From: Petr Lapukhov (petrsoft@gmail.com)
Date: Tue Mar 21 2006 - 03:42:26 GMT-3
Hello,
I could add some of my thought there:
1) Elect redistribution strategy:
1.1) If possible, try to create prefix-lists for every protocol's
prefixes (RIP-PREFIXES, OSPF-PREFIXES, etc). Another
option would be to use standart access-lists.
1.2) If acl/prefix-list filtering is explicitly prohibited, use
route-tagging (coloring). This is more complex then
prefix-filtering,
thought.
2) Plan your redistribution (with IGP diagram before your eyes):
2.1) Choose core (transit) and edge (non-transit) protocols.
If you are to use tagging, assign tags to routing information.
(this is a separate task by itsetlf, i mean tagging, i recommend
to use table in complex cases)
. 2.2) Select primary, secondary, tertiary points of route injection:
plan redistribution metrics accordingly.Try to be symmetric
here,
asymmetric paths may give you some bad suprises in security,
etc.
2.3) Try to fulfill general rule: native prefixes should be primarily
reachable
througth the native protocol: i.e. RIP domain should see
RIP-PREFIXES
via RIP, all other protocols should provide backup.
This is where AD could be adjusted. Plan this adjustements
too, using prefix-lists/acls from (1), of route-tags (if
possible) from (2).
2.4) In complex cases (multiple transit protocols, etc) draw a
redistribution
table, commenting your actions (filtering, AD change)
3) Implement your redistribution
3.1) Use route maps with acl/prefixs list matching, setting metric
accordingly
3.2) Use route maps matching/setting route tags, adjusting metrics
as planned.
4) Verify your redistribution:
4.1) tcl ping script (sh ip aliases for quick ipv4 list).
Try to ping IGP IPv4/v6, BGP v4/v6 separately on
appropritate routers.
4.2) debug ip routing to notice unstable paths.
4.3) traceroute to verify symmetic paths
4.4) show ip route to quickly verity prefix lengths
---Now some quick catch-ups:
1) OSPF could filter information only on ABR/ASBR 2) EIGRP EX AD could not be adjusted granularly 3) Summaries could be used instead of filtering sometimes 4) EIGRP stub could be used to filter routing information too 5) Split-horizon applies to redistribution too 6) iBGP routes are not redistributed by default 7) You can use summary-address/range "no-advertise" in OSPF for filtering 8) RIP split-horizon is enabled by default on FR physical (that could give you route-bouncing and counting to infinity in H&S topology) 9) With OSPF you can adjust AD for internal/external prefixes 10) Watch out for point-to-multipoint networks in OSPF, you could need to do an "area xx range" here. 11) Be careful when you do "redistribute connected" with filtering, and redistribute <PROTOCOL> on same router, you could lose some of connected prefixes with improper filtering 12) Be extra careful with routing over tunnels (e.g. OSPF over tunnel, that is routed over EIGRP domain). Try to inject only tunnel endpoints in carrier protocol, and filter edpoints information into passenger routing protocols.
HTH a little.. Petr
2006/3/17, xprtofnet <xprtofnet@yahoo.com>: > > Folks, > > trying to iron out redistribution and here are my > thoughts. Would appreciate any inputs. > > 1-The golden cmd for redistribution and to avoid any > problems is the cmd: > distance xxx 0.0.0.0 255.255.255.255 acl > > This cmd is specially applicable to RIP. > > 2- When ever you are doing High-AD >> Low-AD > redistribution be cautious- specially when there are > two or more point of redistribution. > e.g Rip>>OSPF , EigrpExt>>Rip > > 3- if you do not want to use the cmd in option-1 then > on any router that has 2 or more IGP redistributing in > each other make their AD equal. This will not get you > optimal routing but routing stabilty > > 4-if re-injection of routes are to be avoided (breaks > redundancy) then use Route-Tags. > > 5-putting ospf in bgp- use match internal/external > > 6-you can not set AD of eigrp-EXT routes using option > 1 cmd. you have to set all the eigrp-EXT to the same > AD > > 7-use ospf p2p network on loopback so that it does not > generate /32. this may result in suboptimal routing. > same is the case with ospf-p2m > > Inputs are encouraged. > > m2c. > > __________________________________________________ > Do You Yahoo!? > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Apr 01 2006 - 10:07:39 GMT-3