From: Shane Miles (smiles@xxxxxxxxxx)
Date: Mon Jun 10 2002 - 13:17:23 GMT-3
Good question. I've never been able to figure out why people say to filter
on the side of lower AD. For example, two redistribution points between RIP
and OSPF. To prevent loops etc you only have to filter in OSPF because its
AD is lower than RIP's. But so many lab scenario answer keys I've seen have
distribute-lists configured on both sides and I've never understood why. I
must be missing something here. Can anyone help?
-----Original Message-----
From: Tom Larus
To: Bruce Williams; Baety Wayne SrA 18 CS/SCBX; 'Anthony Pace'; Treptow,
Georg; Dennis Laganiere; 'Paul Connelly'; ccielab@groupstudy.com
Sent: 6/10/02 11:30 AM
Subject: Re: OSPF tags as a way to stop route feedback from redistribution
-- what is the downside?
Thank you. That was a good point.
I think I may be beginning to understand the problem with any method
like
the tagging method. Doyle I says on page 780, "To prevent route
feedback,
routed must be filtered as they are incoming on an interface, before
they
are entered into the route table."
Now I don't think the RIP route redistributed into OSPF will ever get
back
to the RIP domain, as long as we use tags and route-maps, but the
problem
remains that we now have a RIP route in our ASBR routing table as an
OSPF
route, with whatever metric we assigned it when we distributed it into
OSPF.
This can't make for a very accurate routing table. All of RIP routes
are
gone, because OSPF AD is lower.
How big a problem do you folks think it is that all the routes are now
OSPF,
if the tags keep the RIP-redist-ed routes from being advertised back
into
RIP. Is this really route feedback, or is it just another problem?
-- Original Message -----
From: "Bruce Williams" <bruce@williamsnetworking.com>
To: "Baety Wayne SrA 18 CS/SCBX" <Wayne.Baety@kadena.af.mil>; "'Anthony
Pace'" <anthonypace@fastmail.fm>; "Tom Larus" <tlarus@novacoxmail.com>;
"Treptow, Georg" <gxtrept@qwest.com>; "Dennis Laganiere"
<dennisl@advancedbionics.com>; "'Paul Connelly'" <chewy7700@yahoo.com>;
<ccielab@groupstudy.com>
Sent: Monday, June 10, 2002 9:56 AM
Subject: RE: OSPF tags as a way to stop route feedback from
redistribution -- what is the downside?
> You can specify the length of the mask with an access-list.
>
> Like this:
> access-list 101 permit ip 121.1.0.0 0.0.255.255 host 255.255.0.0
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Baety Wayne SrA 18 CS/SCBX
> Sent: Monday, June 10, 2002 2:01 AM
> To: 'Anthony Pace'; Tom Larus; Treptow, Georg; Dennis Laganiere; 'Paul
> Connelly'; ccielab@groupstudy.com
> Subject: RE: OSPF tags as a way to stop route feedback from
> redistribution -- what is the downside?
>
>
> Another problem with distribute-list is its inherent inability to
> distinguish routes of differing prefix length. Let's say you want to
allow
> 121.1.0.0/24 through but not 121.1.0.0/16. Any access list style
wildcard
> you create that matches one route will match the other. BGP handles
this
> situation quite nicely with its prefix-list capability, however. For
the
> moment, Route-Tagging is the only successful way to deal with
heterogeneous
> masking, BGP support notwithstanding. But as you've already pointed
out,
> some protocols do not support tagging of routes.
>
> WAYNE BAETY, MCSE, SRA, USAF
> Network Systems Trainer
>
>
> > -----Original Message-----
> > From: Anthony Pace [mailto:anthonypace@fastmail.fm]
> > Sent: Monday, June 10, 2002 9:36 AM
> > To: Tom Larus; Treptow, Georg; Dennis Laganiere; 'Paul Connelly';
> > ccielab@groupstudy.com
> > Subject: Re: OSPF tags as a way to stop route feedback from
> > redistribution-- what is the downside?
> >
> > The downside of the distribute lists is that networks can't really
be
> > added behind the redist router (if you used permits in the
> > dist-list)They also destroy redundany accross multiple
redistribution
> > points. Doyle describes a scenario where you don't block the routes
> > being fedback (perhaps form a second redist-router), but lower their
AD
> > so they never make it into your routing table and thus are never
> > advertised beyond the redist router. If there is a failure somewhere
> > then these routes with their "inferior" AD will be prefered and go
into
> > the table and once the network converges you have a redundent path.
> >
> > Anthony Pace
> >
> > On Sat, 8 Jun 2002 22:07:34 -0400, "Tom Larus"
<tlarus@novacoxmail.com>
> > said:
> > > Yes. RIP does not carry tags. This tagging must be done as the
routes
> > > are
> > > redistributed INTO a routing protocol that supports them. I see
the
> > > problem, now, and that is that we still need to stop the OSPF
routes
> > > that go
> > > into RIP or IGRP from feeding back into OSPF. For that I guess we
need
> > > to
> > > use the old methods of blocking individual routes.
> > >
> > > Doyle I also indicated that distribute lists have their
shortcomings,
> > > too,
> > > but it is too late for me to get teh book and cite the page. He
had
an
> > > explanation that I need to take a bit more time to think about and
> > > digest. I
> > > definitely need to do more work with this manipulating admin
distance.
> > > The
> > > big problems seem to have to do with redistributed routes that
have
> > > lower
> > > admin distance.
> > >
> > >
> > > ----- Original Message -----
> > > From: "Treptow, Georg" <gxtrept@qwest.com>
> > > To: "'Tom Larus'" <tlarus@novacoxmail.com>; "Anthony Pace"
> > > <anthonypace@fastmail.fm>; "Dennis Laganiere"
> > > <dennisl@advancedbionics.com>;
> > > "'Paul Connelly'" <chewy7700@yahoo.com>; <ccielab@groupstudy.com>
> > > Sent: Saturday, June 08, 2002 9:42 PM
> > > Subject: RE: OSPF tags as a way to stop route feedback from
> > > redistribution--
> > > what is the downside?
> > >
> > >
> > > > This unfortunatly is not an answer but more of an extension to
Tom's
> > > > question.....
> > > >
> > > > I have recently done a lot of work on tagging, one of my
scenarios
> > that I
> > > > tried did not work out that great..
> > > >
> > > > R1--------------R6----
> > > > RIP v.1 |
> > > > | OSPF
> > > > R10--|
> > > > |
> > > > R4--------------R13---
> > > >
> > > > R1,R4 are redistribution routers between RIP v.1 and OSPF, R10
runs
> > RIPv.1
> > > > only. R6 and R10 OSPF only.
> > > >
> > > > I thought to myself that there has to be a better way of
> > redistribution
> > > from
> > > > RIP to OSPF and vice versa.
> > > > Instead of doing distribute/prefix lists I tagged all routes
going
> > into
> > > the
> > > > RIP domain (from OSPF) at R1 with 1111 and R4 I used 4444.
> > > > At R1 I declared all routes with a tag of 4444 to be dismissed
from
> > > > redistribution back into OPSF and at R4 i did the same blocking
all
> > routes
> > > > with a tag of 1111 but allowing all others. For whatever reason
all
> > routes
> > > > from the RIP domain were blocked.
> > > >
> > > > Is it possible that RIP gets rid of tag information? Am I
missing
> > > something
> > > > here?
> > > >
> > > >
> > > > Thanks,
> > > >
> > > > Georg Treptow
> > > >
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: Tom Larus [mailto:tlarus@novacoxmail.com]
> > > > Sent: Saturday, June 08, 2002 8:21 PM
> > > > To: Anthony Pace; Dennis Laganiere; 'Paul Connelly';
> > > > ccielab@groupstudy.com
> > > > Subject: OSPF tags as a way to stop route feedback from
> > redistribution--
> > > > what is the downside?
> > > >
> > > >
> > > > I'd like to ask about the downside of another approach that
seems
too
> > good
> > > > to be true. In doing practice labs, I like to tag routes from
other
> > > > protocols as they are redistributed into OSPF (for example, tag
routes
> > > from
> > > > IGRP 120 with tag 120), then have a route-map that stops those
routes
> > from
> > > > going back into the other protocol. The problem is that one
does
not
> > see
> > > > this in case studies or in practice lab solutions very often,
and
that
> > > makes
> > > > me nervous. Doyle I contains a reference to this use of tags in
the
> > > chapter
> > > > on route-maps, and that makes me feel a little better.
> > > >
> > > > This has the feel of something that seems neat but is very
dangerous.
> > > > Basically, anything that does involve manually typing in half
the
> > routes
> > > in
> > > > my network feels wrong, because it is not the tedious method
that
> > involves
> > > > as much typing of routes as possible and nailing things down
manually.
> > > > --- Original Message -----
> > > > From: "Anthony Pace" <anthonypace@fastmail.fm>
> > > > To: "Tom Larus" <tlarus@novacoxmail.com>; "Dennis Laganiere"
> > > > <dennisl@advancedbionics.com>; "'Paul Connelly'"
> > <chewy7700@yahoo.com>;
> > > > <ccielab@groupstudy.com>
> > > > Sent: Saturday, June 08, 2002 8:01 PM
> > > > Subject: OSPF into IGRP and summarizing into FLSM
> > > >
> > > >
> > > > > Tom Larus said "Let's say you have loopback addresses on OSPF
> > enabled
> > > > > routers that you will need to summarize so that an IGRP /24
network
> > > > > will be able to see them and reach them. You redistribute
them
into
> > > > > OSPF, and use summary-address ip mask to summarize them right
there
> > on
> > > > > the same router, which is by definition an ASBR because
> > redistribution
> > > > > is happening on it. Works like a charm."
> > > > >
> > > > > In other words you are using IP SUMMARY under OSPF even though
you
> > want
> > > > > to shoot the /24 into IGRP? Then, a /24 is created right there
on
> > that
> > > > > router and puhed into the IGRP world? Is that correct?
> > > > >
> > > > > I have been looking at this list for a definitive answer on
this
for
> > a
> > > > > while (not wanting to repost a question if it has allready
been
> > > > > answered) This seems like a solution. The quesion has been
asked
> > many
> > > > > times and interpreted or missinterpreted differently in
different
> > posts
> > > > > but essentially this is the problem as I see it: All of the
> > protocoles
> > > > > on the LABS we have all been doing have a mechanism for
> > redistributing
> > > > > and controlling summarization except IGRP. The LABS almost
always
> > give
> > > > > you the ability to summarize almost all your networks via
these
> > other
> > > > > mechanisms long before they reach the OSPF/IGRP redistribution
point
> > > > > with the exeption of a loopback or directly connected network
on
> > that
> > > > > router which does not conform to the IGRP FLSM. It has been
> > suggested
> > > > > that a "ip default-network" be shot into IGRP and this works
but
it
> > is
> > > > > questionable as to weather this constitutes an ILLEGAL STATIC
ROUTE.
> > > > > The Solie labs pose this scenario but the soltions do not
address
> it.
> > > > >
> > > > > Are there any other tools that can be used?
> > > > >
> > > > > Anthony Pace
> > > > >
> > > > >
> > > > >
> > > > > On Tue, 4 Jun 2002 13:35:53 -0400, "Tom Larus"
> > <tlarus@novacoxmail.com>
> > > > > said:
> > > > > > I have never taken the lab, so I could not speak to that
aspect
of
> > the
> > > > > > question, but I did learn something recently I thought was
neat,
> > but
> > > > > > that
> > > > > > many others here have probably known for years.
> > > > > >
> > > > > > Let's say you have loopback addresses on OSPF enabled
routers
that
> > you
> > > > > > will
> > > > > > need to summarize so that an IGRP /24 network will be able
to
see
> > them
> > > > > > and
> > > > > > reach them. You redistribute them into OSPF, and use
summary-
> > address
> > > > > > ip
> > > > > > mask to summarize them right there on the same router, which
is
by
> > > > > > definition an ASBR because redistribution is happening on
it.
> > Works
> > > > > > like a
> > > > > > charm.
> > > > > >
> > > > > > Okay, it's old hat for a lot of you old hands, but I still
think
> > it is
> > > > > > pretty neat.
> > > > > >
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: "Dennis Laganiere" <dennisl@advancedbionics.com>
> > > > > > To: "'Paul Connelly'" <chewy7700@yahoo.com>;
> > <ccielab@groupstudy.com>
> > > > > > Sent: Tuesday, June 04, 2002 12:40 PM
> > > > > > Subject: RE: Connected routes vs network statement
> > > > > >
> > > > > >
> > > > > > > Some routing protocols will interpret the two differently.
> > EIGRP,
> > > or
> > > > > > > instance, will see the redistributed route as external,
which
> > has a
> > > > much
> > > > > > > higher AD.
> > > > > > >
> > > > > > > --- Dennis
> > > > > > >
> > > > > > >
> > > > > > > -----Original Message-----
> > > > > > > From: Paul Connelly [mailto:chewy7700@yahoo.com]
> > > > > > > Sent: Tuesday, June 04, 2002 9:03 AM
> > > > > > > To: ccielab@groupstudy.com
> > > > > > > Subject: Connected routes vs network statement
> > > > > > >
> > > > > > > Is there a preference in the lab when to use "redistribute
> > > connected"
> > > > vs.
> > > > > > > network statements? I know the redistribute connected will
not
> > turn
> > > on
> > > > the
> > > > > > > routing protocol on the interface but you can easily turn
it
off
> > > with
> > > > > > > passive-interface. Just want to check if the exam wants
you to
> > do it
> > > a
> > > > > > > certain way.
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > Thanks
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > ---------------------------------
> > > > > > > Do You Yahoo!?
> > > > > > > Sign-up for Video Highlights of 2002 FIFA World Cup
> > > > > > >
This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:30 GMT-3