|
Home > Archive > alt.certification.cisco > August 2003 > IS-IS route filtering question
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
IS-IS route filtering question
|
|
|
| This is addressed to anyone who knows how to use route filtering in IS-IS.
The network diagram is:
Router _A ------------ Router_B ------------ Router_C
The adjacency between Router_A and Router_B is level-2; the adjacency
between Router_B and Router_C is level-1-2. Routers are connected by
point-to-point serial links.
Is it possible to implement route filtering of external routes redistributed
by Router_A in Router_B? The purpose of the exercise is to block certain
routes redistributed by Router_A from reaching Router_C.
Let's say there're two loopback IP addresses configured on Router_A:
loopback 0: 10.1.0.1 255.255.255.0
loopback 1: 10.1.1.1 255.255.255.0
Router_A redistributes these external networks:
router isis
redistribute connected metric-type internal metric 9 level-2
I want to be able to filter out 10.1.1.0, but to allow 10.1.0.0
I know how configure Router_A for filtering out external routes
redistributed by Router_A, using the "redistribute" command, a route-map,
and an acess-list. However, using IOS 11.2, I can't implement the
"distribute-list" command on Router_B to disallow route 10.1.1.0 from
reaching Router_A. Can the "distribute-list command be used on Router_B for
this purpose? If you know how to use it, would you post it here? Also, could
you specify the version of your IOS?
Many thanks,
Grey
| |
| Ronnie Higginbotham 2003-08-22, 9:25 pm |
| You could apply a route map on Router A and apply that to the connected
redistribution. But that would also block that route going to Router B. I
don't think you can do what you are wanting to do. ISIS is not like BGP.
I am still trying to figure out all the corks with ISIS myself. Not to may
books about redistribution with ISIS.
Ronnie
"Grey" <bbb@ccc.com> wrote in message
news pGcnSRoq7kvpduiXTWJhw@co
mcast.com...
> This is addressed to anyone who knows how to use route filtering in IS-IS.
>
> The network diagram is:
>
> Router _A ------------ Router_B ------------ Router_C
>
> The adjacency between Router_A and Router_B is level-2; the adjacency
> between Router_B and Router_C is level-1-2. Routers are connected by
> point-to-point serial links.
>
> Is it possible to implement route filtering of external routes
redistributed
> by Router_A in Router_B? The purpose of the exercise is to block
certain
> routes redistributed by Router_A from reaching Router_C.
>
> Let's say there're two loopback IP addresses configured on Router_A:
>
> loopback 0: 10.1.0.1 255.255.255.0
> loopback 1: 10.1.1.1 255.255.255.0
>
> Router_A redistributes these external networks:
> router isis
> redistribute connected metric-type internal metric 9 level-2
>
> I want to be able to filter out 10.1.1.0, but to allow 10.1.0.0
>
> I know how configure Router_A for filtering out external routes
> redistributed by Router_A, using the "redistribute" command, a route-map,
> and an acess-list. However, using IOS 11.2, I can't implement the
> "distribute-list" command on Router_B to disallow route 10.1.1.0 from
> reaching Router_A. Can the "distribute-list command be used on Router_B
for
> this purpose? If you know how to use it, would you post it here? Also,
could
> you specify the version of your IOS?
>
> Many thanks,
>
> Grey
>
>
| |
| Ronnie Higginbotham 2003-08-22, 10:25 pm |
| I did a little reading. Try this and let me know if it works.
On router B try
router isis
redistribute isis ip level-2 into level-1 distribute-list <acl>
"Ronnie Higginbotham" <rhigginb@swbell.net> wrote in message
news:qSy1b.3093$TC.2467@newssvr22.news.prodigy.com...
> You could apply a route map on Router A and apply that to the connected
> redistribution. But that would also block that route going to Router B. I
> don't think you can do what you are wanting to do. ISIS is not like BGP.
>
> I am still trying to figure out all the corks with ISIS myself. Not to
may
> books about redistribution with ISIS.
