RIPv2 Offset List --
================
router rip
offset-list 1 in 3 GigabitEthernet1.13
RIPv2 Filtering with Prefix-Lists --
=================================
router rip
distribute-list prefix RIP_FILTER_TO_R8 out GigabitEthernet1.58
distribute-list prefix PERMIT_ALL gateway NOT_FROM_R4 in
The prefix-list named RIP_FILTER_TO_R8 filters R6 and R7
Loopback0 prefixes from being advertises out on VLAN 58 and
permits all others. The syntax 0.0.0.0/0 le 32 in a prefix-list
means match all routes, similar to the any keyword from accesslists.
The second route filtering is based on both the routes being
learned and whom they are learned from. This filter says match any
route coming in any interface, per the PERMIT_ALL prefix-list, and
allow them to come in as long as they were not learned from R4, per
the deny 155.1.0.4/32 syntax.
RIPv2 Filtering with Access-Lists:
==========================================
Configure a one-line standard access-list on R6 to filter out the IPv4 prefixes that
have an even number in the third octet
access-list 1 permit 0.0.1.0 255.255.254.255
!
router rip
distribute-list 1 in
When extended access-lists are used as distribute-list for IGP filtering, the
functionality is different than when used for route redistribution or in BGP. With BGP
and redistribution, the source field in the ACL represents the network address, and
the destination field represents the subnet mask. In IGP distribute-list application,
the source field in the ACL matches the update source of the route, and the
destination field represents the network address. This implementation allows us to
control which routes we accept, but more importantly who do we accept it from.
Before the filter is applied, R5 routes to R3 for VLANs 7 and 9, and to R1 for VLAN
146 and R1’s Loopback
Admin Distance:
===============
access-list 1 permit host 150.1.4.4
!
router rip
distance 255 0.0.0.0 255.255.255.255 1
access-list 2 permit 150.1.3.3
!
router rip
distance 255 155.1.37.3 0.0.0.0 2
Default Route:
===============
Note in the above output that R6 does not have a default route installed in
the routing table. Unlike OSPF, RIP does not require that a default route
actually be installed in the routing table before originating one. For this
reason, route feedback of R6’s default origination will occur in this topology
Conditional Default Route
--------------------------
ip prefix-list ROUTE_TO_R9_LOOP seq 5 permit 150.1.9.9/32
!
route-map TRACK_ROUTE_TO_R9_LOOP permit 10
match ip address prefix-list ROUTE_TO_R9_LOOP
!
router rip
default-information originate route-map TRACK_ROUTE_TO_R9_LOOP
Reliable Conditional Default Route:
-----------------------------------
Configure R1 to originate a default route.
Configure IP SLA on R1 to track ICMP reachability to R7's IPv4 address on VLAN 7.
ICMP Echo-Request should be sent each 5 seconds.
Configure IP SLA tracking on R1 so that if an ICMP Echo-Reply is not received from
VLAN 7, R1 withdraws its default route advertisement.
ip sla 1
frequency 5
icmp-echo 155.1.7.7
!
ip sla schedule 1 start-time now life forever
!
track 1 ip sla 1
!
ip route 169.254.0.1 255.255.255.255 Null0 track 1
!
ip prefix-list DUMMY_ROUTE_TRACKED_VIA_SLA seq 5 permit 169.254.0.1/32
!
route-map RELIABLY_TRACK_LINK_TO_VLAN7 permit 10
match ip address prefix-list DUMMY_ROUTE_TRACKED_VIA_SLA
!
router rip
default-information originate route-map RELIABLY_TRACK_LINK_TO_VLAN7
As long as R4 has a route to the network 150.1.9.9/32 installed in the routing table,
it will advertise a default route.
RIPv2 Source Validation:
========================
R7:
router rip
no validate-update-source
R9:
interface GigabitEthernet1.79
ip unnumbered Loopback0
Verify that before IP unnumbered is configured on R9, RIP routes are correctly
installed in both the R7 and R9 routing tables, and there is IPv4 connectivity.
After applying the IP unnumbered configuration on R9, because R9 will be sending
RIP updates out on VLAN 79 Ethernet segment with a IPv4 address not in the same
subnet as R7's IPv4 address, R7 will ignore these updates, and all RIP routes
learned from R9 will slowly be removed from the routing table based on the flush
timer.
