Difference between revisions of "Route optimization"
| m (→PBR: Policy Based Routing) | m (→prefix lists) | ||
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | =  | + | = redistribution cavets = | 
| == Routing loops == | == Routing loops == | ||
| === redistribute RIP into OSPF example === | === redistribute RIP into OSPF example === | ||
| Line 37: | Line 37: | ||
| You can filter updates with distribute lists. The exampe below shows filtering of incoming updates. You can also filter outgoing updates. | You can filter updates with distribute lists. The exampe below shows filtering of incoming updates. You can also filter outgoing updates. | ||
| [[image:distribute_list.png|500px|none|thumb|distribute list example]] | [[image:distribute_list.png|500px|none|thumb|distribute list example]] | ||
| − | < | + | <source lang=cli> | 
| hostname B | hostname B | ||
| ! | ! | ||
| Line 46: | Line 46: | ||
| access-list 23 deny 90.0.0.0 0.0.255.255 | access-list 23 deny 90.0.0.0 0.0.255.255 | ||
| access-list 23 permit any | access-list 23 permit any | ||
| − | </ | + | </source> | 
| Router B Configuration of distribute list | Router B Configuration of distribute list | ||
| <br/><br/> | <br/><br/> | ||
| − | < | + | <source lang=cli> | 
| hostname E | hostname E | ||
| ! | ! | ||
| Line 58: | Line 58: | ||
| access-list 3 deny 80.0.0.0 0.0.255.255 | access-list 3 deny 80.0.0.0 0.0.255.255 | ||
| access-list 3 permit any | access-list 3 permit any | ||
| − | </ | + | </source> | 
| Router E Configuration of distribute list | Router E Configuration of distribute list | ||
| <br/><br/> | <br/><br/> | ||
| + | =prefix lists= | ||
| + | Routes in routetable | ||
| + | {|border=1 ;style="margin: 0 auto; text-align: center;cellpadding="5" cellspacing="0" | ||
| + | |+ Address groups | ||
| + | |- bgcolor=lightgrey | ||
| + | ! Nr. !!Network | ||
| + | |- | ||
| + | | 1 || 10.0.0.0/8 | ||
| + | |- | ||
| + | | 2 || 10.128.0.0/9 | ||
| + | |- | ||
| + | | 3 || 10.1.1.0/24 | ||
| + | |- | ||
| + | | 4 || 10.1.2.0/24 | ||
| + | |- | ||
| + | | 5 || 10.128.10.4/30 | ||
| + | |- | ||
| + | | 6 || 10.128.10.8/30 | ||
| + | |- | ||
| + | |} | ||
| + | |||
| + | {|border=1 ;style="margin: 0 auto; text-align: center;cellpadding="5" cellspacing="0" | ||
| + | |+ Address groups | ||
| + | |- bgcolor=lightgrey | ||
| + | ! Prefix list !!Matches in previos table | ||
| + | |- | ||
| + | | 10.0.0.0/8 || 1  | ||
| + | |- | ||
| + | | 10.128.0.0/9 || 2 | ||
| + | |- | ||
| + | | 10.0.0.0/8 ge 9|| 2,3,4,5,6 | ||
| + | |- | ||
| + | | 10.0.0.0/8 ge 24 le 24 || 3,4 | ||
| + | |- | ||
| + | | 10.0.0.0/8 le 24 || 1,2,3,4 | ||
| + | |- | ||
| + | | 0.0.0.0/0 || None | ||
| + | |- | ||
| + | | 0.0.0.0/0 le 32 || All | ||
| + | |} | ||
| + | {{:Prefix-list Cisco IOS}} | ||
| + | |||
| = PBR: Policy Based Routing = | = PBR: Policy Based Routing = | ||
| PBR or Policy Based Routing gives more control and more options than distribute lists - see above. | PBR or Policy Based Routing gives more control and more options than distribute lists - see above. | ||
| Line 68: | Line 110: | ||
| In the picture below the traffic from 192.168.1.0/24 on E0 interface must route to ISP1 and | In the picture below the traffic from 192.168.1.0/24 on E0 interface must route to ISP1 and | ||
| traffic from 172.16.1.0/24 on E1 must route to ISP1. | traffic from 172.16.1.0/24 on E1 must route to ISP1. | ||
| − | < | + | <source lang=cli> | 
| hostname RTA | hostname RTA | ||
| ! | ! | ||
| Line 87: | Line 129: | ||
| interface e1 | interface e1 | ||
|   ip policy route-map ISP2 |   ip policy route-map ISP2 | ||
| − | </ | + | </source> | 
| [[Image:PBR1.png|500px|none|thumb|Policy Based Routing example]] | [[Image:PBR1.png|500px|none|thumb|Policy Based Routing example]] | ||
| + | = Seed metric = | ||
| + | {| | ||
| + | |[[Image:Seed metric1.gif|600px|thumb|Default Seed Metric]] | ||
| + | |- | ||
| + | |[[Image:Seed metric2.gif|600px|thumb|Default Seed Metric example (RIP=infinity default)]] | ||
| + | |- | ||
| + | |[[Image:Seed metric3.gif|600px|thumb|Administrative distance]] | ||
| + | |- | ||
| + | |} | ||
| + | {{source cli}} | ||
| [[Category:Cisco]][[Category:CCNP1]][[Category:CCNP]][[Category:IOS]][[Category:Network]] | [[Category:Cisco]][[Category:CCNP1]][[Category:CCNP]][[Category:IOS]][[Category:Network]] | ||
Latest revision as of 14:29, 16 August 2022
Contents
redistribution cavets
Routing loops
redistribute RIP into OSPF example
Consider the network below and follow the red update path.
- Router A updates router B with RIP. Router B now learne the network 80.0.0.0/16. 
- Please note that the administrative distance for RIP is 120.
 
