When you connect an SPBM core using IP shortcuts to existing networks running a routing protocol such as OSPF or RIP, a redundant configuration requires two switches:
One router redistributes IP routes from Routing Information Protocol (RIP)/Open Shortest Path First (OSPF) into IS-IS (IP).
The second router redistributes from IS-IS (IP) into RIP or OSPF.
The following figure illustrates this configuration.
Important
The lower numerical value determines the higher preference.
As soon as the SwitchG node redistributes that IP route into IS-IS, the SwitchD node learns the same route through IS-IS from SwitchG. (The SwitchG node already has the route through OSPF or RIP). Because IS-IS has a higher preference, SwitchD replaces its 192.168.10.0 OSPF route with an IS-IS one that points at SwitchG as the next-hop. The following figure illustrates this scenario.
Clearly this is undesirable and care needs to be taken to ensure that the two redistributing nodes (SwitchG and SwitchD) do not accept redistributed routes from each other. With IS-IS accept policies, you can associate an IS-IS accept policy on SwitchD to reject all redistributed IP routes received from SwitchG, and SwitchG to reject all redistribute IP routes from SwitchD.
An alternate way to solve the preceding problem with existing functionality is to reverse the problem by lowering the SPBM-IP (IS-IS) preference by configuring it to a value greater than RIP (100) or OSPF (20,25,120,125). For example, log on to Global Configuration mode and use the following command to configure a preference of 130:
ip route preference protocol spbm-level1 130
Note
For IPv6, the command is ipv6 route preference protocol spbm-level1 130
Now that the OSPF or RIP routes have a higher preference than SPBM-IP (IS-IS), the problem is temporarily solved. However, the same issue resurfaces when the IS-IS IP routes are redistributed into OSPF or RIP in the reverse direction as shown in the following figure for OSPF:
In the preceding figure, both SwitchG and SwitchD have an IS-IS IP route for 172.16.0.0/16 with the next hop as SwitchC. As soon as SwitchG redistributes the IS-IS route into OSPF, the SwitchD node learns that same route through OSPF from SwitchG. (The SwitchG node already has the route through IS-IS).
Because OSPF has a higher preference, SwitchD replaces its 172.16.0.0/16 IS-IS route with an OSPF one. (Note that the 172.16.0.0/16 route will be redistributed into OSPF as an AS external route, hence with preference 120 or 125 depending on whether type1 or type2 was used). In this case, however, you can leverage OSPF Accept policies, which can be configured to prevent SwitchD from accepting any AS External (LSA5) routes from SwitchG and prevent SwitchG from accepting any AS External (LSA5) routes from SwitchD. The following is a sample configuration:
enable configure terminal route-map IP ROUTE MAP CONFIGURATION - GlobalRouter route-map "reject" 1 no permit enable match protocol local|static|rip|ospf|ebgp|ibgp|dvmrp|isis exit OSPF CONFIGURATION - GlobalRouter router ospf enable OSPF ACCEPT CONFIGURATION - GlobalRouter router ospf accept adv-rtr {A.B.C.D} accept adv-rtr {A.B.C.D} enable route-map "reject" exit
Note
Disable alternative routes by issuing the command no ip alternative-route to avoid routing loops on the SMLT Backbone Edge Bridges (BEBs).
In the preceding figure, if SwitchA advertises 25000 OSPF routes to SwitchG and SwitchD, then both SwitchG and SwitchD install the 25000 routes as OSPF routes. Since SwitchD and SwitchG have OSPF to IS-IS redistribution enabled, they also learn these 25000 routes as IS-IS routes. IS-IS route preference is configured with a higher numerical value (130) than the OSPF route preference (125), so SwitchD and SwitchG keep IS-IS learned routes as alternative routes.
If SwitchA withdraws its 25000 OSPF routes, SwitchG and SwitchD remove the OSPF routes. While the OSPF routes are removed the routing tables of SwitchG and SwitchD activate the alternative IS-IS routes for the same prefix. Since SwitchG and SwitchD have IS-IS to OSPF redistribution enabled, SwitchA learns these routes as OSPF and this causes a routing loop. Use the no ip alternative-route command to disable alternative routes on SwitchG and SwitchD to avoid routing loops.
