Administrative Distance, prefix length, metric… Who is the winner?


  • The Concept
  • Procedural tasks
  • Result table
  • Conclusion

The concept

The idea of the lab is to test the RIB best route election criteria of a border router. To do so, four overlapping subnets are configured in different parts of the network and available to a border router through different routing protocols. One of them is directly connected.

All prefixes are made available and reachable in the same time to see who is going to be elected as best route, then remove the winner from the competition by making the corresponding path unavailable and iterate the selection process until the last path.

One directly connected segment and three routing protocols, so four administrative distances: directly connected (AD=0), RIP(AD=120),OSPF(AD=110) and EIGRP internal(AD=90).

Each protocol has two unequal paths (different metrics) to reach the same prefix.

Prefix masks are configured to be inversely proportional to routing protocol administrative distances.

Lab topology

6VPE MPLS

Procedural tasks

For each test case, the routing table is checked for the best route, a trace route to check the path and make the winner path unavailable.




Result table

Classification

Mask length

metric

AD

prefix

Path

Routing protocol

4

28

110

110

192.168.1.64

A

OSPF

3

74

192.168.1.64

B

1

29

1

120

192.168.1.64

C

RIP

2

2

192.168.1.64

D

6

27

32195456

90

192.168.1.64

E

EIGRP

5

2195456

192.168.1.64

F

7

26

0

0

192.168.1.64

G


Directly connected

RIB looks at the mask length first. The directly connected prefix with the shortest mask length is considered last as the longer the mask, the more accurate the prefix.

Conclusion

With the same prefix and different mask lengths, the border router considers the following criteria in order of preference:

  1. Longest mask among all routing protocols
  2. Lowest cost with the same routing protocol
Advertisements

IPv6 routing protocol redistribution


Though the transition period from IPv4 to IPv6 is going to last for a long time in which both protocols will coexist, we shouldn’t forget that the final goal of IPv6 is to completely replace IPv4.

The best way to gain more experience with the new intricacies and challenges of IPv6 is to test IPv6-based services in the presence of IPv4 as well in a pure IPv6 environment.

The purpose of this lab is to test redistribution between IPv6 routing protocols in an exclusively IPv6 environment.

So I am following exactly the same scenario as the previous post about IPv4 redistribution and I will point out some particularities related to IPv6.

I will start by the problematic design of redistribution from one routing domain into another with lower (better) administrative distance.

If you are not familiar with routing redistribution I strongly recommend you to take a look at the previous post.

Redistribution from one routing domain into another with lower (better) administrative distance:

All the following topologies are subject to the same concept:

As an example, I picked up the case where the source routing domain is EIGRP (internal prefix AD =90 and external prefix AD = 170) and the destination domain is OSPF with a better AD of 110.

Picture 1: Lab High level design


Picture 2: Low level design


Lab content:

1- Redistribution
2- Test connectivity from the BR R1
3- Solutions to overcome suboptimal paths
   3.1- Control paths by controlling the redistribution at the border routers
   3.2- Change the AD per-prefixes
   3.3- Filter prefixes from IGPs into the routing table using inbound distribute-list
   3.4- Prefix summarization
4- Troubleshooting notes5- Conclusion

1- Redistribution

– Redistribute 2001:DB8:123:3333::/64 (external domain/connected) into EIGRP at R3

The network 2001:DB8:123:3333::/64 can be administred with a different IGP than EIGRP or just a directly connected network (a loopback interface in our case).

Because EIGRP differentiates between internal and external prefixes by assigning different Administrative Distances, the prefix 2001:DB8:123:3333::/64 become (D EX) with AD=170.

ipv6 router eigrp 123
router-id 3.3.3.33
no shutdown
redistribute ospf 123 metric 1500 1 100 1 1500 route-map to-eigrp include-connected
!
ipv6 prefix-list ospf-pfx seq 5 permit 2001:DB8:123:3333::/64
!

!

route-map to-eigrp permit 10

match ipv6 address prefix-list ospf-pfx

set tag 3333

Picture 3: redistribution at R3:


– Mutual redistribution between EIGRP & OSPF at R2

For the sake of simplicity, EIGRP prefixes are redistributed into OSPF and vice-verse on R2.

R2:

ipv6 router eigrp 123
router-id 2.2.2.2
no shutdown
redistribute ospf 124 metric 1500 1 100 1 1500 include-connected
!
ipv6 router ospf 124
router-id 2.2.2.22

log-adjacency-changes

redistribute eigrp 123 route-map from-eigrp include-connected

!

