WHITE PAPER
The CISCO IP Routing Process
including POLICY Routing
by
Alexander Marhold
CCIE #3324, CCSI #20642, CCNP, CCDP
The CISCO Routing Process
route-map map-tag [permit | deny] [sequence-number] FOR POLICY ROUTING
match ip address {access-list-number | name} [...access-list-number | name]
match length min max
including POLICY Routing
Policy Routing
on incoming interface
selected by:
Input Access-list
NAT
DATA Packets
set ip next-hop ip-address [...ip-address]
set interface type number [...type number]
Output Access-list
NAT / PAT
Accounting
ip policy route-map map-tag
DATA
no match
or deny or
Recursive Lookup
OUTGOING to same protocol
set default interface type number [... type number]
set ip default next-hop ip-address [...ip-address]
distribute-list {access-list-number | name} out [interface-name]
passive-interface type number
offset-list {access-list-number | name} out
offset [type number]
Routing Table
INCOMING from REMOTE
offset-list {access-list-number | name} in offset [type number]
distance weight [address mask [access-list-number | name]]
distribute-list {access-list-number | name} in [type number]
passive-interface type number (only for Link State and EIGRP)
ip access-group {access-list-number | name} in
( for selected protocol)
Route-TAGs
S ...
C ...
x ....
Static
Connected
dynamic routing
Route-TAGs
Incoming
Route Processing
ROUTE Information
ip route prefix mask {address |
interface} [distance] [tag tag]
[permanent]
and from connected interfaces
of
Administrative Distance
0
1
5
20
90
100
110
115
120
170
200
255
Connected
Static Route
EIGRP Summary
External BGP
Internal EIGRP
IGRP
OSPF
IS-IS
RIP
External EIGRP
Internal BGP
<don´t use>
OUTGOING coming from other protocol
distribute-list {access-list-number | name} out
[routing-process |autonomous-system-number]
Metric
INCOMING from LOCAL
Queueing
Outgoing
Route Processing
Routes
Metric
OUTGOING to another protocol
redistribute protocol [process-id] {level-1 | level-1-2 | level-2} [metric
metric-value] [metric-type type-value] [match {internal | external 1 |
external 2}] [tag tag-value] [route-map map-tag] [weight weight] [subnets]
default-information redistribution:
default-information originate [always] [metric metric-value] [metric-type typevalue] {level-1 | level-1-2 | level-2} [route-map map-name] (RIP/OSPF)
default-information {in | out} {access-list-number | name} (IGRP/EIGRP)
route-map map-tag [permit | deny] [sequence-number] FOR ROUTE REDISTRIBUTION
match interface type number [...type number]
match ip route-source {access-list-number | name}[...access-list-number | name] set automatic-tag
set level {level-1 | level-2 | level-1-2 | stub-area | backbone}
match metric metric-value
set local-preference
match route-type {local | internal | external [type-1 | type-2] | level-1 | level-2}
set metric metric-value
match tag tag-value [...tag-value]
set metric-type {internal | external | type-1 | type-2}
match ip address {access-list-number | name} [...access-list-number | name]
set origin {igp | egp autonomous-system | incomplete}
match ip next-hop {access-list-number | name}[...access-list-number | name]
set tag tag-value
set next-hop next-hop
 1999, PRO IN Consulting GmbH
Page 2 of 18
! Disclaimer !
The "Cisco
This White Paper was done with utmost
care and thorough reviewing but is
presented "AS IS" with possible errors and
misinterpretations.
However none of the pictures and
statements can be used as reference
regarding the behavior of the mentioned
devices. This paper was done independent
of Cisco and can never be used as
commitment of any party. The author and
PRO IN declares that they will not be held
liable or responsible for any action a reader
of this White Paper will take following the
information given here.
is a set of mechanisms which forward IP data
packets and which populates the IP routing table
by using different sources like
All trademarks belong to their owners.
For commanding this mechanisms a vast range
of commands and modifiers are defined in the
Cisco IOS.
Author:
Alexander Marhold
Senior Consultant and Trainer
PRO IN Consulting GmbH
Vienna / Austria
mailto:alexander.marhold@proin.com
Copyright Notice:
1999-2001
PRO IN Training GmbH
Comercial Use (Sale, Training, CBT,…)
partly or in whole is strictly prohibited
of



Routing Process"
routing updates from neighbors
connected interfaces
static routes
The mechanism also sends out routing updates
eventually converting them between different
routing protocols.
Additionally "IP Policy Routing" allows
to overcome the traditional destination
based routing.
