Scribd
Upload
166 views11 pages

Itcertnotes - Manipulating Routing Updates

Distribute lists allow network administrators to filter routing updates by applying access lists to control which routes are advertised, received, or redistributed. The key methods for manipulating routing updates include distribute lists, route maps, and administrative distance. Distribute lists are configured on interfaces and routing processes to filter updates based on the interface or protocol.

Uploaded by

kim teha
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
166 views11 pages

Itcertnotes - Manipulating Routing Updates

Distribute lists allow network administrators to filter routing updates by applying access lists to control which routes are advertised, received, or redistributed. The key methods for manipulating routing updates include distribute lists, route maps, and administrative distance. Distribute lists are configured on interfaces and routing processes to filter updates based on the interface or protocol.

Uploaded by

kim teha
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

4/17/2015

itcertnotes:ManipulatingRoutingUpdates
0

More NextBlog

CreateBlog SignIn

itcertnotes
anotherwww.yapchinhoong.comproduction
Sunday,January15,2012

ManipulatingRoutingUpdates
Routingupdatescompetewithuserdataforbandwidthandrouterresourcesyettheyarecriticalastheycarry
informationforrouterstomakeroutingdecisions.Networkadministratorsmustcontrolandtuneroutingupdatesto
ensurethatthenetworkoperatesefficiently.Networkinformationmustbesentwhereitisneededandfilteredfrom
whenitisnotneeded.Nosingleroutefilteringmethodfitsallsituationsthereforeitisessentialtoknowallthe
followingavailablemethodsformanipulatingroutingupdates:
Distributelistsapplyaccesslistsuponroutingupdatestofilterunnecessaryroutes.
Routemapspowerfulbutcomplicatedroutefilteringandmanipulationtools.
Administrativedistancecontrollingtheroutepreference.

SubscribeTo
Posts
Comments

AboutMe

Viewmy
complete
profile

Blockingtheadvertisementofcertainroutes(routefiltering)isasolutionthatisoftenbeingimplementedtoprevent
domainloopswhenimplementingtwowayrouteredistributionwithmultipleredistributionpoints.
Accesslistareconfiguredinglobalconfigurationmodeandtheassociateddistributelistisconfiguredunderarouting
protocolprocess.Theaccesslistshouldpermitthenetworksthatwillbereceived,advertised,orredistributedand
denythenetworksthatwillremainhidden.Therouterthenappliestheaccesslistuponroutingupdatesfortherouting
protocol.Thedistributelist{[aclnum|aclname]|prefix{ipprefixname}|routemap{map
tag}}{in[intftypeintfnum]|out[intftypeintfnum|routingprocess[asnum]]}router
subcommandfiltersroutingupdatesbasedonincominginterface,outgoinginterface,andredistributionfromanother
routingprotocol.

Followers
Jointhissite
withGoogleFriendConnect

Members(72) More

Alreadyamember?Signin

DistributeListProcessingBasedontheIncomingorOutgoingInterface
Routingupdatescanbecontrolledatboththeinterfaceandroutingprotocollevels.
Figureaboveshowstheprocessofarouterwhenfilteringroutingupdatesusingadistributelistthatisbasedonthe
incomingoroutgoinginterface.Belowliststhestepsoftheprocessing:
Therouterreceivesorpreparestosendaroutingupdateaboutoneormorenetworks.
Therouterdeterminestheinterfaceonwhichanincomingroutingupdatehasarrivedortheinterfaceoutofwhich
anoutgoingroutingupdateshouldbeadvertised.
Therouterdeterminesifafilter(distributelist)isassociatedwiththeinterface.
Ifafilter(distributelist)isnotassociatedwiththeinterface,theupdateisprocessednormally.
Ifafilter(distributelist)isassociatedwiththeinterface,therouterprocessestheaccesslistreferencedbythe
distributelistforamatchupontheroutespecifiedintheroutingupdate.
Ifthereisamatchintheaccesslist,therouteentryisprocessedasconfiguredwhichiseitherpermittedor
deniedbythematchingaccessliststatement.
Ifnomatchisfoundintheaccesslist,theimplicitdenyanyattheendoftheaccesslistdropstherouteentry.
Thedistributelistoutroutersubcommandcannotbeusedwithlinkstateroutingprotocolstoblockoutbound
LSAsforaninterface.Theroutesarenotinsertedinthelocalroutingtable,butarestillplacedinthelinkstate
database.
Thedistributelistinroutersubcommandfiltersroutingupdatesgoingintotheinterfacespecifiedinthecommand
intotheroutingprocessunderwhichitisconfigured.
Thedistributelistoutroutersubcommandfiltersroutingupdatesgoingoutfromtheinterfaceorroutingprotocol
specifiedinthecommand,intotheroutingprocessunderwhichitisconfigured.

PopularPosts
IPsecStuckin
MM_SA_SETUPand
MM_NO_STATE
CiscoIOSTCPPorts2002,
4002,6002,and9002
InstallingVMwareToolson
debian6
TheWindowsXPand
Windows7GratuitousARPs
NativeVLANMismatchand
VTPDomain
CiscoRouter"unknown
protocoldrops"
ChangingMACAddressin
RedHatEnterpriseLinux
SuppressingInactiveBGP
RouteAdvertisement

Labels

http://www.itcertnotes.com/2012/01/manipulatingroutingupdates.html

1/11

4/17/2015

itcertnotes:ManipulatingRoutingUpdates
acl(6)
acs(2)
arista(1)
arp(4)
asafw(1)
bgp(40)
bug(10)
c3750(1)
c6500(2)
IPRouteFiltering

BelowshowstheroutingtableonRT3beforeandaftertheroutefilteringconfigurationonRT2:

cmdref(28)
crypto(3)

RT3#shiproute

dcnm(3)

