I’ve been doing quite a few practice labs as preparation for my CCIE lab and its becoming apparent I need a strategy for tackling complex IGP redistribution. The study material I use is a big fan of using access-lists to redistribute specific prefixes into specific IGPs. I’m not crazy about that since it takes a considerable amount of time. I’ve also used the tag method where as you tag prefixes per originating IGP and the prohibit those tags from being redistributed back into the same IGP. This method seems to work well and I use it as my ‘go to’ method for IGP redistribution. It typically looks something like this…
route-map ospf->eigrp deny 10
match tag 90
route-map ospf->eigrp permit 20
set tag 110
route-map eigrp->ospf deny 10
match tag 110
route-map eigrp->ospf permit 20
set tag 90
In the example above you deny the redistribution of a route tagged 90 (EIGRP) back into EIGRP. The second sequence tags any other route as being from the redistributed source IGP (OSPF).
However, in the lab today, this strategy failed me since the tags were changing as the prefixes were redistributed from the original IGP, to the next IGP, and then back into the same IGP. The second IGP was tagging the prefixes as their own which allowed them to come back into the originating IGP.
So I spent a couple of hours struggling. Again, the study material I use suggests all sort of admin distance tricks with ACLs to allow/prevent certain prefixes from being redistributed. I tend to only use the distance command on a IGP when I need to prefer a certain path or to ensure that the internal path is preferred over an external path if the IGP is multi-homed.
So I was sort of stumped. The crux of my issue was the route tags changing as they were passed through other IGPs. So I tried adding another permit statement that just matches all of the tags after the initial deny sequence. So my route-maps turned into this…
route-map ospf->eigrp deny 10
match tag 90
route-map ospf->eigrp permit 15
match tag 90,110,120
route-map ospf->eigrp permit 20
set tag 110
route-map eigrp->ospf deny 10
match tag 110
route-map eigrp->ospf permit 15
match tag 90,110,120
route-map eigrp->ospf permit 20
set tag 90
In this case, the IGPs used in the lab were RIP (120), OSPF, (110), and EIGRP (90). To be honest, the lab was much more complex with multiple split EIGRP autonomous systems but I’m trying to simplify this for sake of argument.
So all I ended up doing was adding a permit 15 sequence that matches all of the possible route-tags. I match all for simplicity sake since the real issue issue of denying the prefix from coming back in has already been taken care of in sequence 10.
Basically, this allows all the other tags to pass through, and only to tag prefixes that don’t have a tag with the originati ng AS tag.
The solution seems to work, but Im trying to sort out if by doing this I introduce any gaps in the redistribution.
What do you guys think? Maybe Im tackling this the wrong way too but Im trying to come up with a solution for redistribution that I can use in multiple scenarios.
I appreciate any feedback any of you have!
Have a look at the 2x Groupstudy links on advanced redistribution techniques. Hopefully, they should help.
http://www.groupstudy.com/archives/ccielab/200406/msg00335.html
http://www.groupstudy.com/archives/ccielab/200406/msg00544.html
And another useful link for you;
http://sesano.wordpress.com/2008/07/22/important-notes-on-redistribution/
Hi Jon,
Here is a post I did on route redistribution way back:
http://lostintransit.se/2012/01/30/route-redistribution-filtering-and-mitigating-loops/
One of the not so well known options is to go to the protocol that routes are supposed to be coming in to and configure what is allowed to go out from another protocol via the distribute-list command. I think it’s a pretty neat way of doing things.
If you wanna allow the following blog of mine, that would be great. It shows a very concrete and step by step approach to redistribution:
http://blogbt.net/index.php/2014/03/igp-redistribution-step-step/