Category Archives: CCNP – Prefix-Lists

OSPF: Important details regarding Summarization and Default Routes for exam day, it’s a long but worthwhile read!

OSPF_Base_Topology

OSPF Summarization is done only on ABR and ASBR routers in your OSPF domain, and use two completely different commands, but what if a router is an ABR and an ASBR?

For example, did you know that using the command “default-information originate …” you are telling the router to create a Type 5 LSA to be propagated throughout the network, thus turning that router into an ASBR?

Another very interesting fact I did not know – OSPF will not allow you to redistribute a static default route. It cannot be done.

Being that I have never knew either of these things that seem like fairly good questions for exam day, I wanted to give them a run for their money to see if that they are true:

R1(config)#ip route 0.0.0.0 0.0.0.0 null0
R1(config)#router ospf 1
R1(config-router)#redistribute static subnets
R1(config-router)#
ASR#2
[Resuming connection 2 to r2 … ]

R2#sh ip route

Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
O IA    1.1.1.1 [110/65] via 172.12.123.1, 00:00:11, Serial0/0
     2.0.0.0/32 is subnetted, 1 subnets
C       2.2.2.2 is directly connected, Loopback2
     3.0.0.0/32 is subnetted, 1 subnets
O IA    3.3.3.3 [110/65] via 172.12.123.3, 00:00:11, Serial0/0
     172.12.0.0/24 is subnetted, 3 subnets
O IA    172.12.15.0 [110/65] via 172.12.123.1, 00:00:11, Serial0/0
C       172.12.23.0 is directly connected, FastEthernet0/0
C       172.12.123.0 is directly connected, Serial0/0
R2#sh ip ospf data

            OSPF Router with ID (2.2.2.2) (Process ID 1)

                Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
1.1.1.1         1.1.1.1         45          0x80000005 0x00DC9D 1
2.2.2.2         2.2.2.2         1013        0x80000004 0x009AD9 1
3.3.3.3         3.3.3.3         132         0x80000005 0x006008 1

                Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
172.12.123.1    1.1.1.1         905         0x80000004 0x0023BE

                Summary Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
1.1.1.1         1.1.1.1         1416        0x80000003 0x0043EE
2.2.2.2         2.2.2.2         1013        0x80000003 0x00F633
3.3.3.3         3.3.3.3         321         0x80000001 0x00AE75
172.12.15.0     1.1.1.1         1154        0x80000005 0x0072F9
172.12.23.0     2.2.2.2         696         0x80000001 0x000460
172.12.23.0     3.3.3.3         692         0x80000009 0x00D582

Nothing! I never knew that was a behavior before, so you HAVE to use the default-information originate command to propagate a static route even though it still uses a Type 5 LSA just like redistribution would have!!!

Keep that in mind on exam day, if you see redistribution in ospf of a static default route, that is beyond a red flag.

Now. Back to this about the default-information originate command making a router an ASBR, I don’t really want to assign a default route to the logical trash bin (null0), so I’m just going to add “always” so no static default route is needed:

R1(config)#router ospf 1
R1(config-router)#default-information originate always
R1(config-router)#
ASR#2
[Resuming connection 2 to r2 … ]

R2#sh ip route

Gateway of last resort is 172.12.123.1 to network 0.0.0.0

     1.0.0.0/32 is subnetted, 1 subnets
O IA    1.1.1.1 [110/65] via 172.12.123.1, 00:07:10, Serial0/0
     2.0.0.0/32 is subnetted, 1 subnets
C       2.2.2.2 is directly connected, Loopback2
     3.0.0.0/32 is subnetted, 1 subnets
O IA    3.3.3.3 [110/65] via 172.12.123.3, 00:07:10, Serial0/0
     172.12.0.0/24 is subnetted, 3 subnets
O IA    172.12.15.0 [110/65] via 172.12.123.1, 00:07:10, Serial0/0
C       172.12.23.0 is directly connected, FastEthernet0/0
C       172.12.123.0 is directly connected, Serial0/0
O*E2 0.0.0.0/0 [110/1] via 172.12.123.1, 00:00:12, Serial0/0

R2#

There we go, now R2 has a default route, and what appears to be an External Type 5 LSA route so I am guessing when I go back to R1:

R1(config-router)#do sh ip ospf
 Routing Process “ospf 1” with ID 1.1.1.1
 Start time: 00:00:18.800, Time elapsed: 01:39:06.588
 Supports only single TOS(TOS0) routes
 Supports opaque LSA
 Supports Link-local Signaling (LLS)
 Supports area transit capability
 Event-log enabled, Maximum number of events: 1000, Mode: cyclic
 It is an area border and autonomous system boundary router

 Redistributing External Routes from,
 Router is not originating router-LSAs with maximum metric

The interesting thing here is that I’ve never seen any other protocol leave the “Redistributing External Routes from” field empty, and it sure is both an ABR and an ASBR now.

So can I do both types of Summarization now? Lets break some stuff and find out! To be clear on how real this is getting:

R1(config-if)#do sh ip int bri
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            unassigned      YES NVRAM  administratively down down
FastEthernet0/1            172.12.15.1     YES NVRAM  up                    up
Serial0/0/0                172.12.123.1    YES NVRAM  up                    up
Serial0/0/1                100.100.100.1   YES NVRAM  administratively down down
Loopback1                  1.1.1.1         YES NVRAM  up                    up
Loopback8                  172.16.8.1      YES manual up                    up

Loopback9                  172.16.9.1      YES manual up                    up

Loopback10                 172.16.10.1     YES manual up                    up

Loopback11                 172.16.11.1     YES manual up                    up

Loopback101                100.1.0.1       YES manual up                    up

Loopback102                100.2.0.1       YES manual up                    up

Loopback103                100.3.0.1       YES manual up                    up

Loopback104                100.4.0.1       YES manual up                    up

Loopback105                100.5.0.1       YES manual up                    up

Loopback106                100.6.0.1       YES manual up                    up

Loopback107                100.7.0.1       YES manual up                    up

Summary Address = 172.16.8.0 /22
Summary Address = 100.0.0.0  /13

Now for the ABR, the routes need to be put in via the “network” command, being that you are specifying the Area containing the routes, so they need to be entered into OSPF in the same Area.

