IP Route summarisation

Thomas Schmitt · ‎04-29-2011

Hallo

I'm trying to summarise 192.168.0.0 /24 and 192.168.1.0 /24 routes (it's only an example) -imagine severall routers and the "last" one schould only "see" the summary route - therefore I use the command

R1(config-if)# ip summary-address rip 192.168.0.0 255.255.252.0

and get follow error:

Summary mask must be greater or equal to major net

I tryed also 192.168.0.0. 255.0.0.0 - the result is the same, where the same command works fine with EIGRP.

Can someone explain this behavier please?

I tryed it also in another way - create a static route, redistribute it and then filter out all things that you don't need (here 192.168.0.0 and ...1.0 /24)

R1(config)# ip route 192.168.0.0 255.255.252.0 s0/0

R1(config)# access-list 1 deny 192.168.1.0 0.0.0.255

R1(config)# access-list 1 deny 192.168.0.0 0.0.0.255

R1(config)# access-list 1 permit any

! only 192.168.0.0 /22 should be advertised from 192.168.X.X Networks

R1(config-router) distribute-list 1 out s0/1

BUT in this way the summary route 192.168.0.0 /22 is then also blocked - is there a possibility to advertise block 192.168.0.0 /24 + 192.168.1.0 /24 routes and to permit 192.168.0.0 /22 route in this way? because if I write "permit 192.168.0.0 /22", then are 0.0 + 1.0 /24 also permited.

p.s. my softwareversion

Cisco IOS Software, 3700 Software (C3745-ADVIPSERVICESK9-M), Version 12.4(15)T6, RELEASE SOFTWARE (fc2)

Giuseppe Larosa · ‎04-29-2011

Hello Dmytrro,

in order to advertise the new static route you need to redistribute it into RIP process first:

router rip

redistributre static

first warning is because these are class C and /22 would be a supernet not supported in RIPv2 summarization

hope to help

Giuseppe

Thomas Schmitt · ‎04-29-2011

If I understand you write, than I should first redistribute the static route, but then I have 3 Routes - one more and not one less.

R    192.168.0.0/24 [120/2] via 10.10.10.5, 00:00:08, Serial0/0
R    192.168.1.0/24 [120/1] via 10.10.10.5, 00:00:08, Serial0/0
R    192.168.0.0/22 [120/1] via 10.10.10.5, 00:00:08, Serial0/0

and it is still not possible to set a summary route

R1(config-if)#ip summary-address rip 192.168.0.0 255.255.252.0
Summary mask must be greater or equal to major net

Giuseppe Larosa · ‎04-29-2011

Hello Dymitro,

at this point you have the desired prefix /22 and you can use the distribute list out the intended interface to send out only the /22 and not the component routes

you cannot use summarization being this a supernet = join of multiple class C

Edit:

EIGRP supports that kind of summarization

Hope to help

Giuseppe

Thomas Schmitt · ‎04-29-2011

I allow myself to copy and paste a part from my first post:

I tryed it also in another way - create a static route, redistribute it and then filter out all things that you don't need (here 192.168.0.0 and ...1.0 /24)

R1(config)# ip route 192.168.0.0 255.255.252.0 s0/0

R1(config)# access-list 1 deny 192.168.1.0 0.0.0.255

R1(config)# access-list 1 deny 192.168.0.0 0.0.0.255

R1(config)# access-list 1 permit any

! only 192.168.0.0 /22 should be advertised from 192.168.X.X Networks

R1(config-router) distribute-list 1 out s0/1

BUT in this way the summary route 192.168.0.0 /22 is then also blocked - is there a possibility to block 192.168.0.0 /24 + 192.168.1.0 /24 routes and to permit 192.168.0.0 /22 route in this way? because if I write "permit 192.168.0.0 /22", then are 0.0 + 1.0 /24 also permited.

Giuseppe Larosa · ‎04-30-2011

Hello Dmytro,

you would need a different tool like a prefix-list to be able to discriminate between 192.168.0.0/22 and 192.168.0.0/24.

or at least the support of extended IP access-list as it was used with BGP

example

access-list 111 deny ip host 192.168.0.0 host 255.255.255.0

access-list 111 deny ip host 192.168.1.0 host 255.255.255.0

access-list 111 permit ip any any

prefix-list would be:

ip prefix-list only-aggregate deny 192.168.0.0/24

ip prefix-list only-aggregate deny 192.168.1.0/24

ip prefix-list only-aggregate permit 0.0.0.0/0 le 32

However, command reference in 12.4T -15.1.M/T does not support the use of extended ACLs, prefix lists or route-maps with distribute-list out

http://www.cisco.com/en/US/docs/ios/iproute_pi/command/reference/iri_pi1.html#wp1012176

notice that instead distribute list in supports the use of route-maps that can invoke a prefix list for example.

