3.1.0 How to use the routing policy to solve the suboptimal path and hidden loops caused by ISIS and OSPF dual-point bidirectional
1. The solution to the suboptimal path in two-point two-way
In dual-point two-way, suboptimal paths are generated due to the default routing priority, and the solution is to modify the routing priority.
Solution to Double Dot Bidirectional Error
Regarding modifying the route priority, it should be noted that it is necessary to specify and modify a specific route instead of directly modifying the priority of all OSPF external routes to 12.
Assuming that the priority of the OSPF external route is changed to 12, after AR2 imports the 4.254 route of AR4 into OSPF, a loop may occur in AR4.
[Experiment] Two-point two-way correct solution
(1) First match the specified route
[AR2]acl 2000
[AR2-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[AR2-acl-basic-2000]q
(2) Create a policy to modify the routing priority
# 匹配特定路由修改优先级为12
[AR2]route-policy chage_pri12 permit node 5
[AR2-route-policy]if-match acl 2000
[AR2-route-policy]apply preference 12
[AR2-route-policy]q
# 其它路由不修改优先级
[AR2]route-policy chage_pri12 permit node 10
[AR2-route-policy]q
(3) Applied to OSPF external route priority modification
[AR2]ospf 1
[AR2-ospf-1]preference ase route-policy chage_pri12
Puzzled point : Why not directly modify the route priority of the imported route on AR1?
Answer: The modification of the routing priority will only take effect on its own device and will not be transmitted to other devices.
(4) The above operations are applied on AR2 and AR3
(5) Check the routing table information again
AR2, only the main part is intercepted.
[AR2]dis ip routing-table
------------------------------------------------------------------------------
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.1.0/24 O_ASE 12 1 D 10.1.12.1 GigabitEthernet0/0/0
192.168.4.0/24 ISIS-L2 15 74 D 10.1.24.4 GigabitEthernet0/0/1
AR3, only the main part is intercepted.
[AR3]dis ip routing-table
------------------------------------------------------------------------------
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.1.0/24 O_ASE 12 1 D 10.1.13.1 GigabitEthernet0/0/0
192.168.4.0/24 ISIS-L2 15 74 D 10.1.34.4 GigabitEthernet0/0/1
AR4, only the main part is intercepted.
Before sub-optimal routes exist, AR4 can only use the router that performs bidirectional import as the next hop.
Now the sub-optimal path solves AR4, and the two channels can be used normally.
<AR4>display ip routing-table protocol isis
------------------------------------------------------------------------------
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.1.0/24 ISIS-L2 15 74 D 10.1.24.2 GigabitEthernet0/0/0
ISIS-L2 15 74 D 10.1.34.3 GigabitEthernet0/0/1
2. Solution to loop risk in two-point two-way
The cause of the loop
Initially, the ISIS route to and from 192.168.1.0 was routed to and from AR4 using AR3 due to a sub-optimal path.
Subsequently, AR3 imports the learned ISIS route into OSPF, causing loop risks. When the loopback interface of AR1 is disconnected, it is a real loop.
For this OSPF and ISIS environment, after applying the above technology to solve the suboptimal path problem, you will find that there is only one correct route to 1.0 on AR3.
Because of the route priority, AR3 does not use the ISIS route 1.0 transmitted from AR4, so the wrong ISIS route will not be imported into OSPF, causing a hidden loop.
But is the loop really gone ?
If the 1.0 route on AR1 is disconnected, AR3 will use the 1.0 route from AR4 and re-import the 1.0 route into OSPF.
AR1 without 1.0 will use the route from AR3 and re-advertise AR2. For this the loop is regenerated.
Different environments, different suboptimal paths and loop risk issues
Another two-point two-way environment that creates suboptimal and loop risks
As shown in the following figure, there is not only the problem of suboptimal paths, but also the risk of loops:
1. Since the cost type of the imported external route is 2 by default (Type 2 type of external route cost only calculates the cost between the ASBR and the external route)
Therefore, no matter where the external routes imported by OSPF go, their costs will not change.
2. And, because the OSPF routing priority of the internal and external networks is the same, no matter which process the routing priority is modified, a suboptimal path will be generated.
For example: Modify the external priority of process 1 to 140, then for AR4, it is more preferred to access its own Lop0 network through AR2/AR3.
3. Due to the suboptimal path, when AR2 accesses 192.168.1.0, it may go through AR1 or AR4, so there is a loop probability in this network.
Solutions to loops
The root of the loop is the repeated import of routes. If you can control the exported routes from being imported again, you can solve the problem.
To this end, we need to use the routing attribute that OSPF and ISIS have: Tag mark.
Solution : Take the bidirectional introduction of the above two OSPF processes as an example.
(1) When AR2 introduces process 1 into process 2, prevent AR3 from introducing the route of process 1 back into process 1
1. When AR2 imports the route of process 1 into process 2, it tags the route of process 1 with Tag1.
2. When AR3 imports the route of process 2 into process 1, it first refuses to import the route marked with Tag1, and then imports other routes.
(2) Similarly, when AR3 introduces process 1 into process 2, prevent AR2 from introducing the route of process 1 back to process 1
1. When AR3 imports the route of process 1 into process 2, it tags the route of process 1 with Tag1.
2. When AR2 imports the route of process 2 into process 1, it first refuses to import the route marked with Tag1, and then imports other routes.
(3) Above, only the filtering and routing operations required when process 1 is introduced into process 2 can be realized.
1. Similarly, route filtering needs to be performed when process 2 is introduced into process 1.
2. The logic is the same. After AR2 imports routes, AR3 will filter them. And vice versa.
(4) Not surprisingly, you have already been stunned, and the final summary is:
(5) Still don't understand? Let's go with the flow.
[Experiment] 1Tag, the solution to the loop
There are 1tag, 2tag, 4tag and other methods for solving the two-point bidirectional loop by using Tag.
Hey, 1 tag can solve it, why do we need so many tags ?
A single tag can also solve the dual-point two-way loop problem, but a single tag is inconvenient for later routing control and management.
For multiple Tags, for the core device, different Tag routes can be controlled and managed through router-policy.
How to implement the logic into the routing policy configuration?
First, AR1, AR2, and AR3 are process 1, and AR2, AR3, and AR4 are process 2.
Both AR1 and AR4 introduce their own loopback ports.
Perform dual-point bidirectional route import operations on AR2 and AR3.
Suboptimal paths and loop situations:
1. AR1 can see the external routes of AR4 and the external routes imported by itself.
<AR1>dis ospf routing
192.168.1.0/24 1 Type2 1 10.1.12.2 10.1.12.2
192.168.1.0/24 1 Type2 1 10.1.13.3 10.1.13.3
192.168.4.0/24 1 Type2 1 10.1.12.2 10.1.12.2
192.168.4.0/24 1 Type2 1 10.1.13.3 10.1.13.3
2. On AR4, you can also see the external routes of AR1 and the external routes imported by yourself.
<AR4>display ospf routing
192.168.1.0/24 1 Type2 1 10.1.24.2 10.1.12.2
192.168.1.0/24 1 Type2 1 10.1.34.3 10.1.13.3
192.168.4.0/24 1 Type2 1 10.1.24.2 10.1.12.2
192.168.4.0/24 1 Type2 1 10.1.34.3 10.1.13.3
(1) Create a routing policy, first filter the Tag route and then tag the imported route
AR2 operates in the same way as AR3, and the Tag to be marked cannot be the default Tag1, otherwise problems will occur .
# 拒绝接收Tag1的路由
[AR2]route-policy ospf-ggkh deny node 5
[AR2-route-policy]if-match tag 10
[AR2-route-policy]q
# 匹配其它路由,打上Tag1
[AR2]route-policy ospf-ggkh permit node 10
[AR2-route-policy]apply tag 10
[AR2-route-policy]q
(2) Apply the policy to the bidirectional import of routing protocols
AR2 operates the same as AR3
[AR2]ospf 1
[AR2-ospf-1]import-route ospf 2 route-policy ospf-ggkh
[AR2]ospf 2
[AR2-ospf-1]import-route ospf 1 route-policy ospf-ggkh
(3) Viewing phenomenon
View the OSPF routing table on AR1 and AR4 again, and you can see that there is no loopback network of its own.
