Routing Protocol Redistribution and Path optimization



Case A: Redistribution from one routing domain into another with higher (worse) administrative distance:

All the following topologies are subject to the same concept:

As an example, I picked up the case where the source routing domain is OSPF (AD=110) and the destination administrative domain is EIGRP (internal prefix AD =90 and external prefix AD = 170).

Picture 1: Lab High level design


Picture 2: Low level design


  • redistribute 33.33.33.0/24 (external domain/connected) into OSPF at R3
router ospf 123
redistribute connected route-map rmap-connnected subnets

ip prefix-list pfx-33 seq 5 permit 33.33.33.0/24

route-map rmap-connnected permit 10
match ip address prefix-list pfx-33
set tag 133

Picture 3: redistribution at R3:


  • Mutual redistribution between EIGRP & OSPF at R2
router eigrp 124
redistribute ospf 123 route-map to-eigrp metric 1500 1 100 1 1500
!router ospf 123
network 192.168.23.0 0.0.0.255 area 0
redistribute eigrp 124 subnets route-map to-ospf

ip prefix-list eigrp-pfx seq 5 permit 192.168.14.0/24
ip prefix-list eigrp-pfx seq 15 permit 192.168.24.0/24

!

ip prefix-list ospf-pfx seq 5 permit 192.168.23.0/24

ip prefix-list ospf-pfx seq 15 permit 192.168.13.0/24

ip prefix-list ospf-pfx seq 25 permit 33.33.33.0/24

route-map to-ospf permit 10

match ip address prefix-list eigrp-pfx

set tag 100

!

route-map to-eigrp permit 10

match ip address prefix-list ospf-pfx

set tag 324

Picture4: Mutual redistribution between EIGRP & OSPF at R2


 Beware!

IOS will not alert you in case of the following errors during redistribution:

  • Wrong route map name
  • Wrong ACL/prefix-list name inside the route-map
  • Default metric not configured (EIGRP/OSPF/IS-IS)
  • test connectivity from the BR R1

    Picture 5: primary path


R1#sh ip eigrp topology
IP-EIGRP Topology Table for AS(124)/ID(11.11.11.11)

Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply,
r – reply Status, s – sia Status

P 33.33.33.0/24, 0 successors, FD is Inaccessible, tag is 324
via 192.168.14.4 (1757952/1732352), FastEthernet0/0
P 192.168.13.0/24, 0 successors, FD is Inaccessible, tag is 324

via 192.168.14.4 (1757952/1732352), FastEthernet0/0

P 192.168.14.0/24, 1 successors, FD is 281600

via Connected, FastEthernet0/0

P 192.168.24.0/24, 1 successors, FD is 307200

via 192.168.14.4 (307200/281600), FastEthernet0/0

P 192.168.23.0/24, 0 successors, FD is Inaccessible, tag is 324

via 192.168.14.4 (1757952/1732352), FastEthernet0/0

R1#

R1#ping 33.33.33.33

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/31/64 ms
R1#trace 33.33.33.33

Type escape sequence to abort.

Tracing the route to 33.33.33.33

1 192.168.13.3 68 msec * 52 msec

R1#

  • Simulate a failure on R3 fa0/1

    A link failure is simulated by shuting down R3 fa0/1 interface to check path redundancy

R3(config-if)#int fa0/1

R3(config-if)#sh

R3(config-if)#

*Mar 1 01:00:07.515: %OSPF-5-ADJCHG: Process 123, Nbr 1.1.1.1 on FastEthernet0/1 from FULL to DOWN, Neighbor Down: Interface down or detached

*Mar 1 01:00:09.487: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down

*Mar 1 01:00:10.487: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

R3(config-if)#

  • Test connectivity at R1

    Picture6: path redundancy

R1#route4

33.0.0.0/24 is subnetted, 1 subnets
D EX 33.33.33.0 [170/1757952] via 192.168.14.4, 00:00:01, FastEthernet0/0

R1#

Only in the absence of a better choice R1 chose EIGRP path through external domain

R1#ping 33.33.33.33 source 192.168.14.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds:
Packet sent with a source address of 192.168.14.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/139/220 ms

R1#

R1#
R1#trace 33.33.33.33 source 192.168.14.1

Type escape sequence to abort.
Tracing the route to 33.33.33.33

1 192.168.14.4 112 msec 32 msec 44 msec
2 192.168.24.2 44 msec 36 msec 56 msec
3 192.168.23.3 64 msec * 88 msec

R1#

Case B: Redistribution from one routing domain into another with lower (better) administrative distance:

All the following topologies are subject to the same concept:

As an example, I picked up the case where the source routing domain is EIGRP (internal prefix AD =90 and external prefix AD = 170) and the destination administrative is domain OSPF with a better AD of 110.

Picture 1: Lab High level design


Picture 2: Low level design


  • redistribute 33.33.33.0/24 (external domain/connected) into EIGRP at R3

    The network 33.33.33.0/24 can be a different IGP than EIGRP or just a directly connected network (a loopback interface in our case).

    Because EIGRP differentiate between internal and external prefixes by assigning different Administrative Distances, the prefix 33.33.33.0/24 become (D EX) with AD=170.

router eigrp 123
redistribute connected metric 1500 1 100 1 1500 route-map rmap-connnected

ip prefix-list pfx-33 seq 5 permit 33.33.33.0/24

route-map rmap-connnected permit 10
match ip address prefix-list pfx-33
set tag 133

Picture 3: redistribution at R3:


  • Mutual redistribution between EIGRP & OSPF at R2

    For the sake of simplicity, EIGRP prefixes are redistributed into OSPF and vice-verse on R2 and 11.11.11.0/24 is redistributed into OSPF on R1 to check connectivity between 11.11.11.11 and 33.33.33.33

    R2:

router eigrp 123
redistribute ospf 124 route-map to-eigrp metric 1500 1 100 1 1500
!
router ospf 124
redistribute eigrp 123 subnets route-map to-ospf

ip prefix-list eigrp-pfx seq 5 permit 192.168.23.0/24

ip prefix-list eigrp-pfx seq 15 permit 192.168.13.0/24

ip prefix-list eigrp-pfx seq 25 permit 33.33.33.0/24

!

ip prefix-list ospf-pfx seq 5 permit 192.168.14.0/24

ip prefix-list ospf-pfx seq 15 permit 192.168.24.0/24

ip prefix-list ospf-pfx seq 25 permit 11.11.11.0/24

!

route-map to-ospf permit 10

match ip address prefix-list eigrp-pfx

set tag 100

route-map to-eigrp permit 10

match ip address prefix-list ospf-pfx

set tag 324

R1:

router ospf 124
redistribute eigrp 123 subnets route-map to-ospf
!
ip prefix-list 11-pfx seq 5 permit 11.11.11.0/24
!

route-map to-ospf permit 10

match ip address prefix-list 11-pfx

Picture4: Mutual redistribution between EIGRP & OSPF at R2


 Beware!

IOS will not alert you in case of the following errors during redistribution:

  • Wrong route map name
  • Wrong ACL/prefix-list name inside the route-map
  • Default metric not configured (EIGRP/OSPF/IS-IS)
  • test connectivity from the BR R1
R1#route4

33.0.0.0/24 is subnetted, 1 subnets

O E2 33.33.33.0 [110/20] via 192.168.14.4, 00:09:11, FastEthernet0/0


R1#


R1#sh ip eigrp topology
IP-EIGRP Topology Table for AS(123)/ID(1.1.1.1)
Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply,
r – reply Status, s – sia Status
P 11.11.11.0/24, 1 successors, FD is 128256

via Connected, Loopback11

P 33.33.33.0/24, 1 successors, FD is 1706752, tag is 200

via Redistributed (1706752/0)

P 192.168.13.0/24, 1 successors, FD is 281600

via Connected, FastEthernet0/1

R1#

R1#ping 33.33.33.33 source 11.11.11.11Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds:
Packet sent with a source address of 11.11.11.11
!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 124/129/132 ms

R1#

R1#trace 33.33.33.33 source 11.11.11.11

Type escape sequence to abort.

Tracing the route to 33.33.33.33

1 192.168.14.4 96 msec 32 msec 0 msec

2 192.168.24.2 76 msec 36 msec 36 msec

3 192.168.23.3 32 msec * 176 msec

R1#


Picture 5: primary path


Note that the primary path is through OSPF domain (suboptimal) because R1 has received the prefix 33.33.33.0/24 from R4 as an external OSPF prefix with (AD=110) which is better than the same prefix received from R1 through an external EIGRP with AD=170.

The same prefix is also present in EIGRP topology table.

  • Solutions :
    • 5.1- Control paths by controlling the redistribution on the border routers:

      This could be a case where your routing and security policies do not allow to reveal your internal prefixes and traffic to an external domain.

