IS-IS Lab 25 Route Filtering

Previous  Next

Download Lab: VIRL | EVE-NG | GNS3


Image requirements:

Cisco IOSv (vios-adventerprisek9-m.vmdk.SPA.156-2.T)


Introduction:
In IS-IS terminology the way routes get propagated between different types of areas determine what we call the operation, for example, when there is a necessity to redistribute prefix from L2 area into L1 area this would be the route leaking because by default no routes known to L2 area appear in L1 area.
However, all routes of the L1 area automatically get into the L2 area but sometimes not all prefixes needed to be available in the L2 area and some filtration technique should be in place to prevent route propagation. This lab demonstrates how to enable prefix filtering in IS-IS topology. 


Topology: 




Scenario: 
A new loopback 1 interface has been added to the router A2's configuration to simulation additional subnets for both IPv4 and IPv6. These prefixes by default get redistributed to other areas in the topology. Router A1 is L1/L2 node for area A000 has to be configured to filter some prefixes from being advertised into the core area. 


Lab tasks:

1. Before implementing route filtering verify that all recently added prefixes to the router A2 are being advertised to other areas, perform this on the core router C2 and router E1. 

2. On router A1, configure prefix-lists to match IPv4 subnets 2, 5, 10 and match IPv6 prefixes 6, 9, B. 

3. On the router A1, configure route-map to deny IPv4 subnets identified in task 2 and permit the rest of the traffic. 

4. On router A1, configure route-map to deny IPv6 prefixes identified in task 2 and permit the rest of the traffic. 

5. On router A1, under router isis mode configure route filtering for IPv4 subnets by using redistribute command. 

6. On router A1, enter isis IPv6 address-family configuration mode and filter IPv6 prefixes with the use of redistributing command. 

7. Verify running-config for prober implementation of route filtering. 

8. Access the core router C1 and check the detailed database for router A1. 


Lab procedure:  

Step1: Verify that routers C2 and E1 have in their IPv4 and IPv6 routing tables prefixes of the router A2's loopback1 interface:

C2#show  ip route isis
i L2     172.16.0.0 [115/40] via 10.0.0.33, 00:05:29, GigabitEthernet0/1
i L2     172.16.1.0 [115/40] via 10.0.0.33, 00:05:29, GigabitEthernet0/1
i L2     172.16.2.0 [115/40] via 10.0.0.33, 00:05:29, GigabitEthernet0/1
i L2     172.16.3.0 [115/40] via 10.0.0.33, 00:05:29, GigabitEthernet0/1
i L2     172.16.4.0 [115/40] via 10.0.0.33, 00:05:29, GigabitEthernet0/1
i L2     172.16.5.0 [115/40] via 10.0.0.33, 00:05:29, GigabitEthernet0/1
i L2     172.16.6.0 [115/40] via 10.0.0.33, 00:05:29, GigabitEthernet0/1
i L2     172.16.7.0 [115/40] via 10.0.0.33, 00:05:29, GigabitEthernet0/1
i L2     172.16.8.0 [115/40] via 10.0.0.33, 00:05:29, GigabitEthernet0/1
i L2     172.16.9.0 [115/40] via 10.0.0.33, 00:05:29, GigabitEthernet0/1
i L2     172.16.10.0 [115/40] via 10.0.0.33, 00:05:29, GigabitEthernet0/1
i L2     172.16.11.0 [115/40] via 10.0.0.33, 00:05:29, GigabitEthernet0/1
i L2     172.16.12.0 [115/40] via 10.0.0.33, 00:05:29, GigabitEthernet0/1
i L2     172.16.13.0 [115/40] via 10.0.0.33, 00:05:29, GigabitEthernet0/1
i L2     172.16.14.0 [115/40] via 10.0.0.33, 00:05:29, GigabitEthernet0/1
i L2     172.16.15.0 [115/40] via 10.0.0.33, 00:05:29, GigabitEthernet0/1