The following mechanism and behaviors
are described in detail in this white
paper:
the general packet forwarding
process
policy routing
routing updates and general
behavior of routing protocols
the INCOMING routing process and
its corresponding commands
the OUTGOING routing process and
its corresponding commands
 1999, PRO IN Consulting GmbH
The "processes" in this paper are models
for explaining the mechanisms, and are
not the real implemented IOS processes.
This paper describes the above mentioned
mechanism without focussing on particular
routing protocols.
Also regarding ROUTE-MAPS this paper focuses
on IGP ( Interior Gateway Protocols) and does
not treat the additional MATCH- and SET-clauses
which are available for BGP.
This paper is not based on a specific version of
IOS.
Topics NOT covered are:
 details of different routing protocols
 snapshot routing, ODR,…
 BGP
 route authentication
 the Link State (LS) mechanism
 QOS, COS, TOS routing
 tunneling
This White Paper assumes, that the reader
already has a good knowledge about IP and IP
Routing Protocols.
The structure of the paper has the picture and its
details always on even pages and the description
to each picture on the page that follows. Thus
when printed doublesided will allow to see the
picture and the explanations without turning the
pages.
The author likes to get feedback,
suggestions and also corrections, so please
feel free to contact him via E-mail.
Page 3 of 18
The CISCO Routing Process
including POLICY Routing
Routing Updates
Other Network
Information sources
Routing Table
S ...
C ...
x ....
RIP
RIP
Static
Connected
dynamic routing
Static Routes
OSPF
Ethernet
Connected Interfaces
of
 1999, PRO IN Consulting GmbH
Page 4 of 18
Routing in General
How does a router knows of its neighbor ?
Covers general topics in Routing and Routing
Updates.
Routers have 2 primary tasks:
Path Finding ( done via Routing Protocols
)
Packet Forwarding ( Layer 3 IP function )
Path Finding is done by exchanging Routing
information between adjacent routers.
- In DISTANCE VECTOR routing protocols a
router forwards the networks of his routing table
( or changes of it) to its neighbors, observing
mechanisms of SPLIT-HORIZON. Depending on
the protocol the network information is sent with
(subnet-)mask-information or without. In RIP
Version 1 und IGRP no masks are transmitted,
thus preventing the freedom of using
discontigous subnets and/or VLSM (Variable
Length Subnet Masking).
- In LINK STATE routing protocols the
routers exchange informations regarding the
connected networks, the external routes
(interarea, static, from external routing
protocols), the connections to neighbor routers,
by forwarding LSPs (Link State Packets). These
LSPs are forwarded hop-by-hop to every other
router within an area. When receiving these LSPs
a router can calculate the best paths to
advertised networks.
of
Again there is a difference between the routing
Protocols.
- DISTANCE VECTOR protocols send out their
routing updates as broadcast (RIP V1, IGRP) or
as multicasts (RIP V2) and by getting routing
updates the router learns the source of these
updates.
- LINK STATE protocols and EIGRP establish a
neighborship to adjacent routers by sending
HELLO-packets and control these links by
resending these HELLOs every short period.
When an ADJACENCY is found and eventually
verified the routers begin exchanging their
routing information.
!!! CAVEAT !!!
LINK STATE protocols and EIGRP only uses and
establishes ADJACENCIES using the PRIMARY
IP Address of an interface. If they do not match
the connection to the neighbor router will not be
established.
LINK STATE protocols also verify certain
parameters before allowing the connection to an
ADJACENCY:
 same IP-subnet
 equal network type
 same value of timers
the command:
SHOW IP <prot> neighbor
shows the adjacencies and their status.
Dependent on the routing protocol there are also
various DEBUG commands which show in detail
the adjacency building process.
 1999, PRO IN Consulting GmbH
How to prevent routing updates or
establishing neighborship on an interface ?
Generally this is done using the router command
PASSIVE-INTERFACE <interface-name>
For DISTANCE VECTOR protocols this
command ONLY prevents the sending out of
routing updates on a particular interface.
However it does not prevent from getting routing
updates over that interface.
!!!HINT!!!
In order to prevent getting routing updates for
Distance Vector protocols use the router
command:
DISTANCE 255 <netw-addr>
<wildcardmask> [ access-list ]
With this command al routing updates sent out
by devices on the specified net will not be
considered for entry in the routing table.
For LINK STATE protocols and EIGRP
passive-interface prevents the establishment of
adjacencies and thus the sending of any LINK
STATE Packets.
