cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4876
Views
15
Helpful
11
Replies

Routing Loop Preventation using route-map

cisc0.ameer
Level 1
Level 1

hello

as below scenario :

route-taging loop preventation.png

 

 

 

 

 

Mutually OSPF Redistribute into BGP

Mutually EIGRP redistribute into BGP

i want to prevent loop in OSPF Domain

i use MATCH and SET statement in Route-map

My question is i don't know i apply it where ?

mostly i think i should use distribute-list

anyway ...please help

on R1:
route-map TO_R1 deny 10
 match tag 2
 !
route-map TO_R1 per 20
 ! exit
route-map FROM_R1 per 10
 set tag 1

---------------and------------------

on R2:
route-map TO_R2 deny 10
 match tag 1
!
route-map TO_R2 per 20
! exit
route-map FROM_R2 per
 set tag 2

!!!!!!!should i choose one name for my route-map :D and first statement changed to set tag

second line deny

last line per explicitly every things ?

because how i can applied two different route-map(in name) to distribute-list in OSPF ?

or Do you have any other ideas about this ?(i know we have eigrp route tag command) but here is case of OSPF

or what you think i use any tag routing during my redistribution ?

mostly i do not want route receive by R3 From R1 again comeback via R4and R2

So do you think logically i have to use route-map in My redistribution or internally it's enough ?

 

1 Accepted Solution

Accepted Solutions

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello cisc0.ameer,

the route-maps usig route tags match or set tags have to be used in the redistribute command:

 

router ospf 100

redistribute bgp 100 subnets route-map BGP-into-OSPF

!

 

router bgp 100

redistribute ospf 100 route-map OSPF-into-BGP

 

You need to decide to use values that make you remember of redistribution.

We can use route tag 89 for OSPF routes injected into BGP and route tag 179 for BGP routes injected into OSPF.

 

So to avoid routing loops or suboptimal routing the route-maps should be:

 

route-map OSPF-into-BGP deny 10

match tag 179

route-map OSPF-into-BGP permit 20

set tag 89

 

the logic is reversed for the route-map in the opposite redisribute direction

 

route-map BGP-into-OSPF deny 10

match tag 89

route-map BGP-into-OSPF permit 20

set tag 179

 

The same configuration has to be applied on both R1 and R2.

 

A similar logic can be used on R3,R4 between BGP and EIGRP

 

Hope to help

Giuseppe

 

 

View solution in original post

11 Replies 11

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello cisc0.ameer,

the route-maps usig route tags match or set tags have to be used in the redistribute command:

 

router ospf 100

redistribute bgp 100 subnets route-map BGP-into-OSPF

!

 

router bgp 100

redistribute ospf 100 route-map OSPF-into-BGP

 

You need to decide to use values that make you remember of redistribution.

We can use route tag 89 for OSPF routes injected into BGP and route tag 179 for BGP routes injected into OSPF.

 

So to avoid routing loops or suboptimal routing the route-maps should be:

 

route-map OSPF-into-BGP deny 10

match tag 179

route-map OSPF-into-BGP permit 20

set tag 89

 

the logic is reversed for the route-map in the opposite redisribute direction

 

route-map BGP-into-OSPF deny 10

match tag 89

route-map BGP-into-OSPF permit 20

set tag 179

 

The same configuration has to be applied on both R1 and R2.

 

A similar logic can be used on R3,R4 between BGP and EIGRP

 

Hope to help

Giuseppe

 

 

Hello

Just like to add if i may to @Giuseppe Larosa  examples for clarity


route-map OSPF-into-BGP deny 10  

match tag 179 <----BGP routes which are now ospf routes tagged with a value of 179 will be denied into bgp

 

route-map OSPF-into-BGP permit 20

set tag 89 <----All other ospf routes are tagged with a value of 89 will be allowed into bgp

route-map BGP-into-OSPF deny 10

match tag 89 <----Ospf routes which are now bgp routes tagged with a value of 89 will be denied into ospf

route-map BGP-into-OSPF permit 20

set tag 179 <----All other bgp routes are tagged with a value of 179 will be allowed into ospf


 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Just like to add if i may to @Giuseppe Larosa  examples for clarity

too much thanks Sir for clarify , thanks 

Hello cisc0.ameer,

my previous example using only route tags may not work when BGP is involved. It is good for sure for mutual redistribution between two IGPs.

For BGP the BGP community attribute can take the place of the route tag.

