IS-IS IP Redistribution Policies

When you connect an SPBM core using IP shortcuts to existing networks running a routing protocol such as OSPF or RIP, a redundant configuration requires two switches:

The following figure illustrates this configuration.

Click to expand in new window
Redundant OSPF or RIP Network

In this scenario, take extra care when redistributing through both switches. By default, the preference value for IP routes generated by SPBM-IP (IS-IS) is 7. This is a higher preference than OSPF (20 for intra-area, 25 for inter-area, 120 for ext type1, 125 for ext type2) or RIP (100).

Note

Note

The lower numerical value determines the higher preference.

In the preceding diagram both nodes (SwitchG and SwitchD) have an OSPF or a RIP route to 192.168.10.0/24 with the next-hop to SwitchA.

As soon as the SwitchG node redistributes that IP route into IS-IS, the SwitchD node learns the same route through IS-IS from SwitchG. (The SwitchG node already has the route through OSPF or RIP). Because IS-IS has a higher preference, SwitchD replaces its 192.168.10.0 OSPF route with an IS-IS one that points at SwitchG as the next-hop. The following figure illustrates this scenario.

Click to expand in new window
Redistributing Routes into IS-IS

Clearly, this is undesirable and you must ensure that the two redistributing nodes (SwitchG and SwitchD) do not accept redistributed routes from each other. With IS-IS accept policies, you can associate an IS-IS accept policy on SwitchD to reject all redistributed IP routes received from SwitchG, and SwitchG to reject all redistribute IP routes from SwitchD.

An alternate way to solve the preceding problem with existing functionality is to reverse the problem by lowering the SPBM-IP (IS-IS) preference by configuring it to a value greater than RIP (100) or OSPF (20,25,120,125). For example, log on to Global Configuration mode and use the following command to configure a preference of 130:

ip route preference protocol spbm-level1 130

Note

Note

For IPv6, the command is ipv6 route preference protocol spbm-level1 130

Now that the OSPF or RIP routes have a higher preference than SPBM-IP (IS-IS), the problem is temporarily solved. However, the same issue resurfaces when the IS-IS IP routes are redistributed into OSPF or RIP in the reverse direction as shown in the following section for OSPF.

Important

Important

You can apply a tag for routes that BGP or OSPF redistribute into IS-IS. This configuration ensures that if one BEB redistributes a route into IS-IS from either protocol, other BEBs do not redistribute tagged IS-IS routes back into BGP or OSPF. You can also create route-map policies to match the IS-IS tag. For more information, see IS-IS Route Tagging.

OSPF Example

Click to expand in new window
Redistributing Routes into OSPF

In the preceding figure, both SwitchG and SwitchD have an IS-IS IP route for 172.16.0.0/16 with the next hop as SwitchC. As soon as SwitchG redistributes the IS-IS route into OSPF, the SwitchD node learns that same route through OSPF from SwitchG. (The SwitchG node already has the route through IS-IS).

Because OSPF has a higher preference, SwitchD replaces its 172.16.0.0/16 IS-IS route with an OSPF one. (Note that the 172.16.0.0/16 route will be redistributed into OSPF as an AS external route, hence with preference 120 or 125 depending on whether type1 or type2 was used). In this case, however, you can leverage OSPF Accept policies, which can be configured to prevent SwitchD from accepting any AS External (LSA5) routes from SwitchG and prevent SwitchG from accepting any AS External (LSA5) routes from SwitchD. The following is a sample configuration:

enable
configure terminal
route-map

IP ROUTE MAP CONFIGURATION - GlobalRouter

route-map "reject" 1
no permit
enable 
match protocol local|static|rip|ospf|ebgp|ibgp|dvmrp|isis
exit

OSPF CONFIGURATION - GlobalRouter

router ospf enable

OSPF ACCEPT CONFIGURATION - GlobalRouter

router ospf
accept adv-rtr {A.B.C.D}
accept adv-rtr {A.B.C.D} enable route-map "reject"
exit
Note

Note

Disable alternative routes by issuing the command no ip alternative-route to avoid routing loops on the SMLT Backbone Edge Bridges (BEBs).

In the preceding figure, if SwitchA advertises 25000 OSPF routes to SwitchG and SwitchD, then both SwitchG and SwitchD install the 25000 routes as OSPF routes. Since SwitchD and SwitchG have OSPF to IS-IS redistribution enabled, they also learn these 25000 routes as IS-IS routes. IS-IS route preference is configured with a higher numerical value (130) than the OSPF route preference (125), so SwitchD and SwitchG keep IS-IS learned routes as alternative routes.

If SwitchA withdraws its 25000 OSPF routes, SwitchG and SwitchD remove the OSPF routes. While the OSPF routes are removed the routing tables of SwitchG and SwitchD activate the alternative IS-IS routes for the same prefix. Because SwitchG and SwitchD have IS-IS to OSPF redistribution enabled, SwitchA learns these routes as OSPF and this causes a routing loop. Use the no ip alternative-route command to disable alternative routes on SwitchG and SwitchD to avoid routing loops.