However this does not prevent the router from
announcing this network as connected interface
in its routing updates over other interfaces.
OSPF treats that connected network of a
passive-interface as STUB-NETWORK.
Also IS-IS and Integrated IS-IS have some
specialities regarding the OSI or IP informations
on such passive interfaces.
Page 5 of 18
The CISCO Routing Process
including POLICY Routing
DATA Packets
Output Access-list
NAT / PAT
Accounting
Input Access-list
NAT
DATA
Queueing
Recursive Lookup
Routing Table
S ...
C ...
x ....
of
 1999, PRO IN Consulting GmbH
Static
Connected
dynamic routing
Page 6 of 18
The Packet Forwarding
Process
Packets are forwarded downstream a path
from the sender to the receiver.
Route information (information about the
reachability of a network) is forwarded
UPSTREAM from router to router.
This is important to consider when using blocking
of routing information in order to prevent access
to certain networks.
The packet forwarding is done by an
independent decision of each router on the path,
using the destination address of the packet and
the Routing Table as basis for finding a next-hop.
The router will consult the routing table (or a
special forwarding table, based on the content of
the routing table), comparing the destination
address with the network information in the
routing table and will use the most specific
network information for a decision about the
outgoing path.
The lookup process can be recursive, that
means, that more than one lookup may be
needed in order to find the real next-hop-address
for forwarding the packet.
If such a next-hop or an outgoing interface is
found the router will forward the packet on the
specified connected interface.
If no route is found and also no default-route is
available or appropriate, the router will delete
the packet and inform the sender via ICMP about
this happening.
of
What is CLASSFUL and CLASSLESS routing
CLASSFUL and CLASSLESS are behaviors for
using the default route when information about a
specific subnet is not in the routing table, but
other subnets of that mayor network are found
in the routing table.
Example:
# show ip route (edited output)
…
network 172.16.0.0/16 is subnetted
2 subnets, 2 masks
R 172.16.12.0/24 [120/2] 192.168.1.1 eth0
R 172.16.16.0/20 [120/4] 10.0.0.1 ser0
…
*S 0.0.0.0/0
[0/0] 11.1.1.1 ser1
The router now receives a packet on eth1 with
the destination address 172.16.10.234
This address belonging to a specific subnet of
172.16.0.0/16 is NOT in the routing table.
- With IP CLASSLESS the router will take
the default route and forward the packet
out on Serial 1. This is done independent of
any other subnet information for that
mayor network 172.16.0.0/16.
- When CLASSFUL routing with the
command:
NO IP CLASSLESS is selected,
the router would delete the packet and
inform the sender via ICMP that he cannot
forward the packet as the specified subnet
of the mayor network 172.16.0.0/16 is not
in his table.
 1999, PRO IN Consulting GmbH
What is "Gateway of last Resort",
default-network, ip route 0.0.0.0 0.0.0.0 ?
IP Default-Network xxx.xxx.xxx.xxx - This
is the command that will cause a router to treat
xxx.xxx.xxx.xxx as a gateway of last resort. A
router can have multiple ip default-networks
entered.
Gateway of last resort - This is the term that
is applied to a routing entry in the Cisco routing
table that the router will use to forward packets
to when it lacks a more specific route. This can
be learned from a route provided by another
router that is tagged as a default by the
advertising router. The ip default-network
command is one way of having a router tag a
route as a gateway of last resort.
IP Default-Gateway - This command is used
in routers when IP routing disabled in order to
give them an address to forward packets that are
not in their address space. Routers in boot mode
are a good example of this situation.
IP ROUTE 0.0.0.0 0.0.0.0 establishes a default
route (catch-all) if no specific route is found
!!! CAVEAT !!!
The 0.0.0.0 route has special meaning for RIP. It is
automatically installed as the local gateway of last resort. No
ip default-network 0.0.0.0 is required. RIP automatically
advertises the route to 0.0.0.0 even if redistribute static and
a default metric are not configured.
For other routing protocols the router command:
DEFAULT-INFORMATION … allows specific control of
forwarding or receiving default routes
Page 7 of 18
The CISCO Routing Process
route-map map-tag [permit | deny] [sequence-number] FOR POLICY ROUTING
match ip address {access-list-number | name} [...access-list-number | name]
match length min max
Policy Routing
on incoming interface
selected by:
Input Access-list
NAT
DATA
including POLICY Routing
set ip next-hop ip-address [...ip-address]
set interface type number [...type number]
DATA Packets
Output Access-list
NAT / PAT
Accounting
ip policy route-map map-tag
no match
or deny or
Queueing
Recursive Lookup
set default interface type number [... type number]
set ip default next-hop ip-address [...ip-address]
Routing Table
S ...
