OSPF and ISIS dual point dual distribution

2. Knowledge points

1. OSPF and ISIS dual-point bidirectional redistribution

Introducing the routes of two routing domains to each other on the border router is called bidirectional route redistribution. There are two border routers in two routing domains, and both perform bidirectional route redistribution. This is called two-point bidirectional route redistribution. Dual-point bidirectional route redistribution is a classic routing model. Since single-point bidirectional route redistribution lacks redundancy, once the single-point border router fails, communication problems between the two routing domains may occur. Therefore, dual-point bidirectional route redistribution is generally used in large-scale network deployments. Although two-point bidirectional reroute advertisement enhances network reliability, it can easily cause problems such as suboptimal paths and routing loops.

2. Topology

3. Configuration command:

R1 configuration:

ospf 1 router-id 1.1.1.1
import-route direct
area 0.0.0.0
network 192.168.12.0 0.0.0.255
network 192.168.13.0 0.0.0.255
R2 configuration:
[R2]ospf 1 router-id 2.2.2.2
[R2-ospf-1]area 0
[R2-ospf-1-area-0.0.0.0]network 192.168.12.0 0.0.0.255
[R2-ospf-1]q
[R2]isis 1
[R2-isis-1]network-entity 49.0001.0000.0000.0002.00
[R2-isis-1]is-level level-1-2
[R2-isis-1]q
[R2]int g0/0/1
[R2-GigabitEthernet0/0/1]isis enable 1
[R2-GigabitEthernet0/0/1]q
[R2]isis 1
[R2-isis-1]import-route ospf 1
[R2-isis-1]q
[R2]ospf 1
[R2-ospf-1]import-route isis 1 ** //The LEVEL -2 database is imported by default. If it is imported into the level 1 database, the device where the loop occurs will change**
R3 configuration:
[R3]ospf 1 router-id 3.3.3.3
[R3-ospf-1]area 0
[R3-ospf-1-area-0.0.0.0]network 192.168.13.0 0.0.0.255
[R3-ospf-1-area-0.0.0.0]q
[R3]isis 1
[R3-isis-1]network-entity 49.0001.0000.0000.0003.00
[R3-isis-1]q
[R3]int g0/0/1
[R3-GigabitEthernet0/0/1]isis enable 1
[R3-GigabitEthernet0/0/1]q
[R3]isis 1
[R3-isis-1]import-route ospf 1
[R3-isis-1]q
[R3]ospf 1
[R3-ospf-1]import-route isis 1
R4 configuration:
[R4]isis 1
[R4-isis-1]network-entity 49.0001.0000.0000.0004.00
[R4-isis-1]q
[R4]int g0/0/0
[R4-GigabitEthernet0/0/0]isis enable 1
[R4-GigabitEthernet0/0/0]q
[R4]int g0/0/1
[R4-GigabitEthernet0/0/1]isis enable 1
After implementing dual-point bidirectional introduction, the following problems exist: Routing loops and suboptimal paths
1) Test routing loop
[R4]ping 10.10.1.1
PING 10.10.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.10.1.1: bytes=56 Sequence=1 ttl=254 time=40 ms