!ipv6 prefix-list eigrp-prfx seq 10 permit 2001:DB8:123:2222::/64

ipv6 prefix-list eigrp-prfx seq 20 permit 2001:DB8:123:1111::/64

ipv6 prefix-list eigrp-prfx seq 30 permit 2001:DB8:123:13::/126

ipv6 prefix-list eigrp-prfx seq 40 permit 2001:DB8:123:23::/126

!

ipv6 prefix-list ospf-prfx seq 10 permit 2001:DB8:124:14::/126

ipv6 prefix-list ospf-prfx seq 20 permit 2001:DB8:124:24::/126

ipv6 prefix-list ospf-prfx seq 30 permit 2001:DB8:124:4444::/64

!

!

route-map from-ospf permit 10

match ipv6 address prefix-list ospf-prfx

!

route-map from-eigrp permit 10

match ipv6 address prefix-list eigrp-prfx

!

route-map from-eigrp permit 20

match tag 3333

R1:

ipv6 router eigrp 123
router-id 1.1.1.11
no shutdown
!
ipv6 router ospf 124
router-id 1.1.1.1

Picture4: Mutual redistribution between EIGRP & OSPF at R2


2-Test connectivity from the BR R1

R1#sh ipv6 route
IPv6 Routing Table – 14 entries

OE2 2001:DB8:123:3333::/64 [110/20], tag 3333

via FE80::C003:42FF:FED8:0, FastEthernet0/0


R1#

R1#sh ipv6 eigrp topology
IPv6-EIGRP Topology Table for AS(123)/ID(1.1.1.11)

P 2001:DB8:123:3333::/64, 0 successors, FD is Inaccessible, tag is 3333

via FE80::C002:42FF:FED8:0 (1732352/1706752), FastEthernet0/1


R1#

R1#sh ipv6 eigrp topology
IPv6-EIGRP Topology Table for AS(123)/ID(1.1.1.11)Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply,
r – reply Status, s – sia Status

P 2001:DB8:124:14::/126, 0 successors, FD is Inaccessible

via FE80::C002:42FF:FED8:0 (1757952/1732352), FastEthernet0/1

P 2001:DB8:123:13::/126, 1 successors, FD is 281600

via Connected, FastEthernet0/1

P 2001:DB8:123:1111::/64, 1 successors, FD is 128256

via Connected, Loopback1

P 2001:DB8:123:3333::/64, 0 successors, FD is Inaccessible, tag is 3333

via FE80::C002:42FF:FED8:0 (1732352/1706752), FastEthernet0/1

P 2001:DB8:123:2222::/64, 1 successors, FD is 435200

via FE80::C002:42FF:FED8:0 (435200/409600), FastEthernet0/1

P 2001:DB8:124:24::/126, 0 successors, FD is Inaccessible

via FE80::C002:42FF:FED8:0 (1757952/1732352), FastEthernet0/1

P 2001:DB8:123:23::/126, 1 successors, FD is 307200

via FE80::C002:42FF:FED8:0 (307200/281600), FastEthernet0/1

P 2001:DB8:124:4444::/64, 0 successors, FD is Inaccessible

via FE80::C002:42FF:FED8:0 (1757952/1732352), FastEthernet0/1

R1#

R1#sh ipv6 route 2001:DB8:123:3333::3/64
IPv6 Routing Table – 14 entries

OE2 2001:DB8:123:3333::/64 [110/20], tag 3333

via FE80::C003:42FF:FED8:0, FastEthernet0/0


R1#

0 Successor(s), FD is 4294967295 (Inaccessible)

Is seen in the EIGRP topology table (IPv4/IPv6). Remember that in a border router each protocol will separately calculate the route to a given destination and submit it to the RIB for the “competition”. The RIB will choose the best route to the prefix+mask and the unique winner protocol is the one with the lowest administrative distances.

Other protocols (losers) not happy with the decision of the RIB will mark their best route in their protocol table

  • EIGRP uses “0 Successor(s), FD is 4294967295 (Inaccessible)”
  • BGP uses “r> (RIB-failure)”

So EIGRP calculated a route to 2001:DB8:123:3333::3/64 directly through R3 and OSPF calculated a route to the same prefix 2001:DB8:123:3333::3/64 through R4.

The RIB will choose OSPF of course because it has better (smaller) administrative distance of 110 against 170 for EIGRP.