<AR1>display ospf routing
Destination Cost Type Tag NextHop AdvRouter
192.168.4.0/24 1 Type2 10 10.1.12.2 10.1.12.2
192.168.4.0/24 1 Type2 10 10.1.13.3 10.1.13.3
<AR4>display ospf routing
Destination Cost Type Tag NextHop AdvRouter
192.168.1.0/24 1 Type2 10 10.1.24.2 10.1.12.2
192.168.1.0/24 1 Type2 10 10.1.34.3 10.1.13.3
It seems that there is no possibility of loops on AR1 and AR4. So is there still a suboptimal path ?
View the OSPF routing table on AR2 and AR3, and you can see that the suboptimal path problem has not been resolved.
What is the reason ?
First: Although the routing policy implements route filtering, the ASBR itself will still learn the incoming routes, but will not import them.
Second: Because the default OSPF external route is Type 2, its routing cost will not change during transmission.
Therefore, AR2 learns the same priority of OSPF external routes from AR1 and AR4.
[AR2]display ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.1.0/24 O_ASE 150 1 D 10.1.12.1 GigabitEthernet0/0/0
O_ASE 150 1 D 10.1.24.4 GigabitEthernet0/0/1
192.168.4.0/24 O_ASE 150 1 D 10.1.24.4 GigabitEthernet0/0/1
O_ASE 150 1 D 10.1.12.1 GigabitEthernet0/0/0
<AR3>display ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.1.0/24 O_ASE 150 1 D 10.1.13.1 GigabitEthernet0/0/0
O_ASE 150 1 D 10.1.34.4 GigabitEthernet0/0/1
192.168.4.0/24 O_ASE 150 1 D 10.1.34.4 GigabitEthernet0/0/1
O_ASE 150 1 D 10.1.13.1 GigabitEthernet0/0/0
How to solve the suboptimal problem ?
(1) Since it is an overhead issue, you can set the overhead type on AR1 to Type1 when importing.
well? Not only does the overhead need to be adjusted to Type1 on AR1, AR23 also needs to be adjusted?
Because AR23 also imports routes, it also imports the cost type as 2 by default.
[AR1]ospf 1
[AR1-ospf-1]import-route direct type 1
[AR1]ospf 1
[AR1-ospf-1]import-route ospf 2 type 1 route-policy ospf-ggkh
[AR1]ospf 2
[AR1-ospf-2]import-route ospf 1 type 1 route-policy ospf-ggkh
[AR4]ospf 1
[AR4-ospf-1]import-route direct type 1
[AR2]ospf 1
[AR2-ospf-1]import-route ospf 2 type 1 route-policy ospf-ggkh
[AR2]ospf 2
[AR2-ospf-2]import-route ospf 1 type 1 route-policy ospf-ggkh
(2) The above troubles can also be solved by adjusting the actual cost of routing.
When process 1 introduces process 2, the unlabeled routing overhead for process 1 is increased, so that the routing overhead of process 1 learned by the other end will be very high.
In this way, only the route of this process will be selected.
AR2 and AR3 operate in the same way, and the node10 policy tagged in the previous routing policy increases overhead.
# 拒绝接收Tag1的路由
[AR2]route-policy ospf-ggkh deny node 5
[AR2-route-policy]if-match tag 10
[AR2-route-policy]q
# 匹配其它路由,打上Tag1
[AR2]route-policy ospf-ggkh permit node 10
[AR2-route-policy]apply tag 10
# 增加路由开销100
[AR2-route-policy]apply cost 100
[AR2-route-policy]q
Check the routing table information of AR2 again. The <Actice> table indicates active routes. You can see that the cost of 192.168.1.0 is 1.
