EIGRP Lab 4 Route filtering with route-map
Previous Next
Download Lab: GNS3
Prerequisites:
Cisco IOSv (vios-adventerprisek9-m.vmdk.SPA.156-2.T)
Introduction:
If you are lacking experience with eigrp route filtering using route-map and prefix-list this lab is very great to improve your skills. In this lab, the topology consists of 8 routers running eigrp routing protocol as one domain. The left side of the diagram is where data center resides and the right side is where customers connecting to the POPs. Loopback interfaces will be representing both sides. The goal of this lab is to filter routes based on the subnet prefixes to control incoming traffic to the data center from the customers. For example, if a customer accesses the service which is located off subnet with /24 its traffic goes through the middle link in the topology and if service is off subnet /20 it goes via the upper link. You will be configuring partially eigrp, prefix-list, route-map and filtering of subnets using distribute-list.
Topology:
Lab procedures:
Step1: R4 router is where data center connects to the networking infrastructure. Loopback1 interface has multiple IP addresses configured to imitate subnets.
Use these commands to learn about subnets:
R4# show running-config interface lo1
R4#show ip route connected | exclude /32
Step 2: Verify that the R7 router has been learned R4’s 4.4.4.4 network.
R7#show ip route 4.4.4.4
Use this command to confirm that R4 does not announce datacenter prefixes yet.
R7#show ip route 172.16.0.0 255.255.0.0 longer-prefixes
As you can see R4 advertises its loopback0’s IP address but not subnets of loopback1.
Step 3: Using the least amount of network statements, include loopback1’s subnets into the eigrp routing process. Then verify if R4 advertise and R7 receives subnets.
R4(config)#router eigrp 10
R4(config-router)#network 172.16.0.0 0.0.31.255
R4(config-router)# network 172.16.32.0 0.0.15.255
R4#show ip eigrp topology | include 172.16.
R7#show ip route eigrp
R7 should have 3 successor routes to each subnet of 172.16.0.0/16 network for now but the goal of this lab is to control the way incoming traffic goes to the datacenter.
Objectives for traffic flow:
Step 4: Create multiple prefix-list statements for each prefix exists in the 172.16.0.0/16 network at the loopback1 interface of router R4. This way you will be able to easily adapt, in case the future requirements for traffic flow will be changed. Copy and paste configurations into R4 global configuration mode:
ip prefix-list FILTER_172.16 seq 5 permit 172.16.0.0/16 le 32
ip prefix-list FILTER_20 seq 5 permit 172.16.0.0/16 ge 20 le 20
ip prefix-list FILTER_21 seq 5 permit 172.16.0.0/16 ge 21 le 21
ip prefix-list FILTER_22 seq 5 permit 172.16.0.0/16 ge 22 le 22
ip prefix-list FILTER_23 seq 5 permit 172.16.0.0/16 ge 23 le 23
ip prefix-list FILTER_24 seq 5 permit 172.16.0.0/16 ge 24 le 24
ip prefix-list FILTER_25 seq 5 permit 172.16.0.0/16 ge 25 le 25
ip prefix-list FILTER_26 seq 5 permit 172.16.0.0/16 ge 26 le 26
ip prefix-list FILTER_27 seq 5 permit 172.16.0.0/16 ge 27 le 27
ip prefix-list FILTER_28 seq 5 permit 172.16.0.0/16 ge 28 le 28
ip prefix-list FILTER_29 seq 5 permit 172.16.0.0/16 ge 29 le 29
ip prefix-list FILTER_30 seq 5 permit 172.16.0.0/16 ge 30 le 30
Step5: Using three route-maps, match prefix-list statements according to traffic flow objectives shown in step 3. Copy and paste configurations into R4 global configuration mode:
route-map VIA_R1 permit 10
match ip address prefix-list FILTER_24
route-map VIA_R1 deny 20
match ip address prefix-list FILTER_172.16
route-map VIA_R1 permit 30
route-map VIA_R3 permit 10
match ip address prefix-list FILTER_20 FILTER_21 FILTER_22 FILTER_23
route-map VIA_R3 deny 20
match ip address prefix-list FILTER_172.16
route-map VIA_R3 permit 30
route-map VIA_R5 permit 10
match ip address prefix-list FILTER_25 FILTER_26 FILTER_27 FILTER_28 FILTER_29 FILTER_30
route-map VIA_R5 deny 20
match ip address prefix-list FILTER_172.16
route-map VIA_R5 permit 30
Step 6: Final step in the configuration is to filter routes with distribute-list in router eigrp mode, using route-map:
router eigrp 10
distribute-list route-map VIA_R1 out GigabitEthernet0/0
distribute-list route-map VIA_R3 out GigabitEthernet0/1
distribute-list route-map VIA_R5 out GigabitEthernet0/2
Step 7: Verification.
