CCNP Study Notes 4-route part-route control

CCNP Study Notes 4-route part-route control
◆ Passive-interface-can be used in rip ospf. In rip, there are two network commands in the Process of ospf, which only receive and not send packets. In the process of ospf, there are two network commands: 1, advertise the route of the network address segment. The mask length is determined by the interface configuration, not the network. For example, network 10.0.0.1 0.0.255 declares the route of 10.0.0.1-254, the mask is determined by the interface configuration 2. The interface where the network advertised network segment is located declares your routing protocol, for example: network 10.0.0.1 0.0.254 advertises the interfaces configured with 10.0.0.1-254 as passive to cancel the functions of 10.0.0.1. The route for 10.0.0.1/24 will be advertised, but the interface configured with 10.0.0.1/24 will no longer send the route experiment: test the role of passive 1, configure IP, and loopback02, enable eigrp3, R1: router ei 10 passive-interfa loopback 0 R3: You can still receive the 11.1.1.0 route R1: debug VPN packets. You can see that packets are no longer sent from the loopback0 port. Passive-interface default applies to all local passive interfaces ############################### ######################################## ################################### distribution list distribut-list control route update traffic #################################### #########################-use access-list or route-map to allow or deny routing-Applications and transmission, receives and redistributes route updates-rip (in. Out direction) (in. (out direction) ospf (in direction). rip (in direction) is in direction and affects local and downstream ospf in direction at the same time. It only affects local but not downstream, because the SPF algorithm updates the router (config-router) in the outbound direction) # distribute-list {acce-list-number | name} out [interface-name | routing-process [routing-process parameter] update router in the Inbound direction (config-router) # distribut-list [access-list-number | name] | [route-map-tag] in [interface-type interface-number] experiment: test the direction and impact range of different routing protocols. 1. Distance vector protocol 1. Enable the IP address Protocol 2. r2. enable loopback. 1.2.1/24, but it does not allow R3 to learn 3. After R2 f1/0, R3 f0/0 R2: router ei 1 distribute-list 10 out fastethernet 1/0 access-list 10 deny 11.1.2.0 access-list 10 permit any R3: sho ip ro detects two Link Status Protocol 1, enable ospf, all are in Area 0 2, so R2 cannot learn 11.1.1.1 R2: access-list 11 deny 11.1.1.1 access-list 11 permit any router OS 1 distribut-list 11 in prohibits 11.1.1.1 from being written to the route table, but the LSA of 11.1.1.1 will not be affected. R2: sho ip OS da can see the lsa ############################### ######################################## ##################################### filtering in OSPF list of three types of LSA prefixes ################################### ######################################## ######################### LSA cannot be filtered in OSPF, however, in addition to three types of control, three types of LSA, two methods 1, summary, ospf introduces 2, prefix list experiment: Use prefix list to separately control a three-class lsa
1, R1 R2area0 R2 R3 area12, enable IP and loopback3, R1 lo0 11.1.0.1 lo1 11.1.1.1 lo2 11.1.2.1 control R3 cannot learn 11.1.2.14, on the ABR router: r2 ip prefix-list name deny 11.1.2.1/32 ip prefi-list name permit 0.0.0.0/0 le 32 router OS 1 area 0 filter-list prefix name out or area 1 filter-list prefix name in sho ip OS da, you can see that the age of 11.1.2.1 is set to 3600, And the LSA does not have a route #################### ######################################## ##################### ######################################## # Offset list ##################################### ######################################## ######################### in-out direction in RIP, change overhead hop count in out direction modify AD value in ospf there is no offset-list Command ##################### ######################################## ######################################## ################### route redistribution ################## ###########################-a temporary protocol conversion process- The subnet keyword should not be used in the Link State routing protocol for a long time to prevent the primary route from being redistributed only in ospf. The default value is OE1, the default value is cost = 20 router ospf 1 redistribute Kerberos 10 subnets from the distribution to the distance vector protocol. You need to use the metric keyword to control the metric value. Rip hops eigrp5 K values (bandwidth, latency, reliability, load, MTU. The first two are set to 1000 100 255 1 1500 according to the actual situation ). If you do not control metric, the default value of metric is infinite. router VPN 10 redistribute ospf 1 metric 1000 100 255 1 1500 or seed metric value will not take effect, for all redistribute ospf 1 default-metric 1000 100 255 1 1500 directly connected or statically redistributed to the distance vector, the cost value directly connected with metric is the cost value of the cost interface. it is a route entry for cost to redistribute to each other in a static one-to-Next Hop mode, that is, before and after the O and D route table entries in the local R2 and the route redistribution of the interfaces involved in the ospf and ospf processes, r2 route entries will not change ◆ dual-point bidirectional redistribution issues (the problem does not occur in the MongoDB because of the internal 90, external 170) 1: sub-optimal path ---- solve by modifying the AD -- distance 2: loop --- solve by filtering -- distribute-list R1: F0/0 1. 