From: juraj.markotic@combis.hr
Date: Mon Mar 15 2004 - 06:16:57 GMT-3
Hi group,
I have been having problem with some scenarios having mutual redistribution when loops and suboptimal routing occurs. I know there are lot of ways of doing this, some specific to some situations, but I tried to approach this problem as general as I can, no matter which two routing protocols are in game.
Tools to battle loops:
**** Tags
They don't solve suboptimal routing (at least on one of borde routers) and they pretty much break redundancy: if one domain (ie. ospf) is split in two parts, they will not be able to communicate over eigrp domain, because routes are filtered so no ospf routes are sent back to ospf domain. And also, tags are not supported in RIP1 and IS-IS (at least in 12.2 ?). So I don't see tags as some general solution for handling loops. Am I Wrong ?
**** Diffenetiating between internal and external routes
Only OSPF and EIGRP support differentiation between external and internal routes. EIGRP already has higher AD for external routes so it is pretty much loop free. So i need to do this on OSPF side and both domains will favor internal routes that those received thru redistribution (including his own routes that got back on the other point). So, no loops are possible here. But, only supported in combination ospf/eigrp, problem still exists if we use Rip/isis combination or something similar that can't set higher AD for external redistributed routes.
**** changing distance for specific routes only
Good thing would be if I could change distance for all routes received from one specific neighbor. Well, this works for rip, eigrp protocols with statement
distance 99 10.1.1.1 0.0.0.0
and all routes received from 10.1.1.1 neighbor now have AD 199.
But this just doesn't work for ospf and isis, because router-id for ospf route is router-id that originated the route, not the ruter that sent route to his own neighbor. Meaning, if i receive couple of ospf routes from my neighbor , it is possible that all routes have different router-id of routers that injected route in domain, meaning the only way I could catch them all is to use statement 0.0.0.0, but if I do that, than I merely changed distance for all ospf routes received from all neighbors, not from some specific neighbor.
Well that is problem only with isis and ospf. Right ?
So the last solution I see is to change distance for domain specific routes, no matter what neighbor received from. But that is administratively daunting task because I have to maintain routes from one domain.
For example, if I have OSPF and ISIS domain and I do double redistribution on 2 points I will get loop because one router will route to all his own isis routes trhu ospf domain (because routes that he received from ospf have lower AD).
So on both border routers I could set filter that sets AD for all isis originated routes to have lower AD than routes received trhu ospf. Of course I need to have acl that define isis nets.
For example, config of both border routers should be:
router isis
distance 109 0.0.0.0 255.255.255.255 ISIS_NETS
! networks that are in ISIS domain
ip access-list standard ISIS_NETS
permit 150.1.16.0 0.0.0.255
permit 150.1.56.0 0.0.0.255
...
Now, both border routers will always favor those routes received from isis neigbhor, and not the same routes received from ospf domain. I have redundancy, no loops and no suboptimal routing here.
Question in the end: do you thing this method is OK and is it general enough so I could use it on lab in any situation ? Biggest drawback is that I have to maintain networks in acl, and that become administrative task whenever new network is introduced in domain. Do you think I could lose point for this on exam ?
Do you have some opservations, recommendations ?
And most of all, do you see some wrong interpretations about redistribution, that I wrote about other methods ?
thanks,
jura
This archive was generated by hypermail 2.1.4 : Thu Apr 01 2004 - 08:15:26 GMT-3