OSPF route problem
I think I may have lost my mind as I can't seem to get this scenario working how I'd like it to.
I managed to solve it using Policy based routing and an extended ACL. The router-ids match the router number. i.e. R2=2.2.2.2
I'm sure I am forgetting something fundamental which is preventing me from achieving my goals.The picture will explain more what I want to do. I used PBR but only because I couldn't resolve it any other way.
network diagram.jpg
For example the PBR config on R3 is
R3#show route-map
route-map PBR, permit, sequence 10
Match clauses:
ip address (access-lists): 100
Set clauses:
ip next-hop 192.168.23.1
Policy routing matches: 10 packets, 1000 bytes
R3#show access-list
Extended IP access list 100
10 permit ip 172.16.10.0 0.0.0.7 any (5 matches)
20 permit ip 172.16.20.0 0.0.0.7 any (5 matches)
On R1 AND R2 truncated config is
R1#show route-map
route-map PBR, permit, sequence 10
Match clauses:
ip address (access-lists): 100
Set clauses:
ip next-hop 192.168.12.2
Policy routing matches: 5 packets, 500 bytes
R1#show access-l
Extended IP access list 100
10 permit ip any 172.16.10.0 0.0.0.7 (5 matches)
20 permit ip any 172.16.20.0 0.0.0.7
route-map PBR, permit, sequence 10
Match clauses:
ip address (access-lists): 100
Set clauses:
ip next-hop 192.168.23.2
Policy routing matches: 18 packets, 1892 bytes
R2#show access-list
Extended IP access list 100
10 permit ip any 172.16.10.0 0.0.0.7 (8 matches)
20 permit ip any 172.16.20.0 0.0.0.7 (10 matches)
It works with a PBR but lets be honest it is kinda messy and means a lot of typing.
I tried to use a distribution list on R1 which prevented the 172.16.10.0/29 amd 172.16.20.0/29 coming into F1/0 of R1. Did a similar thing on R2's fa0/0. YET it did not work and instead blocked 172.16.10.0/29 and 172.16.20.0/29 totally and there was no path to it.
I also tried changing the admin distance for 172.16.10.0/29 and 172.16.20.0/20 to AD=200 on R2 as it is advertised from R3 but no chance. It never worked.
Is there a way to influence the path without using PBR?
Maybe I messed things up when I changed the auto cost reference bw to 1000Mb but I did this because I wanted to use the faster links.
It has been a long time since I did any cisco related work so my mind is a bit fuzzy.
I managed to solve it using Policy based routing and an extended ACL. The router-ids match the router number. i.e. R2=2.2.2.2
I'm sure I am forgetting something fundamental which is preventing me from achieving my goals.The picture will explain more what I want to do. I used PBR but only because I couldn't resolve it any other way.
network diagram.jpg
For example the PBR config on R3 is
R3#show route-map
route-map PBR, permit, sequence 10
Match clauses:
ip address (access-lists): 100
Set clauses:
ip next-hop 192.168.23.1
Policy routing matches: 10 packets, 1000 bytes
R3#show access-list
Extended IP access list 100
10 permit ip 172.16.10.0 0.0.0.7 any (5 matches)
20 permit ip 172.16.20.0 0.0.0.7 any (5 matches)
On R1 AND R2 truncated config is
R1#show route-map
route-map PBR, permit, sequence 10
Match clauses:
ip address (access-lists): 100
Set clauses:
ip next-hop 192.168.12.2
Policy routing matches: 5 packets, 500 bytes
R1#show access-l
Extended IP access list 100
10 permit ip any 172.16.10.0 0.0.0.7 (5 matches)
20 permit ip any 172.16.20.0 0.0.0.7
route-map PBR, permit, sequence 10
Match clauses:
ip address (access-lists): 100
Set clauses:
ip next-hop 192.168.23.2
Policy routing matches: 18 packets, 1892 bytes
R2#show access-list
Extended IP access list 100
10 permit ip any 172.16.10.0 0.0.0.7 (8 matches)
20 permit ip any 172.16.20.0 0.0.0.7 (10 matches)
It works with a PBR but lets be honest it is kinda messy and means a lot of typing.
I tried to use a distribution list on R1 which prevented the 172.16.10.0/29 amd 172.16.20.0/29 coming into F1/0 of R1. Did a similar thing on R2's fa0/0. YET it did not work and instead blocked 172.16.10.0/29 and 172.16.20.0/29 totally and there was no path to it.
I also tried changing the admin distance for 172.16.10.0/29 and 172.16.20.0/20 to AD=200 on R2 as it is advertised from R3 but no chance. It never worked.
Is there a way to influence the path without using PBR?
Maybe I messed things up when I changed the auto cost reference bw to 1000Mb but I did this because I wanted to use the faster links.
It has been a long time since I did any cisco related work so my mind is a bit fuzzy.
I'm an Xpert at nothing apart from remembering useless information that nobody else cares about.
Comments
-
NetworkVeteran Member Posts: 2,338 ■■■■■■■■□□I'd use tunnels here. A hop-by-hop approach seems awfully fragile. I'm especially skeptical of your policy on router 1. Try failing the link between R2 and R3, and I believe when you ping 172.16.10.1 from R1 you will experience a routing loop.
GRE tunnels are doable. Set the tunnel source, destination, and route-via options and you're be in business.
My preference would be traffic engineering. -
MrXpert Member Posts: 586 ■■■□□□□□□□Thanks for the idea - i need to brush up on that
But how come I cannot just block 172.16.10.0 and 172.16.20.0 from coming into R1 from R3 using a distribute-list? i did try it but then R1 did not learn it could get to those prefixes via R2. Yet R2 was reaching those networks by sending using its directly connected interface with R3.
comparatively....In eigrp this would normally cause an issue right?I'm an Xpert at nothing apart from remembering useless information that nobody else cares about. -
NetworkVeteran Member Posts: 2,338 ■■■■■■■■□□how come I cannot just block 172.16.10.0 and 172.16.20.0 from coming into R1 from R3 using a distribute-list?i did try it but then R1 did not learn it could get to those prefixes via R2.
For fun, I just labbed this up using traffic engineering. I love the elegance of such solutions. (Except, of course, when it becomes not so simple and I'm spending countless hours figuring out what exactly went wrong!)
ip explicit-path name longway enable
next-address 2.2.2.2
interface Tunnel1500
ip unnumbered Loopback0
tunnel destination 3.3.3.3
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng path-option 1 explicit name longway -
CodeBlox Member Posts: 1,363 ■■■■□□□□□□Good info in this thread. I am working on CCNP: ROUTE and have just finished the last of the OSPF chapters todayCurrently reading: Network Warrior, Unix Network Programming by Richard Stevens
-
MrXpert Member Posts: 586 ■■■□□□□□□□Many thanks NetworkVeteran for your help!I'm an Xpert at nothing apart from remembering useless information that nobody else cares about.