1. Redistribution (redistribution, redistribution)
1. Function
Between two routing protocols, or between different processes of the same protocol; build an ASBR to work in two protocols or two processes at the same time. After learning all the routing entries at both ends, share the routes to realize the entire network accessible; accessible
2. Conditions
2.1. ASBR must exist
ASBR Autonomous System Border Router (Protocol Border Router) works in two protocols or two processes of the same protocol at the same time. It can learn all routing entries at both ends. By default, routing entries generated by different protocols and different processes have their own independent databases. , and does not share or communicate; ASBR can share the routes learned by protocol A to protocol B in the language of protocol B;
2.2. Seed metrics must be considered
Since different routing protocols calculate metric values in different ways, when re-publishing, the metric value of the original protocol is not carried. Instead, a starting metric (seed metric) is edited when publishing to a new protocol.
3. Rules
1. When redistributing protocol A routes to protocol B, configure it in protocol B on the ASBR;
2. When protocol A is published to protocol B, all routes learned by protocol A on ASBR and routes directly connected to ASBR working on protocol A are shared to protocol B; (You need to pay attention to specific rules for default routes)
4. Noun
One-way redistribution: only redistribute the A protocol route on the ASBR to the B protocol
Bidirectional redistribution: Both parties A and B on ASBR share routes.
Single point: There is only one ASBR between the two routing protocols
Double point: There are only two ASBRs between the two routing protocols for backup and traffic sharing.
Multipoint: There are only more than two ASBRs between the two routing protocols.
5. Configuration commands
Configuration in 3 aspects
A-->B publishes routes generated by one dynamic routing protocol to another dynamic routing protocol
Static-->B Republish ASBR's handwritten static routes into the dynamic routing protocol
Direct connection-->B Re-advertise the direct route to protocol A that is not announced on ASBR, and re-advertise protocol A as a dynamic routing protocol
5.1、RIP
A-->B
[r2]rip 1
[r2-rip-1]import-route ospf 1 The default starting metric can be understood as 0
[r2-rip-1]import-route ospf 1 cost 2 Modify the starting metric while redistributing
Static routing-->B
[r2]rip 1
[r2-rip-1]import-route static
[r2-rip-1]import-route static cost 2
Note: Default static routes will not be imported into the RIP protocol;
Direct connection-->B
[r2-rip-1]import-route direct
[r2-rip-1]import-route direct cost 4
Note: While redistributing the direct connection, if protocol A is also published to protocol B, then the two redistributions may share the same route. It is preferable to redistribute the directly connected route;
5.2、OSPF
A-->B
[r2]ospf 1
[r2-ospf-1]import-route rip
The default incoming route is type 2, and the seed metric is 1; the incoming LSA redistributed is type 5/category 7, and the priority is 150;
Type 1: Show total metric = seed metric + accumulated along the way
Type 2: Only the seed metric is displayed , but the total metric = seed metric + accumulation along the way is compared when selecting a route.
Type 1 is better than type 2 in route selection;
[r2-ospf-1]import-route rip type 1 When re-publishing, the metric type is also modified to type 1;
[r2-ospf-1]import-route rip cost 2 type 1 When redistributing, both the seed metric and the metric type can be modified
Static-->B
[r2]ospf 1
[r2-ospf-1]import-route static
The default seed metric is 1 and type is 2; static default routes will not be imported;
[r2-ospf-1]import-route static cost 2 type 1 When redistributing, both the seed metric and the metric type can be modified
[r2-ospf-1]default-route-advertise Command to import default route. This command defaults to type 2 and seed metric is 1;
[r2-ospf-1]default-route-advertise cost 2 type 1 When redistributing, both the seed metric and the metric type can be modified
Direct connection-->B
[r2-ospf-1]import-route direct
The default seed metric is 1 and type is 2;
[r2-ospf-1]import-route direct cost 2 type 1 When redistributing, both the seed metric and the metric type can be modified
Note: While redistributing the direct connection, if protocol A is also published to protocol B, then the two redistributions may share the same route. It is preferable to redistribute the directly connected route;
2. Two-point two-way re-publishing
1. When ASBR re-publishes routing entries, it will clear the metrics carried by the original protocol and add the seed metrics of the new protocol; once dual-point or multi-point re-publishing is used, poor routing may occur; ----- Routing strategies to solve
2. When two protocols with different priorities perform multi-point bidirectional re-advertising, it is possible that after the first ASBR publishes protocol A to protocol B, these routes are learned by another ASBR, and the routes are lost due to the difference in priorities. Table addition was performed, causing routing entries published by protocol A to protocol B to be re-published by other ASBRs back to protocol A, causing route feedback and poor route selection;
Cisco took the lead in using the method of using different values for internal priorities and re-published incoming route priorities in the EIGRP protocol to avoid this; this solution has also been adopted in Huawei equipment. The normal internal priority of OSPF is 10 and the re-published route is 150; To avoid routing feedback;
However, one point worth noting is that the distance vector protocol has an interface split horizon mechanism, which will still generate routing feedback due to sudden changes in network topology --- routing strategies need to be used to defend in advance.