C ...
x ....
of
 1999, PRO IN Consulting GmbH
Static
Connected
dynamic routing
Page 8 of 18
IP Policy Routing
!!! CAVEAT !!!
IP Policy Routing overcomes the normal
destination based routing paradigma by allowing
different criteria as basis for a routing decision.
Among those criterias are:





the incoming interface
selection by extended access-lists
precedence levels
packet sizes
…
But still one paradigma stays valid:
"The router only makes a local decision about
the next hop, i.e. where to send the packet out"
To overcome this one you need either Tunneling
or MPLS (Multiprotocol Label Switching).
If there is a next-hop-address specified in the
SET-clause this address have to be a real nexthop-address. That means that it must be an
address of a device belonging to a directly
connected network. (The Router will not do a
recursive lookup for the next-hop-address)
If the above mentioned requirements are not
met, the router will use the normal Routing table
based route decisions and ignore the SET
parameters.
Example:
The same Frame Relay interface is used as
connection to the outside world AND as
connections to Remote offices. The Firewall is
placed in to VLANs on a Fast Ethernet attached
switch
Internet
PIX OUT
Fast Ethernet Interface
IP POLICY ROUTE-MAP route-map-name
In case of no match found or when there is no
SETclause specifiying a next-hop or an outgoing
interface, then after the ROUTE-MAP the normal
routing table is used to find a next-hopaddress or outgoing interface.
of
 1999, PRO IN Consulting GmbH
PIX-to-OUT
Routing
Table
Internet Rem.OFF.
OUT-to-PIX
FR
ISL
FRAME RELAY Interface
IP Policy Routing uses ROUTE-MAPS for
defining the matching packets and for setting
actions.
ROUTE-MAPS define a numbered sequence of
MATCH and SET clauses , where the SET
defines the actions to be done for packets
matching the MATCH clauses.
IP POLICY ROUTING is applied to incoming
packets on interfaces by using the Interface
command:
If there is an outgoing interface defined in a
SET-clause, this interface must be up and be of a
point-to-point type.
interface Serial3/0.31 multipoint
description INTERNET ACCESS
ip address 192.168.13.10 255.255…
ip policy route-map OUT-to-PIX
frame-relay map ip 192.168.13.1 501
!
interface FastEthernet4/1.24
description PIX-OUT
encapsulation isl 24
ip address 10.0.5.1 255.255.255.0
ip policy route-map PIX-to-OUT
!
route-map PIX-to-OUT permit 10
match ip address 1
set ip default next-hop 192.168.13.1
!
route-map OUT-to-PIX permit 10
match ip address 1
set ip default next-hop 10.0.5.2
!
access-list 1 permit any
!
Remote Offices
Page 9 of 18
The CISCO Routing Process
including POLICY Routing
Routing Table
S ...
C ...
x ....
Route-TAGs
Static
Connected
dynamic routing
Route-TAGs
Metric
Incoming
Route Processing
ROUTE Information
Administrative Distance
of
 1999, PRO IN Consulting GmbH
Outgoing
Route Processing
Routes
Metric
Page 10 of 18
Routing Information
Processes:
General Considerations
 Sometimes I am wondering why the developers
gave the second best distance of 1 to static routes
entered by an administrator, as so called "Quick Fixes"
by using static routes are often the cause of
reachability and routing-loop problems. 
This allows Failover of routes also without dynamic
routing protocols, when for example 2 static routes
with different Administrative Distances for 2 outgoing
interfaces or 2 different next-hop-addresses are
defined.
A lot of problems and confusion arises from the fact
that some basic principles in the Routing information
process are not correctly understood.
§4 Route REDISTRIBUTION is only used for
outgoing routing updates.
§8 Routing processes are relying on a
consistent metric, in order that every router
find the best path in a way, that all routes are
leading in the same direction.
Therefore in this chapter I will give some fundamental
laws and principles and describe their consequences:
one routing protocol in the routing table will be sent
out, converted to another routing protocol on
interfaces configured for routing updates of that
second routing protocol.
§1 The mechanism of processing incoming
routing updates is COMPLETELY separated from
the mechanism of creating outgoing routing
updates.
The fact that a route is found in the routing table of a
router is a prerequisite but NOT necessarily sufficient
criteria for an outgoing routing update.
§2 The original routes of every configured
routing process of a router will be considered,
when decisions about which will enter the
routing table will be made.