As I noted before EIGRP would allow you to build the summarized route 192.168.0.0/22 the limitation you are seeing here is related to RIPv2.

Also offset-list out that could be used to advertise unwanted prefixes with a not usable metric (by adding an offset of 15) only supports standard ACL

http://www.cisco.com/en/US/docs/ios/iproute_rip/command/reference/irr_rip.html#wp1012347

Hope to help

Giuseppe

roberto siu · ‎10-15-2013

For example I have

192.168.48.0/24 - 192.168.51.0/24 i used a 22- bit!

Under normal circumstances, you could simply summarize the four consecutive class-C networks with the ip summary address rip command on the R1 serial 0/0/0 interface. However, the RIP implementation in the Cisco IOS Software does not allow summarizing to a mask length that is less than the classful network prefix (in this case, 24 bits). This limitation does not affect other routing protocols. If you do try, you receive the following error message:

for example :

R1(config)# interface serial 0/0/0

R1(config-if)# ip summary-address rip 192.168.48.0 255.255.252.0

Summary mask must be greater or equal to major net

To get around the ip summary-address rip message error, create a static route on R1 to summarize the networks of loopbacks 48 through 51. Then redistribute the route on R1.

R1(config)# ip route 192.168.48.0 255.255.252.0 null0

R1(config)# router rip

R1(config-router)# redistribute static

This solution might seem unusual, but for RIPv2, it resembles many effects of summarization as performed in other routing protocols like EIGRP or OSPF. Again, this is not a limitation of RIPv2, but rather a Cisco IOS implementation issue.

Sometimes you might not want to advertise certain networks out a particular interface, or you might want to filter updates as they come in. This is possible with distance-vector routing protocols, such as RIP or EIGRP. However, link-state protocols are less flexible, because every router in an area is required to have a synchronized database as a condition for full adjacency.

Distribute lists can be used with either access lists or prefix lists to filter routes by network address. With prefix lists, they can also be configured to filter routes by subnet masks.

In this scenario, you want to filter updates from R1 to R2, allowing only the networks of Loopback 0 and Loopback 70 and the summary route to be advertised. You want to suppress the more specific prefixes so that routing tables are kept small, and CPU processor cycles on the routers are not wasted.

The 22-bit summary and the 24-bit major network address both have the same address, so access lists will not accomplish the filtering correctly. Therefore, it is necessary to use prefix lists.

To create a prefix list or add a prefix list entry, use the ip prefix-list command in global configuration mode.

ip prefix-list {list-name | list-number} {deny network/length | permit network/length} [ge ge-length] [le le-length]

The ge keyword represents the “greater than or equal to” operator. The le keyword represents the “less than or equal to” operator. If both the ge and le keywords are omitted, the prefix list is processed using an exact match.

On R1, use a prefix list as a distribution filter to prevent the more specific routes to loopbacks 48 through 51 from being advertised. Allow all other destination networks, including the summary route.

R1(config)# ip prefix-list RIP-OUT permit 192.168.48.0/22

R1(config)# ip prefix-list RIP-OUT deny 192.168.48.0/22 le 24

R1(config)# ip prefix-list RIP-OUT permit 0.0.0.0/0 le 32

Line 1 of the prefix list permits the summary route and nothing else, because no other route can match that network address with a mask of exactly 22 bits.

Line 2 denies all prefixes with a network address in the 192.168.48.0/22 block of addresses that have subnet masks from 22 bits to 24 bits. This removes exactly four network addresses matching the 22, 23, and 24 bits in length of the subnet mask. Line 2 would deny the 192.168.48.0/22 summary route you created if Line 1 did not explicitly permit the summary route.

Line 3 allows all IPv4 prefixes that are not explicitly denied in previous statements of the prefix list.

From the RIP configuration prompt on R1, apply this access list with the distribute-list command.

R1(config)# router rip

R1(config-router)# distribute-list prefix RIP-OUT out serial0/0/0

On R2, verify that the filtering has taken place using the show ip route rip and show ip rip database commands.

Message was edited by: roberto siu

roberto siu · ‎10-15-2013