Docstoc

The CISCO IP Routing Process

Document Sample
The CISCO IP Routing Process Powered By Docstoc
					WHITE PAPER

The CISCO IP Routing Process
including POLICY Routing




by
Alexander Marhold
CCIE #3324, CCSI #20642, CCNP, CCDP
      route-map map-tag [permit | deny] [sequence-number] FOR POLICY ROUTING
       match ip address {access-list-number | name} [...access-list-number | name]
                                                                                                                                                     The CISCO Routing Process
       match length min max                                                                                                                                        including POLICY Routing

                                                                             Policy Routing
                                                                            on incoming interface
                                                                                                        set ip next-hop ip-address [...ip-address]                                                    DATA Packets
                                                                                                        set interface type number [...type number]
                                                                                 selected by:                                                                     Output Access-list
                          Input Access-list
                                                                                                                                                                     NAT / PAT                         Queueing
                                NAT                                      ip policy route-map map-tag                                                                 Accounting

     DATA                                                                         no match
                                                                                  or deny or                              Recursive Lookup
                                                              set default interface type number [... type number]                                                              OUTGOING to same protocol
                                                               set ip default next-hop ip-address [...ip-address]

                                                                                                                                                                       distribute-list {access-list-number | name} out [interface-name]
                                                                                                                                                                       passive-interface type number
                                                                                                                                                                       offset-list {access-list-number | name} out
 INCOMING from REMOTE                                                                                       Routing Table                                                           offset [type number]

                                                                                                        S ...           Static
                                                                                                        C ...         Connected
     offset-list {access-list-number | name} in offset [type number]                                    x ....      dynamic routing
     distance weight [address mask [access-list-number | name]]
                                                                       Route-TAGs
                                                                                                                                          Route-TAGs
     distribute-list {access-list-number | name} in [type number]                                                                                                      OUTGOING coming from other protocol
     passive-interface type number (only for Link State and EIGRP)
     ip access-group {access-list-number | name} in
           ( for selected protocol)
                                                                                                                                                                                distribute-list {access-list-number | name} out
                                                                       Metric                                                                                                  [routing-process |autonomous-system-number]

                                                                                              Incoming                        Outgoing
                                    ROUTE Information                                                                                                         Routes
                                                                                           Route Processing                Route Processing

                                                  Administrative Distance                                                                               Metric
          INCOMING from LOCAL                                                                                                                                                   OUTGOING to another protocol
                                                    0                Connected
                                                    1                Static Route                                                                     redistribute protocol [process-id] {level-1 | level-1-2 | level-2} [metric
                                                    5             EIGRP Summary                                                                       metric-value] [metric-type type-value] [match {internal | external 1 |
                                                    20              External BGP                                                                      external 2}] [tag tag-value] [route-map map-tag] [weight weight] [subnets]
          ip route prefix mask {address |
                                                    90             Internal EIGRP                                                                     default-information redistribution:
          interface} [distance] [tag tag]
                                                    100                 IGRP                                                                          default-information originate [always] [metric metric-value] [metric-type type-
          [permanent]
                                                    110                 OSPF                                                                          value] {level-1 | level-1-2 | level-2} [route-map map-name] (RIP/OSPF)
          and from connected interfaces
                                                    115                 IS-IS                                                                         default-information {in | out} {access-list-number | name} (IGRP/EIGRP)
                                                    120                  RIP
                                                    170           External EIGRP       route-map map-tag [permit | deny] [sequence-number] FOR ROUTE REDISTRIBUTION
                                                    200             Internal BGP        match interface type number [...type number]
                                                    255              <don´t use>        match ip route-source {access-list-number | name}[...access-list-number | name] set automatic-tag
                                                                                        match metric metric-value                                                            set level {level-1 | level-2 | level-1-2 | stub-area | backbone}
                                                                                        match route-type {local | internal | external [type-1 | type-2] | level-1 | level-2} set local-preference
                                                                                        match tag tag-value [...tag-value]                                                   set metric metric-value
                                                                                        match ip address {access-list-number | name} [...access-list-number | name]          set metric-type {internal | external | type-1 | type-2}
                                                                                        match ip next-hop {access-list-number | name}[...access-list-number | name]          set origin {igp | egp autonomous-system | incomplete}
                                                                                                                                                                             set tag tag-value
                                                                                                                                                                             set next-hop next-hop