3. Routing strategy
Control layer: The routing protocol transmits the traffic of routing information-the corresponding direction
Data level: Traffic requested during specific access between devices - corresponding direction
The control plane direction must be opposite to the data plane direction;
On the interface where the control plane traffic enters or exits, after capturing the traffic, modify the parameters or delete the information, which ultimately affects the generation of the router's routing table, thereby interfering with route selection;
【1】Technology for capturing traffic:
1. ACL --- The access control list is originally designed to restrict the entry and exit of data-level traffic; therefore, when used to capture control-level traffic, it may not be accurately matched;
2. Prefix list -- specially designed to capture control plane traffic
[r1]ip ip-prefix aa permit 1.1.1.0 25
[r1]ip ip-prefix aa permit 1.1.2.0 24
A name is a table; multiple pieces of content can be configured in a table; the matching rules are matched one by one from top to bottom, and the previous match is executed according to the previous one without looking at the next one; all are implicitly rejected at the end;
By default, the sequence number is automatically added in steps of 10 to facilitate insertion and deletion.
[r1]ip ip-prefix aa index 15 permit 1.1.3.0 24
[r1]undo ip ip-prefix aa index 10
Match the network number 2.2.2.0 and the subnet mask length is 24-30.
[r1]ip ip-prefix qq permit 2.2.2.0 24 less-equal 30
Matches the network number 3.3.3.0 and the subnet mask length is 30-32
[r1]ip ip-prefix qq permit 3.3.3.0 24 greater-equal 30
Match network number 4.4.4.0 mask length 26-30
[r1]ip ip-prefix qq permit 4.4.4.0 24 greater-equal 26 less-equal 30
Numerical rules: length<=ge<=le
[r1]ip ip-prefix qq permit 0.0.0.0 0 less-equal 32 allow all
【2】Routing strategy
Modify or delete traffic -- routing policy (offset list, distribution list, route-map)
1) cisco offset list
In the Cisco system, it is considered a routing strategy, but in the Huawei system, it is not a strategy; it is a metric modification operation that is specific to distance vector protocols such as RIP ; in Cisco, the offset list can only be used in distance vector protocols such as RIP and eigrp. Used in Huawei, the same is true for Huawei; under cisco, only ACL can be used to serve it; under Huawei, both acl and prefix list can be used;
[r1]ip ip-prefix aa permit 2.2.2.0 24 Use prefix list to capture; ACL can also be used
[r1]interface GigabitEthernet 0/0/1 Interface for control plane traffic transmission
[r1-GigabitEthernet0/0/1]rip metricin ip-prefix aa 2 Traffic in, matching prefix list aa, metric plus 2
metricout 2000 2 Traffic out, matching acl 2000, metric plus 2
This policy is a hop-by-hop behavior, which means that operations can be superimposed; multiple interfaces through which traffic passes through the entire path are configured with metric increases, and ultimately the total metric is increased;
2) Distribution list under cisco; Huawei is the filtering strategy;
First use ACL or prefix list to match traffic; then restrict the delivery of routing entries on the incoming or outgoing interface of control plane traffic;
[r2]ip ip-prefix qq deny 2.2.2.0 24
[r2]ip ip-prefix qq permit 0.0.0.0 0 less-equal 32
[r2]rip 1
[r2-rip-1]filter-policy ip-prefix qq ?
