Upload
loewenmann
View
233
Download
1
Embed Size (px)
Citation preview
8/9/2019 WP Routing New (The Cisco IP Routing Process)
1/18
WHITE PAPER
The CISCO IP Routing Process
including POLICY Routing
byAlexander Marhold
CCIE #3324, CCSI #20642, CCNP, CCDP
8/9/2019 WP Routing New (The Cisco IP Routing Process)
2/18
? 1999, PRO IN Consulting GmbH Page 2 of 18o
offset-list {access-list-number | name} in offset [type number]
distance weight [address mask [access-list-number | name]]distribute-list {access-list-number | name} in [type number]
passive-interface type number (only for Link State and EIGRP)ip access-group {access-list-number | name} in
( for selected protocol)
Policy Routingon incoming interface
selected by:
ip policy route-map map-tag
no match
or deny or
Routing Table
S ... Static
C ... Connectedx . ... dynamic routing
Input Access-listNAT
Output Access-list
NAT / PATAccounting
IncomingRoute Processing
ROUTE InformationOutgoing
Route ProcessingRoutes
Administrative Distance Metric
Route-TAGsRoute-TAGs
0 Connected1 Static Route
5 EIGRP Summary20 External BGP
90 Internal EIGRP100 IGRP
110 OSPF115 IS-IS
120 RIP170 External EIGRP
200 Internal BGP255
INCOMING from REMOTE
OUTGOING to same protocol
OUTGOING coming from other protocol
OUTGOING to another protocol
redistribute protocol [process-id] {level-1 | level-1-2 | level-2} [metricmetric-value] [metric-type type-value] [match {internal | external 1 |
external 2}] [tag tag-value] [route-map map-tag] [weight weight] [subnets]default-information redistribution:
default-information originate [always] [metric metric-value] [metric-type type-value] {level-1 | level-1-2 | level-2} [route-map map-name] (RIP/OSPF)
default-information {in | out} {access-list-number | name} (IGRP/EIGRP)
distribute-list {access-list-number | name} out[routing-process |autonomous-system-number]
ip route prefix mask {address |interface} [distance] [tag tag]
[permanent]and from connected interfaces
distribute-list {access-list-number | name} out [interface-name]
passive-interface type numberoffset-list {access-list-number | name} out
offset [type number]
INCOMING from LOCAL
route-map map-tag [permit | deny] [sequence-number] FOR ROUTE REDISTRIBUTION
match interface type number [...type number]match ip route-source {access-list-number | name}[...access-list-number | name]
match metric metric-valuematch route-type {local | internal | external [type-1 | type-2] | level-1 | level-2}
match tag tag-value [...tag-value]match ip address {access-list-number | name} [...access-list-number | name]
match ip next-hop {access-list-number | name}[...access-list-number | name]
route-map map-tag [permit | deny] [sequence-number] FOR POLICY ROUTINGmatch ip address {access-list-number | name} [...access-list-number | name]
match length min max
set automatic-tagset level {level-1 | level-2 | level-1-2 | stub-area | backbone}
set local-preferenceset metric metric-value
set metric-type {internal | external | type-1 | type-2}set origin {igp | egp autonomous-system | incomplete}
set tag tag-valueset next-hop next-hop
set ip next-hop ip-address [...ip-address]set interface type number [...type number]
set default interface type number [... type number]set ip default next-hop ip-address [...ip-address]
The CISCO Routing Processincluding POLICY Routing
DATA
DATA Packets
Queueing
Recursive Lookup
Metric
8/9/2019 WP Routing New (The Cisco IP Routing Process)
3/18
? 1999, PRO IN Consulting GmbH Page 3 of 18o
! Disclaimer !
This White Paper was done with utmost
care and thorough reviewing but is
presented "AS IS" with possible errors and
misinterpretations.
However none of the pictures and
statements can be used as reference
regarding the behavior of the mentioned
devices. This paper was done independent
of Cisco and can never be used as
comm itment of any party. The author and
PRO IN declares that they will not be held
liable or responsible for any action a reader
of this White Paper will take following the
information given here.
Al l t rademarks belong to their owners.
Author:Alexander Marhold
Senior Consultant and TrainerPRO IN Consulting GmbHVienna / Austriamailto:[email protected]
Copyright Notice:? 1999-2001PRO IN Training GmbHComercial Use (Sale, Training, CBT,)
partly or in whole is strictly prohibited
The "Cisco Routing Process"is a set of mechanisms which forward IP data
packets and which populates the IP routing table
by using different sources like
?? routing updates from neighbors
?? connected interfaces??
static routesThe mechanism also sends out routing updateseventually converting them between different
routing protocols.