Reply from 10.10.1.1: bytes=56 Sequence=2 ttl=254 time=30 ms
Reply from 10.10.1.1: bytes=56 Sequence=3 ttl=254 time=20 ms
Reply from 10.10.1.1: bytes=56 Sequence=4 ttl=254 time=20 ms
Reply from 10.10.1.1: bytes=56 Sequence=5 ttl=254 time=30 ms
[R4]tracert 10.10.1.1
traceroute to 10.10.1.1(10.10.1.1), max hops: 30,packet length: 40
1 192.168.24.2 30 ms 10 ms 20 ms
2 192.168.12.1 20 ms 20 ms 20 ms
Delete the LO interface on R1:
[R1]undo interface LoopBack 0
Test on R4 again;
[R4]tracert 10.10.1.1
traceroute to 10.10.1.1(10.10.1.1), max hops: 30,packet length: 40,press CTRL
_C to break
1 192.168.24.2 40 ms 20 ms 20 ms
2 192.168.12.1 20 ms 20 ms 20 ms
3 192.168.13.3 20 ms 30 ms 20 ms
4 192.168.34.4 10 ms 20 ms 10 ms
5 192.168.24.2 30 ms 30 ms 40 ms
6 192.168.12.1 30 ms 30 ms 30 ms
7 192.168.13.3 40 ms 40 ms 30 ms
8 192.168.34.4 30 ms 20 ms 30 ms
9 192.168.24.2 40 ms 30 ms 30 ms
10 192.168.12.1 40 ms 40 ms 40 ms
11 192.168.13.3 50 ms 40 ms 60 ms
12 192.168.34.4 40 ms 40 ms 30 ms
13 192.168.24.2 60 ms 50 ms 70 ms
14 192.168.12.1 50 ms 60 ms 50 ms
15 192.168.13.3 70 ms 50 ms 70 ms
16 192.168.34.4 50 ms 50 ms 50 ms
17 192.168.24.2 70 ms 60 ms 80 ms
18 192.168.12.1 70 ms 80 ms 70 ms
19 192.168.13.3 60 ms 70 ms 80 ms
20 192.168.34.4 60 ms 70 ms 60 ms
21 192.168.24.2 90 ms 80 ms 80 ms
22 192.168.12.1 80 ms 70 ms 100 ms
23 192.168.13.3 80 ms 70 ms 80 ms
24 192.168.34.4 70 ms 80 ms 70 ms
25 192.168.24.2 90 ms 90 ms 80 ms
26 192.168.12.1 100 ms 110 ms 100 ms
27 192.168.13.3 80 ms 100 ms 70 ms
28 192.168.34.4 90 ms 100 ms 90 ms
29 192.168.24.2 90 ms 90 ms 100 ms
30 192.168.12.1 90 ms 90 ms 90 ms
[R4]
2) Check the sub-optimal path
Restore interface:
[R1]interface LoopBack 0
[R1-LoopBack0]ip add 10.10.1.1 32
[R3]dis ospf routing
OSPF Process 1 with Router ID 3.3.3.3
Routing Tables
Routing for Network
Destination Cost Type NextHop AdvRouter Area
192.168.13.0/24 1 Transit 192.168.13.3 3.3.3.3 0.0.0.0
192.168.12.0/24 2 Transit 192.168.13.1 1.1.1.1 0.0.0.0
Routing for ASEs
Destination Cost Type Tag NextHop AdvRouter
10.10.1.1/32 1 Type2 1 192.168.13.1 1.1.1.1
192.168.24.0/24 1 Type2 1 192.168.13.1 2.2.2.2
192.168.34.0/24 1 Type2 1 192.168.13.1 2.2.2.2
Total Nets: 5
Intra Area: 2 Inter Area: 0 ASE: 3 NSSA: 0
[R3]disip routing-table
Route Flags: R - relay, D - download to fib
Routing Tables: Public
Destinations: 13 Routes: 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.10.1.1/32 ISIS-L2 15 84 D 192.168.34.4 GigabitEthernet0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.12.0/24 OSPF 10 2 D 192.168.13.1 GigabitEthernet

It is found through the topology map that R3 accesses 10.10.1.1 through the external route learned by OSPF. The priority 150 is the shortest path to the interface on R1.

But on R3, the 10.10.1.1 priority learned from ISIS is 15, so R3 thinks that the route through ISIS is the optimal path for forwarding data. In fact, it has chosen the suboptimal path.

Solving routing loop problems: Methods 1

In the actual application of route redistribution, route matching through IP prefixes is feasible, but when the network scale is large, the configuration workload is heavy; route matching through Tag can greatly simplify the configuration workload.

[R2]isis 1
[R2-isis-1]cost-style wide // If ISIS routing needs to support TAG, it must use wide type cost, otherwise ISIS routing cannot carry TAG mark

1) Filter clockwise:

R2: OSPF ->Isis tag 100
[R2]ip ip-prefix 10 index 10 permit 10.10.1.1 32
[R2]route-policy 10 permit node 10
[R2-route-policy]if-match ip-prefix 10
[R2-route-policy]apply tag 100
[R2-route-policy]q
[R2]isis 1
[R2-isis-1]import-route ospf 1 route-policy 10
[R2-isis-1]q
R3: ISIS->OSPF filter tag 100
[R3]route-policy 10 deny node 10
[R3-route-policy]if-match tag 100
[R3-route-policy]q
[R3]route-policy 10 permit node 20
[R3-route-policy]q
[R3]ospf 1
[R3-ospf-1]import-route isis 1 route-policy 10
-
R3: ISIS ->OSPF TAG 200
[R3]ip ip-prefix 20 index 20 permit 10.10.1.1 32
[R3]route-policy 20 permit node 20
[R3-route-policy]if-match ip-prefix 20
[R3-route-policy]apply tag 200
[R3-route-policy]q
[R3]ospf 1
[R3-ospf-1]import-route isis 1 route-policy 20
R2: OSPF->ISIS filtering TAG 200
[R2]route-policy 20 deny node 20
[R2-route-policy]if-match tag 200
[R2-route-policy]q
[R2]route-policy 20 permit node 30
[R2-route-policy]q
[R2]isis 1
[R2-isis-1]import-route ospf 1 route-policy 20
For the above operations, on one device and in the same direction, a policy name needs to be set, otherwise it will be overwritten when a protocol is introduced internally, so make the following changes:
[R3]undo route-policy 20
[R3]route-policy 10 permit node 20
[R3-route-policy]if-match ip-prefix 20
[R3-route-policy]apply tag 200
[R3]route-policy 10 permit node 30
[R2]undo route-policy 20
[R2]route-policy 10 deny node 20
[R2-route-policy]if-match tag 200
R2]route-policy 10 deny node 30
Counterclockwise filtering:
[R2]route-policy 20 deny node 10 //Introduce R3 into the OSPF routing of ISIS and filter out the routes tagged with 400 and no longer transmit them back to OSPF.
[R2-route-policy]if-match tag 400
[R2-route-policy]q
[R2]route-policy 20 permit node 20 //Introduce ISIS to OSPF route and tag 300
[R2-route-policy]if-match ip-prefix 10
[R2-route-policy]apply tag 300
[R2-route-policy]q
[R2]route-policy 20 permit node 30
[R2-route-policy]q
[R2]ospf 1
[R2-ospf-1]import-route isis 1 route-policy 20
[R3]route-policy 20 deny node 10 //Introduce R2 into OSPF's ISIS route and tag 300 routes. Filter them out and no longer transmit them back to ISIS.
[R3-route-policy]if-match tag 300
[R3-route-policy]q
[R3]route-policy 20 permit node 20 //Introduce OSPF route to ISIS and tag 400
[R3-route-policy]if-match ip-prefix 20
[R3-route-policy]apply tag 400
[R3-route-policy]q
[R3]route-policy 20 permit node 30
[R3]isis 1
[R3-isis-1]import-route ospf 1 route-policy 20
[R3]dis isis route verbose 10.10.1.1
Route information for ISIS(1)
--------------------------
ISIS(1) Level-2 Redistribute Table
----------------------------------
Type IPV4 Destination IntCost ExtCost Tag
O 10.10.1.1/32 0 NULL 400
[R2]disip routing-table 10.10.1.1 verbose
Route Flags: R - relay, D - download to fib
Routing Table: Public
Summary Count: 2
Destination: 10.10.1.1/32
Protocol: ISIS-L2 Process ID: 1
Preference: 15 Cost: 20
NextHop: 192.168.24.4 Neighbor: 0.0.0.0
State: Active Adv Age: 00h30m30s
Tag: 400 Priority: medium
Label: NULL QoSInfo: 0x0
IndirectID: 0x0
RelayNextHop: 0.0.0.0 Interface: GigabitEthernet0/0/1
TunnelID: 0x0 Flags: D
[R4]dis ip routing-table verbose
Route Flags: R - relay, D - download to fib
Routing Tables: Public
Destinations: 11 Routes: 12
Destination: 10.10.1.1/32
Protocol: ISIS-L2 Process ID: 1
Preference: 15 Cost: 10
NextHop: 192.168.24.2 Neighbor: 0.0.0.0
State: Active Adv Age: 00h05m12s
Tag: 100 Priority: medium
Label: NULL QoSInfo: 0x0
IndirectID: 0x0
RelayNextHop: 0.0.0.0 Interface: GigabitEthernet0/0/0
TunnelID: 0x0 Flags: D
Destination: 10.10.1.1/32
Protocol: ISIS-L2 Process ID: 1
Preference: 15 Cost: 10
NextHop: 192.168.34.3 Neighbor: 0.0.0.0
State: Active Adv Age: 00h04m56s
Tag: 400 Priority: medium
Label: NULL QoSInfo: 0x0
IndirectID: 0x0
RelayNextHop: 0.0.0.0 Interface: GigabitEthernet0/0/1
TunnelID: 0x0 Flags: D
[R1]dis ospf lsdb ase 192.168.34.0
[R1]dis ospf routing
verify:
[R1]undo interface LoopBack 0
[R4]tracert 10.10.1.1
traceroute to 10.10.1.1(10.10.1.1), max hops: 30,packet length: 40,press CTRL
_C to break
1 192.168.34.3 20 ms 20 ms 20 ms
2 192.168.13.1 20 ms 20 ms 20 ms
[R4]tracert 10.10.1.1
traceroute to 10.10.1.1(10.10.1.1), max hops: 30,packet length: 40,press CTRL
_C to break 

Method Two:

Solution 2: When introducing IS-IS routes into OSPF on R3, filter out the 10.1.1.0/24 route through Route-Policy.

Do the following on R3:

[R3] acl 2001[R3-acl-basic-2001] rule 5 deny source 10.1.1.0 0[R3-acl-basic-2001] rule 10 permit[R3] route-policy RP permit node 10[R3- route-policy] if-match 2001[R3-route-policy] quit[R3] ospf[R3-ospf-1] import-route isis 1 route-policy RP
Solving the suboptimal path problem: Method 1
[R2]dis ip routing-table
Route Flags: R - relay, D - download to fib
Routing Tables: Public
Destinations: 13 Routes: 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.10.1.1/32 ISIS-L2 15 20 D 192.168.24.4 GigabitEthernet0/0/1 ** // Found that R2 went to 10.1.1.1 and chose this route from isis priority 15 **
[R2]acl 2000
[R2-acl-basic-2000]rule permit source 10.10.1.0 0.0.0.255
[R2-acl-basic-2000]q
[R2]route-policy pref permit node 10
[R2-route-policy]if-match acl 2000
[R2-route-policy]apply preference 14 //Change the priority value to 14
[R2-route-policy]q
[R2]ospf 1
[R2-ospf-1]preference ase route-policy pref ** //Call the policy in the OSPF 1 process and change the OSPF external route 150 to 14**
[R2-ospf-1]q
[R2]dis ip routing-table **//Discover the route to 10.1.1.1 and select priority 14 **
Same as above for R3
#
acl number 2000
rule 5 permit source 10.10.1.0 0.0.0.255
#
#
route-policy pref permit node 10
if-match acl 2000
apply preference 160
#
#
isis 1
preference route-policy pref
#

After the operation, you will find that the external route with OSPF priority 150 will be selected on R3 to go to 10.1.1.1.

Method Two:

Solution 2: In the IS-IS process of R3, use Filter-Policy to prohibit the 10.1.1.0/24 route from R4 from being added to the local routing table.
Do the following on R3:

[R3] acl 2001[R3-acl-basic-2001] rule 5 deny source 10.1.1.0 0[R3-acl-basic-2001] rule 10 permit[R3] isis[R3-isis-1] filter- policy 2001 import

1) (Short answer question) What are the functions of Filter-Policy export in OSPF and BGP?

Its function in OSPF is to filter routing entries introduced into OSPF from other routing protocols;

Its function in BGP is to limit the routing entries published locally.

2) (Short answer question) What is the logical relationship between multiple Route-Policy nodes? What is the logical relationship between multiple conditional statements within a node?

The logical relationship between nodes is OR,

The logical relationship between conditional statements is AND.

Summary:

When controlling the publishing and receiving of routes, you need to first capture the corresponding routes using a matcher. The most common matchers include ACL and IP-Prefix List. Both Filter-Policy and Route-Policy can be used to filter when publishing and receiving routes, but it should be noted that using Filter-Policy in the link state routing protocol does not filter link state information normally, but only affects the local routing table. . Route-Policy can flexibly modify the attributes of routes when publishing and receiving routes.

More resources——>Black pineapple (zhangwujistudy) – Gitee.com