Gatewayoflastresortisnotset

debian(2)

172.16.0.0/24issubnetted,1subnets
D172.16.1.0[90/30720]via192.168.1.1,00:00:08,FastEthernet0/0
10.0.0.0/24issubnetted,1subnets
D10.10.10.0[90/33280]via192.168.1.1,00:00:08,FastEthernet0/0
C192.168.1.0/24isdirectlyconnected,FastEthernet0/0
RT3#
00:05:20:%DUAL5NBRCHANGE:IPEIGRP(0)100:Neighbor192.168.1.1(FastEthernet0/0)isdown
:InterfaceGoodbyereceived
00:05:25:%DUAL5NBRCHANGE:IPEIGRP(0)100:Neighbor192.168.1.1(FastEthernet0/0)isup:
newadjacency
RT3#shiproute

dhcp(4)

Gatewayoflastresortisnotset
172.16.0.0/24issubnetted,1subnets
D172.16.1.0[90/30720]via192.168.1.1,00:00:03,FastEthernet0/0
C192.168.1.0/24isdirectlyconnected,FastEthernet0/0
RT3#

Thealternativewaytoachievethefilteringofnetwork10.0.0.0isdenynetwork10.0.0.0andpermitothernetworks.
Thisisanefficientapproachiftheroutinginformationcontainedmultiplenetworksbutonlynetwork10.0.0.0neededto
befiltered.
accesslist1deny10.0.0.00.255.255.255
accesslist1permitany

eigrp(24)
ethernet(3)
gre(1)
hardening(2)
hsrp(1)
http(1)
ip(1)
ipsla(1)
ipv6(17)
isis(18)
linkagg(7)
linux(4)
lms(1)
mcast(6)
miscrouting(30)
miscswitching(17)
n5k(3)
n7k(4)
nat(6)
nemesis(1)
netmgmt(6)
nmap(1)
nxos(15)
odr(1)
ospf(38)
pagent(2)
pbr(1)
ppp(3)
proxysg(10)

DistributeListsForTwoway/MutualRedistribution
ThesamplenetworkaboveimplementedtwowayredistributionbetweenEIGRPandOSPF.BelowshowsthatRT2will
redistributetheOSPFroutes172.16.0.0/22,whichredistributedbyRT3fromOSPFintoEIGRP,backtoRT4when
modifyingtheadministrativedistanceforEIGRPexternalroutesandremovingthedistributelistforOSPFonRT2:
RT2#shiproute

http://www.itcertnotes.com/2012/01/manipulatingroutingupdates.html

quickshot(13)
reallifetshoot(22)
rhel(5)
rip(5)

2/11

4/17/2015

itcertnotes:ManipulatingRoutingUpdates

Gatewayoflastresortisnotset
12.0.0.0/24issubnetted,1subnets
C12.12.12.0isdirectlyconnected,FastEthernet0/0
13.0.0.0/24issubnetted,1subnets
D13.13.13.0[90/30720]via12.12.12.1,00:02:38,FastEthernet0/0
24.0.0.0/24issubnetted,1subnets
C24.24.24.0isdirectlyconnected,FastEthernet1/0
34.0.0.0/24issubnetted,1subnets
O34.34.34.0[110/2]via24.24.24.4,00:01:24,FastEthernet1/0
O172.16.0.0/16[110/2]via24.24.24.4,00:01:24,FastEthernet1/0
O172.17.0.0/16[110/2]via24.24.24.4,00:01:24,FastEthernet1/0
O172.18.0.0/16[110/2]via24.24.24.4,00:01:24,FastEthernet1/0
O172.19.0.0/16[110/2]via24.24.24.4,00:01:24,FastEthernet1/0
D192.168.0.0/24[90/156160]via12.12.12.1,00:02:38,FastEthernet0/0
D192.168.1.0/24[90/156160]via12.12.12.1,00:02:38,FastEthernet0/0
D192.168.2.0/24[90/156160]via12.12.12.1,00:02:38,FastEthernet0/0
D192.168.3.0/24[90/156160]via12.12.12.1,00:02:38,FastEthernet0/0
RT2#
RT2#conft
Enterconfigurationcommands,oneperline.EndwithCNTL/Z.
RT2(config)#routereigrp100
RT2(configrouter)#distanceeigrp9080
RT2(configrouter)#
00:04:25:%DUAL5NBRCHANGE:IPEIGRP(0)100:Neighbor12.12.12.1(FastEthernet0/0)isdown:
routeconfigurationchanged
00:04:29:%DUAL5NBRCHANGE:IPEIGRP(0)100:Neighbor12.12.12.1(FastEthernet0/0)isup:n
ewadjacency
RT2(configrouter)#doshiproute
Gatewayoflastresortisnotset
12.0.0.0/24issubnetted,1subnets
C12.12.12.0isdirectlyconnected,FastEthernet0/0
13.0.0.0/24issubnetted,1subnets
D13.13.13.0[90/30720]via12.12.12.1,00:00:06,FastEthernet0/0
24.0.0.0/24issubnetted,1subnets
C24.24.24.0isdirectlyconnected,FastEthernet1/0
34.0.0.0/24issubnetted,1subnets
DEX34.34.34.0[80/1336320]via12.12.12.1,00:00:05,FastEthernet0/0
DEX172.16.0.0/16[80/1336320]via12.12.12.1,00:00:05,FastEthernet0/0
DEX172.17.0.0/16[80/1336320]via12.12.12.1,00:00:05,FastEthernet0/0
DEX172.18.0.0/16[80/1336320]via12.12.12.1,00:00:05,FastEthernet0/0
DEX172.19.0.0/16[80/1336320]via12.12.12.1,00:00:05,FastEthernet0/0
D192.168.0.0/24[90/156160]via12.12.12.1,00:00:06,FastEthernet0/0
D192.168.1.0/24[90/156160]via12.12.12.1,00:00:06,FastEthernet0/0
D192.168.2.0/24[90/156160]via12.12.12.1,00:00:06,FastEthernet0/0
D192.168.3.0/24[90/156160]via12.12.12.1,00:00:06,FastEthernet0/0
RT2(configrouter)#
RT2(configrouter)#doshaccesslists
StandardIPaccesslist1
10deny192.168.0.0,wildcardbits0.0.3.255(4matches)
20permitany(24matches)
StandardIPaccesslist2
10deny172.16.0.0,wildcardbits0.3.255.255(4matches)
20permitany(19matches)
RT2(configrouter)#
RT2(configrouter)#routerospf100
RT2(configrouter)#nodistributelist2outeigrp100
RT2(configrouter)#doshipospfdatabase

