Select Page

is-is Route Leaking-Ii

IS-IS | Route Leacking lab-2

  • Route leaking is the art of getting a required route from one routing table to another.
  • Every routing protocol passes routing information up or down the routing hierarchy. This bidirectional flow of routing information is known as route leaking. By default, IS-IS protocol leaks routing information from a Level 1 area to a Level 2 area. However, to leak routing information from a Level 2 area to a Level 1 area, an export policy must be explicitly configured.

    Bypass the default behavior to have
    level 1 routes get into L2 routing table..

Juniper vMX 14 & EVE-NG Pro is used for this lab.

 Devices Configuration: 

[email protected]> show configuration |display set 
set version 14.1R4.8
set system host-name R1
set system root-authentication encrypted-password "$1$1vv1gtZ/$QRerVp.aWq.yznUXUflH01"
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/0 unit 0 family inet address 13.13.13.1/24
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family inet address 15.15.15.1/24
set interfaces ge-0/0/1 unit 0 family iso
set interfaces ge-0/0/2 unit 0 family inet address 12.12.12.1/24
set interfaces ge-0/0/2 unit 0 family iso
set interfaces ge-0/0/3 unit 0 family inet address 14.14.14.1/24
set interfaces ge-0/0/3 unit 0 family iso
set interfaces lo0 unit 1 family inet address 1.1.1.1/24
set interfaces lo0 unit 1 family inet address 11.11.11.11/24
set interfaces lo0 unit 1 family iso address 49.0001.0010.0100.1001.00
set protocols isis level 1 disable
set protocols isis interface ge-0/0/0.0
set protocols isis interface ge-0/0/1.0
set protocols isis interface ge-0/0/2.0
set protocols isis interface ge-0/0/3.0 
set protocols isis interface lo0.1    
[email protected]> show configuration |display set 
set version 14.1R4.8
set system host-name R2
set system root-authentication encrypted-password "$1$6NgzFXZ4$QNSfWywONMNrbQBIWM9uj0"
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/0 unit 0 family inet address 24.24.24.2/24
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/2 unit 0 family inet address 12.12.12.2/24
set interfaces ge-0/0/2 unit 0 family iso
set interfaces lo0 unit 2 family inet address 2.2.2.2/24
set interfaces lo0 unit 2 family inet address 22.22.22.22/24
set interfaces lo0 unit 2 family iso address 49.0024.0020.0200.2002.00
set protocols isis export leak-l1-l2
set protocols isis interface ge-0/0/0.0 level 2 disable
set protocols isis interface ge-0/0/2.0 level 1 disable
set protocols isis interface lo0.2
set policy-options policy-statement leak-l1-l2 term leak172 from protocol isis
set policy-options policy-statement leak-l1-l2 term leak172 from level 2
set policy-options policy-statement leak-l1-l2 term leak172 from route-filter 172.16.0.0/23 orlonger
set policy-options policy-statement leak-l1-l2 term leak172 to level 1
set policy-options policy-statement leak-l1-l2 term leak172 then accept
[email protected]> show configuration |display set 
set version 14.1R4.8
set system host-name R3
set system root-authentication encrypted-password "$1$BmHomLh4$FDpwK6Kmrts.PEipzkPOV1"
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/0 unit 0 family inet address 13.13.13.3/24
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family inet address 35.35.35.3/24
set interfaces ge-0/0/1 unit 0 family iso
set interfaces lo0 unit 3 family inet address 3.3.3.3/24
set interfaces lo0 unit 3 family inet address 33.33.33.33/24
set interfaces lo0 unit 3 family iso address 49.0035.0030.0300.3003.00
set protocols isis interface ge-0/0/0.0 level 1 disable
set protocols isis interface ge-0/0/1.0 level 2 disable
set protocols isis interface lo0.3
[email protected]> show configuration |display set 
set version 14.1R4.8
set system host-name R4
set system root-authentication encrypted-password "$1$WaL4BSs9$mlznqm3jQMhdGgufqq1YF1"
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/1 unit 0 family inet address 46.46.46.4/24