- Router B now redistributes 80.0.0.0/16 into OSPF.
- Note that OSPF has an administrative distance of 110.
 
- Router B updates router C as an external OSPF route administrative distance 110
- Router C updates router D as an external OSPF route administrative distance 110
- Router D updates router E as an external OSPF route administrative distance 110
- Router E now has two router to 80.0.0.0/16
- Via RIP directly to Router A (Preferred route)
- Via OSPF to router D - Path D->C->B->A.
 
- Router E sends traffic to 80.0.0.0/16 to router D because OSPF(110) administrative distance is better than RIP's(120).
Avoiding Routing loop
redistribute RIP into EIGRP example
With EIGRP we avoid the routing loop seen from OSPF above. EIGRP has two different administrative distances. 
One for internal routes 90 and one for externally learned routes 170.
 
Consider the network below and follow the red update path. 
- Router A updates router B with RIP. Router B now learne the network 80.0.0.0/16. 
- Please note that the administrative distance for RIP is 120.
 
- Router B now redistributes 80.0.0.0/16 into EIGRP.
- EIGRP has an internal route administrative distance of 90. and
- EIGRP has an external route administrative distance of 170.
 
- Router B updates router C as an external EIGRP route administrative distance 170
- Router C updates router D as an external EIGRP route administrative distance 170
- Router D updates router E as an external EIGRP route administrative distance 170
- Router E now has two router to 80.0.0.0/16
- Via RIP directly to Router A (Preferred route)
- Via EIGRP to router D - Path D->C->B->A.
 
- Router E sends traffic to 80.0.0.0/16 to router A because RIP(120) administrative distance is better than EIGRP external(170).
Distribute lists
You can filter updates with distribute lists. The exampe below shows filtering of incoming updates. You can also filter outgoing updates.
hostname B
!
router rip
 version 2
 distribute-list 23 in
!
access-list 23 deny 90.0.0.0 0.0.255.255
access-list 23 permit anyRouter B Configuration of distribute list
hostname E
!
router rip
 version 2
 distribute-list 3 in
!
access-list 3 deny 80.0.0.0 0.0.255.255
access-list 3 permit anyRouter E Configuration of distribute list
prefix lists
Routes in routetable
| Nr. | Network | 
|---|---|
| 1 | 10.0.0.0/8 | 
| 2 | 10.128.0.0/9 | 
| 3 | 10.1.1.0/24 | 
| 4 | 10.1.2.0/24 | 
| 5 | 10.128.10.4/30 | 
| 6 | 10.128.10.8/30 | 
| Prefix list | Matches in previos table | 
|---|---|
| 10.0.0.0/8 | 1 | 
| 10.128.0.0/9 | 2 | 
| 10.0.0.0/8 ge 9 | 2,3,4,5,6 | 
| 10.0.0.0/8 ge 24 le 24 | 3,4 | 
| 10.0.0.0/8 le 24 | 1,2,3,4 | 
| 0.0.0.0/0 | None | 
| 0.0.0.0/0 le 32 | All | 
Example
Prefix-lists are numbered. In this example "secret net" are not announced.
- Note: As with access-lists there are an implicit deny in the end.
ip prefix-list SECRET-NET seq 10 deny 172.16.0.0/16
ip prefix-list SECRET-NET seq 20 deny 192.168.22.0/24
ip prefix-list SECRET-NET seq 30 permit 0.0.0.0/0 le 32 !Permit all other nets
!
router bgp 100
  neighbor 10.1.2.3 remote-as 200
  neighbor 10.1.2.3 prefix-list SECRET-NET outPBR: Policy Based Routing
PBR or Policy Based Routing gives more control and more options than distribute lists - see above. PBR introduces the set command which set the interface or next-hop address to which the packet should be sent. To select which packets should go where you can use the match command and match the based on for example source or destination addresses.
In the picture below the traffic from 192.168.1.0/24 on E0 interface must route to ISP1 and traffic from 172.16.1.0/24 on E1 must route to ISP1.
hostname RTA
!
access-list 37 permit 192.168.1.0 0.0.0.255
access-list 48 permit 172.16.1.0 0.0.0.255
!
route-map ISP1 permit 10
 match ip address 37
 set interface s0
!
route-map ISP2 permit 20
 match ip address 48
 set interface s1
!
interface e0
 ip policy route-map ISP1
!
interface e1
 ip policy route-map ISP2