rmon(1)
security(8)
stp(2)
tcp(3)
tips(7)
tools(17)
tricks(21)
vlan(1)
vmware(3)
vpc(3)
vrf(1)
vtp(1)
wan(1)
wcna(9)
whenyapisbored(2)
windows(1)
wireshark(1)
wlan(3)
WYSINWYRG(3)

BlogRolls
TheNetworkJournal

outputomitted
Type5ASExternalLinkStates
LinkIDADVRouterAgeSeq#ChecksumTag
12.12.12.02.2.2.22760x800000010x00F97A0
12.12.12.03.3.3.32500x800000030x00D7960
13.13.13.02.2.2.2450x800000050x00CD9F0
13.13.13.03.3.3.32650x800000010x00B7B50
34.34.34.02.2.2.2500x800000010x00DE530
172.16.0.02.2.2.230x800000010x0026B50
172.17.0.02.2.2.230x800000010x001AC00
172.18.0.02.2.2.230x800000010x000ECB0
172.19.0.02.2.2.230x800000010x0002D60
192.168.0.02.2.2.2450x800000050x00F1390
192.168.0.03.3.3.32500x800000030x00D7510
192.168.1.02.2.2.2450x800000050x00E6430
192.168.1.03.3.3.32500x800000030x00CC5B0
192.168.2.02.2.2.2450x800000050x00DB4D0
192.168.2.03.3.3.32500x800000030x00C1650
192.168.3.02.2.2.2450x800000050x00D0570
192.168.3.03.3.3.32500x800000030x00B66F0
RT2(configrouter)#

Usingasingleroutertoredistributeroutesmeansintroducingasinglepointoffailurethatcancauseproductionissues
uponhardwarefailure.Mostredistributionscenariosimplementaminimumof2routersperformingredistributionfor
redundancyandevenforloadsharing.
Theexistenceofmultipleredistributionpointsbetween2routingdomainsintroducessomecomplexandtrickyissues,

http://www.itcertnotes.com/2012/01/manipulatingroutingupdates.html

3/11

4/17/2015

itcertnotes:ManipulatingRoutingUpdates

inwhicharoutefromaroutingdomaincanberedistributedintoanotherroutingdomain,andthenbeingredistributed
backintotheoriginalroutingdomain.Domainloopoccurswhenthetwiceredistributedrouteisredistributedbackinto
theoriginalroutingdomainwitharelativelylowmetricandbeingpreferredovertheroutethatwasadvertisedonly
internaltothatroutingdomain.Configuringhighermetricsuponredistributedroutesisoftenusedtopreventdomain
loop.
Interestingly,EIGRPandOSPFwithdefaultsettingsisnotpronetodomainloopproblemswheneitheroneofthemis
oneoftheroutingprotocolsthatundergoatwowaymutualredistribution.ThedefaultEIGRPadministrativedistances
values(90forinternal170forexternal)defeatsthedomainloopproblemwhenredistributingbetweenEIGRPand
OSPF.OSPFalwaysprefersinternalroutesoverE1routes,andE1routesoverE2routes,beforeevenconsidering
themetrics.
Distributelistshidesnetworkinformation,whichcanbeconsideredadrawbackinsomesetups.Ex:Inanetworkwith
redundantpaths,adistributelistmightpermitroutingupdatesforonlyspecificroutestoavoidroutingloops.Other
routersmightnotknowaboutotherpathstoreachthefilterednetworks.Sowhentheprimarypathgoesdown,the
backuppathsarenotused,asotherroutersdonotknowtheyexist.Whenredundantpathsexist,othertechniques,
eg:manipulatingtheadministrativedistanceormetric,shouldbeusedinsteadofdistributelists,toenabletheuseof
analternativepath(withaworseadministrativedistanceormetric)whentheprimarypathgoesdown.
Ciscorecommendedusingroutemapstomanipulateandcontrolroutingupdates.
AllIProutingprotocolscanuseroutemapsforredistributionfiltering.
RoutemapsarecomplexACLsthatusematchcommandstotestsomeconditionsuponinterestingpacketsor
routes.Oncetheconditionsarematched,theactionsspecifiedbysetcommandswillbetakentomodifythe
attributesofthepacketorroutes.
Aroutemapisacollectionofroutemapstatementsthathavethesameroutemapname.Withinaroutemap,each
routemapstatementisnumberedandcanbeeditedindividually.Likeanaccesslist,thereisanimplicitdenyanyat
theendofaroutemap.Theconsequencesofthisdenydependupontheusageoftheroutemap.
Theroutemap{maptag}[permit|deny][seqnum]globalconfigurationcommandcanbeusedtodefine
theconditionsforprocessing.Themaptagisthenameoftheroutemap.Thepermitanddenyareoptional
parametersthatspecifytheactiontobetakenwhenaroutemapmatchconditionsaremet.Theoptionalsequence
numberindicatesthepositionforanewroutemapstatementinanalreadyexistedroutemap(usedforinsertingor
deletingspecificroutemapstatementsinaroutemap).
Aroutemapreferencedbytheredistributeroutersubcommandalwaysattemptstofilterroutes.Ifaparticular
routemapstatementwiththepermitactionmatchesaparticularroute,therouteisredistributedascontrolledbythe
setactionsforpolicyrouting,thepacketispolicyrouted.Ifaparticularroutemapstatementwiththedenyaction
matchesaparticularroute,therouteisfilterednotredistributedforpolicyrouting,thepacketisnotpolicyrouted.
Asinglematchstatementmaycontainmultipleconditionsjustasingleconditionneedstobetrueforthematch
statementtobeconsideredmatched.(LogicalOR)
Asingleroutemapstatementmaycontainmultiplematchstatementsallmatchstatementsintheroutemap
statementmustbetruefortheroutemapstatementtobeconsideredmatched.(LogicalAND)
Multiplematchconditions>Amatchstatement/clause.
Multiplematchstatements/clauses>Aroutemapstatement.
Multipleroutemapstatements>Aroutemap.