>
> Ronnie
>
>
>
>
> "Grey" <bbb@ccc.com> wrote in message
> newspGcnSRoq7kvpduiXTWJhw@co
mcast.com...
> > This is addressed to anyone who knows how to use route filtering in
IS-IS.
> >
> > The network diagram is:
> >
> > Router _A ------------ Router_B ------------ Router_C
> >
> > The adjacency between Router_A and Router_B is level-2; the adjacency
> > between Router_B and Router_C is level-1-2. Routers are connected by
> > point-to-point serial links.
> >
> > Is it possible to implement route filtering of external routes
> redistributed
> > by Router_A in Router_B? The purpose of the exercise is to block
> certain
> > routes redistributed by Router_A from reaching Router_C.
> >
> > Let's say there're two loopback IP addresses configured on Router_A:
> >
> > loopback 0: 10.1.0.1 255.255.255.0
> > loopback 1: 10.1.1.1 255.255.255.0
> >
> > Router_A redistributes these external networks:
> > router isis
> > redistribute connected metric-type internal metric 9 level-2
> >
> > I want to be able to filter out 10.1.1.0, but to allow 10.1.0.0
> >
> > I know how configure Router_A for filtering out external routes
> > redistributed by Router_A, using the "redistribute" command, a
route-map,
> > and an acess-list. However, using IOS 11.2, I can't implement the
> > "distribute-list" command on Router_B to disallow route 10.1.1.0 from
> > reaching Router_A. Can the "distribute-list command be used on Router_B
> for
> > this purpose? If you know how to use it, would you post it here? Also,
> could
> > you specify the version of your IOS?
> >
> > Many thanks,
> >
> > Grey
> >
> >
>
>
| |
|
| Ronnie,
Thanks for your response and the time you spent researching.
What you suggested is called "route leaking". On L1/L2 routers, level-2
routes received over level-2 adjacencies from Level-2-only routers normally
don't leak into their own level-1 LSPs sent to other routers. Level-1 routes
received over level-1 adjacencies by L1/L2 routers, on the other hand,
always leak into their level-2 LSPs that they send to other routers. That's
why a L1/L2 router sets the ATT bit to 1 in its level-1 LSP. This way a
Level-1 router can reach the backbone via the L1/L2 router by using the
default route. It's possible to configure a L1/L2 router to leak received
Level-2 routes into its Level-1 LSPs. The command you suggested is used for
that purpose . However, It's not going to work in my case for two reasons:
1. Router_C is a L1/L2 router, so even if I leak level-2 routes into level-1
LSP on Router_B, using the distribute list that blocks 10.1.1.0, Router_C
will still get both 10.1.1.0 and 10.1.0.0 through the Level-2 LSP from
Router_B (L1/L2 router).
2. The command you suggested was introduced only in the IOS version 12.0(T).
Route leaking was first available in the IOS version 12.0 (S), but the
command had a different syntax: advertise ip l2-into-l1 <extended_acl>.
Since I only have 8 mb of Flash in my routers, and the Enterprise feature
set is needed to run IS-IS, the most up-to-date IOS I can run is version
11.2, which doesn't have "route leaking" capabilities.
Are you studying for BSCI? If so, I'd like to know which books you are
using. I got a lot of good information on IS-IS from the CIM "IP Routing:
Link State Protocols" by Ciscopress. I admit I may be overdoing it a little
as far as the depth of the labs goes. I've completed labs that cover route
redistribution (both internal and external metric-types); route
summarization (external and internal); IS-IS route filtering, clns packet
filtering, IS-IS and CLNS adjacency filtering; domain, area and IS-IS
authentication, etc. The chapter on IS-IS from "Building Scalable Cisco
Internetworks" by Catherine Paquet and Diane Teare doesn't seem to go into
enough depth, though. Todd Lammle's chapter on IS-IS is laughable. The CIM I
mentioned above seems to complement BSCI course book very nicely.
Unfortunately, I have no idea how much IS-IS is on the test, so I may be
moving too slowly, but I'm learning a lot of stuff! The end goal is to work
with that stuff, so learning as much as possible now should pay off in the
future.
