Upload
joan-parks
View
224
Download
0
Tags:
Embed Size (px)
Citation preview
222© 2003, Cisco Systems, Inc. All rights reserved.
Route Optimization
You can control when a router exchanges routing updates and what those updates contain.
1. routing update control
2. policy-based routing
3. route redistribution
333© 2003, Cisco Systems, Inc. All rights reserved.
A route optimization example
RTA(config)#router rip
RTA(config-router)#network 10.0.0.0
Send and Receive RIP Updates
444© 2003, Cisco Systems, Inc. All rights reserved.
A route optimization example
RTA(config)#router rip
RTA(config-router)#network 10.0.0.0
Include 10.0.0.0 subnets in updates
10.2.2.0 /2410.3.3.0 /2410.4.4.0 /24
10.1.1.0 /2410.2.2.0 /2410.4.4.0 /24
10.1.1.0 /2410.3.3.0 /2410.4.4.0 /24
555© 2003, Cisco Systems, Inc. All rights reserved.
A route optimization example
RTA(config)#router rip
RTA(config-router)#network 10.0.0.0
Send and Receive RIP Updates
666© 2003, Cisco Systems, Inc. All rights reserved.
Passive Interfaces
RTA(config)#router rip
RTA(config-router)#network 10.0.0.0
RTA(config-router)#passive-interface e0
Passive Interfaces receive, but don’t send updates
777© 2003, Cisco Systems, Inc. All rights reserved.
Passive Interfaces and DDR
• You can use the passive-interface command on WAN interfaces to prevent routers from sending updates to link partners.
• There may be several reasons to squelch updates on the WAN.
– If connected by a dial-on-demand ISDN link regular RIP updates will keep the link up constantly, and increase the bill from the provider.
888© 2003, Cisco Systems, Inc. All rights reserved.
Passive Interfaces and DDR
RTA(config)#router rip
RTA(config-router)#network 10.0.0.0
RTA(config-router)#passive-interface bri0
RTA(config-router)#redistribute static
RTA(config-router)#exit
RTA(config)#ip route 172.16.1.0 255.255.255.0 bri0
...
RTX(config)#ip route 0.0.0.0 0.0.0.0 Bri0
999© 2003, Cisco Systems, Inc. All rights reserved.
Passive Interfaces
The ‘passive-interface’ command works differently with the different IP routing protocols that support it.
– OSPF: the network address of the passive interface appears as a stub network in the OSPF domain. OSPF routing information is neither sent nor received via a passive interface.
– EIGRP: the router stops sending hello packets on passive interfaces. When this happens, the EIGRP router can’t form neighbor adjacencies on the interface or send and receive routing updates.
101010© 2003, Cisco Systems, Inc. All rights reserved.
Route Filters
• Configuring an interface as passive prevents it from sending updates entirely, but there are times when you need to suppress only certain routes in the update from being sent or received.
1. Use the ‘distribute-list’ command
2. Use route-maps
111111© 2003, Cisco Systems, Inc. All rights reserved.
Route Filters
By referencing an access-list, the ‘distribute-list’ creates a route filter -- a set of rules that precisely controls what routes a router will send or receive in a routing update.
121212© 2003, Cisco Systems, Inc. All rights reserved.
Route Filters
Route filters may be needed to enforce a routing policy that’s based on some external factor such as:– link expense
– administrative jurisdiction
– security concerns
– overhead reduction—prevents access routers from receiving the complete (and possibly immense) core routing table
141414© 2003, Cisco Systems, Inc. All rights reserved.
Route Filters
When applied to inbound updates, the syntax for configuring a route filter is as follows:
Router(config-router)#distribute-list access-list-number in [interface-name]
151515© 2003, Cisco Systems, Inc. All rights reserved.
Route Filters
When applied to outbound updates, the syntax can be more complicated:
Router(config-router)#distribute-list access-list-number out [interface-name | routing-process | as-number]
161616© 2003, Cisco Systems, Inc. All rights reserved.
Outbound Route Filters (global)
RTA(config)#router rip
RTA(config-router)#network 10.0.0.0
RTA(config-router)#distribute-list 24 out
RTA(config-router)#exit
RTA(config)#access-list 24 deny 10.1.1.0 0.0.0.255
RTA(config)#access-list 24 permit any
By not specifying an interfacethe distribute list is appliedto all interfaces that wouldsend a routing update.