I was actually just cursing looking at that for some reason thinking the Loopback # dictated the Area # or something, but I got it now lets give it a go here:

R1(config-if)#router ospf 1
R1(config-router)#network 100.1.0.0 0.0.255.255 area 100
R1(config-router)#network 100.2.0.0 0.0.255.255 area 100
R1(config-router)#network 100.3.0.0 0.0.255.255 area 100
R1(config-router)#network 100.4.0.0 0.0.255.255 area 100
R1(config-router)#network 100.5.0.0 0.0.255.255 area 100
R1(config-router)#network 100.6.0.0 0.0.255.255 area 100
R1(config-router)#network 100.7.0.0 0.0.255.255 area 100
R1(config-router)#area 100 range 100.0.0.0 255.248.0.0 ?
  advertise      Advertise this range (default)
  cost           User specified metric for this range
  not-advertise  DoNotAdvertise this range
  <cr>

R1(config-router)#area 100 range 100.0.0.0 255.248.0.0
R1(config-router)#

Cost can be defined as a modifier to the command as highlighted in red there, otherwise OSPF will use the best Prefix’s Cost value for the Summary Route which I think should be left alone unless you have a reason to change it.

So lets take a look at R2’s OSPF route table to verify we have one type of summarization at work:

R2#sh ip route ospf
     1.0.0.0/32 is subnetted, 1 subnets
O IA    1.1.1.1 [110/65] via 172.12.123.1, 00:43:36, Serial0/0
     100.0.0.0/13 is subnetted, 1 subnets
O IA    100.0.0.0 [110/65] via 172.12.123.1, 00:16:54, Serial0/0
     3.0.0.0/32 is subnetted, 1 subnets
O IA    3.3.3.3 [110/65] via 172.12.123.3, 00:43:36, Serial0/0
     172.12.0.0/24 is subnetted, 3 subnets
O IA    172.12.15.0 [110/65] via 172.12.123.1, 00:43:36, Serial0/0
O*E2 0.0.0.0/0 [110/1] via 172.12.123.1, 00:16:49, Serial0/0
R2#sh ip ospf data

            OSPF Router with ID (2.2.2.2) (Process ID 1)

                Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
1.1.1.1         1.1.1.1         750         0x80000006 0x00DA9E 1
2.2.2.2         2.2.2.2         1590        0x80000005 0x0098DA 1
3.3.3.3         3.3.3.3         920         0x80000006 0x005E09 1

                Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
172.12.123.1    1.1.1.1         1487        0x80000005 0x0021BF

                Summary Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
1.1.1.1         1.1.1.1         1971        0x80000004 0x0041EF
2.2.2.2         2.2.2.2         1590        0x80000004 0x00F434
3.3.3.3         3.3.3.3         920         0x80000002 0x00AC76
100.0.0.0       1.1.1.1         1028        0x80000001 0x00409A
172.12.15.0     1.1.1.1         1730        0x80000006 0x0070FA
172.12.23.0     2.2.2.2         1347        0x80000002 0x000261
172.12.23.0     3.3.3.3         1421        0x8000000A 0x00D383

So it is being advertised as an Inter-Area (Type 3 LSA) route as can be seen both in the IP route table, as it should because this is the ABR way to summarize routes. Ahem.

Also if you want to get granular with how you look at the LSA Database, to see this summary route for example, you can type in as follows:

R2#sh ip ospf data summ 100.0.0.0

            OSPF Router with ID (2.2.2.2) (Process ID 1)

                Summary Net Link States (Area 0)

  Routing Bit Set on this LSA
  LS age: 1347
  Options: (No TOS-capability, DC, Upward)
  LS Type: Summary Links(Network)
  Link State ID: 100.0.0.0 (summary Network Number)
  Advertising Router: 1.1.1.1
  LS Seq Number: 80000001
  Checksum: 0x409A
  Length: 28
  Network Mask: /13

        TOS: 0  Metric: 1

This command will give you a ton of output, like the Database itself, except with details which makes it incredibly hard to dig through if you have a decent amount of Areas it is reporting all these details before.

However, I did want you to see, you can verify if a route is a Summary from the LSA Database – And that is a good thing to know. You can also look at sections of it with “sh ip ospf data summ” and so on but I won’t flood the page with all that output.

So all this ABR Summarization is all fine and good you say, but what about ASBR Summarization? I am glad you asked.