Grey
"Ronnie Higginbotham" <rhigginb@swbell.net> wrote in message
news:lGz1b.3095$9T.1223@newssvr22.news.prodigy.com...
> I did a little reading. Try this and let me know if it works.
>
> On router B try
>
> router isis
> redistribute isis ip level-2 into level-1 distribute-list <acl>
>
>
> "Ronnie Higginbotham" <rhigginb@swbell.net> wrote in message
> news:qSy1b.3093$TC.2467@newssvr22.news.prodigy.com...
> > You could apply a route map on Router A and apply that to the connected
> > redistribution. But that would also block that route going to Router B.
I
> > don't think you can do what you are wanting to do. ISIS is not like BGP.
> >
> > I am still trying to figure out all the corks with ISIS myself. Not to
> may
> > books about redistribution with ISIS.
> >
> > Ronnie
> >
> >
> >
> >
> > "Grey" <bbb@ccc.com> wrote in message
> > newspGcnSRoq7kvpduiXTWJhw@co
mcast.com...
> > > This is addressed to anyone who knows how to use route filtering in
> IS-IS.
> > >
> > > The network diagram is:
> > >
> > > Router _A ------------ Router_B ------------ Router_C
> > >
> > > The adjacency between Router_A and Router_B is level-2; the adjacency
> > > between Router_B and Router_C is level-1-2. Routers are connected by
> > > point-to-point serial links.
> > >
> > > Is it possible to implement route filtering of external routes
> > redistributed
> > > by Router_A in Router_B? The purpose of the exercise is to block
> > certain
> > > routes redistributed by Router_A from reaching Router_C.
> > >
> > > Let's say there're two loopback IP addresses configured on Router_A:
> > >
> > > loopback 0: 10.1.0.1 255.255.255.0
> > > loopback 1: 10.1.1.1 255.255.255.0
> > >
> > > Router_A redistributes these external networks:
> > > router isis
> > > redistribute connected metric-type internal metric 9 level-2
> > >
> > > I want to be able to filter out 10.1.1.0, but to allow 10.1.0.0
> > >
> > > I know how configure Router_A for filtering out external routes
> > > redistributed by Router_A, using the "redistribute" command, a
> route- map,
> > > and an acess-list. However, using IOS 11.2, I can't implement the
> > > "distribute-list" command on Router_B to disallow route 10.1.1.0 from
> > > reaching Router_A. Can the "distribute-list command be used on
Router_B
> > for
> > > this purpose? If you know how to use it, would you post it here? Also,
> > could
> > > you specify the version of your IOS?
> > >
> > > Many thanks,
> > >
> > > Grey
> > >
> > >
> >
> >
>
>
| |
| Ronnie Higginbotham 2003-08-23, 10:24 am |
| Sorry that didn't work. Unfortunately I haven't seen to many book on ISIS.
I have the ISIS Design guide my Abe Martey it is ok but not to many
examples. Just talks about the theory.
Jeff Doyle's Vol 1 of Routing TCP IP has a chapter in it also. I am going to
read it today. I also have the BSCI book.
I am studying for my CCIE lab, which is coming up in September. Hopefully I
will pass.
The book I used for my BSCI was the Building Scalable Cisco Internetworks
that you have.
Ronnie
Good Luck in your studies.
"Grey" <bbb@ccc.com> wrote in message
news:n4ednQATkrgZf9uiU-KYuA@comcast.com...
> Ronnie,
>
> Thanks for your response and the time you spent researching.
>
> What you suggested is called "route leaking". On L1/L2 routers, level-2
> routes received over level-2 adjacencies from Level-2-only routers
normally
> don't leak into their own level-1 LSPs sent to other routers. Level-1
routes
> received over level-1 adjacencies by L1/L2 routers, on the other hand,
> always leak into their level-2 LSPs that they send to other routers.
