The Art of Redistribution
Redistribution is the art of injecting routes learned from various sources into a dynamic routing protocol. In that respect, UNIX offers one additional hook compared to Cisco IOS Software: the injection of kernel routes. Therefore, the full variety offered is redistribution of kernel, connected/direct, static, and dynamic routes into other routing protocols. The resulting behavior is exactly as expected from the Cisco world. Because the different sources represent different administrative distances/preferences, metrics can be adjusted and redistribution controlled with distribute lists, offset lists, prefix lists, access lists, OSPF export/import/filter lists, and route maps.
Lab 9-6: Route Filtering and Redistribution
Example 9-24 shows an example for the Zebra redistribution commands. They pretty much work as under Cisco IOS Software. Consult Cisco.com for further information. Note that GateD provides similar route-filter facilities.
Example 9-24. Zebra Redistribution Example
callisto-ospfd# show running-config Current configuration: ! hostname callisto-ospfd password 8 m6eyKycFMHniQ enable password 8 bjYlnA9YLBWyM log file /var/log/ospfd.log service advanced-vty service password-encryption ! ! ! interface lo ! interface eth0 ! interface eth1 ip ospf message-digest-key 1 md5 zebra ! interface ipsec0 ! interface ipsec1 ! interface ipsec2 ! interface ipsec3 ! interface eth1:1 ip ospf message-digest-key 1 md5 zebra ! interface lo1 ! interface wp1chdlc ip ospf network point-to-point ! router ospf ospf router-id 192.168.1.1 compatible rfc1583 redistribute connected redistribute static redistribute rip route-map REDIMAP network 192.168.1.0/24 area 0 network 192.168.14.0/24 area 5 network 192.168.45.0/24 area 0 network 192.168.99.0/30 area 0 area 0.0.0.0 authentication message-digest area 5 virtual-link 192.168.201.4 distribute-list DISTRIMAP out static capability opaque ! access-list 1 remark vty-protection access-list 1 permit 127.0.0.1 access-list 1 permit 192.168.1.0 0.0.0.255 ! route-map DISTRIMAP permit 1 match ip address 1 set metric 10 ! route-map REDIMAP permit 1 match ip address 1 set metric-type type-1 ! line vty access-class 1 exec-timeout 0 0 ! end
Lab 9-7: OSPF Authentication
Configuring authentication for OSPF or RIP is pretty straightforward under Zebra. You have the choice between clear-text passwords and MD5 hashes (Example 9-25). However, consider that this contributes to CPU load.
Example 9-25. Configuring MD5 Authentication for Zebra OSPF
castor-ospfd# show running-config Current configuration: ! hostname castor-ospfd password 8 4DwwIFdKLWvU. enable password 8 dV8x4MhxDAuaw log file /var/log/ospfd.log service advanced-vty service password-encryption ! ! ! interface xl0 ip ospf message-digest-key 1 md5 zebra ! interface ed0 ip ospf message-digest-key 1 md5 zebra ! interface lp0 ip ospf network point-to-point ! interface sl0 ip ospf network point-to-point ! interface sl1 ip ospf network point-to-point ! interface ds0 ! interface stf0 ! interface faith0 ! interface vlan0 ! interface vlan1 ! interface lo0 ! interface ppp0 ip ospf network point-to-point ! interface ppp1 ip ospf network point-to-point ! interface vlan8 ip ospf message-digest-key 1 md5 zebra ! interface lo1 ! router ospf ospf router-id 192.168.2.7 compatible rfc1583 redistribute connected redistribute static network 192.168.2.0/24 area 0 network 192.168.7.0/24 area 0 network 192.168.80.0/24 area 0 area 0 authentication message-digest capability opaque ! access-list 1 remark vty-protection access-list 1 permit 127.0.0.1 access-list 1 permit 192.168.1.0 0.0.0.255 ! line vty access-class 1 exec-timeout 15 0 ! end
Route Tagging and Multiple OSPF Processes/Instances
Cisco IOS Software currently allows several OSPF processes. This is not possible with Zebra or GateD. Route tagging is only possible for the entire OSPF domain in GateD, whereas Cisco IOS Software supports tagging in context with redistribution and the domain-tag OSPF command.