- Passive interface
- Default and/or static routes
- Distribute list
- Route map
- Change administrative distance
Passive Interface
The passive-interface command prevents routing updates from being sent out an interface that runs the routing protocol. RIP and IGRP do not send updates out an interface. It prevents other routing protocols from sending hellos out of an interface; thus, they don’t discover neighbors or form an adjacency out that interface. To disable the protocol on one interface, use the command passive-interface interface. To turn off the protocol on all interfaces, use passive-interface default. You can then use no passive-interface interface for the ones that should run the protocol, as shown:
Router(config)#router eigrp 7
Router(config-router)#passive-interface default
Router(config-router)#no passive-interface s0/0/0
Distribute Lists
A distribute list allows you to filter routing updates and also routes being redistributed through an access list. Configure an access list that permits the routes to be advertised or redistributed, and then link that access list to the routing process with the distribute-list command, given under router configuration mode. This command has two options:
- distribute-list access-list in—Filters updates as they come in an interface. For OSPF, this controls routes placed in the routing table but not the database. For other protocols, this controls the routes the protocol knows about.
- distribute-list access-list out—Filters updates going out of an interface and also updates being redistributed out of another routing protocol into this one.
Route Maps
Route maps are a bit like programs that use a “if/then/else” decisionmaking capability. They match traffic against certain conditions, and then set specified options for that traffic. Each statement has a sequence number, statements are read from the lowest number to highest, and the router stops reading when it gets a match. The sequence number can be used to insert or delete statements. Like an access list, there is an implicit “deny” at the end of each route map; any traffic not matched with a route map statement is denied. Some uses for route maps include:
- Filtering redistributed routes—Use the route-map keyword in the redistribute command.
- Policy-based routing—To specify which traffic should be policy routed, based on very granular controls.
- BGP policy—To control routing updates and to manipulate path attributes.
Route Map Syntax
Route maps are created with the global command:
Router(config)#route-map {tag} permit | deny [sequence_number]
Each statement in a route map begins this same way, with the same route map name but different sequence numbers, and with match and/or set conditions below it. Permit means that any traffic matching the match conditions is used. Deny means that any traffic matching the match conditions is not used.
Match and Set Conditions
Each route map statement can have from none to multiple match and set conditions. If no match condition exists, the statement matches anything, similar to a “permit any” in an access list. If there is no set condition, the matching traffic is either permitted or denied, with no other conditions being set.
Multiple match conditions on the same line use a logical OR. For example, the router interprets match a b c as “match a or b or c.” Multiple match conditions on different lines use a logical AND. For example, the router interprets the following route map
statement as “match a and b and c:”
route-map Logical-AND permit 10
match a
match b
match c
In route redistribution, some common conditions to match include:
- ip address—Refers the router to an access list that permits or denies networks.
- ip next-hop—Refers the router to an access list that permits or denies next-hop IP addresses.
- ip route-source—Refers the router to an access list that permits or denies advertising router IP addresses.
- metric—Permits or denies routes with the specified metric from being redistributed.
- route-type—Permits or denies redistribution of the route type listed, such as internal or external.
- tag—Routes can be labeled (tagged) with a number, and route maps can look for that number.
- metric—Sets the metric for redistributed routes.
- metric-type—Sets the type, such as E1 for OSPF.
- tag—Tags a route with a number that can be matched on later by other route maps.
- level—For IS-IS, sets the IS level for this route.
The following configuration example shows a route map named BGPLP with three statements that are used to control which routes will be redistributed from OSPF into BGP. The router has already been configured with two access lists, numbered 23 and 103 (not shown.) The first route map statement, with sequence number 10, is a permit statement. The match condition tells it to use access list 23. Any traffic permitted by access list 23 matches this statement and will be redistributed into BGP. Any traffic explicitly denied by access list 23 will not be redistributed into BGP. The set condition tells it to set a BGP local preference for all traffic that matches statement 10. Traffic not matching access list 23 will be checked against the second route map statement.
The second route map statement, sequence number 20, is a deny statement that matches access list 103. Any traffic permitted by access list 103 will be denied by this statement, and thus will not be redistributed. Any traffic explicitly denied by access list 103 will be ignored by this statement, and checked against the next route map statement. This route map statement has no set conditions. Traffic not matching route map statements 10 or 20 will be checked against statement 30.
The third route map statement, sequence number 30, is a permit statement with no match or set conditions. This statement matches everything and sets nothing, thus permitting all other traffic without changing it. Without this statement, all other traffic would be denied.
Lastly, the route map is applied to the redistribution command, to filter routes redistributed from OSPF into BGP.
Router(config)#route-map BGP-LP permit 10
Router(config-route-map)#match ip address 23
Router(config-route-map)#set local-preference 200
Router(config-route-map)#!
Router(config-route-map)#route-map BGP-LP deny 20
Router(config-route-map)#match ip address 103
Router(config-route-map)#!
Router(config-route-map)#route-map BGP-LP permit 30
!
Router(config)#router bgp 65001
Router(config-router)#redistribute ospf 1 route-map BGP-LP
Manipulating Administrative Distance
When a router receives routes to the same destination network from more than one routing process, it decides which to put in the routing table by looking at the administrative distance (AD) value assigned to the routing process. The route with the lowest AD is chosen. Table 5-2 shows administrative distance values.
AD can be changed for all routes of a process or only for specific routes within a process. The command for all IGPs except EIGRP is:
Router(config-router)#distance administrative_distance {address wildcard-mask} [access-list-number | name]
Using the address/mask keywords in the command changes the AD of routes learned from the neighbor with that IP address. An entry of 0.0.0.0 255.255.255.255 changes the AD of all routes. Specifying an access list number or name changes the AD only on networks permitted in the ACL.
EIGRP and BGP have different AD values for internal and external routes, so you have to list those separately when using the command with those protocols. BGP also allows you to change the AD for locally generated routes. For these protocols, the commands are:
Router(config-router)#distance eigrp internal-distance externaldistance
Router(config-router)#distance bgp external-distance internaldistance local-distance
Route redistribution can cause suboptimal routing; one way to correct this is to adjust AD. Figure 5-1 shows a network with two routing domains: RIP and OSPF.
R2 redistributes its RIP routes into OSPF. These routes inherit OSPF’s AD when they are advertised to R4. R4 then advertises them to R3 as OSPF routes.R3 now knows about the 10.1.1.0 network from two routing processes: RIP, with an AD of 120, and OSPF, with an AD of 110. The shortest path is the RIP route through R1. The OSPF path goes through R4 and R2, and then to R1—a much longer path. But, based on AD, R3 puts the OSPF path in its routing table.
To prevent this, increase the AD of the redistributed RIP routes when OSPF advertises them. Note that this doesn’t change all OSPF routes, just the ones learned from RIP. The commands given on R2 (the router doing the initial redistribution) are shown in the
following:
Router(config)#access-list 10 permit 10.1.1.0
!
Router(config)#router ospf 1
Router(config-router)#redistribute rip subnets
Router(config-router)#distance 125 0.0.0.0 255.255.255.255 10
The AD is increased to 125 for routes from all neighbors, if they match the network permitted in access list 10. Now R3 hears about the 10.1.1.0 network from RIP with an AD of 120, and from OSPF with an AD of 125. The RIP route is put into the routing table based on its lower AD.
No comments:
Post a Comment