                                                 1999, PRO IN Consulting GmbH                                                                                                                                    Page 2 of 18
of
! Disclaimer !
                                                       The "Cisco      Routing Process"                   The "processes" in this paper are models
                                                       is a set of mechanisms which forward IP data       for explaining the mechanisms, and are
This White Paper was done with utmost
care and thorough reviewing but is                     packets and which populates the IP routing table   not the real implemented IOS processes.
presented "AS IS" with possible errors and             by using different sources like                    This paper describes the above mentioned
misinterpretations.                                       routing updates from neighbors                 mechanism without focussing on particular
However none of the pictures and                          connected interfaces                           routing protocols.
statements can be used as reference                                                                       Also regarding ROUTE-MAPS this paper focuses
                                                          static routes                                  on IGP ( Interior Gateway Protocols) and does
regarding the behavior of the mentioned                The mechanism also sends out routing updates
devices. This paper was done independent                                                                  not treat the additional MATCH- and SET-clauses
                                                       eventually converting them between different       which are available for BGP.
of Cisco and can never be used as                      routing protocols.
commitment of any party. The author and
PRO IN declares that they will not be held                                                                This paper is not based on a specific version of
liable or responsible for any action a reader
                                                       Additionally "IP Policy Routing" allows            IOS.
of this White Paper will take following the            to overcome the traditional destination
information given here.                                based routing.                                     Topics NOT covered are:
                                                                                                           details of different routing protocols
All trademarks belong to their owners.                                                                     snapshot routing, ODR,…
                                                       For commanding this mechanisms a vast range         BGP
                                                       of commands and modifiers are defined in the        route authentication
                                                       Cisco IOS.                                          the Link State (LS) mechanism
                                                                                                           QOS, COS, TOS routing
                                                       The following mechanism and behaviors               tunneling
Author:                                                are described in detail in this white
Alexander Marhold                                      paper:                                             This White Paper assumes, that the reader
                                                                                                          already has a good knowledge about IP and IP
Senior Consultant and Trainer                          the general packet forwarding
                                                                                                          Routing Protocols.
PRO IN Consulting GmbH                                 process
Vienna / Austria                                       policy routing
                                                                                                          The structure of the paper has the picture and its
mailto:alexander.marhold@proin.com                     routing updates and general                        details always on even pages and the description
                                                       behavior of routing protocols                      to each picture on the page that follows. Thus
Copyright Notice:                                      the INCOMING routing process and                   when printed doublesided will allow to see the
1999-2001                                             its corresponding commands                         picture and the explanations without turning the
                                                                                                          pages.
PRO IN Training GmbH                                   the OUTGOING routing process and
Comercial Use (Sale, Training, CBT,…)                  its corresponding commands                         The author likes to get feedback,
partly or in whole is strictly prohibited                                                                 suggestions and also corrections, so please
                                                                                                          feel free to contact him via E-mail.




                                1999, PRO IN Consulting GmbH                                                                             Page 3 of 18
of
                                                                            The CISCO Routing Process
                                                                                including POLICY Routing

           Routing Updates
          Other Network
       Information sources




                                                    Routing Table                              RIP
                                                S ...         Static
                                                C ...      Connected
                                                x ....   dy namic routing
     RIP




            Static Routes


                                                                                                      OSPF
                                    Ethernet



                           Connected Interfaces


                1999, PRO IN Consulting GmbH                                                              Page 4 of 18
of
Routing in General                                        How does a router knows of its neighbor ?
                                                                                                              How to prevent routing updates or
                                                          Again there is a difference between the routing     establishing neighborship on an interface ?
Covers general topics in Routing and Routing              Protocols.
Updates.                                                  - DISTANCE VECTOR protocols send out their          Generally this is done using the router command
                                                          routing updates as broadcast (RIP V1, IGRP) or
Routers have 2 primary tasks:                             as multicasts (RIP V2) and by getting routing       PASSIVE-INTERFACE <interface-name>
                                                          updates the router learns the source of these
Path Finding ( done via Routing Protocols                 updates.                                            For DISTANCE VECTOR protocols this
)                                                                                                             command ONLY prevents the sending out of
Packet Forwarding ( Layer 3 IP function )                 - LINK STATE protocols and EIGRP establish a        routing updates on a particular interface.
                                                          neighborship to adjacent routers by sending         However it does not prevent from getting routing
Path Finding is done by exchanging Routing                HELLO-packets and control these links by            updates over that interface.
information between adjacent routers.                     resending these HELLOs every short period.
                                                          When an ADJACENCY is found and eventually           !!!HINT!!!
- In DISTANCE VECTOR routing protocols a                  verified the routers begin exchanging their
router forwards the networks of his routing table         routing information.                                In order to prevent getting routing updates for
( or changes of it) to its neighbors, observing                                                               Distance Vector protocols use the router
mechanisms of SPLIT-HORIZON. Depending on                 !!! CAVEAT !!!                                      command:
the protocol the network information is sent with                                                             DISTANCE 255 <netw-addr>
(subnet-)mask-information or without. In RIP              LINK STATE protocols and EIGRP only uses and        <wildcardmask> [ access-list ]
Version 1 und IGRP no masks are transmitted,              establishes ADJACENCIES using the PRIMARY           With this command al routing updates sent out
thus preventing the freedom of using                      IP Address of an interface. If they do not match    by devices on the specified net will not be
discontigous subnets and/or VLSM (Variable                the connection to the neighbor router will not be   considered for entry in the routing table.
Length Subnet Masking).                                   established.
                                                          LINK STATE protocols also verify certain            For LINK STATE protocols and EIGRP
- In LINK STATE routing protocols the                     parameters before allowing the connection to an     passive-interface prevents the establishment of
routers exchange informations regarding the               ADJACENCY:                                          adjacencies and thus the sending of any LINK
connected networks, the external routes
(interarea, static, from external routing
                                                           same IP-subnet                                    STATE Packets.
                                                           equal network type                                However this does not prevent the router from
protocols), the connections to neighbor routers,
                                                           same value of timers                              announcing this network as connected interface
by forwarding LSPs (Link State Packets). These
                                                          the command:                                        in its routing updates over other interfaces.
LSPs are forwarded hop-by-hop to every other
                                                                   SHOW IP <prot> neighbor                    OSPF treats that connected network of a
router within an area. When receiving these LSPs
                                                          shows the adjacencies and their status.             passive-interface as STUB-NETWORK.
a router can calculate the best paths to
                                                                                                              Also IS-IS and Integrated IS-IS have some
advertised networks.
                                                          Dependent on the routing protocol there are also    specialities regarding the OSI or IP informations
                                                          various DEBUG commands which show in detail         on such passive interfaces.
                                                          the adjacency building process.




