Route leaking is useful in some situations when there are more than one exit from an area, like on this picture:
Note: address scheme for most of my schemes - lo0 on every router is 1.1.1.1 on router 1, 2.2.2.2 on router 2 , etc; interrouter links 10.0.XY.X/24 and 10.0.XY.Y/24 where X - number of one router and Y of another. So, for address 10.0.25.5 it can be said that this is R5 side of the link between R2 and R5.
Assuming that all links in this diagram are equal it is obvious that for R6 to reach R5 path through R7 - XE2 - R5 should be used as it has less hops, however in reality R6 will try to reach both R3 and R5 through XR-1 router with 2 and 4 hops respectfully, and R7 will go to R3 and R5 via XE2. This can be confirmed with traceroute from R6:
And from R7:
To fix this issue route leaking can be used on XR1 and XE2.
In this situation R6 is not taking into account that R5 can be reached via R7 with only 3 hops. It does not have specific routes to destinations outside its area and XR1 is its default gateway for any outside traffic.
Really R6 has two alternatives for default gateways : XR-1 and XE-2, as they both advertise ATT bit:
R6 chooses XR-1 as its default gateway just because it is nearest level1/level2 router in area 49.0001, i.e. metric to reach it is lower:
To fix the situation with sub-optimal routing, route leaking feature of ISIS can be used to propagate more specific routes to 3.3.3.3 and 5.5.5.5 into level-1. This should be done on both XR-1 and XE-2 routers. First we need to create route-policy to limit prefixes we will announce into level-1. On XR-1 we will introduce route to 3.3.3.0/24 and on XE-2 - to 5.5.5.0/24. On XR-1 we need to create route-policy:
On XE-2 it is old-style access list:
After that we need to apply these route-policies to ISIS protocol, this can be done under address-family ipv4 section on XR1:
And distribute-list need to be applied under main ISIS section on XE2 routers:
As you can see syntax is completely different between two versions. Now we can check that more specific routes to R3 and R5 lo0 interfaces (3.3.3.3/24 and 5.5.5.5/24) are in routing table on R6 and they point to different routers, 3.3.3.3 to XR1 and 5.5.5.5 to R7:
Both routes marked as ia - IS-IS inter area routes, which also can be viewed in ISIS database
However, here is a little strangeness - leaked routes have metric of 148 in database and 158 and 168 in routing table when they should have metric 20 in database and 30 and 40 respectfully for 3.3.3.0/24 and 5.5.5.0/24 in routing table, and as we know maximum metric is ISIS is 63. The reason tor this is that during leaking, l1/l2 router sets Up/Down bit, indicating that route was leaked from level-2 and other routers read it as a part of metric itself, adding 128 ( 10000000 in bin ) to metric. To avoid this behavior wide metric for ISIS should be configured.
Now if we check traceroute we will see that packets are going via optimal path with minimum number of hops. From R6:
From R7:
That's all for today.
Note: address scheme for most of my schemes - lo0 on every router is 1.1.1.1 on router 1, 2.2.2.2 on router 2 , etc; interrouter links 10.0.XY.X/24 and 10.0.XY.Y/24 where X - number of one router and Y of another. So, for address 10.0.25.5 it can be said that this is R5 side of the link between R2 and R5.
Assuming that all links in this diagram are equal it is obvious that for R6 to reach R5 path through R7 - XE2 - R5 should be used as it has less hops, however in reality R6 will try to reach both R3 and R5 through XR-1 router with 2 and 4 hops respectfully, and R7 will go to R3 and R5 via XE2. This can be confirmed with traceroute from R6:
R6#traceroute 3.3.3.3 Type escape sequence to abort. Tracing the route to 3.3.3.3 VRF info: (vrf in name/id, vrf out name/id) 1 10.0.16.1 28 msec 4 msec 8 msec <============ XR1 2 10.0.13.3 16 msec 16 msec 16 msec <============ R3 R6#traceroute 5.5.5.5 Type escape sequence to abort. Tracing the route to 5.5.5.5 VRF info: (vrf in name/id, vrf out name/id) 1 10.0.16.1 4 msec 12 msec 8 msec <============ XR1 2 10.0.14.4 12 msec 32 msec 16 msec <============ R4 3 10.0.24.2 16 msec 28 msec 28 msec <============ R2 4 10.0.25.5 24 msec 36 msec 36 msec <============ R5
And from R7:
R7#traceroute 3.3.3.3 Type escape sequence to abort. Tracing the route to 3.3.3.3 VRF info: (vrf in name/id, vrf out name/id) 1 10.0.27.2 8 msec 12 msec 8 msec <============ XE2 2 10.0.24.4 16 msec 8 msec 8 msec <============ R4 3 10.0.14.1 4 msec 16 msec 16 msec <============ R1 4 10.0.13.3 16 msec 20 msec 16 msec <============ R3 R7#traceroute 5.5.5.5 Type escape sequence to abort. Tracing the route to 5.5.5.5 VRF info: (vrf in name/id, vrf out name/id) 1 10.0.27.2 12 msec 8 msec 12 msec <============ XE2 2 10.0.25.5 12 msec 12 msec 4 msec <============ R5
To fix this issue route leaking can be used on XR1 and XE2.
