Route-maps,Distributed Lists,Passive Lists and Prefix Lists

The first thing to remember is Route maps are always defined by ACLs…. So when matching # is always the ACL

Second thing to remember when creating a route-map and not using a sequence # the default Is 10, and it goes up within increments from 10.

Third, Route-maps are similar to ACLs, the router will scroll through the list and match the route map 10, 20, 30 etc, if it does not match it is like a implicit deny.

1.)Route maps for redistribution

Router(config)# route-map TESTpermit 10

Router(config-route-map)#match ip address 23(ACL)

So when I redistribute this I can do the following…

Router(config)#Router eigrp 1

Router(Config-Router)# Redistribute OSPF 1 route-map test

2.)Route maps for Policy Based Routing(PBR)

Router(config)# Route-map Test

Router(Config-route-map)# match ip address 23

Router(Config-route-map)#Set ip next-hop 192.168.1.1

!

Router(config) set local policy route-map Test

^^ Sets to the router itself for all traffic.

Or

Router(config)# Route-map test

Router(Config-route-map)# Set interface fa0/1

!

Router(config)# int fa0/0

Router(config-if)# ip policy route-map test

^^ Forwards out a interface so there is no matching everything goes right out of a interface

3.)Tagging routes using a Route Map

This is slightly confusing but if you are redistributing EIGRP into OSPF you can tag EIGRP routes as they are redistributed into OSPF and deny OSPF into EIGRP.

Router(config)# route-map test1 deny 6

Router(config-route-map)# match tag 1

Router(config-route-map)# route-map Test1 permit 10

Router(config-route-map# set tag 2

Router(config)# route-map Test2 deny 6

Router(config-route-map)#match tag 2

Router(config-route-map)# route-map test2 permit 10

Router(config-route-map)# set tag 1

Then when redistributing we have to do the following…

Router(config)# router eigrp 1

Router(config-router)# redistribute ospf 2 route-map test2 metric 100 100 100 100 1000

Router(config-router)# router ospf 1

Router(config-router)# redistribute eigrp 1 route-map test1 subnets

Prefix Lists

A prefix list is used to match both the subnet and the prefix in a subnet mask.  You can Permit or Deny.  Also there is a Implicit Deny at the end of the prefix list.

Ip prefix-list test1 10 deny 192.168.1.1/24 ge 24 le 30

Test1 – > Name of prefix list there are no numbered prefix lists

Deny or permit – > permitting or deny

192.168.1.1/24 – > ip address and subnet mask have to be entered

Ge or le – > greater than or less than the following CIDR notation.

Ip prefix TEST permit 0.0.0.0/0 le 32 – > Permits everything

Ip prefix Test permit 192.168.1.1/24 ge 24 le 30 – > permits any subnet above 24 le /30

We can use prefix lists in BGP

R3(config-router)#neighbor 172.12.123.1 prefix-list TEST1 out

Distributed Lists

For filtering Routing Updates and Routes being redistributed.  Uses ACL’s.   The best practice for this is for blocking routing updates.  Normally associated with OSPF.

Distribute-list 23 in

Distribute-list 23 out

Router Eigrp 1

Network 192.168.0.0

Distribute-list 23 out Fa0/1

The way this works is if a routing update goes out Fa0/1 it checks the ACL to see if its okay.

Passive Interface

Used so there are no hello packets / routing updates sent out on a interface.  The reason for this is if I had a interface that is nor participating in a IGP like EIGRP , RIP OSPF etc CPU cycles are being wasted sent out on that interface.

Router Eigrp 1

Passive-interface Default

No passive-interface Fa1/0

Network 192.168.0.0 0.0.255.255

Different IGPS handle Passive-interfaces differently

RIP – > Does not send hello multicast, but it will receive them

EIGRP-> Will not send or receive

OSPF – > Will not send or receive

.

Path Control..

 

Offset-lists

 

This is a way to increase the metric of a route, uses a ACL, the only two IGPs that support Offset-lists are RIP and EIGRP.

 

First configure a ACL

Ip access-list standard offset

Router(config-std-nacl)permit 192.168.1.0 0.0.0.255

!

Router eigrp 1

Router(config-router)offset-list 23 offset in 2000 fa0/0

 

 

What this does is increase the metric for that 192.168.1.0 route by 2000 which can be display in the IP route table.

 

 

 

IOS SLA

 

Newer feature in newer IOS’s that will alow the router to monitor any type of TCP Connections.  This will actually use TCP commands to monitor a router / path it is taking.  For example you can have a DNS server or a route pinged every 10 seconds to check to see the health or the ping in Miliseconds.  If the ping is back or the path is not up you can then take a alternative path.

 

First create the SLA

Pings every 10 seconds

!

Router(config)# ip Sla 1

Router(config-ip-sla)# icmp-echo 192.168.1.1

Router(config-ip-sla)# frequency 10

!

Set the time

!

Router(config)# ip sla schedule 1 life forever start-time now

!

Set reachibility

Router(config)# track ip sla 1 reachability

!

If it is reachable with the ping then go to this default route.

Router(config)# ip route 0.0.0.0 0.0.0.0 192.168.1.1 track 1

 

 

So what we created here was a ping every 10 seconds to the 192.168.1.1 route,  started it currently and go on forever.

 

We next check to see if it is reachable, after its reachable send all traffic out to that default route.

 

If we wanted to we could have set a SLA 2 and set a default route with a administrative distance of 3 sending all traffic out that destination if a SLA failed to ping very 10 seconds.

 

 

SLAs are also really common to create for monitoring SLA tools which can be ran on a server to display the SLA health.


Advertisements
Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: