This topic is to discuss the following lesson:
Hi Rene,
thanks a lot for your helpful explanation, I simulated your lab and found something that I need your explanation for it.
when I leaked 8.8.8.8 at R4, R2 calculated the metric of 8.8.8.8 with 168 as below:
R2#sh ip route isis 1
8.0.0.0/32 is subnetted, 1 subnets
i ia 8.8.8.8 [115/168] via 192.168.24.4, 00:14:47, Ethernet0/2
although R4 calculated it with 30 :
R4#sh ip route isis
8.0.0.0/32 is subnetted, 1 subnets
i L2 8.8.8.8 [115/30] via 192.168.47.7, 00:50:55, Ethernet0/1
the metric calculated with 40 at R2 when I configured the metric-style wide on all routers, I need your explanation for this please.
Thanks,
Walid
Hi Walid,
That’s a good question. I just booted this topology again and I see a metric of 40 on R2:
R2#show ip route isis
Gateway of last resort is 192.168.24.4 to network 0.0.0.0
i*L1 0.0.0.0/0 [115/10] via 192.168.24.4, 00:14:23, GigabitEthernet0/2
8.0.0.0/32 is subnetted, 1 subnets
i ia 8.8.8.8 [115/40] via 192.168.24.4, 00:14:23, GigabitEthernet0/2
i L1 192.168.13.0/24 [115/20] via 192.168.12.1, 00:15:16, GigabitEthernet0/1
i L1 192.168.35.0/24 [115/30] via 192.168.12.1, 00:15:10, GigabitEthernet0/1
i L1 192.168.47.0/24 [115/20] via 192.168.24.4, 00:15:16, GigabitEthernet0/2
That’s without wide metrics:
R2:
router isis
net 49.1234.0000.0000.0002.00
is-type level-1
log-adjacency-changes
R4:
router isis
net 49.1234.0000.0000.0004.00
log-adjacency-changes
redistribute isis ip level-2 into level-1 route-map ROUTE_LEAKING
What do you see in the database?
R2#show isis database level-1 R4.00-00 detail
IS-IS Level-1 LSP R4.00-00
LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
R4.00-00 0x00000005 0xC9D0 976/1199 1/0/0
Area Address: 49.1234
NLPID: 0xCC
Hostname: R4
Metric: 10 IS R4.01
IP Address: 192.168.47.4
Metric: 10 IP 192.168.24.0 255.255.255.0
Metric: 10 IP 192.168.47.0 255.255.255.0
Metric: 30 IP-Interarea 8.8.8.8 255.255.255.255
Rene
Hi Rene,
R1#traceroute 8.8.8.8
this command result:
R1 uses R3
Why do you write:
R1 uses R2
Hi Rene
why we will configure on R4 , not on R2 , is there a reason or first level-1-2 router
Hi Bahri,
Thanks, this is a typo yes. Just fixed it.
Rene
We leak from level 2 into level 1 so that’s why you have to do it on a level 1-2 router (R4 in this case).
When do we use route map and distribute list ?? What are the peculiarities of both?? Can you please distinguish between access list and prefix list also??
Hello Swapnil
Specifically for IS-IS route leaking, you can use either a distribute list or a route-map. Of course, each one has different capabilities. This distinction is not specific to IS-IS route leaking, but is the case for most applications in which both can be used. In general, a distribute list is a more quick and dirty, more simplistic way of implementing route leaking and other similar operations. A route map will provide you with more flexibility and capabilities in matching and taking action. Both can be equally effective for IS-IS route leaking however.
As for access lists and prefix lists, the following lesson explains the difference between the two quite eloquently and should cover most if not all of your questions.
I hope this has been helpful!
Laz
Just to be picky: at the beginning there is a “We can deal with this by” that repeats.
Thank you for all these lessons, they are really great!
Stefanita
Hello Stuat
Thanks for picking this up. You’re not being picky at all, we appreciate you bringing these things to our attention!
Laz
Hi Stefanita,
I always appreciate it when people report errors Just fixed this.
Rene
Hello Rene,
Just getting familiar with isis.
About your filtrering with acls my understanding was that we follow a logic netwok mask. When you filter the prefix 8.8.8.8 with any logic, the filtering shouldn’t be instead permit ip host 8.8.8.8 255.255.255.255 0.0.0.0
Hello Luis
The access list that is defined in the lesson is an extended access list that specifies a host address as the source, and any address as the destination. When you specify a host address using the host
keyword, the access list automatically assumes a 255.255.255.255 subnet mask. If you use the host
keyword it doesn’t allow you to enter a subnet mask at all, as seen below:
Router(config)#ip access-list extended My_ACL
Router(config-ext-nacl)#permit ip host 8.8.8.8 ?
A.B.C.D Destination address
any Any destination host
host A single destination host
object-group Destination network object group
Router(config-ext-nacl)#permit ip host 8.8.8.8
After the host 8.8.8.8
, it expects the destination address and not the subnet mask, so the syntax you use in your post will not work.
The result of the configuration in the lesson is that packets destined for the 8.8.8.8/32 host address will be matched exactly by the ACL, and will thus be leaked into area 1234. This way, routing only for this host address will use a different next hop address.
I hope this has been helpful!
Laz
Hello Laz,
Thanks for tour feedback, but I might explain myself wrong.
As per my understanding when we use extended acls for redistribution we can match the network part + subnet part.
In the particular exemple the acls below will accomplish the exact same thing isn’t it?
permit ip host 8.8.8.8 any
permit ip 8.8.8.8 0.0.0.0 255.255.255.255 0.0.0.0
Thanks for your support.
Hello Luis
Sorry I misunderstood. Actually, the following two commands are identical:
permit ip host 8.8.8.8 any
permit ip 8.8.8.8 0.0.0.0 0.0.0.0 255.255.255.255
If you put in the second command and then look at the configuration file, you will find that it has been converted into the first:
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#ip access-list extended my_list
Router(config-ext-nacl)#permit ip 8.8.8.8 0.0.0.0 0.0.0.0 255.255.255.255
Router(config-ext-nacl)#exit
Router(config)#exit
Router#show ip access-lists
Extended IP access list my_list
10 permit ip host 8.8.8.8 any
Router#
Notice the entry in the access list has been converted simply to ip host 8.8.8.8 any
.
I hope this has been helpful!
Laz
Perfect thanks a lot
Won’t there be a disadvantage on R3, as it has to follow the path towards R1 to reach 8.8.8.8 which is a longest route? Can you please let me know how to overcome this issue?
Hello Vigneshwar
You are correct in your thinking. However, IS-IS has a failsafe built-in for such situations. Although L1 routes are always preferred to L2 routes, in this case, the R3 router will have learned about the 8.8.8.8 destination as an L2 route, but it will also have learned it from the leaked route via R4. Because the leaked route has a designation of “inter-area” shown as “ia” in the routing table, it will actually prefer the L2 route to that destination rather than the leaked route.
I tried to confirm this using a lab, and to find this clearly stated in documentation, but I was unable to do so. But if you put this lab together, I suggest you take a look at the routing table of R3 after the route is leaked to see what path has been installed in the routing table.
I hope this has been helpful!
Laz
Hello René, I just finished the ISIS topics, however, I would like to ask you if you have reference material to configure ISIS with IPv6. I also want to ask you: What does Single/Multi-topology and multi-topology refer to in ISIS for IPv6.
Thank you