--Output partially displayed--

C2#show ipv6 route isis
I2  2001:DB8:AA22:1000::/64 [115/40]
     via FE80::F816:3EFF:FECC:B69E, GigabitEthernet0/1
I2  2001:DB8:AA22:1001::/64 [115/40]
     via FE80::F816:3EFF:FECC:B69E, GigabitEthernet0/1
I2  2001:DB8:AA22:1002::/64 [115/40]
     via FE80::F816:3EFF:FECC:B69E, GigabitEthernet0/1
I2  2001:DB8:AA22:1003::/64 [115/40]
     via FE80::F816:3EFF:FECC:B69E, GigabitEthernet0/1
I2  2001:DB8:AA22:1004::/64 [115/40]
     via FE80::F816:3EFF:FECC:B69E, GigabitEthernet0/1
I2  2001:DB8:AA22:1005::/64 [115/40]
     via FE80::F816:3EFF:FECC:B69E, GigabitEthernet0/1
I2  2001:DB8:AA22:1006::/64 [115/40]
     via FE80::F816:3EFF:FECC:B69E, GigabitEthernet0/1
I2  2001:DB8:AA22:1007::/64 [115/40]
     via FE80::F816:3EFF:FECC:B69E, GigabitEthernet0/1
I2  2001:DB8:AA22:1008::/64 [115/40]
     via FE80::F816:3EFF:FECC:B69E, GigabitEthernet0/1
I2  2001:DB8:AA22:1009::/64 [115/40]
     via FE80::F816:3EFF:FECC:B69E, GigabitEthernet0/1
I2  2001:DB8:AA22:100A::/64 [115/40]
     via FE80::F816:3EFF:FECC:B69E, GigabitEthernet0/1
I2  2001:DB8:AA22:100B::/64 [115/40]
     via FE80::F816:3EFF:FECC:B69E, GigabitEthernet0/1
I2  2001:DB8:AA22:100C::/64 [115/40]
     via FE80::F816:3EFF:FECC:B69E, GigabitEthernet0/1
I2  2001:DB8:AA22:100D::/64 [115/40]
     via FE80::F816:3EFF:FECC:B69E, GigabitEthernet0/1
I2  2001:DB8:AA22:100E::/64 [115/40]
     via FE80::F816:3EFF:FECC:B69E, GigabitEthernet0/1
I2  2001:DB8:AA22:100F::/64 [115/40]
     via FE80::F816:3EFF:FECC:B69E, GigabitEthernet0/1 

--Output partially displayed--

The information in the output indicates that all IPv4 subnets and IPv6 prefixes of A2's loopback1 interface have been installed in the routing table. 


Step2: By using IPv4 and IPv6 prefix-list identify those subnets mentioned in task 2:
!
A1(config)#ip prefix-list RT_FILTER_V4 permit 172.16.2.0/24
A1(config)#ip prefix-list RT_FILTER_V4 permit 172.16.5.0/24
A1(config)#ip prefix-list RT_FILTER_V4 permit 172.16.10.0/24

!
A1(config)#ipv6 prefix-list RT_FILTER_V6 permit 2001:DB8:AA22:1006::/64
A1(config)#ipv6 prefix-list RT_FILTER_V6 permit 2001:DB8:AA22:1009::/64
A1(config)#ipv6 prefix-list RT_FILTER_V6 permit 2001:DB8:AA22:100B::/64



Step3: Configure route-map to deny subnets identified with IPv4 prefix-list, then permit the rest of the traffic:
!
A1(config)#route-map FILTER_IPV4 deny 10
A1(config-route-map)#match ip address prefix-list RT_FILTER_V4
A1(config-route-map)#exit
A1(config)#route-map FILTER_IPV4 permit 20          
A1(config-route-map)#exit
A1(config)#



Step4: Configure route-map to deny prefixes identified with IPv6 prefix-list, then permit the rest of the traffic:
!
A1(config)#route-map FILTER_IPV6 deny 10
A1(config-route-map)#match ipv6 address prefix-list RT_FILTER_V6
A1(config-route-map)#exit
A1(config)#route-map FILTER_IPV6 permit 20            
A1(config-route-map)#exit
A1(config)#