Additionally "IP Policy Routing" allowsto overcome the traditional destination
based routing.
For commanding this mechanisms a vast range
of commands and modifiers are defined in the
Cisco IOS.
The following mechanism and behaviorsare described in detail in this whitepaper:
the general packet forwardingprocesspolicy routing
routing updates and generalbehavior of routing protocolsthe INCOMIN G routing process and
its corresponding commandsthe OUTGOING routing process andits corresponding commands
The "processes" in this paper are models
for explaining the mechanisms, and arenot the real implemented IOS processes.This paper describes the above mentioned
mechanism without focussing on particular
routing protocols.
Also regarding ROUTE-MAPS this paper focuses
on IGP ( Interior Gateway Protocols) and doesnot treat the additional MATCH- and SET-clauses
which are available for BGP.
This paper is not based on a specific version of
IOS.
Topics NOT covered are:
?? details of different routing protocols
?? snapshot routing, ODR,
?? BGP
?? route authentication
?? the Link State (LS) mechanism?? QOS, COS, TOS routing
?? tunneling
This White Paper assumes, that the reader
already has a good knowledge about IP and IP
Routing Protocols.
The structure of the paper has the picture and its
details always on even pages and the description
to each picture on the page that follows. Thus
when printed doublesided will allow to see the
picture and the explanations without turning thepages.
The author l ikes to get f eedback,
suggestions and also corrections, so please
feel free to contact h im v ia E- mail.
8/9/2019 WP Routing New (The Cisco IP Routing Process)
4/18
? 1999, PRO IN Consulting GmbH Page 4 of 18o
Ethernet
Routing Table
S ... StaticC ... Connectedx .... dynamic routi ng
The CISCO Routing Processincluding POLICY Routing
RIP
OSPF
RIP
Static Routes
Connected Interfaces
Routing Updates
Other NetworkInformation sources
8/9/2019 WP Routing New (The Cisco IP Routing Process)
5/18
? 1999, PRO IN Consulting GmbH Page 5 of 18o
Routing in General
Covers general topics in Routing and Routing
Updates.
Routers have 2 primary tasks:
Path Finding ( done via Routing Protocols)
Packet Forwarding ( Layer 3 IP function )
Path Finding is done by exchanging Routing
information between adjacent routers.
- In DISTANCE VECTOR routing protocols a
router forwards the networks of his routing table
( or changes of it) to its neighbors, observing
mechanisms of SPLIT-HORIZON. Depending on
the protocol the network information is sent with
(subnet-)mask-information or without. In RIPVersion 1 und IGRP no masks are transmitted,
thus preventing the freedom of using
discontigous subnets and/or VLSM (Variable
Length Subnet Masking).
- In LINK STATE routing protocols the
routers exchange informations regarding the
connected networks, the external routes
(interarea, static, from external routing
protocols), the connections to neighbor routers,
by forwarding LSPs (Link State Packets). These
LSPs are forwarded hop-by-hop to every otherrouter within an area. When receiving these LSPs
a router can calculate the best paths to
advertised networks.
How does a router knows of i ts neighbor ?
Again there is a difference between the routing
Protocols.
- DISTANCE VECTOR protocols send out their
routing updates as broadcast (RIP V1, IGRP) or
as multicasts (RIP V2) and by getting routing
updates the router learns the source of these
updates.
- LINK STATE protocols and EIGRP establish a
neighborship to adjacent routers by sending
HELLO-packets and control these links by
resending these HELLOs every short period.
When an ADJACENCY is found and eventually
verified the routers begin exchanging their
routing information.
!!! CAVEAT !!!
LINK STATE protocols and EIGRP only uses andestablishes ADJACENCIES using the PRIMARY
IP Address of an interface. If they do not match
the connection to the neighbor router will not be
established.
LINK STATE protocols also verify certain
parameters before allowing the connection to an
ADJACENCY:
?? same IP-subnet?? equal network type?? same value of timersthe command:
SHOW IP neighbor
shows the adjacencies and their status.
Dependent on the routing protocol there are also
various DEBUG commands which show in detail
the adjacency building process.
How to prevent rout ing updates or
establishing neighborsh ip on an interface ?
Generally this is done using the router command
PASSIVE-INTERFACE
For DISTANCE VECTOR protocols this
command ONLY prevents the sending out of
routing updates on a particular interface.
However it does not prevent from getting routing
updates over that interface.
!!!HINT!!!
In order to prevent getting routing updates for
Distance Vector protocols use the router
command:
DISTANCE 255
[ access-list ]With this command al routing updates sent out
by devices on the specified net will not be
considered for entry in the routing table.
For LINK STATE protocols and EIGRP
passive-interface prevents the establishment of
adjacencies and thus the sending of any LINK
STATE Packets.