In the preceding figure, you leveraged OSPF Accept policies, which can be configured to prevent SwitchD from accepting any AS External (LSA5) routes from SwitchG and prevent SwitchG from accepting any AS External (LSA5) routes from SwitchD. In the case of a RIP access network, the preceding solution is not possible because RIP has no concept of external routes and no equivalent of accept policies. However, if you assume that a RIP network acts as an access network to an SPBM core, then it is sufficient to ensure that when IS-IS IP routes are redistributed into RIP they are aggregated into a single default route at the same time. The following figure and sample configuration example illustrates this scenario:
IP PREFIX LIST CONFIGURATION - GlobalRouter ip prefix-list "default" 0.0.0.0/0 ge 0 le 32 IP ROUTE MAP CONFIGURATION - GlobalRouter route-map "inject-default" 1 permit enable match protocol local|static|rip|ospf|ebgp|ibgp|dvmrp|isis exit route-map "match-network" 1 permit enable match protocol local|static|rip|ospf|ebgp|ibgp|dvmrp|isis exit route-map "set-injectlist" 1 permit enable match protocol local|static|rip|ospf|ebgp|ibgp|dvmrp|isis exit RIP PORT CONFIGURATION interface gigabitethernet 1/11 ip rip default-supply enable exit IP REDISTRIBUTION CONFIGURATION - GlobalRouter router rip redistribute isis redistribute isis metric 1 redistribute isis route-map "inject-default" redistribute isis enable exit IP REDISTRIBUTE APPLY CONFIGURATIONS ip rip apply redistribute isis
RIP PORT CONFIGURATION interface gigabitethernet 1/2 ip rip default-listen enable exit interface gigabitethernet 1/3 ip rip default-listen enable exit
IP PREFIX LIST CONFIGURATION - GlobalRouter ip prefix-list "default" 0.0.0.0/0 ge 0 le 32 IP ROUTE MAP CONFIGURATION - GlobalRouter route-map "inject-default" 1 permit enable match protocol local|static|rip|ospf|ebgp|ibgp|dvmrp|isis exit route-map "match-network" 1 permit enable match protocol local|static|rip|ospf|ebgp|ibgp|dvmrp|isis exit route-map "set-injectlist" 1 permit enable match protocol local|static|rip|ospf|ebgp|ibgp|dvmrp|isis exit RIP PORT CONFIGURATION interface gigabitethernet 1/11 ip rip default-supply enable exit IP REDISTRIBUTION CONFIGURATION - GlobalRouter router rip redistribute isis redistribute isis metric 1 redistribute isis route-map "inject-default" redistribute isis enable exit IP REDISTRIBUTE APPLY CONFIGURATIONS ip rip apply redistribute isis
You can control the propagation of the default route on the RIP network so that both SwitchG and SwitchD supply the default route on their relevant interfaces, and not accept it on the same interfaces. Likewise, SwitchA will accept the default route on its interfaces to both SwitchG and SwitchD but it will not supply the default route back to them. This will prevent the default route advertised by SwitchG from being installed by SwitchD, and vice-versa.
The preceding example where IS-IS IP routes are aggregated into a single default route when redistributed into the RIP network also applies when redistributing IS-IS IP routes into OSPF if that OSPF network is an access network to an SPBM core. In this case use the following redistribution policy configuration as an example for injecting IS-IS IP routes into OSPF:
IP PREFIX LIST CONFIGURATION - GlobalRouter ip prefix-list "default" 0.0.0.0/0 ge 0 le 32 IP ROUTE MAP CONFIGURATION - GlobalRouter route-map "inject-default" 1 permit enable match protocol local|static|rip|ospf|ebgp|ibgp|dvmrp|isis exit route-map "match-network" 1 permit enable match protocol local|static|rip|ospf|ebgp|ibgp|dvmrp|isis exit route-map "set-injectlist" 1 permit enable match protocol local|static|rip|ospf|ebgp|ibgp|dvmrp|isis exit OSPF CONFIGURATION - GlobalRouter router ospf enable router ospf as-boundary-router enable exit IP REDISTRIBUTION CONFIGURATION - GlobalRouter router ospf redistribute isis redistribute isis route-map "inject-default" redistribute isis enable exit IP REDISTRIBUTE APPLY CONFIGURATIONS ip ospf apply redistribute isis