TCOM 515

Lecture 6

Objectives

• Route Redistribution

• Default Routes

• Access Lists

Route Redistribution• Route redistribution involves a router using a routing

protocol to advertise routes it learned through another routing protocol, static routes or direction connection.

• Route redistribution is often used on the border routers, to move routes between the IGP and EGP.

• Static routes maybe be needed to advertise into the dynamic routing protocols.

• Route redistribution can be used to bridge legacy networks or connect vendor specific networks.

• Route redistribution is part of an efficient network to connect the LAN to the WAN.

Route Redistribution• Three things to consider in route redistribution: metric,

administrative distances, and classful/classless capabilities.

• Routing protocols do not understand metrics used from other routing protocols. They may assign defaults or network administrator’s may assign specific values. Assigning metrics is a very useful tool given the proper consideration and understanding of how it affects routing decision.

• Administrative distances pose a problem when a route is redistributed from a protocol with a higher admin distance to a protocol with a lower admin distance. In this case, the redistributed route would be preferred over the original route.

Route Redistribution

• While routing protocols use metrics to determine the best route, routers use administrative distances to determine the best source. Each type of source has a different administrative distance, the lower the distance the better the source of the route. Below are the administrative distance for each of the protocols discussed.

Connected Interface 0Static Route 1EIGRP Summary 5External BGP 20EIGRP 90IGRP 100OSPF 110IS-IS 115RIP 120EGP 140External EIGRP 170Internal BGP 200

Route Redistribution

• Redistribution of routes between routing protocols that only do classful routing to those that do classless routing and vice versa can behave differently than expected.

• Classful routing protocols may not advertise a given route or may summarize up to the assigned class subnet causing problems and outages.

• Network administrators should only redistribution between classful and classless subnet when necessary and only specific routes needed.

Redistribution Models• There are two network models in which we will discuss the how

and why of route redistribution.– Data Center or Non-transit network– Backbone and/or Transit network

• Redistribution is occurs in one of 3 forms– Static route to a routing protocol– EGP to an IGP– IGP to an EGP

Route Redistribution Types• There are two network models in which we will discuss the how

and why of route redistribution.– Data Center or Non-transit network– Backbone and/or Transit network

• Redistribution is occurs in one of 3 forms– Static route to a routing protocol– EGP to an IGP– IGP to an EGP

Data Center Routes

• Why redistribute in a data center?– For the Data Center to send its local routes to

its ISP.– For the ISP to send Internet routes to the Data

Center (will cover this in ISP backbone routes)

Data Center Local Route

• How does a Data Center send its local routes to its ISP?– A static route to NULL0 that is redistributed

into BGP, sent to ISP– The IGP local routes are redistributed into

BGP, sent to ISP– The ISP has static routes for the Data Center’s

local routes configured to point to the interface that connects to the Data Center

Backbone ISP Routes

• Why would a Backbone ISP redistribute routes?– First we have to define who a Backbone ISP

exchanges routes with:• Peers - other Backbone ISPs that provide transit for

other customers• Customers - end systems for which the ISP provides

transit to the rest of the Internet

Backbone ISP Routes

• Why would a Backbone ISP redistribute routes?– Tell its Peers about all the local routes the ISP

owns including its customers.– Tell all of its other routers about the Peer’s

advertised routes it is receiving.– Tell its Customers about the rest of the Internet

routes.– Tell all of its other routers about the

Customer’s local routes.

ISP Peer Routes

• How can an ISP router tell its Peer about its local routes?– Static routes for all local and Customer routes

that are redistributed into BGP.– IGP routes are redistributed into BGP.– Statics routes configured on Peer for ISP’s local

and Customer routes to Peering interface.– iBGP run between all ISP routers.

ISP Peer Routes

• How can an ISP router tell its other routers about the Peer’s advertised routes?– BGP routes are redistributed into IGP.– Statics routes configured on ISP for Peer’s local

and Customer routes to Peering interface.– iBGP run between all ISP routers.

ISP Customer Routes

• How can an ISP tell its Customers about the rest of the Internet routes?– ISP redistributes Peer and Local routes into

BGP advertisement.– ISP sends default route via BGP advertisement.– ISP has the Customer configure static route for

0.0.0.0 pointing to the interface that connects to the ISP.