I am not sure if it requires the networks to be entered via the “network” command, so I’ll test out whether they need to be added, lets take a look:

R1(config-router)#summary-address 172.16.8.0 255.255.252.0
R1(config-router)#
ASR#2
[Resuming connection 2 to r2 … ]

R2#sh ip route ospf
     1.0.0.0/32 is subnetted, 1 subnets
O IA    1.1.1.1 [110/65] via 172.12.123.1, 00:55:55, Serial0/0
     100.0.0.0/13 is subnetted, 1 subnets
O IA    100.0.0.0 [110/65] via 172.12.123.1, 00:29:13, Serial0/0
     3.0.0.0/32 is subnetted, 1 subnets
O IA    3.3.3.3 [110/65] via 172.12.123.3, 00:55:55, Serial0/0
     172.12.0.0/24 is subnetted, 3 subnets
O IA    172.12.15.0 [110/65] via 172.12.123.1, 00:55:55, Serial0/0
O*E2 0.0.0.0/0 [110/1] via 172.12.123.1, 00:29:08, Serial0/0
R2#

Well that stinks. Let me add the routes via “network” on R1 and try that again:

R1(config-router)#
R1(config-router)#network 172.16.8.0 0.0.0.255 area 51
R1(config-router)#network 172.16.9.0 0.0.0.255 area 51
R1(config-router)#network 172.16.10.0 0.0.0.255 area 51
R1(config-router)#network 172.16.11.0 0.0.0.255 area 51
R1(config-router)#
ASR#2
[Resuming connection 2 to r2 … ]

R2#sh ip route ospf
     1.0.0.0/32 is subnetted, 1 subnets
O IA    1.1.1.1 [110/65] via 172.12.123.1, 00:58:21, Serial0/0
     100.0.0.0/13 is subnetted, 1 subnets
O IA    100.0.0.0 [110/65] via 172.12.123.1, 00:31:40, Serial0/0
     3.0.0.0/32 is subnetted, 1 subnets
O IA    3.3.3.3 [110/65] via 172.12.123.3, 00:58:21, Serial0/0
     172.12.0.0/24 is subnetted, 3 subnets
O IA    172.12.15.0 [110/65] via 172.12.123.1, 00:58:21, Serial0/0
     172.16.0.0/32 is subnetted, 4 subnets
O IA    172.16.9.1 [110/65] via 172.12.123.1, 00:00:11, Serial0/0

O IA    172.16.8.1 [110/65] via 172.12.123.1, 00:00:21, Serial0/0

O IA    172.16.11.1 [110/65] via 172.12.123.1, 00:00:01, Serial0/0

O IA    172.16.10.1 [110/65] via 172.12.123.1, 00:00:11, Serial0/0

O*E2 0.0.0.0/0 [110/1] via 172.12.123.1, 00:00:06, Serial0/0
R2#

Now things are getting interesting, because if I remove the summarization R1 is doing as an ABR, will the summarization command as an ASBR kick into action? Lets see:

R1(config-router)#no area 100 range 100.0.0.0 255.248.0.0
R1(config-router)#
ASR#2
[Resuming connection 2 to r2 … ]

R2#sh ip route ospf
     1.0.0.0/32 is subnetted, 1 subnets
O IA    1.1.1.1 [110/65] via 172.12.123.1, 01:01:04, Serial0/0
     100.0.0.0/32 is subnetted, 7 subnets
O IA    100.5.0.1 [110/65] via 172.12.123.1, 00:00:12, Serial0/0

O IA    100.4.0.1 [110/65] via 172.12.123.1, 00:00:12, Serial0/0

O IA    100.7.0.1 [110/65] via 172.12.123.1, 00:00:12, Serial0/0

O IA    100.6.0.1 [110/65] via 172.12.123.1, 00:00:12, Serial0/0

O IA    100.1.0.1 [110/65] via 172.12.123.1, 00:00:12, Serial0/0

O IA    100.3.0.1 [110/65] via 172.12.123.1, 00:00:12, Serial0/0

O IA    100.2.0.1 [110/65] via 172.12.123.1, 00:00:12, Serial0/0

     3.0.0.0/32 is subnetted, 1 subnets
O IA    3.3.3.3 [110/65] via 172.12.123.3, 01:01:04, Serial0/0
     172.12.0.0/24 is subnetted, 3 subnets
O IA    172.12.15.0 [110/65] via 172.12.123.1, 01:01:04, Serial0/0
     172.16.0.0/32 is subnetted, 4 subnets
O IA    172.16.9.1 [110/65] via 172.12.123.1, 00:02:54, Serial0/0

O IA    172.16.8.1 [110/65] via 172.12.123.1, 00:03:04, Serial0/0

O IA    172.16.11.1 [110/65] via 172.12.123.1, 00:02:45, Serial0/0

O IA    172.16.10.1 [110/65] via 172.12.123.1, 00:02:55, Serial0/0

O*E2 0.0.0.0/0 [110/1] via 172.12.123.1, 00:00:08, Serial0/0
R2#

No it did not, so I am wondering if perhaps order of commands comes into play here, as I configured the summary-address of routes that weren’t in the OSPF config yet.

So after a lot of failure with trying to redistribute an actual static route to make it an official “ASBR”, remove and re-add commands, I caved and watched the Summarization portion of my training video for summary address and I’ll be damned if this can’t ONLY be done by the ASBR because you redistribute the friggin connected routes! Gah!

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#router ospf 1
R1(config-router)#no network 172.16.8.0 0.0.0.255 area 51
R1(config-router)#no network 172.16.9.0 0.0.0.255 area 51
R1(config-router)#no network 172.16.10.0 0.0.0.255 area 51
R1(config-router)#no network 172.16.11.0 0.0.0.255 area 51
R1(config-router)#redistribute connected subnets
R1(config-router)#area 100 range 100.0.0.0 255.248.0.0
R1(config-router)#summary-address 172.16.8.0 255.255.252.0
R1(config-router)#

Now for the moment of truth (I removed 172.x routes from OSPF):

R2#sh ip route ospf
     1.0.0.0/32 is subnetted, 1 subnets
O IA    1.1.1.1 [110/65] via 172.12.123.1, 01:31:24, Serial0/0
     100.0.0.0/13 is subnetted, 1 subnets
O IA    100.0.0.0 [110/65] via 172.12.123.1, 00:01:19, Serial0/0
     3.0.0.0/32 is subnetted, 1 subnets
O IA    3.3.3.3 [110/65] via 172.12.123.3, 01:31:24, Serial0/0
     172.12.0.0/24 is subnetted, 3 subnets
O IA    172.12.15.0 [110/65] via 172.12.123.1, 01:31:24, Serial0/0
     172.16.0.0/22 is subnetted, 1 subnets
O E2    172.16.8.0 [110/20] via 172.12.123.1, 00:01:14, Serial0/0
O*E2 0.0.0.0/0 [110/1] via 172.12.123.1, 00:01:14, Serial0/0
R2#

FINALLY!! So that is why summary-address can only be done on the ASBR, because you need to redistribute the sequential routes to be summarized before entering the command to summarize them!

