, FastEthernet0/0
C    192.168.35.0/24 is directly connected, FastEthernet0/1
RT3#

 

There is a routing loop (RT3 > RT2 > RT4 > RT5 > RT3) as shown in the traceroute result below.

RT3#trace 10.1.1.1

Type escape sequence to abort.
Tracing the route to 10.1.1.1

  1 10.1.23.2 36 msec 52 msec 28 msec
  2 192.168.24.4 68 msec 72 msec 44 msec
  3 192.168.45.5 48 msec 20 msec 44 msec
  4 192.168.35.3 84 msec 40 msec 28 msec
  5 10.1.23.2 84 msec 92 msec 88 msec
  6 192.168.24.4 92 msec 104 msec 108 msec
  7 192.168.45.5 76 msec 100 msec 96 msec
  8 192.168.35.3 52 msec 88 msec 116 msec
  9 10.1.23.2 80 msec 128 msec 140 msec
 10 192.168.24.4 120 msec 168 msec 136 msec
 11 192.168.45.5 148 msec 144 msec 152 msec
 12 192.168.35.3 164 msec 108 msec 148 msec
 13 10.1.23.2 192 msec 152 msec 216 msec
 14 192.168.24.4 196 msec 184 msec 248 msec
 15 192.168.45.5 176 msec 232 msec 228 msec
 16 192.168.35.3 204 msec 228 msec 184 msec
 17 10.1.23.2 248 msec 272 msec 204 msec
 18 192.168.24.4 244 msec 272 msec 208 msec
 19 192.168.45.5 200 msec 228 msec 296 msec
 20 192.168.35.3 264 msec 308 msec 200 msec
 21 10.1.23.2 276 msec 320 msec 288 msec
 22 192.168.24.4 308 msec 312 msec 248 msec
 23 192.168.45.5 292 msec 308 msec 296 msec
 24 192.168.35.3 324 msec 400 msec 360 msec
 25 10.1.23.2 336 msec 384 msec 376 msec
 26 192.168.24.4 340 msec 368 msec 332 msec
 27 192.168.45.5 348 msec 368 msec 388 msec
 28 192.168.35.3 372 msec 372 msec 376 msec
 29 10.1.23.2 392 msec 416 msec 468 msec
 30 192.168.24.4 452 msec 384 msec 432 msec
RT3#

 

The routing loop is resolved after modified the misconfiguration on RT3.

RT3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
RT3(config)#router ospf 1
RT3(config-router)#redistribute rip subnets route-map TAG200-DENY300
RT3(config-router)#end
RT3#
RT3#sh ip route

Gateway of last resort is not set

O    192.168.45.0/24 [110/20] via 192.168.35.5, 00:03:12, FastEthernet0/1
O    192.168.24.0/24 [110/30] via 192.168.35.5, 00:03:02, FastEthernet0/1
     10.0.0.0/24 is subnetted, 3 subnets
O E2    10.1.12.0 [110/20] via 192.168.35.5, 00:03:02, FastEthernet0/1
O E2    10.1.1.0 [110/20] via 192.168.35.5, 00:00:10, FastEthernet0/1
C       10.1.23.0 is directly connected, FastEthernet0/0
C    192.168.35.0/24 is directly connected, FastEthernet0/1
RT3#
================================================================================
RT2#sh ip route

Gateway of last resort is not set

O    192.168.45.0/24 [110/11] via 192.168.24.4, 00:04:07, FastEthernet1/0
C    192.168.24.0/24 is directly connected, FastEthernet1/0
     10.0.0.0/24 is subnetted, 3 subnets
C       10.1.12.0 is directly connected, FastEthernet0/0
R       10.1.1.0 [120/1] via 10.1.12.1, 00:00:10, FastEthernet0/0
C       10.1.23.0 is directly connected, FastEthernet0/1
O    192.168.35.0/24 [110/21] via 192.168.24.4, 00:04:07, FastEthernet1/0
RT2#
================================================================================
RT3#trace 10.1.1.1

Type escape sequence to abort.
Tracing the route to 10.1.1.1

  1 192.168.35.5 48 msec 44 msec 24 msec
  2 192.168.45.4 64 msec 20 msec 60 msec
  3 192.168.24.2 84 msec 104 msec 92 msec
  4 10.1.12.1 152 msec *  128 msec
RT3#

 

After the routing loop is resolved, the suboptimal routing occurs, in which the routing path from RT3 towards RT1 is through the OSPF network (RT3 > RT5 > RT4 > RT2 > RT1), while the preferred routing path is through the RIP network (RT3 > RT2 > RT1).

I would say that this is a chicken-and-egg problem and is related to administrative distance.

Below shows how I solved the traffic engineering problem by tuning the AD for certain OSPF routes (using ACL for better granularity control) to make them less preferred over the RIP routes. I am unable to think of better solutions for the problem at the moment. smiley

This is similar to the BGP Backdoor Route feature, which is to tune the AD for EBGP routes from 20 to 200, in order for other IGP routes (OSPF - 110, EIGRP - 90) to be preferred over the EBGP routes. More info about BGP Backdoor Routes at https://db.tt/hXs614n3.

RT2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
RT2(config)#access-list 1 permit 10.1.1.0 0.0.0.255
RT2(config)#
RT2(config)#router ospf 1
RT2(config-router)#distance 200 192.168.35.3 0.0.0.0 1
RT2(config-router)#end
RT2#
RT2#sh ip route

Gateway of last resort is not set

O    192.168.45.0/24 [110/11] via 192.168.24.4, 00:00:06, FastEthernet1/0
C    192.168.24.0/24 is directly connected, FastEthernet1/0
     10.0.0.0/24 is subnetted, 3 subnets
C       10.1.12.0 is directly connected, FastEthernet0/0
R       10.1.1.0 [120/1] via 10.1.12.1, 00:00:01, FastEthernet0/0
C       10.1.23.0 is directly connected, FastEthernet0/1
O    192.168.35.0/24 [110/21] via 192.168.24.4, 00:00:06, FastEthernet1/0
RT2#
================================================================================
RT3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
RT3(config)#access-list 1 permit 10.1.1.0 0.0.0.255
RT3(config)#access-list 1 permit 10.1.12.0 0.0.0.255
RT3(config)#
RT3(config)#router ospf 1
RT3(config-router)#distance 200 192.168.24.2 0.0.0.0 1
RT3(config-router)#end
RT3#
RT3#sh ip route

Gateway of last resort is not set

O    192.168.45.0/24 [110/20] via 192.168.35.5, 00:00:29, FastEthernet0/1
O    192.168.24.0/24 [110/30] via 192.168.35.5, 00:00:29, FastEthernet0/1
     10.0.0.0/24 is subnetted, 3 subnets
R       10.1.12.0 [120/1] via 10.1.23.2, 00:00:26, FastEthernet0/0
R       10.1.1.0 [120/2] via 10.1.23.2, 00:00:06, FastEthernet0/0
C       10.1.23.0 is directly connected, FastEthernet0/0
C    192.168.35.0/24 is directly connected, FastEthernet0/1
RT3#
RT3#trace 10.1.1.1

Type escape sequence to abort.
Tracing the route to 10.1.1.1

  1 10.1.23.2 36 msec 40 msec 12 msec
  2 10.1.12.1 36 msec *  76 msec
RT3#

 

New Member

Awesome!!! Understood well

Awesome!!! Understood well sir smiley, am going to remake this lab again.

 

Thanks a lot to Milan, Jon and Yap Chin.

168
Views
5
Helpful
17
Replies