Step5: Implement route filtering for IPv4 subnets: 
!
A1(config)#router isis
A1(config-router)#redistribute isis ip level-1 into level-2 route-map FILTER_IPV4     



Step6: Implement route filtering for IPv6 subnets: 
!
A1(config)#router isis
A1(config-router)#address-family ipv6 unicast
A1(config-router-af)#redistribute isis level-1 into level-2 route-map FILTER_IPV6     
A1(config-router-af)# end 



Step7. Verify running-config for prober implementation of route filtering:

A1#show  running-config | section  router isis
router isis
 net 49.a000.0000.0000.00a1.00
 redistribute isis ip level-1 into level-2 route-map FILTER_IPV4
 !
 address-family ipv6
  redistribute isis level-1 into level-2 route-map FILTER_IPV6
 exit-address-family 



Step8: Finally, verify that the route filtering configuration has made changes in the database of other routers in the topology: 

C2#show  isis database detail A1.00-00


IS-IS Level-2 LSP A1.00-00
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime/Rcvd      ATT/P/OL
A1.00-00              0x0000000B   0x6ED8                 847/1198      0/0/0
  Area Address: 49.a000
  NLPID:        0xCC 0x8E
  Hostname: A1
  Metric: 10         IS C1.02
  IP Address:   192.168.0.2
  Metric: 10         IP 10.0.0.8 255.255.255.252
  Metric: 10         IP 10.0.0.24 255.255.255.252
  Metric: 10         IP 192.168.0.2 255.255.255.255
  Metric: 20         IP 192.168.0.10 255.255.255.255
  Metric: 20         IP 172.16.0.0 255.255.255.0
  Metric: 20         IP 172.16.1.0 255.255.255.0
  Metric: 20         IP 172.16.3.0 255.255.255.0
  Metric: 20         IP 172.16.4.0 255.255.255.0
  Metric: 20         IP 172.16.6.0 255.255.255.0
  Metric: 20         IP 172.16.7.0 255.255.255.0
  Metric: 20         IP 172.16.8.0 255.255.255.0
  Metric: 20         IP 172.16.9.0 255.255.255.0
  Metric: 20         IP 172.16.11.0 255.255.255.0
  Metric: 20         IP 172.16.12.0 255.255.255.0
  Metric: 20         IP 172.16.13.0 255.255.255.0
  Metric: 20         IP 172.16.14.0 255.255.255.0
  Metric: 20         IP 172.16.15.0 255.255.255.0
  IPv6 Address: 2001:DB8:B:0:1::2
  Metric: 10         IPv6 2001:DB8:B:0:1::2/128
  Metric: 10         IPv6 2001:DB8:A:0:1:1:0:18/126
  Metric: 10         IPv6 2001:DB8:A:0:1:1:0:8/126
  Metric: 20         IPv6 2001:DB8:B:0:1::3/128
  Metric: 20         IPv6 2001:DB8:AA22:100F::/64
  Metric: 20         IPv6 2001:DB8:AA22:100E::/64
  Metric: 20         IPv6 2001:DB8:AA22:100D::/64
  Metric: 20         IPv6 2001:DB8:AA22:100C::/64
  Metric: 20         IPv6 2001:DB8:AA22:100A::/64
  Metric: 20         IPv6 2001:DB8:AA22:1008::/64
  Metric: 20         IPv6 2001:DB8:AA22:1007::/64
  Metric: 20         IPv6 2001:DB8:AA22:1005::/64
  Metric: 20         IPv6 2001:DB8:AA22:1004::/64
  Metric: 20         IPv6 2001:DB8:AA22:1003::/64
  Metric: 20         IPv6 2001:DB8:AA22:1002::/64
  Metric: 20         IPv6 2001:DB8:AA22:1001::/64
  Metric: 20         IPv6 2001:DB8:AA22:1000::/64
C2# 


The output shows that subnets 172.16.2.0/24, 172.16.5.0/24, 172.16.10.0/24 are filtered, also IPv6 prefixes x:x:x:1006::/64, x:x:x:1009::/64, x:x:x:100B::/64 are absent in the database as well.   

Comments

Popular Posts