Also we now know that we can issue both commands on R1 as an ABR, and an ASBR with no problems.

HOWEVER WE ARE NOT DONE YET, AS WE HAVEN’T GONE INTO THE SECOND WAY OSPF CAN CREATE A STATIC ROUTE – AND THIS TIME IT AIN’T A TYPE 5 LSA!

The other way is to make an Area a Stub Area. By doing this, the Stub creates a default route for itself out of the network, does not allow LSA Type 5’s into the Area at all actually, so the default route created in this case is a Summary Type 3 LSA.

Lets look at Area 34 quick to wrap this one up:

R3(config-router)#area 34 stub
R3(config-router)#
ASR#4
[Resuming connection 4 to r4 … ]

R4#
R4#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R4(config)#router ospf 1
R4(config-router)#area 34 stub

That is all there is to the stub command, and the default route can be seen here, but there is still a LOT of clutter from Inter-Area routes:

R4(config-router)#do sh ip route ospf

Gateway of last resort is 172.12.34.3 to network 0.0.0.0

O*IA  0.0.0.0/0 [110/2] via 172.12.34.3, 00:00:15, FastEthernet0/1

      1.0.0.0/32 is subnetted, 1 subnets
O IA     1.1.1.1 [110/66] via 172.12.34.3, 00:00:15, FastEthernet0/1
      2.0.0.0/32 is subnetted, 1 subnets
O IA     2.2.2.2 [110/66] via 172.12.34.3, 00:00:15, FastEthernet0/1
      3.0.0.0/32 is subnetted, 1 subnets
O IA     3.3.3.3 [110/2] via 172.12.34.3, 00:00:15, FastEthernet0/1
      100.0.0.0/13 is subnetted, 1 subnets
O IA     100.0.0.0 [110/66] via 172.12.34.3, 00:00:15, FastEthernet0/1
      172.12.0.0/16 is variably subnetted, 5 subnets, 2 masks
O IA     172.12.15.0/24 [110/66] via 172.12.34.3, 00:00:15, FastEthernet0/1
O IA     172.12.23.0/24 [110/2] via 172.12.34.3, 00:00:15, FastEthernet0/1
O IA     172.12.123.0/24 [110/65] via 172.12.34.3, 00:00:15, FastEthernet0/1
R4(config-router)#

In the LSDB under the Area 34 Summary Header we can see the route there as well:

 Summary Net Link States (Area 34)

Link ID         ADV Router      Age         Seq#       Checksum
0.0.0.0         3.3.3.3         320         0x80000001 0x0057DA

1.1.1.1         3.3.3.3         320         0x80000001 0x00AB42
2.2.2.2         3.3.3.3         320         0x80000001 0x007D6C
3.3.3.3         3.3.3.3         320         0x80000001 0x00CC59
100.0.0.0       3.3.3.3         320         0x80000001 0x00A4EF
172.12.15.0     3.3.3.3         320         0x80000001 0x00DE4B
172.12.23.0     3.3.3.3         320         0x80000001 0x00045E
172.12.123.0    3.3.3.3         320         0x80000001 0x002C92

Now the thing that kind of amazes me, is the only verification command I could find outside of “show run” to verify this router is a stub router, was to do “sh ip ospf” and scroll all the way down under the Area 34 Header to find it:

Area 34
        Number of interfaces in this area is 1
        It is a stub area
        Area has no authentication
        SPF algorithm last executed 00:09:14.524 ago
        SPF algorithm executed 4 times
        Area ranges are
        Number of LSA 11. Checksum Sum 0x0528C8
        Number of opaque link LSA 0. Checksum Sum 0x000000
        Number of DCbitless LSA 0
        Number of indication LSA 0
        Number of DoNotAge LSA 0
        Flood list length 0

So to finish this off, lets make it a total stub, and get rid of those Inter-Area routes all together:

R3(config-router)#no area 34 stub
R3(config-router)#area 34 stub no-summary
R3(config-router)#
ASR#4
[Resuming connection 4 to r4 … ]

*May 19 00:03:42.155: %OSPF-5-ADJCHG: Process 1, Nbr 3.3.3.3 on FastEthernet0/1 from LOADING to FULL, Loading Done

R4#sh ip route ospf

Gateway of last resort is 172.12.34.3 to network 0.0.0.0

O*IA  0.0.0.0/0 [110/2] via 172.12.34.3, 00:12:49, FastEthernet0/1
R4#

So lets see if waaaay across the Topology R5 can still ping 4.4.4.4:

R5#ping 4.4.4.4

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
R5#traceroute 4.4.4.4

Type escape sequence to abort.
Tracing the route to 4.4.4.4

  1 172.12.15.1 0 msec 0 msec 4 msec
  2 172.12.15.1 !H  *  !H
R5#

That was interesting traceroute traffic, upon looking at R1, it does have the network 172.12.34.0 in its Summary Type 3 LSA’s, but no Area 34 or Area 4 at all in its LSDB. However I know what’s going on here, as 4.4.4.4 belong to Area 4 which to Area 34 would be blocked as an Inter-Area route, so if we do this:

R4(config)#router ospf 1
R4(config-router)#no network 4.4.4.4 0.0.0.0 area 4
R4(config-router)#network 4.4.4.4 0.0.0.0 area 34
R4(config-router)#

Then we should now be able to do this:

R5#ping 4.4.4.4

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/65/69 ms
R5#

There we go, logical thinking isn’t always easy, but it does usually work.

