Router Filters - Route Maps - Leak Maps

cisco_trooper

After fighting the good fight with redistribution, conquering some figments of my imagination, and coming to terms with the fact the EIGRP summary routes - though they do have an AD of 5 - do not directly reflect an AD of 5 in the route table, I am ready to conquer Route Filters, Route Maps, and Leak Maps. These are their stories...

Mrock4

Good luck. I had a great time tonight with route-maps....(note to self: buy aspirin). Just kidding. I actually learned a lot. I had book knowledge of route-maps down, but my application was/is not the best. Tonight I made some good leaps.

Haven't played with leak maps.

dtlokee

Leak maps are no big deal. When you use a summary address the router will suppress the more specific routes that are part of the summary and you will lose routing precision. The leak map just specifies what routes you want to leak through (or unsuppress) to the other routers.

Paul Boz

If you want to take it up a notch study the BGP uses for route maps.

Mrock4

I've browsed over some BGP topics. I want to master all the other little specifics of other routing protocols before really screwing with my head

Leak maps sounds like they could be a little project for tonight. They sound pretty simple. Can't wait...

cisco_trooper

Wow, I just read Chapter 12 in the BSCI and must say I'm a little disappointed. This books takes a very simplistic view of Route Filters and Route Maps and is very uninteresting.

If this is all that is on the BSCI exam then I'm not very impressed. I suspect route maps can be far more complicated than this. Let's see what Doyle has to say about it.

Mrock4

I'm currently being raped by distribute-list + route maps in a scenario I set up. Routing loops are owning me. My pride (and consideration) is also killing as well..I've asked for too much outside help, so I don't feel like bothering others. <sigh>......


I have two monitors..who cares if I throw one out the window?


cisco_trooper- what BSCI book are you using?

jezg76

p. 372 of the BSCI book:

route-map cupcakes permit 10
  match lemon-flavored
  match poppy-seed
  set add lemon-butter-frosting
route-map cupcakes deny 20
  match granola
route-map cupcakes permit 20
  match walnuts baked-today
  set melted-chocolate-frosting
route-map cupcakes permit 40
  set vanilla-frosting

Makes me laugh everytime I see it.

dtlokee

Mrock4 wrote:

I'm currently being raped by distribute-list + route maps in a scenario I set up. Routing loops are owning me. My pride (and consideration) is also killing as well..I've asked for too much outside help, so I don't feel like bothering others. <sigh>......


I have two monitors..who cares if I throw one out the window?


cisco_trooper- what BSCI book are you using?

If you are redistributing at multiple points between 2 routing domains try using route tags when you redistribute and see it it helps.

route-map EIGRP_TO_RIP deny 10
 match tag 120
route-map EIGRP_TO_RIP permit 20
 set tag 90

route-map RIP_TO_EIGRP deny 10
 match tag 90
route-map RIP_TO_EIGRP permit 20
 set tag 120

router eigrp 10
 redistribute rip metric 1000 1000 255 1 1500 route-map RIP_TO_EIGRP

router rip
 redistribute eigrp metric 5 route-map EIGRP_TO_RIP

use that at your redistribution points and it will prevent the loops.

Also "debug ip routing" is your best friend when it comes to redistribution.

cisco_trooper

Mrock4 wrote:

cisco_trooper- what BSCI book are you using?

Cisco Press.

cisco_trooper

Seriously, just skip the crap in the BSCI book and go straight to Doyles. As I suspected, this is a little more interesting than the BSCI book would have you believe. Doyle rules.

cisco_trooper

Man, I have created a redistribution nightmare between RIP, ISIS, OSPF, and EIGRP. This is sweet. I'm seeing all sorts of chaos, obviously route feedback has become quite a problem. I can't wait to conquer!

Mrock4

Nice man. Thanks dtlokee..I'm doing more route-map/leak map stuff tonight, but before I do that, I'm going to see if the stuff you posted helps. It makes a lot of sense, so I'm sure it will.

Cisco_trooper- I opened up Doyle's book and set my BSCI book aside. I do like the redistribution section more, but that's all I've really read from it so far.

cisco_trooper

Jesus Christ. Don't forget to bring plenty of patience with you to the distribution list / route map lab. Especially if you are using RIP. I have RIP in my topology, and since it has an AD of 120, route feedback is a huge problem for it. I applied a distribute list at my ASBR to address this issue and was about to flip out because the OSPF routes disappeared but the RIP routes did not appear. Finally they appeared, but soon after ISIS routes appeared instead. Man, stuff is flapping around all over the place. I think my creation is over my head, as usual. Not sure the best approach here....but will prevail.

networker050184

cisco_trooper wrote:

I think my creation is over my head, as usual.

Its supposed to be, thats how you learn! If you do things you understand over and over you will never learn anything new. Just keep at it until you understand (or go insane) and you will be good to go.

cisco_trooper

Umm. yeah. off topic but seriously -

no access-list 100

should delete the freaking access-list, should it not? i'm sick of looking at it in my config...oh well.

networker050184

It will delete the access-list but if you have it applied to an interface it will still have that access-group on the interface.

cisco_trooper

ISIS Hell makes a come back. So I don't have an option to set the distribute list under the ISIS routing process... Go figure. ISIS is flapping these routes.

Mrock4

Don't worry man, I am right there with you. I had to take a break, because again, I was about to throw the computer out the window. Dt's tip/config helped a lot, but now I'm tearing things apart again, to create more mayhem in some attempt at learning. I still feel like tonight is beat the hell out of Mrock night, and the routers are having their go first...

I think tonight I will watch some CBT Nuggets, and read..I've done hands on every day the last week. I'll face my little issues (I'm almost there..I can feel it..) tomorrow with a fresh mind.

Good luck.

Edit: Ok, so I couldn't just give up. I had an epiphany, and got back on the routers. Literally two minutes later, my routing table looks straight..no duplicate routes, everything looks in order. Go distribute-lists...

Now it's time to really jack it up and start from scratch!

dtlokee

You may want to try the "distance" command with an ACL tied to it to individually lower or raise the AD of some of the routes that are causing you trouble. Note: you can't individually change EIGRP external routes, you need to modify the AD for all EIGRP external routes.

cisco_trooper

cisco_trooper wrote:

ISIS Hell makes a come back. So I don't have an option to set the distribute list under the ISIS routing process... Go figure. ISIS is flapping these routes.

Still don't understand why I can't use a distribute-list under ISIS. Anyone?

OK. ISIS is hindering me at this point so I'm shutting it down until I get a grasp on this. Can't building a skyscraper without a solid foundation...

cisco_trooper

So yeah, it's pretty important to leave typos OUT of your access lists. I now have to bring ISIS back up to see how this affects the entire lab.

Again, the affects of sleep deprivation are far reaching.

dtlokee

You should go back and review haw a distribute list behaves in OSPF and it will help you understand ISIS which is another link state protocol.

cisco_trooper

dtlokee wrote:

You should go back and review haw a distribute list behaves in OSPF and it will help you understand ISIS which is another link state protocol.

I'm not having any trouble with OSPF. I just simply do not have the option under ISIS for a distribute-list? I have one applied to RIP, OSPF, EIGRP, but ISIS is rejecting me Perhaps ISIS has to be dealt with using route-maps...

This is the C7200-JS-MZ.124-18 IOS.

Yeah. I believe distribute-list is supposed to be protocol independent so w t f? Beginning to lose my patience now.

Check it out: no distribute-list
ASBR1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
ASBR1(config)#router isis
ASBR1(config-router)#?
Router configuration commands:
address-family Enter Address Family command mode
adjacency-check Check ISIS neighbor protocol support
advertise Control which IP routes flow in L1 and L2 LSPs
area-password Configure the authentication password for an area
authentication ISIS authentication for LSPs
default Set a command to its defaults
default-information Control distribution of default information
distance Define an administrative distance
domain-password Set the authentication password for a routing domain
exit Exit from routing protocol configuration mode
fast-flood Flood LSPs (that triggered SPF) before running SPF
hello Pad ISIS hello PDUs to full MTU
help Description of the interactive help system
hostname Dynamic hostname for IS-IS
ignore-lsp-errors Ignore LSPs with bad checksums
ip IP specific commands
is-type IS Level for this routing process (OSI only)
ispf Configure execution of incremental SPF
log-adjacency-changes Log changes in adjacency state
lsp-full If we run out of LSP fragments
lsp-gen-interval Minimum interval between regenerating same LSP

cisco_trooper

I'm done chasing this ghost. It seems distribute lists are not supported for ISIS, at least not with this image. It will have to be with route-maps, which is fine, as long as I have not done something to bring about this behavior all is good.

Cisco Feature Navigator
http://www.cisco.com/go/fn

cisco_trooper

networker050184 wrote:

Its supposed to be, thats how you learn! If you do things you understand over and over you will never learn anything new. Just keep at it until you understand (or go insane) and you will be good to go.

I know it man. This is how I like it.

The simple crap the BSCI book had is completely inappropriate. Cisco Press should be ashamed of themselves.

networker050184

cisco_trooper wrote:

The simple crap the BSCI book had is completely inappropriate. Cisco Press should be ashamed of themselves.

Why should they be ashamed of themselves? The book is for the BSCI exam. It teaches what you need to know for the exam. Its not an all encompasing routing book, its not supposed to be. It is centered around the exam and IMO is great for studying the BSCI material.

cisco_trooper

It's only this topic that left me feeling ripped off. For the rest of it I have no complaints.

cisco_trooper

This is by far the most fun I have had in my studies thus far. Perhaps I am far exceeding the scope of the BSCI, but I can't help it. I keep finding gaps in the story, and simply have to find substance to fill those gaps. I still have questions regarding this topic, but I'm going to see if they are addressed with route-maps; I suspect they are.

This is a quick overview of my progression in this topic
Distribute Lists became quite easy after I quit chasing my nemesis, ISIS. Die, ISIS, I hate you.

The topology consists of 2 ASBRs, each connected to each one of the routing domains: RIPv2, OSPF, and EIGRP. I configured distribute lists such that only addresses within the RIP domain will be accepted by RIP, only addresses within the EIGRP domain will be accepted by EIGRP, and only addresses within the OSPF domain will be accepted by OSPF. After confirming all these routes to be correct I thought it would be a good time to begin throwing kinks in the network in order to find the weaknesses of this configuration. It wasn't long before I found one.

Breaking a link to one of the ASBRs, left that ASBR unable to reach that routing domain, even though there is a physical path to the network, because RIP is filtering OSPF and EIGRP, OSPF is filtering RIP and EIGRP, and EIGRP is filtering RIP and OSPF. This configuration basically removes the redundancy provided by multiple redistribution points. An alternate configuration is necessary to take advantage of the two redistribution points.

At this point I take dtlokee's advice in using Administrative Distance to help with routes giving me trouble, and wisely consult Doyle's book. This was quite enlightening. Reconfiguring the default Administrative Distance on each routing protocol to a higher number, and then configuring the Administrative Distance on routes matching those specified in an access-list back to that protocols documented default was a nice touch. This allowed your RIP originating routes to maintain their AD of 120, while allowing those same routes to be advertised back into the RIP domain with a slightly higher AD, should a link fail. This works to prevent inaccessibility of a network and takes advantage of the multiple paths into the routing domain, while at the same time preventing route feedback. The only issue I am running into with this, is that the link that is down, is still being advertised into the routing domain, which I really don't like and have not quite figured out how to deal with yet. I'll bet route-maps have the power.

Hopefully someone other than myself finds this information useful.

Mrock4

I'm pretty close with ya. I have been playing guitar for the last 2 hours probably..so now it's time to get to work I suppose :-/......

I can't help it, I had a shot to my ego when I spoke to a good buddy (really, really smart guy) who I spent time with in Iraq, and is now a civilian. He's taking the BSCI in two weeks....although he studied on his own for the CCNA, I explained a lot of concepts to you. It's safe to say the student has become the teacher..guess that means I gotta step my game up.

cisco_trooper

Grrrr. Haven't had a chance to finish this topic.
Hopefully I can close this book tomorrow.