171717© 2003, Cisco Systems, Inc. All rights reserved.
Outbound Route Filters (interface)
RTA(config)#router rip
RTA(config-router)#network 10.0.0.0
RTA(config-router)#distribute-list 24 out interface s2
RTA(config-router)#exit
RTA(config)#access-list 24 deny 10.1.1.0 0.0.0.255
RTA(config)#access-list 24 permit any
This time, since an interface wasspecified, the distribute list only applies to routing updates thatwould exit that interface.
181818© 2003, Cisco Systems, Inc. All rights reserved.
Inbound Route Filters (global)
RTZ(config)#router rip
RTZ(config-router)#network 10.0.0.0
RTZ(config-router)#distribute-list 16 in
RTZ(config-router)#exit
RTZ(config)#access-list 16 deny 10.1.1.0 0.0.0.255
RTZ(config)#access-list 16 permit any
This example is from RTZ’sperspective.
That is why the distribute listis being applied inbound.
191919© 2003, Cisco Systems, Inc. All rights reserved.
Inbound Route Filters (interface)
S0
RTZ(config)#router rip
RTZ(config-router)#network 10.0.0.0
RTZ(config-router)#distribute-list 16 in interface s0
RTZ(config-router)#exit
RTZ(config)#access-list 16 deny 10.1.1.0 0.0.0.255
RTZ(config)#access-list 16 permit any
This example is also from RTZ’sperspective.
That is why the distribute listis being applied inbound.
202020© 2003, Cisco Systems, Inc. All rights reserved.
Route Filters
For each routing protocol, you can have an inbound and outbound global and interface route filter:
RTZ(config)#router rip
RTZ(config-router)#distribute-list 1 in
RTZ(config-router)#distribute-list 2 out
RTZ(config-router)#distribute-list 3 in e0
RTZ(config-router)#distribute-list 4 out e0
212121© 2003, Cisco Systems, Inc. All rights reserved.
Route Filters
Use show ip protocols to display route filters:
RTZ#show ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds, next due in 25 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Outgoing update filter list for all interfaces is 2
Ethernet0 filtered by 4
Incoming update filter list for all interfaces is 1
Ethernet0 filtered by 3
222222© 2003, Cisco Systems, Inc. All rights reserved.
“Passive” EIGRP interfaces
• A passive interface can’t send EIGRP hellos, which thus prevents adjacency relationships with link partners.
• An administrator can create a “psuedo” passive EIGRP interface by using a route filter that suppresses all routes from the EIGRP routing update.
232323© 2003, Cisco Systems, Inc. All rights reserved.
“Passive” EIGRP interfaces
RTA(config)#router eigrp 364
RTA(config-router)#network 10.0.0.0
RTA(config-router)#distribute-list 5 out interface s0
RTA(config-router)#exit
RTA(config)#access-list 5 deny any
Denies all routing updates
242424© 2003, Cisco Systems, Inc. All rights reserved.
Administrative Distance
• A routing protocol’s administrative distance rates its trustworthiness as a source of routing information. – Administrative distance is an integer from 0 to 255. The
lowest administrative distance has the highest trust rating.
– An administrative distance of 255 means the routing information source cannot be trusted at all and should be ignored.
– An administrative distance of zero is reserved for connected interfaces, and will always be preferred.
252525© 2003, Cisco Systems, Inc. All rights reserved.
Administrative Distance
• Specifying administrative distance values enables the Cisco IOS software to discriminate between sources of routing information.
• The software always picks the route whose routing protocol has the lowest administrative distance.
• Although we can’t easily compare apples with oranges, we can, for example, instruct the router to always choose oranges over apples.
272727© 2003, Cisco Systems, Inc. All rights reserved.
Administrative Distance
• When using multiple IP routing protocols on a router, the default distances almost always suffice.
• However, some circumstances call for changing the administrative distance values on a router.
282828© 2003, Cisco Systems, Inc. All rights reserved.