R7#show ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 27 subnets, 11 masks
D 172.16.0.0/24 [90/131328] via 10.0.2.9, 00:00:08, GigabitEthernet0/0
D 172.16.1.0/24 [90/131328] via 10.0.2.9, 00:00:08, GigabitEthernet0/0
D 172.16.2.0/24 [90/131328] via 10.0.2.9, 00:00:08, GigabitEthernet0/0
D 172.16.3.0/24 [90/131328] via 10.0.2.9, 00:00:08, GigabitEthernet0/0
D 172.16.4.0/24 [90/131328] via 10.0.2.9, 00:00:08, GigabitEthernet0/0
D 172.16.5.0/24 [90/131328] via 10.0.2.9, 00:00:08, GigabitEthernet0/0
D 172.16.6.0/24 [90/131328] via 10.0.2.9, 00:00:08, GigabitEthernet0/0
D 172.16.7.0/24 [90/131328] via 10.0.2.9, 00:00:08, GigabitEthernet0/0
D 172.16.8.0/21 [90/131328] via 10.0.7.2, 00:00:08, GigabitEthernet0/1
D 172.16.16.0/22 [90/131328] via 10.0.7.2, 00:00:08, GigabitEthernet0/1
D 172.16.20.0/23 [90/131328] via 10.0.7.2, 00:00:08, GigabitEthernet0/1
D 172.16.24.0/21 [90/131328] via 10.0.7.2, 00:00:08, GigabitEthernet0/1
D 172.16.32.0/20 [90/131328] via 10.0.7.2, 00:00:08, GigabitEthernet0/1
D 172.16.22.0/25 [90/131328] via 10.0.7.6, 00:00:08, GigabitEthernet0/2
D 172.16.22.128/25 [90/131328] via 10.0.7.6, 00:00:08, GigabitEthernet0/2
D 172.16.23.0/26 [90/131328] via 10.0.7.6, 00:00:08, GigabitEthernet0/2
D 172.16.23.64/26 [90/131328] via 10.0.7.6, 00:00:08, GigabitEthernet0/2
D 172.16.23.128/27 [90/131328] via 10.0.7.6, 00:00:08, GigabitEthernet0/2
D 172.16.23.160/27 [90/131328] via 10.0.7.6, 00:00:08, GigabitEthernet0/2
D 172.16.23.192/28 [90/131328] via 10.0.7.6, 00:00:08, GigabitEthernet0/2
D 172.16.23.208/28 [90/131328] via 10.0.7.6, 00:00:08, GigabitEthernet0/2
D 172.16.23.224/29 [90/131328] via 10.0.7.6, 00:00:08, GigabitEthernet0/2
D 172.16.23.232/29 [90/131328] via 10.0.7.6, 00:00:08, GigabitEthernet0/2
D 172.16.23.240/30 [90/131328] via 10.0.7.6, 00:00:08, GigabitEthernet0/2
D 172.16.23.244/30 [90/131328] via 10.0.7.6, 00:00:08, GigabitEthernet0/2
D 172.16.23.248/30 [90/131328] via 10.0.7.6, 00:00:08, GigabitEthernet0/2
D 172.16.23.252/30 [90/131328] via 10.0.7.6, 00:00:08, GigabitEthernet0/2
Confirm with traceroute that traffic goes as expected.
Subnet /24:
R7#traceroute 172.16.1.1 source lo0
Type escape sequence to abort.
Tracing the route to 172.16.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 10.0.2.9 4 msec 2 msec 3 msec → R2
2 10.0.2.2 5 msec 4 msec 3 msec → R1
3 10.0.1.10 6 msec 5 msec 4 msec → R4
Subnet /22:
R7#traceroute 172.16.16.1 source lo0
Type escape sequence to abort.
Tracing the route to 172.16.16.1
VRF info: (vrf in name/id, vrf out name/id)
1 10.0.7.2 3 msec 3 msec 3 msec → R6
2 10.0.36.1 4 msec 3 msec 4 msec → R3
3 10.0.4.1 5 msec 4 msec 4 msec → R4
Subnet /27:
R7#traceroute 172.16.23.129 source lo0
Type escape sequence to abort.
