Route maps are “Match and Set statement” i.e. Match a criteria and set the parameter or condition.
Example
On router R1 you make a policy
- Match Voice = Set next hop 1.1.1.2
- Match Data = Set Next hop 2.1.1.2
Because the link on 1.0.0.0 is 16 Mb and on 2.0.0.0 is 2 Mb, as delay is not tolerable in the case of voice packets so we can make a policy to send voice packets on the link with 1.0.0.0 network.
If you want to send voice and data on the same link, you should implement Qos.
It is a very powerful concept and to properly implement it, you should be very good at making access-lists.
It’s very easy just match and set statements.
Practical LAB
We’ve 15 (Networks) static routes from 192.168.1.0 to 192.168.15.0, we want to redistribute them in OSPF in such a way, on router B odd routes i.e. 1, 3, 5, 7, 9, 11, 13, 15 appear as OE1 and even routes 2, 4, 6, 8, 10, 12, 14 appear as appear as OE2.
Verify what other routing protocols are configured
R1#show ip protocols
R1#
|
Checking routing table
A#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
*****OUTPUT OMITTED*****
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.1.1.0/24 is directly connected, FastEthernet0/0
L 1.1.1.1/32 is directly connected, FastEthernet0/0
2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 2.1.1.0/24 is directly connected, FastEthernet0/1
L 2.1.1.1/32 is directly connected, FastEthernet0/1
|
Configuring OSPF on the routers
A#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
A(config)#router ospf 1
A(config-router)#network 1.1.1.0 0.0.0.255 area 0
A(config-router)#network 2.1.1.0 0.0.0.255 area 0
A(config-router)#^Z
A#
|
B#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
B(config)#router ospf 1
B(config-router)#network 1.1.1.0 0.0.0.255 area 0
B(config-router)#network 1.1.1.0 0.0.0.255 area 0
*Mar 6 11:34:46.435: %OSPF-5-ADJCHG: Process 1, Nbr 2.1.1.1 on FastEthernet0/0 from LOADING to FULL, Loading Done
B(config-router)#network 2.1.1.0 0.0.0.255 area 0
B(config-router)#
*Mar 6 11:34:54.867: %OSPF-5-ADJCHG: Process 1, Nbr 2.1.1.1 on FastEthernet0/1 from LOADING to FULL, Loading Done
B(config-router)#^Z
|
Defining Static Routes
A#conf terminal
Enter configuration commands, one per line. End with CNTL/Z.
A(config)#ip route 172.16.1.0 255.255.255.0 null 0
A(config)#ip route 172.16.2.0 255.255.255.0 null 0
A(config)#ip route 172.16.3.0 255.255.255.0 null 0
A(config)#ip route 172.16.4.0 255.255.255.0 null 0
A(config)#ip route 172.16.5.0 255.255.255.0 null 0
A(config)#ip route 172.16.6.0 255.255.255.0 null 0
A(config)#ip route 172.16.7.0 255.255.255.0 null 0
A(config)#ip route 172.16.8.0 255.255.255.0 null 0
A(config)#ip route 172.16.9.0 255.255.255.0 null 0
A(config)#ip route 172.16.10.0 255.255.255.0 null 0
A(config)#ip route 172.16.11.0 255.255.255.0 null 0
A(config)#ip route 172.16.12.0 255.255.255.0 null 0
A(config)#ip route 172.16.13.0 255.255.255.0 null 0
A(config)#ip route 172.16.14.0 255.255.255.0 null 0
A(config)#ip route 172.16.15.0 255.255.255.0 null 0
|
Requirement
Odd routes 1, 3, 5, 7, 9, 11, 13, 15 should appear as OE1
Even Routes 2, 4, 6, 8, 10, 12, 14 should appear as OE2
There are two methods are doing it
Method 1
A#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
A(config)#access-list 10 permit 172.16.1.0 0.0.0.255
A(config)#access-list 10 permit 172.16.3.0 0.0.0.255
A(config)#access-list 10 permit 172.16.5.0 0.0.0.255
A(config)#access-list 10 permit 172.16.7.0 0.0.0.255
A(config)#access-list 10 permit 172.16.9.0 0.0.0.255
A(config)#access-list 10 permit 172.16.11.0 0.0.0.255
A(config)#access-list 10 permit 172.16.13.0 0.0.0.255
A(config)#access-list 10 permit 172.16.15.0 0.0.0.255
A(config)#
A(config)#access-list 20 permit 172.16.2.0 0.0.0.255
A(config)#access-list 20 permit 172.16.4.0 0.0.0.255
A(config)#access-list 20 permit 172.16.6.0 0.0.0.255
A(config)#access-list 20 permit 172.16.8.0 0.0.0.255
A(config)#access-list 20 permit 172.16.10.0 0.0.0.255
A(config)#access-list 20 permit 172.16.12.0 0.0.0.255
A(config)#access-list 20 permit 172.16.14.0 0.0.0.255
|
Access-list is not just used to block the traffic, it is indeed the biggest tool, if you’re good at it, you can do anything on advance level, you can make policies.
Why wild card mask?
If we don’t have wild card mask and we want to block traffic from 192.168.1.1 to 192.168.1.255 we’ll have to write 255 lines like
Access-list 10 deny 172.16.1.1
Access-list 10 deny 172.16.1.2
Till
Access-list 10 deny 172.16.1.255
But because of wild card mask we can write it in one line
Access-list 10 deny 172.16.1.0 0.0.0.255
|
Configuring Route-map
A(config)#route-map rmap permit ?
<0-65535> Sequence to insert to/delete from existing route-map entry
<cr>
|
While configuring route maps, always keep cushion between route-map numbers, it’s like access-list.
Route Maps are processed according to the sequence no 1st line will be processed first if you deny something in 1st line and permit in 2nd line it is useless because of 1st line it will be denied.
Route Maps are processed according to the sequence no 1st line will be processed first if you deny something in 1st line and permit in 2nd line it is useless because of 1st line it will be denied.
A(config)#route-map rmap permit 10
A(config-route-map)#match ip address 10
A(config-route-map)#set metric-type type-1
A(config-route-map)#exit
A(config)#
A(config)#route-map rmap permit 20
A(config-route-map)#match ip address 20
A(config-route-map)#set metric-type type-2
A(config-route-map)#^Z
|
Route Map Sequence Number and Access-List number have no relationship; they have got nothing to do with each other they might be same or they might be different.
Redistributing static routes
A#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
A(config)#router ospf 1
A(config-router)#redistribute static subnets route-map rmap
A(config-router)#^Z
A#
*Mar 6 11:57:41.871: %SYS-5-CONFIG_I: Configured from console by console
|
Before we use to redistribute only static and subnets, now we redistributed static subnets according to route map (rmap) policy.
Verifying impact on B's Routing table
B#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
*****OUTPUT OMITTED*****
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.1.1.0/24 is directly connected, FastEthernet0/0
L 1.1.1.2/32 is directly connected, FastEthernet0/0
2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 2.1.1.0/24 is directly connected, FastEthernet0/1
L 2.1.1.2/32 is directly connected, FastEthernet0/1
172.16.0.0/24 is subnetted, 15 subnets
O E1 172.16.1.0 [110/21] via 2.1.1.1, 00:01:17, FastEthernet0/1
[110/21] via 1.1.1.1, 00:01:17, FastEthernet0/0
O E2 172.16.2.0 [110/20] via 2.1.1.1, 00:01:17, FastEthernet0/1
[110/20] via 1.1.1.1, 00:01:17, FastEthernet0/0
O E1 172.16.3.0 [110/21] via 2.1.1.1, 00:01:17, FastEthernet0/1
[110/21] via 1.1.1.1, 00:01:17, FastEthernet0/0
O E2 172.16.4.0 [110/20] via 2.1.1.1, 00:01:17, FastEthernet0/1
[110/20] via 1.1.1.1, 00:01:17, FastEthernet0/0
O E1 172.16.5.0 [110/21] via 2.1.1.1, 00:01:17, FastEthernet0/1
[110/21] via 1.1.1.1, 00:01:17, FastEthernet0/0
O E2 172.16.6.0 [110/20] via 2.1.1.1, 00:01:17, FastEthernet0/1
[110/20] via 1.1.1.1, 00:01:17, FastEthernet0/0
O E1 172.16.7.0 [110/21] via 2.1.1.1, 00:01:17, FastEthernet0/1
[110/21] via 1.1.1.1, 00:01:17, FastEthernet0/0
O E2 172.16.8.0 [110/20] via 2.1.1.1, 00:01:17, FastEthernet0/1
[110/20] via 1.1.1.1, 00:01:17, FastEthernet0/0
O E1 172.16.9.0 [110/21] via 2.1.1.1, 00:01:17, FastEthernet0/1
[110/21] via 1.1.1.1, 00:01:17, FastEthernet0/0
O E2 172.16.10.0 [110/20] via 2.1.1.1, 00:01:17, FastEthernet0/1
[110/20] via 1.1.1.1, 00:01:17, FastEthernet0/0
O E1 172.16.11.0 [110/21] via 2.1.1.1, 00:01:17, FastEthernet0/1
[110/21] via 1.1.1.1, 00:01:17, FastEthernet0/0
O E2 172.16.12.0 [110/20] via 2.1.1.1, 00:01:17, FastEthernet0/1
[110/20] via 1.1.1.1, 00:01:17, FastEthernet0/0
O E1 172.16.13.0 [110/21] via 2.1.1.1, 00:01:17, FastEthernet0/1
[110/21] via 1.1.1.1, 00:01:17, FastEthernet0/0
O E2 172.16.14.0 [110/20] via 2.1.1.1, 00:01:17, FastEthernet0/1
[110/20] via 1.1.1.1, 00:01:17, FastEthernet0/0
O E1 172.16.15.0 [110/21] via 2.1.1.1, 00:01:17, FastEthernet0/1
[110/21] via 1.1.1.1, 00:01:17, FastEthernet0/0
|
Undo conf. and try 2nd method
A#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
A(config)#no access-list 10
A(config)#no access-list 20
|
Method 2
Making a smart Move
You can even define access-list in one line instead writing a lengthy access-list.