I have one very last thing to add to this and I am done on this topic, seriously.

It has to do with the default-information originate command, because you can actually set it to track a certain route, and if that route goes down OSPF “Poisons” the default route and removes it from route tables / LSDB’s.

Lets take a look at the configuration:

R1#conf t
R1(config)#int lo99
R1(config-if)#ip add 99.99.99.99 255.255.255.255
R1(config)#access-list 99 permit 99.99.99.99
R1(config)#route-map 99bananas permit 10
R1(config-route-map)#match ip add 99
R1(config-route-map)#route-map 99bananas permit 20
R1(config-route-map)#exit
R1(config)#router ospf 1
R1(config-router)#default-information originate always route-map 99bananas

R1(config-router)#

Adding this route-map to it will “track” that route, so if that route or interface goes bye bye, so does our default route! Lets see this in action:

R2#sh ip route

Gateway of last resort is 172.12.123.1 to network 0.0.0.0

     1.0.0.0/32 is subnetted, 1 subnets
O IA    1.1.1.1 [110/65] via 172.12.123.1, 02:13:02, Serial0/0
     2.0.0.0/32 is subnetted, 1 subnets
C       2.2.2.2 is directly connected, Loopback2
     100.0.0.0/13 is subnetted, 1 subnets
O IA    100.0.0.0 [110/65] via 172.12.123.1, 00:42:57, Serial0/0
     3.0.0.0/32 is subnetted, 1 subnets
O IA    3.3.3.3 [110/65] via 172.12.123.3, 02:13:02, Serial0/0
     4.0.0.0/32 is subnetted, 1 subnets
O IA    4.4.4.4 [110/66] via 172.12.123.3, 00:09:41, Serial0/0
     99.0.0.0/32 is subnetted, 1 subnets
O E2    99.99.99.99 [110/20] via 172.12.123.1, 00:05:35, Serial0/0

     172.12.0.0/24 is subnetted, 4 subnets
O IA    172.12.34.0 [110/65] via 172.12.123.3, 00:18:17, Serial0/0
O IA    172.12.15.0 [110/65] via 172.12.123.1, 02:13:06, Serial0/0
C       172.12.23.0 is directly connected, FastEthernet0/0
C       172.12.123.0 is directly connected, Serial0/0
     172.16.0.0/22 is subnetted, 1 subnets
O E2    172.16.8.0 [110/20] via 172.12.123.1, 00:09:38, Serial0/0
O*E2 0.0.0.0/0 [110/1] via 172.12.123.1, 00:01:02, Serial0/0

R2#

Now lets remove the loopback and see the havoc it wreaks:

R1(config)#no int lo99
R1(config)#
*May 19 01:32:13.539: %LINK-5-CHANGED: Interface Loopback99, changed state to administratively down
*May 19 01:32:14.539: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback99, changed state to down
R1(config)#
ASR#2
[Resuming connection 2 to r2 … ]

R2#sh ip route

Gateway of last resort is not set

So that is something excellent to know for exam day and the real world, that your default routes can have dependencies or be conditional upon other routes being available.

Pretty cool stuff. Ok this post has gone on way too long, that its for these topics!

A collection of IMPORTANT links to review and know for exam day, then a quick overview of LSA Types / OSPF Router Types!

(This post will be replacing the subnetting post in my sticky threads up top the blog)

I pulled this topology from my older posts when I took a deep dive into the world of LSA’s, how to read the Topology table like a laundry list and under stand it, and what type of routers did what.

First I want to list links that are absolutely vital to read and understand for exam day, as you will run into questions regarding these in some fashion or another, and then I will sticky this post up top so the links are available there as well:

LSA Part 1 – https://loopedback.com/2017/04/24/part-1-ospf-lsa-deep-dive-starting-with-lsa-types-1-2-3-and-an-intro-to-all-lsa-types-and-ospf-routers-types/

LSA Part 2 – https://loopedback.com/2017/04/25/part-2-ospf-lsa-deep-dive-lsa-types-4-5-and-turn-area-15-to-an-nssa-to-see-what-happens-with-the-ls-database/

LSA Part 3 – https://loopedback.com/2017/04/25/part-3-ospf-lsa-deep-dive-lsa-type-7-deep-dive-into-every-type-of-ospf-stub-area-and-how-it-impacts-lsas/

VPN types and Tunnel Modes – https://loopedback.com/2017/04/28/vpn-deep-dive-into-different-vpn-packet-types-differences-in-security-and-differences-in-modes-between-them/

OSPF Distribute-List vs Filter-List – https://loopedback.com/2017/04/27/ospf-deep-dive-distribute-list-vs-filter-list-in-and-reviewing-prefix-lists-as-they-filter-lists-use-prefixes-to-filter/

Quick methods to Subnet – https://loopedback.com/2017/05/09/important-subnetting-review-to-quickly-find-network-address-ranges-and-a-great-cheat-sheet-for-exam-day/

IPv6 Migration Strategies – https://loopedback.com/2017/03/11/ipv6-migration-strategies-from-ipv4-networks-need-to-know-details-for-exam-day-explained/comment-page-1/#comment-56

Identifying IPv6 Address Types – https://loopedback.com/2017/05/08/ipv6-quick-tips-on-some-good-to-knows-and-need-to-knows-for-ipv6-on-exam-day-may-be-adding-info-to-this-in-the-future/

EIGRP Distribute-List / Prefix-List configuration – https://loopedback.com/2017/05/10/eigrp-deep-dive-into-prefix-list-configurations-access-list-vs-prefix-list-using-prefix-lists-to-filter-eigrp-routes-with-distribute-lists/

I could keep adding posts to that list all day, as they are pretty important, but you need to have a solid understanding of VPN Types and Tunnel Modes (and what they do), LSA Types and Database understanding, the IPv6 material and knowing how to configure and apply Prefix-Lists, etc. I’d say read all my posts, but I wrote them and my mind still slips on the materials!

