From: Joseph D. Phillips (josephdphillips@fastmail.us)
Date: Wed Jul 07 2004 - 18:27:42 GMT-3
Yeah, I've seen that, too, particularly with IS-IS.
In that situation I usually pollute the distance of the protocol which
has the less-desirable path for the route.
----- Original message -----
From: jean.paul.baaklini@accenture.com
To: rohang@cisco.com, Mike@dicksonnetworks.com, ccielab@groupstudy.com
Date: Wed, 7 Jul 2004 10:51:13 +0200
Subject: RE: Redistribution Methodology
Hi,
When dealing with multiple points of mutual redistribution, using tags
or prefix filtering doesn't resolve all the issues. In some (or all?)
cases, you might need to use the distance command on the "ASBR" routers
to influence THEIR routing decision.
What's the rule then? I thought it was "to reach a prefix by always
using the route from its natural routing domain". See example below.
There R2 should use ISIS to reach R4 networks even though ospf has a
better distance.
Ex: R1-----R2-----R3
| isis ospf |
R4-----R5-----R6
Can any comment please?
Thanks
Regards,
JP
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Rohan Grover
Sent: 07 July 2004 07:27
To: 'Mike Dickson'; 'group study'
Subject: RE: Redistribution Methodology
Hi,
A related question.
If the specific redistribution scenario restricts the use of
access-lists, would prefix-list be an alternative?
Or would route-tagging be the expected answer?
Thanks
Rohan
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Mike Dickson
Sent: Wednesday, July 07, 2004 8:28 AM
To: group study
Subject: RE: Redistribution Methodology
RIP V2 supports tags. However, if you are working on your Security
exam, be aware that the PIX will not accept RIP advertisements
if any of the advertised routes are tagged.
Mike Dickson
CCIE #12281, MCSE+Internet, MCDBA
Dickson Network Designs
(512) 422-3192 voice (512) 394-0320 fax
www.dicksonnetworks.com
-----Original Message-----
From: Richard Dumoulin [mailto:richard.dumoulin@vanco.es]
Sent: Tuesday, July 06, 2004 4:36 PM
To: Joseph D. Phillips; group study
Subject: RE: Redistribution Methodology
Hi Joseph,
Have you tested this route-map with RIP ? I believe it does not work ,
--Richard
-----Original Message-----
From: Joseph D. Phillips [mailto:josephdphillips@fastmail.us]
Sent: martes, 06 de julio de 2004 22:28
To: group study
Subject: RE: Redistribution Methodology
Well the advantage of using tags is that you don't need to specify which
networks are which in an access list.
Let's say there are two routing protocols: OSPF and RIPv2
Your statement under router ospf would be something like:
redist rip sub metric-ty 1 metric 50 route-map r2o
Your statement under router rip would look something like:
redist ospf (process no.) metric 2 ma in ex route-map o2r
The route maps would look like:
route-map r2o deny 10
match tag 110 <----stop routes with tag 110 from coming in
route-map r2o perm 20
set tag 120 <-------accept RIP routes and tag them as 120
route-map o2r deny 10
match tag 120 <-----stop routes with tag 120 from coming in
route-map perm 20
set tag 110 <-----accept OSPF routes and tag them as 110
The numbers used to assign tags are arbitrary, but I like to associate
them with administrative distance.
The purpose of the above route-maps is to prevent route feedback.
It seems to work rather well. I've had no problem with it.
----- Original message -----
From: "Rohan Grover" <rohang@cisco.com>
To: "'Joseph D. Phillips'" <josephdphillips@fastmail.us>, "'group
study'" <ccielab@groupstudy.com>
Date: Wed, 7 Jul 2004 00:35:02 +0530
Subject: RE: Redistribution Methodology
Hi Joseph,
Can you give an example of how the scenario described below could be
achieved with tags?
Thanks
Rohan
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Joseph D. Phillips
Sent: Wednesday, July 07, 2004 12:23 AM
To: group study
Subject: Redistribution Methodology
Start doing it with tags. There's a good chance you will be asked to do
that on the exam.
----- Original message -----
From: "Joe Rinehart" <jjrinehart@hotmail.com>
To: "'Group Study (E-mail)'" <ccielab@groupstudy.com>
Date: Tue, 6 Jul 2004 11:42:52 -0700
Subject: Redistribution Methodology
I have a question that has been bugging me for a little while and would
like to see what the overall opinion is on the subject.
When redistributing routing protocols (I am speaking here mainly of IGP
redistribution), I know that route feedback can be an issue,
especially where mutual redistribution is concerned. Something I have
been doing in those instances is putting in filters and route
maps to prevent that.
Here is the basic methodology, per protocol:
1. Create an access list with the routes to be filtered (i.e., those
already in that IGP that shouldnt be coming back in from
another source). This is a series of deny statements followed by a
permit any statement.
2. Create a route map calling that access list.
3. Configure the redistribute statement under the target IGP calling
that route map.
Here is an example below, you may recognize it from CPSV2: router eigrp
2003 redistribute ospf 1 route-map filter-eigrp redistribute
rip route-map filter-eigrp passive-interface default no
passive-interface Serial0/0.103105 network 175.10.16.0 0.0.0.255
network
175.10.120.0 0.0.0.255 default-metric 1544 100 254 1 1500 no
auto-summary no eigrp log-neighbor-changes ! router ospf 1
log-adjacency-changes area 0 authentication message-digest area 500
stub redistribute connected route-map CONNECTED redistribute
eigrp 2003 subnets route-map filter-ospf
redistribute rip subnets route-map filter-ospf network 10.1.1.0
0.0.0.255 area 500 network 192.168.1.0 0.0.0.255 area 100 network
192.168.2.0 0.0.0.255 area 0 ! router rip version 2 redistribute eigrp
2003 route-map filter-eigrp redistribute ospf 1 route-map
filter-eigrp passive-interface default no passive-interface
Serial0/0.100 network 175.10.0.0 default-metric 5
no auto-summary
access-list 1 deny 175.10.1.0 0.0.0.255
access-list 1 deny 175.10.16.0 0.0.0.255
access-list 1 permit any
access-list 2 deny 175.10.0.0 0.0.63.255
access-list 2 permit any
access-list 3 deny 10.10.1.0 0.0.0.255
access-list 3 deny 10.10.2.0 0.0.0.255
access-list 3 deny 192.200.0.0 0.0.255.255
access-list 3 deny 192.168.0.0 0.0.31.255
access-list 3 permit any
dialer-list 1 protocol ip permit
route-map filter-ospf permit 10
match ip address 3
!
route-map filter-eigrp permit 10
match ip address 1
!
route-map filter-rip permit 10
match ip address 2
Here is my question. I KNOW that this approach works rather splendidly
and can take pretty much everything into account as a
template overall, but is this the kind of thing that can cost you points
on the exam? I know that the rules of thumb are if they
dont forbid something you are allowed to do it, and ultimately the other
test is if it works, but I also know there is a subjective
aspect as well.
Thoughts?
Joe Rinehart
AT&T
This archive was generated by hypermail 2.1.4 : Sun Aug 01 2004 - 10:11:48 GMT-3