                                   1999, PRO IN Consulting GmbH                                                                              Page 5 of 18
of
                                                                                        The CISCO Routing Process
                                                                                             including POLICY Routing

                                                                                                                  DATA Packets
                                                                                             Output Access-list
       Input Access-list
                                                                                                NAT / PAT         Queueing
             NAT
                                                                                                Accounting

DATA
                                                                          Recursive Lookup




                                                                Routing Table
                                                            S ...         Static
                                                            C ...      Connected
                                                            x ....   dy namic routing




                            1999, PRO IN Consulting GmbH                                                                Page 6 of 18
 of
The Packet Forwarding                                     What is CLASSFUL and CLASSLESS routing

Process                                                   CLASSFUL and CLASSLESS are behaviors for           What is "Gateway of last Resort",
                                                          using the default route when information about a   default-network, ip route 0.0.0.0 0.0.0.0 ?
Packets are forwarded downstream a path                   specific subnet is not in the routing table, but
from the sender to the receiver.                          other subnets of that mayor network are found      IP Default-Network xxx.xxx.xxx.xxx - This
Route information (information about the                  in the routing table.                              is the command that will cause a router to treat
reachability of a network) is forwarded                                                                      xxx.xxx.xxx.xxx as a gateway of last resort. A
UPSTREAM from router to router.                           Example:                                           router can have multiple ip default-networks
                                                                                                             entered.
This is important to consider when using blocking         # show ip route (edited output)
of routing information in order to prevent access         …                                                  Gateway of last resort - This is the term that
to certain networks.                                       network 172.16.0.0/16 is subnetted                is applied to a routing entry in the Cisco routing
                                                                             2 subnets, 2 masks              table that the router will use to forward packets
                                                          R 172.16.12.0/24 [120/2] 192.168.1.1 eth0
The packet forwarding is done by an                       R 172.16.16.0/20 [120/4] 10.0.0.1 ser0
                                                                                                             to when it lacks a more specific route. This can
independent decision of each router on the path,          …                                                  be learned from a route provided by another
using the destination address of the packet and           *S 0.0.0.0/0   [0/0] 11.1.1.1 ser1                 router that is tagged as a default by the
the Routing Table as basis for finding a next-hop.                                                           advertising router. The ip default-network
                                                          The router now receives a packet on eth1 with      command is one way of having a router tag a
                                                          the destination address 172.16.10.234              route as a gateway of last resort.
The router will consult the routing table (or a
special forwarding table, based on the content of
                                                          This address belonging to a specific subnet of     IP Default-Gateway - This command is used
the routing table), comparing the destination
                                                          172.16.0.0/16 is NOT in the routing table.         in routers when IP routing disabled in order to
address with the network information in the
                                                                                                             give them an address to forward packets that are
routing table and will use the most specific
                                                          - With IP CLASSLESS the router will take           not in their address space. Routers in boot mode
network information for a decision about the
                                                          the default route and forward the packet           are a good example of this situation.
outgoing path.
The lookup process can be recursive, that                 out on Serial 1. This is done independent of
                                                          any other subnet information for that              IP ROUTE 0.0.0.0 0.0.0.0 establishes a default
means, that more than one lookup may be
                                                          mayor network 172.16.0.0/16.                       route (catch-all) if no specific route is found
needed in order to find the real next-hop-address
for forwarding the packet.
If such a next-hop or an outgoing interface is            - When CLASSFUL routing with the                   !!! CAVEAT !!!

found the router will forward the packet on the           command:
                                                                                                             The 0.0.0.0 route has special meaning for RIP. It is
specified connected interface.                            NO IP CLASSLESS is selected,                       automatically installed as the local gateway of last resort. No
If no route is found and also no default-route is         the router would delete the packet and             ip default-network 0.0.0.0 is required. RIP automatically
available or appropriate, the router will delete          inform the sender via ICMP that he cannot          advertises the route to 0.0.0.0 even if redistribute static and
                                                          forward the packet as the specified subnet         a default metric are not configured.
the packet and inform the sender via ICMP about                                                              For other routing protocols the router command:
this happening.                                           of the mayor network 172.16.0.0/16 is not          DEFAULT-INFORMATION … allows specific control of
                                                          in his table.                                      forwarding or receiving default routes




                                   1999, PRO IN Consulting GmbH                                                                                     Page 7 of 18
of
     route-map map-tag [permit | deny ] [sequence-number] FOR POLICY ROUTING
       match ip address {access-list-number | name} [...access-list-number | name]
                                                                                                                                              The CISCO Routing Process
       match length min max                                                                                                                        including POLICY Routing

                                                                       Policy Routing
                                                                                                   set ip next-hop ip-address [...ip-address]                           DATA Packets
                                                                      on incoming interf ace
                                                                                                   set interf ace ty pe number [...ty pe number]
                                                                           selected by :                                                           Output Access-list
                       Input Access-list
                                                                                                                                                      NAT / PAT         Queueing
                             NAT                                   ip policy route-map map-tag                                                        Accounting

 DATA                                                                       no match
                                                                            or deny or                             Recursive Lookup
                                                        set def ault interf ace ty pe number [... ty pe number]
                                                         set ip def ault next-hop ip-address [...ip-address]




                                                                                                      Routing Table
                                                                                                  S ...            Static
                                                                                                  C ...         Connected
                                                                                                  x ....      dy namic routing