    • 5.2- Change the AD per-prefix:

      In case you need to guarantee route redundancy for internal traffic even through external domains.

    • 5.3- Filter prefixes from IGPs into the routing table using inbound distribute-list.
    • 5.4- Perform summarization to shorter subnet mask 

      So at the destination router receiving the update, the longest prefix is selected.

5.1- Control paths by controlling the redistribution at the border routers:

Simply do not make redundant or unnecessary redistribution, remember the split horizon between domains with multiple border routers:

DO NOT redistribute a prefix to its domain of origin, if needed, make the metric worse than those internally available.

5.2- Change the AD per-prefixes:

router ospf 124
distance 180 192.168.14.4 0.0.0.0 ACL33
!
ip access-list standard ACL33
permit 33.33.33.0 0.0.0.255 log

We need to clear OSPF process locally for the changes to take effect.

R1#clear ip ospf pr
Reset ALL OSPF processes? [no]: yes
R1#
*Mar 1 00:42:32.291: %OSPF-5-ADJCHG: Process 124, Nbr 4.4.4.4 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Mar 1 00:42:32.851: %OSPF-5-ADJCHG: Process 124, Nbr 4.4.4.4 on FastEthernet0/0 from LOADING to FULL, Loading Done

R1#

R1#sh ip route

Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0

C 192.168.13.0/24 is directly connected, FastEthernet0/1

C 192.168.14.0/24 is directly connected, FastEthernet0/0

33.0.0.0/24 is subnetted, 1 subnets

D EX 33.33.33.0 [170/1732352] via 192.168.13.3, 00:00:12, FastEthernet0/1

D EX 192.168.24.0/24 [170/1757952] via 192.168.13.3, 00:00:12, FastEthernet0/1

D 192.168.23.0/24 [90/307200] via 192.168.13.3, 00:21:44, FastEthernet0/1

11.0.0.0/24 is subnetted, 1 subnets

C 11.11.11.0 is directly connected, Loopback11

C 192.168.0.0/24 is directly connected, FastEthernet1/0

44.0.0.0/32 is subnetted, 1 subnets

O 44.44.44.44 [110/11] via 192.168.14.4, 00:00:00, FastEthernet0/0

R1#

Now the RIB has chosen the path provided by EIGRP, let’s take a look at OSPF database:

R1#sh ip ospf data
OSPF Router with ID (1.1.1.1) (Process ID 124)

Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag

11.11.11.0 1.1.1.1 277 0x80000002 0x003A40 0

33.33.33.0 2.2.2.2 811 0x80000002 0x0010BF 100

192.168.13.0 2.2.2.2 1581 0x80000001 0x007944 100

192.168.23.0 2.2.2.2 811 0x80000002 0x0009A9 100

R1#

OSPF prefix 33.33.33.0/24 is still there but with a worse administrative distance of 180.

We can verify it by simulating a failure between R1 and R3, let’s see the result at R1:

R3(config-if)#int fa0/1R3(config-if)#sh
R3(config-if)#
*Mar 1 00:49:30.591: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 123: Neighbor 192.168.13.1 (FastEthernet0/1) is down: interface down
*Mar 1 00:49:32.503: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down

*Mar 1 00:49:33.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

R3(config-if)#


R1#sh ip route

Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0

C 192.168.13.0/24 is directly connected, FastEthernet0/1

C 192.168.14.0/24 is directly connected, FastEthernet0/0

33.0.0.0/24 is subnetted, 1 subnets

O E2 33.33.33.0 [110/20] via 192.168.14.4, 00:08:09, FastEthernet0/0

O 192.168.24.0/24 [110/20] via 192.168.14.4, 00:08:09, FastEthernet0/0

O E2 192.168.23.0/24 [110/20] via 192.168.14.4, 00:01:13, FastEthernet0/0

11.0.0.0/24 is subnetted, 1 subnets

C 11.11.11.0 is directly connected, Loopback11

C 192.168.0.0/24 is directly connected, FastEthernet1/0

44.0.0.0/32 is subnetted, 1 subnets

O 44.44.44.44 [110/11] via 192.168.14.4, 00:08:13, FastEthernet0/0

R1#

5.3- Filter prefixes from IGPs into the routing table using inbound distribute-list.

Before applying distribute list inbound under OSPF

R1(config-router)#do route4
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
C 192.168.13.0/24 is directly connected, FastEthernet0/1

C 192.168.14.0/24 is directly connected, FastEthernet0/0

33.0.0.0/24 is subnetted, 1 subnets

O E2 33.33.33.0 [110/20] via 192.168.14.4, 00:00:03, FastEthernet0/0

O 192.168.24.0/24 [110/20] via 192.168.14.4, 00:00:03, FastEthernet0/0

D 192.168.23.0/24 [90/307200] via 192.168.13.3, 00:00:37, FastEthernet0/1

11.0.0.0/24 is subnetted, 1 subnets

C 11.11.11.0 is directly connected, Loopback11

C 192.168.0.0/24 is directly connected, FastEthernet1/0

44.0.0.0/32 is subnetted, 1 subnets

O 44.44.44.44 [110/11] via 192.168.14.4, 00:00:03, FastEthernet0/0

R1(config-router)#

R1:

router ospf 124
distribute-list ACL_NO_33 in FastEthernet0/0
!
ip access-list standard ACL_NO_33
deny 33.33.33.0 0.0.0.255

Clear OSPF process for filtering to take effect

R1#clear ip ospf pro
Reset ALL OSPF processes? [no]: yes
R1#
*Mar 1 05:58:23.862: %OSPF-5-ADJCHG: Process 124, Nbr 4.4.4.4 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Mar 1 05:58:24.266: %OSPF-5-ADJCHG: Process 124, Nbr 4.4.4.4 on FastEthernet0/0 from LOADING to FULL, Loading Done

R1#

R1#route4
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
C 192.168.13.0/24 is directly connected, FastEthernet0/1

C 192.168.14.0/24 is directly connected, FastEthernet0/0

33.0.0.0/24 is subnetted, 1 subnets

D EX 33.33.33.0 [170/1732352] via 192.168.13.3, 00:00:12, FastEthernet0/1

D EX 192.168.24.0/24 [170/1757952] via 192.168.13.3, 00:00:12, FastEthernet0/1

D 192.168.23.0/24 [90/307200] via 192.168.13.3, 00:04:17, FastEthernet0/1

11.0.0.0/24 is subnetted, 1 subnets

C 11.11.11.0 is directly connected, Loopback11

C 192.168.0.0/24 is directly connected, FastEthernet1/0

R1#

5.4- Prefix summarization:

Let’s perform summarization of the prefix 33.33.33.0/24 on R3 to a shorter mask length of /16 before announcing it to R1.

R4 before summarization:

R4#s ip route

33.0.0.0/24 is subnetted, 1 subnets
O E2 33.33.33.0 [110/20] via 192.168.24.2, 00:16:28, FastEthernet0/1

R4#

R1 before summarization:

R1(config-router)#do s ip route

33.0.0.0/24 is subnetted, 1 subnets
O E2 33.33.33.0 [110/20] via 192.168.14.4, 00:00:15, FastEthernet0/0

R1(config-router)#

R1 EIGRP topology

R1(config-router)#do s ip eigrp topo
IP-EIGRP Topology Table for AS(123)/ID(1.1.1.1)

via Connected, Loopback11
P 33.33.33.0/24, 1 successors, FD is 1706752, tag is 200

via Redistributed (1706752/0)

….

R1(config-router)#

For the sake of route consistency inside areas, summarization has to be done at the ABR or ASBR.

Summarization on R3 (ASBR router):

R2(config)#router ospf 124R2(config-router)#summary-address 33.33.0.0 255.255.0.0 tag 666

Now let’s take a look again at the routing table of R1:

R1#route4

33.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

O E2 33.33.0.0/16 [110/20] via 192.168.14.4, 00:07:43, FastEthernet0/0

D EX 33.33.33.0/24

[170/1732352] via 192.168.13.3, 00:07:43, FastEthernet0/1


R1#

R1 has received the summary address 33.0.0.0/16 and consider it as different from 33.33.33.0/24 received through EIGRP.

To forward traffic, RIB chooses the longest match i.e. 33.33.33.0/24

R1#trace 33.33.33.33 source 11.11.11.11Type escape sequence to abort.
Tracing the route to 33.33.33.33
1 192.168.13.3 48 msec * 24 msec
R1#



Conclusion

The following are the techniques used to manipulate internal routing protocol paths:

1- Control what prefixes and where to redistribute.

2- Manipulate AD per-prefix (be careful with this technique!)

3- Filter prefixes from IGPs into the routing table using inbound distribute-list.

4- Summarization to shorter subnet mask on the source router.


%d bloggers like this: