CCNP Route Notes Optimizing Routing
There are times when you need to go beyond just turning on a routing protocol in your network. You might need to control exactly which routes are advertised or redistributed, or which paths are chosen. You might also need to use multiple routing protocols. Network performance can suffer when routing is not optimized. Excessive routing updates lead to extra CPU usage because of the amount of routing information and the frequency of updates. Running multiple protocols requires extra router resources and might result in suboptimal paths. Incorrectly configured route filters can lead to routing issues.
Controlling Routing Updates
Cisco IOS provides several ways to control routing updates:
- Route Maps
- Prefix Lists
- Distribute Lists
- Passive Interface
When a route update arrives at a router’s interface, the router checks to see if a route filter is associated with that interface. If not, the update processes normally. If there is a filter, the router checks for an entry matching the update. If there is no matching entry, the update is dropped. If a matching entry exists, the router processes the update based on instructions in the filter.
Route Maps
Route maps are a bit like programs that use an if/then/else decision-making capability. They match traffic against certain conditions and then set specified options for that traffic. Each statement has a sequence number, statements are read from the lowest number to highest, and the router stops reading when it gets a match. The sequence number can be used to insert or delete statements. Like an access list, there is an implicit “deny” at the end of each route map; any traffic not matched with a route map statement is denied. Some uses for route maps include
- Filtering redistributed routes: Use the route-map keyword in the redistribute command.
- Policy-based routing: To specify which traffic should be policy routed, based on very granular controls.
- BGP policy: To control routing updates and to manipulate path attributes.
Route Map Syntax
Route maps are created with the global command:
Router(config)# route-map {tag} permit | deny [ sequence_number]
Each statement in a route map begins this same way, with the same route map name but different sequence numbers, and with match and set conditions below it. Permit means that any traffic matching the match conditions is processed by the route map statement. Deny means that any traffic matching the match conditions is not is processed by the route map statement.
Route Map Match and Set Conditions
Each route map statement can have from none to multiple match and set conditions. If no match condition exists, the statement matches anything, similar to a “permit any” in an access list. If there is no set condition, the matching traffic is either permitted or denied, with no other conditions being set.
Multiple match conditions on the same line use a logical OR. For example, the router interprets match a b c as “match
a or b or c.” Multiple match conditions on different lines use a logical AND. For example, the router interprets the
following route map statement as “match a and b and c”:
route-map Logical-AND permit 10 match a match b match c
In route redistribution, some common conditions to match include
- ip address: Refers the router to an access list that permits or denies networks.
- ip address prefix-list: Refers the router to a prefix-list that permits or denies IP prefixes.
- ip next-hop: Refers the router to an access list that permits or denies next-hop IP addresses.
- ip route-source: Refers the router to an access list that permits or denies advertising router IP addresses.
- length: Permits or denies packets based on their length in bytes.
- metric: Permits or denies routes with the specified metric from being redistributed.
- route-type: Permits or denies redistribution of the route type listed, such as internal or external.
- tag: Routes can be labeled (tagged) with a number, and route maps can look for that number.
In route redistribution, some common conditions to set are
- metric: Sets the metric for redistributed routes.
- metric-type: Sets the type, such as E1 for OSPF.
- tag: Tags a route with a number that can be matched on later by other route maps.
Controlling Route Redistribution Using Route Maps
The following configuration example shows a route map named BGP-LP with three statements that control which routes will be redistributed from OSPF into BGP. The router has already been configured with two access lists, numbered 23 and 103 (not shown.) The first route map statement, with sequence number 10, is a permit statement. The match condition tells it to use access list 23. Any traffic permitted by access list 23 matches this statement and will be redistributed into BGP. Any traffic explicitly denied by access list 23 will not be redistributed into BGP. The set condition tells it to set a BGP local preference for all traffic that matches statement 10. Traffic not matching access list 23 will be checked against the second route map statement.
The second route map statement, sequence number 20, is a deny statement that matches access list 103. Any traffic permitted by access list 103 will be denied by this statement and thus will not be redistributed. Any traffic explicitly denied by access list 103 will be ignored by this statement and checked against the next route map statement. This route map statement has no set conditions. Traffic not matching route map statements 10 or 20 will be checked against statement 30.
The third route map statement, sequence number 30, is a permit statement with no match or set conditions. This statement matches everything and sets nothing, thus permitting all other traffic without changing it. Without this statement, all other traffic would be denied.
Lastly, the route map is applied to the redistribution command to filter routes redistributed from OSPF into BGP:
Router(config)# route-map BGP-LP permit 10 Router(config-route-map)# match ip address 23 Router(config-route-map)# set local-preference 200 Router(config-route-map)# ! Router(config-route-map)# route-map BGP-LP deny 20 Router(config-route-map)# match ip address 103 Router(config-route-map)# ! Router(config-route-map)# route-map BGP-LP permit 30 ! Router(config)# router bgp 65001 Router(config-router)# redistribute ospf 1 route-map BGP-LP
Policy-Based Routing Using Route Maps
Policy-based routing overrides the normal routing process. Normal routing is done based on the destination IP address. Policy-based routing is based on source IP address or interface, or packet length. Create a route map statement that matches an access list, a specific IP address, or a packet length range. Then set either a next-hop IP address or an outbound interface for any traffic that matches the statement. Next, apply the route map either to an inbound interface or to the router itself to control locally generated traffic. The following configuration example shows a route map named LOCAL that matches the source addresses in access list 1. It assigns a next-hop IP address of 10.1.1.1 to this traffic. Because it is applied to the local router, it will be used only for traffic generated by the router itself.
Router(config)# route-map LOCAL Router(config-route-map)# match ip address 1 Router(config-route-map)# set ip next-hop 10.1.1.1 ! Router(config)# ip local policy route-map LOCAL
Route map INT, shown in the following example, has no match condition and thus matches all traffic. It sets an outbound interface. Because it is applied to an interface, its policy routes all inbound traffic from that interface:
Router(config)# route-map INT Router(config-route-map)# set interface fa0/1 ! Router(config)# int fa0/0 Router(config-if)# ip policy route-map INT
Verify policy routing with the debug ip policy command. See Chapter 5, Path Control, for more information on policybased routing.
Tagging Routes Using a Route Map
Another use for a route map is to tag routes as they are redistributed from one protocol to another. Then you can deny tagged routes from being redistributed back into the original protocol. For instance, supposed you are mutually redistributing routes between OSPF and EIGRP. You can tag EIGRP routes as you redistribute them into OSPF. Then when you redistribute OSPF routes back into EIGRP, you can deny those tagged routes. The following example illustrates this.
Router(config)# route-map EIGRP2OSPF deny 5 Router(config-route-map)# match tag 1 Router(config-route-map)# route-map EIGRP2OSPF permit 10 Router(config-route-map)# set tag 2 ! Router(config)# route-map OSPF2EIGRP deny 5 Router(config-route-map)# match tag 2 Router(config-route-map)# route-map OSPF2EIGRP permit 10 Router(config-route-map)# set tag 1 ! Router(config)# router eigrp 1 Router(config-router)# redistribute ospf 2 route-map OSPF2EIGRP metric 1 1 1 1 1500 ! Router(config-router)# router ospf 2 Router(config-router)# redistribute eigrp 1 route-map EIGRP2OSPF subnets
Prefix Lists
A prefix list matches both the subnet, or prefix, and the number of bits in the subnet mask. Similar to an access list, it consists of one or more statements permitting or denying prefixes. Routers evaluate the prefix statements in order, stopping if they find a match. There is an implicit “deny all” at the end of the prefix list. The command syntax follows:
ip prefix-list {list-name [ seq number] {deny | permit} network/length [ ge ge-length] [ le le-length]
The meaning of each command field is detailed in Table 4-1.
Table 4-1 The ip prefix-list Command
Command |
Field Meaning |
list-name | Gives a name to the prefix list. Prefix lists are named, not numbered. |
seq number | [Optional] Assigns a sequence number to the prefix list statement. Statements are numbered in increments of 5 by default, enabling a statement to be inserted between two others by using the seq option. |
deny | permit | Denies or permits the matching prefix. |
network/length | Configures the prefix and number of bits that must be matched. If no ge or le option is given, the length also equals the length of the subnet mask. |
ge ge-length | [Optional] Stands for “greater than or equal to.” Specifies the minimum number of bits a subnet mask must have to match the statement. |
le le-length | [Optional] Stands for “lesser than or equal to.” Specifies the maximum number of bit a subnet mask can have to match the statement. |
Some sample prefix lists include
- ip prefix-list CCNP permit 0.0.0.0/0: Permits only a default route.
- ip prefix-list CCNP permit 0.0.0.0/0 le 32: Permits all routes (equivalent to a “permit any” in an access list.) The prefix 0.0.0.0/0 means that none of the prefix bits must be matched. “Le 32” means that the subnet mask must be less than or equal to 32. Thus any network will match this statement.
- ip prefix-list CCNP permit 0.0.0.0/0 ge 32: Permits only host routes. The prefix 0.0.0.0/0 means that none of the prefix bits must be matched. “Ge 32” means that the subnet mask must be exactly 32 bits, thus this statement matches only host routes.
- ip prefix-list CCNP permit 10.0.0.0/8 ge 24 le 24: Permits any route whose first 8 bits equal 10, with a subnet mask of exactly 24 bits.
Before taking the ROUTE exam, be sure you understand and can interpret prefix lists.