================
router rip
offset-list 1 in 3 GigabitEthernet1.13
RIPv2 Filtering with Prefix-Lists --
=================================
router rip
distribute-list prefix RIP_FILTER_TO_R8 out GigabitEthernet1.58
distribute-list prefix PERMIT_ALL gateway NOT_FROM_R4 in
The prefix-list named RIP_FILTER_TO_R8 filters R6 and R7
Loopback0 prefixes from being advertises out on VLAN 58 and
permits all others. The syntax 0.0.0.0/0 le 32 in a prefix-list
means match all routes, similar to the any keyword from accesslists.
The second route filtering is based on both the routes being
learned and whom they are learned from. This filter says match any
route coming in any interface, per the PERMIT_ALL prefix-list, and
allow them to come in as long as they were not learned from R4, per
the deny 155.1.0.4/32 syntax.
RIPv2 Filtering with Access-Lists:
==========================================
Configure a one-line standard access-list on R6 to filter out the IPv4 prefixes that
have an even number in the third octet
access-list 1 permit 0.0.1.0 255.255.254.255
!
router rip
distribute-list 1 in
When extended access-lists are used as distribute-list for IGP filtering, the
functionality is different than when used for route redistribution or in BGP. With BGP
and redistribution, the source field in the ACL represents the network address, and
the destination field represents the subnet mask. In IGP distribute-list application,
the source field in the ACL matches the update source of the route, and the
destination field represents the network address. This implementation allows us to
control which routes we accept, but more importantly who do we accept it from.
Before the filter is applied, R5 routes to R3 for VLANs 7 and 9, and to R1 for VLAN
146 and R1’s Loopback
Admin Distance:
===============
access-list 1 permit host 150.1.4.4
!
router rip
distance 255 0.0.0.0 255.255.255.255 1
access-list 2 permit 150.1.3.3
!
router rip
distance 255 155.1.37.3 0.0.0.0 2
Default Route:
===============
Note in the above output that R6 does not have a default route installed in
the routing table. Unlike OSPF, RIP does not require that a default route
actually be installed in the routing table before originating one. For this
reason, route feedback of R6’s default origination will occur in this topology
Conditional Default Route
--------------------------
ip prefix-list ROUTE_TO_R9_LOOP seq 5 permit 150.1.9.9/32
!
route-map TRACK_ROUTE_TO_R9_LOOP permit 10
match ip address prefix-list ROUTE_TO_R9_LOOP
!
router rip
default-information originate route-map TRACK_ROUTE_TO_R9_LOOP
Reliable Conditional Default Route:
-----------------------------------
Configure R1 to originate a default route.
Configure IP SLA on R1 to track ICMP reachability to R7's IPv4 address on VLAN 7.
ICMP Echo-Request should be sent each 5 seconds.
Configure IP SLA tracking on R1 so that if an ICMP Echo-Reply is not received from
VLAN 7, R1 withdraws its default route advertisement.
ip sla 1
frequency 5
icmp-echo 155.1.7.7
!
ip sla schedule 1 start-time now life forever
!
track 1 ip sla 1
!
ip route 169.254.0.1 255.255.255.255 Null0 track 1
!
ip prefix-list DUMMY_ROUTE_TRACKED_VIA_SLA seq 5 permit 169.254.0.1/32
!
route-map RELIABLY_TRACK_LINK_TO_VLAN7 permit 10
match ip address prefix-list DUMMY_ROUTE_TRACKED_VIA_SLA
!
router rip
default-information originate route-map RELIABLY_TRACK_LINK_TO_VLAN7
As long as R4 has a route to the network 150.1.9.9/32 installed in the routing table,
it will advertise a default route.
RIPv2 Source Validation:
========================
R7:
router rip
no validate-update-source
R9:
interface GigabitEthernet1.79
ip unnumbered Loopback0
Verify that before IP unnumbered is configured on R9, RIP routes are correctly
installed in both the R7 and R9 routing tables, and there is IPv4 connectivity.
After applying the IP unnumbered configuration on R9, because R9 will be sending
RIP updates out on VLAN 79 Ethernet segment with a IPv4 address not in the same
subnet as R7's IPv4 address, R7 will ignore these updates, and all RIP routes
learned from R9 will slowly be removed from the routing table based on the flush
timer.
No comments:
Post a Comment