R1#ping ipv6 2001:DB8:123:3333::3Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:DB8:123:3333::3, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 60/68/84 ms

R1#

R1#traceroute ipv6 2001:DB8:123:3333::3

Type escape sequence to abort.

Tracing the route to 2001:DB8:123:3333::3

1 2001:DB8:124:14::2 32 msec 20 msec 20 msec

2 2001:DB8:124:24::1 48 msec 56 msec 40 msec

3 2001:DB8:123:3333::3 84 msec 32 msec 76 msec

R1#

Picture 5: primary path


The primary path to the prefix 2001:DB8:123:3333::3 is chosen through OSPF domain which is suboptimal because it is 1st redistributed into EIGRP123 then a second time into OSPF124.

We know that during redistribution between different protocols there is inevitable loss of homogeneity of routing information due to deformation of criteria: attributes for BGP, BW and delay for EIGRP, cost for OSPF and hop for RIP.

So what we can do at the border router to influence the choice of the best route to a given prefix?

3- Solutions

  • 3.1- Control paths by controlling the redistribution at the border routers:

    This could be a case where your routing and security policies do not allow to reveal your internal prefixes and traffic to an external domain.

  • 3.2- Change the AD per-prefixes:

    In case you need to guarantee route redundancy for internal traffic even through external domains.

  • 3.3- Filter prefixes from IGPs into the routing table using inbound distribute-list.
  • 3.4- Perform summarization to shorter subnet mask on the source router (remove from the competition by transform)

    So at the destination router receiving the update the longest prefix is selected

3.1- Control paths by controlling the redistribution at the border routers:

Simply do not make redundant or unnecessary redistribution, remember the split horizon between domains with multiple border routers:

DO NOT redistribute a prefix to its domain of origin, if needed, make the metric worse than those internally available.

3.2- Change the AD per-prefixes:

ipv6 router ospf 124
distance ospf external 180

R1(config-rtr)#do route6
IPv6 Routing Table – 14 entries

D 2001:DB8:123:23::/126 [90/307200]

via FE80::C002:42FF:FED8:0, FastEthernet0/1


D 2001:DB8:123:2222::/64 [90/435200]

via FE80::C002:42FF:FED8:0, FastEthernet0/1

EX 2001:DB8:123:3333::/64 [170/1732352], tag 3333

via FE80::C002:42FF:FED8:0, FastEthernet0/1


R1(config-rtr)#

Now prefixes originated from EIGRP, including the redistributed 2001:DB8:123:3333::/64, are reachable through EIGRP, because their OSPF EXT variants have worse administrative distance 180 against 170.

R1(config-rtr)#do sh ipv6 ospf data OSPFv3 Router with ID (1.1.1.1) (Process ID 124)

Type-5 AS External Link States

ADV Router Age Seq# Prefix

2.2.2.22 970 0x80000006 2001:DB8:123:13::/126

2.2.2.22 970 0x80000006 2001:DB8:123:23::/126

2.2.2.22 970 0x80000006 2001:DB8:123:1111::/64

2.2.2.22 970 0x80000006 2001:DB8:123:2222::/64

2.2.2.22 970 0x80000006 2001:DB8:123:3333::/64

R1(config-rtr)#

Let’s simulate a failure in the link between R1 and R3:

R3(config)#int fa0/0
R3(config-if)#sh
R3(config-if)#
*Mar 1 04:26:19.938: %DUAL-5-NBRCHANGE: IPv6-EIGRP(0) 123: Neighbor FE80::C000:42FF:FED8:1 (FastEthernet0/0) is down: interface down
*Mar 1 04:26:21.910: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
*Mar 1 04:26:22.910: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
R3(config-if)#

Now, EIGRP prefixes reachable through OSPF.

R1(config-rtr)#do sh ipv6 route
IPv6 Routing Table – 14 entries

OE2 2001:DB8:123:23::/126 [180/20]
via FE80::C003:42FF:FED8:0, FastEthernet0/0
OE2 2001:DB8:123:2222::/64 [180/20]
via FE80::C003:42FF:FED8:0, FastEthernet0/0

OE2 2001:DB8:123:3333::/64 [180/20], tag 3333

via FE80::C003:42FF:FED8:0, FastEthernet0/0


R1(config-rtr)#

3.3- Filter prefixes from IGPs into the routing table using inbound distribute-list.

