When you connect an SPBM core using IP shortcuts to existing networks running a routing protocol such as OSPF or RIP, a redundant configuration requires two switches:
One router redistributes IP routes from Routing Information Protocol (RIP)/Open Shortest Path First (OSPF) into IS-IS (IP).
The second router redistributes from IS-IS (IP) into RIP or OSPF.
The following figure illustrates this configuration.
In this scenario, take extra care when redistributing through both switches. By default, the preference value for IP routes generated by SPBM-IP (IS-IS) is 7. This is a higher preference than OSPF (20 for intra-area, 25 for inter-area, 120 for ext type1, 125 for ext type2) or RIP (100).
Note
The lower numerical value determines the higher preference.
In the preceding diagram both nodes (SwitchG and SwitchD) have an OSPF or a RIP route to 192.168.10.0/24 with the next-hop to SwitchA.
As soon as the SwitchG node redistributes that IP route into IS-IS, the SwitchD node learns the same route through IS-IS from SwitchG. (The SwitchG node already has the route through OSPF or RIP). Because IS-IS has a higher preference, SwitchD replaces its 192.168.10.0 OSPF route with an IS-IS one that points at SwitchG as the next-hop. The following figure illustrates this scenario.
Clearly, this is undesirable and you must ensure that the two redistributing nodes (SwitchG and SwitchD) do not accept redistributed routes from each other. With IS-IS accept policies, you can associate an IS-IS accept policy on SwitchD to reject all redistributed IP routes received from SwitchG, and SwitchG to reject all redistribute IP routes from SwitchD.
An alternate way to solve the preceding problem with existing functionality is to reverse the problem by lowering the SPBM-IP (IS-IS) preference by configuring it to a value greater than RIP (100) or OSPF (20,25,120,125). For example, log on to Global Configuration mode and use the following command to configure a preference of 130:
ip route preference protocol spbm-level1 130
Note
For IPv6, the command is ipv6 route preference protocol spbm-level1 130
Now that the OSPF or RIP routes have a higher preference than SPBM-IP (IS-IS), the problem is temporarily solved. However, the same issue resurfaces when the IS-IS IP routes are redistributed into OSPF or RIP in the reverse direction as shown in the following section for OSPF.
Important
You can apply a tag for routes that BGP or OSPF redistribute into IS-IS. This configuration ensures that if one BEB redistributes a route into IS-IS from either protocol, other BEBs do not redistribute tagged IS-IS routes back into BGP or OSPF. You can also create route-map policies to match the IS-IS tag. For more information, see IS-IS Route Tagging.
In the preceding figure, both SwitchG and SwitchD have an IS-IS IP route for 172.16.0.0/16 with the next hop as SwitchC. As soon as SwitchG redistributes the IS-IS route into OSPF, the SwitchD node learns that same route through OSPF from SwitchG. (The SwitchG node already has the route through IS-IS).
Because OSPF has a higher preference, SwitchD replaces its 172.16.0.0/16 IS-IS route with an OSPF one. (Note that the 172.16.0.0/16 route will be redistributed into OSPF as an AS external route, hence with preference 120 or 125 depending on whether type1 or type2 was used). In this case, however, you can leverage OSPF Accept policies, which can be configured to prevent SwitchD from accepting any AS External (LSA5) routes from SwitchG and prevent SwitchG from accepting any AS External (LSA5) routes from SwitchD. The following is a sample configuration:
enable
configure terminal
route-map
IP ROUTE MAP CONFIGURATION - GlobalRouter
route-map "reject" 1
no permit
enable
match protocol local|static|rip|ospf|ebgp|ibgp|dvmrp|isis
exit
OSPF CONFIGURATION - GlobalRouter
router ospf enable
OSPF ACCEPT CONFIGURATION - GlobalRouter
router ospf
accept adv-rtr {A.B.C.D}
accept adv-rtr {A.B.C.D} enable route-map "reject"
exit
Note
Disable alternative routes by issuing the command no ip alternative-route to avoid routing loops on the SMLT Backbone Edge Bridges (BEBs).
In the preceding figure, if SwitchA advertises 25000 OSPF routes to SwitchG and SwitchD, then both SwitchG and SwitchD install the 25000 routes as OSPF routes. Since SwitchD and SwitchG have OSPF to IS-IS redistribution enabled, they also learn these 25000 routes as IS-IS routes. IS-IS route preference is configured with a higher numerical value (130) than the OSPF route preference (125), so SwitchD and SwitchG keep IS-IS learned routes as alternative routes.