This means that route REDISTRIBUTION is never used
in the incoming route processing.
§3 If more than one information of a route is
found, the incoming route process will use first
the ADMINISTRATIVE DISTANCE and then the
METRIC for deciding which route will be
established in the routing table.
Cisco IOS has a predefined Administrative Distance for
each Routing Protocol which allows to prefer more
trusted information sources over less trusted one.
of
In Principle: Route redistribution means that routes of
§5 Static Routes defined with a next-hopaddress are considered one hop away and have
a default Administrative Distance of 1
If the next-hop-address specified in the static route is
not a REAL next-hop-address (i.e. not an address in a
directly connected network) the router will do
recursive lookups to find this REAL next-hop-address.
§6 Static Routes defined with an outgoing
interface are treated like connected networks (
i.e. networks that are 0 hops away) and thus
having a default Administrative Distance of 0.
Therefore static routes defining an outgoing interface
should be used only when the destination is on that
connected network.
USAGE: When the connected network is address
translated, you need a static route for the outside
network pointing to that inside hidden network.
As the base of metrics is different for different routing
protocols, a direct conversion of metrics from one
routing protocol to another is generally not possible.
When having more than one routing process default
metric information has to be used. This default hides
the correct information about the best path and this
inconsistency will lead to not optimal routing and also
often to ROUTING LOOPS in MUTUAL
REDISTRIBUTION (i.e. more than one redistribution
points).
§9 Routing is a STATEFUL process. Depending
on the current information in the Routing Table
different actions can happen, even when the
same routing information is received.
 There are examples, where a routing was correct,
but after the shutdown and restart of an interface the
correct state was never reached again.[See page 15]
§7 Static Routes where the outgoing interface
is down or the next-hop-address is not
reachable are removed from the routing table
unless the parameter PERMANENT is specified.
 1999, PRO IN Consulting GmbH
Page 11 of 18
The CISCO Routing Process
including POLICY Routing
Routing Table
INCOMING from REMOTE
offset-list {access-list-number | name} in offset [type number]
distance w eight [address mask [access-list-number | name]]
distribute-list {access-list-number | name} in [type number]
passive-interface type number(only for Link State and EIGRP)
ip access-group {access-list-number | name} in
( for selected protocol)
S ...
C ...
x ....
Route-TAGs
Static
Connected
dynamic routing
Metric
Incoming
Route Processing
ROUTE Information
INCOMING from LOCAL
ip route prefix mask {address |
interface} [distance] [tag tag]
[permanent]
and from connected interfaces
of
Administrative Distance
0
1
5
20
90
100
110
115
120
170
200
255
Connected
Static Route
EIGRP Summary
External BGP
Internal EIGRP
IGRP
OSPF
IS-IS
RIP
External EIGRP
Internal BGP
<don´t use>
 1999, PRO IN Consulting GmbH
Page 12 of 18
The INCOMING Routing
Process
The incoming Routing process is responsible for
populating the Routing table.
At startup this process enters the static and
connected networks for all interfaces which are
UP and then for each route received via any
Routing potocol this process checks if this is a
better route (considering Adminstrative Distance
and metric) than another instance of the same
route already in the table.
If a better route is found, this one is installed
and the other one is removed from the table.
The different routing processes also inform the
incoming routing process about any routes for
which regular routing updates are missing, or
which route to remove.
In order to overcome incorrect routing
information Distance Vector routing processes
also sets routes into a temporary holddown
before reconsidering new routing information or
before deleting this route.
LINK STATE processes directly remove or
replace routes after running the SPF-calculation.
EIGRP when a feasability successor is found will
enter the new information direct into the routing
table, or will set the route to a state of ACTIVE
and ask the neighbor(s) for a new route to the
destination.
RIP V1 and IGRP will never establish an
incoming mayor route, when they have a local
subnet-route of that network in their routing
table.
of
Monitoring the INCOMING Route process
All the input and results of this incoming routing
decision process can be monitored with the
command:
DEBUG IP ROUTING
Unfortunately the debug output is somewhat
cryptic and therefore not easy to read.
Here an example with the output of a RIP
routing change and its real meaning.