RIP Examples

In the preceding section, you leveraged OSPF Accept policies, which can be configured to prevent SwitchD from accepting any AS External (LSA5) routes from SwitchG and prevent SwitchG from accepting any AS External (LSA5) routes from SwitchD. In the case of a RIP access network, the preceding solution is not possible because RIP has no concept of external routes and no equivalent of accept policies. However, if you assume that a RIP network acts as an access network to an SPBM core, then it is sufficient to ensure that when IS-IS IP routes are redistributed into RIP they are aggregated into a single default route at the same time. The following figure and sample configuration example illustrates this scenario:

Click to expand in new window
Redistributing Routes into RIP
SwitchG
IP PREFIX LIST CONFIGURATION - GlobalRouter

ip prefix-list "default" 0.0.0.0/0 ge 0 le 32

IP ROUTE MAP CONFIGURATION - GlobalRouter

route-map "inject-default" 1
permit
enable
match protocol local|static|rip|ospf|ebgp|ibgp|dvmrp|isis
exit

route-map "match-network" 1
permit
enable
match protocol local|static|rip|ospf|ebgp|ibgp|dvmrp|isis
exit

route-map "set-injectlist" 1
permit
enable
match protocol local|static|rip|ospf|ebgp|ibgp|dvmrp|isis
exit

RIP PORT CONFIGURATION

interface gigabitethernet 1/11
ip rip default-supply enable
exit

IP REDISTRIBUTION CONFIGURATION - GlobalRouter

router rip
redistribute isis
redistribute isis metric 1
redistribute isis route-map "inject-default"
redistribute isis enable
exit

IP REDISTRIBUTE APPLY CONFIGURATIONS

ip rip apply redistribute isis
SwitchA
RIP PORT CONFIGURATION

interface gigabitethernet 1/2 
ip rip default-listen enable
exit
interface gigabitethernet 1/3 
ip rip default-listen enable
exit
SwitchD
IP PREFIX LIST CONFIGURATION - GlobalRouter

ip prefix-list "default" 0.0.0.0/0 ge 0 le 32

IP ROUTE MAP CONFIGURATION - GlobalRouter

route-map "inject-default" 1
permit
enable
match protocol local|static|rip|ospf|ebgp|ibgp|dvmrp|isis
exit

route-map "match-network" 1
permit
enable
match protocol local|static|rip|ospf|ebgp|ibgp|dvmrp|isis
exit

route-map "set-injectlist" 1
permit
enable
match protocol local|static|rip|ospf|ebgp|ibgp|dvmrp|isis
exit

RIP PORT CONFIGURATION

interface gigabitethernet 1/11
ip rip default-supply enable
exit

IP REDISTRIBUTION CONFIGURATION - GlobalRouter

router rip
redistribute isis
redistribute isis metric 1
redistribute isis route-map "inject-default"
redistribute isis enable
exit

IP REDISTRIBUTE APPLY CONFIGURATIONS

ip rip apply redistribute isis

You can control the propagation of the default route on the RIP network so that both SwitchG and SwitchD supply the default route on their relevant interfaces, and not accept it on the same interfaces. Likewise, SwitchA will accept the default route on its interfaces to both SwitchG and SwitchD but it will not supply the default route back to them. This will prevent the default route advertised by SwitchG from being installed by SwitchD, and vice-versa.

The preceding example where IS-IS IP routes are aggregated into a single default route when redistributed into the RIP network also applies when redistributing IS-IS IP routes into OSPF if that OSPF network is an access network to an SPBM core. In this case use the following redistribution policy configuration as an example for injecting IS-IS IP routes into OSPF:

IP PREFIX LIST CONFIGURATION - GlobalRouter

ip prefix-list "default" 0.0.0.0/0 ge 0 le 32

IP ROUTE MAP CONFIGURATION - GlobalRouter

route-map "inject-default" 1
permit
enable
match protocol local|static|rip|ospf|ebgp|ibgp|dvmrp|isis
exit

route-map "match-network" 1
permit
enable
match protocol local|static|rip|ospf|ebgp|ibgp|dvmrp|isis
exit

route-map "set-injectlist" 1
permit
enable
match protocol local|static|rip|ospf|ebgp|ibgp|dvmrp|isis
exit


OSPF CONFIGURATION - GlobalRouter

router ospf enable
router ospf
as-boundary-router enable
exit

IP REDISTRIBUTION CONFIGURATION - GlobalRouter

router ospf
redistribute isis
redistribute isis route-map "inject-default"
redistribute isis enable
exit

IP REDISTRIBUTE APPLY CONFIGURATIONS

ip ospf apply redistribute isis