From: Schulz, Dave (DSchulz@dpsciences.com)
Date: Wed Dec 07 2005 - 11:14:08 GMT-3
Not exactly, Godswill....let me give you the complete your
configuration.....(and then explain)....
!
router ospf 1
redistribute rip route-map R2O subnet
!
router rip
redistribute ospf 1 route-map O2R
!
!
route-map O2R deny 10
match tag 120
match tag 90
!
route-map O2R permit 20
set tag 110
!
route-map R2O deny 10
match tag 120
match tag 90
!
route-map R2O permit 20
set tag 120
Note: The tag will show where the route came from when it is
redistributed. Correct me if I am wrong on this, but redistribution
allows us to distribute routes from one protocol's database into another
(RIP -> OSPF)....not having anything to do with the RIB. However, after
redistribution... the router then makes a decision ....saying, "what is
the best route that I have from all the bases" (taking into account the
AD, cost, etc, etc.). Therefore, based on this.....tagging and
redistribution allows the routes within the routers
databases.....Changing AD and costs influences the routers decision of
WHICH routes to use and put in it's RIB. Please let me know if I have
any of this incorrect.
Dave Schulz,
Email: dschulz@dpsciences.com <mailto:dschulz@dpsciences.com%20>
________________________________
From: Godswill Oletu [mailto:oletu@inbox.lv]
Sent: Wednesday, December 07, 2005 8:38 AM
To: Schulz, Dave; Venkataramanaiah.R
Cc: Serge N'GBESSO; nobody@groupstudy.com; ccielab@groupstudy.com
Subject: Re: Controling mutual redistribution loops
Dave,
If I understand you correctly......Do you mean something like this?
!
router ospf 1
redistribute rip sub tag 120
!
router rip
redistribute ospf route-map O2R
!
route-map O2R deny 10
match tag 120
match tag 110
!
route-map O2R permit 20
set tag 110
If that is what you meant, I do not think it will work. After awhile you
would have undone all the benefits of your redistribution. When both
RIP&OSPF converged, all your OSPF&RIP routes will be tagged with either
120 or 110 (except new routes), and if you prevent both tags from
getting into a particular routing protocol, then the purpose of the
redistribution would have been defeated.
In the above example, the first set of updates will be fine and
redistribution will occur but subsequent redistributions of OSPF into
RIP will not occur.
OSPF by default have an AD of 110 for all its routes internal, external,
etc, within OSPF it has a mechanism to always prefer internal routes to
external routes. But the router make its routing decision base on ADs
and once there is an external OSPF route with an AD of 110, the route
will prefer OSPF to RIP's AD of 120 despite the fact that, that route
originated from the RIP domain and RIP is the closest routing protocol
to that route.
So, along with the route tagging/filtering, manipulating the AD will
come very handy. However, this is not in all cases. If there is a single
point of mutual redistribution, I will not care about it. Also, in a
single point of mutual redistribution, tagging routes in one direction
and dropping them in the other direction is effective, so double tagging
and double filtering in both directions will not be necessary.
HTH
Godswill Oletu
----- Original Message -----
From: Schulz, Dave <mailto:DSchulz@dpsciences.com>
To: Godswill Oletu <mailto:oletu@inbox.lv> ; Venkataramanaiah.R
<mailto:vramanaiah@gmail.com>
Cc: Serge N'GBESSO <mailto:sergeng@yahoo.fr> ;
nobody@groupstudy.com ; ccielab@groupstudy.com
Sent: Wednesday, December 07, 2005 5:34 AM
Subject: RE: Controling mutual redistribution loops
Godswill -
Great explanation on the AD and the redistribution. Thanks!
Let's take this one step further....understanding that we have different
AD's with different protocols....And, if we we have a practice to always
tag a route when it is redistributed, as well as, denying any pre-tagged
routes....would I always prevent routing loops, no matter what
administrative distance existed? So, if I have Eigrp somewhere else,
and I am redistributing between ospf and Ripv2, for discussion
purposes....I could do something like this, right? (and the reverse,
elsewhere)....note that I changed and expanded this tagging idea....
route-map O2R deny 10
match tag 110 (drop any tagged routes coming from EIGRP)
match tag 120 (drop any tagged routes coming from RIP)
redistributed
!
route-map E2O permit 20
set tag 90
(all untagged traffic is redistributed and tagged with the
admin distance from where it came from)
And, of course, if you would want to allow a previously
redistributed route to be passed into another protocol, you could do
that by permitting this. Does this work?
No copyrights....I noticed someone else doing a similar thing as
well....it just helps to keep things straight and remember what series
of tags you are using.
Dave
-----Original Message-----
From: Godswill Oletu
To: Schulz, Dave; Venkataramanaiah.R
Cc: Serge N'GBESSO; nobody@groupstudy.com;
ccielab@groupstudy.com
Sent: 12/7/2005 12:18 AM
Subject: Re: Controling mutual redistribution loops
Dave,
I think there are some routing loop issues that tagging will
not
eliminate.
e.g. redistributing between RIP&OSPF in two routers say R1&R2.
The loop will occur because, e.g. in R1, all native RIP routes
have an
AD of
120, when those routes are redistributed into OSPF, they took on
AD of
110
but as E2 or E1 depending on how they were redistributed. Same
thing
will
happen when RIP is redistributed into OSPF in R2. The "better"
redistributed
OSPF routes with AD of 110, will eventually replace the original
RIP
routes
having AD of 120 where they were sourced from and this will lead
to some
interesting loops.