Changing Administrative Distance
• If, for example, a router is running both IGRP and OSPF, it may receive routes to the same network from both protocols. The default administrative distances favor IGRP routes over OSPF routes:
I 10.0.0.0 [100/10576] via 192.168.0.1, Serial0
0 10.0.0.0 [110/192] via 172.17.0.1, Serial1
292929© 2003, Cisco Systems, Inc. All rights reserved.
Changing Administrative Distance
• But since IGRP doesn’t support CIDR, you may want the router to use the OSPF route instead. In this case, you can configure the local router to apply a custom administrative distance to all OSPF routes:
RTZ(config)#router ospf 1
RTZ(config-router)#distance 95
303030© 2003, Cisco Systems, Inc. All rights reserved.
Changing Administrative Distance
• With the ‘distance 95’ command, RTZ compares the IGRP and OSPF routes and comes up with a different result:
I 10.0.0.0 [100/10576] via 192.168.0.1, Serial0
0 10.0.0.0 [ 95/192] via 172.17.0.1, Serial1
313131© 2003, Cisco Systems, Inc. All rights reserved.
Changing Administrative Distance
• You can also apply the ‘distance’ command with optional arguments to make changes to selected routes based on where they originate.
• The expanded syntax of the ‘distance’ command is as follows:
Router(config-router)#distance weight [source-ip-address source-mask (access-list-number | name)]
323232© 2003, Cisco Systems, Inc. All rights reserved.
Changing Administrative Distance
• Using the optional arguments, we can configure a router to apply an administrative distance of 105 to all RIP routes received from 10.4.0.2.
RTZ(config)#router rip
RTZ(config-router)#distance 105 10.4.0.2 255.255.255.0
333333© 2003, Cisco Systems, Inc. All rights reserved.
Changing Administrative Distance
• Or, we can configure a router to apply an administrative distance of 97 to specific RIP routes received from 10.3.0.1.
RTZ(config)#router rip
RTZ(config-router)#distance 97 10.3.0.1 255.255.255.0 2
RTZ(config-router)#exit
RTZ(config)#access-list 2 permit 192.168.3.0 0.0.0.255
343434© 2003, Cisco Systems, Inc. All rights reserved.
Changing Administrative Distance
The result from both previous examples:
RTZ#show ip route
R 192.168.5.0/24 [105/1] via 10.4.0.2, 00:00:02, Serial1
10.0.0.0/16 is subnetted, 5 subnets
R 10.2.0.0 [120/1] via 10.3.0.1, 00:00:02, Serial0
C 10.3.0.0 is directly connected, Serial0
R 10.1.0.0 [120/2] via 10.3.0.1, 00:00:02, Serial0
C 10.4.0.0 is directly connected, Serial1
R 192.168.1.0/24 [120/3] via 10.3.0.1, 00:00:02, Serial0
R 192.168.2.0/24 [120/2] via 10.3.0.1, 00:00:02, Serial0
R 192.168.3.0/24 [97/1] via 10.3.0.1, 00:00:02, Serial0
353535© 2003, Cisco Systems, Inc. All rights reserved.
Policy Routing
• You can use the ‘ip route’ command to dictate which path a router will select to a given destination.
• However, through policy routing, you can manually program a router to choose a route based not only on destination, but on source as well.
363636© 2003, Cisco Systems, Inc. All rights reserved.
Policy Routing
• Human factors such as monetary expense, organizational jurisdiction, or security issues can lead administrators to establish policies, or rules that routed traffic should follow.
• Left to their default behavior, routing protocols may arrive at path decisions that conflict with these policies.
373737© 2003, Cisco Systems, Inc. All rights reserved.
Policy Routing
• Administrators use policy routing to override dynamic routing and take precise control of how their routers handle certain traffic.
• Although policy routing can be used to control traffic within an AS, it is typically used to control routing between autonomous systems (ASs).
• Policy routing is used extensively with exterior gateway protocols (EGPs), such as BGP.
383838© 2003, Cisco Systems, Inc. All rights reserved.
Policy Routing – Route Maps
The ‘route-map’ command is used to configure policy routing, which is often a complicated task.
A route map is defined using the following syntax:
Router(config)# route-map map-tag [permit | deny] [sequence-number]
Router(config-map-route)#
393939© 2003, Cisco Systems, Inc. All rights reserved.
Policy Routing – Route Maps
You can use the optional sequence-number to indicate the position a new route map is to have in the list of route maps already configured with the same name.