In this situation R6 is not taking into account that R5 can be reached via R7 with only 3 hops. It does not have specific routes to destinations outside its area and XR1 is its default gateway for any outside traffic.
R6#sh ip rou
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 10.0.16.1 to network 0.0.0.0 <============ use default via XR1
i*L1 0.0.0.0/0 [115/10] via 10.0.16.1, 03:16:09, FastEthernet1/0
1.0.0.0/24 is subnetted, 1 subnets
i L1 1.1.1.0 [115/20] via 10.0.16.1, 03:16:09, FastEthernet1/0
2.0.0.0/24 is subnetted, 1 subnets
i L1 2.2.2.0 [115/30] via 10.0.67.7, 03:15:36, FastEthernet0/0
6.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 6.6.6.0/24 is directly connected, Loopback0
L 6.6.6.6/32 is directly connected, Loopback0
7.0.0.0/24 is subnetted, 1 subnets
i L1 7.7.7.0 [115/20] via 10.0.67.7, 03:55:10, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
C 10.0.16.0/24 is directly connected, FastEthernet1/0
L 10.0.16.6/32 is directly connected, FastEthernet1/0
i L1 10.0.27.0/24 [115/20] via 10.0.67.7, 03:55:10, FastEthernet0/0
C 10.0.67.0/24 is directly connected, FastEthernet0/0
L 10.0.67.6/32 is directly connected, FastEthernet0/0
Really R6 has two alternatives for default gateways : XR-1 and XE-2, as they both advertise ATT bit:
R6#show isis database IS-IS Level-1 Link State Database: LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL XR1.00-00 0x00000363 0x4543 1059 1/0/0 <====== ATT bit set XE2.00-00 0x0000000E 0xA722 1128 1/0/0 <====== ATT bit set XE2.09-00 0x00000001 0x6C5F 644 0/0/0 R6.00-00 * 0x0000000E 0x1380 767 0/0/0 R6.02-00 * 0x00000009 0x7DC4 920 0/0/0 R7.00-00 0x0000000E 0xFE7D 651 0/0/0 R7.01-00 0x0000000B 0x0436 723 0/0/0 R7.02-00 0x0000000A 0xA645 0 (648) 0/0/0
R6 chooses XR-1 as its default gateway just because it is nearest level1/level2 router in area 49.0001, i.e. metric to reach it is lower:
R6#show isis topology IS-IS TID 0 paths to level-1 routers System Id Metric Next-Hop Interface SNPA XR1 10 XR1 Fa1/0 0000.ab48.1001 <====== XE2 20 R7 Fa0/0 ca07.1a56.0000 <====== R6 -- R7 10 R7 Fa0/0 ca07.1a56.0000
To fix the situation with sub-optimal routing, route leaking feature of ISIS can be used to propagate more specific routes to 3.3.3.3 and 5.5.5.5 into level-1. This should be done on both XR-1 and XE-2 routers. First we need to create route-policy to limit prefixes we will announce into level-1. On XR-1 we will introduce route to 3.3.3.0/24 and on XE-2 - to 5.5.5.0/24. On XR-1 we need to create route-policy:
route-policy L2TOL1-XR
if destination in (3.3.3.0/24) then
done
else
drop
endif
end-policy
On XE-2 it is old-style access list:
access-list 100 permit ip host 5.5.5.0 host 255.255.255.0
After that we need to apply these route-policies to ISIS protocol, this can be done under address-family ipv4 section on XR1:
router isis 1 address-family ipv4 unicast propagate level 2 into level 1 route-policy L2TOL1-XR
And distribute-list need to be applied under main ISIS section on XE2 routers:
router isis redistribute isis ip level-2 into level-1 distribute-list 100
As you can see syntax is completely different between two versions. Now we can check that more specific routes to R3 and R5 lo0 interfaces (3.3.3.3/24 and 5.5.5.5/24) are in routing table on R6 and they point to different routers, 3.3.3.3 to XR1 and 5.5.5.5 to R7:
R6#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 10.0.16.1 to network 0.0.0.0
i*L1 0.0.0.0/0 [115/10] via 10.0.16.1, 01:56:48, FastEthernet1/0
1.0.0.0/24 is subnetted, 1 subnets
i L1 1.1.1.0 [115/20] via 10.0.16.1, 01:56:48, FastEthernet1/0
2.0.0.0/24 is subnetted, 1 subnets
i L1 2.2.2.0 [115/30] via 10.0.67.7, 01:56:15, FastEthernet0/0
3.0.0.0/24 is subnetted, 1 subnets
i ia 3.3.3.0 [115/158] via 10.0.16.1, 00:02:13, FastEthernet1/0 <============ inter area route
5.0.0.0/24 is subnetted, 1 subnets
i ia 5.5.5.0 [115/168] via 10.0.67.7, 00:00:34, FastEthernet0/0 <============ inter area route
6.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 6.6.6.0/24 is directly connected, Loopback0
L 6.6.6.6/32 is directly connected, Loopback0
7.0.0.0/24 is subnetted, 1 subnets
i L1 7.7.7.0 [115/20] via 10.0.67.7, 02:35:49, FastEthernet0/0
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
C 10.0.16.0/24 is directly connected, FastEthernet1/0
L 10.0.16.6/32 is directly connected, FastEthernet1/0
i L1 10.0.27.0/24 [115/20] via 10.0.67.7, 02:35:49, FastEthernet0/0
C 10.0.67.0/24 is directly connected, FastEthernet0/0
L 10.0.67.6/32 is directly connected, FastEthernet0/0
Both routes marked as ia - IS-IS inter area routes, which also can be viewed in ISIS database
R6#show isis database detail IS-IS Level-1 Link State Database: LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL XR1.00-00 0x00000367 0x0356 842 1/0/0 Area Address: 49.0001 NLPID: 0xCC Hostname: XR1 IP Address: 1.1.1.1 Metric: 10 IS R6.02 Metric: 10 IP 1.1.1.0 255.255.255.0 Metric: 148 IP-Interarea 3.3.3.0 255.255.255.0 <============ inter area route Metric: 10 IP 10.0.16.0 255.255.255.0 XE2.00-00 0x00000012 0x355F 1001 1/0/0 Area Address: 49.0001 NLPID: 0xCC Hostname: XE2 IP Address: 2.2.2.2 Metric: 10 IS XE2.09 Metric: 10 IP 2.2.2.0 255.255.255.0 Metric: 148 IP-Interarea 5.5.5.0 255.255.255.0 <============ inter area route Metric: 10 IP 10.0.27.0 255.255.255.0
However, here is a little strangeness - leaked routes have metric of 148 in database and 158 and 168 in routing table when they should have metric 20 in database and 30 and 40 respectfully for 3.3.3.0/24 and 5.5.5.0/24 in routing table, and as we know maximum metric is ISIS is 63. The reason tor this is that during leaking, l1/l2 router sets Up/Down bit, indicating that route was leaked from level-2 and other routers read it as a part of metric itself, adding 128 ( 10000000 in bin ) to metric. To avoid this behavior wide metric for ISIS should be configured.
Now if we check traceroute we will see that packets are going via optimal path with minimum number of hops. From R6:
R6#traceroute 3.3.3.3 Type escape sequence to abort. Tracing the route to 3.3.3.3 VRF info: (vrf in name/id, vrf out name/id) 1 10.0.16.1 32 msec 28 msec 8 msec 2 10.0.13.3 12 msec 16 msec 20 msec R6#traceroute 5.5.5.5 Type escape sequence to abort. Tracing the route to 5.5.5.5 VRF info: (vrf in name/id, vrf out name/id) 1 10.0.67.7 28 msec 24 msec 20 msec 2 10.0.27.2 16 msec 20 msec 28 msec 3 10.0.25.5 20 msec 44 msec 32 msec
From R7:
R7#traceroute 3.3.3.3
Type escape sequence to abort.
Tracing the route to 3.3.3.3
VRF info: (vrf in name/id, vrf out name/id)
1 10.0.67.6 52 msec 20 msec 32 msec <============ R6
2 10.0.16.1 16 msec 24 msec 28 msec <============ XR1
3 10.0.13.3 24 msec 28 msec 28 msec <============ R3
R7#traceroute 5.5.5.5
Type escape sequence to abort.
Tracing the route to 5.5.5.5
VRF info: (vrf in name/id, vrf out name/id)
1 10.0.27.2 4 msec 8 msec 8 msec <============ XE2
2 10.0.25.5 16 msec 16 msec 20 msec <============ R5
That's all for today.
Thanks Very we’ll explained 👍🏻
ReplyDelete