                                             1999, PRO IN Consulting GmbH                                                                                                     Page 8 of 18
of
IP Policy Routing                                           !!! CAVEAT !!!                                      interface Serial3/0.31 multipoint
                                                                                                                 description INTERNET ACCESS
                                                            If there is an outgoing interface defined in a       ip address 192.168.13.10 255.255…
IP Policy Routing overcomes the normal                      SET-clause, this interface must be up and be of a    ip policy route-map OUT-to-PIX
destination based routing paradigma by allowing             point-to-point type.                                 frame-relay map ip 192.168.13.1 501
different criteria as basis for a routing decision.                                                             !
Among those criterias are:                                  If there is a next-hop-address specified in the     interface FastEthernet4/1.24
                                                            SET-clause this address have to be a real next-      description PIX-OUT
        the incoming interface                             hop-address. That means that it must be an           encapsulation isl 24
        selection by extended access-lists                 address of a device belonging to a directly          ip address 10.0.5.1 255.255.255.0
        precedence levels                                  connected network. (The Router will not do a         ip policy route-map PIX-to-OUT
        packet sizes                                       recursive lookup for the next-hop-address)          !
        …                                                                                                      route-map PIX-to-OUT permit 10
                                                            If the above mentioned requirements are not          match ip address 1
But still one paradigma stays valid:                        met, the router will use the normal Routing table    set ip default next-hop 192.168.13.1
"The router only makes a local decision about               based route decisions and ignore the SET            !
the next hop, i.e. where to send the packet out"            parameters.                                         route-map OUT-to-PIX permit 10
To overcome this one you need either Tunneling                                                                   match ip address 1
or MPLS (Multiprotocol Label Switching).                                                                         set ip default next-hop 10.0.5.2
                                                            Example:
                                                            The same Frame Relay interface is used as           !
IP Policy Routing uses ROUTE-MAPS for                                                                           access-list 1 permit any
                                                            connection to the outside world AND as
defining the matching packets and for setting                                                                   !
                                                            connections to Remote offices. The Firewall is
actions.
                                                            placed in to VLANs on a Fast Ethernet attached                           PIX OUT
ROUTE-MAPS define a numbered sequence of
                                                            switch
MATCH and SET clauses , where the SET
defines the actions to be done for packets
                                                                                                                  Fast Ethernet Interface
matching the MATCH clauses.                                                                         Internet

IP POLICY ROUTING is applied to incoming
packets on interfaces by using the Interface




                                                                                                                                                                                FRAME RELAY Interface
command:




                                                                                                                                                            Internet Rem.OFF.
                                                                                                                                            OUT-to-PIX

IP POLICY ROUTE-MAP route-map-name                                      ISL                    FR
                                                                                                                                        PIX-to-OUT


In case of no match found or when there is no
SETclause specifiying a next-hop or an outgoing                                                                     Routing
interface, then after the ROUTE-MAP the normal                                                                       Table
routing table is used to find a next-hop-
address or outgoing interface.                                                Remote Offices




                                     1999, PRO IN Consulting GmbH                                                                                       Page 9 of 18
of
                                                                                               The CISCO Routing Process
                                                                                                      including POLICY Routing




                                                                Routing Table
                                                            S ...          Static
                                                            C ...       Connected
                                                            x ....    dy namic routing
                                   Route-TAGs
                                                                                         Route-TAGs



                                   M e tric
                                                       Incoming                 Outgoing
     ROUTE Inf ormation                                                                           Routes
                                                   Route Processing         Route Processing

                 Administrativ e Distance                                                      M e tric




                           1999, PRO IN Consulting GmbH                                                                         Page 10 of 18
of
                                                                Sometimes I am wondering why the developers
Routing Information                                            gave the second best distance of 1 to static routes
                                                                                                                          This allows Failover of routes also without dynamic
                                                                                                                          routing protocols, when for example 2 static routes
Processes:                                                     entered by an administrator, as so called "Quick Fixes"
                                                               by using static routes are often the cause of
                                                                                                                          with different Administrative Distances for 2 outgoing
                                                                                                                          interfaces or 2 different next-hop-addresses are
General Considerations                                         reachability and routing-loop problems.                   defined.

A lot of problems and confusion arises from the fact           §4 Route REDISTRIBUTION is only used for                   §8 Routing processes are relying on a
that some basic principles in the Routing information          outgoing routing updates.                                  consistent metric, in order that every router
process are not correctly understood.                                                                                     find the best path in a way, that all routes are
                                                               In Principle: Route redistribution means that routes of    leading in the same direction.
Therefore in this chapter I will give some fundamental         one routing protocol in the routing table will be sent
laws and principles and describe their consequences:           out, converted to another routing protocol on              As the base of metrics is different for different routing
                                                               interfaces configured for routing updates of that          protocols, a direct conversion of metrics from one
§1 The mechanism of processing incoming                        second routing protocol.                                   routing protocol to another is generally not possible.
routing updates is COMPLETELY separated from                                                                              When having more than one routing process default
the mechanism of creating outgoing routing                     §5 Static Routes defined with a next-hop-                  metric information has to be used. This default hides
updates.                                                       address are considered one hop away and have               the correct information about the best path and this
                                                               a default Administrative Distance of 1                     inconsistency will lead to not optimal routing and also
                                                                                                                          often to ROUTING LOOPS in MUTUAL
The fact that a route is found in the routing table of a
                                                               If the next-hop-address specified in the static route is   REDISTRIBUTION (i.e. more than one redistribution
router is a prerequisite but NOT necessarily sufficient
                                                               not a REAL next-hop-address (i.e. not an address in a      points).
criteria for an outgoing routing update.
                                                               directly connected network) the router will do
                                                               recursive lookups to find this REAL next-hop-address.      §9 Routing is a STATEFUL process. Depending
§2 The original routes of every configured
                                                                                                                          on the current information in the Routing Table
routing process of a router will be considered,
                                                               §6 Static Routes defined with an outgoing                  different actions can happen, even when the
when decisions about which will enter the
                                                               interface are treated like connected networks (            same routing information is received.
routing table will be made.
                                                               i.e. networks that are 0 hops away) and thus
                                                               having a default Administrative Distance of 0.              There are examples, where a routing was correct,
This means that route REDISTRIBUTION is never used
                                                                                                                          but after the shutdown and restart of an interface the
in the incoming route processing.
                                                               Therefore static routes defining an outgoing interface     correct state was never reached again.[See page 15]
§3 If more than one information of a route is                  should be used only when the destination is on that
found, the incoming route process will use first               connected network.
the ADMINISTRATIVE DISTANCE and then the                       USAGE: When the connected network is address
METRIC for deciding which route will be                        translated, you need a static route for the outside
established in the routing table.                              network pointing to that inside hidden network.

