Saturday, 3 March 2012

IPv4 Redistribution - Implementing Simple Redistribution


Okay, next nugget....
Here is the network map and the goals; (scroll down)











































I have already gone ahead and got the basic networking setup as detailed above, so lets start with

OBJECTIVE 1

Lets get EIGRP up and running, can be sloppy with the network statement on this one, lets just go for a 10.0.0.0/8 statement

R1(config)#router eigrp 100
R1(config-router)#no auto
R1(config-router)#network 10.0.0.0





Lets jump over to our the big boy (aka Redistribution Router) R2 and get EIGRP up and running on him, now we have to be careful with the network statement on this link, as the OSPF network will also be on the 10 subnet, so lets narrow the advertisement down to the link (10.1.12.0 whatever)


R2-ReDIS(config)#router eigrp 100
R2-ReDIS(config)#no auto
R2-ReDIS(config)#network 10.1.12.0 0.0.0.255


*Mar  1 00:12:57.551: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 10.1.12.1 (Serial0/0) is up: new adjacency
*Mar  1 00:12:57.711: %SYS-5-CONFIG_I: Configured from console by console
R2-ReDIS#show ip eigrp ne


IP-EIGRP neighbors for process 100
H   Address                 Interface       Hold Uptime   SRTT   RTO  Q  Seq
                                            (sec)         (ms)       Cnt Num
0   10.1.12.1               Se0/0             12 00:00:07   16   200  0  3


Okay, were dancing and playing nicely :0)

Lets get OSPF up and running on that WAN link with R3 only;

R2-ReDIS(config)#router ospf 1
R2-ReDIS(config-router)#network 10.1.23.0 0.0.0.255 area 0








lets go do R3 (dont have to be specific with the network statement on this one)



R3(config)#router ospf 1
R3(config-router)#network 10.0.0.0 0.255.255.255 area 0
R3(config-router)#
*Mar  1 00:21:15.363: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.23.2 on Serial0/0 from LOADING to FULL, Loading Done


R3#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
10.1.23.2         0   FULL/  -        00:00:03    10.1.23.2       Serial0/0


SWEET, Now we just need to tidy up the loopback networks (/30 WAN links) as we want them to appear to R2 as /30 and not host addresses (/32);


R2-ReDIS#show ip route | i 10.1.23.3
O       10.1.10.1/32 [110/65] via 10.1.23.3, 00:09:30, Serial0/1
O       10.1.11.1/32 [110/65] via 10.1.23.3, 00:09:30, Serial0/1
O       10.1.8.1/32 [110/65] via 10.1.23.3, 00:09:30, Serial0/1
O       10.1.9.1/32 [110/65] via 10.1.23.3, 00:09:30, Serial0/1
O       10.1.11.5/32 [110/65] via 10.1.23.3, 00:09:30, Serial0/1
O       10.1.11.9/32 [110/65] via 10.1.23.3, 00:09:30, Serial0/1
O       10.1.7.1/32 [110/65] via 10.1.23.3, 00:09:30, Serial0/1





R3(config)#int loop 7
R3(config-if)#ip ospf network point-to-point
R3(config-if)#int loop 8
R3(config-if)#ip ospf network point-to-point
R3(config-if)#int loop 9
R3(config-if)#ip ospf network point-to-point
R3(config-if)#int loop 10
R3(config-if)#ip ospf network point-to-point
R3(config-if)#int loop 11
R3(config-if)#ip ospf network point-to-point
R3(config-if)#int loop 12
R3(config-if)#ip ospf network point-to-point
R3(config-if)#int loop 13
R3(config-if)#ip ospf network point-to-point


Lets check now back on R2;

R2-ReDIS#show ip route | i 10.1.23.3
O       10.1.11.0/30 [110/65] via 10.1.23.3, 00:00:25, Serial0/1
O       10.1.10.0/24 [110/65] via 10.1.23.3, 00:00:25, Serial0/1
O       10.1.9.0/24 [110/65] via 10.1.23.3, 00:00:25, Serial0/1
O       10.1.8.0/24 [110/65] via 10.1.23.3, 00:00:25, Serial0/1
O       10.1.11.4/30 [110/65] via 10.1.23.3, 00:00:25, Serial0/1
O       10.1.11.8/30 [110/65] via 10.1.23.3, 00:00:25, Serial0/1
O       10.1.7.0/24 [110/65] via 10.1.23.3, 00:00:25, Serial0/1


Okay, thats objective 1 down, lets get some redistribution working;

OBJECTIVE 2



So Seed metric, what is it, well ....