Before applying distribute list inbound under OSPF

IPv6 Routing Table – 14 entries

OE2 2001:DB8:123:3333::/64 [110/20], tag 3333
via FE80::C003:42FF:FED8:0, FastEthernet0/0

R1#

R1:

R1(config)#ipv6 router ospf 124
R1(config-rtr)#distribute-list prefix-list 3333_prfx in
R1(config-rtr)#exit
R1(config)#ipv6 prefix-list 3333_prfx deny 2001:DB8:123:3333::/64
R1(config)#ipv6 prefix-list 3333_prfx seq 10 permit ::/0 le 128

Note the default route used in the prefix-list ::/0 le 128 is different from the one used in IPv6 default static route abd the routing table ::/0

R1(config)#do route6
IPv6 Routing Table – 14 entries

EX
2001:DB8:123:3333::/64 [170/1732352], tag 3333
via FE80::C002:42FF:FED8:0, FastEthernet0/1

R1(config)#

3.4- Prefix summarization:

Let’s perform summarization of the prefix 2001:DB8:123:3333::3 on R3 to a shorter mask length of /60 before announcing it to R4 then to R1.

R4 before summarization:

R4#route6
IPv6 Routing Table – 14 entries

via FE80::C001:42FF:FED8:0, FastEthernet0/1
OE2
2001:DB8:123:3333::/64 [110/20], tag 3333

R4#

R1 before summarization:

R1(config-rtr)#do route6
IPv6 Routing Table – 15 entries

EX
2001:DB8:123:3333::/64 [170/1732352], tag 3333
via FE80::C002:42FF:FED8:0, FastEthernet0/1

R1(config-rtr)#

To keep the routing information consistent inside OSPF area, summarization has to be done at the ABR or ASBR.

Summarization on R2 (ASBR router):

R2(config)#no router ospf 124
R2(config-rtr)#summary-prefix 2001:DB8:123:3333::3/60

Now let’s take a look again at the routing table of R1 and R4:

R4#route6
IPv6 Routing Table – 14 entries

OE2 2001:DB8:123:3330::/60 [110/20]
via FE80::C001:42FF:FED8:0, FastEthernet0/1

R4#

R1(config-rtr)#do route6
IPv6 Routing Table – 16 entries

OE2 2001:DB8:123:3330::/60 [110/20]

via FE80::C003:42FF:FED8:0, FastEthernet0/0

EX 2001:DB8:123:3333::/64 [170/1732352], tag 3333

via FE80::C002:42FF:FED8:0, FastEthernet0/1


R1(config-rtr)#

R1 has received the summary address 2001:DB8:123:3330::/60 and consider it as different from 2001:DB8:123:3333::/64 received through EIGRP.

To forward traffic, RIB will chooses the longest match i.e. 2001:DB8:123:3333::3

R1#traceroute ipv6 2001:DB8:123:3333::3
 
Type escape sequence to abort.

Tracing the route to 2001:DB8:123:3333::3

1 2001:DB8:123:3333::3 60 msec 24 msec 60 msec

R1#

 

4-Troubleshooting notes

*) Redistribution doesn’t work :
– Check typing errors in route-maps and prefix-lists names because IOS will not alert you in case of the following errors during redistribution:
– Wrong route map name
– Wrong ACL/prefix-list name inside the route-map
– Default metric not configured (EIGRP/RIP/IS-IS)
– Check whether the prefix you want to redistribute exists in the RIB of the border router and belongs to the IGP source of the redistribution.
– IPv6 routing requires only link-local addresses (fe80::/10) to a establish the relationships within a segment, even if the mask or the subnet doesn’t match.

The discrepancies will emerge later. So make sure to carefully plan and deploy your address scheme.

*) EIGRP for IPv6 is by default shut down

*) Misconfiguration errors:

– Many IPv6 commands are the same as for IPv4, the keyword “ip” is replaced by “ipv6”. Nevertheless, what is easy to do can also be easy not to do. After a couple of hours with the contrast of the CLI, you will start glazing over J and you will notice that the device doesn’t react to your commands.

That’s a sign that something intrinsically wrong, like typing in the wrong router console, copy/past wrong fragments or typing “ip” instead of “ipv6.”

5- Conclusion

Following some techniques used to manipulate internal routing protocol paths:

1- Control what prefixes and where to redistribute.

2- Manipulate AD per-prefix (be careful with this technique!)

3- Filter prefixes from IGPs into the routing table using inbound distribute-list.

4- Summarization to shorter subnet mask on the source router.