Cisco IOS has a predefined Administrative Distance for         §7 Static Routes where the outgoing interface
each Routing Protocol which allows to prefer more              is down or the next-hop-address is not
trusted information sources over less trusted one.             reachable are removed from the routing table
                                                               unless the parameter PERMANENT is specified.




                                        1999, PRO IN Consulting GmbH                                                                                         Page 11 of 18
of
                                                                                                                      The CISCO Routing Process
                                                                                                                          including POLICY Routing




INCOMING from REMOTE                                                                         Routing Table
                                                                                         S ...          Static
                                                                                         C ...       Connected
                                             of
of f set-list {access-list-number | name} in f set[ty pe number]                         x ....    dy namic routing
distance weight [address mask [access-list-number | name]]
                                                                   Route-TAGs
distribute-list {access-list-number | name} in [ty pe number]
passiv e-interf ace ty pe number (only for Link State and EIGRP)
ip access-group {access-list-number | name} in
       ( f or selected protocol)

                                                                   M e tric
                                                                                    Incoming
                              ROUTE Inf ormation
                                                                                Route Processing

                                             Administrativ e Distance
     INCOMING from LOCAL
                                               0                Connected
                                               1                Static Route
                                               5             EIGRP Summary
     ip route pref ix mask {address |          20              External BGP
     interf ace} [distance] [tag tag]          90             Internal EIGRP
     [permanent]                               100                 IGRP
     and from connected interfaces             110                 OSPF
                                               115                 IS-IS
                                               120                  RIP
                                               170           External EIGRP
                                               200             Internal BGP
                                               255              <don´t use>




                                                        1999, PRO IN Consulting GmbH                                                                Page 12 of 18
          of
The INCOMING Routing                                      Monitoring the INCOMING Route process                Useful commands for changing behaviour
                                                                                                               of the Incoming Roue process
Process                                                   All the input and results of this incoming routing
                                                          decision process can be monitored with the           These commands can have different goals:
The incoming Routing process is responsible for           command:
populating the Routing table.                             DEBUG IP ROUTING                                      prevent routing information from
                                                          Unfortunately the debug output is somewhat           entering the routing table
                                                          cryptic and therefore not easy to read.              distribute-list xxx in … (not for Link State)
At startup this process enters the static and
                                                          Here an example with the output of a RIP                      distance 255 …
connected networks for all interfaces which are
                                                          routing change and its real meaning.                 passive-interface …(for Link State & EIGRP)
UP and then for each route received via any
                                                                                                                change the priority of some information
Routing potocol this process checks if this is a
                                                          RouterA# debug ip routing                            sources or for some commands
better route (considering Adminstrative Distance
                                                          RT: flushed route to 192.168.8.0 via 192.168.9.2       by changing the ADMINISTRATIVE DISTANCE
and metric) than another instance of the same
                                                          (Serial0)                                                      distance <0…154> …
route already in the table.
If a better route is found, this one is installed         RT: no routes to 192.168.8.0, entering holddown
                                                           invalid timer expired no routes to 192.168.8.0,     by changing the METRIC
and the other one is removed from the table.
The different routing processes also inform the           therefore entering holddown                                    offset-list xxx in … (not for Link State)
                                                          RT: flushed route to 192.168.7.0 via 192.168.9.2      manually adding additional routing
incoming routing process about any routes for
                                                          (Serial0)                                            information
which regular routing updates are missing, or
which route to remove.                                     advertising 192.168.8.0 via 192.168.9.2                      ip route …
 In order to overcome incorrect routing                   (Serial0) as unreachable
                                                                                                               In order to prevent possible routing loops when
information Distance Vector routing processes
                                                          "show ip route" shows us                             getting redistributed (external routes) EIGRP
also sets routes into a temporary holddown
                                                            …                                                  uses the higher administrative distance of 170
before reconsidering new routing information or
                                                            R 192.168.8.0/24 is possibly down,                 instead of the default of 90.
before deleting this route.
LINK STATE processes directly remove or                          routing via 192.168.9.2, Serial1
                                                                                                               In OSPF you also can use TAGs for marking routes
replace routes after running the SPF-calculation.           …
                                                                                                               and then applying actions to tagged routes.
EIGRP when a feasability successor is found will
enter the new information direct into the routing         RT: garbage collecting entry for 192.168.8.0         NOTE: For Link State protocols you cannot apply incoming
table, or will set the route to a state of ACTIVE          flush timer expired terminating holddown for       filters as those protocols transfer not routes but LINK STATE
and ask the neighbor(s) for a new route to the            192.168.8.0                                          Packets.
destination.                                              after that the next update info for this network
                                                          will be used                                         In BGP you can specify a route-map which can
RIP V1 and IGRP will never establish an                   RT: add 192.168.8.0/24 via 192.168.6.2, rip          modify parameters like metric and tag when BGP
incoming mayor route, when they have a local              metric [120/2]                                       sends routing information to the local routing
subnet-route of that network in their routing                                                                  table:
table.                                                                                                         table-map route-map name