It means, what metric do we start with... as the problem we have with redistribution is loosing the metric, both EIGRP and OSPF have totally different metrics to begin with

OSPF = Cost
EIGRP = Composite of bandwidth and delay


SO we need to specify what metric these router have when they come over, EIGRP networks when distributed have an infinite metric by default when you dont specify anything.  So OSPF will never see these routes as they are seen as "unreachable"

OSPF networks have a default metric of 20 when distributed, BGP is whatever it wos when you redistributed from the internal network, RIP is the same as EIGRP its infinite.


NOW, lets start with getting them EIGRP routes into OSPF, for this we have to go under the OSPF process;

R2-ReDIS(config)#router ospf 1
R2-ReDIS(config-router)#redistribute eigrp 100 ?
  metric       Metric for redistributed routes
  metric-type  OSPF/IS-IS exterior metric type for redistributed routes
  route-map    Route map reference
  subnets      Consider subnets for redistribution into OSPF
  tag          Set tag for routes redistributed into OSPF
  <cr>


Now by default, when we do redistribution it will try and summarise the networks (which if you recall from our instructions we are not allowed to do and in the real world, not very handy!)
SO we can use the "subnets" commands to keep their subnet class, rather than be summarised back to their orginal classful networks


If i miss off the subnet command (becuase, we are in a lab here people!)


R2-ReDIS(config-router)#redistribute eigrp 100
% Only classful networks will be redistributed


It does prompt you to this fact!

R2-ReDIS(config-router)#redistribute eigrp 100 subnets
Lets go check out R3 (i will filter on the neighbour IP, so we can see routes more clearly)

R3#show ip route | i 10.1.23.2
O E2    10.1.12.0/24 [110/20] via 10.1.23.2, 00:00:28, Serial0/0
O E2    10.1.3.0/24 [110/20] via 10.1.23.2, 00:00:28, Serial0/0
O E2    10.1.2.0/24 [110/20] via 10.1.23.2, 00:00:28, Serial0/0
O E2    10.1.1.0/24 [110/20] via 10.1.23.2, 00:00:28, Serial0/0
O E2    10.1.0.0/24 [110/20] via 10.1.23.2, 00:00:28, Serial0/0
O E2    10.1.6.0/24 [110/20] via 10.1.23.2, 00:00:28, Serial0/0
O E2    10.1.5.0/24 [110/20] via 10.1.23.2, 00:00:28, Serial0/0
O E2    10.1.4.0/24 [110/20] via 10.1.23.2, 00:00:28, Serial0/0

There they are! and notice the E2 code along with the METRIC.....20!!!! ....

R3#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2

By default the routes come thru as E2 routes "E2 - OSPF external type 2"
E1 = These incriment their metric
E2 = these do not
incriment as they go through the network

NOTE:
If we want to change this can do, via;

R2-ReDIS(config-router)#redistribute eigrp 100 subnets metric-type ?
  1  Set OSPF External Type 1 metrics
  2  Set OSPF External Type 2 metrics 
<- - DEFAULT (wont show under OSPF, its default)

Well on our objective, we are told NOT to let the routes metric incriment as they progate the network, so we will leave it, BUT just for fun, lets check it out:

 R2-ReDIS(config-router)#redistribute eigrp 100 subnets metric 105

Back at R3;

R3#show ip route | i 10.1.23.2
O E2    10.1.12.0/24 [110/105] via 10.1.23.2, 00:00:25, Serial0/0
O E2    10.1.3.0/24 [110/105] via 10.1.23.2, 00:00:25, Serial0/0
O E2    10.1.2.0/24 [110/105] via 10.1.23.2, 00:00:25, Serial0/0
O E2    10.1.1.0/24 [110/105] via 10.1.23.2, 00:00:25, Serial0/0
O E2    10.1.0.0/24 [110/105] via 10.1.23.2, 00:00:25, Serial0/0
O E2    10.1.6.0/24 [110/105] via 10.1.23.2, 00:00:25, Serial0/0
O E2    10.1.5.0/24 [110/105] via 10.1.23.2, 00:00:25, Serial0/0
O E2    10.1.4.0/24 [110/105] via 10.1.23.2, 00:00:25, Serial0/0

KOOOL, SO KOOOL, right will just undo that becuase im sticking to the lab lol ... but kool though!
RIGHT, lets get OSPF redistributed into EIGRP, so lets go under the EIGRP process as that is what we want to redistribute into;

R2-ReDIS(config)#router eigrp 100R2-ReDIS(config-router)#redistribute ospf 1 ?
  match      Redistribution of OSPF routes
  metric     Metric for redistributed routes
  route-map  Route map reference
  vrf        VPN Routing/Forwarding Instance