Routing Protocol Redistribution and Path optimization



Case A: Redistribution from one routing domain into another with higher (worse) administrative distance:

All the following topologies are subject to the same concept:

As an example, I picked up the case where the source routing domain is OSPF (AD=110) and the destination administrative domain is EIGRP (internal prefix AD =90 and external prefix AD = 170).

Picture 1: Lab High level design


Picture 2: Low level design


  • redistribute 33.33.33.0/24 (external domain/connected) into OSPF at R3
router ospf 123
redistribute connected route-map rmap-connnected subnets

ip prefix-list pfx-33 seq 5 permit 33.33.33.0/24

route-map rmap-connnected permit 10
match ip address prefix-list pfx-33
set tag 133

Picture 3: redistribution at R3:


  • Mutual redistribution between EIGRP & OSPF at R2
router eigrp 124
redistribute ospf 123 route-map to-eigrp metric 1500 1 100 1 1500
!router ospf 123
network 192.168.23.0 0.0.0.255 area 0
redistribute eigrp 124 subnets route-map to-ospf

ip prefix-list eigrp-pfx seq 5 permit 192.168.14.0/24
ip prefix-list eigrp-pfx seq 15 permit 192.168.24.0/24

!

ip prefix-list ospf-pfx seq 5 permit 192.168.23.0/24

ip prefix-list ospf-pfx seq 15 permit 192.168.13.0/24

ip prefix-list ospf-pfx seq 25 permit 33.33.33.0/24

route-map to-ospf permit 10

match ip address prefix-list eigrp-pfx

set tag 100

!

route-map to-eigrp permit 10

match ip address prefix-list ospf-pfx

set tag 324

Picture4: Mutual redistribution between EIGRP & OSPF at R2


 Beware!

IOS will not alert you in case of the following errors during redistribution:

  • Wrong route map name
  • Wrong ACL/prefix-list name inside the route-map
  • Default metric not configured (EIGRP/OSPF/IS-IS)
  • test connectivity from the BR R1

    Picture 5: primary path


R1#sh ip eigrp topology
IP-EIGRP Topology Table for AS(124)/ID(11.11.11.11)

Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply,
r – reply Status, s – sia Status

P 33.33.33.0/24, 0 successors, FD is Inaccessible, tag is 324
via 192.168.14.4 (1757952/1732352), FastEthernet0/0
P 192.168.13.0/24, 0 successors, FD is Inaccessible, tag is 324

via 192.168.14.4 (1757952/1732352), FastEthernet0/0

P 192.168.14.0/24, 1 successors, FD is 281600

via Connected, FastEthernet0/0

P 192.168.24.0/24, 1 successors, FD is 307200

via 192.168.14.4 (307200/281600), FastEthernet0/0

P 192.168.23.0/24, 0 successors, FD is Inaccessible, tag is 324

via 192.168.14.4 (1757952/1732352), FastEthernet0/0

R1#

R1#ping 33.33.33.33

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/31/64 ms
R1#trace 33.33.33.33

Type escape sequence to abort.

Tracing the route to 33.33.33.33

1 192.168.13.3 68 msec * 52 msec

R1#

  • Simulate a failure on R3 fa0/1

    A link failure is simulated by shuting down R3 fa0/1 interface to check path redundancy

R3(config-if)#int fa0/1

R3(config-if)#sh

R3(config-if)#

*Mar 1 01:00:07.515: %OSPF-5-ADJCHG: Process 123, Nbr 1.1.1.1 on FastEthernet0/1 from FULL to DOWN, Neighbor Down: Interface down or detached

*Mar 1 01:00:09.487: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down

*Mar 1 01:00:10.487: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

R3(config-if)#

  • Test connectivity at R1

    Picture6: path redundancy

R1#route4

33.0.0.0/24 is subnetted, 1 subnets
D EX 33.33.33.0 [170/1757952] via 192.168.14.4, 00:00:01, FastEthernet0/0

R1#

Only in the absence of a better choice R1 chose EIGRP path through external domain

R1#ping 33.33.33.33 source 192.168.14.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds:
Packet sent with a source address of 192.168.14.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/139/220 ms

R1#

R1#
R1#trace 33.33.33.33 source 192.168.14.1

Type escape sequence to abort.
Tracing the route to 33.33.33.33

1 192.168.14.4 112 msec 32 msec 44 msec
2 192.168.24.2 44 msec 36 msec 56 msec
3 192.168.23.3 64 msec * 88 msec

R1#

Case B: Redistribution from one routing domain into another with lower (better) administrative distance:

All the following topologies are subject to the same concept:

As an example, I picked up the case where the source routing domain is EIGRP (internal prefix AD =90 and external prefix AD = 170) and the destination administrative is domain OSPF with a better AD of 110.