1.12.1 F1/0 1.1.14.1 lo0 1.1.11.1R2: F0/0 1.1.23.2 F1/0 1.1.12.2 lo0 1.1.22.1R3: F0/0 1.1.23.3 F1/0 2.1.35.3R4: F0/0 1.1.14.4 S1/0 2.1.45.4R5: s1/0 2.1.45.5 F0/0 2.1.35.5 1, sub-optimal route R3: tracetoure 1.1.11.1 found that the path is R5-> R4-> R1-> R2 because R3 learned 1.1.11.1 AD = 120 from ospf 1.1.11.1 AD = 110 solution: reduce the RIP's AD, add the AD (distance interface IP address for managing neighboring nodes) of ospf R3: router rip distance 109 1.1.23.2 0.0.0.0 1 (1: acl matching Routing ), by default, all of the times that R1 learns R5 will be reported. Youlu access-list 1 per 1.1.0.0 0.0.255.255 sho ip ro R4 should also be configured for the distance of 1.1.0.0 network segment ◆ in the ospf process, modify the router-ID R3 of the neighbor following distance: int lo0 ip add 33.1.1.1 route 255.255.0 router ospf 1 distance 100 55.1.1.1 0.0.0.0 2 access-list 2 permit 2.1.0.0 0.0.255.255 sho ip ro learned from R5 route AD changed 100, what I learned from R3 remains unchanged. To modify R3, you need to add distance 100 33.1.1.1 0.0.0.0 2. Conclusion: to modify the distance of the route learned from rip or VPN, You need to point to the IP address of the neighbor interface to modify the distance of the route learned from ospf, what is the difference between the neighbor router-id lsa and the route entry ############################ ################################ distance: ######################################## ##### ● ospf can modify the default Active Directory (110) view router ospf 1 distance ospf external XXX inter-area XXX sho ip ro ● you can modify the default AD (90,170) router ospf 1 distance ospf XX (internal) by using ospf) XX (external) sho ip protocal view ● rip cannot be modified. 2 ,, dual-point bidirectional routing from distribution loop problem R3 int l0 ip add 33.1.1.1 255.255.0 ip ospf 1 area 0 R4 traceroute R3 33.1.1.1 see loop phenomenon reason: R4 learned O routing from R5, when the O route disappears, it will also learn the OE2 route from R1. Then R5 R1 also learned about OE2 and re-distributed it to R2, so that the loop is finished .. Use distribute-list to filter out R3: router ospf 1 distribute-list 10 out rip (all the rip-out routes that are redistributed to ospf match ACL 10) access-list 10 deny 33.1.1.0 0.0.255 access-list 10 deny 1.1.0.0 0.0.255.255 access-list 10 permit any router rip distribut-list 20 out ospf 1 access-list 20 deny 2.1.0.0 0.0.255.255 access-list 20 permit any dual-point can be done on a node .. Note: When Using distribute-list to filter between protocols, the distribute-list method can only be used in the out direction to solve the loop. The defect is that each route added requires an ACL match !! You can use route-map to update the configuration without changing the route. When R3: rip is re-distributed to ospf, tag 100R4: deny tag = 100. Similarly, tag the traffic that is re-distributed to ospf to 200. Step: R3: route-map rip2ospf deny 10 match tag 200 route-map ospf2rip permit 20 set tag 200 route-map rip2ospf permti 20 set tag 100 route-map ospf2rip deny 10 match tag 100 router ospf 1 redistribut rip subnets route-map rip2ospf router rip redistribute ospf 1 metric 5 route-map ospf2rip R4: route-map rip2ospf deny 10 match tag 200 route-map ospf2rip permit 20 set tag 200 route-map ospf2rip deny 10 match tag 100 route-map rip2ospf permit 20 set tag 100 router ospf 1 redis rip sub route-map rip2ospf router rip redis ospf 1 metric 5 route-map ospf2rip ############################### ######################################## ################################### route map ### ######################################## ############## ######################################## ################# ◆-Route map is similar to a scripting language-they work like a more advanced Access Control List top-down processing once a match exists, immediately stop matching other conditions-sequence number function, easy to edit insert operation delete operation-route-map use name recognition, instead of number-match a condition can set an option, similar to the if then in the script language ◆ the running mode of the route chart-the match statement can match multiple conditions-the match statement matches the side-by-side conditions using logic or-at least one allowed route is required redistribution route-map my_bgp permit 10 match ip address x y z logic or route-map my_bgp deny 20 match aaa match bbb match ccc logic and-define multiple m When the atch statement uses logic and-all matching conditions in the redistribution must have an actual route in the routing table-when the routing graph is used for redistribution filtering, what is allowed or rejected is whether it is to be re-distributed. ◆ Route-map application route-map main function-filter during Redistribution: Use a more advanced method to determine redistribution content-policy-based routing (PBR ): determine the forwarding method for the destination route based on the requirements-BGP policy execution: is the main defining tool of the BGP routing policy PBR: first understand the role of the route table (3) route forwarding is based on the route table. If yes, the route table is forwarded. If no route is dropped, the route table is automatically generated. The longest matching PBR is used to route the data table according to the policy without looking at the route table content. ◆ Route-map