                                   1999, PRO IN Consulting GmbH                                                                                      Page 13 of 18
of
                                                                                               The CISCO Routing Process
                                                                                                             including POLICY Routing




                                                                                                                          OUTGOING to same protocol

                                                                                                                 distribute-list {access-list-number | name} out [interf ace-name]
                                                                                                                 passiv e-interf ace ty pe number
                                                                                                                                                         out
                                                                                                                 of f set-list {access-list-number | name}
                                                    Routing Table                                                             of f set [ty pe number]

                                                S ...            Static
                                                C ...         Connected
                                                x ....      dy namic routing

                                                                                   Route-TAGs
                                                                                                                 OUTGOING coming from other protocol


                                                                                                                          distribute-list {access-list-number | name} out
                                                                                                                         [routing-process |autonomous-sy stem-number]

                                                                        Outgoing
                                                                                                       Routes
                                                                    Route Processing

                                                                                                  M e tric
                                                                                                                          OUTGOING to another protocol
                                                                                                redistribute protocol [process-id] {lev el-1 | lev el-1-2 | lev el-2} [metric
                                                                                                metric-v alue] [metric-ty pe ty pe-v alue] [match {internal | external 1 |
                                                                                                external 2}] [tag tag-v alue] [route-map map-tag] [weight weight] [subnets]
                                                                                                default-information redistribution:
                                                                                                def ault-inf ormation originate [alway s] [metric metric-v alue] [metric-ty pe ty pe-
                                                                                                v alue] {lev el-1 | lev el-1-2 | lev el-2} [route-map map-name](RIP/OSPF)
                                                                                                def ault-inf ormation {in | out} {access-list-number | name}  (IGRP/EIGRP)

                              route-map map-tag [permit | deny ] [sequence-number] FOR ROUTE REDISTRIBUTION
                                match interf ace ty pe number [...ty pe number]
                                                                                                                          set
                                match ip route-source {access-list-number | name}[...access-list-number | name] automatic-tag
                                match metric metric-v alue                                                                set lev el {lev el-1 | lev el-2 | lev el-1-2 | stub-area | backbone}
                                match route-ty pe {local | internal | external [ty pe-1 | ty pe-2] | lev el-1 | lev el-2} set local-pref erence
                                match tag tag-v alue [...tag-v alue]                                                      set metric metric-v alue
                                match ip address {access-list-number | name} [...access-list-number | name] set metric-ty pe {internal | external | ty pe-1 | ty pe-2}
                                match ip next-hop {access-list-number | name}[...access-list-number | name] set origin {igp | egp autonomous-sy stem | incomplete}
                                                                                                                          set tag tag-v alue
                                                                                                                          set next-hop next-hop




      1999, PRO IN Consulting GmbH                                                                                                                                Page 14 of 18
of
The OUTGOING Routing                                          For RIP V1 and IGRP the following also is
                                                              considered:
                                                                                                                       Example for a Redistribution problem
                                                                                                                       which is state-dependent:
Update Process                                                A subnet route of a mayor network is converted to the
                                                              (summary) mayor route when it is sent out on
                                                                                                                       Configuration of R4 and R5:
                                                              interfaces that do not belong to a (sub)net of that
The outgoing Routing update process is                                                                                 router rip
                                                              mayor route. (Discontigous Subnet Rule)
responsible for informing the neighboring routers                                                                       network x.x.x.x
about its network information.                                For OSPF there are some special rules, where              redistribute eigrp 1000
For Distance Vector Routing protocols this is                 Area Border Routers (ABR) can inject default              default-metric 1
the local information about the best routes and               routes into stub areas. Also DISTRIBUTE-LIST              passive-interface Serial 1
their metric (hence the content of the Routing                OUT can only be applied to external routes and           router eigrp 1000
Table).                                                       you cannot specify an interfacename in OSPF.              network y.y.y.y
For Link State Routing protocols this is the                                                                            redistribute rip
information about the local networks, external                                                                          default-metric 1000 100 250 100 1500
                                                              Generally by using the shown commands you can
routes and the neighbors via LSPs.                                                                                      passive-interface Serial 0
                                                              follow 4 different tasks:
                                                                                                                       R3 normally learns about the network 10.0.0.0/8
Outgoing routing updates for a certain routing                                                                         via a routing update from R2 with 2 hops and
                                                               make networks invisible by blocking the
protocol are only sent when the following                                                                              forwards this information to R5 with 3 hops
conditions are all met:                                       forwarding of routing information
                                                                                                                       R5 gets information about 10.0.0.0/8 via R4 with
                                                               redistribute (forward and translate) routing
                                                                                                                       the metric [170/10245] ( it is an external EIGRP
    the network is in the routing table.                     information from one protocol to another
                                                                                                                       route) and via R3 with [120/3] as RIP-route.
    the network is either specified via the NETWORK           change the metric to force the others to
                                                                                                                       So R5 will establish the RIP-route and use R3 as
     command or coming from another protocol via a            prefer specific paths
     REDISTRIBUTION command                                                                                            next hop. Obeying the SPLIT HORIZON rule it
                                                               summarize routing information to
    obeys the SPLIT-HORIZON rule: the network was                                                                     will never send out the information back to R3.
                                                              decrease the amount of routes and to increase
     not learned from the same interface ( or is not
                                                              the stability
     identical to the connected network)                                                                               When the connection between R2 and R3 breaks,
    the network is not excluded from update via                                                                       R3 will not send information about 10.0.0.0/8.
     applied access-lists or route-maps using the                                                 10.0.0.0/8           R5 will now use the routing information derived
     DISTRIBUTE command.                                                                                               via external EIGRP from R5 and forward this
    the outgoing interface is not specified as PASSIVE                                                      0 hops    information as redistributed information via Rip
                                                                best route to10.0.0.0/8
    if the network is a specified summary, at least a         before shutdown of R2-R3                R1       RIP    to R3. R3 gets now the information about
     subnet of that summary route is in the routing                                                0
     table.                                                                                                            10.0.0.0/8 with the metric [120/1] and next hop
    forwarding of default information is implicitly
                                                                 best route to10.0.0.0/8                      1 hop
                                                                                                                       R5 into its routing table. When the link R2-R3
                                                                after shutdown of R2-R3
     (RIP) or explicitly allowed via the                                                               R10     RIP     comes up again, the information from R2 about
     DEFAULT-INFORMATION … command.                                                 3 hops         1                   10.0.0.0/8 with [120/2] will not be used and R3
                                                                       EIGRP
    for OSPF: sending of LSPs to that neighbor is not                                                        2 hops
                                                                                                                       will continue to use the way via R5 to reach that
                                                                                              2
     prohibited.                                                                                                       network.
                                                                                                               RIP
                                                                               R4                      R2
                                                                                                   2