However this does not prevent the router from
announcing this network as connected interface
in its routing updates over other interfaces.
OSPF treats that connected network of apassive-interface as STUB-NETWORK.
Also IS-IS and Integrated IS-IS have some
specialities regarding the OSI or IP informations
on such passive interfaces.
8/9/2019 WP Routing New (The Cisco IP Routing Process)
6/18
? 1999, PRO IN Consulting GmbH Page 6 of 18o
Routing Table
S ... StaticC ... Connectedx .... dynamic rout ing
Input Access-listNAT
Output Access-listNAT / PATAccounting
The CISCO Routing Processincluding POLICY Routing
DATA
DATA Packets
Queueing
Recursive Lookup
8/9/2019 WP Routing New (The Cisco IP Routing Process)
7/18
? 1999, PRO IN Consulting GmbH Page 7 of 18o
The Packet Forw arding
Process
Packets are forwarded downst ream a path
from the sender to the receiver.
Route informat ion (information about the
reachability of a network) is forwarded
UPSTREAM from router to router.
This is important to consider when using blocking
of routing information in order to prevent access
to certain networks.
The packet forwarding is done by an
independent decision of each router on the path,
using the destination address of the packet and
the Routing Table as basis for finding a next-hop.
The router will consult the routing table (or a
special forwarding table, based on the content of
the routing table), comparing the destination
address with the network information in the
routing table and will use the most specific
network informat ion for a decision about the
outgoing path.
The lookup process can be recursive, that
means, that more than one lookup may be
needed in order to find the real next-hop-address
for forwarding the packet.
If such a next-hop or an outgoing interface is
found the router will forward the packet on the
specified connected interface.If no route is found and also no default-route is
available or appropriate, the router will delete
the packet and inform the sender via ICMP about
this happening.
What is CLASSFUL and CLASSLESS routing
CLASSFUL and CLASSLESS are behaviors for
using the default route when information about a
specific subnet is not in the routing table, but
other subnets of that mayor networkare found
in the routing table.
Example:
# show ip route (edited output)
network 172.16.0.0/16 is subnetted
2 subnets, 2 masksR 172.16.12.0/24 [120/2] 192.168.1.1 eth0R 172.16.16.0/20 [120/4] 10.0.0.1 ser0*S 0.0.0.0/0 [0/0] 11.1.1.1 ser1
The router now receives a packet on eth1 with
the destination address 172.16.10.234
This address belonging to a specific subnet of
172.16.0.0/16 is NOT in the routing table.
- With IP CLASSLESS the router wi l l take
the default route and forward the packet
out on Serial 1. This is done in dependent of
any other subnet information for that
mayor network 172.16.0.0/16.
- When CLASSFUL routing with the
command:
NO IP C LASSLESS is selected,the router would delete the packet and
inform the sender via ICMP t hat he cannot
forward the packet as the specified subnet
of the mayor network 172.16.0.0/16 is not
in his table.
What is "Gateway of last Resort",
default -network , ip route 0 .0.0.0 0.0.0.0 ?
IP Default- Network xxx.xxx.xxx.xxx - This
is the command that will cause a router to treat
xxx.xxx.xxx.xxx as a gateway of last resort. A
router can have multiple ip default-networks
entered.
Gateway of last resort - This is the term that
is applied to a routing entry in the Cisco routing
table that the router will use to forward packets
to when it lacks a more specific route. This can
be learned from a route provided by another
router that is tagged as a default by the
advertising router. The ip default-network
command is one way of having a router tag a
route as a gateway of last resort.
IP Default -Gateway - This command is used
in routers when IP routing disabled in order to
give them an address to forward packets that are
not in their address space. Routers in boot mode
are a good example of this situation.
IP ROUTE 0.0.0.0 0.0.0.0 establishes a default
route (catch-all) if no specific route is found
!!! CAVEAT !!!
The 0.0.0.0 route has special meaning for RIP. It is
automatically installed as the local gateway of last resort. Noip default-network 0.0.0.0 is required. RIP automaticallyadvertises the route to 0.0.0.0 even if redistribute static anda default metric are not configured.For other routing protocols the router command:DEFAULT-INFORMATION allows specific control offorwarding or receiving default routes
8/9/2019 WP Routing New (The Cisco IP Routing Process)
8/18
? 1999, PRO IN Consulting GmbH Page 8 of 18o
Policy Routingon incoming interface
selected by:
ip policy route-map map-tag
no match
or deny or
Routing Table
S ... StaticC ... Connected
x .... dynamic routing
Input Access-list
NAT
Output Access-list
NAT / PAT
Accounting
route-map map-tag [permit | deny] [sequence-number] FOR POLICY ROUTING
match ip address {access-list-number | name} [...access-list-number | name]match length min max
set ip next-hop ip-address [...ip-address]set interface type number [...type number]
set default interface type number [... type number]set ip default next-hop ip-address [...ip-address]
The CISCO Routing Processincluding POLICY Routing
DATA
DATA Packets
Queueing
Recursive Lookup
8/9/2019 WP Routing New (The Cisco IP Routing Process)
9/18
? 1999, PRO IN Consulting GmbH Page 9 of 18o
IP Pol icy Routing
IP Policy Routing overcomes the normal
destination based routing paradigma by allowing
different criteria as basis for a routing decision.
