affects the information that is exchanged between
routers A and B and between them and router C. Unless you
configure another routing protocol and redistribute between it
and RIP, router A does not tell router C that it has a way to
reach the networks advertised by router B via RIP. Likewise,
router B does not tell router C that it has a way to reach the
networks advertised by router A via RIP. Redundancy is built
into this network. However, the three routers are not able to
use the redundancy effectively. For example, if the link
between router C and router A fails, router C does not know
that it has an alternate route through router B. In this
situation, route filtering should be configured. Web
Links Filtering Routes
http://www.cisco.com/en/US/tech/tk365
/technologies_tech_note09186a0080208748.shtml EIGRP Passive
Interface
http://www.cisco.com/en/US/tech/tk365
/technologies_tech_note09186a0080093f0a.shtml
Content
5.3 Controlling Routing Update Traffic
5.3.4 Configuring Route Filtering Using Distribute
Lists The passive interface technique prevents all routing
updates from being advertised out of an interface. However, in
many cases you do not want to prevent all routing information
from being advertised. You might want to block the
advertisement of only certain specific routes. For example, you
could use such a solution to prevent routing loops when you are
implementing two-way route redistribution with dual
redistribution points. Some ways to control or prevent dynamic
routing updates are as follows: - Passive
interface: Prevents all routing updates from being sent
through an interface. For EIGRP, OSPF, and IS-IS, this method
includes hello protocol packets.
- Default
routes: Instructs the router to send the packet to the
default route if it does not have a route for a given
destination. Therefore, dynamic routing updates about the
remote destinations are not necessary.
- Static
routes: Allows routes to remote destinations to be manually
configured in the router. Therefore, dynamic routing updates
about the remote destinations are not necessary.
Another way to control routing updates is with a distribute
list, which allows an access control list (ACL) to be applied
to routing updates. You may be familiar with ACLs associated
with an interface and used to control IP traffic. However,
routers can have many interfaces, and route information can
also be obtained through route redistribution, which does not
involve an interface at all. Additionally, ACLs do not affect
traffic that is originated by the router, so applying one to an
interface would have no effect on outgoing routing
advertisements. When you link an ACL to a distribute list,
routing updates can be controlled no matter what their source
is. Configure ACLs in global configuration mode, and then
configure the associated distribute list under the routing
protocol. The ACL should permit the networks that will be
advertised or redistributed and deny the networks that will
remain hidden. The router then applies the ACL to routing
updates for that protocol. Options in the
distribute-list command allow updates to be filtered
based on three factors: - Incoming interface
- Outgoing interface
- Redistribution from another
routing protocol
A distribute list gives the
administrator great flexibility in determining exactly which
routes the router distributes.
Content
5.3 Controlling Routing Update
Traffic 5.3.5 Implementing the Distribute
List You can filter routing update traffic for any protocol
by defining an ACL and applying it to a specific routing
protocol. You use the distribute-list command and link
it to an ACL to complete the filtering of routing update
traffic. (The inbound distribute-list command allows the
use of a route map instead of an ACL.) A distribute list
enables the filtering of routing updates coming into a specific
interface from neighboring routers using the same routing
protocol or going out of the interface toward the routers. A
distribute list also allows the filtering of routes
redistributed from other routing protocols or sources. To
configure a distribute list using an ACL, use the following
procedure: Step 1 Identify the network addresses that
you want to filter and create an ACL. Step 2 Determine
whether you want to filter traffic on an incoming interface, an
outgoing interface, or routes being redistributed from another
routing source. Step 3 Use the distribute-list
out command to assign the ACL to filter outgoing routing
updates or to assign it to routes being redistributed into the
protocol. Figure displays the command parameters.
Note
The distribute-list out command cannot
be used with link-state routing protocols for blocking outbound
link-state advertisements (LSAs) on an interface. Step
4 Use the distribute-list in command to assign the
ACL to filter incoming routing updates coming in through an
interface. This command prevents most routing protocols from
placing the filtered routes in their database. When this
command is used with OSPF, the routes are placed in the
database but not the routing table. Figure displays the command
parameters. Figure provides an example of an outbound
distribute list. The configured distribute list will deny the
advertising of network 10.1.1.0 from exiting the serial 2
interface on router RTA. Figure provides an example of an
inbound distribute list. The configured distribute list will
deny the advertising of network 10.1.1.0 from entering the
serial 0 interface on router RTZ.
Content
5.3 Controlling Routing Update Traffic
5.3.6 Filtering Routing Updates with a Distribute
List The distribute-list 7 out s0 command in Figure
applies ACL 7 as a route filter for EIGRP routing updates sent
out from interface serial 0 to other routers running this
routing protocol. ACL 7 is a standard ACL that permits routing
information regarding network 172.16.0.0 only. The implicit
deny any at the end of the ACL prevents routing updates about
any other networks from being advertised. As a result, network
10.0.0.0 is hidden from the rest of the network.
Content
5.3 Controlling Routing Update Traffic
5.3.7 Controlling Redistribution with Distribute
Lists With mutual redistribution, using a distribute list
helps prevent route feedback, which also helps prevent routing
loops. Route feedback occurs when routes originally learned
from one routing protocol are redistributed back into that
protocol. As shown in Figure , two-way redistribution is
completed between RIP and OSPF. Networks 10.1.0.0 to 10.3.0.0
redistribute from RIP into OSPF. Route feedback could occur if
another redistribution point is configured (router D) and OSPF
then redistributes those networks back into RIP. ACL 2 allows
the original RIP routes and denies all others. The distribute
list configured under OSPF refers to this ACL. The result is
that networks 10.8.0.0 to 10.11.0.0, originated by OSPF, cannot
be redistributed back into OSPF from RIP. Redistribution into
RIP from OSPF is filtered with ACL 3. Router D will have a
similar configuration to Router B. A distribute list hides
network information, which could be considered a drawback in
some circumstances. In a network with redundant paths, the goal
of using a distribute list may be to prevent routing loops. The
distribute list permits routing updates that enable only the
desired paths to be advertised. Therefore, other routers in the
network do not know about other ways to reach the filtered
networks.
Content 5.4 Policy-based Routing
5.4.1 Defining Route Maps Route maps are
similar to complex ACLs, but are much more powerful. They are
also much more flexible than ACLs and can handle situations
that are not possible with ACLs. Route maps might also use
complex ACLs. They allow conditions to be tested against a