EIGRP have kind of taken care of its self, in that it
automatically
assign
an AD of 170 to all external routes, but for the other routing
protocols
that leaves the distinction between an external route and an
internal
route
within their routing processes, manual AD setting might be
needed.
The distance command either under router RIP to reduce all
native RIP
routes' AD to a value lesser than OSPF routes or under router
OSPF to
increase the AD of all external OSPF routes to a value higher
than
native
RIP routes will go a long way in addition to the tag/filtering
to
checkmate
routing loops.
Dave, it is kool using the distance as the tag values, I think I
will
adopt
that, hope you have not copyrighted it :). My method before now
is to
using
1111, 2222, 3333, 6666, etc but using the AD values help to
reinforce
one's
prior knowledge.
HTH
Godswill
----- Original Message -----
From: "Schulz, Dave" <DSchulz@dpsciences.com>
To: "Venkataramanaiah.R " <vramanaiah@gmail.com>
Cc: "Serge N'GBESSO " <sergeng@yahoo.fr>;
<nobody@groupstudy.com>;
<ccielab@groupstudy.com>
Sent: Tuesday, December 06, 2005 7:41 AM
Subject: RE: Controling mutual redistribution loops
> You are correct, Venkat. Thanks for pointing that out. Here
is the
> correction. Good advice on using the debug ip routing to find
the
loops.
>
> router ospf 1
> redistribute eigrp 100 route-map E2O subnets
>
> router eigrp 100
> redistribute ospf 1 route-map O2E metric 100000 1000 255 1
1500
> !
> !
> route-map E2O deny 10
> match tag 110 (I use the tag that has the same admin
distance #)
> !
> route-map E2O permit 20
> set tag 90
> !
> route-map O2E deny 10
> match tag 90
> !
> route-map O2E permit 20
> set tag 110
> !
>
>
> -----Original Message-----
> From: Venkataramanaiah.R
> To: Schulz, Dave
> Cc: Serge N'GBESSO; nobody@groupstudy.com;
ccielab@groupstudy.com
> Sent: 12/6/2005 1:21 AM
> Subject: Re: Controling mutual redistribution loops
>
> May be you meant to set the tags and not match them in your
permit 20
> statements...
>
> If you only match them, where would you set them exactly..
>
> A very important tip to spot the routing loops is to enable
debug ip
> routing. If you see too many debug messages even after the
routing
> protocol is supposed to have converged, then you certainly
have some
> routing loop somewhere..
>
> -Venkat
>
>
>
>
> On 12/4/05, Schulz, Dave <DSchulz@dpsciences.com
> <mailto:DSchulz@dpsciences.com> > wrote:
>
> Serge -
>
> The rule of the thumb (I think, at least one of them) on
mutual
> distribution
> ...is not redistribute routes back into the area that they
originally
> came
> from (causing a loop). IMHO, the best way to do this is
through tags,
> though
> you can use specific route....but these are little less
> administration-friendly, since if the routes change, so do
your
> access-lists/route-maps. Also, watch out for your metrics
(not as big
> in ospf
> as in eigrp). Here is an example that I have....hope this
> helps....(mutual
> redistribution from ospf to eigrp). Also, I am doing this for
memory,
> so it
> may look different on your router. Please correct me if I
missed
> something.
>
> ------------------------
>
> router ospf 1
> redistribute eigrp 100 route-map E2O subnets
>
> router eigrp 100
> redistribute ospf 1 route-map O2E metric 100000 1000 255 1
1500
> !
> !
> route-map E2O deny 10
> match tag 110 (I use the tag that has the same admin
distance #)
> !
> route-map E2O permit 20
> match tag 90
> !
> route-map O2E deny 10
> match tag 90
> !
> route-map O2E permit 20
> match tag 110
> !
> Note: I like to use the tag that has the same admin distance
where
the
> route
> originally came from, just to keep it straight....but this
your
choice.
>
>
> -----Original Message-----
> From: nobody@groupstudy.com <mailto:nobody@groupstudy.com>
> To: ccielab@groupstudy.com <mailto:ccielab@groupstudy.com>
> Sent: 12/4/2005 9:23 AM
> Subject: Controling mutual redistribution loops
>
> Hi all,
>
> I'm always afraid when it comes to spoting mutual
redistribution
loops
> !!
> What are the rules of tumbs for visualising the potential
loops ?
> What is the logic behind this ?
> Does packet tagging always block the redistribution loops ?
> what is the implementation logic ?
>
> Thx for your answers !
>
>
>
> Serge R. N'GBESSO
> serge.ngbesso@bnpparibas.com
<mailto:serge.ngbesso@bnpparibas.com>
> Security Consultant
> CCDA, CCSP, CCIE:Security,
> Certified Etichal Hacker.
> www.1000club.com/club/japon/
<http://www.1000club.com/club/japon/>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ---------------------------------
> Appel audio GRATUIT partout dans le monde avec le nouveau
Yahoo!
> Messenger
> Tilichargez le ici !
>
>
This archive was generated by hypermail 2.1.4 : Mon Jan 09 2006 - 07:07:50 GMT-3