Among those criterias are:
?? the incoming interface?? selection by extended access-lists
?? precedence levels
?? packet sizes
??
But still one paradigma stays valid:
"The router only makes a local decision about
the next hop, i.e. where to send the packet out"
To overcome this one you need either Tunneling
or MPLS (Multiprotocol Label Switching).
IP Policy Routing uses ROUTE-MAPS fordefining the matching packets and for setting
actions.
ROUTE-MAPS define a numbered sequence of
MATCH and SET clauses , where the SET
defines the actions to be done for packets
matching the MATCH clauses.
IP POLICY ROUTING is applied to incoming
packets on interfaces by using the Interface
command:
IP POLICY ROUTE-MAP route-map-name
In case of no match found or when there is no
SETclause specifiying a next-hop or an outgoing
interface, then after the ROUTE-MAP the normal
routing table is used to find a next-hop-
address or outgoing interface.
!!! CAVEAT !!!
If there is an outgoing interface defined in a
SET-clause, this interface must be up and be of a
point-to-point type.
If there is a next-hop-address specified in the
SET-clause this address have to be a real next-
hop-address. That means that it must be an
address of a device belonging to a directly
connected network. (The Router will not do a
recursive lookup for the next-hop-address)
If the above mentioned requirements are not
met, the router will use the normal Routing table
based route decisions and ignore the SET
parameters.
Example:
The same Frame Relay interface is used as
connection to the outside world AND asconnections to Remote offices. The Firewall is
placed in to VLANs on a Fast Ethernet attached
switch
FR
Internet
Remote Offices
ISL
interface Serial3/0.31 multipoint
description INTERNET ACCESS
ip address 192.168.13.10 255.255
ip policy route-map OUT-t o-PIX
frame-relay map ip 192.168.13.1 501
!
interface FastEthernet4/1.24
description PIX-OUT
encapsulation isl 24ip address 10.0.5.1 255.255.255.0
ip policy route-map PIX-t o-OUT
!
route-map PIX-to-OUT permit 10
match ip address 1
set ip default next-hop 192.168.13.1
!
route-map OUT-to-PIX permit 10
match ip address 1
set ip default next-hop 10.0.5.2
!
access-list 1 permit any!
Routing
Table
PIX OUT
FRAMERELAYInterface
Fast Ethernet Interface
PIX-to-OUT
OUT-to-PIXInternet
Rem.OFF.
8/9/2019 WP Routing New (The Cisco IP Routing Process)
10/18
? 1999, PRO IN Consulting GmbH Page 10 of 18o
Routing Table
S ... StaticC ... Connectedx .... dynamic routing
Incoming
Route ProcessingROUTE Information
Outgoing
Route ProcessingRoutes
Administrative Distance Metric
Route-TAGsRoute-TAGs
The CISCO Routing Processincluding POLICY Routing
Metric
8/9/2019 WP Routing New (The Cisco IP Routing Process)
11/18
? 1999, PRO IN Consulting GmbH Page 11 of 18o
Routing I nformation
Processes:
General Considerations
A lot of problems and confusion arises from the factthat some basic principles in the Routing information
process are not correctly understood.
Therefore in this chapter I will give some fundamental
laws and principles and describe their consequences:
1 The mechanism of processing incomingrouting updates is COMPLETELY separated from
the mechanism of creating outgoing routingupdates.
The fact that a route is found in the routing table of a
router is a prerequisite but NOT necessarily sufficientcriteria for an outgoing routing update.
2 The original routes of every configured
routing process of a router wil l be considered,when decisions about which wil l enter the
routing table wil l be made.
This means that route REDISTRIBUTION is never usedin the incoming route processing.
3 If m ore than one information of a route is
found, the incoming route process wil l use firstthe ADMINI STRATIVE DISTANCE and then the
METRIC for deciding which route wil l beestablished in the routing table.
Cisco IOS has a predefined Administrative Distance for
each Routing Protocol which allows to prefer moretrusted information sources over less trusted one.
