Monday, March 1, 2010

INE Workbook Vol 1 EIGRP part 2

Man, I hate using extended access-list to filter in a routing protocol. Because it's difficult? No. Because I don't understand it? No. Because it is difficult to remember the order of operations? YES. Further more, filtering with an extended ACL differs from BGP and redistributing when using extended ACLs. Even more annoying, is this behavior is not documented in the command reference or anywhere in the DocCD that I can easily find. So the trick here is going to be remembering it. In short, you match the host with the subnet.


Extended IP access list 100
    10 deny ip host 155.1.0.2 host 150.1.7.0
    20 deny ip host 155.1.0.3 host 150.1.7.0 (1 match)
    30 deny ip host 155.1.0.4 host 150.1.7.0
    40 deny ip host 155.1.0.2 host 150.1.9.0
    50 deny ip host 155.1.0.3 host 150.1.9.0 (1 match)
    60 deny ip host 155.1.0.4 host 150.1.9.0
    70 deny ip host 155.1.0.3 host 150.1.4.0 (2 matches)
    80 deny ip host 155.1.0.4 host 150.1.4.0 (1 match)
    90 deny ip host 155.1.0.1 host 150.1.4.0 (2 matches)


So the above, you can see we are denying 150.1.7.0 and 150.1.9.0 from R2, R3 and R4. Additionally, we are denying 150.1.4.0 from R1, R3 and R4. The activity is simple enough, it's just remembering in what order to place things in the extended access list. One caveat - remember to filter all possible sources for a route. So if the scenario instructs you to to send a particular route to only one router, filter that route from all possible sources to prevent any confusion.



R5(config-router)#do sh ip eig topo 150.1.7.0/24
IP-EIGRP (AS 100): Topology entry for 150.1.7.0/24
  State is Passive, Query origin flag is 1, 1 Successor(s), FD is 640256
  Routing Descriptor Blocks:
  155.1.0.3 (Serial0/0), from 155.1.0.3, Send flag is 0x0
      Composite metric is (640256/128256), Route is Internal
      Vector metric:
        Minimum bandwidth is 1544 Kbit
        Total delay is 25010 microseconds
        Reliability is 255/255
        Load is 1/255
        Minimum MTU is 1500
        Hop count is 2
  155.1.0.1 (Serial0/0), from 155.1.0.1, Send flag is 0x0
      Composite metric is (640512/128512), Route is Internal
      Vector metric:
        Minimum bandwidth is 1544 Kbit
        Total delay is 25020 microseconds
        Reliability is 255/255
        Load is 1/255
        Minimum MTU is 1500
        Hop count is 3


Before filtering, I can see we are sending 150.1.7.0/24 to R3, but we also have a feasible successor to R1 which is our intended destination. But if you will notice above, I filtered this route from R3, R2 and R4 for good reason. At this moment, no other route meets the feasibility condition. Say another task instructs you to alter some EIGRP metrics and now you have a better route to 150.1.7.0/24 than your intended target. Well, now you have lost your points. This is goes back to being VERY SPECIFIC. Show everyone you know exactly what you are doing.


Interesting note that I did not know, EIGRP uses the router-id field in external routes as a loop prevention mechanism. I knew that router IDs must be unique but not any specifics. So if you want to prevent an external route from being installed, simply set it's router-id to the same as another router. Now neither router will originate external routes.


Well, that is all I have for EIGRP. Again, I didn't pick up much new information, but I always enjoy the opportunity to etch something permanently into my brain! Now I'm off to fix my servers so I can quit using my laptop for Dynamips...

No comments:

Post a Comment