If you do not specify a sequence number, the first route map condition will be automatically numbered as 10.
404040© 2003, Cisco Systems, Inc. All rights reserved.
Policy Routing
Once you have entered the route-map command, you can enter ‘set’ and ‘match’ commands in the route-map configuration mode. – Each route-map command has a list of match and set
commands associated with it.
– The match commands specify the match criteria—the conditions that should be tested to determine whether or not to take action.
– The set commands specify the set actions—the actions to perform if the match criteria are met.
424242© 2003, Cisco Systems, Inc. All rights reserved.
Policy Routing Example
Assume for this example that the policy we want to enforce is this:
Internet-bound traffic from 192.168.1.0 /24 is to be routed to ISP1, and Internet-bound traffic from 172.16.1.0 /24 is to be routed to ISP2.
444444© 2003, Cisco Systems, Inc. All rights reserved.
Policy Routing Example
RTA(config)#access-list 1 permit 192.168.1.0 0.0.0.255
RTA(config)#access-list 2 permit 172.16.1.0 0.0.0.255
RTA(config)#route-map ISP1 permit 10
RTA(config-route-map)#match ip address 1
RTA(config-route-map)#set interface s0
RTA(config)#route-map ISP2 permit 10
RTA(config-route-map)#match ip address 2
RTA(config-route-map)#set interface s1
454545© 2003, Cisco Systems, Inc. All rights reserved.
Policy Routing Example
• We have actually configured two policies with these commands:– The ISP1 route map will match access-list 1, and route
traffic out S0 toward ISP1.
– The ISP2 route map will match access-list 2, and route that traffic out S1 toward ISP2.
• The final step is to apply each route map to the appropriate interface on RTA using the ‘ip policy route-map’ command.
464646© 2003, Cisco Systems, Inc. All rights reserved.
Policy Routing Example
RTA(config)#interface e0
RTA(config-if)#ip policy route-map ISP1
RTA(config-if)#interface e1
RTA(config-if)#ip policy route-map ISP2
With the route maps applied to the appropriate LAN interfaces, we have successfully implemented policy routing.
474747© 2003, Cisco Systems, Inc. All rights reserved.
Policy Routing Example
Assume for this example that our policy allows for traffic from from 192.168.1.0 /24 to be routed to ISP2, if the link to ISP1 is down.
And, Internet-bound traffic from 172.16.1.0 /24 can be routed via ISP1, if the link to ISP2 is down.
484848© 2003, Cisco Systems, Inc. All rights reserved.
Policy Routing Example
RTA(config)#access-list 1 permit 192.168.1.0 0.0.0.255
RTA(config)#access-list 2 permit 172.16.1.0 0.0.0.255
RTA(config)#route-map ISP1 permit 10
RTA(config-route-map)#match ip address 1
RTA(config-route-map)#set interface s0 s1
RTA(config)#route-map ISP2 permit 10
RTA(config-route-map)#match ip address 2
RTA(config-route-map)#set interface s1 s0
Second interface will be used if first is unavailable
494949© 2003, Cisco Systems, Inc. All rights reserved.
Route Redistribution
• Cisco routers support up to 30 dynamic routing processes.
– A router can run RIP, OSPF, IGRP, IS-IS, EIGRP, IPX RIP, RTMP (AppleTalk), and other protocols simultaneously.
– Most of these routing protocols allow an administrator to configure multiple processes of the same routing algorithm; RIP is a notable exception.
505050© 2003, Cisco Systems, Inc. All rights reserved.
Multiple Routing Protocols
RTA#show running-config
router ospf 24
network 10.2.0.0 0.0.255.255 area 0
!
router ospf 46
network 192.168.2.0 0.0.0.255 area 2
!
router igrp 53
network 172.16.0.0
network 172.17.0.0
!
router igrp 141
network 10.0.0.0
network 192.168.3.0
515151© 2003, Cisco Systems, Inc. All rights reserved.
Route Redistribution
• To support multiple routing protocols within the same internetwork efficiently, routing information must be shared among the different routing protocols.
For example, routes learned from a RIP process may need to be imported into an IGRP process.
525252© 2003, Cisco Systems, Inc. All rights reserved.