set interfaces ge-0/0/1 unit 0 family iso
set interfaces ge-0/0/3 unit 0 family inet address 14.14.14.4/24
set interfaces ge-0/0/3 unit 0 family iso
set interfaces lo0 unit 4 family inet address 4.4.4.4/24
set interfaces lo0 unit 4 family inet address 44.44.44.44/24
set interfaces lo0 unit 4 family iso address 49.0024.0040.0400.4004.00
set protocols isis interface ge-0/0/1.0 level 2 disable
set protocols isis interface ge-0/0/3.0 level 1 disable
set protocols isis interface lo0.4
[email protected]> show configuration |display set 
set version 14.1R4.8
set system host-name R5
set system root-authentication encrypted-password "$1$6je78aHL$nA1h3Nf4xv8RDzIinFAnS0"
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/1 unit 0 family inet address 15.15.15.5/24
set interfaces ge-0/0/1 unit 0 family iso
set interfaces ge-0/0/2 unit 0 family inet address 57.57.57.5/24
set interfaces ge-0/0/2 unit 0 family iso
set interfaces lo0 unit 5 family inet address 5.5.5.5/24
set interfaces lo0 unit 5 family inet address 55.55.55.55/24
set interfaces lo0 unit 5 family iso address 49.0035.0050.0500.5005.00
set protocols isis export leak-l2-l1
set protocols isis interface ge-0/0/1.0 level 1 disable
set protocols isis interface ge-0/0/2.0 level 2 disable
set protocols isis interface lo0.5
set policy-options policy-statement leak-l2-l1 term leak192-1a3 from protocol isis
set policy-options policy-statement leak-l2-l1 term leak192-1a3 from level 2
set policy-options policy-statement leak-l2-l1 term leak192-1a3 from route-filter 192.168.1.0/24 orlonger
set policy-options policy-statement leak-l2-l1 term leak192-1a3 from route-filter 192.168.2.0/24 orlonger
set policy-options policy-statement leak-l2-l1 term leak192-1a3 to level 1
set policy-options policy-statement leak-l2-l1 term leak192-1a3 then accept
[email protected]> show configuration |display set 
set version 14.1R4.8
set system host-name R6
set system root-authentication encrypted-password "$1$WaL4BSs9$mlznqm3jQMhdGgufqq1YF1"
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/0 unit 0 family inet address 24.24.24.6/24
set interfaces ge-0/0/0 unit 0 family iso
set interfaces ge-0/0/1 unit 0 family inet address 46.46.46.6/24
set interfaces ge-0/0/1 unit 0 family iso
set interfaces lo0 unit 6 family inet address 6.6.6.6/24
set interfaces lo0 unit 6 family inet address 192.168.0.6/24
set interfaces lo0 unit 6 family inet address 192.168.1.6/24
set interfaces lo0 unit 6 family inet address 192.168.2.6/24
set interfaces lo0 unit 6 family inet address 192.168.3.6/24
set interfaces lo0 unit 6 family inet address 66.66.66.66/24
set interfaces lo0 unit 6 family iso address 49.0024.0060.0600.6006.00
set protocols isis interface ge-0/0/0.0 level 2 disable
set protocols isis interface ge-0/0/1.0 level 2 disable
set protocols isis interface lo0.6
[email protected]> show configuration |display set 
set version 14.1R4.8
set system host-name R7
set system root-authentication encrypted-password "$1$WaL4BSs9$mlznqm3jQMhdGgufqq1YF1"
set system syslog user * any emergency
set system syslog file messages any notice
set system syslog file messages authorization info
set system syslog file interactive-commands interactive-commands any
set interfaces ge-0/0/1 unit 0 family inet address 35.35.35.7/24
set interfaces ge-0/0/1 unit 0 family iso
set interfaces ge-0/0/2 unit 0 family inet address 57.57.57.7/24
set interfaces ge-0/0/2 unit 0 family iso
set interfaces lo0 unit 7 family inet address 7.7.7.7/24
set interfaces lo0 unit 7 family inet address 77.77.77.77/24
set interfaces lo0 unit 7 family inet address 172.16.0.7/24
set interfaces lo0 unit 7 family inet address 172.16.1.7/24
set interfaces lo0 unit 7 family iso address 49.0035.0070.0700.7007.00
set protocols isis interface ge-0/0/1.0 level 2 disable
set protocols isis interface ge-0/0/2.0 level 2 disable
set protocols isis interface lo0.7
— Configuration | Verification —