Not as many options, they are pretty self explantory, lets run with what we have;

R2-ReDIS(config-router)#redistribute ospf 1

  
lets jump over to R1 and check whats happening;

R1#show ip route

     10.0.0.0/24 is subnetted, 8 subnets
C       10.1.12.0 is directly connected, Serial0/0
C       10.1.3.0 is directly connected, Loopback3
C       10.1.2.0 is directly connected, Loopback2
C       10.1.1.0 is directly connected, Loopback1
C       10.1.0.0 is directly connected, Loopback0
C       10.1.6.0 is directly connected, Loopback6
C       10.1.5.0 is directly connected, Loopback5
C       10.1.4.0 is directly connected, Loopback4

They are not there.......WHY?!!??
Recall what i said earlier, these routes are being redistributed with an infinite metric ... so the routes are not valid, hence not in routing table

We need to tell it a metric;

The question in this lab does not state what metric we have to use, so lets just go with 100 for each metric (bandwidth, delay ....);
R2-ReDIS(config-router)#redistribute ospf 1 metric 100 100 100 100 100

 Lets go check it out:

R1#show ip route | i 10.1.12.2
D EX    10.1.11.0/30 [170/26137600] via 10.1.12.2, 00:01:06, Serial0/0
D EX    10.1.10.0/24 [170/26137600] via 10.1.12.2, 00:01:06, Serial0/0
D EX    10.1.9.0/24 [170/26137600] via 10.1.12.2, 00:01:06, Serial0/0
D EX    10.1.8.0/24 [170/26137600] via 10.1.12.2, 00:01:06, Serial0/0
D EX    10.1.11.4/30 [170/26137600] via 10.1.12.2, 00:01:05, Serial0/0
D EX    10.1.11.8/30 [170/26137600] via 10.1.12.2, 00:01:05, Serial0/0
D EX    10.1.7.0/24 [170/26137600] via 10.1.12.2, 00:01:05, Serial0/0
D EX    10.1.23.0/24 [170/26137600] via 10.1.12.2, 00:01:05, Serial0/0
 R1#ping 10.1.10.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/14/36 ms

Sweeeet, so right now that is objectives 1 and 2 complete :0)


OBJECTIVE 3.
Implement distribute-list filtering in such a way that the OSPF domain only sees odd numbered loopback networks coming from R1. Any even numbered subnet (including physical networks) should be hidden from OSPF.


So looking at the diagram again, we are going to need to advertise the follow loopbacks only to OSPF:

10.1.1.0/24
10.1.3.0/24
10.1.5.0/24


BUT hide:

10.1.0.0/24
10.1.2.0/24
10.1.4.0/24
10.1.6.0/24


and including the physically interface;
10.1.12.0/24

A distribution-list is always built from an ACL, it can used to filter incoming or outgoing traffic ....

Lets create an ACL that the distribution-list can use:

R2-ReDIS(config)#ip access-list standard ODD-EIGRP-NETWORKS
R2-ReDIS(config-std-nacl)#permit 10.1.1.0 0.0.0.255
R2-ReDIS(config-std-nacl)#permit 10.1.3.0 0.0.0.255
R2-ReDIS(config-std-nacl)#permit 10.1.5.0 0.0.0.255

Lets apply the ACL, this is done under the OSPF process;

R2-ReDIS(config-std-nacl)#router ospf 1
R2-ReDIS(config-router)#distribute-list ODD-EIGRP-NETWORKS ?
  in   Filter incoming routing updates
  out  Filter outgoing routing updates

So the direction is key, this is done from router2's perspective, so we want to filter the routes we advertise OUT to 


 




Before i do, lets look at R3s routing table:

R3#show ip route

     10.0.0.0/8 is variably subnetted, 16 subnets, 2 masks
C       10.1.11.0/30 is directly connected, Loopback11
C       10.1.10.0/24 is directly connected, Loopback10
C       10.1.9.0/24 is directly connected, Loopback9
C       10.1.8.0/24 is directly connected, Loopback8
C       10.1.11.4/30 is directly connected, Loopback12
O E2    10.1.12.0/24 [110/20] via 10.1.23.2, 00:43:07, Serial0/0
C       10.1.11.8/30 is directly connected, Loopback13
O E2    10.1.3.0/24 [110/20] via 10.1.23.2, 00:43:07, Serial0/0
O E2    10.1.2.0/24 [110/20] via 10.1.23.2, 00:43:09, Serial0/0
O E2    10.1.1.0/24 [110/20] via 10.1.23.2, 00:43:09, Serial0/0
O E2    10.1.0.0/24 [110/20] via 10.1.23.2, 00:43:09, Serial0/0
C       10.1.7.0/24 is directly connected, Loopback7
O E2    10.1.6.0/24 [110/20] via 10.1.23.2, 00:43:09, Serial0/0
O E2    10.1.5.0/24 [110/20] via 10.1.23.2, 00:43:09, Serial0/0
O E2    10.1.4.0/24 [110/20] via 10.1.23.2, 00:43:09, Serial0/0
C       10.1.23.0/24 is directly connected, Serial0/0
 