Route Redistribution
• The process of exchanging routing information between routing protocols is called route redistribution.
535353© 2003, Cisco Systems, Inc. All rights reserved.
Route Redistribution
• Route redistribution can be one-way (that is, one protocol receives the routes from another) or two-way (that is, both protocols receive routes from each other).
• Routers that perform redistribution are called boundary routers because they border two or more ASs or routing domains.
545454© 2003, Cisco Systems, Inc. All rights reserved.
Route Redistribution
• Why configure redistribution?
1. You want to run IGRP/EIGRP in one or more areas in a mixed vendor environment
2. You want to support legacy UNIX systems that support RIP only, but use a more scalable protocol elsewhere.
3. You need a temporary fix during a prolonged upgrade from older protocols and hardware to newer, more scalable solutions.
565656© 2003, Cisco Systems, Inc. All rights reserved.
Route Redistribution
• Because each routing process places substantial demands on the router’s memory and CPU resources, only boundary routers should run more than one routing process for the same routed protocol, and only when absolutely necessary.
575757© 2003, Cisco Systems, Inc. All rights reserved.
Configuring Redistribution
• In the following example:
RTB will inject routes learned from the RIP domain into the EIGRP domain.
RIP routers will not learn about routes from the EIGRP domain. (one-way route distribution)
RIP routers can use a default route to handle any traffic bound for non-local destinations.
585858© 2003, Cisco Systems, Inc. All rights reserved.
Configuring Redistribution
RTB(config)#router rip
RTB(config-router)#network 172.16.0.0
RTB(config-router)#router eigrp 24
RTB(config-router)#network 172.24.0.0
RTB(config-router)#redistribute rip metric 10000 1 255 1 1500
595959© 2003, Cisco Systems, Inc. All rights reserved.
Configuring Redistribution
The metric argument sets up the values used by EIGRP to translate the metric from RIP’s hop count, to EIGRP’s composite metric.
When used with IGRP/EIGRP, the metric keyword sets the bandwidth value (in kbps), the delay (in tens of microseconds), the reliability (out of 255), the load (out of 255), and finally, the maximum transmission unit (MTU).
606060© 2003, Cisco Systems, Inc. All rights reserved.
Configuring Redistribution
• These five values constitute the seed metric in our example.
• The seed metric is the initial metric value of an imported route.
616161© 2003, Cisco Systems, Inc. All rights reserved.
Configuring Redistribution
• Once imported into the EIGRP AS, a RIP route will begin its life as an EIGRP route with a composite metric derived from these values—regardless of its former RIP metric. – So, using the configuration the previous example, RIP
routes with metrics of 2, 6, and 14 will all be redistributed with the same EIGRP metric value.
– However, as the imported route is propagated to other EIGRP routers, its metric values will increment according the rules of EIGRP.
636363© 2003, Cisco Systems, Inc. All rights reserved.
Configuring Redistribution
RTA’s Routing Table (after redistribution)
C 172.24.0.0/16 is directly connected, Serial0
C 172.25.0.0/16 is directly connected, Serial1
C 172.26.0.0/16 is directly connected, Serial2
C 172.27.0.0/16 is directly connected, Serial3
D 172.28.0.0/16 [90/2681856] via 172.20.0.2, 00:00:02, Serial1
D 172.29.0.0/16 [90/2681856] via 172.21.0.2, 00:00:02, Serial3
D EX 172.17.0.0/16 [170/2195456] via 172.24.0.1, 00:00:02, Serial0
D EX 172.18.0.0/16 [170/2195456] via 172.24.0.1, 00:00:02, Serial0
D EX 172.19.0.0/16 [170/2195456] via 172.24.0.1, 00:00:02, Serial0
D EX 172.20.0.0/16 [170/2195456] via 172.24.0.1, 00:00:02, Serial0
D EX 172.21.0.0/16 [170/2195456] via 172.24.0.1, 00:00:02, Serial0
646464© 2003, Cisco Systems, Inc. All rights reserved.