Picture 1: Lab High level design


Picture 2: Low level design


  • redistribute 33.33.33.0/24 (external domain/connected) into EIGRP at R3

    The network 33.33.33.0/24 can be a different IGP than EIGRP or just a directly connected network (a loopback interface in our case).

    Because EIGRP differentiate between internal and external prefixes by assigning different Administrative Distances, the prefix 33.33.33.0/24 become (D EX) with AD=170.

router eigrp 123
redistribute connected metric 1500 1 100 1 1500 route-map rmap-connnected

ip prefix-list pfx-33 seq 5 permit 33.33.33.0/24

route-map rmap-connnected permit 10
match ip address prefix-list pfx-33
set tag 133

Picture 3: redistribution at R3:


  • Mutual redistribution between EIGRP & OSPF at R2

    For the sake of simplicity, EIGRP prefixes are redistributed into OSPF and vice-verse on R2 and 11.11.11.0/24 is redistributed into OSPF on R1 to check connectivity between 11.11.11.11 and 33.33.33.33

    R2:

router eigrp 123
redistribute ospf 124 route-map to-eigrp metric 1500 1 100 1 1500
!
router ospf 124
redistribute eigrp 123 subnets route-map to-ospf

ip prefix-list eigrp-pfx seq 5 permit 192.168.23.0/24

ip prefix-list eigrp-pfx seq 15 permit 192.168.13.0/24

ip prefix-list eigrp-pfx seq 25 permit 33.33.33.0/24

!

ip prefix-list ospf-pfx seq 5 permit 192.168.14.0/24

ip prefix-list ospf-pfx seq 15 permit 192.168.24.0/24

ip prefix-list ospf-pfx seq 25 permit 11.11.11.0/24

!

route-map to-ospf permit 10

match ip address prefix-list eigrp-pfx

set tag 100

route-map to-eigrp permit 10

match ip address prefix-list ospf-pfx

set tag 324

R1:

router ospf 124
redistribute eigrp 123 subnets route-map to-ospf
!
ip prefix-list 11-pfx seq 5 permit 11.11.11.0/24
!

route-map to-ospf permit 10

match ip address prefix-list 11-pfx

Picture4: Mutual redistribution between EIGRP & OSPF at R2


 Beware!

IOS will not alert you in case of the following errors during redistribution:

  • Wrong route map name
  • Wrong ACL/prefix-list name inside the route-map
  • Default metric not configured (EIGRP/OSPF/IS-IS)
  • test connectivity from the BR R1
R1#route4

33.0.0.0/24 is subnetted, 1 subnets

O E2 33.33.33.0 [110/20] via 192.168.14.4, 00:09:11, FastEthernet0/0


R1#


R1#sh ip eigrp topology
IP-EIGRP Topology Table for AS(123)/ID(1.1.1.1)
Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply,
r – reply Status, s – sia Status
P 11.11.11.0/24, 1 successors, FD is 128256

via Connected, Loopback11

P 33.33.33.0/24, 1 successors, FD is 1706752, tag is 200

via Redistributed (1706752/0)

P 192.168.13.0/24, 1 successors, FD is 281600

via Connected, FastEthernet0/1

R1#

R1#ping 33.33.33.33 source 11.11.11.11Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds:
Packet sent with a source address of 11.11.11.11
!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 124/129/132 ms

R1#

R1#trace 33.33.33.33 source 11.11.11.11

Type escape sequence to abort.

Tracing the route to 33.33.33.33

1 192.168.14.4 96 msec 32 msec 0 msec

2 192.168.24.2 76 msec 36 msec 36 msec

3 192.168.23.3 32 msec * 176 msec

R1#


Picture 5: primary path


Note that the primary path is through OSPF domain (suboptimal) because R1 has received the prefix 33.33.33.0/24 from R4 as an external OSPF prefix with (AD=110) which is better than the same prefix received from R1 through an external EIGRP with AD=170.

The same prefix is also present in EIGRP topology table.

  • Solutions :
    • 5.1- Control paths by controlling the redistribution on the border routers:

      This could be a case where your routing and security policies do not allow to reveal your internal prefixes and traffic to an external domain.

