Controlling Redistribution Loops with Route Filters

When you combine redundant paths with mutual redistribution, you can encounter problems with redistribution loops. Take for example, the situation in Figure 3-7.

Figure 3-7 A Redistribution Loop (Route Feedback)

Figure 3-7 A Redistribution Loop (Route Feedback)

Figure 3-7 shows two points along the IGRP-RIP boundary where redistribution is occurring. Both Router J and Router K are performing mutual redistribution between RIP and 1GRP.

Care must be taken to ensure that a route redistributed from RIP into IGRP at Router J does not get redistributed into RIP at Router K—an effect called route feedback. Route feedback is represented by the propagation of route 192.168.1.0/24 in Figure 3-7. Here's the sequence:

1 Route 192.168.1.0/24 originates from the RIP cloud behind Router L, propagates up to Router J, and is redistributed into IGRP by Router J.

2 In the IGRP domain, the route propagates via IGRP to Router K, where it is redistributed into RIP (Router K sees 192.168.1.0/24 as just another IGRP update) with a low default metric. Suppose the metric is 3 hops.

3 In turn, Router K forwards the route to Router M with a hop count of 3 (a low default metric), effectively telling Router M that the way to 192.168.1.0/24 is through Router K.

4 The undesirable result: Router M thinks the path to 192.168.1.0/24 is through Router K— a suboptimal route caused by the feedback of the route at Router K. Instead, Router K should reach the destination via the RIP cloud between it and Router L.

Using the same logic, you can deduce that IGRP routes are equally susceptible to route feedback. That is, an IGRP route can be redistributed into RJP, traverse the RIP domain, and get redistributed into IGRP at another redistribution point.

In addition to suboptimal routing, route feedback can also cause such problems as routing loops and loss of reachability. Therefore, it's highly recommended (or better yet required) that you always control mutual redistribution with route filters. The basics of route filters are covered in the earlier section "Filtering Routing Updates."

To prevent route feedback, both Router J and Router K in Figure 3-7 should have filters to ensure that routes within the IGRP domain are learned only through IGRP and routes within the RIP domain are learned only through RIP. The filters must ensure a RIP destination is not learned via IGRP and vice versa.

The following is Router K's configuration (Router J's configuration follows a similar strategy):

router igrp 100 redistribute rip metric 1544 2000 255 1 1500 network 10.0.0.0 distribute-list 1 in

router rip redistribute igrp 100 metric 3 network 172.16.0.0 distribute-list 2 in

access-list 1 permit 10.0.0.0 0.255.255.255 access-list 2 permit 192.168.1.0 0.0.0.255 access-list 2 permit 172.16.0.0 0.0.255.255

In the preceding configuration, Router K is redistributing RIP into IGRP and IGRP into RIP (mutual redistribution). This is defined by the two redistribute commands.

The command distribute-Iist t in is a subcommand of the IGRP routing process activated by router igrp 100. It tells the router to filter all routes it receives through IGRP with access list 1. Access list 1 permits routes 1 0.xjc.x (where x denotes any octet) and blocks all other routes. This stops the feedback loop: Router K accepts only 10.0.0.0 routes (native IGRP routes) via IGRP and rejects any non-10.0.0.0 routes it learns via IGRP—routes that have been redistributed from RIP into IGRP.

NOTE In a real-world network, you typically have many more routes to permit in the access list than a single, contiguous 10.0.0.0. Ensure that your access list includes all routes on one side of the redistribution boundary. Otherwise, those routes will not be redistributed and users on the other side of the boundary will not be able to reach those destinations.

The command distribute-Iist 2 in (a subcommand of router rip) tells the router to filter all routes it receives through RIP with access list 2. Access list 2 permits routes 192.168.1a' and 172.16jc.jc (where x denotes any octet) and blocks all other routes. Like the distribute-Iist command under IGRP, this prevents route feedback: Router K filters and accepts only native RIP routes via the RIP protocol.

The remaining commands, starting with access-list, define access lists 1 and 2. Access lists are covered in Chapter 6.

Was this article helpful?

0 0

Post a comment