Lets apply the distribution list

R2-ReDIS(config-router)#distribute-list ODD-EIGRP-NETWORKS out (just as a note, you can go on to further specify an interface ... pretty hardcore)

Lets check that out!!!

R3#show ip route

     10.0.0.0/8 is variably subnetted, 11 subnets, 2 masks
C       10.1.11.0/30 is directly connected, Loopback11
C       10.1.10.0/24 is directly connected, Loopback10
C       10.1.9.0/24 is directly connected, Loopback9
C       10.1.8.0/24 is directly connected, Loopback8
C       10.1.11.4/30 is directly connected, Loopback12
C       10.1.11.8/30 is directly connected, Loopback13
O E2    10.1.3.0/24 [110/20] via 10.1.23.2, 00:44:37, Serial0/0
O E2    10.1.1.0/24 [110/20] via 10.1.23.2, 00:44:37, Serial0/0
C       10.1.7.0/24 is directly connected, Loopback7
O E2    10.1.5.0/24 [110/20] via 10.1.23.2, 00:44:38, Serial0/0
C       10.1.23.0/24 is directly connected, Serial0/0


SWEEEEEET, All good in the hood, lets confirm some facts on R2;

R2-ReDIS#show ip protocols
Routing Protocol is "ospf 1"  Outgoing update filter list for all interfaces is ODD-EIGRP-NETWORKS
  Incoming update filter list for all interfaces is not set
  Router ID 10.1.23.2
  It is an autonomous system boundary router
  Redistributing External Routes from,
    eigrp 100, includes subnets in redistribution
  Number of areas in this router is 1. 1 normal 0 stub 0 nssa
  Maximum path: 4
  Routing for Networks:
    10.1.23.0 0.0.0.255 area 0
 Reference bandwidth unit is 100 mbps
  Routing Information Sources:
    Gateway         Distance      Last Update
    10.1.11.9            110      00:58:28
  Distance: (default is 110)

So we can see above, OSPF is showing the distribution filter applied to the OSPF process, which is filtering the EIGRP routes that are being redistributed into OSPF, OUT to R3 .... KOOOOL!

Sure enough, we have the expected matches on the ACL too;

R2-ReDIS#show access-list ODD-EIGRP-NETWORKS
Standard IP access list ODD-EIGRP-NETWORKS
    10 permit 10.1.1.0, wildcard bits 0.0.0.255 (1 match)
    20 permit 10.1.3.0, wildcard bits 0.0.0.255 (1 match)
    30 permit 10.1.5.0, wildcard bits 0.0.0.255 (1 match)

Man, that is kool stuff, that folks in objective 3 complete.


OBJECTIVE 4
Implement route-map filtering in such a way that the EIGRP domain does not see routes with a more specific subnet mask than /24.

SO we could just accomplish this with an ACL and specify the /24 routes only are permitted, but thats boring, we are going to check out prefix-lists!

So prefix lists are here to help us get very specific with subnetmasks with route filtering and BGP, however we can also apply to other things like route redistribution

So prefix lists work by giving the prefix-list a name, they i would like to permit/deny the general network and mask, then we allow the specific mask;






R2-ReDIS(config)#ip prefix-list /24-MASK permit ?
  A.B.C.D  IP prefix <network>/<length>, e.g., 35.0.0.0/8






So it then asks us for the general network in CIDR notation, well we want to allow all 10. networks, so this will be 10.0.0.0 /8, think of this first statment as the classful part







R2-ReDIS(config)#ip prefix-list /24-MASK permit 10.0.0.0/8


SO if i was to press enter now, it would only allow JUST that mask 10.0.0.0/8, so we would be denying pretty much everything, including the WAN links ...not good


R2-ReDIS(config)#ip prefix-list /24-MASK permit 10.0.0.0/8 le 24


So the above command (in the example that say a route of 10.1.7.0/24 comes into the router2, the router will check the prefix-list and check that it belongs to the 10.0.0.0/8, which it does.
Next it will see if it is LESS than or equal to /24, in this case, yes it is equal to /24,
The router PERMITs the route to pass over to the other side.

HOWEVER the 10.1.11.8/30 is not LESS than /24, he is GREATER than a /24, so he is denied.


R2-ReDIS(config)#ip prefix-list /24-MASK permit 10.0.0.0/8 le 24
So its kinda a range really, from the 10.0.0.0/8 ------> le or ge /24

Soooo you can do this;R2-ReDIS(config)#ip prefix-list /24-MASK permit 10.0.0.0/8 ge /16 le /24
how kool is that, so we can really point down what subnets between a range!



SO now we can create a route map which can use the prefix-list (route maps just use other lists), as the route-map is pretty much if and then statements, but they are called match and set, your'll see:


R2-ReDIS(config)#route-map FILTER_OSPF_TO_EIGRP
R2-ReDIS(config-route-map)#match ip address prefix-list /24-MASK


R2-ReDIS#show route-map FILTER_OSPF_TO_EIGRP
route-map FILTER_OSPF_TO_EIGRP, permit, sequence 10
  Match clauses:
    ip address prefix-lists: /24-MASK
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes



So the route-map is permitting (thats the default) anything that matches the prefix-list

NOW the kool part, we need to go under the EIGRP process and apply it to the re-distribution!
But first, lets just check the routes that R1 can see now;




R1#show ip route

     10.0.0.0/8 is variably subnetted, 16 subnets, 2 masks
D EX    10.1.11.0/30 [170/26137600] via 10.1.12.2, 01:14:40, Serial0/0
D EX    10.1.10.0/24 [170/26137600] via 10.1.12.2, 01:14:40, Serial0/0
D EX    10.1.9.0/24 [170/26137600] via 10.1.12.2, 01:14:40, Serial0/0
D EX    10.1.8.0/24 [170/26137600] via 10.1.12.2, 01:14:40, Serial0/0
D EX    10.1.11.4/30 [170/26137600] via 10.1.12.2, 01:14:40, Serial0/0
C       10.1.12.0/24 is directly connected, Serial0/0
D EX    10.1.11.8/30 [170/26137600] via 10.1.12.2, 01:14:41, Serial0/0
C       10.1.3.0/24 is directly connected, Loopback3
C       10.1.2.0/24 is directly connected, Loopback2
C       10.1.1.0/24 is directly connected, Loopback1
C       10.1.0.0/24 is directly connected, Loopback0
D EX    10.1.7.0/24 [170/26137600] via 10.1.12.2, 01:14:41, Serial0/0
C       10.1.6.0/24 is directly connected, Loopback6
C       10.1.5.0/24 is directly connected, Loopback5
C       10.1.4.0/24 is directly connected, Loopback4
D EX    10.1.23.0/24 [170/26137600] via 10.1.12.2, 01:14:41, Serial0/0



lets apply the route-map to the redistribution of OSPF under EIGRP;

R2-ReDIS(config-router)#redistribute ospf 1 metric 100 100 100 100 100 route-map FILTER_OSPF_TO_EIGRP


lets check it out on R1;

R1#show ip route

     10.0.0.0/24 is subnetted, 13 subnets
D EX    10.1.10.0 [170/26137600] via 10.1.12.2, 01:17:54, Serial0/0
D EX    10.1.9.0 [170/26137600] via 10.1.12.2, 01:17:54, Serial0/0
D EX    10.1.8.0 [170/26137600] via 10.1.12.2, 01:17:54, Serial0/0
C       10.1.12.0 is directly connected, Serial0/0
C       10.1.3.0 is directly connected, Loopback3
C       10.1.2.0 is directly connected, Loopback2
C       10.1.1.0 is directly connected, Loopback1
C       10.1.0.0 is directly connected, Loopback0
D EX    10.1.7.0 [170/26137600] via 10.1.12.2, 01:17:56, Serial0/0
C       10.1.6.0 is directly connected, Loopback6
C       10.1.5.0 is directly connected, Loopback5
C       10.1.4.0 is directly connected, Loopback4
D EX    10.1.23.0 [170/26137600] via 10.1.12.2, 01:18:01, Serial0/0


GONE! /30 routes are gone :0)


R2-ReDIS#show route-map FILTER_OSPF_TO_EIGRP
route-map FILTER_OSPF_TO_EIGRP, permit, sequence 10
  Match clauses:
    ip address prefix-lists: /24-MASK
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes <--WONT SEE MATCHES AS WE ARE NOT DOING POLICY ROUTING ATM


R2-ReDIS#show ip prefix-list /24-MASK
ip prefix-list /24-MASK: 1 entries <---MATCHES
   seq 5 permit 10.0.0.0/8 le 24