    • 5.2- Change the AD per-prefix:

      In case you need to guarantee route redundancy for internal traffic even through external domains.

    • 5.3- Filter prefixes from IGPs into the routing table using inbound distribute-list.
    • 5.4- Perform summarization to shorter subnet mask 

      So at the destination router receiving the update, the longest prefix is selected.

5.1- Control paths by controlling the redistribution at the border routers:

Simply do not make redundant or unnecessary redistribution, remember the split horizon between domains with multiple border routers:

DO NOT redistribute a prefix to its domain of origin, if needed, make the metric worse than those internally available.

5.2- Change the AD per-prefixes:

router ospf 124
distance 180 192.168.14.4 0.0.0.0 ACL33
!
ip access-list standard ACL33
permit 33.33.33.0 0.0.0.255 log

We need to clear OSPF process locally for the changes to take effect.

R1#clear ip ospf pr
Reset ALL OSPF processes? [no]: yes
R1#
*Mar 1 00:42:32.291: %OSPF-5-ADJCHG: Process 124, Nbr 4.4.4.4 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Mar 1 00:42:32.851: %OSPF-5-ADJCHG: Process 124, Nbr 4.4.4.4 on FastEthernet0/0 from LOADING to FULL, Loading Done

R1#

R1#sh ip route

Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0

C 192.168.13.0/24 is directly connected, FastEthernet0/1

C 192.168.14.0/24 is directly connected, FastEthernet0/0

33.0.0.0/24 is subnetted, 1 subnets

D EX 33.33.33.0 [170/1732352] via 192.168.13.3, 00:00:12, FastEthernet0/1

D EX 192.168.24.0/24 [170/1757952] via 192.168.13.3, 00:00:12, FastEthernet0/1

D 192.168.23.0/24 [90/307200] via 192.168.13.3, 00:21:44, FastEthernet0/1

11.0.0.0/24 is subnetted, 1 subnets

C 11.11.11.0 is directly connected, Loopback11

C 192.168.0.0/24 is directly connected, FastEthernet1/0

44.0.0.0/32 is subnetted, 1 subnets

O 44.44.44.44 [110/11] via 192.168.14.4, 00:00:00, FastEthernet0/0

R1#

Now the RIB has chosen the path provided by EIGRP, let’s take a look at OSPF database:

R1#sh ip ospf data
OSPF Router with ID (1.1.1.1) (Process ID 124)

Type-5 AS External Link States
Link ID ADV Router Age Seq# Checksum Tag

11.11.11.0 1.1.1.1 277 0x80000002 0x003A40 0

33.33.33.0 2.2.2.2 811 0x80000002 0x0010BF 100

192.168.13.0 2.2.2.2 1581 0x80000001 0x007944 100

192.168.23.0 2.2.2.2 811 0x80000002 0x0009A9 100

R1#

OSPF prefix 33.33.33.0/24 is still there but with a worse administrative distance of 180.

We can verify it by simulating a failure between R1 and R3, let’s see the result at R1:

R3(config-if)#int fa0/1R3(config-if)#sh
R3(config-if)#
*Mar 1 00:49:30.591: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 123: Neighbor 192.168.13.1 (FastEthernet0/1) is down: interface down
*Mar 1 00:49:32.503: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down

*Mar 1 00:49:33.503: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

R3(config-if)#


R1#sh ip route

Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0

C 192.168.13.0/24 is directly connected, FastEthernet0/1

C 192.168.14.0/24 is directly connected, FastEthernet0/0

33.0.0.0/24 is subnetted, 1 subnets

O E2 33.33.33.0 [110/20] via 192.168.14.4, 00:08:09, FastEthernet0/0

O 192.168.24.0/24 [110/20] via 192.168.14.4, 00:08:09, FastEthernet0/0

O E2 192.168.23.0/24 [110/20] via 192.168.14.4, 00:01:13, FastEthernet0/0

11.0.0.0/24 is subnetted, 1 subnets

C 11.11.11.0 is directly connected, Loopback11

C 192.168.0.0/24 is directly connected, FastEthernet1/0

44.0.0.0/32 is subnetted, 1 subnets

O 44.44.44.44 [110/11] via 192.168.14.4, 00:08:13, FastEthernet0/0

R1#

5.3- Filter prefixes from IGPs into the routing table using inbound distribute-list.

Before applying distribute list inbound under OSPF

R1(config-router)#do route4
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
C 192.168.13.0/24 is directly connected, FastEthernet0/1

C 192.168.14.0/24 is directly connected, FastEthernet0/0

33.0.0.0/24 is subnetted, 1 subnets

O E2 33.33.33.0 [110/20] via 192.168.14.4, 00:00:03, FastEthernet0/0

O 192.168.24.0/24 [110/20] via 192.168.14.4, 00:00:03, FastEthernet0/0

D 192.168.23.0/24 [90/307200] via 192.168.13.3, 00:00:37, FastEthernet0/1

11.0.0.0/24 is subnetted, 1 subnets

C 11.11.11.0 is directly connected, Loopback11

C 192.168.0.0/24 is directly connected, FastEthernet1/0

44.0.0.0/32 is subnetted, 1 subnets

O 44.44.44.44 [110/11] via 192.168.14.4, 00:00:03, FastEthernet0/0

R1(config-router)#

R1:

router ospf 124
distribute-list ACL_NO_33 in FastEthernet0/0
!
ip access-list standard ACL_NO_33
deny 33.33.33.0 0.0.0.255

Clear OSPF process for filtering to take effect

R1#clear ip ospf pro
Reset ALL OSPF processes? [no]: yes
R1#
*Mar 1 05:58:23.862: %OSPF-5-ADJCHG: Process 124, Nbr 4.4.4.4 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Mar 1 05:58:24.266: %OSPF-5-ADJCHG: Process 124, Nbr 4.4.4.4 on FastEthernet0/0 from LOADING to FULL, Loading Done

R1#

R1#route4
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
C 192.168.13.0/24 is directly connected, FastEthernet0/1

C 192.168.14.0/24 is directly connected, FastEthernet0/0

33.0.0.0/24 is subnetted, 1 subnets

D EX 33.33.33.0 [170/1732352] via 192.168.13.3, 00:00:12, FastEthernet0/1

D EX 192.168.24.0/24 [170/1757952] via 192.168.13.3, 00:00:12, FastEthernet0/1

D 192.168.23.0/24 [90/307200] via 192.168.13.3, 00:04:17, FastEthernet0/1

11.0.0.0/24 is subnetted, 1 subnets

C 11.11.11.0 is directly connected, Loopback11

C 192.168.0.0/24 is directly connected, FastEthernet1/0

R1#

5.4- Prefix summarization:

Let’s perform summarization of the prefix 33.33.33.0/24 on R3 to a shorter mask length of /16 before announcing it to R1.

R4 before summarization:

R4#s ip route

33.0.0.0/24 is subnetted, 1 subnets
O E2 33.33.33.0 [110/20] via 192.168.24.2, 00:16:28, FastEthernet0/1

R4#

R1 before summarization:

R1(config-router)#do s ip route

33.0.0.0/24 is subnetted, 1 subnets
O E2 33.33.33.0 [110/20] via 192.168.14.4, 00:00:15, FastEthernet0/0

R1(config-router)#

R1 EIGRP topology

R1(config-router)#do s ip eigrp topo
IP-EIGRP Topology Table for AS(123)/ID(1.1.1.1)

via Connected, Loopback11
P 33.33.33.0/24, 1 successors, FD is 1706752, tag is 200

via Redistributed (1706752/0)

….

R1(config-router)#

For the sake of route consistency inside areas, summarization has to be done at the ABR or ASBR.

Summarization on R3 (ASBR router):

R2(config)#router ospf 124R2(config-router)#summary-address 33.33.0.0 255.255.0.0 tag 666

Now let’s take a look again at the routing table of R1:

R1#route4

33.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

O E2 33.33.0.0/16 [110/20] via 192.168.14.4, 00:07:43, FastEthernet0/0

D EX 33.33.33.0/24

[170/1732352] via 192.168.13.3, 00:07:43, FastEthernet0/1


R1#

R1 has received the summary address 33.0.0.0/16 and consider it as different from 33.33.33.0/24 received through EIGRP.

To forward traffic, RIB chooses the longest match i.e. 33.33.33.0/24

R1#trace 33.33.33.33 source 11.11.11.11Type escape sequence to abort.
Tracing the route to 33.33.33.33
1 192.168.13.3 48 msec * 24 msec
R1#



Conclusion

The following are the techniques used to manipulate internal routing protocol paths:

1- Control what prefixes and where to redistribute.

2- Manipulate AD per-prefix (be careful with this technique!)

3- Filter prefixes from IGPs into the routing table using inbound distribute-list.

4- Summarization to shorter subnet mask on the source router.


%d bloggers like this: