Routing Protocol Redistribution and Path optimization

Case A: Redistribution from one routing domain into another with higher (worse) administrative distance:

All the following topologies are subject to the same concept:

As an example, I picked up the case where the source routing domain is OSPF (AD=110) and the destination administrative domain is EIGRP (internal prefix AD =90 and external prefix AD = 170).

Picture 1: Lab High level design

Picture 2: Low level design

• redistribute 33.33.33.0/24 (external domain/connected) into OSPF at R3
  

router ospf 123 redistribute connected route-map rmap-connnected subnets ip prefix-list pfx-33 seq 5 permit 33.33.33.0/24 route-map rmap-connnected permit 10 match ip address prefix-list pfx-33 set tag 133

Picture 3: redistribution at R3:

• Mutual redistribution between EIGRP & OSPF at R2
  

router eigrp 124 redistribute ospf 123 route-map to-eigrp metric 1500 1 100 1 1500 !router ospf 123 network 192.168.23.0 0.0.0.255 area 0 redistribute eigrp 124 subnets route-map to-ospf ip prefix-list eigrp-pfx seq 5 permit 192.168.14.0/24 ip prefix-list eigrp-pfx seq 15 permit 192.168.24.0/24 ! ip prefix-list ospf-pfx seq 5 permit 192.168.23.0/24 ip prefix-list ospf-pfx seq 15 permit 192.168.13.0/24 ip prefix-list ospf-pfx seq 25 permit 33.33.33.0/24 route-map to-ospf permit 10 match ip address prefix-list eigrp-pfx set tag 100 ! route-map to-eigrp permit 10 match ip address prefix-list ospf-pfx set tag 324

Picture4: Mutual redistribution between EIGRP & OSPF at R2

Beware! IOS will not alert you in case of the following errors during redistribution: Wrong route map name Wrong ACL/prefix-list name inside the route-map Default metric not configured (EIGRP/OSPF/IS-IS)

• test connectivity from the BR R1
  

  Picture 5: primary path
  

  
  

R1#sh ip eigrp topology IP-EIGRP Topology Table for AS(124)/ID(11.11.11.11) Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply, r – reply Status, s – sia Status P 33.33.33.0/24, 0 successors, FD is Inaccessible, tag is 324 via 192.168.14.4 (1757952/1732352), FastEthernet0/0 P 192.168.13.0/24, 0 successors, FD is Inaccessible, tag is 324 via 192.168.14.4 (1757952/1732352), FastEthernet0/0 P 192.168.14.0/24, 1 successors, FD is 281600 via Connected, FastEthernet0/0 P 192.168.24.0/24, 1 successors, FD is 307200 via 192.168.14.4 (307200/281600), FastEthernet0/0 P 192.168.23.0/24, 0 successors, FD is Inaccessible, tag is 324 via 192.168.14.4 (1757952/1732352), FastEthernet0/0 R1#

R1#ping 33.33.33.33 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/31/64 ms R1#trace 33.33.33.33 Type escape sequence to abort. Tracing the route to 33.33.33.33 1 192.168.13.3 68 msec * 52 msec R1#

• Simulate a failure on R3 fa0/1
  

  A link failure is simulated by shuting down R3 fa0/1 interface to check path redundancy

R3(config-if)#int fa0/1 R3(config-if)#sh R3(config-if)# *Mar 1 01:00:07.515: %OSPF-5-ADJCHG: Process 123, Nbr 1.1.1.1 on FastEthernet0/1 from FULL to DOWN, Neighbor Down: Interface down or detached *Mar 1 01:00:09.487: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down *Mar 1 01:00:10.487: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down R3(config-if)#

• Test connectivity at R1
  

  Picture6: path redundancy
  

  

R1#route4 … 33.0.0.0/24 is subnetted, 1 subnets D EX 33.33.33.0 [170/1757952] via 192.168.14.4, 00:00:01, FastEthernet0/0 … R1#

Only in the absence of a better choice R1 chose EIGRP path through external domain

R1#ping 33.33.33.33 source 192.168.14.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds: Packet sent with a source address of 192.168.14.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 64/139/220 ms R1#

R1# R1#trace 33.33.33.33 source 192.168.14.1 Type escape sequence to abort. Tracing the route to 33.33.33.33 1 192.168.14.4 112 msec 32 msec 44 msec 2 192.168.24.2 44 msec 36 msec 56 msec 3 192.168.23.3 64 msec * 88 msec R1#

Case B: Redistribution from one routing domain into another with lower (better) administrative distance:

All the following topologies are subject to the same concept:

As an example, I picked up the case where the source routing domain is EIGRP (internal prefix AD =90 and external prefix AD = 170) and the destination administrative is domain OSPF with a better AD of 110.

Picture 1: Lab High level design

Picture 2: Low level design

• redistribute 33.33.33.0/24 (external domain/connected) into EIGRP at R3
  

  The network 33.33.33.0/24 can be a different IGP than EIGRP or just a directly connected network (a loopback interface in our case).

  Because EIGRP differentiate between internal and external prefixes by assigning different Administrative Distances, the prefix 33.33.33.0/24 become (D EX) with AD=170.

router eigrp 123 redistribute connected metric 1500 1 100 1 1500 route-map rmap-connnected ip prefix-list pfx-33 seq 5 permit 33.33.33.0/24 route-map rmap-connnected permit 10 match ip address prefix-list pfx-33 set tag 133

Picture 3: redistribution at R3:

• Mutual redistribution between EIGRP & OSPF at R2
  

  For the sake of simplicity, EIGRP prefixes are redistributed into OSPF and vice-verse on R2 and 11.11.11.0/24 is redistributed into OSPF on R1 to check connectivity between 11.11.11.11 and 33.33.33.33

  R2:
  

router eigrp 123 redistribute ospf 124 route-map to-eigrp metric 1500 1 100 1 1500 ! router ospf 124 redistribute eigrp 123 subnets route-map to-ospf ip prefix-list eigrp-pfx seq 5 permit 192.168.23.0/24 ip prefix-list eigrp-pfx seq 15 permit 192.168.13.0/24 ip prefix-list eigrp-pfx seq 25 permit 33.33.33.0/24 ! ip prefix-list ospf-pfx seq 5 permit 192.168.14.0/24 ip prefix-list ospf-pfx seq 15 permit 192.168.24.0/24 ip prefix-list ospf-pfx seq 25 permit 11.11.11.0/24 ! route-map to-ospf permit 10 match ip address prefix-list eigrp-pfx set tag 100 route-map to-eigrp permit 10 match ip address prefix-list ospf-pfx set tag 324

R1:

router ospf 124 redistribute eigrp 123 subnets route-map to-ospf ! ip prefix-list 11-pfx seq 5 permit 11.11.11.0/24 ! route-map to-ospf permit 10 match ip address prefix-list 11-pfx

Picture4: Mutual redistribution between EIGRP & OSPF at R2

Beware! IOS will not alert you in case of the following errors during redistribution: Wrong route map name Wrong ACL/prefix-list name inside the route-map Default metric not configured (EIGRP/OSPF/IS-IS)

• test connectivity from the BR R1
  

R1#route4… 33.0.0.0/24 is subnetted, 1 subnets O E2 33.33.33.0 [110/20] via 192.168.14.4, 00:09:11, FastEthernet0/0 … R1#

R1#sh ip eigrp topology IP-EIGRP Topology Table for AS(123)/ID(1.1.1.1) Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply, r – reply Status, s – sia Status P 11.11.11.0/24, 1 successors, FD is 128256 via Connected, Loopback11 P 33.33.33.0/24, 1 successors, FD is 1706752, tag is 200 via Redistributed (1706752/0) P 192.168.13.0/24, 1 successors, FD is 281600 via Connected, FastEthernet0/1 R1#

R1#ping 33.33.33.33 source 11.11.11.11Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds: Packet sent with a source address of 11.11.11.11 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 124/129/132 ms R1# R1#trace 33.33.33.33 source 11.11.11.11 Type escape sequence to abort. Tracing the route to 33.33.33.33 1 192.168.14.4 96 msec 32 msec 0 msec 2 192.168.24.2 76 msec 36 msec 36 msec 3 192.168.23.3 32 msec * 176 msec R1#

Picture 5: primary path

Note that the primary path is through OSPF domain (suboptimal) because R1 has received the prefix 33.33.33.0/24 from R4 as an external OSPF prefix with (AD=110) which is better than the same prefix received from R1 through an external EIGRP with AD=170.

The same prefix is also present in EIGRP topology table.

• Solutions :
  

  5.1- Control paths by controlling the redistribution on the border routers: This could be a case where your routing and security policies do not allow to reveal your internal prefixes and traffic to an external domain. 5.2- Change the AD per-prefix: In case you need to guarantee route redundancy for internal traffic even through external domains. 5.3- Filter prefixes from IGPs into the routing table using inbound distribute-list. 5.4- Perform summarization to shorter subnet mask  So at the destination router receiving the update, the longest prefix is selected.