RouteMapInterpretation
Thesampleroutemapnameddemo01inthefigureaboveisinterpretedas:
if((aorborc)andd)
seteandf
elseif(g)
seth
else
setnothing

Note:Thedefaultactionfortheroutemapcommandispermit,withsequencenumberof10.Theactionsdefined
withtheset{condition}routemapconfigurationcommandwillbeeffectiveonlywhentheactionoftheroutemapis
permit.
Note:Donotleaveouttheseqnumwheneditingandaddingstatementsinaroutemaplist,orelseonlythe1st
statementwiththesequencenumberof10willalwaysbereferredto.Routemapsequencenumbersdonot
automaticallyincrementaswithACLconfiguration!

http://www.itcertnotes.com/2012/01/manipulatingroutingupdates.html

4/11

4/17/2015

itcertnotes:ManipulatingRoutingUpdates

Routemapsarebeingusedforavarietyofpurposes.Severalcommonusagesofroutemapsare:
Routefilteringduringredistribution.Redistributionoftenrequiresroutefiltering.Althoughdistributelistscanbe
usedforthispurpose,routemapsoffergreaterflexibilitiesformatchingandmanipulatingroutingupdatesusing
matchcriterionsandsetactions.
PolicyBasedRouting(PBR).Routemapsareabletomatchsourceanddestinationaddresses,protocoltypes,
andenduserapplicationsthroughtransportlayerportnumbers.Whenamatchoccurs,asetactioncanbeusedto
definetheinterfaceornexthopaddresstowhichthepacketshouldbeforwarded.PBRprovidesanabilitytodefine
routingpolicyratherthanrelyupontheroutingtableforbasicdestinationbasedrouting.
NAT.RoutemapsprovidesbettercontrolupondefiningtheNATaddressesaswellasdetailedshowcommands
thatavailabletomonitortheaddresstranslationprocess.
BGP.RoutemapsaretheprimarytoolsusedforimplementingBGProutingpolicies.Networkadministratorsassign
routemapstospecificBGPsessions/neighborstocontrolwhichroutesareallowedtoflowinandoutoftheBGP
process.Inadditiontofiltering,routemapsalsoprovidesophisticatedmanipulationuponBGPpathattributes.
Routemapsusethematchsubcommandtoidentifyroutes.
ThematchcommandcanrefertoACLsandprefixliststomatchanythingmatchablebythem.
Belowliststhematchcommandsthatmatterwhenusingroutemapsforredistribution.
matchinterface{intftypeintfnum}[intftype
intfnum]

Matchesroutesthatoutgoingfromoneofthe
specifiedinterfaces.

matchipaddress{[aclnum|aclname]|prefix
list{prefixname}}

Matchesroutesthatmatchedbytheaccesslistor
prefixlist.[*]

matchipnexthop{[aclnum|aclname]|prefix Matchesroutesthathavethenexthopaddress
matchedbytheaccesslistorprefixlist.[*]
list{prefixname}}
matchiproutesource{[aclnum|aclname]|
prefixlist{prefixname}}

MatchesroutesthatadvertisedbytheIPaddress
(router)thatmatchedbytheaccesslistorprefixlist.
[*]

matchmetric{metric}[metric]

Matchesrouteswiththespecifiedmetrics.

matchroutetype{internal|external[type1|
MatchesrouteswiththespecifiedEIGRP,OSPF,IS
type2]|level1|level2|local|nssaexternal} IS,andBGProutetypes.
matchtag{tagvalue}[tagvalue]

Matchestheroutetagthatsetbyanotherrouter.

[*]Multipleaccesslistsorprefixlistscanbeassociatedwithasinglematchaction.
Belowliststhesetactionsthatmatterwhenusingroutemapsforredistribution.
setmetric{metricvalue|bandwidthdelay
reliabilityloadingmtu}

SetsthemetricforRIP,OSPF,ISIS,andEIGRP
routes.

setmetrictype{type1|type2|internal|
external}

Setsthetype(E1orE2)forOSPFexternalroutes
andISISroutes.

settag{tagvalue}

Setsthetagvaluefortheredistributedroutes.