Now I pulled this explanation of the LSA types from an older post where I summarized them using the Topology above, so I will paste these into this post, and sticky this thread up top for visibility and move on to the next topic for review!

So first, I will start with a description of each LSA type of the 7 of them:

  • LSA Type 1 “Router” – “Router Link States” will be its header in the LSA DB, and the name is self explanatory, these LSA’s are generated by each router with updates on its local Link States, all router types generate and flood this LSA Type.
  • LSA Type 2 “Network” – “Net Link States” are only generated and sent by DR’s and BDR’s to routers in the Same Area, that are also on the same multi-access network type, LSA type stays within its own Area, only seen in NON-Point-to-Point network types
  • LSA Type 3 “Summary” – “Summary Net Link States” has nothing to do with summarization, but floods its summary of networks from one Area into others except for the Area it is part of – Not flooded into Total-Stub’d Areas (Stub or NSSA)
  • LSA Type 4 “Summary ASB” – “Summary ASB Link States” LSA type is only created by ABR’s back to the ASBR, so when redistribution is configured on the ASBR Router it flips a bit in its “Router LSA” (Type 1!), and the ABR(s) then create LSA type 4’s to pass along throughout the network giving OSPF neighbors the path back to the ASBR – Not flooded into Stub Areas.
  • LSA Type 5 “Autonomous System External Link State” – or “AS External Link States” in the OSPF LSA DB, these are your “O E1” and “O E2”  Redistributed routes, generated from the ASBR itself OUTSIDE an NSSA Area – Not flooded into Stub Areas.
  • LSA Type 6 – Not needed for the CCNP ROUTE, but it is for Multicast Extensions of OSPF (MOSPF), but again is not referenced in the the ROUTE exam, just wanted to mention for the sake of thoroughness
  • LSA Type 7 “NSSA LSA’s” – This type of LSA is generated by the ASBR INSIDE an NSSA Area does Redistribution, as Type 5 Redistribution LSA’s cannot enter an NSSA Area

Phew. So to cover what type of routers create which type of LSA’s ONE MORE TIME:

  • Type 1 – All Routers
  • Type 2 – All DR’s
  • Type 3, 4 – All ABR’s
  • Type 5 – ASBR’s OUTSIDE the NSSA Areas (NSSA’s don’t allow LSA type 5)
  • Type 6 – Reserved for MOSPF
  • Type 7 – ASBR’s INSIDE the NSSA Areas (Type 7 LSA’s [N1, N2 in route table])

 

If you don’t fully understand LSA’s, please review Part 1, 2, and 3 of the OSPF LSA posts linked above as this is crucial to exam success if you get some OSPF questions!

EIGRP: DEEP Dive into Prefix-List configurations, Access-list vs Prefix-list, using Prefix-Lists to Filter EIGRP routes with Distribute-Lists!

EIGRP_New_Topology

Only the NBMA and Ethernet segments will be used for quick demonstrations and clarity, unless R4 or R5 is needed for demonstration.

Now the idea of a Prefix-List in comparison to an Access-List may be hard to follow, but I will try to explain it.

An Access-List at its most specific (Extended) matches only on source and destination networks, and also filter protocols between the two – This is essential what they should be considered is Protocol Filters.

A Prefix-List uses the Permit and Deny like an access-list, but only uses the actual Network Prefix and how far to match it (ex: 172.12.123.0/27) to Filter Routes only – This should only be considered a Route Filter and should only be used to Filter Routes.

There is no overhead of writing out masks and allowing protocols, just a simple this is what I need, and how far I need it matched to in the 32 bit Prefix (with a permit or deny).

Now that we understand exactly the difference between those, some fundamentals:

  • Prefix lists generally use names, but can use numbers as well
  • Prefix lists can use subnet masks (not wildcard), or cider notation
  • Prefix lists have an implicit deny at the end (discards any non-allowed traffic for whatever it is applied to)
  • Uses Sequence numbers that by default increments by 5, for later use in case you need to add new lines to it
  • Prefix lists are configured at the global level like an access-list
  • Prefix lists go from the top down looking for a match until the implicit deny discards the packet

Now to understand a prefix-list, you must understand the concepts that at its base form of prefix/mask, it matches on the EXACT mask and no variations of it, for example:

ip prefix-list TEST seq 10 permit 172.12.123.0/24
ip prefix-list TEST seq 15 permit 3.3.3.3/32

Say this simple prefix-list is defined in the Distribute-List (later to be configured), and you get route updates from a neighbor as such:

172.12.123.64/26
172.12.123.32/27
172.12.123.16/30

None of these routes will be learned, because if the was that a Prefix-List operates. The top line:

prefix-list TEST 5 permit 172.12.123.0/24

This means it will match on and ONLY allow prefixes matching this exact IP Prefix, meaning both the IP address and the Subnet Mask, it will not allow variations (small subnets within the larger network) to be permitted and will move down the list as can be seen eventually being discarded after not being matched and hitting the implicit deny.