5.1- Control paths by controlling the redistribution at the border routers:

Simply do not make redundant or unnecessary redistribution, remember the split horizon between domains with multiple border routers:

DO NOT redistribute a prefix to its domain of origin, if needed, make the metric worse than those internally available.

5.2- Change the AD per-prefixes:

router ospf 124 distance 180 192.168.14.4 0.0.0.0 ACL33 ! ip access-list standard ACL33 permit 33.33.33.0 0.0.0.255 log

We need to clear OSPF process locally for the changes to take effect.

R1#clear ip ospf pr Reset ALL OSPF processes? [no]: yes R1# *Mar 1 00:42:32.291: %OSPF-5-ADJCHG: Process 124, Nbr 4.4.4.4 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached *Mar 1 00:42:32.851: %OSPF-5-ADJCHG: Process 124, Nbr 4.4.4.4 on FastEthernet0/0 from LOADING to FULL, Loading Done R1#

R1#sh ip route … Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnets C 1.1.1.1 is directly connected, Loopback0 C 192.168.13.0/24 is directly connected, FastEthernet0/1 C 192.168.14.0/24 is directly connected, FastEthernet0/0 33.0.0.0/24 is subnetted, 1 subnets D EX 33.33.33.0 [170/1732352] via 192.168.13.3, 00:00:12, FastEthernet0/1 D EX 192.168.24.0/24 [170/1757952] via 192.168.13.3, 00:00:12, FastEthernet0/1 D 192.168.23.0/24 [90/307200] via 192.168.13.3, 00:21:44, FastEthernet0/1 11.0.0.0/24 is subnetted, 1 subnets C 11.11.11.0 is directly connected, Loopback11 C 192.168.0.0/24 is directly connected, FastEthernet1/0 44.0.0.0/32 is subnetted, 1 subnets O 44.44.44.44 [110/11] via 192.168.14.4, 00:00:00, FastEthernet0/0 R1#

Now the RIB has chosen the path provided by EIGRP, let’s take a look at OSPF database:

R1#sh ip ospf data OSPF Router with ID (1.1.1.1) (Process ID 124) … Type-5 AS External Link States Link ID ADV Router Age Seq# Checksum Tag 11.11.11.0 1.1.1.1 277 0x80000002 0x003A40 0 33.33.33.0 2.2.2.2 811 0x80000002 0x0010BF 100 192.168.13.0 2.2.2.2 1581 0x80000001 0x007944 100 192.168.23.0 2.2.2.2 811 0x80000002 0x0009A9 100 R1#

OSPF prefix 33.33.33.0/24 is still there but with a worse administrative distance of 180.

We can verify it by simulating a failure between R1 and R3, let’s see the result at R1:

R3(config-if)#int fa0/1R3(config-if)#sh R3(config-if)# *Mar 1 00:49:30.591: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 123: Neighbor 192.168.13.1 (FastEthernet0/1) is down: interface down *Mar 1 00:49:32.503: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down *Mar 1 00:49:33.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down R3(config-if)#

R1#sh ip route … Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnets C 1.1.1.1 is directly connected, Loopback0 C 192.168.13.0/24 is directly connected, FastEthernet0/1 C 192.168.14.0/24 is directly connected, FastEthernet0/0 33.0.0.0/24 is subnetted, 1 subnets O E2 33.33.33.0 [110/20] via 192.168.14.4, 00:08:09, FastEthernet0/0 O 192.168.24.0/24 [110/20] via 192.168.14.4, 00:08:09, FastEthernet0/0 O E2 192.168.23.0/24 [110/20] via 192.168.14.4, 00:01:13, FastEthernet0/0 11.0.0.0/24 is subnetted, 1 subnets C 11.11.11.0 is directly connected, Loopback11 C 192.168.0.0/24 is directly connected, FastEthernet1/0 44.0.0.0/32 is subnetted, 1 subnets O 44.44.44.44 [110/11] via 192.168.14.4, 00:08:13, FastEthernet0/0 R1#

5.3- Filter prefixes from IGPs into the routing table using inbound distribute-list.

Before applying distribute list inbound under OSPF

R1(config-router)#do route4 Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnets C 1.1.1.1 is directly connected, Loopback0 C 192.168.13.0/24 is directly connected, FastEthernet0/1 C 192.168.14.0/24 is directly connected, FastEthernet0/0 33.0.0.0/24 is subnetted, 1 subnets O E2 33.33.33.0 [110/20] via 192.168.14.4, 00:00:03, FastEthernet0/0 O 192.168.24.0/24 [110/20] via 192.168.14.4, 00:00:03, FastEthernet0/0 D 192.168.23.0/24 [90/307200] via 192.168.13.3, 00:00:37, FastEthernet0/1 11.0.0.0/24 is subnetted, 1 subnets C 11.11.11.0 is directly connected, Loopback11 C 192.168.0.0/24 is directly connected, FastEthernet1/0 44.0.0.0/32 is subnetted, 1 subnets O 44.44.44.44 [110/11] via 192.168.14.4, 00:00:03, FastEthernet0/0 R1(config-router)#

R1:

router ospf 124 distribute-list ACL_NO_33 in FastEthernet0/0 ! ip access-list standard ACL_NO_33 deny 33.33.33.0 0.0.0.255

Clear OSPF process for filtering to take effect

R1#clear ip ospf pro Reset ALL OSPF processes? [no]: yes R1# *Mar 1 05:58:23.862: %OSPF-5-ADJCHG: Process 124, Nbr 4.4.4.4 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached *Mar 1 05:58:24.266: %OSPF-5-ADJCHG: Process 124, Nbr 4.4.4.4 on FastEthernet0/0 from LOADING to FULL, Loading Done

R1#

R1#route4 Gateway of last resort is not set 1.0.0.0/32 is subnetted, 1 subnets C 1.1.1.1 is directly connected, Loopback0 C 192.168.13.0/24 is directly connected, FastEthernet0/1 C 192.168.14.0/24 is directly connected, FastEthernet0/0 33.0.0.0/24 is subnetted, 1 subnets D EX 33.33.33.0 [170/1732352] via 192.168.13.3, 00:00:12, FastEthernet0/1 D EX 192.168.24.0/24 [170/1757952] via 192.168.13.3, 00:00:12, FastEthernet0/1 D 192.168.23.0/24 [90/307200] via 192.168.13.3, 00:04:17, FastEthernet0/1 11.0.0.0/24 is subnetted, 1 subnets C 11.11.11.0 is directly connected, Loopback11 C 192.168.0.0/24 is directly connected, FastEthernet1/0 R1#

5.4- Prefix summarization:

Let’s perform summarization of the prefix 33.33.33.0/24 on R3 to a shorter mask length of /16 before announcing it to R1.

R4 before summarization:

R4#s ip route … 33.0.0.0/24 is subnetted, 1 subnets O E2 33.33.33.0 [110/20] via 192.168.24.2, 00:16:28, FastEthernet0/1 … R4#

R1 before summarization:

R1(config-router)#do s ip route … 33.0.0.0/24 is subnetted, 1 subnets O E2 33.33.33.0 [110/20] via 192.168.14.4, 00:00:15, FastEthernet0/0 … R1(config-router)#

R1 EIGRP topology

R1(config-router)#do s ip eigrp topo IP-EIGRP Topology Table for AS(123)/ID(1.1.1.1) … via Connected, Loopback11 P 33.33.33.0/24, 1 successors, FD is 1706752, tag is 200 via Redistributed (1706752/0) …. R1(config-router)#

For the sake of route consistency inside areas, summarization has to be done at the ABR or ASBR.

Summarization on R3 (ASBR router):

R2(config)#router ospf 124R2(config-router)#summary-address 33.33.0.0 255.255.0.0 tag 666

Now let’s take a look again at the routing table of R1:

R1#route4 … 33.0.0.0/8 is variably subnetted, 2 subnets, 2 masks O E2 33.33.0.0/16 [110/20] via 192.168.14.4, 00:07:43, FastEthernet0/0 D EX 33.33.33.0/24 [170/1732352] via 192.168.13.3, 00:07:43, FastEthernet0/1 … R1#

R1 has received the summary address 33.0.0.0/16 and consider it as different from 33.33.33.0/24 received through EIGRP.

To forward traffic, RIB chooses the longest match i.e. 33.33.33.0/24

R1#trace 33.33.33.33 source 11.11.11.11Type escape sequence to abort. Tracing the route to 33.33.33.33 1 192.168.13.3 48 msec * 24 msec R1#

Conclusion

The following are the techniques used to manipulate internal routing protocol paths:

1- Control what prefixes and where to redistribute. 2- Manipulate AD per-prefix (be careful with this technique!) 3- Filter prefixes from IGPs into the routing table using inbound distribute-list. 4- Summarization to shorter subnet mask on the source router.