cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3358
Views
5
Helpful
11
Replies

Mutual redistribution between EIGRP and BGP and match statements

Hello Experts

I'm working on a mutual redistribution problem between EIGRP and BGP

The idea is set a tag (210) to traffic coming from our LAN on R2-2 so that it can be matched and denied on R3-7. The goal is to prevent routing loops.

The routes are being redistributed into R1-1, but I'm not able to see if the routes are being tagged.

Can someone let me know how to verify routes are being filtered with the route-maps?

TBH, I don't think its working at all.

I have attached the configs and show commands.

I read somewhere the problem was with command match route-type internal, but I'm not sure if that is the problem

Any help will be greatly appreciated.

The topology and configs are attached.

Cheers

1 Accepted Solution

Accepted Solutions

Hi


You have 2 points:

  1.     Deny redistribution of EIGRP tagged routes into BGP: You've already done it with your route-map
  2.     you need to filter learned eigrp routes on R5 to not propagate them into R2. I will use a route-map matching the EIGRP neighbor and tag. The config looks like:

ip access-list standard FROM_R4
 permit host 192.168.1.2
!
!
route-map EIGRP-TAG deny 10
! subnets coming from R4 with tag 210
 match ip route-source FROM_SLDC
 match tag 210
route-map EIGRP-TAG permit 20
!
router eigrp 65100
! Filtering tagged routes
 distribute-list route-map EIGRP-TAG in
!

Right now you're missing a piece to to import those networks into R5.

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

11 Replies 11

milan.kulik
Level 10
Level 10

Hi,

why don't you try

sh ip eigrp topo ...

on your routers?

If you issue it on R4-3. you should see the prefixes redistributed from BGP to EIGRP by R2-2 and tagged as 210.

You might see the same prefix received via R5-8 redistributed and tagged by R3-7.

If you want to see how the tags are distributed exactly, you could try to use different tags on R2-2 and R3-7. You would need to modify the deny portion of your route-maps slightly matching the second tag additionally.

Best regards,

Milan

Hi Milan,

See the output below:

EIGRP-IPv4 Topology Table for AS(65100)/ID(192.168.1.2)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status

P 192.168.1.0/24, 1 successors, FD is 281600
via Connected, Ethernet0/1
P 200.200.200.0/24, 1 successors, FD is 2611200, tag is 210
via 192.168.1.1 (2611200/2585600), Ethernet0/1

Does the mean BGP has redistributed the route but it won't be placed in the routing table? If so, then I think that has achieved my goal. If not, then I would see routing loops

Milan,

Below is show ip route again for  R4-3

I can ping 192.168.1.1 which would suggest BGP is redistributed the routes into R4-3 even though it should deny it with:


route-map bgp2eigrp deny 10
match tag 210
!

Any thoughts?

So as another test I removed all the route-maps and configured EIGRP & BGP on R2-2, as follows:

router eigrp 65100
network 192.168.1.0
redistribute bgp 200 metric 1000 100 255 1 1500

neighbor 200.200.200.1

router bgp 200
bgp log-neighbor-changes
network 200.200.200.0
redistribute eigrp 65100

And on R3-7

router eigrp 65100
network 192.168.2.0

router bgp 300
bgp log-neighbor-changes
network 200.200.201.0
redistribute eigrp 65100 redistribute bgp 300 metric 1000 100 255 1 1500

neighbor 200.200.201.1 remote-as 100

So you would think R5-8 should be able to see 192.168.1.2 (from R4-3) and R4-3 should be able to see 192.168.2.2 (from R5-8)

But the routing table from each area as follows:

R4-3#show ip route

192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Ethernet0/1
L 192.168.1.2/32 is directly connected, Ethernet0/1

R5-8#show ip route
192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.2.0/24 is directly connected, Ethernet0/1
L 192.168.2.2/32 is directly connected, Ethernet0/1
R5-8#

As you can see BGP has redistributed any of the routes even though there isn't any route-maps preventing it from forwarding the routes.

