Saturday, November 22, 2008

Route Redistribution - Tagging like an Expert

The inspiration for this post comes directly from IPexpert's wonderfully insane Volume 1 Section 12 Lab. THIS LAB IS INSANE. Not too bad really, but see for yourself :)

Here is the topology:

All I am going to do in this post is explain how I go about "prepping" for redistribution. These are just a random set of miscellaneous notes, in no particular order. I will number them just for identification purposes :)

Also, remember you can do ALL of this in a notepad file before you configure the routers. I try to do it like that, that way my head is truly "around" the whole scenario. Of course, there is some tweaking that will always need to be done once you do get down to business.


First thing I like to do is think about tagging a routing domain. Remember we always drop the tag coming in so if you like to use the AD for a tag, be careful if you have multiple domains with the same protocol.

For example, if you set a tag of 110 on R4 and R7 for OSPF routes going into EIGRP. If you deny this tag from EIGRP into OSPF, you prevent R7 and R4 from learning about each other's OSPF networks. In this lab I used 110 for the R2/R4 process. And I used 115 for the R5/R6/R7 process.

Here are the tags I assigned, these were applied at the END of every redistribution route-map.

RIP = 110
OSPF AREA 0 = 110
BGP = 256
OSPF AREA 567 = 567
EIGRP 7800 = 7800
EIGRP 12348 = 12348

On R4, I might have something like this:

route-map ospf2eigrp permit 50
set tag 110


Another thing to remember is when to deny the tag. I only deny the tag when it's entering that protocol from which it came. Unless, of course, I am specifically asked to block routes from entering a certain domain.

Example Rip routes are tagged with 120 going into OSPF (or community 120 in BGP). The only place I deny 120 from entering a routing domain is on R2 from OSPF to RIP, or BGP to RIP (matching community value, not tag).

So building on the above route-map I would have this now:

route-map ospf2eigrp deny 10
match tag 12348
route-map ospf2eigrp permit 50
set tag 110

Everything else is allowed.


Another thing to remember is to allow the tags to "pass through" each domain. In the above route-map, R4 removes any tags that R2 may have placed on RIP routes from R1. This prevents us from identifying and blocking the re-entry RIP routes in BGP on R2!

So on R4 we could do this:

route-map ospf2eigrp deny 10
match tag 12348
route-map ospf2eigrp permit 20
match tag 120
route-map ospf2eigrp permit 30
match tag 567
route-map ospf2eigrp permit 40
match tag 7800
route-map ospf2eigrp permit 45
match tag 115
route-map ospf2eigrp permit 50
set tag 110

Here I have "pre-identified" or "pre-classified" all the tags I want pass-through. This way we can identify the originating protocol of every route in the EIGRP 12348 domain.


Another note to remember is that BGP does not use tags, but it does community values to identify routes. So on R2, R5, and R6 we will need to "convert" the tag to community value. And when we redistribute the other way, we need to make a community-list to match and drop that route.

For example on R2 we set the community of OSPF routes into BGP as follows:

route-map ospf2bgp permit 50
set community 110

On R5 and R6 this community is converted to a tag as follows:

ip community-list 1 permit 110

route-map bgp2ospf permit 20
match community 1
set tag 110

Now as long as we allow this tag to pass through on R7 and R8, R4 can identify these OSPF routes so it will not redistribute them back into OSPF area 0.


Lastly, we are not concerned with optimal routing here. If you are tasked with making paths optimal, you will have to work with metrics or administrative distances to do so. But that's easy right? :)

1 comment:

  1. can we get gns topology nd config off this friend to learn nd feel it


Note: Only a member of this blog may post a comment.