Mutual redistribution using same tag (and the same route-map)

I'm reading through the OCG, trying to finalize things before scheduling my route exam, and I'm looking at the problems dealing with multiple redistribution points, and using tags to stop the "second" redistribution. The example uses a separate tag / separate route maps for each direction (as do all the examples I can find online), but I have to ask why? I don't see why on each redistribution router you can't use the same route-map and just apply it in both directions.

route-map DBL_RED deny 100
match tag 10
route-map DBL_RED permit 110
set tag 10

Setting this on each device, under each routing interface logically should work: no matter the direction, if the tag is 10 filter it, otherwise tag it so the other device(s) filter it in the reverse direction. Am I missing something or do the examples just use separate tags to make it easier to understand?

I guess being able to ask questions like these is a sign I'm close to getting ready. Hopefully

Find more posts tagged with

Comments

pham0329

how would your router knows which tag belongs to which routes if they're all the same? I don't know if I interpreted your question correctly, but suppose you have EIGRP and OSPF mutual redistribution. You're going to set the OSPF routes with a tag of 10, and EIGRP with the same tag of 10?

From there, you're going to deny routes with a tag of 10 from being redistributed?

bermovick

Except the match/denial statement is before the set statement.

At redistribution point 1 - the routes going from eigrp into ospf haven't been tagged yet, so aren't denied (but get tagged). The routes going from ospf into eigrp haven't been tagged yet, so aren't denied (but get tagged).

Now we have tagged ospf routes in the eigrp domain, and tagged eigrp routes in the ospf domain.

At redistribution point 2 - the routes that are tagged are kept from returning back into their original routing domain.

cisco_trooper

You need to use different tags. In this case if you have two routing domains being redistributed at two redistribution points I would use two tag values in my route-map configurations. I would set a tag of 10 for routes redistributed from EIGRP into OSPF and I would set a tag of 20 from routes redistributed from OSPF into EIGRP.

So you'll have something like:
router ospf 5
redistribute eigrp 5 route-map eigrp_to_ospf

router eigrp 5
redistribute ospf 5 route-map ospf_to_eigrp

route-map eigrp_to_ospf deny 10
match tag 20

route-map eigrp_to_ospf permit 20
set tag 10

route-map ospf_to_eigrp deny 10
match tag 10

route-map ospf_to_eigrp permit 20
set tag 20

I would be very careful trying to use the same tag for both routing domains. The best case is you have a confusing unconvential configuration for a common deployment. The worst case is the IOS doesn't deal with this the way you expect and you find yourself with routes flapping and connectivity issues. I might lab that up and watch it for a while. I don't know that I ever would have tried such a configuration when I originally went through this material about 3 years ago but I definitely follow your logic. I wouldn't consider this a good practice. What happens when you need to add another router to the mix and you end up with more distribution points or more routing protocols? I'd use a tag per routing domain to keep it clean and to keep it easier to change in the future.

pham0329

Ah, I misread your post. Yes, that would work...but why? Redistribution is confusing enough, why make it even more confusing by setting/denying the same tag?!

bermovick

Thanks to both of you for replying. I will have to lab it up just to see. I guess it does make sense to use separate tags and route-maps just to make your life easier if and when something does go wrong so if you have to look at a tag for troubleshooting it's actually helpful.

Ronald Alonso

Is there a LAB example where this can be simulated. I have a few routers and will like to simulate this scenario.

Kory

RIP EIGRP Redistribution Route Tagging | Redistribution | Labs

thats a good one, it will let you see the tagging in action. You will need to register to download the GNS3 files, but its a good community to join and if you browse around the lab section you will see that there are loads of excellent labs.

powmia

Using the same tag in each direction works fine, and is a simple enough concept... if a route has been redistributed once, don't re-redistribute it. However, tagging routes based on whether or not they have been redistributed is not an accurate enough description of the route.

What happens if you decide to add a 3rd protocol to your network? Draw a triangle with OSPF, IS-IS, and EIGRP in the corners. For mutual redistribution amongst all of the protocols:

1. first you redist OSPF into both IS-IS and EIGRP... ok, fine.
2. Now redist IS-IS into both OSPF and EIGRP.

we don't even need to move to step 3 before...

... a routing table meltdown, routes originating in OSPF are oscillating between coming into EIGRP directly from OSPF (step 1), and coming in from IS-IS (step 2). If you have been just using the same tags, you have no way of differentiating the origin of the protocol. You need to tell your router not to redistribute the IS-IS routes that originally came from OSPF into EIGRP. The only way to do this, is by using different tags.

A best practice is to use the Administrative distances:

route-map FROM-OSPF deny 10
match tag 90
route-map FROM-OSPF deny 20
match tag 115
route-map FROM-OSPF permit 30
set tag 110
!
route-map FROM-EIGRP deny 10
match tag 110
route-map FROM-EIGRP deny 20
match tag 115
route-map FROM-EIGRP permit 30
set tag 90
!
route-map FROM-ISIS deny 10
match tag 90
route-map FROM-ISIS deny 20
match tag 110
route-map FROM-ISIS permit 30
set tag 115
!
router ospf 1
redist eigrp 100 subnets route-map FROM-EIGRP
redist isis subnets route-map FROM-ISIS
!
router isis
redist eigrp 100 route-map FROM-EIGRP
redist ospf 1 route-map FROM-OSPF
!
router eigrp 100
redist ospf 1 metric 1 1 1 1 1 route-map FROM-OSPF
redist isis metric 1 1 1 1 1 route-map FROM-ISIS

###

If you want to be cautious (always) add a "route-map FROM-XXX deny 25" in there... to prevent redistributing the "FROM" protocol if it already has the appropriate tag (meaning it has been redistributed somewhere once before).