— ISIS Neighbor:

[email protected]> show isis adjacency 
Interface             System         L State        Hold (secs) SNPA
ge-0/0/0.0            R3             2  Up                   23  0:5:86:71:eb:0
ge-0/0/1.0            R5             2  Up                   22  0:5:86:71:aa:1
ge-0/0/2.0            R2             2  Up                   20  0:5:86:71:1e:2
ge-0/0/3.0            R4             2  Up                   21  0:5:86:71:fe:3

[email protected]> show isis adjacency 
Interface             System         L State        Hold (secs) SNPA
ge-0/0/0.0            R6             1  Up                    7  0:5:86:71:6d:0
ge-0/0/2.0            R1             2  Up                    8  0:5:86:71:ff:2

[email protected]> show isis adjacency 
Interface             System         L State        Hold (secs) SNPA
ge-0/0/0.0            R1             2  Up                    7  0:5:86:71:ff:0
ge-0/0/1.0            R7             1  Up                   23  0:5:86:71:88:1

[email protected]> show isis adjacency 
Interface             System         L State        Hold (secs) SNPA
ge-0/0/1.0            R6             1  Up                   24  0:5:86:71:6d:1
ge-0/0/3.0            R1             2  Up                    6  0:5:86:71:ff:3

[email protected]> show isis adjacency 
Interface             System         L State        Hold (secs) SNPA
ge-0/0/1.0            R1             2  Up                    8  0:5:86:71:ff:1
ge-0/0/2.0            R7             1  Up                   22  0:5:86:71:88:2

[email protected]> show isis adjacency 
Interface             System         L State        Hold (secs) SNPA
ge-0/0/0.0            R2             1  Up                   22  0:5:86:71:1e:0
ge-0/0/1.0            R4             1  Up                    6  0:5:86:71:fe:1

[email protected]> show isis adjacency 
Interface             System         L State        Hold (secs) SNPA
ge-0/0/1.0            R3             1  Up                    8  0:5:86:71:eb:1
ge-0/0/2.0            R5             1  Up                    7  0:5:86:71:aa:2
[email protected]> ping 192.168.3.6                      
PING 192.168.3.6 (192.168.3.6): 56 data bytes
64 bytes from 192.168.3.6: icmp_seq=0 ttl=61 time=5.417 ms
64 bytes from 192.168.3.6: icmp_seq=1 ttl=61 time=4.691 ms
^C
--- 192.168.3.6 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 4.691/5.054/5.417/0.363 ms

[email protected]> ping 192.168.3.6 source 172.16.0.7    
PING 192.168.3.6 (192.168.3.6): 56 data bytes
64 bytes from 192.168.3.6: icmp_seq=0 ttl=61 time=5.390 ms
64 bytes from 192.168.3.6: icmp_seq=1 ttl=61 time=5.006 ms
^C
--- 192.168.3.6 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 5.006/5.198/5.390/0.192 ms

[email protected]> ping 192.168.3.6 source 57.57.57.7    
PING 192.168.3.6 (192.168.3.6): 56 data bytes
64 bytes from 192.168.3.6: icmp_seq=0 ttl=61 time=4.722 ms
64 bytes from 192.168.3.6: icmp_seq=1 ttl=61 time=5.403 ms
^C
--- 192.168.3.6 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 4.722/5.062/5.403/0.341 ms

 

— From R7 —> R6 Route leaking::