PrefixlistsareusedtomatchIPprefixes,withthecapabilitytomatchanexactprefixlengthoraprefixrange.Prefix
listsareoftenusedasthealternativeoveraccesslistsanddistributelists.PrefixlistsarefasterandlessCPU
intensivethanregularaccesslistsanddistributelists.Prefixlistentriescanbedeletedandaddedindividually.
TheformatsofaprefixlistentryandanIPaccesscontrollist(ACL)entryaresimilar.Aprefixlistentryconsistsofa
name,anaction(denyorpermit),theprefixnumber,andtheprefixlength.Thesyntaxofthecommandisipprefix
list{listname}[seqseqnum]{deny|permit}{prefix/length}[gegevalue][lelevalue].The
networknumbercanbeanyvalidIPaddressorprefix,whilethebitmaskcanbeanumberfrom0to32.Theprefixis
automaticallyconvertedtomatchtheprefixlengthvalue,eg:entering10.11.12.0/8wouldresultin10.0.0.0/8.
Note:Ifaprefixispermitted,theroutewillbeusedifaprefixisdenied,therouteisnotused.
Thebasicformofprefixlistassumesanexactmatchofbothprefixnumberandprefixlength.Additionalparameters
arerequiredtomatcharangeofprefixes.Whenaprefixrangeendsat/32,thegevalue(greaterthanorequalto)
canbespecified.Thegevaluemustbegreaterthanthelengthspecifiedbytheprefix/lengthparameter,andless
than32.Whenthegeparameterisspecified,theprefixeswithmasklengthfromthegevalueto32(inclusive)will
bematched.
Iftheprefixlengthdoesnotendat/32,thele(lessthanorequalto)parametermustbespecified.Whenboththege
andleparametersarespecified,theprefixeswithmasklengthbetweenthegevalueandlevalue(inclusive)willbe
matched.Thespecifiedgevalueandlevaluemustsatisfythefollowingcondition:
prefixlength<gevalue<levalue32

http://www.itcertnotes.com/2012/01/manipulatingroutingupdates.html

5/11

4/17/2015

itcertnotes:ManipulatingRoutingUpdates
RepresentationofPrefixLengthRangesfortheipprefixlistCommand

Belowisanexampleofusingboththegeandleparameterstomatchaportionof172.16.1.0/24:
ipprefixlistpltestpermit172.16.1.0/24ge25le30
Notethat172.16.1.0/24andallthe/31sand/32sarenotintherange.
Belowliststheprefixesthatarebeingmatchedbytheprefixrange:
2/25s

172.16.1.0/25,172.16.1.128/25.

4/26s

172.16.1.0/26,172.16.1.64/26,172.16.1.128/26,172.16.1.192/26.

8/27s

172.16.1.0/27,172.16.1.32/27172.16.1.192/27,172.16.1.224/27.

16/28s 172.16.1.0/28,172.16.1.16/28172.16.1.224/28,172.16.1.240/28.
32/29s 172.16.1.0/29,172.16.1.8/29172.16.1.240/29,172.16.1.248/29.
64/30s 172.16.1.0/30,172.16.1.4/30172.16.1.248/30,172.16.1.252/30.
Whenaprefixlistisconfiguredwithoutasequencenumber,thedefaultsequencenumberof5willbeappliedtothe
prefixlist,andsubsequentprefixlistentrieswillbeincrementedby5,eg:5,10,15,etc.Ifasequencenumberis
enteredforthefirstprefixlistentrybutnotsubsequententries,thesubsequententrieswillalsobeincrementedby5,
eg:ifthefirstconfiguredsequencenumberis3,thenthesubsequentsequencenumberswillbe8,13,18,etc.
Belowlistssomeexamplesofprefixlists:
ipprefixlistpltestpermit0.0.0.0/0
Aprefixlistentryconfiguredtomatchonlythedefaultroute0.0.0.0/0.
ipprefixlistpltestpermit0.0.0.0/0le32
Aprefixlistentryconfiguredtomatchanyaddressorsubnetmatchall(permitanyany).
ipprefixlistpltestpermit0.0.0.0/0ge8le24
Aprefixlistentryconfiguredtomatchanyprefixthathasaprefixlengthfrom8to24bits.
ipprefixlistpltestpermit0.0.0.0/0ge30le30
Aprefixlistentryconfiguredtomatchanyprefixwithprefixlengthof30.
ipprefixlistpltestpermit172.16.1.0/24
Aprefixlistentryconfiguredtomatchthe172.16.1.0/24subnet.
ipprefixlistpltestpermit10.0.0.0/8le24
Aprefixlistentryconfiguredtomatchsubnetsfromthe10.0.0.0/8networkthathaveaprefixlengththatislessthan
orequalto24bits.
ipprefixlistpltestpermit10.0.0.0/8ge25
Aprefixlistentryconfiguredtomatchsubnetsfromthe10.0.0.0/8networkthathaveaprefixlengththatisgreater
thanorequalto25bits.

NetworkSetupforIPPrefixLists
ThesamplenetworkabovewassetuptoobservehowRT2usesprefixliststodeterminewhichsubnetstobe
redistributedfromOSPFintoEIGRP.

http://www.itcertnotes.com/2012/01/manipulatingroutingupdates.html

6/11

4/17/2015

itcertnotes:ManipulatingRoutingUpdates

BelowshowstheconfigurationonRT2:
!
routerospf100
network12.12.12.20.0.0.0area0
!
routereigrp100
redistributeospf100routemapOSPFEIGRP
network23.23.23.20.0.0.0
defaultmetric1000010025511500
noautosummary
!
ipprefixlistOSPFEIGRProutesseq5permit10.0.0.0/8
ipprefixlistOSPFEIGRProutesseq10permit11.0.0.0/8ge9
ipprefixlistOSPFEIGRProutesseq15permit12.0.0.0/8ge9
ipprefixlistOSPFEIGRProutesseq20permit13.0.0.0/8ge9le24
ipprefixlistOSPFEIGRProutesseq25permit172.16.0.0/16
ipprefixlistOSPFEIGRProutesseq30permit172.17.0.0/16ge24
ipprefixlistOSPFEIGRProutesseq35permit172.18.0.0/16ge24
ipprefixlistOSPFEIGRProutesseq40permit172.19.0.0/16ge24le30
!
routemapOSPFEIGRPpermit10
matchipaddressprefixlistOSPFEIGRProutes
!