This is a very important detail to understand.

An ACL will match a network / prefix up to the subnets number, and allow any traffic beyond that subnet by, while Prefixes are very exact with how they match IP Prefixes.

So the only match for the example list, is the network 172.12.123.0/24 and that’s it. This is also where the power of Prefix-Lists come in, because it can be so exact, and is why it is the best option for Route Filtering.

There is one more concept, but I am getting bored with typing, so lets see it live:

Now, because these addresses spaces overlap with the NBMA network address, I had to bring in R5 with some loopbacks to save the day, however I am not taking the time to alter the above Topology as its late and my brain is getting exhausted:

R5#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R5(config)#router eigrp 100
R5(config-router)#network 172.12.15.0 0.0.0.255
R5(config-router)#
*Apr  1 00:42:18.301: %DUAL-5-NBRCHANGE: IP-EIGRP(0) 100: Neighbor 172.12.15.1 (FastEthernet0/1) is up: new adjacency
R5(config-router)#^Z
R5#
*Apr  1 00:42:38.915: %SYS-5-CONFIG_I: Configured from console by console
R5#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R5(config)#int lo10
R5(config-if)#
*Apr  1 00:42:58.243: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback10, changed state to up
R5(config-if)#ip add 172.12.123.65 255.255.255.192
R5(config-if)#int lo20
*Apr  1 00:43:36.345: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback20, changed state to up
R5(config-if)#ip add 172.12.123.33 255.255.255.224
R5(config-if)#int lo30
R5(config-if)#
*Apr  1 00:43:51.883: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback30, changed state to up
R5(config-if)#ip add 172.12.123.17 255.255.255.252
R5(config-if)#router eigrp 100
R5(config-router)#network 172.12.123.64 0.0.0.63
R5(config-router)#network 172.12.123.33 0.0.0.31
R5(config-router)#network 172.12.123.16 0.0.0.3
R5(config-router)#

If you are wondering if that was hard to figure out and get right on the first try for all those discontiguous networks and get right the first time, I assure you, it was.

So now on R1 lets verify what we are seeing both in the Topology and Route table:

The Topology Table

R1#sh ip eigrp top
EIGRP-IPv4 Topology Table for AS(100)/ID(1.1.1.1)
Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply,
       r – reply Status, s – sia Status

P 11.11.11.11/32, 1 successors, FD is 128256
        via Connected, Loopback11
P 172.12.123.0/24, 1 successors, FD is 2169856
        via Connected, Serial0/0/0
P 172.12.15.0/24, 1 successors, FD is 28160
        via Connected, FastEthernet0/1
P 172.12.23.0/24, 2 successors, FD is 2173416
        via 172.12.123.2 (2173416/29160), Serial0/0/0
        via 172.12.123.3 (2173416/29160), Serial0/0/0
P 2.2.2.2/32, 1 successors, FD is 2297856
        via 172.12.123.2 (2297856/128256), Serial0/0/0
        via 172.12.123.3 (2300416/156160), Serial0/0/0
P 172.12.123.16/30, 1 successors, FD is 156160
        via 172.12.15.5 (156160/128256), FastEthernet0/1
P 172.12.123.64/26, 1 successors, FD is 156160
        via 172.12.15.5 (156160/128256), FastEthernet0/1
P 172.12.123.32/27, 1 successors, FD is 156160
        via 172.12.15.5 (156160/128256), FastEthernet0/1
P 3.3.3.3/32, 1 successors, FD is 2297856
        via 172.12.123.3 (2297856/128256), Serial0/0/0
        via 172.12.123.2 (2300416/156160), Serial0/0/0

R1#

The EIGRP IP Route Table

R1#sh ip route eigrp

Gateway of last resort is not set

      2.0.0.0/32 is subnetted, 1 subnets
D        2.2.2.2 [90/2297856] via 172.12.123.2, 00:57:01, Serial0/0/0
      3.0.0.0/32 is subnetted, 1 subnets
D        3.3.3.3 [90/2297856] via 172.12.123.3, 00:56:50, Serial0/0/0
      172.12.0.0/16 is variably subnetted, 8 subnets, 5 masks
D        172.12.23.0/24 [90/2173416] via 172.12.123.3, 00:56:50, Serial0/0/0
                        [90/2173416] via 172.12.123.2, 00:56:50, Serial0/0/0
D        172.12.123.16/30
           [90/156160] via 172.12.15.5, 00:05:33, FastEthernet0/1
D        172.12.123.32/27
           [90/156160] via 172.12.15.5, 00:05:55, FastEthernet0/1
D        172.12.123.64/26
           [90/156160] via 172.12.15.5, 00:06:22, FastEthernet0/1

The IP Route Table

R1#sh ip route

Gateway of last resort is not set

      1.0.0.0/32 is subnetted, 1 subnets
C        1.1.1.1 is directly connected, Loopback1
      2.0.0.0/32 is subnetted, 1 subnets
D        2.2.2.2 [90/2297856] via 172.12.123.2, 00:57:58, Serial0/0/0
      3.0.0.0/32 is subnetted, 1 subnets
D        3.3.3.3 [90/2297856] via 172.12.123.3, 00:57:47, Serial0/0/0
      11.0.0.0/32 is subnetted, 1 subnets
C        11.11.11.11 is directly connected, Loopback11
      172.12.0.0/16 is variably subnetted, 8 subnets, 5 masks
C        172.12.15.0/24 is directly connected, FastEthernet0/1
L        172.12.15.1/32 is directly connected, FastEthernet0/1
D        172.12.23.0/24 [90/2173416] via 172.12.123.3, 00:57:47, Serial0/0/0
                        [90/2173416] via 172.12.123.2, 00:57:47, Serial0/0/0
C        172.12.123.0/24 is directly connected, Serial0/0/0
L        172.12.123.1/32 is directly connected, Serial0/0/0
D        172.12.123.16/30
           [90/156160] via 172.12.15.5, 00:06:30, FastEthernet0/1
D        172.12.123.32/27
           [90/156160] via 172.12.15.5, 00:06:52, FastEthernet0/1
D        172.12.123.64/26
           [90/156160] via 172.12.15.5, 00:07:19, FastEthernet0/1
R1#

Now, if we want to keep our 172.12.123.0/x (non-/24) subnets learned by the router, but we don’t want to type in every single prefix as we’re not sure what may be learned but want to allow a range we know will be sending subnetted Prefixes – We use LE and GE at the end of our prefix-list statements!

