Re: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route

From: san (san.study@gmail.com)
Date: Mon May 30 2005 - 15:03:13 GMT-3

• Next message: gladston@br.ibm.com: "Re: RE: RATE-LIMIT vs POLICE"
• Previous message: Roy Dempsey: "Re: RATE-LIMIT vs POLICE"
• Maybe in reply to: Bob Sinclair: "Re: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi ,

Not sure its correct. After reading the explanation from Doc CD, my
assumption is we can use only CLNS along with set-attached-bit

Usage Guidelines

In the current IS-IS implementation, as specified in ISO 10589, L1L2
routers set their Level 1 (L1) link-state packet (LSP) attached-bit
when they see other areas in their own domain, or see other domains.
However, in some network topologies, adjacent L1L2 routers in
different areas may lose connectivity to the Level 2 (L2) backbone.
Level 1 (L1) routers may then send traffic destined outside of the
area or domain to L1L2 routers that may not have such connectivity.

To allow more control over the attached-bit setting for L1L2 routers,
enter the set-attached-bit command in router configuration mode. The
route map can specify one or more CLNS routes. If at least one of the
match address route-map clauses matches a route in the L2 CLNS routing
table, and if all other requirements for setting the attached-bit are
met, the L1L2 router will continue to set the attached-bit in its L1
LSP. If the requirements are not met or no match address route-map
clauses match a route in the L2 CLNS routing table, the attached-bit
will not be set.

Note Wildcarded matches are not supported. For each route-map
statement, an exact route lookup of the specified route will be
performed. The first matched route will have other match statements
applied.
Examples

In the following example, the attached-bit will stay set when the
router matches 49.00aa in the L2 CLNS routing table.

clns filter-set L2_backbone_connectivity permit 49.00aa

route-map check-for-L2_backbone_connectivity

 match clns address L2_backbone_connectivity

router isis

 set-attached-bit route-map check-for-L2_backbone_connectivity

end

show clns route 49.00aa

Known via "isis", distance 110, metric 30, Dynamic Entry

Routing Descriptor Blocks:

 via tr2, Serial0

   isis, route metric is 30, route version is 58

/SAN

On 5/30/05, ccie2be <ccie2be@nyc.rr.com> wrote:
> Very interesting. I wonder why that doesn't work? Hmmm
>
> One of things I'm trying to do is make sure I know each method of
> accomplishing something since Cisco likes to remove options from how
> something is done.
>
> Invariably, Cisco tells you to do something that can be done 3 ways but
> forbids you from using the only 2 ways you know. Don't you just hate when
> that happens?
>
> Tim
>
> -----Original Message-----
> From: Long Kwok [mailto:lkwok@ccieunix.com]
> Sent: Monday, May 30, 2005 12:30 PM
> To: ccie2be; Bob Sinclair; ccielab@groupstudy.com
> Subject: RE: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route from
> L1 internal routers
>
> I tried adding that to R2 under its router isis process , R2 is the one
> injecting the 0/0 route into R6 , so after removing the distance command
> under R6 and clear ip route * , and verifying that R6 does again have
> the 0/0 route , I added the no set-attatch-bit under R2's isis process
> and cleared ip route but R6 still gets the 0/0 route ???
>
> Long
>
> -----Original Message-----
> From: ccie2be [mailto:ccie2be@nyc.rr.com]
> Sent: Monday, May 30, 2005 9:06 AM
> To: Long Kwok; 'Bob Sinclair'; ccielab@groupstudy.com
> Subject: RE: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route
> from L1 internal routers
>
> Long,
>
> What happens if you configure, no set-attach-bit under the isis routing
> process? Doesn't that prevent the default route from being advertised
> from
> a L1/L2 router to a L1 router?
>
> Tim
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Long
> Kwok
> Sent: Monday, May 30, 2005 11:58 AM
> To: Bob Sinclair; ccielab@groupstudy.com
> Subject: RE: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route
> from
> L1 internal routers
>
> Thanks Bob,
>
> I believe though that when you set the attatched bit doesn't this tell a
> router to send a default route into L1 only devices ? I was doing a lab
> that was not permitted to have any form of default 0/0 routes on any
> routers unless explicitly permitted , and within the isis topology ,
> there was an L1/L2 router then behind this L1/L2 router is a few L1
> only routers , I believe by default this L1/L2 ABR if you will ,
> automatically injects a 0/0 route to its internal L1 only
> bretherin...... Thanks so much for reply Bob
>
>
>
> TIA Long
>
>
>
> _____
>
> From: Bob Sinclair [mailto:bsin@cox.net]
> Sent: Monday, May 30, 2005 5:47 AM
> To: Long Kwok; ccielab@groupstudy.com
> Subject: Re: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route
> from L1 internal routers
>
>
>
> Long Kwok,
>
>
>
> Here is a config and link that permits conditional setting of the
> attached bit. I wonder if something along these lines would help.
>
> !
> router isis
> net 39.0001.0000.0000.7201.00
> set-attached-bit route-map CONDITION
> !
> route-map CONDITION
> match int loop101
> http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/isis_an.htm
> Bob Sinclair
>
> CCIE #10427, CCSI 30427, CISSP
>
> www.netmasterclass.net
>
> ----- Original Message -----
>
> From: Long Kwok <mailto:lkwok@ccieunix.com>
>
> To: ccielab@groupstudy.com
>
> Sent: Sunday, May 29, 2005 3:03 PM
>
> Subject: Filtering/Poisoning ISIS injected 0.0.0.0/0 default
> route from L1 internal routers
>
>
>
> Hi,
>
> I have been trying to filter out the automatically injected
> 0.0.0.0/0
> route that the L2 border router injects into its L1 internal
> neighbors
> as I guess it would be considered cheating on lab and you cannot
> do that
> I was trying to filter via distance 255 under L1 routers isis
> router
> process but not working. Here is what I tried.
>
>
>
> Router isis
>
> Distance 255 0.0.0.0 255.255.255.255 1
>
>
>
> Access-list 1 deny 0.0.0.0 0.0.0.0
>
>
>
> Tia Long
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: gladston@br.ibm.com: "Re: RE: RATE-LIMIT vs POLICE"
• Previous message: Roy Dempsey: "Re: RATE-LIMIT vs POLICE"
• Maybe in reply to: Bob Sinclair: "Re: Filtering/Poisoning ISIS injected 0.0.0.0/0 default route"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:12:03 GMT-3