BelowshowstheroutingtableonRT3:
RT3#shiproute
Gatewayoflastresortisnotset
23.0.0.0/24issubnetted,1subnets
C23.23.23.0isdirectlyconnected,FastEthernet0/0
DEX172.16.0.0/16[170/284160]via23.23.23.2,00:01:29,FastEthernet0/0
172.19.0.0/16isvariablysubnetted,2subnets,2masks
DEX172.19.2.0/30[170/284160]via23.23.23.2,00:00:04,FastEthernet0/0
DEX172.19.1.0/28[170/284160]via23.23.23.2,00:00:04,FastEthernet0/0
172.18.0.0/24issubnetted,1subnets
DEX172.18.1.0[170/284160]via23.23.23.2,00:00:24,FastEthernet0/0
DEX10.0.0.0/8[170/284160]via23.23.23.2,00:04:52,FastEthernet0/0
12.0.0.0/8isvariablysubnetted,3subnets,2masks
DEX12.11.0.0/16[170/284160]via23.23.23.2,00:03:06,FastEthernet0/0
DEX12.12.12.0/24[170/284160]via23.23.23.2,00:03:06,FastEthernet0/0
DEX12.13.14.0/24[170/284160]via23.23.23.2,00:03:06,FastEthernet0/0
13.0.0.0/8isvariablysubnetted,2subnets,2masks
DEX13.12.0.0/16[170/284160]via23.23.23.2,00:02:35,FastEthernet0/0
DEX13.14.15.0/24[170/284160]via23.23.23.2,00:02:35,FastEthernet0/0
RT3#

RouteFilteringusingRouteMaps
Thesamplenetworkabovedemonstratestheflexibilityoffilteringredistributedroutesusingroutemaps.Onlycertain
prefixesarebeingredistributedfromEIGRPtoOSPF,andviceversa.
Theroutemapssimplyneedtohaveroutemapstatementswithdenyandpermitactionstomatchtheroutestobe
filteredandnottobefilteredcorrespondingly.
Thereare2differentapproachestoperformthementionedtask:
Approach#1:BeginwithamatchoftheroutestobefilteredusingextendedIPACLsorIPprefixlists,withadeny
actionfortheroutestobefiltered.Followedbyapermitstatementwithnomatchcommandatall,matchingand
allowingallremainingroutes.
Approach#2:BeginwithamatchofroutesnottobeallowedusingextendedIPACLsorIPprefixlists,witha
permitactionfortheroutestobeallowed.Followedbyusingtheimplicitdenyallattheendoftheroutemapto
filterunwantedroutes.
BelowshowstheconfigurationonRT2.Itusesapproach#1tofilterroutesfromEIGRPtoOSPF,andapproach#2to
filterroutesfromOSPFtoEIGRP.
!FilteringredistributedroutesfromEIGRPtoOSPF(Approach#1):
!
ipaccesslistextendedmatch192.168.1.0_24
permitiphost192.168.1.0host255.255.255.0
!
ipaccesslistextendedmatch192.168.4.0_27*192.168.5.0_28

http://www.itcertnotes.com/2012/01/manipulatingroutingupdates.html

7/11

4/17/2015

itcertnotes:ManipulatingRoutingUpdates

permitiphost192.168.4.0host255.255.255.224
permitiphost192.168.5.0host255.255.255.240
!
routemapredisteigrp*ospfdeny10
matchipaddressmatch192.168.1.0_24
!
routemapredisteigrp*ospfdeny20
matchipaddressmatch192.168.4.0_27*192.168.5.0_28
!
routemapredisteigrp*ospfpermit100
!
routerospf100
redistributeeigrp100subnetsroutemapredisteigrp*ospf
!
!======================================================================
!FilteringredistributedroutesfromOSPFtoEIGRP(Approach#2):
!
ipprefixlistmatchospfroutesseq5permit172.16.2.0/23ge25le26
ipprefixlistmatchospfroutesseq10permit172.16.6.0/23ge29le30
!
routemapredistospf*eigrppermit10
matchipaddressprefixlistmatchospfroutes
!
routereigrp100
redistributeospf100metric200020025511500routemapredistospf*eigrp
!

Belowshows2alternativeconfigurationsforApproach#1tofilterroutesfromEIGRPtoOSPF.
!Approach#1Alternative#1:
!
ipaccesslistextendedmatch192.168.1.0_24
permitip192.168.1.00.0.0.255host255.255.255.0
!
ipaccesslistextendedmatch192.168.4.0_27*192.168.5.0_28
permitip192.168.4.00.0.0.31host255.255.255.224
permitip192.168.5.00.0.0.15host255.255.255.240
!
routemapredisteigrp*ospfdeny10
matchipaddressmatch192.168.1.0_24match192.168.4.0_27*192.168.5.0_28
!
routemapredisteigrp*ospfpermit100
!
routerospf100
redistributeeigrp100subnetsroutemapredisteigrp*ospf
!
======================================================================
!Approach#1Alternative#2:
!
ipprefixlistmatcheigrproutesseq5permit192.168.1.0/24
ipprefixlistmatcheigrproutesseq10permit192.168.4.0/23ge27le28
!
routemapredisteigrp*ospfdeny10
matchipaddressprefixlistmatcheigrproutes
!
routemapredisteigrp*ospfpermit100
!
routerospf100
redistributeeigrp100subnetsroutemapredisteigrp*ospf
!