? Sometimes I am wondering why the developers
gave the second best distance of 1 to static routesentered by an administrator, as so called "Quick Fixes"
by using static routes are often the cause ofreachability and routing-loop problems. ?
4 Route R EDISTRIBUTION is only used for
outgoing routing updates.
In Principle: Route redistribution means that routes ofone routing protocol in the routing table will be sent
out, converted to another routing protocol oninterfaces configured for routing updates of that
second routing protocol.
5 Static Routes defined with a next-hop-address are considered one hop aw ay and have
a default Administrative Distance of 1
If the next -hop-address specified in the static route isnot a REAL next -hop-address (i.e. not an address in adirectly connected network) the router will do
recursive lookups to find this REAL next -hop-address.
6 Static Routes defined with an outgoinginterface are treated l ike connected networks (
i.e. networks that are 0 hops away) and thushaving a default Administrative Distance of 0.
Therefore static routes defining an outgoing interface
should be used only when the destination is on thatconnected network.
USAGE: When the connected network is addresstranslated, you need a static route for the outside
network pointing to that inside hidden network.
7 Static Routes where the outgoing interfaceis down or the nex t-hop-address is not
reachable are removed from the routing tableunless the parameter PERMANENT is specified .
This allows Failover of routes also without dynamic
routing protocols, when for example 2 static routeswith different Administrative Distances for 2 outgoing
interfaces or 2 different next -hop-addresses aredefined.
8 Routing proce sses are relying on a
consistent metric, in order that every routerfind the best path in a way, that all routes are
leading in the same direction.
As the base of metrics is different for different routingprotocols, a direct conversion of metrics from onerouting protocol to another is generally not possible.
When having more than one routing process defaultmetric information has to be used. This default hides
the correct information about the best path and thisinconsistency will lead to not optimal routing and also
often to ROUTING LOOPS in MUTUALREDISTRIBUTION (i.e. more than one redistribution
points).
9 Rout ing is a STATEFUL process. Dependingon the current information in the Routing Table
different actions can happen, even when thesame routing information is received .
? There are examples, where a routing was correct,
but after the shutdown and restart of an interface thecorrect state was never reached again.[See page 15]?
8/9/2019 WP Routing New (The Cisco IP Routing Process)
12/18
? 1999, PRO IN Consulting GmbH Page 12 of 18o
offset-list {access-list-number | name} in offset [type number]distance weight [address mask [access-list-number | name]]distribute-list {access-list-number | name} in [type number]passive-interface type number(only for Link State and EIGRP)
ip access-group {access-list-number | name} in( for selected protocol)
Routing Table
S ... StaticC ... Connected
x .... dynamic routing
Incoming
Route ProcessingROUTE Information
Administrative Distance
Route-TAGs
0 Connected1 Static Route5 EIGRP Summary20 External BGP90 Internal EIGRP100 IGRP
110 OSPF115 IS-IS120 RIP170 External EIGRP200 Internal BGP255
INCOMING from REMOTE
ip route prefix mask {address |interface} [distance] [tag tag][permanent]
and from connected interfaces
INCOMING from LOCAL
The CISCO Routing Processincluding POLICY Routing
Metric
8/9/2019 WP Routing New (The Cisco IP Routing Process)
13/18
? 1999, PRO IN Consulting GmbH Page 13 of 18o
The INCOMI NG Routing
Process
The incoming Routing process is responsible for
populating the Routing table.
At startup this process enters the static andconnected networks for all interfaces which are
UP and then for each route received via any
Routing potocol this process checks if this is a
better route (considering Adminstrative Distance
and metric) than another instance of the same
route already in the table.
If a better route is found, this one is installed
and the other one is removed from the table.
The different routing processes also inform the
incoming routing process about any routes for
which regular routing updates are missing, or
which route to remove.
In order to overcome incorrect routing
information Distance Vector routing processes
also sets routes into a temporary holddown
before reconsidering new routing information or
before deleting this route.
LINK STATE processes directly remove or
replace routes after running the SPF-calculation.
EIGRP when a feasability successor is found will
enter the new information direct into the routing
table, or will set the route to a state of ACTIVE
and ask the neighbor(s) for a new route to the
destination.
RIP V1 and IGRP will never establish an
incoming mayor route, when they have a local
subnet-route of that network in their routing
table.
Monitor ing the INCOMING Route process
All the input and results of this incoming routing
decision process can be monitored with the
command:
DEBUG IP ROUTING
Unfortunately the debug output is somewhat
cryptic and therefore not easy to read.
Here an example with the output of a RIP
routing change and its real meaning.