command-define route-map Name and type router (config) # route-map-tag [permit | deny] [sequence-number]-define the matching condition router (config-route-map) # match {conditions} ----- ACL or prefix list or interface or tag-define the actions that match the condition and perform the actions router (config-route-map # set {actions}-You can control routes in detail be redistributed to the routing protocol router (config-router) # redistribute protocol [process id] route-map-tag match command router (config-route-map) # match: Specifies the matching condition. Whether or not matching affects the redistribution operation. match {op Tions }: ip address ACL ip route-source ACL ip next-hop ACL interface type number metric-value route-type [external | internal | level-1 | level-2 | local] route- map redistribution router (config) # router ospf 10 router (config-router) # redistribute rip router-map-redis-rip subnets-route entries matching ACL 23 or 29 are redistributed to ospf. The metric is 500. The external type is 1-The route entries matching ACL 37. cannot be redistributed-all other routes are redistributed to the ospf metric value I 5000 external type router (config) # route-map redis- Rip permit 10 match ip address 23 29 set metric 500 set metric-type-1 route-map redis-rip deny 20 match ip address 37 route-map redis-rip permit 30 set metric 5000 set metric-type-2 does not have a match statement, is to match all meaning router (config) # access-list 23 permit 10.1.0.0 0.0.255.255access-list 29 permit 17mit .1.0 0.0.0.255access-list 37 permit 10.0.0.0 0.0.255 part of the experiment: Step: 1, simplify the topology, drop R4 R52 and configure access-list 11 p for matching data streams Ermit 1.1.11.0 access-list 12 permit 1.1.12.0 access-list 14 permit 1.1.14.0 access-list 22 permit 1.1.22.0 access-list 23 permit 1.1.23.02, R2: route-map test per 10 match ip address 11 set metric-type-2 route-map test permit 20 match ip add 12 set metric 70 route-map test permit 30 match ip add 14 set metric 80 route-map test permit 40 match ip add 22 set metric-type-1 route-map test d Eny 50 match ip add 23 route-map test permit 9999 --> set a large value to insert a new route-map statement router ospf 1 redistribute rip subnets route-map test3, r5: sho ip ro view Summary-passive-interface command used to control route update-distribution list use ACL to control route update-distribution list can be used in interface or routing redistribution-route-map is a complex tool, used for various operations and filtering. If the conditions are met, then, you can use the action-use route-map to simplify the difficulty of re-distributing the total number of control route entries-the management distance is a way to run multiple routing protocols on a vro, so as to evaluate the reliability of the path selected by the routing protocol-COSCO iOS assigns a value for each routing protocol, which can be modified-in redistribution, modifying the Management Distance allows you to perform routing operations. More accurate ##################################### ######################################## ######################################## PBR ####################################### ######################################## ###################-use route-map to perform the following steps on the route table: 1. Enable IP 2, R3 enable loopback 3, and ospf over the network is normal R1 --> R3 path is required by R1 R2 R3 experiment: R1 --> R3 path is R1 R2 R4 R3 step: 1. R2 uses ACL to capture traffic access-list 10 permint 12.1.1.0 0.0.255 2, Set the path route-map PBR permit 10 match ip add 10 set ip next-hop 24.1.1.4 3. Call int f0/0 ip policy route-map PBR 4 to verify R1 traceroute 33.1.1.1. Note: PBR automatically checks whether the next hop-out interface is connected. When the current hop fails, PBR automatically fails, data refresh query path by route table ###### PBR track function ######################## ######################### when something goes wrong with R4, PBR cannot be detected. (R4 shut f0/0) Use tack to verify the next hop accessibility 1, enable track route-map PBR permit 10 set ip next-hop verify-availability 24.1.1.4 1 (1 indicates defining the next hop preferred) track 1 2, define track 1 rtr 1 reachability 3, use SLA to verify accessibility to ip sla monitor 1 (1 corresponds to 1 of rtr) type echo protocol ipicmpecho 24.1.1.4 frequency 5 (defined refresh frequency, default 60 s) 4, SLA start time survival time ip sla monitor schedule 1 life forever start-time now 5, view show ip sla monitor statistics show track show route-map 6, verify R4: int f0/0 shut R1 ping 33.1.1.1 ################################ ######################################## ################## understanding forward-address 1, r1 F0/0 123.1.1.1 F1/0 12.1.1.1 R2 f0/0 123.1.1.2 f1/0 12.1.1.2 R3 f0/0 123.1.1.32, start ospf eigrp3, r2. re-distribution into ospf when forward-address exists, it must be the reachable address in the ospf route table before communication 4, R3 ip route 0.0.0.0 0.0.0.0 123.1.1.15, r1 trace R3 to bypass R26, sho ip OS da ex 33.1.1.0 no forward-add6, R1: router OS 1 net 123.1.1.0 0.0.255 a 07, R2: sho ip OS ex 33.1.1.0 forward-add 123.1.1.3 appears, but R2 cannot reach 123.1.1.3 through ospf (although it can be directly connected), so the 33.1.1.0 network segment disappears 8, R2: the direct connection port with R3 is also declared into ospf, so that 33.1.1.0 forward-add learned through ospf, router ospf 1 net 123.1.1.0 0.0.0.255 a 0 then trace 33.1.1.1 path is R2---R3

######################################## ######################################## ###