Hi telestrial2020,

 

Thank you for your question!

 

Regularly this information should be known via an updated network diagram that reflects the connections and indicates what VLANs exist at each point of the network. Network diagrams and flow diagrams will be the sources of information where this is reflected.

 

If this does not exist, a way is by checking the associated interfaces within the VRF [show vrf / show running-config vrf <VRF>]. You will need to verify the subinterface and observe it on the local router, the subinterface will indicate what is the corresponding encapsulation.

Of course, querying the router using some kind of network management system would be ideal, like Cisco Prime / Prime Infrastructure among others.

 

As an additional note on this subject, there is also another VRF-to-VLAN application named Easy Virtual Networking Network (EVN), where you can create trunks of VRFs, and via this application, is easier to map and visualise from the local router perspective what VRFs corresponds to each VLAN by the virtue of what is called vnet trunks.

 

A white paper on this technology can be found here, https://www.cisco.com/c/en/us/products/collateral/ios-nx-os-software/layer-3-vpns-l3vpn/whitepaper_c11-638769.html

 

HTH,

 

Elvin

Elvin,

 

Thank you so much for taking the time to answer this question.  Yes, all of your first three suggestions are valid.  Generally, if accurate documentation exists this question shouldn't, but in its absence, the cli command, or a polished NMS like the one you suggested may illuminate things.  We are very grateful - me and the community, I'm sure - for you exposing us to the EVN technological principles in the attached white paper.   Cheers! 

Hi Sanga62,

 

The steps of how to perform this type of task will depend of many variables, I will create an example that will translate traffic from internal LAN towards the Internet. Note that based on the IP addresses you have, you want to assign public space to internal client PCs behind the router, which is rather rare, but still possible, as this is usually perform with server devices.

 

Since this design involves having public space at the internal LAN, the public space does not need to be NATted in order to be Internet-routable.

 

1. Settings:

 

WAN Details From ISP:
WAN IP: 136.xxx.xxx.206
GATEWAY IP: 136.xxx.xxx.205
SUB-NET MASK: 255.255.255.252
DNS:49.xx.xx.1

 

IP1: 115.XXX.X.209 Need to use this IP for gateway for below mentioned LAN IPs.
IP2: 115.XXX.X.210 Need to assign to a Client PC on network behind router.
IP3: 115.XXX.X.211 Need to assign to a Client PC on network behind router.
IP4: 115.XXX.X.212 Need to assign to a Client PC on network behind router.
IP5: 115.XXX.X.213 Need to assign to a Client PC on network behind router.
IP6: 115.XXX.X.214 Need to assign to a Client PC on network behind router.
Subnet Mask: 255.255.255.248

 

2. Topology:

 

Three routers connected in a line.

 

LAN --- GW --- ISP

 

3. Configuration

 

#LAN

hostname LAN
!
interface Ethernet0/0.12
description LAN PC
encapsulation dot1Q 12
ip address dhcp

/End.

 

#GW

hostname GW
!
ip dhcp excluded-address 115.0.0.209
!
ip dhcp pool ADD
network 115.0.0.208 255.255.255.248
default-router 115.0.0.209 
dns-server 49.0.0.1 
!
interface Ethernet0/0.12
description TO INTERNAL CLIENTS_PCS
encapsulation dot1Q 12
ip address 115.0.0.209 255.255.255.248
!
interface Ethernet0/0.23
description INTERNET_IFACE
encapsulation dot1Q 23
ip address 136.0.0.206 255.255.255.252
!
ip route 0.0.0.0 0.0.0.0 136.0.0.205 name TO_ISP

#ISP

(Of course, we cannot configure the ISP, but this is a functional example with three routers, I will post the configuration of the ISP).

 

hostname ISP
!
interface Loopback0
ip address 49.0.0.1 255.255.255.255
!
interface Ethernet0/0.23
encapsulation dot1Q 23
ip address 136.0.0.205 255.255.255.0
!
ip route 115.0.0.0 255.0.0.0 136.0.0.206
!
end

/

 

Let us know any further questions.

 

Elvin

Hi sobasamst,

There are guidelines you can follow when performing mutual redistribution and elements to take into account. Below is a series of fundamentals, guidelines, and examples you can follow.

Route redistribution is the mechanism network engineers have to inject network-layer reachability information (NLRI) from one routing domain to another. A routing domain here can be same (or different) organization with same (or different) routing protocols that want to share prefix across routing boundaries.

- Longest match routing?
Note that when doing routing to destinations, routers will always pick the longest match.