export Specify an export policy Outbound
import Specify an import policy Inbound direction
[r2-rip-1]filter-policy ip-prefix qq export GigabitEthernet 0/0/0
Remember: If you use ACL to define traffic, normally Huawei allows all commands at the end of the ACL, but you must manually configure to allow all commands in the filtering policy ;
Note: Normally, the OSPF protocol cannot be called in the outbound direction, because the topology update used by ospf cannot restrict the transfer of topology in the same area; normally it can only be called in the inbound direction, which does not affect the synchronization of the database. It just does not update the LSA. The calculated routes are loaded into the routing table;
If you want to export the call, you can do it on ABR/ASBR for Class 3/4/5/7 LSA;
3) cisco's route-map Huawei routing strategy
"1" Capture traffic—both acl and prefix list can be used
[r2]acl 2000
[r2-acl-basic-2000]rule 1 permit source 1.1.1.0 0.0.0.0
[r2-acl-basic-2000]q
[r2]acl 2001
[r2-acl-basic-2001]rule permit source 1.1.2.0 0.0.0.0
[r2-acl-basic-2001]q
[r2]ip ip-prefix a permit 1.1.3.0 24
[r2]ip ip-prefix b permit 1.1.4.0 24
「2」Routing strategy
[r2]route-policy huawei deny node 10 Create a routing policy named huawei, the action is deny, and the sequence number is 10
[r2-route-policy]if-match acl 2000 matches an ACL
[r2-route-policy]q
[r2]route-policy huawei permit node 20 list huawei serial number 20, the major action is allowed
[r2-route-policy]if-match acl 2001 matches an ACL
[r2-route-policy]apply cost-type type-1 defines the small action to modify the measurement type, which is type 1;
[r2-route-policy]q
[r2]route-policy huawei permit node 30
[r2-route-policy]if-match ip-prefix a matching prefix list
[r2-route-policy]apply cost 7
[r2-route-policy]q
[r2]route-policy huawei permit node 40
[r2-route-policy]if-match ip-prefix b
[r2-route-policy]apply cost-type type-1
[r2-route-policy]apply cost 8
[r2-route-policy]q
[r2]route-policy huawei permit node 50 empty list, allow all;
[r2-route-policy]q
「3」Called when re-publishing
[r2]ospf 1
[r2-ospf-1]import-route rip 1 route-policy Huawei
Configuration Guide
1. Even if you want to deny a traffic, you must use allow when capturing, and then deny it in the routing policy;
2. Match one by one from top to bottom. The matching of the previous item is executed according to the previous item, and the next item is no longer viewed. The end implicitly rejects all
3. In a rule, if there is no traffic matching, then all will be matched; if there is no application, only the major action will be performed on the matching traffic; therefore, the major action as an allowed empty table means that all are allowed;
4. Or relationship with
The OR relationship is an OR relationship between each site (each serial number);
Serial number 10 did not match the traffic, then sequence number 20;
[r3]ip ip-prefix a permit 1.1.1.0 24
[r3]acl 2000
[r3-acl-basic-2000]rule permit sou 12.1.1.2 0.0.0.0
route-policy huawei permit node 10
if-match ip-prefix a
if-match ip next-hop acl 2000 and relationship — the matched traffic must meet both conditions;
apply cost 10
apply cost-type type-1 and relationship, perform two operations at the same time
The above is the target network number of the routing entry 1.1.1.0/24 and the next hop of this entry is 12.1.1.2;
Summarize or relate to:
Entries are matched one by one based on the site number (serial number) from top to bottom. The matching of the previous item is performed according to the previous item, and the next item is not checked - or the relationship
In each sequence number, all traffic is matched at the same time, and all small actions are performed at the same time---with the relationship