There was a previous post thread  about  this specific issue.

BGP community is similar to a route tag with the added benefit that multiple BGP communities can be added to a single BGP prefix.

The logic to create the two route-maps is still the same but on the BGP side we are going to set a BGP community instead of a route tag.

 

router ospf 100

redistribute bgp 100 subnets route-map BGP-into-OSPF2

!

 

router bgp 100

redistribute ospf 100 route-map OSPF-into-BGP2

 

We will use BGP community 100:89 to signal BGP routes that have been originated by redistribution of OSPF into BGP.

We cannot match a community value directly so we need to define a community-list a special ACL for BGP standard communities:

 

ip community-list 1 permit 100:89

 

The configuration of the new route-maps becomes the following:

 

route-map OSPF-into-BGP2 deny 10

match tag 179

route-map OSPF-into-BGP2 permit 20

set community 100:89

 

the logic is reversed for the route-map in the opposite redistribute direction.

Now we match on community using the community list 1 defined above.

 

route-map BGP-into-OSPF2 deny 10

match community 1

route-map BGP-into-OSPF2 permit 20

set tag 179

 

This approach should work when BGP is involved.

 

Paul Driver has provided a clear explanation of the logic under the two route-maps.

Here there is just an update to use BGP community on the BGP side in case matching or setting a route tag is not supported or not effective.

The idea is that we deny = not allow all routes that have been originated on the protocol that should receive the redistributed routes using a match tag for OSPF routes when examined for possible redistribution into BGP, and using a match community when examining BGP routes for possible redistribution into OSPF.

The same configuration has to be performed on both R1 and R2 as the main reason to control mutual redistribution is the presence of two ASBR routers both performing mutual redistribution.

As noted in previous post a similar configuration can be created for routers R3,R4 where we just need to remember that EIGRP requires the setting of a default metric using the five metric components to make redistribution effective to be able to create the seed metric for EIGRP external routes.

 

Edit:

the use of the route-maps is really necessary if R1 and R2 have also an iBGP session between them.

If the iBGP session is not present R1 and R2 are not going to accept the routes originated by the other one because going via R3 or R4 the AS path BGP attribute will contain the BGP AS 100.

However, because also R3 and R4 are performing mutual redistribution between BGP and EIGRP  without any control R3 or R4 could re-inject an original OSPF route via eBGP taking the prefix from EIGRP and in this case the BGP AS path attribute would contain only AS 200 and would be accepted on R1 or R2.

So actually the use of the route-maps is highly recommended/necessary  even if no iBGP sessions between R1,R2 and R3,R4 are configured.

 

Hope to help

Giuseppe

 

 

Hello @Giuseppe Larosa  first million times thanks

this answer makes more sense to me , but as you are highly skilled and professional also your answering is too , let me i ask for clearing and fully understanding some points ,[thanks in advance]

--------------------------------------------------------------

my previous example using only route tags may not work when BGP is involved. It is good for sure for mutual redistribution between two IGPs

1-You mean like my scenario one side [BGP+ospf] and other [EIGRP+BGP] connected two ASs with eBGP and also we have iBGP(with RR Server in middle)

in this scenario Will NOT Work ? Correct ? 

but in previous example you said:

router ospf 100

redistribute bgp 100 subnets route-map BGP-into-OSPF

!
router bgp 100

redistribute ospf 100 route-map OSPF-into-BGP

above example includes BGP !!!How compare! here we have BGP also ....

 

2- By 

Edit:

the use of the route-maps is really necessary if R1 and R2 have also an iBGP session between them.

You meant if we have an iBGP in our AS , better and suggested we use route-map

if also we have External BGP with redistribution (BGP include) should use BGP community ?

 

3-

If the iBGP session is not present R1 and R2 are not going to accept the routes originated by the other one because going via R3 or R4 the AS path BGP attribute will contain the BGP AS 100.

You mean:

R1 originate route : but because no iBGP connection to R2 ,THEN originate routeS, it goes through a eBGP to AS 200 and possible to come back with AS_PATH 200

and R2 accept this but in AS_PATH SEQ we have 200 [if iBGP not defined]

 

4-

So actually the use of the route-maps is highly recommended/necessary  even if no iBGP sessions between R1,R2 and R3,R4 are configured.

if we have iBGP also we have iBGP Loop prevention mechanism (AS_PATH)

and in AS for example 100 if together we have OSPF as IGP and iBGP we can refer to first example

 

5- this not clear for me what's mean by possible redistribution

The idea is that we deny = not allow all routes that have been originated on the protocol that should receive the redistributed routes using a match tag for OSPF routes when examined for possible redistribution into BGP, and using a match community when examining BGP routes for possible redistribution into OSPF.