ISP Customer Routes

• How can an ISP router tell its other routers about the Customer’s advertised routes?– ISP redistributes Customer BGP routes into its

IGP.– ISP runs iBGP between all routers.– ISP configures static routes for the Customer’s

local routes pointing to the interface that connects to the Customer and redistributes into IGP.

Router Redist Wrap-up

• The why’s of route redistribution is the science of routing, whereas the how’s of route redistribution is the art of routing.

• There are multiple solutions to most routing problems, being able to weigh the benefits against the costs are where network engineers earn their keep.

• Always look at every solution, even if you quickly rule it out.

Default Route

• A full Internet routing table contains upward of 160,000 routes. This consumes significant of memory and processing power of a router. Large backbone routers are built to handle routing tables of this size. However smaller routers cannot handle routing tables of this size.

• For networks that have only one connection to the Internet, there is no need to carry a full routing table. Routers only need to know about local subnets and where to send everything that isn’t local.

• Default routes are used as guide to the rest of the world or as a route of last resort. The syntax of a default route is 0.0.0.0

• A default route is the least specific subnet match for a destination and used when there is no other match.

Default Route• Default routes can be brought into a network through a variety

of different methods and routing protocols.• The ISP providing Internet connectivity may send a default route

only or in addition to other routes through a BGP peering.• That default route in BGP can be redistributed into the Interior

Routing Protocol.• An IGP can originate a default route from a certain router

always or only if the router has received a default route from another method.

• A static route for the default can also be configured on a router pointing to the interface that connects to the Internet or the backbone.

• Only backbone routers need to know about most routes, routers on the edge need to know about local routes and a default.

What are Access Lists?• Access Lists are mechanisms that are applied to an

interface or a peering to filter the traffic.

• ACLs may be applied inbound or outbound on an interface.

• Access lists check for matches on one or more:– Source IP address– Destination IP address– Protocol - IP, TCP, UDP– Protocol Ports - 25 (SMTP), 80 (HTTP)

• Based on the match, the packet is either permited to pass through or denied.

Access Lists• Access lists may be used to count packets based on each the

permit or deny.

• Access lists were originated for security reasons but have evolved to filter traffic as well.

• Security Access list specifically permit certain types of packets and denies everything else. This organization assumes that the network administrator knows what traffic should be allowed to reach the hosts behind the Access List (ACL). Security ACLs have an implicit or unwritten deny for all traffic not permitted.

• Traffic Access lists specifically deny certain types of packets that are known to be bad and allows everything else.

Access ListsAccess list syntaxAccess-list number permit or deny protocol source destination port number extensions

• Number - each access list has a number and each statement in that list has the same number

• Permit or deny - each statement directs the router to either permit or deny the matched packets

• Source - this maybe a single host a /32, a subnet of any size or the word “any” which is a wildcard

• Destination - this maybe a single host, a /32, a subnet of any size or the word “any” which is a wildcard

• Port - this can specify a single port of the protocol, if the port isn’t specificied any traffic of that protocol type is a match, An example would be just IP and no port which means all IP packets. Another example would be TCP protocol and the port 23 which would is Telnet traffic.

• Extensions - this allows check for specific flags in the IP packet. An example is is the use of the extension “established” which looks into the packet to see that it is a response to an established session. Another example is the ability to look for a specific type and code combination by the name, such as network unreachable which is type 3 code 0.

Access ListsExamples:

Access-list 2000 tcp permit any 10.0.0.0 0.0.0.255 eq smtpThis allows traffic from any source destined to hosts between 10.0.0.0 and 10.0.0255 using the TCP protocol of port 25 or SMTP which is used for email

Access-list 100 ip deny 10.0.0.0 0.255.255.255 192.168.100.0 0.0.255.255This does not allow traffic sourced from 10.0.0.0 to 10.255.255.255 that is destined for 192.168.0.0 to 192.168.255.255 that is an IP packet.

Access-list 1000 udp allow any 15.200.100.0 0.0.0.31 eq domainThis allows traffic sourced from anywhere and destined for 15.200.100.0 to 15.200.100.31 that is a UDP packet on port 53 which is DNS traffic.