We have the contrived situation of route redistribution from rip -> ospf and vicevers. We need to do filtering to avoid loops because there is a redundant router doing the same thing between these same domains. OK here is the config on this rtr.

! this is the ospf if
int s0
ip addr 172.16.0.1 255.255.0.0

! this is the rip if
int s1
ip addr 172.17.1.1 255.255.0.0

router ospf 1
network 172.16.0.1 0.0.0.0 area 0.0.0.1
redistribute rip metric 1000
distribute-list 1 out

router rip
network 172.17.0.0
redistribute ospf 1 metric 10
distribute-list 2 out

access-list 1 permit 172.16.0.0 0.0.255.255
access-list 2 permit 172.17.0.0 0.0.255.255

So what do ya think? Is this config good? If not why not?

__________________
Free practice exam questions by email http://xamsrus.com

Report this post to a moderator

I guess only flames get response. Too bad they don't have a little flame icon. OK here goes.

anybody who reads this thread and doesn't vote is a clueless moronic maggot-infested excrement-faced coward with halitosis and butt rot. Grrrrrr!

now can we please have some action? Come on smart people, strut your stuff.

__________________
Free practice exam questions by email http://xamsrus.com

Report this post to a moderator

marathoner, chill - please.

From my limited knowledge, and using an educated guess I would say it looks OK. But I haven't got to route-redistribution in my studies yet, however the config looks generally feasible (Arrgghh! FEASIBLE - EIGRP nightmare again)

This reply will lift your post back up the stack and maybe someone with more knowledge will be able to confirm it for you.

Now, once again calm - cool - chill.

Hippo

__________________
No longer a Karaoke virgin

Report this post to a moderator

How do you spell EIGRP?
and what's more... how do you pronounce it?
Let's see... I before E except after C.....

I am a pretty cool geek in general like gazpacho. hardly anything can make me
really burst into flames. If you saw the movie Signs where Mel Gibson plays a minister. It's pretty funny when his brother tells him to run around the house and scream curses to scare the intruders.... he like can't really put his heart into it.

BTW take a close look at the access lists
on the original post. The redistro is configured correctly (I think) but look at what's being filtered.

OK Back to the fatkid...

__________________
Free practice exam questions by email http://xamsrus.com

Report this post to a moderator

Marathoner,

Your config looks fine to me, however I'm not sure but isn't redistributing at more than one point on the edges of your domains not recommended? If your running RIP on one side then you're limited to a 15 hop diameter, which wouldn't seem to constitute a need for more than one path for traffic to traverse through. Would you be able to redistribute at just one of your ASBRs into RIP and vice versa to avoid the possibility of routing loops? I don't know the details of your setup but that's my humble opinion.

Report this post to a moderator

Your conf is good...

You might need a similar set of configs at the other reduntant router. It should be able to block OSPF and RIP in the opp order.

Emnploying EIGRP over OSPF is a bit more advantageous here. It has got the inherent property of putting different ADs to Internaly and Externaly learned routes (AD90 & 170). OSPF doesn't diffrentiate routes using the ADs, unless you specifically select while redistributing using 'distance' command.

If its RIP with EIGRP, no routing-loop at all.

__________________
Best Regards
Suresh B.S.(Eng), M.S.(Eng.), CNE, MCSE, SCSA, CLS, CCSA, CCSE, CCNA, CCNP, IP Telephony, CCSP, CCIE(R&S), progressing CCIE(Security)

http://www.sureshhomepage.com
My Homepage on Network Certifications!

Report this post to a moderator

I'm not sure here
a bit rusty.
your enabling redistribution of rip into ospf and vice versa.
but your use of the access-lists should be reversed.
By not explicitly allowing updates from the other networks your denying them by implication.
should it look like this?
------------------
! this is the ospf if
int s0
ip addr 172.16.0.1 255.255.0.0

! this is the rip if
int s1
ip addr 172.17.1.1 255.255.0.0

router ospf 1
network 172.16.0.1 0.0.0.0 area 0.0.0.1
redistribute rip metric 1000
distribute-list 2 out

router rip
network 172.17.0.0
redistribute ospf 1 metric 10
distribute-list 1 out

access-list 1 permit 172.16.0.0 0.0.255.255
access-list 2 permit 172.17.0.0 0.0.255.255
-----------

__________________
Check out my music at
www.chodan.com
Rural Development in Eastern Ky.
www.centertech.com
"It is our decisions that show us what we truly are in life, not our abilities."

Report this post to a moderator

quote:

---

Originally posted by marathoner
We have the contrived situation of route redistribution from rip -> ospf and vicevers. We need to do filtering to avoid loops because there is a redundant router doing the same thing between these same domains.

---

Is you follow-up post going to be on why filtering like this, even when done correctly, is not an effective means of controlling loops because your companion router just inserted all the rip networks into his forwarding table, but pointing back into the ospf world and this router will do the same thing once it gets the rip networks from the other redistribution router in its ospf process. You just blackholed all traffic to rip networks from the ospf world.
You could eliminate loops by turning your distribute lists around and filter networks inbound, but you trounce your redundancy so what's the point....

This assumes your config is just a snippet and there are actually more networks represented, otherwise it's just two connected interfaces and you protocols are just sitting there doing nothing anyway.

MadChef

Report this post to a moderator

cramming for 640-901 which I
PASSSED this morning!!! WOOOOOOOO HOOOOOO!!!

I agree it is a dumb example, yes, just a snippet. I didn't make it up.

The reason why I posted this was because
I thought the ACL's were reversed and I wanted to see how many people would spot it. This snippet was used as a tutorial on filtering/redistribution and it really hacks me off when someone who is supposed to know this stuff is so careless. He is confusing the very issue he is supposed to be clarifying. There are errors, and then there are ERRORS.

BTW, the ISIS questions on my 901 were not too bad.... but watch out for the rest of it!!!

__________________
Free practice exam questions by email http://xamsrus.com

Report this post to a moderator

quote:

---

Originally posted by marathoner
This snippet was used as a tutorial on filtering/redistribution and it really hacks me off when someone who is supposed to know this stuff is so careless. He is confusing the very issue he is supposed to be clarifying.

---

Report this post to a moderator