If SwitchA withdraws its 25000 OSPF routes, SwitchG and SwitchD remove the OSPF routes. While the OSPF routes are removed the routing tables of SwitchG and SwitchD activate the alternative IS-IS routes for the same prefix. Because SwitchG and SwitchD have IS-IS to OSPF redistribution enabled, SwitchA learns these routes as OSPF and this causes a routing loop. Use the no ip alternative-route command to disable alternative routes on SwitchG and SwitchD to avoid routing loops.
In the preceding section, you leveraged OSPF Accept policies, which can be configured to prevent SwitchD from accepting any AS External (LSA5) routes from SwitchG and prevent SwitchG from accepting any AS External (LSA5) routes from SwitchD. In the case of a RIP access network, the preceding solution is not possible because RIP has no concept of external routes and no equivalent of accept policies. However, if you assume that a RIP network acts as an access network to an SPBM core, then it is sufficient to ensure that when IS-IS IP routes are redistributed into RIP they are aggregated into a single default route at the same time. The following figure and sample configuration example illustrates this scenario:
SwitchG IP PREFIX LIST CONFIGURATION - GlobalRouter ip prefix-list "default" 0.0.0.0/0 ge 0 le 32 IP ROUTE MAP CONFIGURATION - GlobalRouter route-map "inject-default" 1 permit enable match protocol local|static|rip|ospf|ebgp|ibgp|dvmrp|isis exit route-map "match-network" 1 permit enable match protocol local|static|rip|ospf|ebgp|ibgp|dvmrp|isis exit route-map "set-injectlist" 1 permit enable match protocol local|static|rip|ospf|ebgp|ibgp|dvmrp|isis exit RIP PORT CONFIGURATION interface gigabitethernet 1/11 ip rip default-supply enable exit IP REDISTRIBUTION CONFIGURATION - GlobalRouter router rip redistribute isis redistribute isis metric 1 redistribute isis route-map "inject-default" redistribute isis enable exit IP REDISTRIBUTE APPLY CONFIGURATIONS ip rip apply redistribute isis
SwitchA RIP PORT CONFIGURATION interface gigabitethernet 1/2 ip rip default-listen enable exit interface gigabitethernet 1/3 ip rip default-listen enable exit
SwitchD IP PREFIX LIST CONFIGURATION - GlobalRouter ip prefix-list "default" 0.0.0.0/0 ge 0 le 32 IP ROUTE MAP CONFIGURATION - GlobalRouter route-map "inject-default" 1 permit enable match protocol local|static|rip|ospf|ebgp|ibgp|dvmrp|isis exit route-map "match-network" 1 permit enable match protocol local|static|rip|ospf|ebgp|ibgp|dvmrp|isis exit route-map "set-injectlist" 1 permit enable match protocol local|static|rip|ospf|ebgp|ibgp|dvmrp|isis exit RIP PORT CONFIGURATION interface gigabitethernet 1/11 ip rip default-supply enable exit IP REDISTRIBUTION CONFIGURATION - GlobalRouter router rip redistribute isis redistribute isis metric 1 redistribute isis route-map "inject-default" redistribute isis enable exit IP REDISTRIBUTE APPLY CONFIGURATIONS ip rip apply redistribute isis
You can control the propagation of the default route on the RIP network so that both SwitchG and SwitchD supply the default route on their relevant interfaces, and not accept it on the same interfaces. Likewise, SwitchA will accept the default route on its interfaces to both SwitchG and SwitchD but it will not supply the default route back to them. This will prevent the default route advertised by SwitchG from being installed by SwitchD, and vice-versa.
The preceding example where IS-IS IP routes are aggregated into a single default route when redistributed into the RIP network also applies when redistributing IS-IS IP routes into OSPF if that OSPF network is an access network to an SPBM core. In this case use the following redistribution policy configuration as an example for injecting IS-IS IP routes into OSPF:
IP PREFIX LIST CONFIGURATION - GlobalRouter ip prefix-list "default" 0.0.0.0/0 ge 0 le 32 IP ROUTE MAP CONFIGURATION - GlobalRouter route-map "inject-default" 1 permit enable match protocol local|static|rip|ospf|ebgp|ibgp|dvmrp|isis exit route-map "match-network" 1 permit enable match protocol local|static|rip|ospf|ebgp|ibgp|dvmrp|isis exit route-map "set-injectlist" 1 permit enable match protocol local|static|rip|ospf|ebgp|ibgp|dvmrp|isis exit OSPF CONFIGURATION - GlobalRouter router ospf enable router ospf as-boundary-router enable exit IP REDISTRIBUTION CONFIGURATION - GlobalRouter router ospf redistribute isis redistribute isis route-map "inject-default" redistribute isis enable exit IP REDISTRIBUTE APPLY CONFIGURATIONS ip ospf apply redistribute isis