Configuring Redistribution
RTB’s Routing Table
C 172.16.0.0/16 is directly connected, Serial0
C 172.24.0.0/16 is directly connected, Serial1
R 172.17.0.0/16 [120/1] via 172.16.0.2, 00:00:02, Serial0
R 172.18.0.0/16 [120/1] via 172.16.0.2, 00:00:02, Serial0
R 172.19.0.0/16 [120/1] via 172.16.0.2, 00:00:02, Serial0
R 172.20.0.0/16 [120/2] via 172.16.0.2, 00:00:02, Serial0
R 172.21.0.0/16 [120/2] via 172.16.0.2, 00:00:02, Serial0
D 172.25.0.0/16 [90/2681856] via 172.24.0.2, 00:00:02, Serial1
D 172.26.0.0/16 [90/2681856] via 172.24.0.2, 00:00:02, Serial1
D 172.37.0.0/16 [90/2681856] via 172.24.0.2, 00:00:02, Serial1
D 172.28.0.0/16 [90/3193856] via 172.24.0.2, 00:00:02, Serial1
D 172.29.0.0/16 [90/3193856] via 172.24.0.2, 00:00:02, Serial1
666666© 2003, Cisco Systems, Inc. All rights reserved.
Configuring Redistribution
RTC’s Routing Table (after redistribution)
C 172.16.0.0/16 is directly connected, Serial0
C 172.17.0.0/16 is directly connected, Serial1
C 172.18.0.0/16 is directly connected, Serial2
C 172.19.0.0/16 is directly connected, Serial3
R 172.20.0.0/16 [120/1] via 172.17.0.2, 00:00:02, Serial1
R 172.21.0.0/16 [120/1] via 172.19.0.2, 00:00:02, Serial3
Since the table is not complete, we may need to add a default route:
RTC(config)#ip route 0.0.0.0 0.0.0.0 172.16.0.1
676767© 2003, Cisco Systems, Inc. All rights reserved.
Configuring Redistribution
Two-way redistribution
686868© 2003, Cisco Systems, Inc. All rights reserved.
Configuring Redistribution
RTB(config-router)#router eigrp 24
RTB(config-router)#network 172.24.0.0
RTB(config-router)#redistribute rip metric 10000 1 255 1 1500
RTB(config-router)#router rip
RTB(config-router)#network 172.16.0.0
RTB(config-router)#redistribute eigrp 24 metric 2
696969© 2003, Cisco Systems, Inc. All rights reserved.
Configuring Redistribution
• Notice that the syntax of the metric keyword varies depending on the routing protocol it is used with.
• For RIP, OSPF, and the metric option is followed by a single number that represents the metric value (hop count, cost, etc.).
• For IGRP and EIGRP, the metric option is followed by five values that represent bandwidth, delay, reliability, load and MTU.
707070© 2003, Cisco Systems, Inc. All rights reserved.
OSPF WARNING
• Whenever there is a major net that is subnetted, you need to use the keyword ‘subnets’ to redistribute protocols into OSPF.
• Without this keyword, OSPF only redistributes major nets that aren’t subnetted.
• For example, to inject EIGRP routes, including subnets, into an OSPF area, use the command:
redistribute eigrp 24 metric 100 subnets
717171© 2003, Cisco Systems, Inc. All rights reserved.
A complex example
RTB(config-router)#router eigrp 24
RTB(config-router)#network 172.24.0.0
RTB(config-router)#redistribute rip
RTB(config-router)#redistribute connected
RTB(config-router)#redistribute static
RTB(config-router)#default-metric 10000 100 255 1 1500
RTB(config-router)#router rip
RTB(config-router)#network 172.16.0.0
RTB(config-router)#redistribute eigrp 24
RTB(config-router)#redistribute connected
RTB(config-router)#redistribute static
RTB(config-router)#default-metric 2
727272© 2003, Cisco Systems, Inc. All rights reserved.
Default-metric
• We can simplify our redistribution configuration by using the ‘default-metric’ command instead of including the same seed metric with each redistribute statement.
• Whenever the redistribute command is used and the metric is not specified, the router will use the default metric value as the seed metric.
737373© 2003, Cisco Systems, Inc. All rights reserved.
Redistribution Example
• Phase 1: configuring a RIP network
• Phase 2: adding OSPF to the core of a RIP network
• Phase 3: adding OSPF areas
757575© 2003, Cisco Systems, Inc. All rights reserved.
Phase 2: Adding OSPF to the Core of a RIP Network