RoutingtablesonRT1andRT3afterimplementedtheredistributionconfigurationonRT2:
RT1#shiproute
Gatewayoflastresortisnotset
12.0.0.0/24issubnetted,1subnets
C12.12.12.0isdirectlyconnected,FastEthernet0/0
172.16.0.0/16isvariablysubnetted,4subnets,4masks
DEX172.16.2.0/25[170/1333760]via12.12.12.2,00:00:30,FastEthernet0/0
DEX172.16.3.0/26[170/1333760]via12.12.12.2,00:00:30,FastEthernet0/0
DEX172.16.6.0/29[170/1333760]via12.12.12.2,00:00:30,FastEthernet0/0
DEX172.16.7.0/30[170/1333760]via12.12.12.2,00:00:30,FastEthernet0/0
C192.168.1.0/24isdirectlyconnected,Loopback1
192.168.2.0/25issubnetted,1subnets
C192.168.2.0isdirectlyconnected,Loopback2
192.168.3.0/26issubnetted,1subnets
C192.168.3.0isdirectlyconnected,Loopback3RT1#
192.168.4.0/27issubnetted,1subnets
C192.168.4.0isdirectlyconnected,Loopback4
192.168.5.0/28issubnetted,1subnets
C192.168.5.0isdirectlyconnected,Loopback5
192.168.6.0/29issubnetted,1subnets
C192.168.6.0isdirectlyconnected,Loopback6
192.168.7.0/30issubnetted,1subnets
C192.168.7.0isdirectlyconnected,Loopback7
======================================================================
RT3#shiproute

http://www.itcertnotes.com/2012/01/manipulatingroutingupdates.html

8/11

4/17/2015

itcertnotes:ManipulatingRoutingUpdates

Gatewayoflastresortisnotset
12.0.0.0/24issubnetted,1subnets
OE212.12.12.0[110/20]via23.23.23.2,00:00:35,FastEthernet0/0
23.0.0.0/24issubnetted,1subnets
C23.23.23.0isdirectlyconnected,FastEthernet0/0
172.16.0.0/16isvariablysubnetted,7subnets,7masks
C172.16.1.0/24isdirectlyconnected,Loopback1
C172.16.2.0/25isdirectlyconnected,Loopback2
C172.16.3.0/26isdirectlyconnected,Loopback3
C172.16.4.0/27isdirectlyconnected,Loopback4
C172.16.5.0/28isdirectlyconnected,Loopback5
C172.16.6.0/29isdirectlyconnected,Loopback6
C172.16.7.0/30isdirectlyconnected,Loopback7
192.168.2.0/25issubnetted,1subnets
OE2192.168.2.0[110/20]via23.23.23.2,00:00:35,FastEthernet0/0
192.168.3.0/26issubnetted,1subnets
OE2192.168.3.0[110/20]via23.23.23.2,00:00:35,FastEthernet0/0
192.168.6.0/29issubnetted,1subnets
OE2192.168.6.0[110/20]via23.23.23.2,00:00:35,FastEthernet0/0
192.168.7.0/30issubnetted,1subnets
OE2192.168.7.0[110/20]via23.23.23.2,00:00:35,FastEthernet0/0

RouteTaggingForTwoway/MutualRedistribution
Thenetworksetupaboveisrevisitedwithimplementroutetagginguponmutualredistribution.TheEIGRPandOSPF
routingprocessesonRT2andRT3canthenperformroutefilteringuponmutualredistribution.
Aroutetagfollowstherouteadvertisement,eventhroughanotherredistributionprocess.Otherroutemapscanmatch
routeswitharoutetagtomakearoutefilteringdecision.
Withtheconfigurationabove,RT2andRT3areabletoidentifyOSPFandEIGRPexternalrouteswithtagsof1and2
respectively.RT2andRT3willfilterOSPFandEIGRPexternalroutesthatadvertisedbackintotheoriginalrouting
domainsusingroutemapstatementswithdenyaction.
Settagswhenredistributingdenytaggedroutesattheredistributionpoints.
Routeselectionissometimesconfusingduetorouteredistribution.Controllingadministrativedistanceisanimportant
andeffectivemethodtoindicatethepreferenceuponrouteselection.Changingthedefaultadministrativedistance
valuesonlyaftercarefulplanningandconsideredthespecificrequirementsuponthenetworkdesignandsetup.
Thedistance{adweight}[advrouterwildcardmask[aclnum|aclname]][ip]routersubcommand
definesadministrativedistancesforallroutingprotocolsexceptEIGRPandBGP.Theoptionaladvrouter
wildcardmaskpairmatchesroutesaccordingtotheIPaddress(es)oftheadvertisingrouter(s)thatsupplythe
routinginformation.Usestheaddress/maskof0.0.0.0255.255.255.255tomatchanyadvertisingroutersupplyingthe
routinginformation.Anoptionalaccesslistcanalsobereferencedtomatchthespecificroutesfromanymatched
neighborstousethespecifiedadministrativedistancePrefixBasedAdministrativeDistance.
Note:TheipkeywordspecifiesIPderivedroutesforIntegratedISIS.
Thedistanceeigrp{internaldistanceexternaldistance}EIGRProutersubcommanddefinesthe
administrativedistancesforEIGRPinternalandexternalroutesrespectively.

http://www.itcertnotes.com/2012/01/manipulatingroutingupdates.html

9/11

4/17/2015

itcertnotes:ManipulatingRoutingUpdates

Thedistanceospf{externaldist1|interareadist2|intraareadist3}OSPFroutersubcommand
definestheadministrativedistancesofOSPFroutesbasedontheroutetype.Thiscommandperformsthesame
functionasthedistancecommandusedwithanaccesslist.However,thiscommandprovidesthecapabilitytoset
anadministrativedistanceforanentiregroupofroutes,ratherthanspecificroutesthatmatchedbyanaccesslist.A
commonusageofthiscommandiswhenimplementingOSPFprocesseswithmutualredistribution,whichisoften
requiredtopreferinternalroutesfromaprocessoverexternalroutesfromanotherprocess.

RouteFilteringusingAdministrativeDistance
Theroutesarebeingredistributedwithmetricvalueshigherthanthenativemetricsforroutesinbothroutingdomains
inordertoprotectagainstsuboptimalrouting.
BelowshowsthatsuboptimalroutingoccurredonRT3duetotheRIPv2routesredistributedintoOSPFasE2routes
havealoweradministrativedistanceandbeingpreferredovertheRIPv2routes.
RT3#shiproute
Gatewayoflastresortisnotset
35.0.0.0/24issubnetted,1subnets
C35.35.35.0isdirectlyconnected,Serial1/0
24.0.0.0/24issubnetted,1subnets
OE224.24.24.0[110/100]via123.123.123.2,00:00:10,FastEthernet0/0
123.0.0.0/24issubnetted,1subnets
C123.123.123.0isdirectlyconnected,FastEthernet0/0
OE2192.168.1.0/24[110/100]via123.123.123.2,00:00:10,FastEthernet0/0
OE2192.168.2.0/24[110/100]via123.123.123.2,00:00:10,FastEthernet0/0
45.0.0.0/24issubnetted,1subnets
OE245.45.45.0[110/100]via123.123.123.2,00:00:10,FastEthernet0/0
RT3#

Note:OSPFhasanadministrativedistanceof110RIPv2hasanadministrativedistanceof120.
TheredistributionconfigurationonRT2hasresultedinsuboptimalroutingtomanydestinations.RT3takesthelonger
(worse)OSPFpathsthanthemoredirectRIPv2pathstothosenetworks.
BelowimplementsthesolutiononRT3bychangingtheadministrativedistanceforredistributedRIPv2routes(OSPF
externalroutes)advertisedbyRT2.WhenRT3learnaboutthenetworksthatmatchedbytheaccesslistfromboth
RIPv2andOSPF,itselectstherouteslearnedfromRIPv2:
RT3#debugiprouting
IProutingdebuggingison
RT3#
RT3#conft
Enterconfigurationcommands,oneperline.EndwithCNTL/Z.
RT3(config)#accesslist1permit24.24.24.0
RT3(config)#accesslist1permit45.45.45.0
RT3(config)#accesslist1permit192.168.1.0
RT3(config)#accesslist1permit192.168.2.0
RT3(config)#
RT3(config)#routerospf100
RT3(configrouter)#distance1250.0.0.0255.255.255.2551
RT3(configrouter)#end
RT3#
00:03:56:RT:closeradmindistancefor24.24.24.0,flushing1routes
00:03:56:RT:add24.24.24.0/24via35.35.35.5,ripmetric[120/2]
00:03:56:RT:closeradmindistancefor45.45.45.0,flushing1routes
00:03:56:RT:add45.45.45.0/24via35.35.35.5,ripmetric[120/1]
00:03:56:RT:closeradmindistancefor192.168.1.0,flushing1routes
00:03:56:RT:add192.168.1.0/24via35.35.35.5,ripmetric[120/2]
00:03:56:RT:closeradmindistancefor192.168.2.0,flushing1routes

http://www.itcertnotes.com/2012/01/manipulatingroutingupdates.html

10/11

4/17/2015

itcertnotes:ManipulatingRoutingUpdates

00:03:56:RT:add192.168.2.0/24via35.35.35.5,ripmetric[120/1]
RT3#
RT3#shaccesslist
StandardIPaccesslist1
permit24.24.24.0(1match)
permit45.45.45.0(1match)
permit192.168.1.0(1match)
permit192.168.2.0(1match)
RT3#
RT3#shiproute
Gatewayoflastresortisnotset
35.0.0.0/24issubnetted,1subnets
C35.35.35.0isdirectlyconnected,Serial1/0
24.0.0.0/24issubnetted,1subnets
R24.24.24.0[120/2]via35.35.35.5,00:00:12,Serial1/0
123.0.0.0/24issubnetted,1subnets
C123.123.123.0isdirectlyconnected,FastEthernet0/0
R192.168.1.0/24[120/2]via35.35.35.5,00:00:12,Serial1/0
R192.168.2.0/24[120/1]via35.35.35.5,00:00:12,Serial1/0
45.0.0.0/24issubnetted,1subnets
R45.45.45.0[120/1]via35.35.35.5,00:00:12,Serial1/0
RT3#

BasicallyRT3assignsanadministrativedistanceof125uponredistributedroutesthatmatchedbyaccesslist1.Note
thatthedistancecommandisimplementedundertheOSPFprocess,astheadministrativedistanceshouldbe
changedforroutesthatlearnedviaOSPF,notRIPv2.
Themainadvantageofusingadministrativedistancetocontrolroutepreferenceisthatnopathinformationislost
theOSPFinformationstillresidesintheOSPFLSDB.WhentheprimarypathtoRIPv2networks(theRT3RT5link)
fails,theOSPFroutesreassertsthemselves,andRT3resumesconnectivitywiththoseRIPv2networksthroughRT2.
Asaconclusion,itisimportanttoknowthenetworkdesignandsetupinsideoutandthoroughlypriortoimplementing
redistribution,andcloselymonitorstheredistributedroutes,particularlyonnetworkswithredundantpaths,asrouters
aremorelikelytoselectsuboptimalpaths.
PostedbyYapChinHoongat9:45PM

Recommend this on Google

Labels:miscrouting

Nocomments:
PostaComment
Enteryourcomment...

Commentas:

Publish

GoogleAccount

Preview

PostaComment

NewerPost

Home

OlderPost

Subscribeto:PostComments(Atom)

AwesomeInc.template.PoweredbyBlogger.

http://www.itcertnotes.com/2012/01/manipulatingroutingupdates.html

11/11

You might also like