Prefix lists can be used in a route map to control redistribution of networks. They can also be applied to a BGP neighbor to filter routing updates to that neighbor.
Distribute Lists
A distribute list enables you to filter both routing updates and routes being redistributed, through the use of an access list. Configure an access list that permits the routes to be advertised or redistributed, and then link that access list to the routing process with the distribute-list command, given under router configuration mode. This command has two options:
- distribute-list access-list in– Filters updates as they come in an interface. For OSPF, this controls routes placed in the routing table but not the database. For other protocols, this controls the routes the protocol knows about.
- distribute-list access-list out–Filters updates going out of an interface and also updates being redistributed out of another routing protocol into this one.
Passive Interfaces
The passive-interface command is another way to control routing updates because it prevents any updates from sending out an interface that is marked as passive. OSPF and EIGRP do not send Hello messages out a passive interface, and thus do not discover any neighbors. RIP does not send updates out a passive interface but listens for inbound updates. The EIGRP and OSPF chapters have a more in-depth description of this command.
Using Multiple Routing Protocols
There are several reasons you might need to run multiple routing protocols in your network. Some include
- Migrating from one routing protocol to another, where both protocols will run in the network temporarily
- Applications that run under certain routing protocols but not others
- Areas of the network under different administrative control (Layer 8 issues)
- A multivendor environment in which some parts of the network require a standards-based protocol
Configuring Route Redistribution
Route redistribution is used when routing information must be exchanged among the different protocols or routing domains. Only routes that are in the routing table and learned via the specified protocol are redistributed. Each protocol has some unique characteristics when redistributing, as shown in Table 4-2.
Table 4-2 Route Redistribution Characteristics:
Protocol | Redistribution Characteristics |
RIP | Default metric is Infinity. Metric must be set, except when redistributing static or connected routes, whichhave a metric of 1. |
OSPF | Default metric is 20. Can specify the metric type; the default is E2. Must use subnets keyword or only classful networks are redistributed. |
EIGRP | Default metric is Infinity. Metric must be set, except when redistributing static or connected routes, which get their metric from the interface. Metric value is “bandwidth, delay, reliability, load, MTU.” Redistributed routes have a higher administrative distance than internal ones. |
Static/Connected | To include local networks not running the routing protocol, you must redistribute connected interfaces. You can also redistribute static routes into a dynamic protocol. |
BGP | Metric (MED) is set to IGP metric value. |
You can redistribute only between protocols that use the same protocol stack, such as IP protocols, which cannot advertise IPX routes. To configure redistribution, issue this command under the routing process that is to receive the new routes:
Router(config-router)# redistribute {route-source} [metric metric] [route-map tag]
Seed Metric
Redistribution involves configuring a routing protocol to advertise routes learned by another routing process. Normally, protocols base their metric on an interface value, such as bandwidth, but a redistributed route is not associated with an interface. Protocols use incompatible metrics, so the redistributed routes must be assigned a new metric compatible with the new protocol.
A route’s starting metric is called its seed metric. Set the seed metric for all redistributed routes with the defaultmetric [metric] command under the routing process. To set the metric for specific routes, either use the metric keyword when redistributing or use the route-map keyword to link a route map to the redistribution. After the seed metric is specified, it increments normally as the route is advertised through the network (except for certain OSPF routes).
Administrative Distance
When a router receives routes to the same destination network from more than one routing process, it decides which to
put in the routing table by looking at the administrative distance (AD) value assigned to the routing process. The route
with the lowest AD is chosen. Table 4-3 shows administrative distance values.
Table 4-3 Administrative Distance:
Routing Information Source | Administrative Distance |
Connected interface | 0 |
Static route | 1 |
EIGRP summarized route | 5 |
BGP external route | 20 |
EIGRP internal route | 90 |
IGRP | 100 |
OSPF | 110 |
IS-IS | 115 |
RIP | 120 |
EIGRP external route | 170 |
BGP internal route | 200 |
Unknown | 255 |
AD can be changed for all routes of a process or only for specific routes within a process. The command for all IGPs except EIGRP is
Router(config-router)# distance administrative_distance {address wildcard-mask} [ access-list-number | name]
Using the address/mask keywords in the command changes the AD of routes learned from the neighbor with that IP address. An entry of 0.0.0.0 255.255.255.255 changes the AD of all routes. Specifying an access list number or name changes the AD only on networks permitted in the ACL.
EIGRP and BGP have different AD values for internal and external routes, so you have to list those separately when using the command with those protocols. BGP also enables you to change the AD for locally generated routes. For these protocols, the commands are
Router(config-router)# distance eigrp internal-distance external-distance Router(config-router)# distance bgp external-distance internal-distance local-distance
Route redistribution can cause suboptimal routing; one way to correct this is to adjust AD. Figure 4-1 shows a networ with two routing domains: RIP and OSPF.
FIGURE 4-1 Controlling Routing with AD
R2 redistributes its RIP routes into OSPF. These routes inherit OSPF’s AD when they are advertised to R4, which then advertises them to R3 as OSPF routes.
R3 now knows about the 10.1.1.0 network from two routing processes: RIP, with an AD of 120, and OSPF, with an AD of 110. The shortest path is the RIP route through R1. The OSPF path goes through R4 and R2, and then to R1—a much longer path. But, based on AD, R3 puts the OSPF path in its routing table.
To prevent this, increase the AD of the redistributed RIP routes when OSPF advertises them. Note that this doesn’t change all OSPF routes, just the ones learned from RIP. The commands given on R2 (the router doing the initial redistribution) are shown here:
Router(config)# access-list 10 permit 10.1.1.0 ! Router(config)# router ospf 1 Router(config-router)# redistribute rip subnets Router(config-router)# distance 125 0.0.0.0 255.255.255.255 10
The AD is increased to 125 for routes from all neighbors, if they match the network permitted in access list 10. Now R3 hears about the 10.1.1.0 network from RIP with an AD of 120, and from OSPF with an AD of 125. The RIP route is put into the routing table based on its lower AD.
Routing protocols that assign a higher AD to external routes, EIGRP and BGP, accomplish a similar result automatically. OSPF can be configured to do so with the distance ospf external command.
Planning Route Redistribution
Plan carefully before redistributing routes between protocols. Different protocols have incompatible routing information
and different convergence times. First, decide which is the core, or main, protocol and which is the edge protocol. Decide
if you will do one-way or two-way, and single point or multipoint redistribution.
One-way redistribution involves redistributing routes from the edge routing protocol into the core protocol. Static or default routes must be used in the edge protocol. Two-way redistribution involves redistributing routes mutually between both core and edge protocols. No static routes are needed because both protocols know all routing information.
One-way and two-way redistribution at just one router within the network is considered safe because traffic between administrative domains has only one exit point, thus routing loops are not a problem. Redistribution at multiple routers within the network can cause routing loops and suboptimal routing.
With multipoint one-way redistribution:
- Use a routing protocol that uses different ADs for external and internal routes (EIGRP, OSPF, and BGP).
- Ensure that the AD of the redistributed external routes is higher than the AD of the protocol where they originated.
Multipoint two-way redistribution adds the following considerations:
- Ensure that only internal routes are redistributed from each protocol. You can do this by tagging the routes and then filtering based on tags when redistributing.
- Adjust the metric of the redistributed routes.
- Consider using a default route to avoid multipoint two-way redistribution.
Redistribution Techniques
Try to design your route redistribution as safely as possible. The options include
- Redistribute all edge information into the core, but send only a default route into the edge.
- Redistribute all edge information into the core, but redistribute multiple static routes into the edge.
- Redistribute routes in both directions, but filter to prevent routes from being redistributed back into their original administrative domain.
- Redistribute all routes in both directions, but increase the AD for external routes.
Redistribution Notes
The IPv6 commands to redistribute routes between protocols or between multiple instances of a protocol are just like the ones in IPv4. Under the routing protocol configuration mode, issue the command redistribute route-source and specify any options such as a route map if desired.
Some points to remember about redistributing routes follow:
- A router redistributes only routes learned by the source protocol. For instance, if you redistribute connected routes into the protocol, it will advertise them but not redistribute them.
- When redistributing routes into BGP, you can use the keyword include-connected to get the connected routes into BGP.
- When you redistribute routes between two OSPF processes, the routes are advertised into the new process as Type 2.
- You generally want to include the subnets keyword on routes distributed from another routing protocol into OSPF. Otherwise, only routes that use their default classful subnet mask are redistributed.
- Be sure to specify a seed metric when redistributing routes into RIP. Otherwise the routes start with a metric of 16, which RIP interprets as “unreachable.”
- If you redistribute in multiple places, check the path that traffic takes. You might run into suboptimal routing. A way to fix this is to tune the administrative distance for some of the routes.
- BGP does not redistribute routes learned via IBGP into an IGP by default. To change this behavior, use the router configuration command bgp redistribute-internal.
More Resources
- CCNP Route Notes
- CCNP Route Lab Manual with Solutions
- CCNP Security VPN FAQ
- CCNP Secure IPS FAQ
- CCNP Switch FAQ
- CCNP Switch Lab Manual with Solutions
- CCNA Security Lab Manual With Solutions
- CCNA Security FAQ
- 210-451 CCNA Cloud CLDFND FAQ
- Cisco Network Mgmt Protocol FAQ
- Network Security FAQ
- CCDA FAQ
- CCNA Cloud FAQ
- CCNA RSE Lab