RouterA# debug ip routing
RT: flushed route to 192.168.8.0 via 192.168.9.2
(Serial0)
RT: no routes to 192.168.8.0, entering holddown
 invalid timer expired no routes to 192.168.8.0,
therefore entering holddown
Useful commands for changing behaviour
of the Incoming Roue process
These commands can have different goals:
 prevent routing information from
entering the routing table
distribute-list xxx in … (not for Link State)
distance 255 …
passive-interface …(for Link State & EIGRP)
 change the priority of some information
sources or for some commands
 by changing the ADMINISTRATIVE DISTANCE
distance <0…154> …
 by changing the METRIC
offset-list xxx in … (not for Link State)
RT: flushed route to 192.168.7.0 via 192.168.9.2
(Serial0)
 manually adding additional routing
information
"show ip route" shows us
…
In order to prevent possible routing loops when
getting redistributed (external routes) EIGRP
uses the higher administrative distance of 170
instead of the default of 90.
 advertising 192.168.8.0 via 192.168.9.2
(Serial0) as unreachable
R 192.168.8.0/24 is possibly down,
routing via 192.168.9.2, Serial1
…
RT: garbage collecting entry for 192.168.8.0
 flush timer expired terminating holddown for
192.168.8.0
after that the next update info for this network
will be used
RT: add 192.168.8.0/24 via 192.168.6.2, rip
metric [120/2]
 1999, PRO IN Consulting GmbH
ip route …
In OSPF you also can use TAGs for marking routes
and then applying actions to tagged routes.
NOTE: For Link State protocols you cannot apply incoming
filters as those protocols transfer not routes but LINK STATE
Packets.
In BGP you can specify a route-map which can
modify parameters like metric and tag when BGP
sends routing information to the local routing
table:
table-map route-map name
Page 13 of 18
The CISCO Routing Process
including POLICY Routing
OUTGOING to same protocol
distribute-list {access-list-number | name} out [interface-name]
passive-interface type number
offset-list {access-list-number | name} out
offset [type number]
Routing Table
S ...
C ...
x ....
Static
Connected
dynamic routing
Route-TAGs
OUTGOING coming from other protocol
distribute-list {access-list-number | name} out
[routing-process |autonomous-system-number]
Outgoing
Route Processing
Routes
Metric
OUTGOING to another protocol
redistribute protocol [process-id] {level-1 | level-1-2 | level-2} [metric
metric-value] [metric-type type-value] [match {internal | external 1 |
external 2}] [tag tag-value] [route-map map-tag] [w eight w eight] [subnets]
default-information redistribution:
default-information originate [alw ays] [metric metric-value] [metric-type typevalue] {level-1 | level-1-2 | level-2} [route-map map-name] (RIP/OSPF)
default-information {in | out} {access-list-number | name} (IGRP/EIGRP)
route-map map-tag [permit | deny] [sequence-number] FOR ROUTE REDISTRIBUTION
match interface type number [...type number]
match ip route-source {access-list-number | name}[...access-list-number | name] set automatic-tag
set level {level-1 | level-2 | level-1-2 | stub-area | backbone}
match metric metric-value
set local-preference
match route-type {local | internal | external [type-1 | type-2] | level-1 | level-2}
set metric metric-value
match tag tag-value [...tag-value]
set metric-type {internal | external | type-1 | type-2}
match ip address {access-list-number | name} [...access-list-number | name]
set origin {igp | egp autonomous-system | incomplete}
match ip next-hop {access-list-number | name}[...access-list-number | name]
set tag tag-value
set next-hop next-hop
of
 1999, PRO IN Consulting GmbH
Page 14 of 18
The OUTGOING Routing
Update Process
The outgoing Routing update process is
responsible for informing the neighboring routers
about its network information.
For Distance Vector Routing protocols this is
the local information about the best routes and
their metric (hence the content of the Routing
Table).
For Link State Routing protocols this is the
information about the local networks, external
routes and the neighbors via LSPs.
Outgoing routing updates for a certain routing
protocol are only sent when the following
conditions are all met:








the network is in the routing table.
the network is either specified via the NETWORK
command or coming from another protocol via a
REDISTRIBUTION command
obeys the SPLIT-HORIZON rule: the network was
not learned from the same interface ( or is not
identical to the connected network)
the network is not excluded from update via
applied access-lists or route-maps using the
DISTRIBUTE command.
the outgoing interface is not specified as PASSIVE
if the network is a specified summary, at least a
subnet of that summary route is in the routing
table.
forwarding of default information is implicitly
(RIP) or explicitly allowed via the
DEFAULT-INFORMATION … command.
for OSPF: sending of LSPs to that neighbor is not
prohibited.