Finding out Wild Card Mask
Write first and last IP address binary, where column matches write 0 and where it didn’t match write 1.
Wildcard mask for odd numbered routes
172.16.1.0 = 10101100. 00010000. 00000001. 0
172.16.15.0 = 10101100. 00010000. 00001111. 0
00000000. 00000000. 00001110. 0
0 . 0 . 14 . 0
0.0.14.0
Wildcard mask for even numbered routes
(You can start it from 0 or 2)
172.16.0.0 = 10101100. 00010000. 00000000. 0
172.16.14.0 = 10101100. 00010000. 00001110. 0
00000000. 00000000. 00001110. 0
0 . 0 . 14 . 0
0.0.14.0
Although the wild card mask is similar but it depends upon IP address which we’re writing in our access-list.
A(config)#access-list 10 permit 172.16.1.0 0.0.14.0
It means all the odd routes as the starting IP address is 1.
A(config)#access-list 20 permit 172.16.2.0 0.0.14.0
It means all the even routes as the starting IP address is 0.
have “deny all” statement in the end so we’ll have to make another route-map to allow the remaining.
|
Verifying configuration on B before configuration
B#show ip route
*****OUTPUT OMITTED
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.1.1.0/24 is directly connected, FastEthernet0/0
L 1.1.1.2/32 is directly connected, FastEthernet0/0
2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 2.1.1.0/24 is directly connected, FastEthernet0/1
L 2.1.1.2/32 is directly connected, FastEthernet0/1
172.16.0.0/24 is subnetted, 15 subnets
O E1 172.16.1.0 [110/21] via 2.1.1.1, 00:12:29, FastEthernet0/1
[110/21] via 1.1.1.1, 00:12:29, FastEthernet0/0
O E1 172.16.2.0 [110/21] via 2.1.1.1, 00:00:05, FastEthernet0/1
[110/21] via 1.1.1.1, 00:00:05, FastEthernet0/0
O E1 172.16.3.0 [110/21] via 2.1.1.1, 00:12:29, FastEthernet0/1
[110/21] via 1.1.1.1, 00:12:29, FastEthernet0/0
O E1 172.16.4.0 [110/21] via 2.1.1.1, 00:00:05, FastEthernet0/1
[110/21] via 1.1.1.1, 00:00:05, FastEthernet0/0
O E1 172.16.5.0 [110/21] via 2.1.1.1, 00:12:29, FastEthernet0/1
[110/21] via 1.1.1.1, 00:12:29, FastEthernet0/0
O E1 172.16.6.0 [110/21] via 2.1.1.1, 00:00:05, FastEthernet0/1
[110/21] via 1.1.1.1, 00:00:05, FastEthernet0/0
O E1 172.16.7.0 [110/21] via 2.1.1.1, 00:12:29, FastEthernet0/1
[110/21] via 1.1.1.1, 00:12:29, FastEthernet0/0
O E1 172.16.8.0 [110/21] via 2.1.1.1, 00:00:05, FastEthernet0/1
[110/21] via 1.1.1.1, 00:00:05, FastEthernet0/0
O E1 172.16.9.0 [110/21] via 2.1.1.1, 00:12:29, FastEthernet0/1
[110/21] via 1.1.1.1, 00:12:29, FastEthernet0/0
O E1 172.16.10.0 [110/21] via 2.1.1.1, 00:00:05, FastEthernet0/1
[110/21] via 1.1.1.1, 00:00:05, FastEthernet0/0
O E1 172.16.11.0 [110/21] via 2.1.1.1, 00:12:29, FastEthernet0/1
[110/21] via 1.1.1.1, 00:12:29, FastEthernet0/0
O E1 172.16.12.0 [110/21] via 2.1.1.1, 00:00:05, FastEthernet0/1
[110/21] via 1.1.1.1, 00:00:05, FastEthernet0/0
O E1 172.16.13.0 [110/21] via 2.1.1.1, 00:12:29, FastEthernet0/1
[110/21] via 1.1.1.1, 00:12:29, FastEthernet0/0
O E1 172.16.14.0 [110/21] via 2.1.1.1, 00:00:05, FastEthernet0/1
[110/21] via 1.1.1.1, 00:00:05, FastEthernet0/0
O E1 172.16.15.0 [110/21] via 2.1.1.1, 00:12:29, FastEthernet0/1
[110/21] via 1.1.1.1, 00:12:29, FastEthernet0/0
|
Configuring access-list
A#conf terminal
Enter configuration commands, one per line. End with CNTL/Z.
A(config)#access-list 10 permit 172.16.1.0 0.0.14.0
A(config)#access-list 20 permit 172.16.2.0 0.0.14.0
|
Verifying impact on routing table of B
B#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
*****OUTPUT OMITTED*****
Gateway of last resort is not set
*****OUTPUT OMITTED*****
O E1 172.16.1.0 [110/21] via 2.1.1.1, 00:01:17, FastEthernet0/1
[110/21] via 1.1.1.1, 00:01:17, FastEthernet0/0
O E2 172.16.2.0 [110/20] via 2.1.1.1, 00:01:17, FastEthernet0/1
[110/20] via 1.1.1.1, 00:01:17, FastEthernet0/0
O E1 172.16.3.0 [110/21] via 2.1.1.1, 00:01:17, FastEthernet0/1
[110/21] via 1.1.1.1, 00:01:17, FastEthernet0/0
O E2 172.16.4.0 [110/20] via 2.1.1.1, 00:01:17, FastEthernet0/1
[110/20] via 1.1.1.1, 00:01:17, FastEthernet0/0
O E1 172.16.5.0 [110/21] via 2.1.1.1, 00:01:17, FastEthernet0/1
[110/21] via 1.1.1.1, 00:01:17, FastEthernet0/0
O E2 172.16.6.0 [110/20] via 2.1.1.1, 00:01:17, FastEthernet0/1
[110/20] via 1.1.1.1, 00:01:17, FastEthernet0/0
O E1 172.16.7.0 [110/21] via 2.1.1.1, 00:01:17, FastEthernet0/1
[110/21] via 1.1.1.1, 00:01:17, FastEthernet0/0
O E2 172.16.8.0 [110/20] via 2.1.1.1, 00:01:17, FastEthernet0/1
[110/20] via 1.1.1.1, 00:01:17, FastEthernet0/0
O E1 172.16.9.0 [110/21] via 2.1.1.1, 00:01:17, FastEthernet0/1
[110/21] via 1.1.1.1, 00:01:17, FastEthernet0/0
O E2 172.16.10.0 [110/20] via 2.1.1.1, 00:01:17, FastEthernet0/1
[110/20] via 1.1.1.1, 00:01:17, FastEthernet0/0
O E1 172.16.11.0 [110/21] via 2.1.1.1, 00:01:17, FastEthernet0/1
[110/21] via 1.1.1.1, 00:01:17, FastEthernet0/0
O E2 172.16.12.0 [110/20] via 2.1.1.1, 00:01:17, FastEthernet0/1
[110/20] via 1.1.1.1, 00:01:17, FastEthernet0/0
O E1 172.16.13.0 [110/21] via 2.1.1.1, 00:01:17, FastEthernet0/1
[110/21] via 1.1.1.1, 00:01:17, FastEthernet0/0
O E2 172.16.14.0 [110/20] via 2.1.1.1, 00:01:17, FastEthernet0/1
[110/20] via 1.1.1.1, 00:01:17, FastEthernet0/0
O E1 172.16.15.0 [110/21] via 2.1.1.1, 00:01:17, FastEthernet0/1
[110/21] via 1.1.1.1, 00:01:17, FastEthernet0/0
|
For any correction, improvement or suggestion please do not hesitate to reach out at usman@cyberswats.com
0 Comments