That's
> why a L1/L2 router sets the ATT bit to 1 in its level-1 LSP. This way a
> Level-1 router can reach the backbone via the L1/L2 router by using the
> default route. It's possible to configure a L1/L2 router to leak received
> Level-2 routes into its Level-1 LSPs. The command you suggested is used
for
> that purpose . However, It's not going to work in my case for two reasons:
>
> 1. Router_C is a L1/L2 router, so even if I leak level-2 routes into
level-1
> LSP on Router_B, using the distribute list that blocks 10.1.1.0, Router_C
> will still get both 10.1.1.0 and 10.1.0.0 through the Level-2 LSP from
> Router_B (L1/L2 router).
> 2. The command you suggested was introduced only in the IOS version
12.0(T).
> Route leaking was first available in the IOS version 12.0 (S), but the
> command had a different syntax: advertise ip l2-into-l1 <extended_acl>.
> Since I only have 8 mb of Flash in my routers, and the Enterprise feature
> set is needed to run IS-IS, the most up-to-date IOS I can run is version
> 11.2, which doesn't have "route leaking" capabilities.
>
> Are you studying for BSCI? If so, I'd like to know which books you are
> using. I got a lot of good information on IS-IS from the CIM "IP Routing:
> Link State Protocols" by Ciscopress. I admit I may be overdoing it a
little
> as far as the depth of the labs goes. I've completed labs that cover
route
> redistribution (both internal and external metric-types); route
> summarization (external and internal); IS-IS route filtering, clns packet
> filtering, IS-IS and CLNS adjacency filtering; domain, area and IS-IS
> authentication, etc. The chapter on IS-IS from "Building Scalable Cisco
> Internetworks" by Catherine Paquet and Diane Teare doesn't seem to go into
> enough depth, though. Todd Lammle's chapter on IS-IS is laughable. The CIM
I
> mentioned above seems to complement BSCI course book very nicely.
> Unfortunately, I have no idea how much IS-IS is on the test, so I may be
> moving too slowly, but I'm learning a lot of stuff! The end goal is to
work
> with that stuff, so learning as much as possible now should pay off in the
> future.
>
> Grey
>
>
>
> "Ronnie Higginbotham" <rhigginb@swbell.net> wrote in message
> news:lGz1b.3095$9T.1223@newssvr22.news.prodigy.com...
> > I did a little reading. Try this and let me know if it works.
> >
> > On router B try
> >
> > router isis
> > redistribute isis ip level-2 into level-1 distribute-list <acl>
> >
> >
> > "Ronnie Higginbotham" <rhigginb@swbell.net> wrote in message
> > news:qSy1b.3093$TC.2467@newssvr22.news.prodigy.com...
> > > You could apply a route map on Router A and apply that to the
connected
> > > redistribution. But that would also block that route going to Router
B.
> I
> > > don't think you can do what you are wanting to do. ISIS is not like
BGP. [colo
r=darkred]
> > >
> > > I am still trying to figure out all the corks with ISIS myself. Not[/color]
to
> > may
> > > books about redistribution with ISIS.
> > >
> > > Ronnie
> > >
> > >
> > >
> > >
> > > "Grey" <bbb@ccc.com> wrote in message
> > > newspGcnSRoq7kvpduiXTWJhw@co
mcast.com...
> > > > This is addressed to anyone who knows how to use route filtering in
> > IS-IS.
> > > >
> > > > The network diagram is:
> > > >
> > > > Router _A ------------ Router_B ------------ Router_C
> > > >
> > > > The adjacency between Router_A and Router_B is level-2; the
adjacency
> > > > between Router_B and Router_C is level-1-2. Routers are connected by
> > > > point-to-point serial links.
> > > >
> > > > Is it possible to implement route filtering of external routes
> > > redistributed
> > > > by Router_A in Router_B? The purpose of the exercise is to block
> > > certain
> > > > routes redistributed by Router_A from reaching Router_C.