For RIP V1 and IGRP the following also is
considered:
A subnet route of a mayor network is converted to the
(summary) mayor route when it is sent out on
interfaces that do not belong to a (sub)net of that
mayor route. (Discontigous Subnet Rule)
For OSPF there are some special rules, where
Area Border Routers (ABR) can inject default
routes into stub areas. Also DISTRIBUTE-LIST
OUT can only be applied to external routes and
you cannot specify an interfacename in OSPF.
Generally by using the shown commands you can
follow 4 different tasks:
 make networks invisible by blocking the
forwarding of routing information
 redistribute (forward and translate) routing
information from one protocol to another
 change the metric to force the others to
prefer specific paths
 summarize routing information to
decrease the amount of routes and to increase
the stability
10.0.0.0/8
0 hops
best route to10.0.0.0/8
before shutdown of R2-R3
R1
0
RIP
1 hop
best route to10.0.0.0/8
after shutdown of R2-R3
R10
3 hops
RIP
1
EIGRP
2 hops
2
R4
R2
RIP
Example for a Redistribution problem
which is state-dependent:
Configuration of R4 and R5:
router rip
network x.x.x.x
redistribute eigrp 1000
default-metric 1
passive-interface Serial 1
router eigrp 1000
network y.y.y.y
redistribute rip
default-metric 1000 100 250 100 1500
passive-interface Serial 0
R3 normally learns about the network 10.0.0.0/8
via a routing update from R2 with 2 hops and
forwards this information to R5 with 3 hops
R5 gets information about 10.0.0.0/8 via R4 with
the metric [170/10245] ( it is an external EIGRP
route) and via R3 with [120/3] as RIP-route.
So R5 will establish the RIP-route and use R3 as
next hop. Obeying the SPLIT HORIZON rule it
will never send out the information back to R3.
When the connection between R2 and R3 breaks,
R3 will not send information about 10.0.0.0/8. R5
will now use the routing information derived via
external EIGRP from R5 and forward this
information as redistributed information via Rip
to R3. R3 gets now the information about
10.0.0.0/8 with the metric [120/1] and next hop
R5 into its routing table. When the link R2-R3
comes up again, the information from R2 about
10.0.0.0/8 with [120/2] will not be used and R3
will continue to use the way via R5 to reach that
network.
2
before
shutdown
3 hops
3
RIP
of
 1999, PRO IN Consulting GmbH
R5
R3
1
1 hop after shutdown of
R2-R3
Page 15 of 18
The CISCO Routing Process
route-map map-tag [permit | deny] [sequence-number] FOR POLICY ROUTING
match ip address {access-list-number | name} [...access-list-number | name]
match length min max
including POLICY Routing
Policy Routing
on incoming interface
selected by:
Input Access-list
NAT
set ip next-hop ip-address [...ip-address]
set interface type number [...type number]
DATA Packets
Output Access-list
NAT / PAT
Accounting
ip policy route-map map-tag
DATA
no match
or deny or
Recursive Lookup
OUTGOING to same protocol
set default interface type number [... type number]
set ip default next-hop ip-address [...ip-address]
distribute-list {access-list-number | name} out [interface-name]
passive-interface type number
offset-list {access-list-number | name} out
offset [type number]
Routing Table
INCOMING from REMOTE
offset-list {access-list-number | name} in offset [type number]
distance w eight [address mask [access-list-number | name]]
distribute-list {access-list-number | name} in [type number]
passive-interface type number(only for Link State and EIGRP)
ip access-group {access-list-number | name} in
( for selected protocol)
S ...
C ...
x ....
Route-TAGs
Static
Connected
dynamic routing
Route-TAGs
OUTGOING coming from other protocol
distribute-list {access-list-number | name} out
[routing-process |autonomous-system-number]
Metric
Incoming
Route Processing
ROUTE Information
INCOMING from LOCAL
ip route prefix mask {address |
interface} [distance] [tag tag]
[permanent]
and from connected interfaces
of
Administrative Distance
0
1
5
20
90
100
110
115
120
170
200
255
Connected
Static Route
EIGRP Summary
External BGP
Internal EIGRP
IGRP
OSPF
IS-IS
RIP
External EIGRP
Internal BGP
<don´t use>
Queueing
Outgoing
Route Processing
Routes
Metric
OUTGOING to another protocol
redistribute protocol [process-id] {level-1 | level-1-2 | level-2} [metric
metric-value] [metric-type type-value] [match {internal | external 1 |
external 2}] [tag tag-value] [route-map map-tag] [w eight w eight] [subnets]
default-information redistribution:
default-information originate [alw ays] [metric metric-value] [metric-type typevalue] {level-1 | level-1-2 | level-2} [route-map map-name] (RIP/OSPF)
default-information {in | out} {access-list-number | name}(IGRP/EIGRP)
route-map map-tag [permit | deny] [sequence-number] FOR ROUTE REDISTRIBUTION
match interface type number [...type number]
match ip route-source {access-list-number | name}[...access-list-number | name] set automatic-tag
set level {level-1 | level-2 | level-1-2 | stub-area | backbone}
match metric metric-value
set local-preference
match route-type {local | internal | external [type-1 | type-2] | level-1 | level-2}
set metric metric-value
match tag tag-value [...tag-value]
set metric-type {internal | external | type-1 | type-2}
match ip address {access-list-number | name} [...access-list-number | name]
set origin {igp | egp autonomous-system | incomplete}
match ip next-hop {access-list-number | name}[...access-list-number | name]
set tag tag-value
set next-hop next-hop
 1999, PRO IN Consulting GmbH
Page 16 of 18
Summary: The
BIG picture
The CISCO IP Routing Process and its
mechanisms are quite complicated. But a
thorough understanding is necessary to
troubleshoot or even better to avoid problems.