For absolutely clear example directly from the command line:

R1(config)#ip prefix-list TEST seq 10 permit 172.12.123.0/24 ?
  ge  Minimum prefix length to be matched
  le  Maximum prefix length to be matched

“ge” and “le” means that it will match up to a minimum or maximum variation of the prefix length that is configured (172.12.123.0/24), however it CANNOT be equal to or lower than the Prefix length configured in the command. This means that neither value can be 24 or less, because that is an impossible range to configure.

That is a very important detail to watch for.

Now I will configure this command to match our needed Prefix-lengths, and apply it to EIGRP, and we’ll see what happens to try to wrap this explanation up:

R1(config)#ip prefix-list TEST seq 10 permit 172.12.123.0/24 ge 25 le 30
%Insertion failed – seq # exists with different policy: 10
R1(config)#

Oh snap. I couldn’t over-write an existing prefix-list line as we see here, so I will just override it by making it sequence 5 (and this is why you leave yourself space between sequence numbers in Route-Maps / Prefix-Lists / Everything):

R1(config)#ip prefix-list TEST seq 5 permit 172.12.123.0/24 ge 25 le 30
R1(config)#router eigrp 100
R1(config-router)#exit

Verification of current prefix-list, looking good
R1(config)#do sh ip prefix-list
ip prefix-list TEST: 3 entries
   seq 5 permit 172.12.123.0/24 ge 25 le 30
   seq 10 permit 172.12.123.0/24
   seq 15 deny 3.3.3.3/32

Now to configure in EIGRP using ?’s to guide the way
R1(config)#router eigrp 100
R1(config-router)#distribute-list ?

  <1-199>      IP access list number
  <1300-2699>  IP expanded access list number
  WORD         Access-list name
  gateway      Filtering incoming address updates based on gateway
  prefix       Filter prefixes in address updates
  route-map    Filter prefixes based on the route-map

R1(config-router)#distribute-list prefix ?
  WORD  Name of an IP prefix-list

R1(config-router)#distribute-list prefix TEST ?

  gateway  Filtering incoming address updates based on gateway
  in       Filter incoming service updates
  out      Filter outgoing service updates

R1(config-router)#distribute-list prefix TEST in

R1(config-router)#
*May 11 05:35:36.327: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.12.15.5 (FastEthernet0/1) is resync: route configuration changed
*May 11 05:35:36.327: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.12.123.2 (Serial0/0/0) is resync: route configuration changed
*May 11 05:35:36.327: %DUAL-5-NBRCHANGE: EIGRP-IPv4 100: Neighbor 172.12.123.3 (Serial0/0/0) is resync: route configuration changed
R1(config-router)#

I highlighted some commands in Red in case they are getting hard to follow, as in my tired state they sure are (the pain hurts so good), however if there is a Cisco angel watching over me right now I should see all routes in my Topology table EXCEPT for 3.3.3.3/32:

R1(config-router)#do sh ip eigrp top
EIGRP-IPv4 Topology Table for AS(100)/ID(1.1.1.1)
Codes: P – Passive, A – Active, U – Update, Q – Query, R – Reply,
       r – reply Status, s – sia Status

P 11.11.11.11/32, 1 successors, FD is 128256
        via Connected, Loopback11
P 172.12.123.0/24, 1 successors, FD is 2169856
        via Connected, Serial0/0/0
P 172.12.15.0/24, 1 successors, FD is 28160
        via Connected, FastEthernet0/1
P 172.12.123.16/30, 1 successors, FD is 156160
        via 172.12.15.5 (156160/128256), FastEthernet0/1
P 172.12.123.64/26, 1 successors, FD is 156160
        via 172.12.15.5 (156160/128256), FastEthernet0/1
P 172.12.123.32/27, 1 successors, FD is 156160
        via 172.12.15.5 (156160/128256), FastEthernet0/1

R1(config-router)#

Ha! I forgot the “implicit deny” at the end caught 2.2.2.2/32 as well, another casualty on the filtering of routing updates in EIGRP, however the command worked exactly as it should have an even laughably underscored that implicit deny at the end.

***One last subject to cover which is default routes in Prefix-Lists, and how the “ge” and “le” at the ends of them can completely effect how they work***

  • The Prefix-List entry “0.0.0.0/0” effects all Prefix/Length matches, or networks
  • The prefix-List entry “0.0.0.0/0 gr 32 le 32” effects all host routes, but NOT Prefix/Length matches aka Networks!

So if you just looking at the two bullet points above, if you put a deny statement in front of 0.0.0.0/0 you would be blocking any and all networks from being learned by EIGRP, however if you put a permit in front of the second line that would then allow any and all “host” routes to be learned via EIGRP but does not include network prefixes.

So that’s it, my brain is toast, I’m going to find a white wall to stare at and let the drool run out of my mouth onto my t-shirt. Until next time!