 

thanks many from You and other experts participated in.

 

Hello cisc0.ameer,

I apologize for the possible confusion I have created here with two posts telling different things.

 

when BGP is involved using BGP community is the safer way to make controlled redistribution as some users have reported issues trying to use route tags on the BGP side ( I don't remember exactly if one of the two commands match tag or set tag was not supported when the route-map was applied to BGP in redistribution or BGP was not honoring the route tags, in any case I had provided an alternate solution using BGP community instead of route tags in that thread).

 

when I have written my first post in this thread I didn't remenber about this possible issue.

 

Many years ago I have tested a scenario like yours for a customer with OSPF - BGP - BGP - EIGRP involved and multiple routers used as ASBR nodes.

I think I have used BGP community in that case to make it working but it was 16 years ago.

 

>> above example includes BGP !!!How compare! here we have BGP also

I can make errors as any human being for this reason I have written the second post to point out possible issues of first proposed solution.

I would suggest you if you can to test both solutions and report issues ( if any) using route tags only.

 

About points 2) and 3) I have made some considerations but my final considerations is that we still need to use route-maps so I will not go in detail on this. I could have skipped these sentences.

 

>> if also we have External BGP with redistribution (BGP include) should use BGP community ?

As I have explained above it should be safer to use BGP community.

 

4)   my final consideration I would use route-maps in this scenario even if iBGP sessions are not present.

 

5)

The idea is that we deny = not allow all routes that have been originated on the protocol that should receive the redistributed routes using a match tag for OSPF routes when examined for possible redistribution into BGP, and using a match community when examining BGP routes for possible redistribution into OSPF.

 

Here with examing for possible redistribution I mean the router activity to process the BGP routes during redistribution into OSPF = inside the

redistribute route-map BGP-into-OSPF2 subnets

context.

To be noted redistribution is a dynamic process, routes are re-examined from time to time to see if any change has occurred.

 

I apologize for having written too many unnecessary comments to my second post that can create confusion.

 

Hope to help

Giuseppe

 

@Giuseppe Larosa  sir please Don't say like this this is your Favor and also magnanimity

----------------------------------------------------------------

when BGP is involved using BGP community is the safer way to make controlled redistribution as some users have reported issues trying to use route tags on the BGP side ( I don't remember exactly if one of the two commands match tag or set tag was not supported when the route-map was applied to BGP in redistribution or BGP was not honoring the route tags, in any case I had provided an alternate solution using BGP community instead of route tags in that thread).

Oh ! I see ... Yes SET or Match cause problem using for BGP , i see

 

I think I have used BGP community in that case to make it working but it was 16 years ago.

Oh! that time i was baby i think :D

I can make errors as any human being for this reason I have written the second post to point out possible issues of first proposed solution.

No it was perfect Idea for me also ,

I apologize for having written too many unnecessary comments to my second post that can create confusion

Sir , it is really help ful for me

thanks again

regards

router ospf 100

redistribute bgp 100 subnets route-map BGP-into-OSPF

!
router bgp 100

redistribute ospf 100 route-map OSPF-into-BGP

So to avoid routing loops or suboptimal routing the route-maps should be:

 

route-map OSPF-into-BGP deny 10

match tag 179

route-map OSPF-into-BGP permit 20

set tag 89


 

route-map BGP-into-OSPF deny 10

match tag 89

route-map BGP-into-OSPF permit 20

set tag 179

Yes , Yes i was looking for this 

Hello cisc0.ameer,

look also at my second post in this thread.

Because BGP is involved in that second post I provide an alternate solution using BGP community instead of route tags on BGP side.

Some users have reported issues with BGP and route tags in redistribution I have remembered of this only in a second moment.

 

thanks for your kind remarks

 

Hope to help

Giuseppe

 

balaji.bandi
Hall of Fame
Hall of Fame

You need to apply the route-map at AS border routers. example below will help you.

 

https://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/8606-redist.html#reqs

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

hello sir  @balaji.bandi

Yes, it's useful thanks for mentioning 

Review Cisco Networking for a $25 gift card