- How routers perform routing? - Route trustworthiness.
Route preference is based on a local value known as Administrative Distance, if same prefix needs to be evaluated, the prefix with the lowest administrative distance is chosen. Values in IOS are set from 0 through 255, where some 255 is infinite (routes with this value will not be installed).

-Key information:

.When doing redistribution, routes are taken from protocol a to protocol b, and this is performed from a routing table perspective, the prefix must exist in the router's RIB before being injected into the particular IGP.
.Route metrics must be taken into account, as by default metrics are incompatible among different routing sources (no way to translate bandwidth of OSPF to hop count on RIP). - administrator must define these metrics accordingly.
.When redistributing between routing domains of the same IGP, seed metric may not be required.
.Protocols such as OSPF, EIGRP, BGP, IS-IS have mechanisms to differentiate routing information generated from external sources, but RIP does not. Special care must be taken when redistribution happens between RIP routing domains.
.EIGRP uses EIGRP RID to prevent route feedback when redistributing external routes (also this has been recently included for internal routes).

Loops can occur in different ways, easily identifiable are data plane loops, where traffic is seen circulating up to infinity (TTL), these regularly means that, since routers make their routing choices independently, they could perfectly point at each other if prefix information is not taken care cautiously. Can happen that a route reachable via OSPF is pointing through a suboptimal path through the non-OSPF domain, and once the traffic hits the OSPF domain it goes back through the preferred path.

These type of loops could be metric or AD-based, where the former might be more common to reproduce it when RIP is involved.

Also, routing table instability loops can be caused, a common symptom for these is based on the fact that routing information at the local RIB is constantly flapping due to local control plane flaps due to constant route election/preference changes. A normal symptom for these is that reachability to the final destination is not possible or simply flaps.

-Recommendations:

.Know your topology - This is an often overlooked step, but the most important. Knowing the design will help depicting the points where routes could reach a redistribution point.
.Never let routing information to recirculate back to the original routing redistribution source (tagging is a good mechanism for this).
.When redistributing, always know the prefixes coming from external routing sources
.Use "ip route profile" in IOS in order to identify routing table instabilities.
."debug ip routing" also provides a real-time debugging of the routing decisions.
.Monitor the routing table for same (set) routes constantly showing recent time of being learned.
.Tag routes from one domain to another and use values that you can easily depict where the route came from in the first place, a common practice is to set the tag value to the AD value.
.Use prefix-list, distribute-lists, route-maps, tagging, routing-source matching rules when redistributing.

-Example1: With this template, we are tagging routes being redistributed from/to EIGRP and OSPF, tagging routes respectively disallowing route feedback between R1 and R2.

EIGRP --- R1 ---- OSPF
---- R2 ----

route-map EIGRP_TO_OSPF deny 10
match tag 110
route-map EIGRP_TO_OSPF permit 20
set tag 170
!
router ospf 1
redistribute eigrp 1 route-map EIGRP_TO_OSPF
!

/

route-map OSPF_TO_EIGRP deny 10
match tag 170
route-map OSPF_TO_EIGRP permit 20
set tag 110
!
router eigrp 1
redistribute ospf 1 route-map EIGRP_TO_OSPF

/Note: Many examples could be given, but these will depend upon the topology and points of redistribution. Metrics, Administrative Distance, tags can all be used to avoid issues of loops caused by redistribution.

Regards,

Elvin

Hello @Elvin Arias ,

very nice post we were writing at the same time :)

+5 for you

 

>> Note that when doing routing to destinations, routers will always pick the longest match

 

The concept of routing most important is the longest = more specific prefix is chosen first you are right on this.

 

A lot of people think at AD as the first parameter, but CEF, FIB and TCAM works in such a way (Cisco has its own US patents on this) that they are able to match the destination address A.B.C.D of an Ipv4/IPv6 flow with the most specific prefix present in CEF / FIB /TCAM the search is performed in parallel way an entry in the TCAM table is found from the most specific route.

The TCAM entry will tell us what is the next-hop for destination A.B.C.D

 

>> Route preference is based on a local value known as Administrative Distance, if same prefix needs to be evaluated, the prefix with the lowest administrative distance is chosen. Values in IOS are set from 0 through 255, where some 255 is infinite (routes with this value will not be installed).

 

Perfect explanation Cisco choices of AD is explained.