> > > >
> > > > Let's say there're two loopback IP addresses configured on Router_A:
> > > >
> > > > loopback 0: 10.1.0.1 255.255.255.0
> > > > loopback 1: 10.1.1.1 255.255.255.0
> > > >
> > > > Router_A redistributes these external networks:
> > > > router isis
> > > > redistribute connected metric-type internal metric 9 level-2
> > > >
> > > > I want to be able to filter out 10.1.1.0, but to allow 10.1.0.0
> > > >
> > > > I know how configure Router_A for filtering out external routes
> > > > redistributed by Router_A, using the "redistribute" command, a
> > route-map,
> > > > and an acess-list. However, using IOS 11.2, I can't implement the
> > > > "distribute-list" command on Router_B to disallow route 10.1.1.0
from[
color=darkred]
> > > > reaching Router_A. Can the "distribute-list command be used on
> Router_B
> > > for
> > > > this purpose? If you know how to use it, would you post it here?[/color]
Also,
> > > could
> > > > you specify the version of your IOS?
> > > >
> > > > Many thanks,
> > > >
> > > > Grey
> > > >
> > > >
> > >
> > >
> >
> >
>
>
| |
|
| Ronnie,
Check out that CIM by Ciscopress, "IP Routing: Link State Protocols. It's
definitely worth the time and the money. It has two chapters on IS-IS, two
chapters on OSPF, a chapter on access lists, and then some Cisco routing
issues that I haven't seen in other books. IT has over 10 labs on OSPF and
over 10 labs on IS-IS. If you think you may need some IS-IS for your test,
it's worth spending time with.
Grey
"Ronnie Higginbotham" <rhigginb@swbell.net> wrote in message
news:CAK1b.3148$el5.1893@newssvr22.news.prodigy.com...
> Sorry that didn't work. Unfortunately I haven't seen to many book on ISIS.
>
> I have the ISIS Design guide my Abe Martey it is ok but not to many
> examples. Just talks about the theory.
>
> Jeff Doyle's Vol 1 of Routing TCP IP has a chapter in it also. I am going
to
> read it today. I also have the BSCI book.
>
> I am studying for my CCIE lab, which is coming up in September. Hopefully
I
> will pass.
>
> The book I used for my BSCI was the Building Scalable Cisco Internetworks
> that you have.
>
> Ronnie
>
> Good Luck in your studies.
>
>
>
> "Grey" <bbb@ccc.com> wrote in message
> news:n4ednQATkrgZf9uiU-KYuA@comcast.com...
> > Ronnie,
> >
> > Thanks for your response and the time you spent researching.
> >
> > What you suggested is called "route leaking". On L1/L2 routers, level-2
> > routes received over level-2 adjacencies from Level-2-only routers
> normally
> > don't leak into their own level-1 LSPs sent to other routers. Level-1
> routes
> > received over level-1 adjacencies by L1/L2 routers, on the other hand,
> > always leak into their level-2 LSPs that they send to other routers.
> That's
> > why a L1/L2 router sets the ATT bit to 1 in its level-1 LSP. This way a
> > Level-1 router can reach the backbone via the L1/L2 router by using the
> > default route. It's possible to configure a L1/L2 router to leak
received
> > Level-2 routes into its Level-1 LSPs. The command you suggested is used
> for
> > that purpose . However, It's not going to work in my case for two
reasons:
> >
> > 1. Router_C is a L1/L2 router, so even if I leak level-2 routes into
> level-1
> > LSP on Router_B, using the distribute list that blocks 10.1.1.0,
Router_C
> > will still get both 10.1.1.0 and 10.1.0.0 through the Level-2 LSP from
> > Router_B (L1/L2 router).
> > 2. The command you suggested was introduced only in the IOS version
> 12.0(T).
> > Route leaking was first available in the IOS version 12.0 (S), but the
> > command had a different syntax: advertise ip l2-into-l1 <extended_acl>.
> > Since I only have 8 mb of Flash in my routers, and the Enterprise
feature
> > set is needed to run IS-IS, the most up-to-date IOS I can run is version
> > 11.2, which doesn't have "route leaking" capabilities.
> >
> > Are you studying for BSCI? If so, I'd like to know which books you are
> > using. I got a lot of good information on IS-IS from the CIM "IP
Routing:
> > Link State Protocols" by Ciscopress. I admit I may be overdoing it a
> little
> > as far as the depth of the labs goes. I've completed labs that cover
> route
> > redistribution (both internal and external metric-types); route
> > summarization (external and internal); IS-IS route filtering, clns
packet
> > filtering, IS-IS and CLNS adjacency filtering; domain, area and IS-IS
> > authentication, etc. The chapter on IS-IS from "Building Scalable Cisco
> > Internetworks" by Catherine Paquet and Diane Teare doesn't seem to go
into
> > enough depth, though. Todd Lammle's chapter on IS-IS is laughable. The
CIM
> I
> > mentioned above seems to complement BSCI course book very nicely.
> > Unfortunately, I have no idea how much IS-IS is on the test, so I may be
> > moving too slowly, but I'm learning a lot of stuff! The end goal is to
> work
> > with that stuff, so learning as much as possible now should pay off in
the
> > future.
> >
> > Grey
> >
> >
> >
> > "Ronnie Higginbotham" <rhigginb@swbell.net> wrote in message
> > news:lGz1b.3095$9T.1223@newssvr22.news.prodigy.com...
> > > I did a little reading. Try this and let me know if it works.
> > >
> > > On router B try
> > >
> > > router isis
> > > redistribute isis ip level-2 into level-1 distribute-list <acl>
> > >
> > >
> > > "Ronnie Higginbotham" <rhigginb@swbell.net> wrote in message
> > > news:qSy1b.3093$TC.2467@newssvr22.news.prodigy.com...
> > > > You could apply a route map on Router A and apply that to the
> connected
> > > > redistribution. But that would also block that route going to Router
> B.
> > I
> > > > don't think you can do what you are wanting to do. ISIS is not like
> BGP.
> > > >
> > > > I am still trying to figure out all the corks with ISIS myself. Not
> to
> > > may
> > > > books about redistribution with ISIS.
> > > >
> > > > Ronnie
> > > >
> > > >
> > > >
> > > >
> > > > "Grey" <bbb@ccc.com> wrote in message
> > > > newspGcnSRoq7kvpduiXTWJhw@co
mcast.com...
> > > > > This is addressed to anyone who knows how to use route filtering
in[co
lor=darkred]
> > > IS-IS.
> > > > >
> > > > > The network diagram is:
> > > > >
> > > > > Router _A ------------ Router_B ------------ Router_C
> > > > >
> > > > > The adjacency between Router_A and Router_B is level-2; the
> adjacency
> > > > > between Router_B and Router_C is level-1-2. Routers are connected[/color]
by[co
lor=darkred]
> > > > > point-to-point serial links.
> > > > >
> > > > > Is it possible to implement route filtering of external routes
> > > > redistributed
> > > > > by Router_A in Router_B? The purpose of the exercise is to[/color]
block
> > > > certain
> > > > > routes redistributed by Router_A from reaching Router_C.
> > > > >
> > > > > Let's say there're two loopback IP addresses configured on
Router_A:
> > > > >
> > > > > loopback 0: 10.1.0.1 255.255.255.0
> > > > > loopback 1: 10.1.1.1 255.255.255.0
> > > > >
> > > > > Router_A redistributes these external networks:
> > > > > router isis
> > > > > redistribute connected metric-type internal metric 9 level-2
> > > > >
> > > > > I want to be able to filter out 10.1.1.0, but to allow 10.1.0.0
> > > > >
> > > > > I know how configure Router_A for filtering out external routes
> > > > > redistributed by Router_A, using the "redistribute" command, a
> > > route-map,
> > > > > and an acess-list. However, using IOS 11.2, I can't implement the
> > > > > "distribute-list" command on Router_B to disallow route 10.1.1.0
> from
> > > > > reaching Router_A. Can the "distribute-list command be used on
> > Router_B
> > > > for
> > > > > this purpose? If you know how to use it, would you post it here?
> Also,
> > > > could
> > > > > you specify the version of your IOS?
> > > > >
> > > > > Many thanks,
> > > > >
> > > > > Grey
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>
|
|
|
|
|