Verification:

/** Two default routes R6 --> R3/R5
/**  There are multiple L1/L2 routers; sub-optimal routing may happen.
      L2 -->L1 route leaking avoid such issues. 
[email protected]> show route protocol isis 
inet.0: 25 destinations, 25 routes (25 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0          *[IS-IS/15] 00:11:59, metric 10
                      to 24.24.24.2 via ge-0/0/0.0
                    > to 46.46.46.4 via ge-0/0/1.0
2.2.2.0/24         *[IS-IS/15] 00:12:14, metric 10
                    > to 24.24.24.2 via ge-0/0/0.0
2.2.2.2/32         *[IS-IS/15] 00:12:14, metric 10
                    > to 24.24.24.2 via ge-0/0/0.0
4.4.4.0/24         *[IS-IS/15] 00:12:36, metric 10
                    > to 46.46.46.4 via ge-0/0/1.0
4.4.4.4/32         *[IS-IS/15] 00:12:36, metric 10
                    > to 46.46.46.4 via ge-0/0/1.0
22.22.22.0/24      *[IS-IS/15] 00:12:14, metric 10
                    > to 24.24.24.2 via ge-0/0/0.0
22.22.22.22/32     *[IS-IS/15] 00:12:14, metric 10
                    > to 24.24.24.2 via ge-0/0/0.0
44.44.44.0/24      *[IS-IS/15] 00:12:36, metric 10
                    > to 46.46.46.4 via ge-0/0/1.0
44.44.44.44/32     *[IS-IS/15] 00:12:36, metric 10
                    > to 46.46.46.4 via ge-0/0/1.0
                                        
iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

[email protected]> show route protocol isis 

inet.0: 25 destinations, 25 routes (25 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[IS-IS/15] 00:05:02, metric 10
                      to 24.24.24.2 via ge-0/0/0.0
                    > to 46.46.46.4 via ge-0/0/1.0
                    
                   /** Two default routes R6 --> R3/R5
                   
[email protected]> traceroute 7.7.7.7 source 6.6.6.6    
traceroute to 7.7.7.7 (7.7.7.7) from 6.6.6.6, 30 hops max, 40 byte packets
 1  46.46.46.4 (46.46.46.4)  1.847 ms  1.559 ms  1.388 ms
 2  14.14.14.1 (14.14.14.1)  2.480 ms  2.131 ms  2.196 ms
 3  13.13.13.3 (13.13.13.3)  4.416 ms  3.075 ms  3.114 ms
 4  7.7.7.7 (7.7.7.7)  4.210 ms  4.805 ms  4.036 ms
 
 /**  There are multiple L1/L2 routers; sub-optimal routing may happen.
      L2 -->L1 route leaking avoid such issues. 

R2: -- Route Leak -- Path should be via R4. Because, default behavior of router to pick more specific longest mask in routing table. /24 is longest winning mask set policy-options policy-statement leak-l1-l2 term leak172 from protocol isis set policy-options policy-statement leak-l1-l2 term leak172 from level 2 set policy-options policy-statement leak-l1-l2 term leak172 from route-filter 172.16.0.0/23 orlonger set policy-options policy-statement leak-l1-l2 term leak172 to level 1 set policy-options policy-statement leak-l1-l2 term leak172 then accept set protocols isis export leak-l1-l2
[email protected]> traceroute 7.7.7.7 source 6.6.6.6 
traceroute to 7.7.7.7 (7.7.7.7) from 6.6.6.6, 30 hops max, 40 byte packets
 1  46.46.46.4 (46.46.46.4)  2.436 ms  1.368 ms  2.238 ms
 2  14.14.14.1 (14.14.14.1)  2.789 ms  2.094 ms  2.089 ms
 3  13.13.13.3 (13.13.13.3)  3.341 ms  3.836 ms  3.629 ms
 4  7.7.7.7 (7.7.7.7)  5.666 ms  4.222 ms  4.858 ms
 
