OSPF route problem

MrXpertMrXpert Member Posts: 586 ■■■□□□□□□□
I think I may have lost my mind as I can't seem to get this scenario working how I'd like it to.
I managed to solve it using Policy based routing and an extended ACL. The router-ids match the router number. i.e. R2=2.2.2.2
I'm sure I am forgetting something fundamental which is preventing me from achieving my goals.The picture will explain more what I want to do. I used PBR but only because I couldn't resolve it any other way.

network diagram.jpg

For example the PBR config on R3 is

R3#show route-map
route-map PBR, permit, sequence 10
Match clauses:
ip address (access-lists): 100
Set clauses:
ip next-hop 192.168.23.1
Policy routing matches: 10 packets, 1000 bytes


R3#show access-list
Extended IP access list 100
10 permit ip 172.16.10.0 0.0.0.7 any (5 matches)
20 permit ip 172.16.20.0 0.0.0.7 any (5 matches)


On R1 AND R2 truncated config is


R1#show route-map
route-map PBR, permit, sequence 10
Match clauses:
ip address (access-lists): 100
Set clauses:
ip next-hop 192.168.12.2
Policy routing matches: 5 packets, 500 bytes
R1#show access-l
Extended IP access list 100
10 permit ip any 172.16.10.0 0.0.0.7 (5 matches)
20 permit ip any 172.16.20.0 0.0.0.7


route-map PBR, permit, sequence 10
Match clauses:
ip address (access-lists): 100
Set clauses:
ip next-hop 192.168.23.2
Policy routing matches: 18 packets, 1892 bytes

R2#show access-list

Extended IP access list 100
10 permit ip any 172.16.10.0 0.0.0.7 (8 matches)
20 permit ip any 172.16.20.0 0.0.0.7 (10 matches)

It works with a PBR but lets be honest it is kinda messy and means a lot of typing.
I tried to use a distribution list on R1 which prevented the 172.16.10.0/29 amd 172.16.20.0/29 coming into F1/0 of R1. Did a similar thing on R2's fa0/0. YET it did not work and instead blocked 172.16.10.0/29 and 172.16.20.0/29 totally and there was no path to it.

I also tried changing the admin distance for 172.16.10.0/29 and 172.16.20.0/20 to AD=200 on R2 as it is advertised from R3 but no chance. It never worked.
Is there a way to influence the path without using PBR?
Maybe I messed things up when I changed the auto cost reference bw to 1000Mb but I did this because I wanted to use the faster links.

It has been a long time since I did any cisco related work so my mind is a bit fuzzy.
I'm an Xpert at nothing apart from remembering useless information that nobody else cares about.

Comments

  • NetworkVeteranNetworkVeteran Member Posts: 2,338 ■■■■■■■■□□
    I'd use tunnels here. A hop-by-hop approach seems awfully fragile. I'm especially skeptical of your policy on router 1. Try failing the link between R2 and R3, and I believe when you ping 172.16.10.1 from R1 you will experience a routing loop.

    GRE tunnels are doable. Set the tunnel source, destination, and route-via options and you're be in business.

    My preference would be traffic engineering. :)
  • MrXpertMrXpert Member Posts: 586 ■■■□□□□□□□
    Thanks for the idea - i need to brush up on that
    But how come I cannot just block 172.16.10.0 and 172.16.20.0 from coming into R1 from R3 using a distribute-list? i did try it but then R1 did not learn it could get to those prefixes via R2. Yet R2 was reaching those networks by sending using its directly connected interface with R3.
    comparatively....In eigrp this would normally cause an issue right?
    I'm an Xpert at nothing apart from remembering useless information that nobody else cares about.
  • NetworkVeteranNetworkVeteran Member Posts: 2,338 ■■■■■■■■□□
    how come I cannot just block 172.16.10.0 and 172.16.20.0 from coming into R1 from R3 using a distribute-list?
    Suppose you did and the R1-R2 link became severed. Now R1 wouldn't know how to get to those destinations.
    i did try it but then R1 did not learn it could get to those prefixes via R2.
    The distribute-list in command filters what routes the OSPF database inserts into the local routing table. Perhaps there was only the one route, or alternately there were two routes but your distribute-list wasn't fine-tuned and klobbered them both.

    For fun, I just labbed this up using traffic engineering. I love the elegance of such solutions. (Except, of course, when it becomes not so simple and I'm spending countless hours figuring out what exactly went wrong!)

    ip explicit-path name longway enable
    next-address 2.2.2.2

    interface Tunnel1500
    ip unnumbered Loopback0
    tunnel destination 3.3.3.3
    tunnel mode mpls traffic-eng
    tunnel mpls traffic-eng path-option 1 explicit name longway
  • CodeBloxCodeBlox Member Posts: 1,363 ■■■■□□□□□□
    Good info in this thread. I am working on CCNP: ROUTE and have just finished the last of the OSPF chapters today
    Currently reading: Network Warrior, Unix Network Programming by Richard Stevens
  • MrXpertMrXpert Member Posts: 586 ■■■□□□□□□□
    Many thanks NetworkVeteran for your help! :)
    I'm an Xpert at nothing apart from remembering useless information that nobody else cares about.
Sign In or Register to comment.