Tracing the route to 172.16.23.129
VRF info: (vrf in name/id, vrf out name/id)
1 10.0.7.6 3 msec 3 msec 3 msec → R8
2 10.0.58.1 3 msec 4 msec 3 msec → R5
3 10.0.4.5 4 msec 5 msec 4 msec → R4
Download Lab: GNS3
Prerequisites:
Cisco IOSv (vios-adventerprisek9-m.vmdk.SPA.156-2.T)
Introduction:
If you are lacking experience with eigrp route filtering using route-map and prefix-list this lab is very great to improve your skills. In this lab, the topology consists of 8 routers running eigrp routing protocol as one domain. The left side of the diagram is where data center resides and the right side is where customers connecting to the POPs. Loopback interfaces will be representing both sides. The goal of this lab is to filter routes based on the subnet prefixes to control incoming traffic to the data center from the customers. For example, if a customer accesses the service which is located off subnet with /24 its traffic goes through the middle link in the topology and if service is off subnet /20 it goes via the upper link. You will be configuring partially eigrp, prefix-list, route-map and filtering of subnets using distribute-list.
Topology:
Lab procedures:
Step1: R4 router is where data center connects to the networking infrastructure. Loopback1 interface has multiple IP addresses configured to imitate subnets.
Use these commands to learn about subnets:
R4# show running-config interface lo1
R4#show ip route connected | exclude /32
Step 2: Verify that the R7 router has been learned R4’s 4.4.4.4 network.
R7#show ip route 4.4.4.4
Use this command to confirm that R4 does not announce datacenter prefixes yet.
R7#show ip route 172.16.0.0 255.255.0.0 longer-prefixes
As you can see R4 advertises its loopback0’s IP address but not subnets of loopback1.
Step 3: Using the least amount of network statements, include loopback1’s subnets into the eigrp routing process. Then verify if R4 advertise and R7 receives subnets.
R4(config)#router eigrp 10
R4(config-router)#network 172.16.0.0 0.0.31.255
R4(config-router)# network 172.16.32.0 0.0.15.255
R4#show ip eigrp topology | include 172.16.
R7#show ip route eigrp
R7 should have 3 successor routes to each subnet of 172.16.0.0/16 network for now but the goal of this lab is to control the way incoming traffic goes to the datacenter.
Objectives for traffic flow:
- Traffic going to subnets with /24 prefixes will be routed via R1
- To the subnets with a range of /20 to /23, routed via R3
- And for a range of /25 to /30 directed via R5
Step 4: Create multiple prefix-list statements for each prefix exists in the 172.16.0.0/16 network at the loopback1 interface of router R4. This way you will be able to easily adapt, in case the future requirements for traffic flow will be changed. Copy and paste configurations into R4 global configuration mode:
ip prefix-list FILTER_172.16 seq 5 permit 172.16.0.0/16 le 32
ip prefix-list FILTER_20 seq 5 permit 172.16.0.0/16 ge 20 le 20
ip prefix-list FILTER_21 seq 5 permit 172.16.0.0/16 ge 21 le 21
ip prefix-list FILTER_22 seq 5 permit 172.16.0.0/16 ge 22 le 22
ip prefix-list FILTER_23 seq 5 permit 172.16.0.0/16 ge 23 le 23
ip prefix-list FILTER_24 seq 5 permit 172.16.0.0/16 ge 24 le 24
ip prefix-list FILTER_25 seq 5 permit 172.16.0.0/16 ge 25 le 25
ip prefix-list FILTER_26 seq 5 permit 172.16.0.0/16 ge 26 le 26
ip prefix-list FILTER_27 seq 5 permit 172.16.0.0/16 ge 27 le 27
ip prefix-list FILTER_28 seq 5 permit 172.16.0.0/16 ge 28 le 28
ip prefix-list FILTER_29 seq 5 permit 172.16.0.0/16 ge 29 le 29
ip prefix-list FILTER_30 seq 5 permit 172.16.0.0/16 ge 30 le 30
Step5: Using three route-maps, match prefix-list statements according to traffic flow objectives shown in step 3. Copy and paste configurations into R4 global configuration mode:
route-map VIA_R1 permit 10
match ip address prefix-list FILTER_24
route-map VIA_R1 deny 20
match ip address prefix-list FILTER_172.16
route-map VIA_R1 permit 30
route-map VIA_R3 permit 10
match ip address prefix-list FILTER_20 FILTER_21 FILTER_22 FILTER_23
route-map VIA_R3 deny 20
match ip address prefix-list FILTER_172.16
route-map VIA_R3 permit 30
route-map VIA_R5 permit 10
match ip address prefix-list FILTER_25 FILTER_26 FILTER_27 FILTER_28 FILTER_29 FILTER_30
route-map VIA_R5 deny 20
match ip address prefix-list FILTER_172.16
route-map VIA_R5 permit 30
Step 6: Final step in the configuration is to filter routes with distribute-list in router eigrp mode, using route-map:
router eigrp 10
distribute-list route-map VIA_R1 out GigabitEthernet0/0
distribute-list route-map VIA_R3 out GigabitEthernet0/1
distribute-list route-map VIA_R5 out GigabitEthernet0/2
Step 7: Verification.
R7#show ip route eigrp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
172.16.0.0/16 is variably subnetted, 27 subnets, 11 masks
D 172.16.0.0/24 [90/131328] via 10.0.2.9, 00:00:08, GigabitEthernet0/0
D 172.16.1.0/24 [90/131328] via 10.0.2.9, 00:00:08, GigabitEthernet0/0
D 172.16.2.0/24 [90/131328] via 10.0.2.9, 00:00:08, GigabitEthernet0/0
D 172.16.3.0/24 [90/131328] via 10.0.2.9, 00:00:08, GigabitEthernet0/0
D 172.16.4.0/24 [90/131328] via 10.0.2.9, 00:00:08, GigabitEthernet0/0
D 172.16.5.0/24 [90/131328] via 10.0.2.9, 00:00:08, GigabitEthernet0/0
D 172.16.6.0/24 [90/131328] via 10.0.2.9, 00:00:08, GigabitEthernet0/0
D 172.16.7.0/24 [90/131328] via 10.0.2.9, 00:00:08, GigabitEthernet0/0
D 172.16.8.0/21 [90/131328] via 10.0.7.2, 00:00:08, GigabitEthernet0/1
D 172.16.16.0/22 [90/131328] via 10.0.7.2, 00:00:08, GigabitEthernet0/1
D 172.16.20.0/23 [90/131328] via 10.0.7.2, 00:00:08, GigabitEthernet0/1
D 172.16.24.0/21 [90/131328] via 10.0.7.2, 00:00:08, GigabitEthernet0/1
D 172.16.32.0/20 [90/131328] via 10.0.7.2, 00:00:08, GigabitEthernet0/1
D 172.16.22.0/25 [90/131328] via 10.0.7.6, 00:00:08, GigabitEthernet0/2
D 172.16.22.128/25 [90/131328] via 10.0.7.6, 00:00:08, GigabitEthernet0/2
D 172.16.23.0/26 [90/131328] via 10.0.7.6, 00:00:08, GigabitEthernet0/2
D 172.16.23.64/26 [90/131328] via 10.0.7.6, 00:00:08, GigabitEthernet0/2
D 172.16.23.128/27 [90/131328] via 10.0.7.6, 00:00:08, GigabitEthernet0/2
D 172.16.23.160/27 [90/131328] via 10.0.7.6, 00:00:08, GigabitEthernet0/2
D 172.16.23.192/28 [90/131328] via 10.0.7.6, 00:00:08, GigabitEthernet0/2
D 172.16.23.208/28 [90/131328] via 10.0.7.6, 00:00:08, GigabitEthernet0/2
D 172.16.23.224/29 [90/131328] via 10.0.7.6, 00:00:08, GigabitEthernet0/2
D 172.16.23.232/29 [90/131328] via 10.0.7.6, 00:00:08, GigabitEthernet0/2
D 172.16.23.240/30 [90/131328] via 10.0.7.6, 00:00:08, GigabitEthernet0/2
D 172.16.23.244/30 [90/131328] via 10.0.7.6, 00:00:08, GigabitEthernet0/2
D 172.16.23.248/30 [90/131328] via 10.0.7.6, 00:00:08, GigabitEthernet0/2
D 172.16.23.252/30 [90/131328] via 10.0.7.6, 00:00:08, GigabitEthernet0/2
Confirm with traceroute that traffic goes as expected.
Subnet /24:
R7#traceroute 172.16.1.1 source lo0
Type escape sequence to abort.
Tracing the route to 172.16.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 10.0.2.9 4 msec 2 msec 3 msec → R2
2 10.0.2.2 5 msec 4 msec 3 msec → R1
3 10.0.1.10 6 msec 5 msec 4 msec → R4
Subnet /22:
R7#traceroute 172.16.16.1 source lo0
Type escape sequence to abort.
Tracing the route to 172.16.16.1
VRF info: (vrf in name/id, vrf out name/id)
1 10.0.7.2 3 msec 3 msec 3 msec → R6
2 10.0.36.1 4 msec 3 msec 4 msec → R3
3 10.0.4.1 5 msec 4 msec 4 msec → R4
Subnet /27:
R7#traceroute 172.16.23.129 source lo0
Type escape sequence to abort.
Tracing the route to 172.16.23.129
VRF info: (vrf in name/id, vrf out name/id)
1 10.0.7.6 3 msec 3 msec 3 msec → R8
2 10.0.58.1 3 msec 4 msec 3 msec → R5
3 10.0.4.5 4 msec 5 msec 4 msec → R4
Comments
Post a Comment