                                                                                         before
                                                                                        shutdown             3 hops
                                                                                              3
                                                                                                               RIP
                                                                               R5                      R3
                                       1999, PRO IN Consulting GmbH                                                                                 Page 15 of 18
of                                                                                 1
                                                                               1 hop after shutdown of
                                                                                       R2-R3
 route-map map-tag [permit | deny ] [sequence-number] FOR POLICY ROUTING
   match ip address {access-list-number | name} [...access-list-number | name]
                                                                                                                                                   The CISCO Routing Process
   match length min max                                                                                                                                          including POLICY Routing

                                                                        Policy Routing
                                                                                                    set ip next-hop ip-address [...ip-address]                                                       DATA Packets
                                                                       on incoming interf ace
                                                                                                    set interf ace ty pe number [...ty pe number]
                                                                            selected by :                                                                       Output Access-list
                     Input Access-list
                                                                                                                                                                   NAT / PAT                          Queueing
                           NAT                                      ip policy route-map map-tag                                                                    Accounting

DATA                                                                          no match
                                                                              or deny or                              Recursive Lookup
                                                         set def ault interf ace ty pe number [... ty pe number]                                                              OUTGOING to same protocol
                                                          set ip def ault next-hop ip-address [...ip-address]

                                                                                                                                                                     distribute-list {access-list-number | name} out [interf ace-name]
                                                                                                                                                                     passiv e-interf ace ty pe number
                                                                                                                                                                                                             out
                                                                                                                                                                     of f set-list {access-list-number | name}
INCOMING from REMOTE                                                                                    Routing Table                                                             of f set [ty pe number]

                                                                                                    S ...            Static
                                                                                                    C ...         Connected
                                             of
of f set-list {access-list-number | name} in f set[ty pe number]                                    x ....      dy namic routing
distance weight [address mask [access-list-number | name]]
                                                                   Route-TAGs
                                                                                                                                       Route-TAGs
distribute-list {access-list-number | name} in [ty pe number]                                                                                                        OUTGOING coming from other protocol
passiv e-interf ace ty pe number (only for Link State and EIGRP)
ip access-group {access-list-number | name} in
       ( f or selected protocol)
                                                                                                                                                                              distribute-list {access-list-number | name} out
                                                                   M e tric                                                                                                  [routing-process |autonomous-sy stem-number]

                                                                                           Incoming                         Outgoing
                              ROUTE Inf ormation                                                                                                           Routes
                                                                                       Route Processing                 Route Processing

