Sunday 17 January 2016

EIGRPv6 prefix filtering

EIGRPv6 prefix filtering




EIGRP can be configured to filter traffic using two ways;


1) Use prefix list and the distribute-list command under EIGRP process.(Traditional way of route filtering)


2) Use a route map and the distribute-list command (Advance method and give more flexible options .It was added to Cisco IOS starting with release 15M & T).


For simplicity, this document is divided into two parts. In part - 1 you will learned EIGRPv6 route filtering using prefix list and the distribute-list command under EIGRP process.


Background:


In the following topology


1) R1 configured with two LAN subnets:


2001::/64 & 2002::/64


2) R3 configured with two LAN subnets:


3001::/64 & 3002::/64


3)We will configure Route filtering on R2


Route filtering can be configured inbound or outbound:


1) When you apply filter to inbound direction, configured router will filter those routes from its routing table and as result, it will not going to advertise to neighbors.


2) When you apply filter to outbound direction, Configured router simply stop advertising these routes to its neighbor but will not affect its own routing table, these filtered routes still present in its routing table.


Topology Diagram:


EIGRPV6_Filter.jpg


Initial Configuration:


R1
R2
R3
interface FastEthernet1/0
ip address 1.1.1.1 255.255.255.0
ipv6 address 2001::1/64
ipv6 eigrp 10
!
interface FastEthernet1/1
no ip address
ipv6 address 2002::1/64
ipv6 eigrp 10
!
interface FastEthernet0/0
ipv6 address FE80::1 link-local
ipv6 eigrp 10
!
ipv6 unicast-routing
!
ipv6 router eigrp 10
no shutdown
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
ipv6 address FE80::2 link-local
ipv6 eigrp 10
!
interface FastEthernet0/1
ipv6 address FE80::2 link-local
ipv6 eigrp 10
!
ipv6 unicast-routing
!
ipv6 router eigrp 10
no shutdown
interface FastEthernet1/0
ip address 3.3.3.3 255.255.255.0
ipv6 address 3001::1/64
ipv6 eigrp 10
!
interface FastEthernet0/0
ipv6 address 3002::1/64
ipv6 eigrp 10
!
interface FastEthernet0/0
ipv6 address FE80::1 link-local
ipv6 eigrp 10
!
ipv6 unicast-routing
!
ipv6 router eigrp 10
no shutdown


The following output of R1, R2 and R3 shows routes being propagated in their respective routing table via EIGRPv6.


R1#sh ipv6 route eigrp | beg D


       D - EIGRP, EX - EIGRP external


D   3001::/64 [90/435200]


     via FE80::2, FastEthernet0/0


D   3002::/64 [90/435200]


     via FE80::2, FastEthernet0/0


R2#sh ipv6 route eigrp | beg D


       D - EIGRP, EX - EIGRP external


D   2001::/64 [90/409600]


     via FE80::1, FastEthernet0/0


D   2002::/64 [90/409600]


     via FE80::1, FastEthernet0/0


D   3001::/64 [90/409600]


     via FE80::1, FastEthernet0/1


D   3002::/64 [90/409600]


     via FE80::1, FastEthernet0/1


R3#sh ipv6 route eigrp | beg D


       D - EIGRP, EX - EIGRP external


D   2001::/64 [90/435200]


     via FE80::2, FastEthernet0/0


D   2002::/64 [90/435200]


     via FE80::2, FastEthernet0/0


Case 1 : In first case we will put filter to controll outbound direction traffic.


First you need to configure prefix list and then apply prefix list under EIGRPv6 process as shown below:





R2#conf t


Enter configuration commands, one per line. End with CNTL/Z.


R2(config)#ipv6 router eigrp 10


R2(config-rtr)#distribute-list prefix-list EIGRP_FILTER out


R2(config-rtr)#end


R2#


Verification: The following output of R1, R2 and R3 routing table shows R2 doesn’t advertise to 2001: 1/64 prefix to its neighbor i.e. R3 but not affected its own routing table.


R1#sh ipv6 route eigrp | beg D


       D - EIGRP, EX - EIGRP external


D   3001::/64 [90/435200]


     via FE80::2, FastEthernet0/0


D   3002::/64 [90/435200]


     via FE80::2, FastEthernet0/0


R2#sh ipv6 route eigrp | beg D


       D - EIGRP, EX - EIGRP external


D   2001::/64 [90/409600]


     via FE80::1, FastEthernet0/0


D   2002::/64 [90/409600]


     via FE80::1, FastEthernet0/0


D   3001::/64 [90/409600]


     via FE80::1, FastEthernet0/1


D   3002::/64 [90/409600]


     via FE80::1, FastEthernet0/1


R3#sh ipv6 route eigrp | beg D


       D - EIGRP, EX - EIGRP external


D   2002::/64 [90/435200]


     via FE80::2, FastEthernet0/0


Case 2 : Now we will remove applied distribution-list and apply same prefix list to inbound direction


R2#conf t


Enter configuration commands, one per line. End with CNTL/Z.


R2(config)#ipv6 router eigrp 10


R2(config-rtr)#no distribute-list prefix-list EIGRP_FILTER out


R2(config-rtr)#distribute-list prefix-list EIGRP_FILTER in


R2(config-rtr)#end


Verification:The following output of R2 and R3 routing table shows R2 doesn’t  advertise to 2001: 1/64 prefix to its neighbor i.e. R3 but also filtered from its routing table.


R2#sh ipv6 route eigrp | beg D


       D - EIGRP, EX - EIGRP external


D   2002::/64 [90/409600]


     via FE80::1, FastEthernet0/0


D   3001::/64 [90/409600]


     via FE80::1, FastEthernet0/1

Posted by at
Labels: