This chapter discusses different means of controlling routing update information, and Cisco IOS support of DHCP. It covers the following topics:
This chapter starts with a discussion of route redistribution between different routing protocols. Methods of controlling the routing information sent between these routing protocols include using distribute lists, using route maps, and changing the administrative distance; each of these methods are described. The chapter concludes with a discussion of the Dynamic Host Configuration Protocol (DHCP) and how to enable DHCP server functionality on a Cisco IOS device.
Note
This chapter on manipulating routing updates is placed before the chapter on Border Gateway Protocol (BGP) because knowledge of route redistribution and route maps is required for the BGP discussion.
Simple routing protocols work well for simple networks, but as networks grow and become more complex, it might be necessary to change routing protocols. Often the transition between routing protocols takes place gradually, so multiple routing protocols might run in a network for some time. This section examines several reasons for using more than one routing protocol, how routing information is exchanged between them, and how Cisco routers operate in a multiple routing protocol environment.
There are many reasons why a change in routing protocols might be required.
As a network grows and becomes more complex, the original routing protocol might not be the best choice anymore. For example, routers running Routing Information Protocol (RIP) periodically send their entire routing tables in their updates; as the network grows larger, the traffic from those updates can slow the network down, indicating that a change to a more scalable routing protocol might be necessary. Alternatively, the network might be using Cisco’s Enhanced Interior Gateway Routing Protocol (EIGRP) and now a protocol that supports multiple vendors might be required, or a new policy that specifies a particular routing protocol might be introduced.
Whatever the reason for the change, network administrators must manage the migration from one routing protocol to another carefully and thoughtfully. An accurate topology map of the network and an inventory of all network devices are critical for success. The new routing protocol will most likely have different requirements and capabilities from the old one; it is important for network administrators to understand what must be changed and to create a detailed plan before making any changes. For example, link-state routing protocols, such as Open Shortest Path First (OSPF) and Intermediate System-to-Intermediate System (IS-IS), require a hierarchical network structure; network administrators need to decide which routers will reside in the backbone area and how to divide the other routers into areas. Although EIGRP does not require a hierarchical structure, it operates much more effectively within one.
During the transition, there will likely be a time when two (or more) routing protocols are running in the network; it might be necessary to redistribute routing information between the protocols. If so, the redistribution strategy must be carefully planned to avoid disrupting network traffic or causing suboptimal routing. The timing of the migration must also be determined. For example, will the entire network change all at once, or will it be done in stages? Where will the migration start? An administrator must understand the network to make these decisions.
Note that networks may run multiple routing protocols as part of their design, not only as part of a migration. Thus, redistribution of routing information might be required in other cases as well. The “Redistribution Overview” section discusses the need for redistribution.
Figure 7-1 shows a sample network migration. This network initially used RIP Version 1 (RIPv1) and is migrating to OSPF, necessitating the following changes:
Conversion of the old fixed-length subnet mask (FLSM) addressing scheme to a variable-length subnet mask (VLSM) configuration
Use of a hierarchical addressing scheme to facilitate route summarization and make the network more scalable
Division of the network from one large area into a transit backbone area and two other areas
If the migration to a new routing protocol requires the IP address scheme to be changed, this must also be carefully planned. One of the first steps when migrating to a new address space is to determine the timeframe for the changeover: Will it be a gradual change, with migration of different remote sites each weekend? Or will the new addressing be put in all at once? Resources and schedules must be considered when migrating multiple remote sites to a new address space.
The address plan created for the migration needs to be well-documented and accessible for review and reference by all internetworking personnel. If there are any questions or conflicts, this document helps settle the differences. For example, the new address space might have portions already in use, unbeknownst to the designer. Having remote personnel review and agree to the address assignments for the entire network helps prevent problems in the implementation stage.
After the IP addressing scheme has been determined, you must plan and execute its implementation. In most situations, the network must stay operational during the transition from one protocol to another and from one IP addressing plan to another. For successful implementation, carefully consider the following:
Host addressing—. If host IP addresses are statically assigned, this is an excellent time to migrate to using DHCP. If DHCP is already in use, changes in IP addressing are transparent to most end users. Configure the DHCP server to start assigning the new IP addresses to individual hosts. Configure new static IP addresses on devices such as servers. Remember to also change the assigned default gateways on devices (DHCP is described in the “Configuring DHCP” section later in this chapter). Update any applications that are referencing IP addresses instead of hostnames, and any documentation that specifically references IP addresses (such as router interface descriptions).
Access lists and other filters—. Firewalls and other types of traffic filters will have been configured using the old IP addresses. It is important to have complete documentation of all the filters within the network so that they can be updated to use the new IP address ranges. If you are keeping the old and new address ranges active during the transition, the access lists and filters need modification to add the new addresses. After the transition is complete, you must remove the old addresses.
Network Address Translation (NAT)—. If you’re using NAT, it is also important to have complete documentation of all devices performing NAT within the network (such as servers, routers, and firewalls). NAT needs to be configured to recognize and use the new IP addresses. The new addresses also might need to be translated to different outside addresses, depending on the network configuration. If you are using both old and new address ranges during the transition, just add the new addresses. Again, if you use this approach, after the transition is complete, you must remove the old addresses.
Domain Name System (DNS)—. If the network contains DNS servers, decide which mappings must be redone to reflect the new addresses. Any DNS used for internal addresses needs mappings for the new IP addresses. Be sure to include the changes for any static hosts, such as web or application servers.
Timing and transition strategy—. In a large network, changes are typically done in stages. You might start at the core and work outward or start at the edges and work inward; base the decision on a thorough knowledge of the network. Other important decisions are the time of day and day of the week when changes will be implemented; be sure to allow enough time to test and verify the new configuration. Notify the Help Desk, and users, of the changes. If some portions of the network will be using both the old and new IP addresses for any length of time during the transition, configure the affected routers to recognize and use both address ranges. Secondary addresses may be used on the router interfaces.
Note
In this chapter, core and edge are generic terms used to simplify the discussion of redistribution.
Note
This list includes some of the items your transition plan needs to address. Depending on your network, there might be others.
For example, suppose that the migration shown in Figure 7-1 is being done because there are frequent changes in the network. These frequent changes cause frequent RIP updates to be sent, which uses up bandwidth. Network convergence is also slow with RIP. If OSPF were implemented in this network without changing the addressing so that route summarization could be implemented, triggered updates would still be sent frequently whenever any part of the network topology changed. The changes would cause the shortest path first (SPF) algorithm to be recomputed frequently, which in turn would disrupt routing. In this case, OSPF may be a worse choice than RIP. However, if a proper addressing plan were implemented, as is shown in the lower portion of Figure 7-1, this same network could run very efficiently. With route summarization in the right places, changes in the network topology would be hidden from most of the other routers, and the SPF algorithm would not need to run for every topology change.
If secondary addresses are required in the transition, they must be configured before any of the host addressing, NAT, or access lists can be changed. The old routing protocol also might need updating to include the new networks in its network commands if you want it to route for these networks.
Use the ip address address mask secondary interface configuration command to assign a secondary IP address to an interface.
Example 7-1 shows a sample configuration with a primary and a secondary address configured on FastEthernet 0/0.
Some routing protocols have issues with secondary addresses.
Key Point: EIGRP and OSPF Use Primary Interface Addresses
EIGRP and OSPF use an interface’s primary IP address as the source of their updates. They expect the routers on both sides of a link to belong to the same subnet.
EIGRP and OSPF do not accept an update from, or form a neighbor relationship with, a router on the wrong subnet; EIGRP constantly generates error messages in this situation. Therefore, you must use the same subnet for the primary addresses on neighbor routers; do not use the same subnet for the secondary address on one router and the primary address on its neighbor.
Key Point: Make New Addresses Primary Addresses
As soon as all the routers in a portion of the network are using the new routing protocol and the new IP address ranges, the routers can be reconfigured to use the new IP addresses as primary. One way to introduce more fault tolerance into this process, and to make the final transition easier, is to configure the original addresses as secondary addresses and the new addresses as the primary addresses until the entire network has transitioned, everything has been tested, and the network is stable. The original IP addresses, now the secondary addresses, should be removed when they are no longer needed.
Before making any changes to the routing protocol in a network, plan an escape route: Make sure you have backup copies of all device configurations. Network documentation should include information on packet-flow paths so that you can be sure that the changes will not create suboptimal paths or routing loops. Documentation should also include baseline statistics for data flows.
When planning the migration, consider the following steps:
To avoid delays, you need a clear and comprehensive timeline for all steps in the migration, including for implementing and testing the new router configurations. Consider the impact of the changes on user traffic, and make changes when traffic is least likely to be affected (for example, during off-peak hours).
Be sure to allow time for testing and verifying changes and configuration. The migration to a new routing protocol typically is gradual—one section of the network is changed at a time. When the network’s IP addressing was planned, the network was probably divided into either logical or physical hierarchical areas; plan when each of these areas will be migrated to the new routing protocol.
Determine which routing protocol is the core and which is the edge. Usually, a choice must be made between starting the migration at the core of the network and working out to the edges, or starting at an edge router and working in toward the network core. Each approach has its pros and cons. For example, if you start at an edge, you can install and test the protocol without disrupting the main network traffic, and you can work out problems that might not have shown up in a testing lab in a more realistic, smaller-scale environment before progressing with the migration.
Migrations to protocols that require a backbone area (such as OSPF) should begin at the core of the network. Because all interarea traffic goes through the backbone, the backbone must be in place before the areas can communicate. Other reasons to begin with the network core include the fact that there are typically fewer devices at the core, and that redundancy is usually built into the core design, which helps minimize the effects of any problems. The most experienced network staff is also usually at the same location as the core network devices.
Identify the boundary routers where the multiple routing protocols will run. Part of migrating to a new routing protocol includes redistribution between the old and new routing protocol. As part of the timeline, you must determine how many routers will be converted to the new routing protocol at one time. The routers that are the gateways between the old and the new routing protocols are the ones that may perform redistribution.
Determine how you want to redistribute information between the core and edge routing protocols. Redistribution is covered in detail in the following sections.
Verify that all devices support the new routing protocol. If not, you need to download, install, and test any required Cisco IOS Software upgrades before beginning the migration.
Implement and test the routing solution in a lab environment. The migration strategy should be tested in as realistic an environment as possible to identify and correct any bugs ahead of time.
Each step of the migration must be documented, tested, and verified.
The following are possible reasons why you might need multiple routing protocols running at the same time within your network:
You are migrating from an older Interior Gateway Protocol (IGP) to a new IGP. Multiple redistribution boundaries may exist until the new protocol has displaced the old protocol completely. Running multiple routing protocols during a migration is effectively the same as a network that has multiple routing protocols running as part of its design.
You want to use another protocol but need to keep the old routing protocol because of the host system’s needs. For example, UNIX host-based routers might run only RIP.
Different departments might not want to upgrade their routers to support a new routing protocol.
If you have a mixed-router vendor environment, you can use a Cisco-specific routing protocol, such as EIGRP, in the Cisco portion of the network and then use a common standards-based routing protocol, such as OSPF, to communicate with non-Cisco devices.
When multiple routing protocols are running in different parts of the network, hosts in one part of the network might need to reach hosts in the other part. One way to accomplish this is to advertise a default route into each routing protocol, but default routes might not always be the best policy. For example, the network design might not allow default routes, and if there is more than one way to get to a destination network, routers might need information about routes in the other parts of the network to determine the best path to that destination. In addition, if multiple paths exist, a router must have sufficient information to determine a loop-free path to the remote networks.
When any of these situations arise, Cisco routers allow internetworks using different routing protocols (referred to as routing domains or autonomous systems) to exchange routing information through a feature called route redistribution.
Key Point: Redistribution
Redistribution is defined as the capability of boundary routers connecting different routing domains to exchange and advertise routing information between those routing domains (autonomous systems).
Note
The term autonomous system as used here denotes internetworks using different routing protocols. These routing protocols may be IGPs or Exterior Gateway Protocols (EGPs). This use of the term autonomous system is different than that used for BGP.
In some cases the same protocol may be used in multiple different domains or autonomous systems within a network. The multiple instances of the protocol are treated no differently than if they were distinct protocols; redistribution is required to exchange routes between them.
Within each autonomous system, the internal routers have complete knowledge of their network. The router that interconnects the autonomous systems is called a boundary router. The boundary router must be running all the routing protocols that will exchange routes. In most cases, route redistribution must be configured to redistribute routes from one routing protocol to another. The only time redistribution is automatic in IP routing protocols is between Interior Gateway Routing Protocol (IGRP) and EIGRP processes running on the same router and using the same autonomous system number.
Note
IGRP is no longer supported, as of Cisco IOS Release 12.3. It is included in this chapter for completeness.
When a router redistributes routes, it allows a routing protocol to advertise routes that were not learned through that routing protocol. These redistributed routes could have been learned via a different routing protocol, such as when redistributing between EIGRP and OSPF, or they could have been learned from static routes or by a direct connection to a network. (Routers can redistribute static and connected routes and routes from other routing protocols.)
Redistribution is always performed outbound; the router doing redistribution does not change its routing table. For example, when redistribution between OSPF and EIGRP is configured, the OSPF process on the boundary router takes the EIGRP routes in the routing table and advertises them as OSPF routes to its OSPF neighbors. Likewise, the EIGRP process on the boundary router takes the OSPF routes in the routing table and advertises them as EIGRP routes to its EIGRP neighbors. With this redistribution, both autonomous systems know about the routes of the other, and each autonomous system can then make informed routing decisions for these networks. The boundary router’s neighbors see the redistributed routes as external routes. In this example, if a packet destined for one of the networks in the OSPF domain arrives from the EIGRP autonomous system, the boundary router must have the OSPF routes for the networks in the OSPF domain in its routing table to be able to forward the traffic.
This requirement might seem self-evident, but it can be a source of confusion. For instance, if a router learns about a network via EIGRP and OSPF, only the EIGRP route is put in the routing table because it has a lower administrative distance. Suppose RIP is also running on this router, and you want to redistribute OSPF routes into RIP. That network is not redistributed into RIP, because it is placed in the routing table as an EIGRP route, not as an OSPF route.
Figure 7-2 illustrates an autonomous system running OSPF that is connected to an autonomous system running EIGRP. The internal routers within each autonomous system have complete knowledge of their networks, but without redistribution, they do not know about the routes present in the other autonomous system. Router A is the boundary router, and it has active OSPF and EIGRP processes.
Without redistribution, Router A performs ships-in-the-night (SIN) routing: Router A passes OSPF route updates to its OSPF neighbors on the interfaces participating in OSPF, and it passes EIGRP route updates to its EIGRP neighbors on the interfaces participating in EIGRP. Router A does not exchange information between EIGRP and OSPF. If routers in the OSPF routing domain need to learn about the routes in the EIGRP domain, or vice versa, Router A must redistribute routes between EIGRP and OSPF.
Router A learns about network 192.168.5.0 from Router B via the EIGRP routing protocol running on its S0/0/0 interface. After redistribution is configured, Router A redistributes that information to Router C via OSPF on its S0/0/1 interface. Routing information is also passed in the other direction, from OSPF to EIGRP.
The routing table in Router B shows that it has learned about network 172.16.0.0 via EIGRP (as indicated by the D in the routing table) and that the route is external to this autonomous system (as indicated by the EX in the routing table). The routing table in Router C shows that it has learned about network 192.168.5.0 via OSPF (as indicated by the O in the routing table) and that the route is external (type 2) to this autonomous system (as indicated by the E2 in the routing table).
Note that in this example, Router A is redistributing routes that are summarized on the network class boundary. (Recall that EIGRP automatically summarizes on the class boundary, whereas OSPF must be configured to summarize.) This approach helps improve routing table stability and decreases the routing tables’ size.
Redistribution of routing information, although powerful, adds to a network’s complexity and increases the potential for routing confusion, so it should be used only when necessary. The key issues that arise when using redistribution are as follows:
Routing feedback (loops)—. Depending on how you employ redistribution—for example, if more than one boundary router is performing route redistribution—routers might send routing information received from one autonomous system back into that same autonomous system. The feedback is similar to the routing loop problem that occurs with distance vector protocols.
Incompatible routing information—. Because each routing protocol uses different metrics to determine the best path and because the metric information about a route cannot be translated exactly into a different protocol, path selection using the redistributed route information might not be optimal.
Inconsistent convergence times—. Different routing protocols converge at different rates. For example, RIP converges more slowly than EIGRP, so if a link goes down, the EIGRP network learns about it before the RIP network.
Good planning ensures that these issues do not cause problems in your network.
To understand why some of these problems might occur, you must first understand how Cisco routers select the best path when more than one routing protocol is running and how they convert the metrics used when importing routes from one autonomous system into another. These topics are discussed in the following sections.
Cisco routers use the following two parameters to select the best path when they learn two or more routes to the same destination from different routing protocols:
Administrative distance—. As discussed in Chapter 2, “Routing Principles,” administrative distance is used to rate a routing protocol’s believability. Each routing protocol is prioritized in order from most to least believable (or reliable or trustworthy) using a value called the administrative distance. This criterion is the first thing a router uses to determine which routing protocol to believe if more than one protocol provides route information for the same destination.
Routing metric—. The routing metric is a value representing the path between the local router and the destination network, according to the routing protocol being used. The metric is used to determine the routing protocol’s “best” path to the destination.
Table 7-1 lists the default administrative distance (believability) of protocols supported by Cisco (this is a copy of Table 2-2).
Table 7-1. Default Administrative Distances of Routing Protocols
Routing Protocol | Default Administrative Distance Value |
|---|---|
Connected interface | 0 |
Static route out an interface | 0 |
Static route to a next-hop address | 1 |
EIGRP summary route | 5 |
External BGP | 20 |
Internal EIGRP | 90 |
IGRP | 100 |
OSPF | 110 |
IS-IS | 115 |
RIPv1 and RIP Version 2 (RIPv2) | 120 |
Exterior Gateway Protocol (EGP) | 140 |
On-Demand Routing (ODR) | 160 |
External EIGRP | 170 |
Internal BGP | 200 |
Unknown | 255 |
Key Point: Administrative Distance
Lower administrative distances are considered more believable (better).
When using route redistribution, you might occasionally need to modify a protocol’s administrative distance so that it is preferred. For example, if you want the router to select RIP-learned routes rather than OSPF-learned routes for some specific destination, you must increase the OSPF administrative distance or decrease the RIP administrative distance for the routes to that destination. Modifying the administrative distance is discussed in the later section “Using Administrative Distance to Influence the Route-Selection Process.”
When a router is redistributing, it must assign a metric to the redistributed routes.
Redistributed routes are not physically connected to a router; rather, they are learned from other sources (such as other routing protocols). If a boundary router is to redistribute information between routing protocols, it must be capable of translating the metric of the received route from the source routing protocol into the other routing protocol. For example, if a boundary router receives a RIP route, the route has hop count as a metric. To redistribute the route into OSPF, the router must translate the hop count into a cost metric that the other OSPF routers will understand.
This metric, referred to as the seed or default metric, is defined during redistribution configuration. After the seed metric for a redistributed route is established, the metric increments normally within the autonomous system. (The exception to this rule is OSPF E2 routes, which hold their initial metric regardless of how far they are propagated across an autonomous system.)
Key Point: Seed Metric for Directly Connected Networks
When a router advertises a link that is directly connected to one of its interfaces, the initial, or seed, metric used is derived from the characteristics of that interface, and the metric increments as the routing information is passed to other routers.
For OSPF, the seed metric is based on the interface’s bandwidth. For IS-IS, each interface has a default IS-IS metric of 10. For EIGRP and IGRP, the default seed metric is based on the interface bandwidth and delay. For RIP, the seed metric starts with a hop count of 0 and increases in increments from router to router.
The default-metric router configuration command establishes the seed metric for all redistributed routes. Cisco routers also allow the seed metric to be specified as part of the redistribute command, either with the metric option or by using a route map. These commands are discussed in detail in the later section “Configuring Redistribution.”
Table 7-2 lists the default seed metric value for routes that are redistributed into each IP routing protocol. A metric of infinity tells the router that the route is unreachable and, therefore, should not be advertised. Therefore, when redistributing routes into RIP, IGRP, and EIGRP, you must specify a seed metric, or the redistributed routes will not be advertised.
For OSPF, the redistributed routes have a default type 2 (E2) metric of 20, except for redistributed BGP routes, which have a default type 2 metric of 1.
For IS-IS, the redistributed routes have a default metric of 0. But unlike RIP, IGRP, or EIGRP, a seed metric of 0 is not treated as unreachable by IS-IS. Configuring a seed metric for redistribution into IS-IS is recommended.
For BGP, the redistributed routes maintain the IGP routing metrics.
Figure 7-3 illustrates an example with an OSPF seed metric of 30 for redistributed RIP routes on Router C. The link cost of the Serial link to Router D is 100. The routes are redistributed as E2 routes, so the cost for networks 172.16.0.0, 172.17.0.0, and 172.18.0.0 in Router D is only the seed metric (30). Notice that the metrics of the three networks in the RIP cloud are irrelevant in the OSPF cloud, because the router in the OSPF network (Router D) forwards any traffic for these three networks to the border (redistributing) router, Router C. Router C then forwards the traffic within the RIP network appropriately.
The following two methods of redistribution are available:
Two-way redistribution—. Redistributes all routes between the two routing processes
One-way redistribution—. Passes a default route into one routing protocol and redistributes only the networks learned from that routing protocol into the other routing protocol
Key Point: One-Way Redistribution Is Safest
The safest way to perform redistribution is to redistribute routes in only one direction, on only one boundary router within the network. (Note, however, that this results in a single point of failure in the network.)
If redistribution must be done in both directions or on multiple boundary routers, the redistribution should be tuned to avoid problems such as suboptimal routing and routing loops. Depending on your network design, you may use any of the following redistribution techniques, as illustrated in Figure 7-4:
Redistribute a default route from the core autonomous system into the edge autonomous system, and redistribute routes from the edge routing protocols into the core routing protocol. This technique helps prevent route feedback, suboptimal routing, and routing loops.
Redistribute multiple static routes about the core autonomous system networks into the edge autonomous system, and redistribute routes from the edge routing protocols into the core routing protocol. This method works if there is only one redistribution point; multiple redistribution points might cause route feedback.
Redistribute routes from the core autonomous system into the edge autonomous system with filtering to block out inappropriate routes. For example, when there are multiple boundary routers, routes redistributed from the edge autonomous system at one boundary router should not be redistributed back into the edge autonomous system from the core at another redistribution point.
Redistribute all routes from the core autonomous system into the edge autonomous system, and from the edge autonomous system into the core autonomous system, and then modify the administrative distance associated with redistributed routes so that they are not the selected routes when multiple routes exist for the same destination.
As shown in Example 7-2, redistribution supports all routing protocols. Static and connected routes can also be redistributed to allow the routing protocol to advertise these routes.
Example 7-2. Redistribution Supports All Protocols
RtrA(config)#router rip RtrA(config-router)#redistribute ? bgp Border Gateway Protocol (BGP) connected Connected eigrp Enhanced Interior Gateway Routing Protocol (EIGRP) isis ISO IS-IS iso-igrp IGRP for OSI networks metric Metric for redistributed routes mobile Mobile routes odr On Demand stub Routes ospf Open Shortest Path First (OSPF) rip Routing Information Protocol (RIP) route-map Route map reference static Static routes <cr>
Note
Note that IGRP is not in this list because it is no longer supported as of Cisco IOS Release 12.3.
Key Point: Routes Are Redistributed into a Protocol
Routes are redistributed into a routing protocol, so the redistribute command is configured under the routing process that is to receive the redistributed routes.
Before implementing redistribution, consider the following points:
You can only redistribute routes from routing protocols that support the same protocol stack. For example, you can redistribute between IP RIP and OSPF because they both support the TCP/IP stack. You cannot redistribute between Internetwork Packet Exchange (IPX) RIP and OSPF because IPX RIP supports the IPX/Sequenced Packet Exchange (SPX) stack and OSPF does not. Although there are different protocol-dependent modules of EIGRP for IP, IPX, and AppleTalk, routes cannot be redistributed between them, because each protocol-dependent module supports a different protocol stack.
The method you use to configure redistribution varies among combinations of routing protocols. For example, redistribution occurs automatically between IGRP and EIGRP when they have the same autonomous system number, but redistribution must be configured between all other routing protocols. Some routing protocols require a metric to be configured during redistribution, but others do not.
The following steps for configuring redistribution are generic enough to apply to all routing protocol combinations. However, the commands used to implement the steps vary, as identified in the following sections. It is important that you review the Cisco IOS documentation for the configuration commands that apply to the specific routing protocols you want to redistribute.
Note
Remember, in this chapter, the terms core and edge are generic terms used to simplify the discussion of redistribution.
Locate the boundary router(s) on which redistribution is to be configured. Selecting a single boundary router for redistribution minimizes the likelihood of routing loops caused by feedback.
Determine which routing protocol is the core or backbone protocol. Typically, this protocol is OSPF, IS-IS, or EIGRP.
Determine which routing protocol is the edge or short-term (if you are migrating) protocol. Determine whether all routes from the edge protocol need to be propagated into the core. Consider methods that reduce the number of routes.
Select a method for injecting the required edge protocol routes into the core. Simple redistribution using summarized routes at network boundaries minimizes the number of new entries in the routing table of the core routers.
After you have planned the edge-to-core redistribution, consider how to inject the core routing information into the edge protocol. Your choice depends on your network.
The following sections examine the specific commands for redistributing routes into the various IP routing protocols. The default-metric and passive-interface commands are also described.
Use the redistribute protocol [process-id] [match route-type] [metric metric-value] [route-map map-tag] router configuration command to redistribute routes into RIP. This command is explained in Table 7-3.
Table 7-3. redistribute Command for RIP
Parameter | Description |
|---|---|
protocol | The source protocol from which routes are redistributed. It can be one of the following keywords: bgp, connected, eigrp, isis, iso-igrp, mobile, odr, ospf, rip, or static. |
process-id | For BGP or EIGRP, this value is an autonomous system number. For OSPF, this value is an OSPF process ID. This parameter is not required for IS-IS. |
route-type | (Optional) A parameter used when redistributing OSPF routes into another routing protocol. It is the criterion by which OSPF routes are redistributed into other routing domains. It can be any of the following: internal—. Redistributes routes that are internal to a specific autonomous system. external 1—. Redistributes routes that are external to the autonomous system but are imported into OSPF as a type 1 external route. external 2—. Redistributes routes that are external to the autonomous system but are imported into OSPF as a type 2 external route. |
metric-value | (Optional) A parameter used to specify the RIP seed metric for the redistributed route. When redistributing into RIP (and all protocols other than OSPF and BGP), if this value is not specified and no value is specified using the default-metric router configuration command, the default metric is 0. For RIP (and all protocols other than IS-IS), the default metric of 0 is interpreted as infinity, and routes will not be redistributed. The metric for RIP is hop count. |
map-tag | (Optional) Specifies the identifier of a configured route map to be interrogated to filter the importation of routes from the source routing protocol to the current RIP routing protocol. |
Example 7-3 shows how to configure redistribution from OSPF process 1 into RIP. This example uses the router rip command to access the routing process into which routes need to be redistributed—the RIP routing process. The redistribute command is then used to specify the routing protocol to be redistributed into RIP. In this case, it is OSPF routing process number 1.
Note
When redistributing into RIP, the default metric is infinity except when redistributing a static route (including a default static route defined using the ip route 0.0.0.0 0.0.0.0 command) or connected route. In that case, the default metric is 1.
Figure 7-5 provides an example of redistributing routes into RIP. On Router A, routes from OSPF process 1 are redistributed into RIP and are given a seed metric of 3. Because no route type is specified, both internal and external OSPF routes are redistributed into RIP. Notice that Router B learns about the 172.16.0.0 network from Router A via RIP; Router B’s routing table has 172.16.0.0 installed as a RIP route.
Use the redistribute protocol [process-id] [metric metric-value] [metric-type type-value] [route-map map-tag] [subnets] [tag tag-value] router configuration command to redistribute routes into OSPF. This command is explained in Table 7-4.
Table 7-4. redistribute Command for OSPF
Parameter | Description |
|---|---|
protocol | The source protocol from which routes are redistributed. It can be one of the following keywords: bgp, connected, eigrp, isis, iso-igrp, mobile, odr, ospf, rip, or static. |
process-id | For BGP or EIGRP, this value is an autonomous system number. For OSPF, this value is an OSPF process ID. This parameter is not required for RIP or IS-IS. |
metric-value | (Optional) A parameter that specifies the OSPF seed metric used for the redistributed route. When redistributing into OSPF, the default metric is 20 (except for BGP routes, which have a default metric of 1). The metric for OSPF is cost. |
type-value | (Optional) An OSPF parameter that specifies the external link type associated with the external route advertised into the OSPF routing domain. This value can be 1 for type 1 external routes or 2 for type 2 external routes. The default is 2. |
map-tag | (Optional) Specifies the identifier of a configured route map to be interrogated to filter the importation of routes from the source routing protocol to the current OSPF routing protocol. |
subnets | (Optional) An OSPF parameter that specifies that subnetted routes should also be redistributed. Only routes that are not subnetted are redistributed if the subnets keyword is not specified. |
tag-value | (Optional) A 32-bit decimal value attached to each external route. The OSPF protocol itself does not use this parameter; it may be used to communicate information between OSPF autonomous system boundary routers (ASBRs). |
Example 7-4 shows how to configure redistribution from EIGRP autonomous system 100 into OSPF. This example uses the router ospf 1 command to access the OSPF routing process 1 into which routes need to be redistributed. The redistribute command is then used to specify the routing protocol to be redistributed into OSPF—in this case, the EIGRP routing process for autonomous system 100.
Example 7-4. Configuring Redistribution into OSPF
RtrA(config)#router ospf 1 RtrA(config-router)#redistribute eigrp ? <1-65535> Autonomous system number RtrA(config-router)#redistribute eigrp 100 ? metric Metric for redistributed routes metric-type OSPF/IS-IS exterior metric type for redistributed routes route-map Route map reference subnets Consider subnets for redistribution into OSPF tag Set tag for routes redistributed into OSPF ... <cr>
Key Point: Redistributing into OSPF
When redistributing into OSPF, the default metric is 20, the default metric type is 2, and subnets are not redistributed by default.
Redistribution into OSPF can also be limited to a defined number of prefixes by the redistribute maximum-prefix maximum [threshold] [warning-only] router configuration command. The threshold parameter will default to logging a warning at 75 percent of the defined maximum value configured. After reaching the defined maximum number, no further routes are redistributed. If the warning-only parameter is configured, no limitation is placed on redistribution; the maximum value number simply becomes a second point where another warning messaged is logged. This command was introduced in Cisco IOS Version 12.0(25)S and was integrated into IOS versions 12.2(18)S and 12.3(4)T and later.
Figure 7-6 illustrates an example of redistributing EIGRP routes into OSPF. In this example, the default metric of 20 for OSPF is being used. The metric type is set to 1 (type 1 external [E1] routes), meaning that the metric increments whenever updates are passed through the network. Assuming the cost of the Ethernet link is 10, Router B’s cost for the 172.16.1.0 route is 20 + 10 = 30. The command contains the subnets option, so subnets are redistributed.
Key Point: Redistributing Subnets into OSPF
In Figure 7-6, the subnets keyword is used. If this keyword were omitted, no subnets would be redistributed into the OSPF domain (including the 172.16.1.0 subnet). Omitting this keyword is a common configuration error.
Use the redistribute protocol [process-id] [match route-type] [metric metric-value] [route-map map-tag] router configuration command to redistribute routes into EIGRP. This command is explained in Table 7-5.
Table 7-5. redistribute Command for EIGRP
Parameter | Description |
|---|---|
protocol | The source protocol from which routes are redistributed. It can be one of the following keywords: bgp, connected, eigrp, isis, iso-igrp, mobile, odr, ospf, rip, or static. |
process-id | For BGP or EIGRP, this value is an autonomous system number. For OSPF, this value is an OSPF process ID. This parameter is not required for RIP or IS-IS. |
route-type | (Optional) A parameter used when redistributing OSPF routes into another routing protocol. It is the criterion by which OSPF routes are redistributed into other routing domains. It can be one of the following: internal—. Redistributes routes that are internal to a specific autonomous system. external 1—. Redistributes routes that are external to the autonomous system but are imported into OSPF as a type 1 external route. external 2—. Redistributes routes that are external to the autonomous system but are imported into OSPF as a type 2 external route. |
metric-value | (Optional) A parameter that specifies the EIGRP seed metric, in the order of bandwidth, delay, reliability, load, and maximum transmission unit (MTU), for the redistributed route. When redistributing into EIGRP (and all protocols other than OSPF and BGP), if this value is not specified and no value is specified using the default-metric router configuration command, the default metric is 0. For EIGRP (and all protocols other than IS-IS), the default metric of 0 is interpreted as infinity, and routes will not be redistributed. The metric for EIGRP is calculated based only on bandwidth and delay by default. |
map-tag | (Optional) Specifies the identifier of a configured route map that is interrogated to filter the importation of routes from the source routing protocol to the current EIGRP routing protocol. |
Example 7-5 shows how to configure redistribution from OSPF into EIGRP autonomous system 100. This example uses the router eigrp 100 command to access the routing process into which routes need to be redistributed—in this case, the EIGRP routing process for autonomous system 100. The redistribute command is then used to specify the routing protocol to be redistributed into EIGRP autonomous system 100—in this case, OSPF routing process 1.
Note
When redistributing routes from another routing protocol into EIGRP, the default metric is φ, which is interpreted infinity. When redistributing a static or connected route into EIGRP, the default metric is equal to the metric of the associated static or connected interface.
Table 7-6 shows the five parameters that comprise metric-value when redistributing into EIGRP.
Table 7-6. metric-value Parameters for EIGRP
metric-value Parameter | Description |
|---|---|
bandwidth | The route’s minimum bandwidth in kilobits per second (kbps). |
delay | Route delay in tens of microseconds. |
reliability | The likelihood of successful packet transmission, expressed as a number from 0 to 255, where 255 means that the route is 100 percent reliable. |
loading | The route’s effective loading, expressed as a number from 1 to 255, where 255 means that the route is 100 percent loaded. |
mtu | Maximum transmission unit. The maximum packet size in bytes along the route; an integer greater than or equal to 1. |
Figure 7-7 illustrates an example of redistributing OSPF routes into EIGRP autonomous system 100. In this case, a metric is specified to ensure that routes are redistributed. The redistributed routes appear in Router B’s table as external EIGRP (D EX) routes. External EIGRP routes have a higher administrative distance than internal EIGRP (D) routes, so internal EIGRP routes are preferred over external EIGRP routes.
The metric used in this example is interpreted as follows:
Bandwidth in kbps = 10,000
Delay in tens of microseconds = 100
Reliability = 255 (maximum)
Load = 1 (minimum)
MTU = 1500 bytes
Use the redistribute protocol [process-id] [level level-value] [metric metric-value] [metric-type type-value] [route-map map-tag] router configuration command to redistribute routes into IS-IS. This command is explained in Table 7-7.
Table 7-7. redistribute Command for IS-IS
Parameter | Description |
|---|---|
protocol | The source protocol from which routes are redistributed. It can be one of the following keywords: bgp, connected, eigrp, isis, iso-igrp, mobile, odr, ospf, rip, or static. |
process-id | For BGP or EIGRP, this value is an autonomous system number. For OSPF, this value is an OSPF process ID. This parameter is not required for RIP. |
level-value | (Optional) A parameter that specifies how external routes are redistributed. They can be Level 1 (level-1), Level 1/Level 2 (level-1-2), or Level 2 (level-2) routes. The default is level-2. |
metric-value | (Optional) A parameter that specifies the IS-IS seed metric used for the redistributed route. IS-IS uses a default metric of 0. Unlike RIP and EIGRP, a default metric of 0 is not treated as unreachable, so the route is redistributed. The metric is incremented as the route is propagated into the IS-IS domain. The IS-IS default metric value is cost. |
type-value | (Optional) A parameter that specifies the IS-IS metric type as external or internal. The default is internal. |
map-tag | (Optional) Specifies the identifier of a configured route map to be interrogated to filter the importation of routes from the source routing protocol to the current IS-IS routing protocol. |
Example 7-6 shows how to configure redistribution from EIGRP autonomous system 100 into IS-IS. This example uses the router isis command to access the routing process into which routes need to be redistributed—the IS-IS routing process. The redistribute command is then used to specify the routing protocol to be redistributed into IS-IS—in this case, the EIGRP routing process for autonomous system 100.
Example 7-6. Configuring Redistribution into IS-IS
RtrA(config)#router isis RtrA(config-router)#redistribute eigrp 100 ? level-1 IS-IS level-1 routes only level-1-2 IS-IS level-1 and level-2 routes level-2 IS-IS level-2 routes only metric Metric for redistributed routes metric-type OSPF/IS-IS exterior metric type for redistributed routes route-map Route map reference ... <cr>
By default, routes are introduced into IS-IS as Level 2, with a metric of 0.
Redistribution into IS-IS can also be limited to a defined number of prefixes by the redistribute maximum-prefix maximum [threshold] [warning-only | withdraw] router configuration command. The threshold parameter will default to logging a warning at 75 percent of the defined maximum value configured. After reaching the defined maximum number, no further routes are redistributed. The optional withdraw parameter will also cause IS-IS to rebuild link-state protocol data units (PDUs) (link-state packets [LSPs]) without the external (redistributed) IP prefixes. If the warning-only parameter is configured, no limitation is placed on redistribution; the maximum value number simply becomes a second point where another warning messaged is logged. This command was introduced in Cisco IOS Version 12.0(25)S and was integrated into IOS versions 12.2(18)S and 12.3(4)T and later.
Figure 7-8 illustrates an example of redistributing from EIGRP autonomous system 100 into IS-IS, on Router A. No metric is configured, so these routes have a seed metric of 0. No level type is given, so the routes are redistributed as Level 2 routes (as shown by the L2 in Router B’s routing table).
Key Point: Changing Default Metrics
You can affect how routes are redistributed by changing the default metric associated with a protocol. You either specify the default metric with the default-metric router configuration command or use the metric-value parameter in the redistribute command.
If you use the default-metric command, the default metric you specify applies to all protocols being redistributed into this protocol.
If you use the metric parameter in the redistribute command, you can set a different default metric for each protocol being redistributed. A metric configured in a redistribute command overrides the value in the default-metric command for that one protocol.
When redistributing into EIGRP, use the default-metric bandwidth delay reliability loading mtu router configuration command to set the seed metric for all protocols. The parameters of this command are the same as those described earlier in Table 7-6.
When redistributing into OSPF, RIP, and BGP, use the default-metric number router configuration command for setting the seed metric. The number is the value of the metric, such as the number of hops for RIP.
There are times when you must include a subnet in a routing protocols’ network command, although you do not want the interface on which the subnet is connected to participate in the routing protocol.
Key Point: passive-interface Command
The passive-interface type number [default] router configuration command prevents a routing protocol’s routing updates from being sent through the specified router interface. This command is used to set either a particular interface or all router interfaces to passive; use the default option to set all router interfaces to passive.
Table 7-8 describes the parameters of this command.
Table 7-8. passive-interface Command
Parameter | Description |
|---|---|
type number | Specifies the type of interface and interface number that will not send routing updates (or establish neighbor relationships for link-state routing protocols and EIGRP). |
default | (Optional) A parameter that sets all interfaces on the router as passive by default. |
When you use the passive-interface command with RIP and IGRP, routing updates are not sent out of the specified interface. However, the router still receives routing updates on that interface.
When you use the passive-interface command with EIGRP, hello messages are not sent out of the specified interface. Neighboring router relationships do not form with other routers that can be reached through that interface (because the hello protocol is used to verify bidirectional communication between routers). Because no neighbors are found on an interface, no other EIGRP traffic is sent.
Using the passive-interface command on a router running a link-state routing protocol also prevents the router from establishing neighboring router adjacencies with other routers connected to the interface specified in the command. The router does not send hello packets on the interface and therefore cannot establish neighbor adjacencies.
Note
During testing with debug commands, it was found that in some IOS versions OSPF sends hello and database description (DBD) packets on passive interfaces but does not send link state updates (LSUs).
EIGRP does not send anything on passive interfaces.
In Internet service providers (ISPs) and large enterprise networks, many distribution routers have more than 200 interfaces. Before the introduction of the passive-interface default command in Cisco IOS Software Release 12.0, network administrators would configure the routing protocol on all interfaces and then manually set the passive-interface command on the interfaces where they did not require adjacency. However, this solution meant entering many passive-interface commands. A single passive-interface default command can now be used to set all interfaces to passive by default. To enable routing on individual interfaces where you require adjacencies, use the no passive-interface command.
For example, in Figure 7-9, Routers A and B run RIP and have a network command that encompasses all their interfaces. However, the network administrator wants to run RIP only on the link between Router A and Router B. Router A has several interfaces, so the passive-interface default command is configured, and then the no passive-interface command is used for the one interface from where RIP updates are advertised. Router B has only two interfaces, so the passive-interface command is used for the one interface that does not participate in RIP routing.
It is important to understand how this configuration affects the information exchanged between Routers A, B, and C. Unless you configure another routing protocol between Routers A and B and Router C, and redistribute between it and RIP, Router A does not tell Router C about the networks it learned from Router B via RIP (or about any of Router A’s directly connected networks). Likewise, Router B does not tell Router C that it has a way to reach the networks advertised by Router A via RIP (or about any of Router B’s directly connected networks). Physical redundancy is built into this network; however, the three routers might not be able to use the redundancy effectively if they are not configured properly. For example, if the link between Routers C and A fails, Router C does not know that it has an alternative route through Router B to reach Router A.
This section shows an example of route redistribution in a network using multiple routing protocols.
Figure 7-10 shows the network of a hypothetical company. The network begins with two routing domains (or autonomous systems)—one using OSPF and one using RIPv2. Router B is the boundary router; it connects directly to one router within each routing domain and runs both protocols. Router A is in the RIPv2 domain and advertises subnets 10.1.0.0, 10.2.0.0, and 10.3.0.0 to Router B. Router C is in the OSPF domain and advertises subnets 10.8.0.0, 10.9.0.0, 10.10.0.0, and 10.11.0.0 to Router B.
Figure 7-10 also shows the configuration of Router B. RIPv2 is required to run on the serial 0/0/1 interface only, so the passive-interface command is configured for interface serial 0/0/2 to prevent RIPv2 from sending route advertisements out that interface. OSPF is configured on interface serial 0/0/2.
Figure 7-11 shows the routing tables for Routers A, B, and C. Each routing domain is separate, and routers within them only recognize routes communicated from their own routing protocols. The only router with information on all the routes is Router B, the boundary router that runs both routing protocols and connects to both routing domains.
The goal of redistribution in this network is for all routers to recognize all routes within the company. To accomplish this goal, RIPv2 routes are redistributed into OSPF, and OSPF routes are redistributed into RIPv2. Router B is the boundary router, so the redistribution is configured on it, as shown in Figure 7-12.
RIPv2 is redistributed into the OSPF process, and the metric is set using the redistribute command. A metric value of 300 is selected because it is a worse metric than any belonging to a native OSPF route.
Routes from OSPF process 1 are redistributed into the RIPv2 process with a metric of 5. A value of 5 is chosen because it is higher than any metric in the RIP network.
Figure 7-13 shows the routing tables of all three routers after redistribution is complete; Routers A and C now have routes to all the subnets that Router B learned from the other routing protocol. There is complete reachability; however, Routers A and C now have many more routes to keep track of than before. They also will be affected by any topology changes in the other routing domain.
Note
Notice in Figure 7-13 that Router A does not see the 10.0.0.8/30 subnet, and Router C does not see the 10.0.0.0/30 subnet; these subnets are directly connected to Router B and therefore are not redistributed by the redistribute rip or redistribute ospf commands. You would need to add redistribute connected commands to Router B to redistribute these subnets.
Depending on the network requirements, you can increase efficiency by summarizing the routes before redistributing them. Remember that route summarization hides information, so if routers in the other autonomous systems are required to track topology changes within the entire network, route summarization should not be performed. A more typical case is that the routers need to recognize topology changes only within their own routing domains, so performing route summarization is appropriate.
Note
Remember from Chapter 2 that you must be careful when configuring route summarization. If a summarized route indicates that certain subnets can be reached via a router, when in fact those subnets are discontiguous or unreachable via that router, you may experience reachability problems.
If routes are summarized before redistribution, each router’s routing tables are significantly smaller. Figure 7-14 shows the routing tables after summarization has been configured. Router B benefits the most; it now has only four routes to keep track of instead of nine. Router A has five routes instead of eight, and Router C has six routes to keep track of instead of eight. The configurations on Routers A and C are also shown in Figure 7-14.
For RIPv2 on Router A, the summarization command is configured on the interface connecting to Router B, interface S0/0/0. Interface S0/0/0 advertises the summary address instead of the individual subnets. (Note that when RIPv2 is configured, the subnet mask of the summary address must be greater than or equal to the default mask for the major classful network.) 10.0.0.0 255.252.0.0 summarizes the four subnets on Router A (including the 10.0.0.0/30 subnet).
For OSPF, summarization must be configured on an area border router (ABR) or an ASBR. Therefore, OSPF area 1 is created to include the four subnets to be summarized. Router C becomes an ABR, and the summarization command is configured under the OSPF process on Router C. 10.8.0.0 255.252.0.0 summarizes the four subnets on Router C.
Routing updates compete with user data for bandwidth and router resources, yet routing updates are critical because they carry the information that routers need to make sound routing decisions. To ensure that the network operates efficiently, you must control and tune routing updates. Information about networks must be sent where it is needed and filtered from where it is not needed. No one type of route filter is appropriate for every situation; therefore, the more techniques you have at your disposal, the better your chance of having a smooth, well-run network.
This section discusses controlling the updates sent and received by dynamic routing protocols and controlling the routes redistributed into routing protocols. In many cases, you do not want to prevent all routing information from being advertised; you might want to block the advertisement of only certain routes. For example, you could use such a solution to prevent routing loops when implementing two-way route redistribution with dual redistribution points. The following are some ways to control or prevent dynamic routing updates from being generated:
Passive interface—. A passive interface prevents routing updates for the specified protocol from being sent through an interface.
Default routes—. A default route instructs the router that if it does not have a route for a given destination, it should send the packet to the default route. Therefore, no dynamic routing updates about the remote destinations are necessary.
Static routes—. A static route allows routes to remote destinations to be manually configured on the router. Therefore, no dynamic routing updates about the remote destinations are necessary.
Distribute lists—. A distribute list allows an access list to be applied to routing updates.
Route maps—. Route maps are complex access lists that allow conditions to be tested against a packet or route, and then actions taken to modify attributes of the packet or route.
Manipulating administrative distance—. The administrative distance of specific routes can be changed to indicate route selection preference.
Passive interfaces were discussed earlier in “The passive-interface Command” section. Static and default routes were discussed in Chapter 2; specifics related to controlling routing updates are explored in the next section, which is followed by a discussion of distribute lists, route maps, and manipulating administrative distances.
Static routes are routes that you manually configure on a router. Static routes are used most often to do the following:
Define specific routes to use when two autonomous systems must exchange routing information, rather than having entire routing tables exchanged.
Define routes to destinations over a WAN link to eliminate the need for a dynamic routing protocol—that is, when you do not want routing updates to enable or cross the link.
When configuring static routes, keep in mind the following considerations:
When using static routes instead of dynamic routing updates, all participating routers must have static routes defined so that they can reach remote networks. Static route entries must be defined for all routes for which a router is responsible. To reduce the number of static route entries, you can define a default static route—for example, ip route 0.0.0.0 0.0.0.0 S0/0/1.
If you want a router to advertise a static route in a routing protocol, you might need to redistribute it.
You can configure default routes for routing protocols on Cisco routers. For example, when you create a default route on a router running RIP, the router advertises an address of 0.0.0.0. When a router receives this default route, it forwards any packets destined for a destination that does not appear in its routing table to the default route you configured.
You can also configure a default route by using the ip default-network network-number global configuration command. Figure 7-15 and Example 7-8 and Example 7-9 demonstrate the use of this command on a router running RIP. With the ip default-network command, you designate an actual network currently available in the routing table as the default path to use.
In Example 7-8, the R2 router has a directly connected interface onto the network specified in the ip default-network network-number command. RIP generates (sources) a default route, which appears as a 0.0.0.0 0.0.0.0 route to its RIP neighbor routers, as shown in Example 7-9 for R3.
Example 7-8. Configuration on Router R2 in Figure 7-15
R2#show run <output omitted> router rip network 10.0.0.0 network 172.31.0.0 ! ip classless ip default-network 10.0.0.0
Example 7-9. Routing Table on R3 in Figure 7-15
R3#show ip route <output omitted> Gateway of last resort is 10.64.0.2 to network 0.0.0.0 <Output Omitted> R 172.31.0.0/16 [120/1] via 10.64.0.2, 00:00:16, FastEthernet0/0 R* 0.0.0.0/0 [120/1] via 10.64.0.2, 00:00:05, FastEthernet0/0
Key Point: Default Routes and Routing Protocols
The ip default-network command is used to distribute default route information to other routers. For RIP, this command provides no functionality for the router on which it is configured. Other protocols behave differently than RIP with the ip default-network and ip route 0.0.0.0 0.0.0.0 commands.
For example, EIGRP does not redistribute the 0.0.0.0 0.0.0.0 default route by default. However, if the network 0.0.0.0 command is added to the EIGRP configuration, it redistributes a default route as a result of the ip route 0.0.0.0 0.0.0.0 interface command (but not as a result of the ip route 0.0.0.0 0.0.0.0 address or ip default-network commands). Refer to the Cisco IOS documentation for further information.
Another way to control routing updates is to use a distribute list.
Key Point: Distribute List
A distribute list allows the application of an access list to routing updates.
Access lists are usually associated with interfaces and are usually used to control user traffic. However, routers can have many interfaces, and route information can also be obtained through route redistribution, which does not involve a specific interface. In addition, access lists do not affect traffic originated by the router, so applying one on an interface has no effect on outgoing routing advertisements. However, when you configure an access list for a distribute list, routing updates can be controlled, no matter what their source is.
Access lists are configured in global configuration mode; the associated distribute list is configured under the routing protocol process. The access list should permit the networks that you want advertised or redistributed and deny the networks that you want to remain hidden. The router then applies the access list to routing updates for that protocol. Options in the distribute-list command allow updates to be filtered based on factors including the following:
Incoming interface
Outgoing interface
Redistribution from another routing protocol
Using a distribute list gives the administrator great flexibility in determining just which routes will be permitted and which will be denied.
Figure 7-16 shows the general process that a router uses when filtering routing updates using a distribute list that is based on the incoming or outgoing interface. The process includes the following steps:
The router receives a routing update or prepares to send an update about one or more networks.
The router looks at the interface involved with the action: the interface on which an incoming update has arrived, or, for an update that must be advertised, the interface out of which it should be advertised.
The router determines if a filter (distribute list) is associated with the interface.
If a filter (distribute list) is not associated with the interface, the packet is processed normally.
If a filter (distribute list) is associated with the interface, the router scans the access list referenced by the distribute list for a match for the given routing update.
If there is a match in the access list, the route entry is processed as configured; it is either permitted or denied by the matching access list statement.
If no match is found in the access list, the implicit deny any at the end of the access list causes the route entry to be dropped.
You can filter routing update traffic for any protocol by defining an access list and applying it to a specific routing protocol using the distribute-list command. A distribute list enables the filtering of routing updates coming into or out of a specific interface from neighboring routers using the same routing protocol. A distribute list also allows the filtering of routes redistributed from other routing protocols or sources. To configure a distribute list, follow this procedure:
Identify the network addresses of the routes you want to filter, and create an access list.
Determine whether you want to filter traffic on an incoming interface, traffic on an outgoing interface, or routes being redistributed from another routing source.
Use the distribute-list {access-list-number | name} out [interface-name | routing-process [routing-process parameter]] router configuration command to assign the access list to filter outgoing routing updates. Table 7-9 explains this command. The distribute-list out command cannot be used with link-state routing protocols to block outbound link-state advertisements (LSAs) on an interface.
Table 7-9. distribute-list out Command
Parameter
Description
access-list-number | name
Specifies the standard access list number or name.
out
Applies the access list to outgoing routing updates.
interface-name
(Optional) Specifies the name of the interface out of which updates are filtered.
routing-process
(Optional) Specifies the name of the routing process, or the keyword static or connected, that is being redistributed and from which updates are filtered.
routing-process parameter
(Optional) Specifies a routing process parameter, such as the autonomous system number of the routing process.
Use the distribute-list {access-list-number | name} [route-map map-tag] in [interface-type interface-number] router configuration command to assign the access list to filter routing updates coming in through an interface. (This command also allows the use of a route map instead of an access list for OSPF.) Table 7-10 explains this command. This command prevents most routing protocols from placing the filtered routes in their database; when this command is used with OSPF, the routes are placed in the database, but not the routing table.
Table 7-10. distribute-list in Command
Parameter
Description
access-list-number | name
Specifies the standard access list number or name.
map-tag
(Optional) Specifies the name of the route map that defines which networks are to be installed in the routing table and which are to be filtered from the routing table. This argument is supported by OSPF only.
in
Applies the access list to incoming routing updates.
interface-type interface-number
(Optional) Specifies the interface type and number from which updates are filtered.
Key Point: Distribute List in Versus out
The distribute-list out command filters updates going out of the interface or routing protocol specified in the command, into the routing process under which it is configured.
The distribute-list in command filters updates going into the interface specified in the command, into the routing process under which it is configured.
Figure 7-17 shows the topology of a WAN in which network 10.0.0.0 must be hidden from the devices in network 192.168.5.0.
Example 7-10 is the configuration of Router B in Figure 7-17. In this example, the distribute-list out command applies access list 7 to packets going out interface Serial 0/0/0. The access list allows only routing information about network 172.16.0.0 to be distributed out Router B’s Serial 0/0/0 interface. The implicit deny any at the end of the access list prevents updates about any other networks from being advertised. As a result, network 10.0.0.0 is hidden.
Example 7-10. Filtering Out Network 10.0.0.0 on Router B in Figure 7-17
router eigrp 1 network 172.16.0.0 network 192.168.5.0 distribute-list 7 out Serial0/0/0 ! access-list 7 permit 172.16.0.0 0.0.255.255
With mutual redistribution, using a distribute list helps prevent route feedback and routing loops. Route feedback occurs when routes originally learned from one routing protocol are redistributed back into that protocol. Figure 7-18 illustrates an example in which redistribution is configured both ways between RIPv2 and OSPF (two-way redistribution). The configuration on Router B is shown in Example 7-11.
Example 7-11. Configuration of Router B in Figure 7-18
router ospf 1 network 10.0.0.8 0.0.0.3 area 0 redistribute rip subnets distribute-list 2 out rip router rip network 10.0.0.0 version 2 passive-interface Serial0/0/3 redistribute ospf 1 metric 5 distribute-list 3 out ospf 1 access-list 2 deny 10.8.0.0 0.3.255.255 access-list 2 permit any access-list 3 permit 10.9.0.0
Router B redistributes networks 10.1.0.0 to 10.3.0.0 from RIPv2 into OSPF. Route feedback could occur if Router D, another redistribution point, is configured, and OSPF on Router D then redistributes those same networks back into RIP. Router D’s configuration would be similar to Router B’s configuration.
Therefore, the configuration in Example 7-11 shows a distribute list configuration that prevents route feedback. Access list 2 denies the original OSPF routes and permits all others; the distribute list configured under OSPF refers to this access list. The result is that networks 10.8.0.0 to 10.11.0.0, originated by OSPF, are not redistributed back into OSPF from RIPv2. All other routes are redistributed into OSPF. Redistribution from OSPF into RIPv2 is filtered with access list 3; note that this is a more restrictive filter that permits only one route, 10.9.0.0, to be redistributed into RIPv2.
A distribute list hides network information, which could be considered a drawback in some circumstances. For example, in a network with redundant paths, a distribute list might permit routing updates for only specific paths, to avoid routing loops. In this case, other routers in the network might not know about the other ways to reach the filtered networks, so if the primary path goes down, the backup paths are not used because the rest of the network does not know they exist. When redundant paths exist, you should use other techniques, such as manipulating the administrative distance or metric, instead of distribute lists, to enable the use of an alternative path (with a worse administrative distance or metric) when the primary path goes down.
Route maps provide another technique to manipulate and control routing protocol updates. Route maps may be used for a variety of purposes; after describing route map applications and operation, this section explores the use of route maps as a tool to filter and manipulate routing updates. All the IP routing protocols can use route maps for redistribution filtering.
Network administrators use route maps for a variety of purposes. Several of the more common applications for route maps are as follows:
Route filtering during redistribution—. Redistribution nearly always requires some amount of route filtering. Although distribute lists can be used for this purpose, route maps offer the added benefit of manipulating routing metrics through the use of set commands.
Policy-based routing (PBR)—. Route maps can be used to match source and destination addresses, protocol types, and end-user applications. When a match occurs, a set command can be used to define the interface or next-hop address to which the packet should be sent. PBR allows the operator to define routing policy other than basic destination-based routing using the routing table. PBR is discussed in Appendix D, “Manipulating Routing Updates Supplement.”
NAT—. Route maps can better control which private addresses are translated to public addresses. Using a route map with NAT also provides more detailed show commands that describe the address-translation process.
BGP—. Route maps are the primary tools for implementing BGP policy. Network administrators assign route maps to specific BGP sessions (neighbors) to control which routes are allowed to flow in and out of the BGP process. In addition to filtering, route maps provide sophisticated manipulation of BGP path attributes. Route maps for BGP are discussed in Chapter 8, “Configuring the Border Gateway Protocol.”
Route maps are complex access lists that allow some conditions to be tested against the packet or route in question using match commands. If the conditions match, some actions can be taken to modify attributes of the packet or route; these actions are specified by set commands.
A collection of route map statements that have the same route map name are considered one route map. Within a route map, each route map statement is numbered and therefore can be edited individually.
The statements in a route map correspond to the lines of an access list. Specifying the match conditions in a route map is similar in concept to specifying the source and destination addresses and masks in an access list.
Key Point: Route Maps Versus Access Lists
One big difference between route maps and access lists is that route maps can modify the packet or route by using set commands.
The route-map map-tag [permit | deny] [sequence-number] global configuration command can be used to define a route map. This command is explained in detail in Table 7-11.
Table 7-11. route-map Command
Parameter | Description |
|---|---|
map-tag | Name of the route map. |
permit | deny | (Optional) A parameter that specifies the action to be taken if the route map match conditions are met; the meaning of permit or deny is dependent on how the route map is used. |
sequence-number | (Optional) A sequence number that indicates the position that a new route map statement will have in the list of route map statements already configured with the same name. |
The default for the route-map command is permit, with a sequence-number of 10.
Key Point: Route Map Sequence Numbering
If you leave out the sequence number when configuring all statements for the same route map name, the router will assume that you are editing and adding to the first statement, sequence number 10. Route map sequence numbers do not automatically increment!
A route map may be made up of multiple route map statements. The statements are processed top-down, similar to an access list. The first match found for a route is applied. The sequence number is also used for inserting or deleting specific route map statements in a specific place in the route map.
The match condition route map configuration commands are used to define the conditions to be checked. The set condition route map configuration commands are used to define the actions to be followed if there is a match and the action to be taken is permit. (The consequences of a deny action depend on how the route map is being used.)
A single match statement may contain multiple conditions. At least one condition in the match statement must be true for that match statement to be considered a match (this is a logical OR operation). A route map statement may contain multiple match statements. All match statements in the route map statement must be considered true for the route map statement to be considered matched. (This is a logical AND operation.)
Key Point: Route Map Match Conditions
Only one condition listed on the same match statement must match for the entire statement to be considered a match.
However, all match statements within a route map statement must match for the route map to be considered matched.
For example, IP standard or extended access lists can be used to establish match criteria using the match ip address {access-list-number | name} [...access-list-number | name] route map configuration command. If multiple access lists are specified, matching any one results in a match. A standard IP access list can be used to specify match criteria for a packet’s source address; extended access lists can be used to specify match criteria based on source and destination addresses, application, protocol type, type of service (ToS), and precedence.
The sequence number specifies the order in which conditions are checked. For example, if two statements in a route map are named MYMAP, one with sequence 10 and the other with sequence 20, sequence 10 is checked first. If the match conditions in sequence 10 are not met, sequence 20 is checked.
Like an access list, an implicit deny any appears at the end of a route map. The consequences of this deny depend on how the route map is being used.
Another way to explain how a route map works is to use a simple example and see how a router would interpret it. Example 7-12 shows a sample route map configuration. (Note that on a router, all the conditions and actions shown would be replaced with specific conditions and actions, depending on the exact match and set commands used.)
The route map named demo in Example 7-12 is interpreted as follows:
If {(x or y or z) and (a) match} then {set b and c}ElseIf q matches then set rElseSet nothing
The redistribute commands discussed in the “Configuring Redistribution” section all have a route-map option with a map-tag parameter. This parameter refers to a route map configured with the route-map map-tag [permit | deny] [sequence-number] global configuration command, as described earlier in Table 7-11.
Key Point: permit and deny For Redistribution
When used with a redistribute command, a route-map statement with permit indicates that the matched route is to be redistributed, while a route-map statement with deny indicates that the matched route is not to be redistributed.
The match condition route map configuration commands are used to define the conditions to be checked. Table 7-12 lists some of the variety of match criteria that can be defined; some of these commands are used for BGP policy, some for PBR, and some for redistribution filtering.
Table 7-12. match Commands
Command | Description |
|---|---|
match ip address {access-list-number | name} [...access-list-number | name] | Matches any routes that have a network number that is permitted by a standard or extended access list. Multiple access lists can be specified; if multiple access lists are specified, matching any one results in a match. |
match length min max | Matches based on a packet’s Layer 3 length. |
match interface type number | Matches any routes that have the next hop out of one of the interfaces specified. |
match ip next-hop {access-list-number | access-list-name} […access-list-number | …access-list-name] | Matches any routes that have a next-hop router address permitted by one of the access lists specified. |
match ip route-source {access-list-number | access-list-name} […access-list-number | …access-list-name] | Matches routes that have been advertised by routers and access servers that have an address permitted by one of the access lists specified. |
match metric metric-value | Matches routes that have the metric specified. |
match route-type [external | internal | level-1 | level-2 | local] | Matches routes of the specified type. |
match community {list-number | list-name} | Matches a BGP community. |
match tag tag-value | Matches based on the tag of a route. |
The set condition route map configuration commands change or add characteristics, such as metrics, to any routes that have met a match criterion and the action to be taken is permit. (The consequences of a deny action depend on how the route map is being used.) Table 7-13 lists some of the variety of set commands that are available. Not all the set commands listed here are used for redistribution purposes; the table includes commands for BGP and PBR.
Table 7-13. set Commands
Command | Description |
|---|---|
set metric metric-value | Sets the metric value for a routing protocol. |
set metric-type [type-1 | type-2 | internal | external] | Sets the metric type for the destination routing protocol. |
set default interface type number [...type number] | Indicates where to send output packets that pass a match clause of a route map for policy routing and for which the Cisco IOS Software has no explicit route to the destination. |
set interface type number [...type number] | Indicates where to send output packets that pass a match clause of a route map for policy routing. |
set ip default next-hop ip-address [...ip-address] | Indicates where to send output packets that pass a match clause of a route map for policy routing and for which the Cisco IOS Software has no explicit route to the destination. |
set ip next-hop ip-address [...ip-address] | Indicates where to send output packets that pass a match clause of a route map for policy routing. |
set level [level-1 | level-2 | stub-area | backbone] | Indicates at what level or type of area to import routes into (for IS-IS and OSPF routes). |
set as-path {tag | prepend as-path-string} | Modifies an autonomous system path for BGP routes. |
set automatic-tag | Automatically computes the BGP tag value. |
set community {community-number [additive] [well-known-community] | none} | Sets the BGP communities attribute. |
set local-preference bgp-path-attributes | Specifies a local preference value for the BGP autonomous system path. |
set weight bgp-weight | Specifies the BGP weight value. |
set origin bgp-origin-code | Specifies the BGP origin code. |
set tag | Specifies the tag value for destination routing protocol. |
Example 7-13 illustrates a route map being used to redistribute RIPv1 into OSPF 10. The route map, called redis-rip, is used in the redistribute rip route-map redis-rip subnets command under the OSPF process.
Example 7-13. Redistributing RIPv1 into OSPF Using a Route Map
router ospf 10 redistribute rip route-map redis-rip subnets route-map redis-rip permit 10 match ip address 23 29 set metric 500 set metric-type type-1 route-map redis-rip deny 20 match ip address 37 route-map redis-rip permit 30 set metric 5000 set metric-type type-2 access-list 23 permit 10.1.0.0 0.0.255.255 access-list 29 permit 172.16.1.0 0.0.0.255 access-list 37 permit 10.0.0.0 0.255.255.255
Sequence number 10 of the route map is looking for an IP address match in access list 23 or access list 29. Routes 10.1.0.0/16 and 172.16.1.0/24 match these lists. If a match is found, the router redistributes the route into OSPF with a cost metric of 500 and sets the new OSPF route to external type 1.
If there is no match to sequence number 10, sequence number 20 is checked. If there is a match in access list 37 (10.0.0.0/8), that route is not redistributed into OSPF, because sequence number 20 specifies deny.
If there is no match to sequence number 20, sequence number 30 is checked. Because sequence number 30 is a permit and there is no match criterion, all remaining routes are redistributed into OSPF with a cost metric of 5000 and an external metric of type 2.
There is a possibility that routing feedback might cause suboptimal routing or a routing loop when routes are redistributed at more than one router. Figure 7-19 illustrates a network in which mutual redistribution (redistribution in both directions) is configured on Routers A and B. To prevent redistribution feedback loops, route maps are configured on both routers.
The potential for routing feedback becomes apparent if you follow the advertisements for a specific network before route maps are configured. For example, RIPv2 on Router C advertises network 192.168.1.0. Routers A and B redistribute the network into OSPF. OSPF then advertises the route to its neighbor OSPF routers as an OSPF external route. The route passes through the OSPF autonomous system and eventually makes its way back to the other edge router. Router B (or A) then redistributes 192.168.1.0 from OSPF back into the original RIPv2 network; this is a routing feedback loop.
To prevent the routing feedback loop, a route map has been applied to Routers A and B, as shown in Example 7-14. The route-map statement with sequence number 10 refers to access list 1, which matches the original RIPv2 network. (The access list should include all networks in the RIPv2 domain.) This route map statement is a deny, so the 192.168.1.0 route is denied from being redistributed back into RIPv2. If the route does not match sequence number 10, the router then checks sequence number 20, which is an empty permit statement. This statement matches all routes, so all other routes are redistributed into RIP.
Example 7-14. Partial Configuration on Routers A and B in Figure 7-19
access-list 1 permit 192.168.1.0 0.0.0.255 route-map pacific deny 10 match ip address 1 route-map pacific permit 20 router rip redistribute ospf 10 route-map pacific router ospf 10 redistribute rip subnets
Multiple sources of routing information may be active at the same time, including static routes and routing protocols that use various methods of operation and metrics. In this situation, several sources of information may supply ambiguous next-hop addresses for a particular network, so routers must identify which routing information source is the most trustworthy and reliable. When routes are redistributed between two different methods of resolving the best path, important information may be lost—namely, the relative metrics of the routes—so route selection is sometimes confusing. One approach for correcting wayward choices is to control the administrative distance to indicate route selection preference and ensure that route selection is unambiguous. This approach does not always guarantee the best route is selected, only that route selection will be consistent.
You should change the default administrative distance carefully and by considering the network’s specific requirements.
Recall that administrative distance is a way of ranking the trustworthiness of the sources of routing information. Administrative distance is expressed as an integer from 0 to 255, as shown earlier in Table 7-1; lower values indicate greater trustworthiness or believability.
For example, in Figure 7-20, R1 chooses different paths to get to the 10.0.0.0/8 network on R6, depending on the routing protocol configured. If RIP, IS-IS, OSPF, and EIGRP are all configured on all routers in this network, the protocols make the following path decisions:
RIP, with an administrative distance of 120, chooses the R1 to R4 to R6 path based on hop count (two hops versus four hops the other way).
IS-IS, with an administrative distance of 115 and using the default metric of 10 for each interface, also chooses the R1 to R4 to R6 path based on a metric of 20 versus 40 the other way. You can modify the IS-IS metrics to portray a more accurate view of the network. IS-IS is considered more trustworthy than RIP because it is a link-state routing protocol with fast convergence, so its routing information is more complete and up to date.
OSPF, with an administrative distance of 110, typically calculates the default metric as 100 Mbps divided by the interface bandwidth, where the interface bandwidth is the speed of each link in Mbps. The path R1 to R4 to R6 default metric is (100 Mbps / 64 Kbps) + (100 Mbps / 1.544 Mbps) = (100 Mbps / .064 Mbps) + (100 Mbps / 1.544 Mbps) = (1562 + 64) = 1626. The R1 to R2 to R3 to R5 to R6 path default metric is 64 + 64 + 64 + 64 = 256. Therefore, OSPF chooses the R1 to R2 to R3 to R5 to R6 path. Although OSPF and IS-IS are both link-state routing protocols that converge quickly, OSPF is considered more trustworthy than IS-IS because OSPF bases its default metric on bandwidth and therefore is more likely to pick a faster path.
Note
By default, the Cisco routers calculate the OSPF cost using the formula 100 Mbps / bandwidth. However, this formula is based on a maximum bandwidth of 100 Mbps, resulting in a cost of 1. If you have faster interfaces, you might want to recalibrate the cost of 1 to a higher bandwidth. Chapter 5, “Advanced Open Shortest Path First Protocol Configuration,” provides details about OSPF cost calculations.
EIGRP, with an administrative distance of 90, calculates the default metric as BW + delay, where BW is [(107 / least bandwidth in the path in kbps) * 256], and delay is cumulative across the path, in tens of microseconds, multiplied by 256. Assuming a uniform link delay of 100 tens of microseconds, the R1 to R4 to R6 path default metric is ((107 / 64) * 256) + (200 * 256) = 40,051,200. The R1 to R2 to R3 to R5 to R6 path default metric is ((107 / 1544) * 256) + (400 * 256) = 1,760,431.
Therefore, EIGRP chooses the R1 to R2 to R3 to R5 to R6 path. Although EIGRP and OSPF routing protocols both converge quickly and consider bandwidth, EIGRP is considered more trustworthy than OSPF because EIGRP takes more information into account in its calculation.
Because EIGRP has the lowest administrative distance of the four protocols, only the EIGRP path to 10.0.0.0/8 is put into the routing table.
Note
The administrative distance affects only the choice of path for identical IP routes—in other words, for routes with the same prefix and mask. For example, because OSPF does not summarize by default, and all the other protocols do, the protocols might potentially provide different routing information. In this example, if OSPF advertised a route to 10.1.0.0/16 that was not advertised by any of the other protocols (because they automatically summarized to 10.0.0.0/8), the 10.1.0.0/16 route would be in the routing tables from OSPF, and the 10.0.0.0/8 route would be in the routing tables from EIGRP. As mentioned in Chapter 2, routers use the longest prefix match in the routing table if more than one entry in the routing table matches a particular destination. In this example, packets for 10.1.1.2 would be sent via the OSPF-learned route, while packets for 10.2.1.3 would be sent via the EIGRP-learned route.
Typically, multiple routing protocols are run only on the boundary routers in a network, not on all routers, so this situation should not be common.
In some cases, you will find that a router selects a suboptimal path because it believes a routing protocol that actually has a poorer route, because it has a better administrative distance. One way to make sure that routes from the desired routing protocol are selected is to assign a higher administrative distance to the route(s) from the undesired routing protocol.
For all protocols except EIGRP and BGP, use the distance administrative-distance [address wildcard-mask [ip-standard- list] [ip-extended-list]] router configuration command, as explained in Table 7-14, to change the default administrative distances.
Table 7-14. distance Command (Except for EIGRP and BGP)
Parameter | Description |
|---|---|
administrative-distance | Sets the administrative distance, an integer from 10 to 255. (The values 0 to 9 are reserved for internal use and should not be used, even though values from 1 to 9 can be configured.) |
address | (Optional) Specifies the IP address; this allows filtering of networks according to the IP address of the router supplying the routing information. |
wildcard-mask | (Optional) Specifies the wildcard mask used to interpret the IP address. A bit set to 1 in the wildcard-mask argument instructs the software to ignore the corresponding bit in the address value. Use an address/mask of 0.0.0.0 255.255.255.255 to match any IP address (any source router supplying the routing information). |
ip-standard-list ip-extended-list | (Optional) The number or name of a standard or extended access list to be applied to the incoming routing updates. Allows filtering of the networks being advertised. |
For EIGRP, use the distance eigrp internal-distance external-distance router configuration command, as explained in Table 7-15. By default, natively learned routes have an administrative distance of 90, but external routes have an administrative distance of 170.
Table 7-15. distance eigrp Command
Parameter | Description |
|---|---|
internal-distance | Specifies the administrative distance for EIGRP internal routes. Internal routes are those that are learned from another entity within the same EIGRP autonomous system. The distance can be a value from 1 to 255; the default is 90. |
external-distance | Specifies the administrative distance for EIGRP external routes. External routes are those for which the best path is learned from a neighbor external to the EIGRP autonomous system. The distance can be a value from 1 to 255; the default is 170. |
For BGP, use the distance bgp external-distance internal-distance local-distance router configuration command to change the administrative distances, as explained in Table 7-16.
Table 7-16. distance bgp Command
Parameter | Description |
|---|---|
external-distance | Specifies the administrative distance for BGP external routes. External routes are routes for which the best path is learned from a neighbor external to the autonomous system. Acceptable values are from 1 to 255. The default is 20. |
internal-distance | Specifies the administrative distance for BGP internal routes. Internal routes are learned from another BGP entity within the same autonomous system. Acceptable values are from 1 to 255. The default is 200. |
local-distance | Specifies the administrative distance for BGP local routes. Local routes are networks that are listed with a network router configuration command, often as back doors, for that router or for networks that are redistributed from another process. Acceptable values are from 1 to 255. The default is 200. |
For OSPF, you can also use the distance ospf {[intra-area dist1] [inter-area dist2] [external dist3]} router configuration command to define the OSPF administrative distances based on route type, as explained in Table 7-17.
Table 7-17. distance ospf Command
Parameter | Description |
|---|---|
dist1 | (Optional) Specifies the administrative distance for all OSPF routes within an area. Acceptable values are from 1 to 255. The default is 110. |
dist2 | (Optional) Specifies the administrative distance for all OSPF routes from one area to another area. Acceptable values are from 1 to 255. The default is 110. |
dist3 | (Optional) Specifies the administrative distance for all routes from other routing domains, learned by redistribution. Acceptable values are from 1 to 255. The default is 110. |
Figure 7-21 illustrates a network using multiple routing protocols, RIPv2 and OSPF. There are a number of ways to correct path-selection problems in a redistribution environment. The purpose of this example is to show how a problem can occur, where it appears, and one possible way to resolve it.
Recall that OSPF is by default considered more believable than RIPv2 because it has an administrative distance of 110 and RIPv2 has an administrative distance of 120. For example, if a boundary router (P3R1 or P3R2) learns about network 10.3.3.0 via RIPv2 and also via OSPF, the OSPF route is inserted into the routing table. This route is used because OSPF has a lower administrative distance than RIPv2, even though the path via OSPF might be the longer (worse) path.
Example 7-15 and Example 7-16 illustrate the configurations for the P3R1 and P3R2 routers. These configurations redistribute RIPv2 into OSPF and OSPF into RIPv2 on both routers.
Example 7-15. Configuration of Redistribution on Router P3R1 in Figure 7-21
hostname P3R1 ! router ospf 1 redistribute rip metric 10000 metric-type 1 subnets network 172.31.0.0 0.0.255.255 area 0 ! router rip version 2 redistribute ospf 1 metric 5 network 10.0.0.0 no auto-summary
Example 7-16. Configuration of Redistribution on Router P3R2 in Figure 7-21
hostname P3R2
!
router ospf 1
redistribute rip metric 10000 metric-type 1 subnets
network 172.31.0.0 0.0.255.255 area 0
!
router rip
version 2
redistribute ospf 1 metric 5
network 10.0.0.0
no auto-summaryThe RIPv2 routes redistributed into OSPF have an OSPF seed metric of 10,000 to make these routes less preferred than native OSPF routes and to protect against route feedback. The redistribute command also sets the metric type to 1 (external type 1) so that the route metrics continue to accrue. The routers also redistribute subnet information.
The OSPF routes redistributed into RIPv2 have a RIP seed metric of five hops to also protect against route feedback.
Example 7-17 displays the routing table on the P3R2 router after redistribution has occurred. Even though the P3R2 router learns RIPv2 and OSPF routes, it lists only OSPF routes in the routing table, because they have a lower administrative distance.
Example 7-17. Routing Table on Router P3R2 in Figure 7-21 with Redistribution Configured
P3R2#show ip route
<output omitted>
Gateway of last resort is not set
172.31.0.0/24 is subnetted, 1 subnet
C 172.31.3.0/24 is directly connected, Serial0/0/0
10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks
O E1 10.3.1.0/24 [110/10781] via 172.31.3.1, 00:09:47, Serial0/0/0
O E1 10.3.3.0/24 [110/10781] via 172.31.3.1, 00:04:51, Serial0/0/0
C 10.3.2.0/24 is directly connected, FastEthernet0/0
O E1 10.200.200.31/32 [110/10781] via 172.31.3.1, 00:09:48, Serial0/0/0
O E1 10.200.200.34/32 [110/10781] via 172.31.3.1, 00:04:52, Serial0/0/0
C 10.200.200.32/32 is directly connected, Loopback0
O E1 10.200.200.33/32 [110/10781] via 172.31.3.1, 00:04:52, Serial0/0/0
O E2 10.254.0.0/24 [110/50] via 172.31.3.3, 00:09:48, Serial0/0/0
P3R2The first edge router on which redistribution is configured, P3R1 in this case, has a routing table that contains both OSPF and RIPv2 routes, as you would expect. The routers in the OSPF domain learn about the routes from the RIPv2 domain via redistribution; they then advertise these RIPv2 routes via OSPF routes to their neighboring routers. Thus, the second edge router, P3R2, receives information about the RIPv2 domain routes (also called the native RIPv2 routes) from both OSPF and RIPv2. P3R2 prefers the OSPF routes because OSPF has a lower administrative distance; therefore, none of the RIPv2 routes appears in the P3R2 routing table.
Refer to Figure 7-21 to trace some of the routes. The redistribution has resulted in suboptimal paths to many of the networks. For instance, 10.200.200.34 is a loopback interface on router P3R4. P3R4 is directly attached to P3R2; however, from P3R2 the OSPF path to that loopback interface goes through P3R1, and then P3R3, and then P3R4 before it reaches its destination. The OSPF path taken is actually a longer (worse) path than the more direct RIPv2 path.
You can change the administrative distance of the redistributed RIPv2 routes to ensure that the boundary routers select the native RIPv2 routes. Example 7-18 and Example 7-19 show the configurations on the P3R1 and P3R2 routers. The distance command changes the administrative distance of the OSPF routes to the networks that match access list 64 to 125 (from 110). Table 7-18 describes some of the command parameters used in the example configurations.
Example 7-18. Configuration to Change the Administrative Distance on Router P3R1 in Figure 7-21
hostname P3R1 ! router ospf 1 redistribute rip metric 10000 metric-type 1 subnets network 172.31.0.0 0.0.255.255 area 0 distance 125 0.0.0.0 255.255.255.255 64 ! router rip version 2 redistribute ospf 1 metric 5 network 10.0.0.0 no auto-summary ! access-list 64 permit 10.3.1.0 access-list 64 permit 10.3.3.0 access-list 64 permit 10.3.2.0 access-list 64 permit 10.200.200.31 access-list 64 permit 10.200.200.32 access-list 64 permit 10.200.200.33 access-list 64 permit 10.200.200.34
Example 7-19. Configuration to Change the Administrative Distance on Router P3R2 in Figure 7-21
hostname P3R2 ! router ospf 1 redistribute rip metric 10000 metric-type 1 subnets network 172.31.0.0 0.0.255.255 area 0 distance 125 0.0.0.0 255.255.255.255 64 ! router rip version 2 redistribute ospf 1 metric 5 network 10.0.0.0 no auto-summary ! access-list 64 permit 10.3.1.0 access-list 64 permit 10.3.3.0 access-list 64 permit 10.3.2.0 access-list 64 permit 10.200.200.31 access-list 64 permit 10.200.200.32 access-list 64 permit 10.200.200.33 access-list 64 permit 10.200.200.34
Table 7-18. distance Command Parameters Used in Example 7-18 and Example 7-19
Parameter | Description |
|---|---|
125 | Defines the administrative distance that specified routes are assigned. |
0.0.0.0 255.255.255.255 | Defines the source address of the router supplying the routing information—in this case, any router. |
64 | Defines the access list to be used to filter incoming routing updates to determine which will have their administrative distance changed. |
Access list 64 is used to match all the native RIPv2 routes. The access-list 64 permit 10.3.1.0 command configures a standard access list to permit the 10.3.1.0 network; similar access list statements permit the other internal native RIPv2 networks. Table 7-19 describes some of the command parameters used in the examples.
Table 7-19. access-list Command Parameters Used in Example 7-18 and Example 7-19
Parameter | Description |
|---|---|
64 | The access list number. |
permit | Allows all networks that match the address to be permitted—in this case, to have their administrative distance changed. |
10.3.1.0 | A network to be permitted—in this case, to have its administrative distance changed. |
Both P3R1 and P3R2 are configured to assign an administrative distance of 125 to routes listed in access list 64, which it learns from OSPF. Access list 64 has permit statements for the internal native RIPv2 networks 10.3.1.0, 10.3.2.0, and 10.3.3.0 and the loopback networks 10.200.200.31, 10.200.200.32, 10.200.200.33, and 10.200.200.34. Therefore, when either of these routers learns about these networks from both RIPv2 and OSPF, it selects the routes learned from RIPv2—with a lower administrative distance of 120—over the same routes learned from OSPF (via redistribution from the other boundary router)—with an administrative distance of 125—and puts only the RIPv2 routes in the routing table.
Key Point: The distance Command
Notice in this example that the distance command is part of the OSPF routing process configuration because the administrative distance should be changed for these routes when they are learned by OSPF, not by RIPv2.
You need to configure the distance command on both redistributing routers because either one can have suboptimal routes, depending on which redistributing router sends the OSPF updates about the RIPv2 networks to the other redistributing router first.
Example 7-20 shows that Router P3R2 now retains the more direct paths to the internal networks by learning them from RIPv2.
Example 7-20. Routing Table on Router P3R2 in Figure 7-21 with the Administrative Distance Changed
P3R2#show ip route
<output omitted>
Gateway of last resort is not set
172.31.0.0/24 is subnetted, 1 subnet
C 172.31.3.0/24 is directly connected, Serial0/0/0
10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks
R 10.3.1.0/24 [120/2] via 10.3.2.4, 00:00:03, FastEthernet0/0
R 10.3.3.0/24 [120/1] via 10.3.2.4, 00:00:03, FastEthernet0/0
C 10.3.2.0/24 is directly connected, FastEthernet0/0
R 10.200.200.31/32 [120/3] via 10.3.2.4, 00:00:04, FastEthernet0/0
R 10.200.200.34/32 [120/1] via 10.3.2.4, 00:00:04, FastEthernet0/0
C 10.200.200.32/32 is directly connected, Loopback0
R 10.200.200.33/32 [120/2] via 10.3.2.4, 00:00:04, FastEthernet0/0
O E2 10.254.0.0/24 [110/50] via 172.31.3.3, 00:00:04, Serial0/0/0
P3R2#However, some routing information is lost with this configuration. For example, depending on the actual bandwidths, the OSPF path might have been better for the 10.3.1.0 network; it might have made sense not to include 10.3.1.0 in the access list for P3R2.
This example illustrates the importance of knowing your network before implementing redistribution and closely examining which routes the routers select after redistribution is enabled. You should pay particular attention to routers that can select from a number of possible redundant paths to a network, because they may select suboptimal paths.
Key Point: No Path Information Is Lost When You Modify the Administrative Distance
The most important feature of using administrative distance to control route preference is that no path information is lost; in this example, the OSPF information is still in the OSPF database. If the primary path (via the RIPv2 routes) is lost, the OSPF path reasserts itself, and the router maintains connectivity with those networks.
The best way to verify redistribution operation is as follows:
Know your network topology, particularly where redundant routes exist.
Study the routing tables on a variety of routers in the internetwork using the show ip route [ip-address] EXEC command. For example, check the routing table on the boundary router and on some of the internal routers in each autonomous system.
Perform a trace using the traceroute [ip-address] EXEC command on some of the routes that go across the autonomous systems to verify that the shortest path is being used for routing. Be sure to run traces to networks for which redundant routes exist.
If you encounter routing problems, use the traceroute and debug commands to observe the routing update traffic on the boundary routers and on the internal routers.
DHCP is used to provide dynamic IP address allocation to TCP/IP hosts. DHCP uses a client/server model; the DHCP server can be a Windows server, a UNIX-based server, or a Cisco IOS device. Cisco IOS devices can also be DHCP relay agents and DHCP clients.
Using this DHCP functionality allows a network administrator to implement more options and levels of DHCP service for a more robust and efficient network solution. This Cisco IOS functionality also allows existing equipment to be leveraged more effectively, in lieu of purchasing and installing separate devices.
DHCP is structured on the Bootstrap Protocol (BOOTP) Server (also known as BOOTPS) and BOOTP well-known User Datagram Protocol (UDP) protocols. Before these protocols existed, IP addresses were manually administered to IP hosts, which was a tedious, error-prone, and labor-intensive process.
DHCP allows IP addresses to be automatically assigned to DHCP clients. The DHCP service can be implemented with a server or with a Cisco IOS device.
Figure 7-22 illustrates where DHCP can be implemented within the Enterprise Composite Network Model.
Figure 7-23 shows the steps that occur when a DHCP client requests an IP address from a DHCP server.
The host sends a DHCPDISCOVER broadcast message to locate a DHCP server.
A DHCP server offers configuration parameters such as an IP address, a media access control (MAC) address, a domain name, a default gateway, and a lease for the IP address to the client in a DHCPOFFER unicast message. This message may also include IP telephony DHCP options such as option 150, which is used for Trivial File Transfer Protocol (TFTP) configuration of IP telephones.
The client returns a formal request for the offered IP address to the DHCP server in a DHCPREQUEST broadcast message.
The DHCP server confirms that the IP address has been allocated to the client by returning a DHCPACK unicast message to the client.
A DHCP client may receive offers from multiple DHCP servers and can accept any one of the offers; the client usually accepts the first offer it receives. An offer from the DHCP server is not a guarantee that the IP address will be allocated to the client; however, the server usually reserves the address until the client has had a chance to formally accept the address.
DHCP supports three possible address allocation mechanisms:
Manual—. The network administrator assigns an IP address to a specific MAC address. DHCP is used to dispatch the assigned address to the host.
Automatic—. The IP address is permanently assigned to a host.
Dynamic—. The IP address is assigned to a host for a limited time or until the host explicitly releases the address. This mechanism supports automatic address reuse when the host to which the address has been assigned no longer needs the address.
An address binding is the mapping between the client’s IP and hardware (MAC) addresses. The client’s IP address can be configured by the administrator (manual address allocation) or assigned from a pool by the DHCP server.
On Cisco IOS devices, DHCP address pools are stored in nonvolatile RAM (NVRAM). There is no limit on the number of address pools.
Manual bindings are also stored in NVRAM. Manual bindings are just special address pools configured by a network administrator. There is no limit on the number of manual bindings.
Automatic bindings are IP addresses that have been automatically mapped to the MAC addresses of hosts that are found in the DHCP database. Automatic bindings are stored on a remote host called the database agent, which is any host—for example, a File Transfer Protocol (FTP), TFTP, or Remote Copy Protocol (RCP) server—that stores the DHCP bindings database. The bindings are saved as text records for easy maintenance.
You can configure multiple DHCP database agents and you can configure the interval between database updates and transfers for each agent.
The DHCP server database is organized as a tree. The root of the tree is the address pool for networks, branches are subnetwork address pools, and leaves are bindings to clients. Subnetworks inherit network parameters and clients inherit subnetwork parameters. Therefore, common parameters, for example the domain name, should be configured at the highest (network or subnetwork) level of the tree.
Inherited parameters can be overridden. For example, if a parameter is defined for both the network and a subnetwork, the definition of the subnetwork is used.
Address leases are not inherited. If a lease is not specified for an IP address, by default, the DHCP server assigns a one-day lease for the address.
Configuration parameters and other control information are carried in tagged data items that are stored in the options field of the DHCP message. Options provide a method of appending additional information.
The Cisco IOS DHCP implementation also allows most DHCP server options to be customized. For example, the Cisco IOS image can be customized with option 150 to support intelligent IP phones.
The Cisco IOS DHCP server accepts address assignment requests and renewals and assigns the addresses from predefined groups of addresses contained within DHCP address pools. These address pools can also be configured to supply additional information to the requesting client such as the IP address of the DNS server, the default router, and other configuration parameters. The Cisco IOS DHCP server can accept broadcasts from locally attached LAN segments or from DHCP requests that have been forwarded by other DHCP relay agents within the network.
The Cisco IOS DHCP server can allocate dynamic IP addresses based on the relay information option (option 82) information sent by the relay agent. Automatic DHCP address allocation is typically based on an IP address, whether it be the gateway address (in the giaddr field of the DHCP packet) or the incoming interface IP address. In some networks, it is necessary to use additional information to further determine which IP addresses to allocate. By using option 82, the Cisco IOS relay agent has long been able to include additional information about itself when forwarding client-originated DHCP packets to a DHCP server. The Cisco IOS DHCP server can also use option 82 as a means to provide additional information to properly allocate IP addresses to DHCP clients.
Before configuring a Cisco IOS DHCP server, the following items should be identified:
An external FTP, TFTP, or RCP server that will be used to store the DHCP bindings database.
The IP address range to be assigned by the DHCP server and the IP addresses to be excluded (for example, the addresses of default routers and other statically assigned addresses within the dynamically assigned range).
DHCP options for devices where necessary, including the following:
Default boot image name
Default routers
DNS servers
Network Basic Input/Output System (NetBIOS) name server and NetBIOS node type
IP telephony options, such as option 150
The DNS domain name.
The Cisco IOS DHCP server and relay agent are enabled by default. You can verify if they have been disabled by checking your configuration file. If they have been disabled, the no service dhcp command will appear in the configuration file; use the service dhcp global configuration command to reenable the functionality if necessary.
The following are some of the possible tasks when configuring a Cisco IOS DHCP server. (The commands are described in Table 7-20 later in this section.)
Configuring a DHCP database agent or disabling DHCP conflict logging (required)—. A DHCP database agent stores the DHCP automatic bindings database. An address conflict occurs when two hosts use the same IP address. During address assignment, DHCP checks for conflicts using ping and gratuitous address resolution protocol (ARP). If a conflict is detected, the address is removed from the pool and the address will not be assigned until the administrator resolves the conflict. Cisco strongly recommends using database agents. However, if you choose not to configure a DHCP database agent, disable the recording of DHCP address conflicts on the DHCP server. If there is conflict logging but no database agent configured, bindings are lost across router reboots and possible false conflicts can occur causing the address to be removed from the address pool until the network administrator intervenes.
Excluding IP addresses from the pool—. The IP address configured on the router interface is automatically excluded from the DHCP address pool; the DHCP server assumes that all other IP addresses in a DHCP address pool subnet are available for assigning to DHCP clients. You need to exclude addresses from the pool if the DHCP server should not allocate those IP addresses.
Configuring a DHCP address pool (required)—. You can configure a DHCP address pool with a symbolic name (such as “building2”) or an integer (such as 3). Configuring a DHCP address pool also places you in DHCP pool configuration mode—identified by the Router(dhcp-config) prompt—from which you can configure pool parameters, including the following:
The subnet network number and mask of the DHCP address pool
The domain name for the client
The IP address of a DNS server (or servers) that is available to a DHCP client
(Optional) The name of the default boot image for a DHCP client
(Optional) The next server in the boot process of a DHCP client
(Optional) The NetBIOS WINS server that is available to a Microsoft DHCP client
(Optional) The NetBIOS node type for a Microsoft DHCP client
(Optional) The IP address of the default router for a DHCP client
(Optional) DHCP server options
(Optional) The duration of the lease
Configuring manual bindings—. Manual bindings are IP addresses that have been manually mapped to the MAC addresses of hosts and are stored in NVRAM on the DHCP server. You cannot configure manual bindings within the same pool that is configured for automatic bindings.
Configuring DHCP static mapping—. Static mapping enables static IP addresses to be assigned without creating numerous host pools with manual bindings; the mappings are created by creating a text file that the DHCP server reads.
Customizing DHCP server operation—. Customizing includes the following:
Configuring the number of ping packets and timeout—. By default, the DHCP server pings a pool address twice before assigning a particular address to a requesting client. If the ping is unanswered, the DHCP server assumes (with a high probability) that the address is not in use and assigns the address to the requesting client. By default, the DHCP server waits 2 seconds before timing out a ping packet. Both of these parameters can be changed.
Ignore all BOOTP requests—. You can configure the DHCP server to ignore and not reply to received BOOTP requests, when there is a mix of BOOTP and DHCP clients in a network segment and there is both a BOOTP server and a Cisco IOS DHCP server servicing the network segment. Because a DHCP server can also respond to a BOOTP request, an address offer may be made by the DHCP server causing the BOOTP clients to boot with the address from the DHCP server, instead of the address from the BOOTP server. The Cisco IOS Software can forward these ignored BOOTP request packets to another DHCP server if the ip helper-address interface configuration command is configured on the incoming interface (as described in the later “IP Helper Addresses” section).
Configuring a remote router to import DHCP server options from a central DHCP server—. Network administrators can configure one or more centralized DHCP servers to update specific DHCP options within the DHCP pools. The remote servers can request or “import” these option parameters from the centralized servers.
Configuring DHCP address allocation using Option 82—. Option 82 is organized as a single DHCP option that contains information known by a relay agent. The Cisco IOS DHCP server uses option 82 information to help determine which IP addresses to allocate to clients. The information sent via option 82 is used to identify which port the DHCP request came in on. This feature does not parse out the individual suboptions contained within option 82. Rather, the address allocation is done by matching a configured pattern byte by byte.
Configuring a static route with the next-hop dynamically obtained through DHCP—. Static routes can be assigned using a DHCP default gateway as the next-hop router. The static routes are installed in the routing table when the default gateway is assigned by the DHCP server.
Table 7-20 describes some of the commands used to configure a Cisco IOS DHCP server, in logical order.
Table 7-20. DHCP Server Configuration Commands
Command and Parameters | Description |
|---|---|
Router(config)#service dhcp | Enables DHCP features on router; it is on by default. |
Router(config)#ip dhcp database url [timeout seconds | write-delay seconds] | Specifies the database agent and the interval between database updates and database transfers. |
Router(config)#no ip dhcp conflict logging | Disables DHCP conflict logging. (Used if a DHCP database agent is not configured.) |
Router(config)#ip dhcp excluded-addresslow-address [high address] | Specifies the IP addresses that the DHCP server should not assign to DHCP clients. |
Router(config)#ip dhcp pool name | Creates a name for the DCHP server address pool and places you in DHCP pool configuration mode (indicated by the Router(dhcp-config)prompt). |
Router(dhcp-config)#network network-number [mask | /prefix-length] | Specifies the subnet/network number and mask of the DHCP address pool. |
Router(dhcp-config)#domain-name domain | Specifies the domain name for the client. |
Router(dhcp-config)#dns-server address [address2....address8] | Specifies the IP address of a DNS server that is available to a DHCP client. One is required, but up to eight can be specified, listed in order of preference. |
Router(dhcp-config)#bootfile filename | Specifies the name of the default boot image for a DHCP client; the boot image is generally the operating system the client uses to load. |
Router(dhcp-config)#next-server address [address2 ... address8] | Specifies the next server in the boot process of a DHCP client. If multiple servers are specified, DHCP assigns them to clients in round-robin order. |
Router(dhcp-config)#netbios-name-server address [address2....address8] | Specifies the NetBIOS WINS server that is available to a Microsoft DHCP client. One address is required; however, you can specify up to eight addresses, listed in order of preference. |
Router(dhcp-config)#netbios-node-type type | Specifies the NetBIOS node type for a Microsoft DHCP client. |
Router(dhcp-config)#default-router address [address2... ..address8] | Specifies the IP address of the default router for a DHCP client. One IP address is required; however, you can specify up to eight addresses, listed in order of preference. |
Router(dhcp-config)#option code [instance number] {ascii string | hex string | ip-address} | Specifies DHCP server options. |
Router(dhcp-config)#lease {days [hours] [minutes] | infinite} | Specifies the duration of the lease. The default is a one day. The infinite keyword specifies that the duration of the lease is unlimited. |
Router(dhcp-config)#host address [mask | /prefix-length] | Specifies the IP address and subnet mask of the client for which a manual binding is to be created. |
Router(dhcp-config)#hardware-address hardware-address type or Router(dhcp-config)client-identifier unique-identifier | Specifies a hardware address for a client, or specifies the unique identifier for a Microsoft DHCP client, for which a manual binding is to be created. |
Router(dhcp-config)#client-name name | Specifies the name of the client for which a manual binding is to be created. |
Router(dhcp-config)#ip dhcp ping packets number | Specifies the number of ping packets the DHCP server sends to a pool address before assigning the address to a requesting client; the default is 2. |
Router(dhcp-config)#ip dhcp ping timeout milliseconds | Specifies the amount of time the DHCP server waits for a ping reply from an address pool. The default is 2 seconds (2000 milliseconds). |
Router(dhcp-config)#ip dhcp bootp ignore | Allows the DHCP server to selectively ignore and not reply to received BOOTP requests. |
Router(dhcp-config)#import all | Imports DHCP option parameters into the DHCP server database. Used for remote DHCP pools. |
Note
Not all commands are listed here; for additional information see the DHCP documentation at http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hiad_c/ch10/index.htm.
In Example 7-21, three DHCP address pools are created: one in network 172.16.0.0, one in subnetwork 172.16.1.0, and one in subnetwork 172.16.2.0. Attributes from network 172.16.0.0—such as the domain name, DNS server, NetBIOS name server, and NetBIOS node type—are inherited in subnetworks 172.16.1.0 and 172.16.2.0. In pools 1 and 2, clients are granted 30-day leases. All addresses in each subnetwork, except the excluded addresses, are available to the DHCP server for assigning to clients. Table 7-21 lists the IP addresses for the devices in three DHCP address pools.
Table 7-21. DHCP Address Pool Configuration Example
Pool 0 (Network 172.16.0.0/16) | Pool 1 (Subnetwork 172.16.1.0/24) | Pool 2 (Subnetwork 172.16.2.0/24) | |||
|---|---|---|---|---|---|
Device | IP Address | Device | IP Address | Device | IP Address |
Default routers | — | Default routers | 172.16.1.100 172.16.1.101 | Default routers | 172.16.2.100 172.16.2.101 |
DNS server | 172.16.1.102 172.16.2.102 | ||||
NetBIOS name server | 172.16.1.103 172.16.2.103 | ||||
NetBIOS node type | h-node | ||||
Example 7-21. DHCP Address Pool Configuration Example
ip dhcp database ftp://user:[email protected]/router-dhcp write-delay 120 ip dhcp excluded-address 172.16.1.100 172.16.1.103 ip dhcp excluded-address 172.16.2.100 172.16.2.103 ! ip dhcp pool 0 network 172.16.0.0 /16 domain-name cisco.com dns-server 172.16.1.102 172.16.2.102 netbios-name-server 172.16.1.103 172.16.2.103 netbios-node-type h-node ! ip dhcp pool 1 network 172.16.1.0 /24 default-router 172.16.1.100 172.16.1.101 lease 30 ! ip dhcp pool 2 network 172.16.2.0 /24 default-router 172.16.2.100 172.16.2.101 lease 30
In the past, each Cisco IOS DHCP server had to be configured separately with all parameters and options. The Cisco IOS has been revised to allow remote Cisco IOS DHCP servers to import option parameters from a centralized server.
Figure 7-24 and Example 7-22 and Example 7-23 illustrate a central and remote server configured to support the importing of DHCP options. The central server is configured with DHCP options, such as DNS and WINS addresses. In response to a DHCP request from a local client, the remote server can request or “import” these option parameters from the centralized server.
Example 7-22. DHCP Import Option Example: Configuration of Central Router in Figure 7-24
! Do not assign this range to DHCP clients ip dhcp-excluded address 10.0.0.1 10.0.0.5 ! ip dhcp pool central ! Specifies the network number and mask for DHCP clients network 10.0.0.0 255.255.255.0 ! Specifies the domain name for the client domain-name central ! Specifies the DNS server that will respond to DHCP clients when they ! need to correlate host name to IP address dns-server 10.0.0.2 ! Specifies the NETBIOS WINS server netbios-name-server 10.0.0.2 ! interface FastEthernet0/0 ip address 10.0.0.1 255.255.255.0 duplex auto speed auto
Example 7-23. DHCP Import Option Example: Configuration of Remote Router in Figure 7-24
ip dhcp pool client ! Specifies the network number and mask for DHCP clients network 172.16.1.0 255.255.255.0 ! Import DHCP option parameters into DHCP server database import all ! interface FastEthernet0/0 ! Specifies that the interface acquires an IP address through DHCP ip address dhcp duplex auto speed auto
A DHCP relay agent is any host that forwards DHCP packets between clients and servers. Relay agents are used to forward requests and replies between clients and servers when they are not on the same physical subnet. Relay agents receive DHCP messages and then generate a new DHCP message to send out on another interface.
The Cisco IOS DHCP server and relay agent are enabled by default. However, the Cisco IOS DHCP relay agent is enabled on an interface only when a helper address is configured to enable DHCP broadcasts received on the interface to be forwarded to the configured DHCP server.
DHCP clients use UDP broadcasts to send their initial DHCPDISCOVER message, because they do not have information about the network to which they are attached. If the client is on a network that does not include a server, UDP broadcasts are normally not forwarded by the attached router, as illustrated in Figure 7-25.
The ip helper-address address interface configuration command causes UDP broadcasts received on the interface to be changed to a unicast and forwarded out another interface to the unicast IP address specified by the command. The relay agent sets the gateway address (the giaddr field of the DHCP packet) and, if configured, adds the relay agent information option (option 82) in the packet and forwards it to the DHCP server. The reply from the server is forwarded back to the client after removing option 82. Figure 7-26 illustrates the use of the ip helper-address command to implement a DHCP relay agent. Example 7-24 provides the helper address configuration for the router in this figure.
Example 7-24. Configuration of the Router in Figure 7-26
interface FastEthernet0/0 ip address 172.16.1.100 255.255.255.0 ip helper-address 172.16.2.1 ip helper-address 172.16.2.2 ip helper-address 172.16.3.2
Key Point: IP Helper Addresses
The ip helper-address command is configured on the interface on which the broadcasts are expected to be received.
By default, the ip helper-address command enables forwarding of packets sent to all the well-known UDP ports that may be included in a UDP broadcast message, which are the following:
The ip forward-protocol udp [port] global configuration command can be used to customize this feature to network requirements. Ports can be eliminated from the forwarding service with the no ip forward-protocol port global configuration command, and ports can be added to the forwarding service with the ip forward-protocol port global configuration command.
Example 7-25 illustrates an example. This configuration would cause packets sent to the Time and NetBIOS ports to not be forwarded; packets sent to UDP port 8000 would be forwarded.
The following are some of the possible tasks when configuring a Cisco IOS DHCP relay agent (the commands are described in Table 7-22 later in this section):
Specifying the Packet Forwarding Address (required)—. Use the ip helper-address command, as described in the previous section, to define the address of the DHCP server.
Configuring Relay Agent Information Option Support (option 82) (optional)—. By using the relay agent information option (option 82), the Cisco IOS relay agent can include additional information (the circuit identifier suboption and the remote ID suboption) about itself when forwarding client-originated DHCP packets to a DHCP server. The DHCP server can use this information to assign IP addresses, perform access control, and set QoS and security policies (or other parameter-assignment policies) for each subscriber of a service provider network. Figure 7-27 shows how the relay agent information option is inserted into the DHCP packet as follows:
The DHCP client generates a DHCP request and broadcasts it on the network.
The DHCP relay agent intercepts the broadcast DHCP request packet and inserts the relay agent information option (82) in the packet. The relay agent option contains the related suboptions.
The DHCP relay agent unicasts the DHCP packet to the DHCP server.
The DHCP server receives the packet and uses the suboptions to assign IP addresses and other configuration parameters and forwards them back to the client.
The suboption fields are stripped off of the packet by the relay agent while forwarding to the client.
Configuring the Subscriber Identifier Suboption of the Relay Agent Information Option (optional)—. An ISP can add a unique identifier to the subscriber-identifier suboption of the relay agent information option, so that the ISP can identify a subscriber, assign specific actions to that subscriber (for example, assignment of host IP address, subnet mask, and DNS), and trigger accounting.
Configuring DHCP Relay Agent Support for Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs) (optional)—. DHCP relay support for MPLS VPNs enables a network administrator to conserve address space by allowing overlapping addresses. The relay agent can support multiple clients on different VPNs, and many of these clients from different VPNs can share the same IP address.
Setting the Gateway Address of the DHCP Broadcast to a secondary address using Smart Relay Agent Forwarding (optional)—. You only need to configure helper addresses on the interface where the UDP broadcasts that you want to forward to the DHCP server are being received, and you only need the ip dhcp smart-relay command configured if you have secondary addresses on that interface and you want the router to step through each IP network when forwarding DHCP requests. Without the smart relay agent configured, all requests are forwarded using the primary IP address on the interface. If the ip dhcp smart-relay command is configured, the relay agent counts the number of times the client retries sending a request to the DHCP server when there is no DHCPOFFER message from the DHCP server. After three retries, the relay agent sets the gateway address to the secondary address. If the DHCP server still does not respond after three more retries, then the next secondary address is used as the gateway address.
Table 7-22 describes some of the commands used to configure a Cisco IOS DHCP relay agent, in logical order.
Table 7-22. DHCP Relay Agent Configuration Commands
Command and Parameters | Description |
|---|---|
Router(config)#ip dhcp information option | Enables the system to insert the DHCP relay agent information option (82) in forwarded BOOTREQUEST messages to a DHCP server. Disabled by default. |
Router(config)#ip dhcp information check | Configures DHCP to check that the relay agent information option in forwarded BOOTREPLY messages is valid. Enabled by default. |
Router(config)#ip dhcp information policy {drop | keep | replace} | A DHCP relay agent may receive a message from another DHCP relay agent that already contains relay information. By default, the relay information from the previous relay agent is replaced. This command configures the reforwarding policy for the relay agent (what the relay agent should do if a message already contains relay information). |
Router(config)#ip dhcp relay information trust-all | Configures all interfaces on a router as trusted sources of the DHCP relay information option. By default, if the gateway address is set to all zeros in the DHCP packet and the relay agent information option is already present in the packet, the DHCP relay agent will discard the packet; use this command to override this behavior and accept the packet. This is useful when Ethernet switches that may insert option 82 are involved in delivery of the packet from the client to the server. For an individual interface, the ip dhcp relay information trusted command can be used. |
Note
Not all commands are listed here; for additional information, refer to the DHCP documentation at http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cg/hiad_c/ch10/index.htm.
A DHCP client is a host using DHCP to obtain configuration parameters such as an IP address.
A Cisco IOS device can be configured to be a DHCP client and obtain an interface address dynamically from a DHCP server with the ip address dhcp interface configuration command. A router can act as both the DHCP client and DHCP server.
There are optional ip dhcp client interface configuration commands available; if used, these must be configured before entering the ip address dhcp command on the interface to ensure that the DHCPDISCOVER messages that are generated contain the correct option values. If any of the ip dhcp client commands are entered after an IP address has been acquired from DHCP, it will not take effect until the next time the router acquires an IP address from DHCP.
You can release the DHCP lease for the interface and deconfigure the IP address for the interface with the privileged EXEC command release dhcp interface-type interface-number. The lease can be renewed with the privileged EXEC command renew dhcp interface-type interface-number.
Table 7-23 describes some of the commands used to verify DHCP on an IOS device.
Table 7-23. DHCP Verification Commands
Command and Parameters | Description |
|---|---|
show ip dhcp database | Displays recent activity in the DHCP database. |
show ip dhcp server statistics | Displays server statistics and counts of the number of messages sent and received. |
show ip route dhcp {ip-address} | Displays the routes added to the routing table by the Cisco IOS DHCP server and relay agent. |
show ip dhcp binding {address} | Displays a list of all bindings created on a specific DHCP server. |
show ip dhcp conflict | Displays a list of all address conflicts recorded by a specific DHCP server. |
show ip dhcp import | Displays the option parameters that were imported into the DHCP server database. |
show ip dhcp-relay information trusted-sources | Displays all interfaces configured to be a trusted source for the DHCP relay information option. |
clear ip dhcp binding {address | *} | Deletes an automatic address binding from the DHCP database. |
clear ip dhcp conflict {address | *} | Clears an address conflict from the DHCP database. |
clear ip dhcp server statistics | Resets all DHCP server counters to 0. |
clear ip route dhcp {ip-address} | Removes routes from the routing table added by the Cisco IOS DHCP server and relay agent. |
debug dhcp detail | Displays the DHCP packets that were sent and received. |
debug ip dhcp server {events | packets | linkage} | Displays the server side of the DHCP interaction. |
In this chapter, you learned about why multiple routing protocols may run in a network and how to control routing update information between them, and about Cisco IOS support of DHCP; the following topics were presented:
Reasons for using more than one routing protocol, how routing information can be exchanged between them (referred to as redistribution), and how Cisco routers operate in a multiple routing protocol environment
Planning and implementing a new IP address scheme
The roles that the administrative distance and the routing metric play in route selection
The two methods of route redistribution: two-way and one-way
Configuration of redistribution between various IP routing protocols
Configuration of the default metric associated with a protocol
How to control routing update traffic, including using passive interfaces, default routes, static routes, distribute lists, and route maps, and manipulating the administrative distance
Configuring your router to be a DHCP server, relay agent, or client
In this Configuration Exercise, you configure your routers to redistribute routes from RIPv2 into OSPF and to supply a default route to the RIPv2 routing domain.
Note
Throughout this exercise, the pod number is referred to as x, and the router number is referred to as y. Substitute the appropriate numbers as needed.
The objectives of this exercise are to redistribute routes from RIPv2 into OSPF and to supply a default route to the RIPv2 routing domain.
Figure 7-28 illustrates the topology used and what you will accomplish in this exercise.
In this exercise, you use the commands in Table 7-24, listed in logical order. Refer to this list if you need configuration command assistance during the exercise.
Table 7-24. Basic Redistribution Configuration Exercise Commands
Command | Description |
|---|---|
(config)#router ospf 1 | Enters configuration mode for OSPF. |
(config-router)#network 172.31.xx.0 0.0.0.255 area 0 | Configures OSPF to run for interfaces 172.31.xx.0/24 in area 0. |
#(config-if)ip ospf network point-to-multipoint | Configures the point-to-multipoint network type for OSPF on an interface. |
(config)#router rip | Enters configuration mode for RIP. |
(config-router)#version 2 | Configures RIPv2. |
(config-router)#network 10.0.0.0 | Configures RIP to run on interfaces that belong to network 10.0.0.0. |
(config-router)#no auto-summary | Turns off automatic summarization of routes at classful boundaries. |
(config-router)#default-information originate | Advertises the default route through RIP. |
(config)#ip route 0.0.0.0 0.0.0.0 172.31.xx.4 | Creates a static default route. |
(config-router)#redistribute rip subnets | Redistributes RIP routes into OSPF. The subnets keyword enables the passing of subnetted routes into OSPF. |
>show ip ospf database | Displays the OSPF database. |
(config)#access-list 64 permit 10.1.0.0 0.0.255.255 | Configures access list 64 to permit any IP address that matches the first 16 bits of 10.1.0.0. |
(config-router)#distance 125 0.0.0.0 255.255.255.255 64 | Changes the administrative distance to 125 for routes from any source that matchaccess list 64. |
In this task, you remove IS-IS and change the configuration of the Serial 0/0/0 interfaces on the edge routers, before configuring redistribution. Follow these steps:
Remove the IS-IS configuration from all the pod routers using the no router isis global configuration command.
Create a loopback interface on your edge routers with the IP address of 10.200.200.xy /32, where x is the pod number and y is the router number. (Your internal routers already have loopback interfaces with these addresses configured, from a previous exercise.)
Solution:
The following shows the required steps on the P1R1 router:
P1R1(config)#no router isis P1R1(config)#int loopback 0 P1R1(config-if)#ip address 10.200.200.11 255.255.255.255
The s0/0/0 interfaces on the edge routers have subinterfaces configured. Delete this configuration with the default interface s0/0/0 command. Reconfigure the interface with an IP address of 172.31.xx.y /24, Frame Relay encapsulation, a Frame Relay static map to BBR2 using DLCI 2xy (do not forget the broadcast option), and Frame Relay Inverse ARP turned off. Enable the interface.
Solution:
The following shows the required steps on the P1R1 router:
P1R1(config)#default interface s0/0/0 Building configuration... Interface Serial0/0/0 set to default configuration P1R1(config)#interface s0/0/0 P1R1(config-if)#encapsulation frame P1R1(config-if)#ip address 172.31.11.1 255.255.255.0 P1R1(config-if)#frame-relay map ip 172.31.11.4 211 broadcast P1R1(config-if)#no frame inverse-arp P1R1(config-if)#no shutdown
In this task, you configure OSPF and RIPv2 on your pod routers. Follow these steps:
BBR2 is in OSPF area 0. Each pod’s edge routers will run both OSPF and RIPv2.
On the edge routers, put the S0/0/0 interface in OSPF area 0. Because BBR2 is configured with a point-to-multipoint interface, configure the edge router’s S0/0/0 interface with the OSPF point-to-multipoint network type.
Configure the edge routers to also run RIPv2 internally to the pod. Turn off autosummarization for RIPv2.
Solution:
The following shows the required steps on the P1R1 router:
P1R1(config)#router ospf 1 P1R1(config-router)#network 172.31.11.0 0.0.0.255 area 0 P1R1(config-router)#interface s0/0/0 P1R1(config-if)#ip ospf network point-to-multipoint P1R1(config-if)#router rip P1R1(config-router)#version 2 P1R1(config-router)#network 10.0.0.0 P1R1(config-router)#no auto-summary
Configure the internal routers to run only RIPv2 with autosummarization turned off.
Solution:
The following shows the required steps on the P1R3 router:
P1R3(config)#router rip P1R3(config-router)#version 2 P1R3(config-router)#network 10.0.0.0 P1R3(config-router)#no auto-summary
Show the IP routing table on both edge routers. Verify that both edge routers are learning both OSPF and RIPv2 routes. What is the highest hop count on the RIPv2 routes to the networks within your pod?
Solution:
The following shows sample output on the P1R1 and P1R2 routers; the highest RIP hop count is two hops:
P1R1#show ip route <output omitted> Gateway of last resort is not set 172.31.0.0/16 is variably subnetted, 3 subnets, 2 masks C 172.31.11.0/24 is directly connected, Serial0/0/0 O 172.31.11.2/32 [110/1562] via 172.31.11.4, 00:01:15, Serial0/0/0 O 172.31.11.4/32 [110/781] via 172.31.11.4, 00:01:15, Serial0/0/0 10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks C 10.200.200.11/32 is directly connected, Loopback0 R 10.200.200.14/32 [120/2] via 10.1.1.3, 00:00:19, FastEthernet0/0 [120/2] via 10.1.0.2, 00:00:10, Serial0/0/1 R 10.200.200.12/32 [120/1] via 10.1.0.2, 00:00:10, Serial0/0/1 R 10.200.200.13/32 [120/1] via 10.1.1.3, 00:00:19, FastEthernet0/0 R 10.1.3.0/24 [120/1] via 10.1.1.3, 00:00:19, FastEthernet0/0 R 10.1.2.0/24 [120/1] via 10.1.0.2, 00:00:10, Serial0/0/1 C 10.1.1.0/24 is directly connected, FastEthernet0/0 C 10.1.0.0/24 is directly connected, Serial0/0/1 O E2 10.254.0.0/24 [110/50] via 172.31.11.4, 00:01:18, Serial0/0/0 P1R1# P1R2#show ip route <output omitted> Gateway of last resort is not set 172.31.0.0/16 is variably subnetted, 3 subnets, 2 masks C 172.31.11.0/24 is directly connected, Serial0/0/0 O 172.31.11.1/32 [110/1562] via 172.31.11.4, 00:01:33, Serial0/0/0 O 172.31.11.4/32 [110/781] via 172.31.11.4, 00:01:33, Serial0/0/0 10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks R 10.200.200.11/32 [120/1] via 10.1.0.1, 00:00:17, Serial0/0/1 R 10.200.200.14/32 [120/1] via 10.1.2.4, 00:00:14, FastEthernet0/0 C 10.200.200.12/32 is directly connected, Loopback0 R 10.200.200.13/32 [120/2] via 10.1.2.4, 00:00:14, FastEthernet0/0 [120/2] via 10.1.0.1, 00:00:18, Serial0/0/1 R 10.1.3.0/24 [120/1] via 10.1.2.4, 00:00:14, FastEthernet0/0 C 10.1.2.0/24 is directly connected, FastEthernet0/0 R 10.1.1.0/24 [120/1] via 10.1.0.1, 00:00:19, Serial0/0/1 C 10.1.0.0/24 is directly connected, Serial0/0/1 O E2 10.254.0.0/24 [110/50] via 172.31.11.4, 00:01:34, Serial0/0/0 P1R2#
In this task, you configure basic redistribution between OSPF and RIPv2. Follow these steps:
Configure both edge routers to pass a default route into RIPv2, using the default-information originate command. Remember that a RIPv2 router needs a static default route configured with the appropriate next-hop (in this case, the next-hop is BBR2) to advertise it to other RIPv2 routers; configure the static default route on both edge routers.
Solution:
The following shows the required steps on the P1R1 router:
P1R1(config)#router rip P1R1(config-router)#default-information originate P1R1(config-router)#exit P1R1(config)#ip route 0.0.0.0 0.0.0.0 172.31.11.4
Examine the routing table on the internal routers. Is the default route present? What are its path and metric?
Solution:
The following shows sample output on the P1R3 router; the default route is present, with a next-hop of P1R1 and a metric of one hop:
P1R3#show ip route <output omitted> Gateway of last resort is 10.1.1.1 to network 0.0.0.0 10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks R 10.200.200.11/32 [120/1] via 10.1.1.1, 00:00:23, FastEthernet0/0 R 10.200.200.14/32 [120/1] via 10.1.3.4, 00:00:19, Serial0/0/0 R 10.200.200.12/32 [120/2] via 10.1.3.4, 00:00:19, Serial0/0/0 [120/2] via 10.1.1.1, 00:00:23, FastEthernet0/0 C 10.200.200.13/32 is directly connected, Loopback0 C 10.1.3.0/24 is directly connected, Serial0/0/0 R 10.1.2.0/24 [120/1] via 10.1.3.4, 00:00:20, Serial0/0/0 C 10.1.1.0/24 is directly connected, FastEthernet0/0 R 10.1.0.0/24 [120/1] via 10.1.1.1, 00:00:24, FastEthernet0/0 R* 0.0.0.0/0 [120/1] via 10.1.1.1, 00:00:24, FastEthernet0/0 P1R3#
Configure both edge routers to redistribute RIPv2 routes into OSPF without specifying a metric value. What default metric will OSPF use when the RIPv2 routes are redistributed? (Remember to include the subnets keyword in the redistribute command.)
Solution:
The following shows the required steps on the P1R1 router:
P1R1(config)#router ospf 1 P1R1(config-router)#redistribute rip subnets
The default metric used by OSPF is 20.
Telnet to the BBR2 core router and examine the OSPF database. Which routes in the routing table were redistributed from your pod? What type of routes do the networks from your pod appear as?
Solution:
The following shows sample output on the BBR2 router; the networks from pod 1 appear as type 5 LSAs:
BBR2>show ip ospf database OSPF Router with ID (200.200.200.200) (Process ID 1) Router Link States (Area 0) Link ID ADV Router Age Seq# Checksum Link count 10.200.200.11 10.200.200.11 247 0x80000004 0x00638C 2 10.200.200.12 10.200.200.12 43 0x80000004 0x007774 2 200.200.200.200 200.200.200.200 553 0x800001E4 0x001697 6 Type-5 AS External Link States Link ID ADV Router Age Seq# Checksum Tag 10.1.0.0 10.200.200.11 68 0x80000001 0x00F8F5 0 10.1.0.0 10.200.200.12 46 0x80000001 0x00F2FA 0 10.1.1.0 10.200.200.11 71 0x80000001 0x00EDFF 0 10.1.2.0 10.200.200.12 46 0x80000001 0x00DC0F 0 10.1.3.0 10.200.200.11 71 0x80000001 0x00D714 0 10.200.200.11 10.200.200.11 71 0x80000001 0x008CC6 0 10.200.200.12 10.200.200.12 46 0x80000001 0x007CD4 0 10.200.200.13 10.200.200.11 71 0x80000001 0x0078D8 0 10.200.200.14 10.200.200.11 71 0x80000001 0x006EE1 0 10.254.0.0 200.200.200.200 1463 0x800001B2 0x00B0F2 0 BBR2>
Examine the routing tables of both edge routers. Are all the routes optimal (in other words, are they going where you would expect them to)? If not, why?
Solution:
The following shows sample output on the P1R1 and P1R2 routers. On P1R1, the routes to P1R2’s loopback and the 10.1.2.0/24 subnet are all going through BBR2 via OSPF rather than directly to P1R2 via RIP. On P1R2, the routes to all subnets within the pod are going through BBR2 via OSPF rather than staying internal to the pod via RIP.
Note
In this task, one of your edge routers will learn the route to 10.x.3.0 via RIPv2 while the other will learn it via OSPF; it depends which is configured first as to which will learn via which protocol.
P1R1#show ip route <output omitted> Gateway of last resort is 172.31.11.4 to network 0.0.0.0 172.31.0.0/16 is variably subnetted, 3 subnets, 2 masks C 172.31.11.0/24 is directly connected, Serial0/0/0 O 172.31.11.2/32 [110/1562] via 172.31.11.4, 00:03:24, Serial0/0/0 O 172.31.11.4/32 [110/781] via 172.31.11.4, 00:03:24, Serial0/0/0 10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks C 10.200.200.11/32 is directly connected, Loopback0 R 10.200.200.14/32 [120/2] via 10.1.1.3, 00:00:11, FastEthernet0/0 O E2 10.200.200.12/32 [110/20] via 172.31.11.4, 00:03:25, Serial0/0/0 R 10.200.200.13/32 [120/1] via 10.1.1.3, 00:00:11, FastEthernet0/0 R 10.1.3.0/24 [120/1] via 10.1.1.3, 00:00:11, FastEthernet0/0 O E2 10.1.2.0/24 [110/20] via 172.31.11.4, 00:03:25, Serial0/0/0 C 10.1.1.0/24 is directly connected, FastEthernet0/0 C 10.1.0.0/24 is directly connected, Serial0/0/1 O E2 10.254.0.0/24 [110/50] via 172.31.11.4, 00:03:26, Serial0/0/0 S* 0.0.0.0/0 [1/0] via 172.31.11.4 P1R1# P1R2#show ip route <output omitted> Gateway of last resort is 172.31.11.4 to network 0.0.0.0 172.31.0.0/16 is variably subnetted, 3 subnets, 2 masks C 172.31.11.0/24 is directly connected, Serial0/0/0 O 172.31.11.1/32 [110/1562] via 172.31.11.4, 00:04:06, Serial0/0/0 O 172.31.11.4/32 [110/781] via 172.31.11.4, 00:04:06, Serial0/0/0 10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks O E2 10.200.200.11/32 [110/20] via 172.31.11.4, 00:04:06, Serial0/0/0 O E2 10.200.200.14/32 [110/20] via 172.31.11.4, 00:04:07, Serial0/0/0 C 10.200.200.12/32 is directly connected, Loopback0 O E2 10.200.200.13/32 [110/20] via 172.31.11.4, 00:04:07, Serial0/0/0 O E2 10.1.3.0/24 [110/20] via 172.31.11.4, 00:04:07, Serial0/0/0 C 10.1.2.0/24 is directly connected, FastEthernet0/0 O E2 10.1.1.0/24 [110/20] via 172.31.11.4, 00:04:07, Serial0/0/0 C 10.1.0.0/24 is directly connected, Serial0/0/1 O E2 10.254.0.0/24 [110/50] via 172.31.11.4, 00:04:08, Serial0/0/0 S* 0.0.0.0/0 [1/0] via 172.31.11.4 P1R2#
Examine the IP routing table on both internal routers.
Solution:
The following shows sample output on the P1R3 and P1R4 routers:
P1R3#show ip route <output omitted> Gateway of last resort is 10.1.1.1 to network 0.0.0.0 10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks R 10.200.200.11/32 [120/1] via 10.1.1.1, 00:00:27, FastEthernet0/0 R 10.200.200.14/32 [120/1] via 10.1.3.4, 00:00:24, Serial0/0/0 R 10.200.200.12/32 [120/2] via 10.1.3.4, 00:00:24, Serial0/0/0 C 10.200.200.13/32 is directly connected, Loopback0 C 10.1.3.0/24 is directly connected, Serial0/0/0 R 10.1.2.0/24 [120/1] via 10.1.3.4, 00:00:24, Serial0/0/0 C 10.1.1.0/24 is directly connected, FastEthernet0/0 R 10.1.0.0/24 [120/1] via 10.1.1.1, 00:00:28, FastEthernet0/0 R* 0.0.0.0/0 [120/1] via 10.1.1.1, 00:00:28, FastEthernet0/0 P1R3# P1R4#show ip route <output omitted> Gateway of last resort is 10.1.2.2 to network 0.0.0.0 10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks R 10.200.200.11/32 [120/2] via 10.1.3.3, 00:00:07, Serial0/0/0 C 10.200.200.14/32 is directly connected, Loopback0 R 10.200.200.12/32 [120/1] via 10.1.2.2, 00:00:25, FastEthernet0/0 R 10.200.200.13/32 [120/1] via 10.1.3.3, 00:00:07, Serial0/0/0 C 10.1.3.0/24 is directly connected, Serial0/0/0 C 10.1.2.0/24 is directly connected, FastEthernet0/0 R 10.1.1.0/24 [120/1] via 10.1.3.3, 00:00:08, Serial0/0/0 R 10.1.0.0/24 [120/1] via 10.1.2.2, 00:00:01, FastEthernet0/0 R* 0.0.0.0/0 [120/1] via 10.1.2.2, 00:00:01, FastEthernet0/0 P1R4#
Because the core router BBR2 is exchanging OSPF routes with your pod edge routers, the OSPF administrative distance of 110 causes packets from your edge routers to directly connected interfaces on other pod routers to go through the backbone router. In this task, you configure your edge routers to change the administrative distance of routes to internal pod networks that have been redistributed to the core by the edge routers to 125, to make them less attractive than the RIPv2 routes to the same networks. Follow these steps:
On your edge routers, create an access list that matches all the network addresses in your pod. Hint: This can be done with two permit statements.
Use the distance command and the access list you configured to make the routes to the networks in your pod learned via RIPv2 more attractive to the edge routers than the routes to the same networks that have been redistributed into OSPF; give the redistributed routes an administrative distance of 125.
Solution:
The following shows the required steps on the P1R1 router:
P1R1(config)#access-list 64 permit 10.1.0.0 0.0.255.255 P1R1(config)#access-list 64 permit 10.200.200.0 0.0.0.255 P1R1(config)#router ospf 1 P1R1(config-router)#distance 125 0.0.0.0 255.255.255.255 64
Examine the routing table in the edge routers. Are the paths to the networks in the pod correct? They should now be in the routing table as RIP routes, in other words to routers within the pod, not as OSPF routes via BBR2. Ping and trace to the networks in the pod to ensure that they are going the way you expect them to.
Solution:
The following shows sample output on the P1R1 and P1R2 routers. The paths to the networks are correct:
P1R1#show ip route Gateway of last resort is 172.31.11.4 to network 0.0.0.0 172.31.0.0/16 is variably subnetted, 3 subnets, 2 masks C 172.31.11.0/24 is directly connected, Serial0/0/0 O 172.31.11.2/32 [110/1562] via 172.31.11.4, 00:03:02, Serial0/0/0 O 172.31.11.4/32 [110/781] via 172.31.11.4, 00:03:02, Serial0/0/0 10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks C 10.200.200.11/32 is directly connected, Loopback0 R 10.200.200.14/32 [120/2] via 10.1.1.3, 00:00:19, FastEthernet0/0 [120/2] via 10.1.0.2, 00:00:07, Serial0/0/1 R 10.200.200.12/32 [120/1] via 10.1.0.2, 00:00:07, Serial0/0/1 R 10.200.200.13/32 [120/1] via 10.1.1.3, 00:00:19, FastEthernet0/0 R 10.1.3.0/24 [120/1] via 10.1.1.3, 00:00:19, FastEthernet0/0 R 10.1.2.0/24 [120/1] via 10.1.0.2, 00:00:07, Serial0/0/1 C 10.1.1.0/24 is directly connected, FastEthernet0/0 C 10.1.0.0/24 is directly connected, Serial0/0/1 O E2 10.254.0.0/24 [110/50] via 172.31.11.4, 00:03:03, Serial0/0/0 S* 0.0.0.0/0 [1/0] via 172.31.11.4 P1R1# P1R2#show ip route Gateway of last resort is 172.31.11.4 to network 0.0.0.0 172.31.0.0/16 is variably subnetted, 3 subnets, 2 masks C 172.31.11.0/24 is directly connected, Serial0/0/0 O 172.31.11.1/32 [110/1562] via 172.31.11.4, 00:00:28, Serial0/0/0 O 172.31.11.4/32 [110/781] via 172.31.11.4, 00:00:28, Serial0/0/0 10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks R 10.200.200.11/32 [120/1] via 10.1.0.1, 00:00:24, Serial0/0/1 R 10.200.200.14/32 [120/1] via 10.1.2.4, 00:00:18, FastEthernet0/0 C 10.200.200.12/32 is directly connected, Loopback0 R 10.200.200.13/32 [120/2] via 10.1.2.4, 00:00:18, FastEthernet0/0 [120/2] via 10.1.0.1, 00:00:24, Serial0/0/1 R 10.1.3.0/24 [120/1] via 10.1.2.4, 00:00:18, FastEthernet0/0 C 10.1.2.0/24 is directly connected, FastEthernet0/0 R 10.1.1.0/24 [120/1] via 10.1.0.1, 00:00:25, Serial0/0/1 C 10.1.0.0/24 is directly connected, Serial0/0/1 O E2 10.254.0.0/24 [110/50] via 172.31.11.4, 00:00:29, Serial0/0/0 S* 0.0.0.0/0 [1/0] via 172.31.11.4 P1R2#
The following show sample traces to various addresses within pod 1 from P1R1 and P1R2, illustrating that the path stays within the pod:
P1R1#trace 10.1.3.4 Type escape sequence to abort. Tracing the route to 10.1.3.4 1 10.1.1.3 0 msec 0 msec 4 msec 2 10.1.3.4 12 msec * 12 msec P1R1#trace 10.1.2.4 Type escape sequence to abort. Tracing the route to 10.1.2.4 1 10.1.0.2 12 msec 12 msec 16 msec 2 10.1.2.4 12 msec * 12 msec P1R1# P1R2#trace 10.1.1.3 Type escape sequence to abort. Tracing the route to 10.1.1.3 1 10.1.0.1 16 msec 12 msec 16 msec 2 10.1.1.3 12 msec * 12 msec P1R2#trace 10.1.3.3 Type escape sequence to abort. Tracing the route to 10.1.3.3 1 10.1.2.4 4 msec 0 msec 0 msec 2 10.1.3.3 16 msec * 12 msec P1R2#
Save your configurations to NVRAM.
Solution:
The following shows the required step on the P1R1 router:
P1R1#copy run start Destination filename [startup-config]? Building configuration... [OK]
You have successfully completed this exercise when you achieve the following results:
You have established OSPF adjacencies between the edge routers and the core BBR2 router and exchanged the routing updates.
You have established that the RIPv2 updates are exchanged between the internal routers and edge routers.
You have established that redistribution is configured from RIPv2 to OSPF.
You have configured your edge routers to eliminate suboptimal routes.
In this exercise, you configure a route map to change the metric of redistributed routes. You also configure a distribute list to filter routes into the core.
Note
Throughout this exercise, the pod number is referred to as x, and the router number is referred to as y. Substitute the appropriate numbers as needed.
Your task in this Configuration Exercise is to configure a route map and a distribute list to control redistribution.
Figure 7-29 illustrates the topology used in this exercise.
In this exercise, you use the commands in Table 7-25, listed in logical order. Refer to this list if you need configuration command assistance during the exercise.
Table 7-25. Tuning Basic Redistribution Exercise Commands
Command | Description |
|---|---|
(config)#route-map CONVERT permit 10 | Creates a route map statement. |
(config-route-map)#match metric 1 | Matches the source protocol metric. |
(config-route-map)#set metric 1000 | Sets the destination protocol metric. |
(config-router)#redistribute rip subnets route-map CONVERT | Redistributes RIP routes using the route map. |
(config)#access-list 61 deny 10.200.200.0 0.0.0.255 | Configures access list 61 to deny any IP address that matches the first 24 bits of 10.200.200.0. |
(config-router)distribute-list 61 out rip | Configures a distribute list to use access list 61 to determine which routes will be distributed from RIP (into OSPF). |
In this task, you use route maps to tune the redistribution. Follow these steps:
Telnet to BBR2 and display the IP routing table. Notice that all your pod routes (10.x.0.0 and 10.200.200.xy) have the same OSPF metric of 20.
Solution:
The following shows sample output on the BBR2 router:
BBR2>show ip route <output omitted> Gateway of last resort is not set 172.31.0.0/16 is variably subnetted, 4 subnets, 2 masks B 172.31.1.0/24 [20/0] via 10.254.0.1, 06:14:15 C 172.31.11.0/24 is directly connected, Serial0/0/0.1 O 172.31.11.1/32 [110/781] via 172.31.11.1, 06:13:24, Serial0/0/0.1 O 172.31.11.2/32 [110/781] via 172.31.11.2, 06:13:24, Serial0/0/0.1 10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks O E2 10.200.200.11/32 [110/20] via 172.31.11.2, 06:13:24, Serial0/0/0.1 [110/20] via 172.31.11.1, 06:13:24, Serial0/0/0.1 O E2 10.200.200.14/32 [110/20] via 172.31.11.2, 06:13:24, Serial0/0/0.1 [110/20] via 172.31.11.1, 06:13:24, Serial0/0/0.1 O E2 10.200.200.12/32 [110/20] via 172.31.11.2, 06:13:24, Serial0/0/0.1 [110/20] via 172.31.11.1, 06:13:24, Serial0/0/0.1 O E2 10.200.200.13/32 [110/20] via 172.31.11.2, 06:13:24, Serial0/0/0.1 [110/20] via 172.31.11.1, 06:13:24, Serial0/0/0.1 O E2 10.1.3.0/24 [110/20] via 172.31.11.2, 06:13:24, Serial0/0/0.1 [110/20] via 172.31.11.1, 06:13:24, Serial0/0/0.1 O E2 10.1.2.0/24 [110/20] via 172.31.11.2, 06:13:24, Serial0/0/0.1 [110/20] via 172.31.11.1, 06:13:24, Serial0/0/0.1 O E2 10.1.1.0/24 [110/20] via 172.31.11.2, 06:13:24, Serial0/0/0.1 [110/20] via 172.31.11.1, 06:13:24, Serial0/0/0.1 O E2 10.1.0.0/24 [110/20] via 172.31.11.2, 06:13:24, Serial0/0/0.1 [110/20] via 172.31.11.1, 06:13:24, Serial0/0/0.1 C 10.254.0.0/24 is directly connected, FastEthernet0/0 BBR2>Having the same metric for all the redistributed RIP routes prevents the core from making accurate routing decisions for those routes. The central OSPF domain needs to have different OSPF metrics based on how far the network is from the redistribution point.
At the edge routers, create a route map for altering the metric of the redistributed routes. Match the RIP metric and set an appropriate OSPF metric as follows:
For a RIP hop count of 1, set the OSPF metric to 1000.
For a RIP hop count of 2, set the OSPF metric to 2000.
Permit all other routes to be redistributed, with the default metric.
On the edge routers, change the redistribution from RIPv2 into OSPF to use this route map.
Solution:
The following shows the required steps on the P1R1 router:
P1R1(config)#route-map CONVERT permit 10 P1R1(config-route-map)#match metric 1 P1R1(config-route-map)#set metric 1000 P1R1(config-route-map)#route-map CONVERT permit 20 P1R1(config-route-map)#match metric 2 P1R1(config-route-map)#set metric 2000 P1R1(config-route-map)#route-map CONVERT permit 30 P1R1(config-route-map)#router ospf 1 P1R1(config-router)#no redistribute rip subnets P1R1(config-router)#redistribute rip subnets route-map CONVERT
View the routing table on BBR2. Did this route map convert the metrics appropriately?
Why are there no routes with a metric of 2000 in the routing table even though your route map specified it?
Look at the routing table on both edge routes for RIP metric 120/2. Remember that both routers are applying the route map and BBR2 will place the lowest metric in the routing table.
Why are there routes with a metric of 20 in BBR2’s routing table?
Solution:
The following shows sample output on the BBR2 and P1R1 routers; the metrics were converted appropriately. Some routes would have been converted to an OSPF metric of 2000, but there are no routes with a metric of 2000 in the routing table because BBR2 learns routes from both pod edge routers via OSPF, and chooses the one with the lowest metric to be put in to the routing table. For example, BBR2 learns the 10.200.200.14/32 route via 172.31.11.2 at a cost of 1000; it also learns the same route via 172.31.11.1 at a cost of 2000 (2 RIP hops), but it chooses the lower cost of 1000.
The BBR2 routes with a metric of 20 are the routes that had a RIP hop count of 0 before they were redistributed. These routes did not match either of the two match commands in the route-map, and therefore their metric was not changed.
BBR2>show ip route <output omitted> Gateway of last resort is not set 172.31.0.0/16 is variably subnetted, 4 subnets, 2 masks B 172.31.1.0/24 [20/0] via 10.254.0.1, 00:26:56 C 172.31.11.0/24 is directly connected, Serial0/0/0.1 O 172.31.11.1/32 [110/781] via 172.31.11.1, 00:25:13, Serial0/0/0.1 O 172.31.11.2/32 [110/781] via 172.31.11.2, 00:25:13, Serial0/0/0.1 10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks O E2 10.200.200.11/32 [110/20] via 172.31.11.1, 00:05:16, Serial0/0/0.1 O E2 10.200.200.14/32 [110/1000] via 172.31.11.2, 00:05:16, Serial0/0/0.1 O E2 10.200.200.12/32 [110/20] via 172.31.11.2, 00:02:22, Serial0/0/0.1 O E2 10.200.200.13/32 [110/1000] via 172.31.11.1, 00:05:16, Serial0/0/0.1 O E2 10.1.3.0/24 [110/1000] via 172.31.11.2, 00:05:16, Serial0/0/0.1 [110/1000] via 172.31.11.1, 00:05:16, Serial0/0/0.1 O E2 10.1.2.0/24 [110/20] via 172.31.11.2, 00:02:22, Serial0/0/0.1 O E2 10.1.1.0/24 [110/20] via 172.31.11.1, 00:05:17, Serial0/0/0.1 O E2 10.1.0.0/24 [110/20] via 172.31.11.2, 00:02:22, Serial0/0/0.1 [110/20] via 172.31.11.1, 00:02:22, Serial0/0/0.1 C 10.254.0.0/24 is directly connected, FastEthernet0/0 BBR2> P1R1#show ip route <output omitted> Gateway of last resort is 172.31.11.4 to network 0.0.0.0 172.31.0.0/16 is variably subnetted, 3 subnets, 2 masks C 172.31.11.0/24 is directly connected, Serial0/0/0 O 172.31.11.2/32 [110/1562] via 172.31.11.4, 00:27:24, Serial0/0/0 O 172.31.11.4/32 [110/781] via 172.31.11.4, 00:27:24, Serial0/0/0 10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks C 10.200.200.11/32 is directly connected, Loopback0 R 10.200.200.14/32 [120/2] via 10.1.1.3, 00:00:27, FastEthernet0/0 [120/2] via 10.1.0.2, 00:00:07, Serial0/0/1 R 10.200.200.12/32 [120/1] via 10.1.0.2, 00:00:07, Serial0/0/1 R 10.200.200.13/32 [120/1] via 10.1.1.3, 00:00:27, FastEthernet0/0 R 10.1.3.0/24 [120/1] via 10.1.1.3, 00:00:00, FastEthernet0/0 R 10.1.2.0/24 [120/1] via 10.1.0.2, 00:00:08, Serial0/0/1 C 10.1.1.0/24 is directly connected, FastEthernet0/0 C 10.1.0.0/24 is directly connected, Serial0/0/1 O E2 10.254.0.0/24 [110/50] via 172.31.11.4, 00:27:26, Serial0/0/0 S* 0.0.0.0/0 [1/0] via 172.31.11.4 P1R1#
In this task, you configure your edge routers to filter information about the loopback addresses to the core. Because the core is exchanging OSPF routes with your pod, use a distribute list to block these routes from being redistributed into OSPF.
Follow these steps:
Create an access list that will match the four loopback addresses.
Use a distribute list to block the RIPv2 routes specified by this access list from being redistributed into OSPF.
Solution:
The following shows the required steps on the P1R1 router:
P1R1(config)#access-list 61 deny 10.200.200.0 0.0.0.255 P1R1(config)#access-list 61 permit any P1R1(config)#router ospf 1 P1R1(config-router)#distribute-list 61 out rip
Examine the routing table on BBR2. Verify that the loopback addresses are not listed.
Solution:
The following shows sample output on the BBR2 router; the loopback addresses are not listed:
BBR2>show ip route <output omitted> Gateway of last resort is not set 172.31.0.0/16 is variably subnetted, 4 subnets, 2 masks B 172.31.1.0/24 [20/0] via 10.254.0.1, 13:27:53 C 172.31.11.0/24 is directly connected, Serial0/0/0.1 O 172.31.11.1/32 [110/781] via 172.31.11.1, 00:00:05, Serial0/0/0.1 O 172.31.11.2/32 [110/781] via 172.31.11.2, 00:00:05, Serial0/0/0.1 10.0.0.0/24 is subnetted, 5 subnets O E2 10.1.3.0 [110/1000] via 172.31.11.2, 00:00:06, Serial0/0/0.1 [110/1000] via 172.31.11.1, 00:00:06, Serial0/0/0.1 O E2 10.1.2.0 [110/20] via 172.31.11.2, 00:00:06, Serial0/0/0.1 O E2 10.1.1.0 [110/20] via 172.31.11.1, 00:00:06, Serial0/0/0.1 O E2 10.1.0.0 [110/20] via 172.31.11.2, 00:00:06, Serial0/0/0.1 [110/20] via 172.31.11.1, 00:00:06, Serial0/0/0.1 C 10.254.0.0 is directly connected, FastEthernet0/0 BBR2>Can the core ping your loopback addresses?
Solution:
No, the core cannot ping the loopback addresses because it does not have a route to them.
Save your configurations to NVRAM.
Solution:
The following shows the required step on the P1R1 router:
P1R1#copy run start Destination filename [startup-config]? Building configuration... [OK]
Answer the following questions, and then refer to Appendix A, “Answers to Review Questions,” for the answers.