RouterA# debug ip routing
RT: flushed route to 192.168.8.0 via 192.168.9.2
(Serial0)
RT: no routes to 192.168.8.0, entering holddown
? invalid timer expired no routes to 192.168.8.0,
therefore entering holddown
RT: flushed route to 192.168.7.0 via 192.168.9.2
(Serial0)
? advertising 192.168.8.0 via 192.168.9.2
(Serial0) as unreachable
"show ip route" shows us
R 192.168.8.0/ 24 is possibly down,
routing vi a 192.168.9.2, Serial1
RT: garbage collecting entry for 192.168.8.0
? flush timer expired terminating holddown for
192.168.8.0
after that the next update info for this network
will be usedRT: add 192.168.8.0/24 via 192.168.6.2, rip
metric [120/2]
Useful commands for changing behaviour
of the Incoming Roue process
These commands can have different goals:
? prevent routing information from
entering the routing table
distribute-list xxx in (not for Link State)
distance 255 passive-interface (for Link State & EIGRP)
? change the priority of some information
sources or for some commands
? by changing the ADMINISTRATIVE DISTANCE
distance
? by changing the METRIC
offset-list xxx in (not for Link State)
? manually adding additional routing
informat ion
ip route
In order to prevent possible routing loops when
getting redistributed (external routes) EIGRP
uses the higher administrative distance of 170
instead of the default of 90.
In OSPF you also can use TAGs for marking routesand then applying actions to tagged routes.
NOTE:For Link State protocols you cannot apply incomingfilters as those protocols transfer not routes but LINK STATE
Packets.
In BGP you can specify a route-map which canmodify parameters like metric and tag when BGP
sends routing information to the local routing
table:
table-map route-map name
8/9/2019 WP Routing New (The Cisco IP Routing Process)
14/18
? 1999, PRO IN Consulting GmbH Page 14 of 18o
Routing Table
S ... Static
C ... Connectedx .... dynamic routing
Outgoing
Route ProcessingRoutes
Metric
Route-TAGs
OUTGOING to same protocol
OUTGOING coming from other protocol
OUTGOING to another protocol
redistribute protocol [process-id] {level-1 | level-1-2 | level-2} [metricmetric-value] [metric-type type-value] [match {internal | external 1 |
external 2}] [tag tag-value] [route-map map-tag] [weight weight] [subnets]default-information redistribution:default-information originate [always] [metric metric-value] [metric-type type-
value] {level-1 | level-1-2 | level-2} [route-map map-name](RIP/OSPF)default-information {in | out} {access-list-number | name}(IGRP/EIGRP)
distribute-list {access-list-number | name} out
[routing-process |autonomous-system-number]
distribute-list {access-list-number | name} out [interface-name]passive-interface type number
offset-list {access-list-number | name}outoffset [type number]
route-map map-tag [permit | deny] [sequence-number] FOR ROUTE REDISTRIBUTION
match interface type number [...type number]match ip route-source {access-list-number | name}[...access-list-number | name]
match metric metric-valuematch route-type {local | internal | external [type-1 | type-2] | level-1 | level-2}match tag tag-value [...tag-value]
match ip address {access-list-number | name} [...access-list-number | name]match ip next-hop {access-list-number | name}[...access-list-number | name]
set automatic-tagset level {level-1 | level-2 | level-1-2 | stub-area | backbset local-preference
set metric metric-valueset metric-type {internal | external | type-1 | type-2}
set origin {igp | egp autonomous-system | incomplete}set tag tag-valueset next-hop next-hop
The CISCO Routing Processincluding POLICY Routing
8/9/2019 WP Routing New (The Cisco IP Routing Process)
15/18
? 1999, PRO IN Consulting GmbH Page 15 of 18o
The OUTGOING Routing
Update Process
The outgoing Routing update process is
responsible for informing the neighboring routers
about its network information.
For Distance Vector Routing protocols this is
the local information about the best routes andtheir metric (hence the content of the Routing
Table).
For Link State Routing protocols this is the
information about the local networks, externalroutes and the neighbors via LSPs.
Outgoing routing updates for a certain routingprotocol are only sent when the following
conditions are all met:
?? the network is in the routing table.?? the network is either specified via the NETWORK
command or coming from another protocol via aREDISTRIBUTION command
?? obeys the SPLIT-HORIZON rule: the network wasnot learned from the same interface ( or is not
identical to the connected network)?? the network is not excluded from update via
applied access-lists or route-maps using theDISTRIBUTE command.
?? the outgoing interface is not specified as PASSIVE?? if the network is a specified summary, at least a
subnet of that summary route is in the routingtable.
?? forwarding of default information is implicitly
(RIP) or explicitly allowed via theDEFAULT-INFORMATION command.
?? for OSPF: sending of LSPs to that neighbor is not
prohibited.