                                             Administrativ e Distance                                                                                 M e tric
     INCOMING from LOCAL                                                                                                                                                      OUTGOING to another protocol
                                               0                Connected
                                               1                Static Route                                                                        redistribute protocol [process-id] {lev el-1 | lev el-1-2 | lev el-2} [metric
                                               5             EIGRP Summary                                                                          metric-v alue] [metric-ty pe ty pe-v alue] [match {internal | external 1 |
                                               20              External BGP                                                                         external 2}] [tag tag-v alue] [route-map map-tag] [weight weight] [subnets]
     ip route pref ix mask {address |
                                               90             Internal EIGRP                                                                        default-information redistribution:
     interf ace} [distance] [tag tag]
                                               100                 IGRP                                                                             def ault-inf ormation originate [alway s] [metric metric-v alue] [metric-ty pe ty pe-
     [permanent]
                                               110                 OSPF                                                                             v alue] {lev el-1 | lev el-1-2 | lev el-2} [route-map map-name](RIP/OSPF)
     and from connected interfaces
                                               115                 IS-IS                                                                            def ault-inf ormation {in | out} {access-list-number | name}  (IGRP/EIGRP)
                                               120                  RIP
                                               170           External EIGRP       route-map map-tag [permit | deny ] [sequence-number] FOR ROUTE REDISTRIBUTION
                                               200             Internal BGP         match interf ace ty pe number [...ty pe number]
                                               255              <don´t use>                                                                                                   set
                                                                                    match ip route-source {access-list-number | name}[...access-list-number | name] automatic-tag
                                                                                    match metric metric-v alue                                                                set lev el {lev el-1 | lev el-2 | lev el-1-2 | stub-area | backbone}
                                                                                    match route-ty pe {local | internal | external [ty pe-1 | ty pe-2] | lev el-1 | lev el-2} set local-pref erence
                                                                                    match tag tag-v alue [...tag-v alue]                                                      set metric metric-v alue
                                                                                    match ip address {access-list-number | name} [...access-list-number | name] set metric-ty pe {internal | external | ty pe-1 | ty pe-2}
                                                                                    match ip next-hop {access-list-number | name}[...access-list-number | name] set origin {igp | egp autonomous-sy stem | incomplete}
                                                                                                                                                                              set tag tag-v alue
                                                                                                                                                                              set next-hop next-hop




                                                1999, PRO IN Consulting GmbH                                                                                                                                        Page 16 of 18
of
Summary: The            BIG picture                               REDISTRIBUTION of routes means a loss      For further information
                                                                   of topology information
                                                                  Routing is a STATEFUL process, where       Recommended Requests for proposals (RFCs):
The CISCO IP Routing Process and its                               the incoming routing information is        RFC1812 Requirements for IP Version 4 Routers.
mechanisms are quite complicated. But a                            considered in relation to the current      F. Baker. June 1995.(Status: PROPOSED
thorough understanding is necessary to                             routing table information.                 STANDARD)
troubleshoot or even better to avoid problems.                                                                 general information about Routing:
                                                                  The fact that a route is in the routing
                                                                   table does not necessarily mean that the   RFC1771 A Border Gateway Protocol 4 (BGP-4).
The basic points are:                                                                                           Y.Rekhter & T. Li. March 1995.
                                                                   route is also used in outgoing routing
                                                                   updates                                      (Status: DRAFT STANDARD)
        Routing is done hop-by-hop, each router                  the adjacency process for Link State and   RFC2328 OSPF Version 2. J. Moy.
         independently decides on which interface                  EIGRP as basis for exchanging updates        April 1998. (Status: STANDARD)
         to forward a packet.                                                                                 RFC2453 RIP Version 2. G. Malkin.
                                                                   between routers
        The router treats incoming and outgoing                  the different behavior of Routing            November 1998. (Status: STANDARD)
         routing mechanisms as completely                          protocols regarding summarization and
         separate processes.                                                                                  Recommended Books:
                                                                   VLSM
        Decisions about which route to add or
                                                                                                              CCIE Professional Development: Routing TCP/IP
         remove from the routing table are based
                                                                                                              Volume 1, J.Doyle ISBN: 1-57870-041-8
         on                                               What is CISCO-specific in that area ?
         ADMINISTRATIVE DISTANCE and                                                                           excellent description of Routing
         METRIC                                                                                                best description of the mechanisms of EIGRP
                                                           The use of ADMINISTRATIVE DISTANCE as              very good treatment of all Routing Protocols
        Routes of all configured routing                 first considered parameter for incoming route
         processes are considered for the routing                                                             CCIE Professional Development: Large-Scale IP
                                                          decisions.                                          Network Solutions, K. Raza, S. Asad, M. Turner
         table                                             IGRP and EIGRP are Cisco-developed and
        REDISTRIBUTION is only used when                                                                     ISBN: 1-57870-084-1
                                                          proprietary protocols.
         considering outgoing routing updates                                                                  good examples of routing design
                                                           REDISTRIBUTION, metric handling on
        POLICY ROUTING allows to overcome                                                                     excellent examples of redistribution
                                                          redistribution is not covered in standards.
         the normal destination based routing                                                                  good description of Routing Protocols
                                                           the treatment and forwarding of DEFAULT-
        Policy Routing is applied on packets             ROUTES is not covered in standards.                 Internet Routing Architectures, B.Halabi
         incoming on specified interfaces                  an extensive set of DEBUG commands for            ISBN:
        ROUTE-MAPS are a mechanism for using             monitoring the router behavior.                      best book on BGP
         additional parameters for selection and                                                              OSPF J.Moy
         also a mechanism for setting or changing                                                             ISBN:
         different parameters                                                                                  OSPF explained by the developer of that
        ROUTE-MAPS are used for POLICY                                                                       protocol
         ROUTING and for a controlled                                                                         WWW-locations:
         REDISTRIBUTION of Routing Updates                                                                    http://www.proin.com
        Routing Protocols rely on a consistent                                                               http://www.cisco.com
         metric                                                                                               http://www.netreference.com



                                   1999, PRO IN Consulting GmbH                                                                             Page 17 of 18
of
 PROFESSIONAL INFORMATION
NETWORKS


PRO IN is a paneuropean company focussing on
3 areas:
           Training
           Consulting
           Professional Services

With offices in Austria, Germany and Spain we
offer CISCO authorized trainings at the highest
possible level. Thus PRO IN is honored as
"Distinguished Trainings Partner" by CISCO




f