Can you think why is that?

Hi,

the output

P 200.200.200.0/24, 1 successors, FD is 2611200, tag is 210
via 192.168.1.1 (2611200/2585600), Ethernet0/1

means your config on router R2-2 is working as expected:

It's redistributing 200.200.200.0/24 prefix received via eBGP to EIGRP and tagging it as 210.

And this way your router R3-7 should NOT redistribute the same prefix received from the LAN via EIGRP back to BGP (as the EIGRP prefixes tagged with 210 are denied from redistribution to BGP).

That's the purpose of the tagging in this scenario, I guess.

BTW, the route-map names you are using are a little confusing:

router eigrp 65100
 network 192.168.1.0
 redistribute bgp 200 metric 1000 100 255 1 1500 route-map eigrp2bgp

means the route-map eigrp2bgp is applied when  BGP is redistributed into EIGRP...

Best regards,

Milan

Francesco Molino
VIP Alumni
VIP Alumni

Hi

I have some questions for you. Based on your config:

  1. You have eBGP between R1 and R2
  2. You're trying to set a tag of 210 from internal route ob R2 BGP when redistributing on R4
  3. On R4 I see a route from your BGP learned, that's 200.200.200.0/4

If you go on R4 and you issue a sh ip route 200.200.200.0 you will see at the bottom the info Route Tag 210

Is that what you want to achieve? If yes, everything seems correct.

Just to be sure, R2 will redistribute only its internal bgp networks. To check that, you can paste the output of sh ip bgp from R2.

If no, please, explain what you're trying to achieve and I will be able to provide help.

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

supportlan

I can see 210 :-)

However, how can I verify traffic that routing loops will be prevented? Basically, I shouldn't be able to see network 192.168.1.1 in R5-8 and I shouldn't be able to see 192.168.2.2 in R3-3

R2-2#show ip bgp
BGP table version is 10, local router ID is 200.200.200.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

Network Next Hop Metric LocPrf Weight Path
*> 192.168.1.0 0.0.0.0 0 32768 ?
*> 192.168.2.0 200.200.200.1 0 100 300 ?
* 200.200.200.0 200.200.200.1 0 0 100 i
*> 0.0.0.0 0 32768 i
*> 200.200.201.0 200.200.200.1 0 0 100 i
R2-2#

Hi


You have 2 points:

  1.     Deny redistribution of EIGRP tagged routes into BGP: You've already done it with your route-map
  2.     you need to filter learned eigrp routes on R5 to not propagate them into R2. I will use a route-map matching the EIGRP neighbor and tag. The config looks like:

ip access-list standard FROM_R4
 permit host 192.168.1.2
!
!
route-map EIGRP-TAG deny 10
! subnets coming from R4 with tag 210
 match ip route-source FROM_SLDC
 match tag 210
route-map EIGRP-TAG permit 20
!
router eigrp 65100
! Filtering tagged routes
 distribute-list route-map EIGRP-TAG in
!

Right now you're missing a piece to to import those networks into R5.

Thanks

PS: Please don't forget to rate and mark as correct answer if this answered your question


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Hi SupportLan,

As you mentioned:

Deny redistribution of EIGRP tagged routes into BGP: You've already done it with your route-map

Could I not simply add another route map on both routers as

route-map bgp2eigrp deny 10
match tag 210

route-map eigrp2bgp permit 10
match route-type internal
set tag 210

route-map bgp2eigrp deny 10
match tag 220

route-map eigrp2bgp permit 10
match route-type internal
set tag 220

The command match route-type internal should take care of any learned routes. 

Or am I off the mark here?

Hi

What you want is to not get all EIGRP 210 tagged routes into R5 right?

For that, you need to filter in and for that you have to use distribute-list and route-map.

However, using match internal in EIGRP won't work as your BGP routes are external types. You follow me?

Thanks


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Hi SupportLan / Milan,

I will check now. Thanks for responding.

Review Cisco Networking for a $25 gift card