For RIP V1 and IGRP the following also is
considered:A subnet route of a mayor network is converted to the
(summary) mayor route when it is sent out oninterfaces that do not belong to a (sub)net of that
mayor route. (Discontigous Subnet Rule)
For OSPF there are some special rules, where
Area Border Routers (ABR) can inject default
routes into stub areas. Also DISTRIBUTE-LIST
OUT can only be applied to external routes and
you cannot specify an interfacename in OSPF.
Generally by using the shown commands you can
follow 4 different tasks:
? make networks invisible by blocking the
forwarding of rout ing informat ion
?redistr ibute (forward and translate) routing
information from one protocol to another
?change the metric to force the others to
prefer specific paths
?summarize rout ing informat ion to
decrease the amount of routes and to increase
the stability
Example for a Redistribution problem
which is state-dependent:
Configuration of R4 and R5:
router rip
network x.x.x.x
redistribute eigrp 1000
default-metric 1
passive-interface Serial 1router eigrp 1000
network y.y.y.y
redistribute rip
default-metric 1000 100 250 100 1500
passive-interface Serial 0
R3 normally learns about the network 10.0.0.0/8
via a routing update from R2 with 2 hops and
forwards this information to R5 with 3 hops
R5 gets information about 10.0.0.0/8 via R4 with
the metric [170/10245] ( it is an external EIGRP
route) and via R3 with [120/3] as RIP-route.
So R5 will establish the RIP-route and use R3 asnext hop. Obeying the SPLIT HORIZON rule it
will never send out the information back to R3.
When the connection between R2 and R3 breaks,
R3 will not send information about 10.0.0.0/8. R5
will now use the routing information derived via
external EIGRP from R5 and forward this
information as redistributed information via Rip
to R3. R3 gets now the information about
10.0.0.0/8 with the metric [120/1] and next hop
R5 into its routing table. When the link R2-R3
comes up again, the information from R2 about10.0.0.0/8 with [120/2] will not be used and R3
will continue to use the way via R5 to reach that
network.
10.0.0.0/8
R3
R2R4
R5
1 hop
EIGRP
RIP
RIP
RIP
best route to10.0.0.0/8before shutdown of R2-R3
best route to10.0.0.0/8after shutdown of R2-R3
0 hops
0R1
R10 RIP
2 hops2
3 hops
1
2
3
1
beforeshutdown
3 hops
8/9/2019 WP Routing New (The Cisco IP Routing Process)
16/18
? 1999, PRO IN Consulting GmbH Page 16 of 18o
offset-list {access-list-number | name} inoffset [type number]distanceweight[address mask [access-list-number | name]]
distribute-list {access-list-number | name} in [type number]passive-interface type number(only for Link State and EIGRP)
ip access-group {access-list-number | name} in( for selected protocol)
Policy Routingon incoming interface
selected by:
ip policy route-map map-tag
no match
or deny or
Routing Table
S ... StaticC ... Connected
x .... dynamic routing
Input Access-list
NAT
Output Access-list
NAT / PATAccounting
IncomingRoute Processing
ROUTE InformationOutgoing
Route ProcessingRoutes
Administrative Distance Metric
Route-TAGsRoute-TAGs
0 Connected1 Static Route
5 EIGRP Summary20 External BGP
90 Internal EIGRP100 IGRP
110 OSPF115 IS-IS
120 RIP
170 External EIGRP200 Internal BGP255
INCOMING from REMOTE
OUTGOING to same protocol
OUTGOING coming from other protocol
OUTGOING to another protocol
redistribute protocol [process-id] {level-1 | level-1-2 | level-2} [metricmetric-value] [metric-type type-value] [match {internal | external 1 |
external 2}] [tag tag-value] [route-map map-tag] [weight weight] [subnets]default-information redistribution:
default-information originate [always] [metric metric-value] [metric-type type-value] {level-1 | level-1-2 | level-2} [route-map map-name](RIP/OSPF)
default-information {in | out} {access-list-number | name}(IGRP/EIGRP)
distribute-list {access-list-number | name} out[routing-process |autonomous-system-number]
ip route prefix mask {address |interface} [distance] [tag tag]
[permanent]and from connected interfaces
distribute-list {access-list-number | name} out [interface-name]passive-interface type number
offset-list {access-list-number | name}outoffset [type number]
INCOMING from LOCAL
route-map map-tag [permit | deny] [sequence-number] FOR ROUTE REDISTRIBUTIONmatch interface type number [...type number]match ip route-source {access-list-number | name}[...access-list-number | name]
match metric metric-valuematch route-type {local | internal | external [type-1 | type-2] | level-1 | level-2}
match tag tag-value [...tag-value]match ip address {access-list-number | name} [...access-list-number | name]
match ip next-hop {access-list-number | name}[...access-list-number | name]
route-map map-tag [permit | deny] [sequence-number] FOR POLICY ROUTING
match ip address {access-list-number | name} [...access-list-number | name]match length min max
set automatic-tagset level {level-1 | level-2 | level-1-2 | stub-area | backbo
set local-preferenceset metric metric-value
set metric-type {internal | external | type-1 | type-2}set origin {igp | egp autonomous-system | incomplete}
set tag tag-valueset next-hop next-hop
set ip next-hop ip-address [...ip-address]set interface type number [...type number]
set default interface type number [... type number]
set ip default next-hop ip-address [...ip-address]
The CISCO Routing Processincluding POLICY Routing
DATA
DATA Packets
Queueing
Recursive Lookup
Metric
8/9/2019 WP Routing New (The Cisco IP Routing Process)
17/18
? 1999, PRO IN Consulting GmbH Page 17 of 18o
Summary: The BIG p icture
The CISCO IP Routing Process and its
mechanisms are quite complicated. But a
thorough understanding is necessary to
troubleshoot or even better to avoid problems.