A complete list of AD values is reported in Cisco documents

A good doc can be the following link

https://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/8606-redist.html?dtid=osscdc000283

 

Connected : AD = 0   code C

L /32 means primary IP address on the connected subnet

Static to an IP next-hop   (to be used if the exit interface is a LAN segment or a form of physical NBMA like ATM or Frame Relay or a form of logical NBMA like DMVPN)    AD=1

Static to interface    in the past here the AD was 0. To be noted if used in the following way

ip route 0.0.0.0.0 0.0.0.0 eth0

requires the next router to have IP proxy enabled and causes the branch router ARP table to grow over time defeating the CEF /TCAM optimazations. There were threads about this answered by Jon Marshall, Peter Paluch or Rick Burts or Paolo Bevilaqua.

 

>> When doing redistribution, routes are taken from protocol a to protocol b, and this is performed from a routing table perspective, the prefix must exist in the router's RIB before being injected into the particular IGP

Correct IGP A will send a prefix to IGP B only if this prefix is installed in the IP routing table (with the execption of connected routes in IPv4, special commands are needed in IPv6 to emulate this)

 

>> EIGRP uses EIGRP RID to prevent route feedback when redistributing external routes (also this has been recently included for internal routes).

This is true and explained in Peter Palùch's book CCIE R/S Vol I 5th edition.

 

when OSPF receives routes the subnets keyword is important to avoid classful summarization so I would add a subnets keyword in your example.

Have a nice day !

 

Hope to help

Giuseppe

 

 

 

 

 

@Giuseppe Larosa 

 

Indeed, we were in sync on the posts. : )

 

Thank you for your comments, appreciate it.

 

Elvin

Hello Elvin,

 

Thank you very much

Hello @sobasamst ,

 

for route tags and IGPs there is not a single case.

Let me recap what an IGP route tag is :

 

Protocol   Route tag     Value

EIGRP       single value    unsigned integer 32 bit

OSPF       single value    unsigned integer 32 bit

IS-IS       single value    unsigned integer 32 bit

 

RIPv2    single value     unsigned integer 16 bit   (as far as I know from my personal study notes and labs)

 

So a lot of possible cases arise.

First of all, ,mutual redistribution is not always needed an IGP the modern one can be the core/backbone protocol the other protocol can be seen as a leaf and just needs to receive a default route 0.0.0.0/0 in its messages from one or two ASBR ( I use OSPF terms here).

In case of merges or migration you may need mutual redisribution on two network devices in a controlled way.

 

Here, come into play some specific properties of each IGP

 

OSPF to OSPF  work as "ships in the night" each OSPFv2 process needs to have a different process-id and a different router-id (used in SP env)

OSPF route type plays no role here and both processes compete for installing their own best routes in the IP routing table .

The IP routing table daemon sees [110/x]    [110/y]   problems can arise. It can be solved with route tags using a negative logic and by using the OSPF command distance ospf inside each process to tune AD value for O , OIA and O E1, O E2, O N1 , O N2 routes.

(used successfully on the field in 2005 to merge two SP networks)

 

EIGRP has admin cost 150 for external routes so EIGRP to OSPF mutual for example is not an issue.

IS-IS is like OSPF (with OSI net in place of router-id, the capability to support up to 3 different areas)

 

However, EIGRP summary route has AD 5 by default and this can create problems when the 0.0.0.0/0 route is created towards the edge protocol with a per interface summarization 0.0.0.0/0.

I have seen this issue too in the field.

Also in EIGRP named mode you can increase the AD of the 0.0.0.0/0 injected route to 200 to avoid a routing blackhole.

 

We cannot copy a 32 bit value into RIPv2.

So when dealing with RIPv2 we need to take in account this.

 

IGRP and RIPv1 I think miss the concept totally they are legacy.

 

A typical config  for two OSPF processes will be :

route-map OSPF1-to-OSPF6762 deny 10

match tag 999

route-map OSPF1-to-OSPF6762 permit 20

set tag 999

 

route-map OSPF6762-to-OSPF1 deny 10

match tag 50

route-map OSPF6762-to-OSPF1 permit 20

set tag 50

 

router ospf 1

router-id 1.1.1.1

redistribute subnets route-map OSPF6762-to-OSPF1 metric-type 1

distance-ospf 105 108  150

 

router ospf 6762

router-id 192.168.1.1

redistribute subnets route-map OSPF1-to-OSPF6762 metric-type 1

distance-ospf 110 120 110

 

Hope to help

Giuseppe

 

I forgot to mention that the R4 is the active and the R5 the standby for HSRP 

Is redistribution applied to that subnet? How is the prefix being learned?

I would like to take a look at the RIB and LSDB, please post the following commands:

show ip route 200.x.x.x

Any way to access the topology? :)

Elvin