From: James Matrisciano (jmatrisciano@kenttech.com)
Date: Wed Dec 07 2005 - 09:21:55 GMT-3
So let me take a general poll on this....whats the best solution (given
there are no restrictions on the actual lab)?
Rip----Rip
| |
Ospf---Ospf
Do we set tags from RIP into OSPF then deny the tags going from OSPF
into RIP
Or
Build an access list and apply it to a distance command within the Rip
process making the AD lower than OSPF for its internal routes?
Any Takers on this one?
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Schulz, Dave
Sent: Wednesday, December 07, 2005 5:34 AM
To: Godswill Oletu ; Venkataramanaiah.R
Cc: Serge N'GBESSO ; nobody@groupstudy.com; ccielab@groupstudy.com
Subject: RE: Controling mutual redistribution loops
Godswill -
Great explanation on the AD and the redistribution. Thanks! Let's take
this one step further....understanding that we have different AD's with
different protocols....And, if we we have a practice to always tag a
route when it is redistributed, as well as, denying any pre-tagged
routes....would I always prevent routing loops, no matter what
administrative distance existed? So, if I have Eigrp somewhere else,
and I am redistributing between ospf and Ripv2, for discussion
purposes....I could do something like this, right? (and the reverse,
elsewhere)....note that I changed and expanded this tagging idea....
route-map O2R deny 10
match tag 110 (drop any tagged routes coming from EIGRP)
match tag 120 (drop any tagged routes coming from RIP) redistributed !
route-map E2O permit 20
set tag 90
(all untagged traffic is redistributed and tagged with the admin
distance from where it came from)
And, of course, if you would want to allow a previously redistributed
route to be passed into another protocol, you could do that by
permitting this. Does this work?
No copyrights....I noticed someone else doing a similar thing as
well....it just helps to keep things straight and remember what series
of tags you are using.
Dave
-----Original Message-----
From: Godswill Oletu
To: Schulz, Dave; Venkataramanaiah.R
Cc: Serge N'GBESSO; nobody@groupstudy.com; ccielab@groupstudy.com
Sent: 12/7/2005 12:18 AM
Subject: Re: Controling mutual redistribution loops
Dave,
I think there are some routing loop issues that tagging will not
eliminate.
e.g. redistributing between RIP&OSPF in two routers say R1&R2.
The loop will occur because, e.g. in R1, all native RIP routes have an
AD of 120, when those routes are redistributed into OSPF, they took on
AD of 110 but as E2 or E1 depending on how they were redistributed. Same
thing will happen when RIP is redistributed into OSPF in R2. The
"better"
redistributed
OSPF routes with AD of 110, will eventually replace the original RIP
routes having AD of 120 where they were sourced from and this will lead
to some interesting loops.
EIGRP have kind of taken care of its self, in that it automatically
assign an AD of 170 to all external routes, but for the other routing
protocols that leaves the distinction between an external route and an
internal route within their routing processes, manual AD setting might
be needed.
The distance command either under router RIP to reduce all native RIP
routes' AD to a value lesser than OSPF routes or under router OSPF to
increase the AD of all external OSPF routes to a value higher than
native RIP routes will go a long way in addition to the tag/filtering to
checkmate routing loops.
Dave, it is kool using the distance as the tag values, I think I will
adopt that, hope you have not copyrighted it :). My method before now is
to using 1111, 2222, 3333, 6666, etc but using the AD values help to
reinforce one's prior knowledge.
HTH
Godswill
----- Original Message -----
From: "Schulz, Dave" <DSchulz@dpsciences.com>
To: "Venkataramanaiah.R " <vramanaiah@gmail.com>
Cc: "Serge N'GBESSO " <sergeng@yahoo.fr>; <nobody@groupstudy.com>;
<ccielab@groupstudy.com>
Sent: Tuesday, December 06, 2005 7:41 AM
Subject: RE: Controling mutual redistribution loops
> You are correct, Venkat. Thanks for pointing that out. Here is the
> correction. Good advice on using the debug ip routing to find the
loops.
>
> router ospf 1
> redistribute eigrp 100 route-map E2O subnets
>
> router eigrp 100
> redistribute ospf 1 route-map O2E metric 100000 1000 255 1 1500 !
> !
> route-map E2O deny 10
> match tag 110 (I use the tag that has the same admin distance #)
> !
> route-map E2O permit 20
> set tag 90
> !
> route-map O2E deny 10
> match tag 90
> !
> route-map O2E permit 20
> set tag 110
> !
>
>
> -----Original Message-----
> From: Venkataramanaiah.R
> To: Schulz, Dave
> Cc: Serge N'GBESSO; nobody@groupstudy.com; ccielab@groupstudy.com
> Sent: 12/6/2005 1:21 AM
> Subject: Re: Controling mutual redistribution loops
>
> May be you meant to set the tags and not match them in your permit 20
> statements...
>
> If you only match them, where would you set them exactly..
>
> A very important tip to spot the routing loops is to enable debug ip
> routing. If you see too many debug messages even after the routing
> protocol is supposed to have converged, then you certainly have some
> routing loop somewhere..
>
> -Venkat
>
>
>
>
> On 12/4/05, Schulz, Dave <DSchulz@dpsciences.com
> <mailto:DSchulz@dpsciences.com> > wrote:
>
> Serge -
>
> The rule of the thumb (I think, at least one of them) on mutual
> distribution
> ...is not redistribute routes back into the area that they originally
> came
> from (causing a loop). IMHO, the best way to do this is through tags,
> though
> you can use specific route....but these are little less
> administration-friendly, since if the routes change, so do your
> access-lists/route-maps. Also, watch out for your metrics (not as big
> in ospf
> as in eigrp). Here is an example that I have....hope this
> helps....(mutual
> redistribution from ospf to eigrp). Also, I am doing this for memory,
> so it
> may look different on your router. Please correct me if I missed
> something.
>
> ------------------------
>
> router ospf 1
> redistribute eigrp 100 route-map E2O subnets
>
> router eigrp 100
> redistribute ospf 1 route-map O2E metric 100000 1000 255 1 1500
> !
> !
> route-map E2O deny 10
> match tag 110 (I use the tag that has the same admin distance #)
> !
> route-map E2O permit 20
> match tag 90
> !
> route-map O2E deny 10
> match tag 90
> !
> route-map O2E permit 20
> match tag 110
> !
> Note: I like to use the tag that has the same admin distance where
the
> route
> originally came from, just to keep it straight....but this your
choice.
>
>
> -----Original Message-----
> From: nobody@groupstudy.com <mailto:nobody@groupstudy.com>
> To: ccielab@groupstudy.com <mailto:ccielab@groupstudy.com>
> Sent: 12/4/2005 9:23 AM
> Subject: Controling mutual redistribution loops
>
> Hi all,
>
> I'm always afraid when it comes to spoting mutual redistribution
loops
> !!
> What are the rules of tumbs for visualising the potential loops ?
> What is the logic behind this ?
> Does packet tagging always block the redistribution loops ?
> what is the implementation logic ?
>
> Thx for your answers !
>
>
>
> Serge R. N'GBESSO
> serge.ngbesso@bnpparibas.com <mailto:serge.ngbesso@bnpparibas.com>
> Security Consultant
> CCDA, CCSP, CCIE:Security,
> Certified Etichal Hacker.
> www.1000club.com/club/japon/ <http://www.1000club.com/club/japon/>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ---------------------------------
> Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo!
> Messenger
> Tilichargez le ici !
>
>
This archive was generated by hypermail 2.1.4 : Mon Jan 09 2006 - 07:07:50 GMT-3