And looking at the <Inactive> inactive table, the cost of 192.168.1.0 is 100, which is transmitted from AR4.
Therefore, in this way, the suboptimal path problem is solved more conveniently.
<AR2>display ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
Destinations : 6 Routes : 10
OSPF routing table status : <Active>
Destinations : 4 Routes : 4
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.1.0/24 O_ASE 150 1 D 10.1.12.1 GigabitEthernet0/0/0
192.168.4.0/24 O_ASE 150 1 D 10.1.24.4 GigabitEthernet0/0/1
OSPF routing table status : <Inactive>
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.1.0/24 O_ASE 150 100 10.1.24.4 GigabitEthernet0/0/1
192.168.4.0/24 O_ASE 150 100 10.1.12.1 GigabitEthernet0/0/0
3. Summary of two-point two-way suboptimal path and loop risk configuration
OSPF and ISIS environment:
1. The cause of the suboptimal path : the problem of routing priority.
1.1. Solution : On the routing device for bidirectional import, modify the specified OSPF external route priority to be less than ISIS priority 15.
2. Cause of loop risk : Duplicate routes are imported.
2.1. Solution : Solve the repeated import by tagging the routing strategy.
3. Completely resolved configuration commands ( AR2 and AR3 are the same operation ):
Since there is no loop risk after the suboptimal path is resolved in the OSPF and ISIS environment, only the suboptimal configuration is posted.
(1)先匹配出指定路由
[AR2]acl 2000
[AR2-acl-basic-2000]rule permit source 192.168.1.0 0.0.0.255
[AR2-acl-basic-2000]q
(2)创建策略修改路由优先级
# 匹配特定路由修改优先级为12
[AR2]route-policy chage_pri12 permit node 5
[AR2-route-policy]if-match acl 2000
[AR2-route-policy]apply preference 12
[AR2-route-policy]q
# 其它路由不修改优先级
[AR2]route-policy chage_pri12 permit node 10
[AR2-route-policy]q
(3)应用在OSPF的外部路由优先级修改上
[AR2]ospf 1
[AR2-ospf-1]preference ase route-policy chage_pri12
OSPF and OSPF environment:
1. The cause of the suboptimal path : the type of routing overhead.
1.1. Solutions : (1) Modify the imported overhead type (2) On the routing device imported bidirectionally, modify the routing overhead value published to other routing protocols.
2. Cause of loop risk : Duplicate routes are imported.
2.1. Solution : Solve the repeated import by tagging the routing strategy.
3. Completely resolved configuration commands ( AR2 and AR3 are the same operation ):
(1)创建路由策略,先过滤Tag路由再对引入的路由打上tag
# 拒绝接收Tag1的路由
[AR2]route-policy ospf-ggkh deny node 5
[AR2-route-policy]if-match tag 10
[AR2-route-policy]q
# 匹配其它路由,打上Tag1并修改开销为100
[AR2]route-policy ospf-ggkh permit node 10
[AR2-route-policy]apply tag 10
[AR2-route-policy]apply cost 100
[AR2-route-policy]q
(2)将策略应用在路由协议双向引入上
[AR2]ospf 1
[AR2-ospf-1]import-route ospf 2 route-policy ospf-ggkh
[AR2]ospf 2
[AR2-ospf-1]import-route ospf 1 route-policy ospf-ggkh
Slightly, first filter the Tag route and then tag the imported route
Refuse to accept the route of Tag1
[AR2]route-policy ospf-ggkh deny node 5
[AR2-route-policy]if-match tag 10
[AR2-route-policy]q
Match other routes, tag it with Tag1 and modify the cost to 100
[AR2]route-policy ospf-ggkh permit node 10
[AR2-route-policy]apply tag 10
[AR2-route-policy]apply cost 100
[AR2-route-policy]q
(2) Apply the policy to the bidirectional import of routing protocols
[AR2]ospf 1
[AR2-ospf-1]import-route ospf 2 route-policy ospf-ggkh
[AR2]ospf 2
[AR2-ospf-1]import-route ospf 1 route-policy ospf-ggkh