The basic points are:










of
Routing is done hop-by-hop, each router
independently decides on which interface
to forward a packet.
The router treats incoming and outgoing
routing mechanisms as completely
separate processes.
Decisions about which route to add or
remove from the routing table are based
on
ADMINISTRATIVE DISTANCE and
METRIC
Routes of all configured routing
processes are considered for the routing
table
REDISTRIBUTION is only used when
considering outgoing routing updates
POLICY ROUTING allows to overcome
the normal destination based routing
Policy Routing is applied on packets
incoming on specified interfaces
ROUTE-MAPS are a mechanism for using
additional parameters for selection and
also a mechanism for setting or changing
different parameters
ROUTE-MAPS are used for POLICY
ROUTING and for a controlled
REDISTRIBUTION of Routing Updates
Routing Protocols rely on a consistent
metric


REDISTRIBUTION of routes means a loss
of topology information
Routing is a STATEFUL process, where
the incoming routing information is
considered in relation to the current
routing table information.
The fact that a route is in the routing
table does not necessarily mean that the
route is also used in outgoing routing
updates
the adjacency process for Link State and
EIGRP as basis for exchanging updates
between routers
the different behavior of Routing
protocols regarding summarization and
VLSM
What is CISCO-specific in that area ?
 The use of ADMINISTRATIVE DISTANCE as
first considered parameter for incoming route
decisions.
 IGRP and EIGRP are Cisco-developed and
proprietary protocols.
 REDISTRIBUTION, metric handling on
redistribution is not covered in standards.
 the treatment and forwarding of DEFAULTROUTES is not covered in standards.
 an extensive set of DEBUG commands for
monitoring the router behavior.
 1999, PRO IN Consulting GmbH
For further information
Recommended Requests for proposals (RFCs):
RFC1812 Requirements for IP Version 4 Routers.
F. Baker. June 1995.(Status: PROPOSED
STANDARD)
 general information about Routing:
RFC1771 A Border Gateway Protocol 4 (BGP-4).
Y.Rekhter & T. Li. March 1995.
(Status: DRAFT STANDARD)
RFC2328 OSPF Version 2. J. Moy.
April 1998. (Status: STANDARD)
RFC2453 RIP Version 2. G. Malkin.
November 1998. (Status: STANDARD)
Recommended Books:
CCIE Professional Development: Routing TCP/IP
Volume 1, J.Doyle ISBN: 1-57870-041-8
 excellent description of Routing
 best description of the mechanisms of EIGRP
 very good treatment of all Routing Protocols
CCIE Professional Development: Large-Scale IP
Network Solutions, K. Raza, S. Asad, M. Turner
ISBN: 1-57870-084-1
 good examples of routing design
 excellent examples of redistribution
 good description of Routing Protocols
Internet Routing Architectures, B.Halabi
ISBN:
 best book on BGP
OSPF J.Moy
ISBN:
 OSPF explained by the developer of that
protocol
WWW-locations:
http://www.proin.com
http://www.cisco.com
http://www.netreference.com
Page 17 of 18
PROFESSIONAL INFORMATION
NETWORKS
PRO IN is a paneuropean company focussing on
3 areas:



Training
Consulting
Professional Services
With offices in Austria, Germany and Spain we
offer CISCO authorized trainings at the highest
possible level. Thus PRO IN is honored as
"Distinguished Trainings Partner" by CISCO
f