The basic points are:
?? Routing is done hop-by-hop, each router
independently decides on which interface
to forward a packet.
?? The router treats incoming and outgoing
routing mechanisms as completely
separate processes.
?? Decisions about which route to add or
remove from the routing table are based
on
ADMINISTRATIVE DISTANCE and
METRIC
?? Routes of all configured routing
processes are considered for the routing
table
?? REDISTRIBUTION is only used when
considering outgoing routing updates
?? POLICY ROUTING allows to overcome
the normal destination based routing
?? Policy Routing is applied on packets
incoming on specified interfaces
?? ROUTE-MAPS are a mechanism for using
additional parameters for selection and
also a mechanism for setting or changing
different parameters?? ROUTE-MAPS are used for POLICY
ROUTING and for a controlled
REDISTRIBUTION of Routing Updates
?? Routing Protocols rely on a consistent
metric
?? REDISTRIBUTION of routes means a loss
of topology information
?? Routing is a STATEFUL process, where
the incoming routing information is
considered in relation to the current
routing table information.
?? The fact that a route is in the routing
table does not necessarily mean that the
route is also used in outgoing routingupdates
?? the adjacency process for Link State and
EIGRP as basis for exchanging updates
between routers
?? the different behavior of Routing
protocols regarding summarization and
VLSM
What is CISCO-specific in that area ?
? The use of ADMINISTRATIVE DISTANCE asfirst considered parameter for incoming route
decisions.
? IGRP and EIGRP are Cisco-developed and
proprietary protocols.
? REDISTRIBUTION, metric handling on
redistribution is not covered in standards.
? the treatment and forwarding of DEFAULT-
ROUTES is not covered in standards.
? an extensive set of DEBUG commands for
monitoring the router behavior.
For further information
Recommended Requests for proposals (RFCs):
RFC1812 Requirements for IP Version 4 Routers.
F. Baker. June 1995.(Status: PROPOSED
STANDARD)
? general information about Routing:
RFC1771 A Border Gateway Protocol 4 (BGP-4).
Y.Rekhter & T. Li. March 1995.(Status: DRAFT STANDARD)
RFC2328 OSPF Version 2. J. Moy.
April 1998. (Status: STANDARD)
RFC2453 RIP Version 2. G. Malkin.
November 1998. (Status: STANDARD)
Recommended Books:
CCIE Professional Development: Routing TCP/IP
Volume 1, J.Doyle ISBN: 1-57870-041-8
? excellent description of Routing
? best description of the mechanisms of EIGRP
? very good treatment of all Routing ProtocolsCCIE Professional Development: Large-Scale IP
Network Solutions, K. Raza, S. Asad, M. Turner
ISBN: 1-57870-084-1
? good examples of routing design
? excellent examples of redistribution
? good description of Routing Protocols
Internet Routing Architectures, B.Halabi
ISBN:
? best book on BGP
OSPF J.Moy
ISBN:
? OSPF explained by the developer of that
protocol
WWW-locations:
http://www.proin.com
http://www.cisco.com
http://www.netreference.com
8/9/2019 WP Routing New (The Cisco IP Routing Process)
18/18
f
PROFESSIONAL INFORMATI ON
NETWORKS
PRO IN is a paneuropean company focussing on3 areas:
? ? Training
? ? Consulting
? ? Professional Services
With offices in Austria, Germany and Spain we
offer CISCO authorized trainings at the highest
possible level. Thus PRO IN is honored as
"Distinguished Trainings Partner" by CISCO