[email protected]> show route protocol isis 
inet.0: 29 destinations, 29 routes (29 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[IS-IS/15] 00:19:41, metric 10
                      to 24.24.24.2 via ge-0/0/0.0
                    > to 46.46.46.4 via ge-0/0/1.0
2.2.2.0/24         *[IS-IS/15] 00:19:56, metric 10
                    > to 24.24.24.2 via ge-0/0/0.0
2.2.2.2/32         *[IS-IS/15] 00:19:56, metric 10
                    > to 24.24.24.2 via ge-0/0/0.0
4.4.4.0/24         *[IS-IS/15] 00:20:18, metric 10
                    > to 46.46.46.4 via ge-0/0/1.0
4.4.4.4/32         *[IS-IS/15] 00:20:18, metric 10
                    > to 46.46.46.4 via ge-0/0/1.0
22.22.22.0/24      *[IS-IS/15] 00:19:56, metric 10
                    > to 24.24.24.2 via ge-0/0/0.0
22.22.22.22/32     *[IS-IS/15] 00:19:56, metric 10
                    > to 24.24.24.2 via ge-0/0/0.0
44.44.44.0/24      *[IS-IS/15] 00:20:18, metric 10
                    > to 46.46.46.4 via ge-0/0/1.0
44.44.44.44/32     *[IS-IS/15] 00:20:18, metric 10
                    > to 46.46.46.4 via ge-0/0/1.0
172.16.0.0/24      *[IS-IS/18] 00:01:14, metric 40
                    > to 24.24.24.2 via ge-0/0/0.0
172.16.0.7/32      *[IS-IS/18] 00:01:14, metric 40
                    > to 24.24.24.2 via ge-0/0/0.0
172.16.1.0/24      *[IS-IS/18] 00:01:14, metric 40
                    > to 24.24.24.2 via ge-0/0/0.0
172.16.1.7/32      *[IS-IS/18] 00:01:14, metric 40
                    > to 24.24.24.2 via ge-0/0/0.0

iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden) 

 

— L2 —> L1 route leaking on R5 so R5 is the prefer’d exit point to reach 192.168.1.0/24 and 2.0/24… and all other                       traffic stay the same:

From R7 --> it use R3 as primary default gateway.
[email protected]> show route 

inet.0: 21 destinations, 21 routes (21 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0          *[IS-IS/15] 00:30:26, metric 10
                      to 35.35.35.3 via ge-0/0/1.0
                    > to 57.57.57.5 via ge-0/0/2.0

r5>
set policy-options policy-statement leak-l2-l1 term leak192-1a3 from protocol isis
set policy-options policy-statement leak-l2-l1 term leak192-1a3 from level 2
set policy-options policy-statement leak-l2-l1 term leak192-1a3 from route-filter 192.168.1.0/24 orlonger
set policy-options policy-statement leak-l2-l1 term leak192-1a3 from route-filter 192.168.2.0/24 orlonger
set policy-options policy-statement leak-l2-l1 term leak192-1a3 to level 1
set policy-options policy-statement leak-l2-l1 term leak192-1a3 then accept
set protocols isis export leak-l2-l1
[email protected]> traceroute 192.168.1.6 source 172.16.1.7
traceroute to 192.168.1.6 (192.168.1.6) from 172.16.1.7, 30 hops max
1 57.57.57.5 (57.57.57.5) 2.430 ms 1.841 ms 1.309 ms
2 15.15.15.1 (15.15.15.1) 2.692 ms 2.760 ms 2.576 ms
3 12.12.12.2 (12.12.12.2) 3.741 ms 3.069 ms 3.537 ms
4 192.168.1.6 (192.168.1.6) 5.596 ms 5.034 ms 4.076 ms

[email protected]> traceroute 192.168.2.6 source 172.16.1.7
traceroute to 192.168.2.6 (192.168.2.6) from 172.16.1.7, 30 hops max
1 57.57.57.5 (57.57.57.5) 1.715 ms 2.189 ms 1.438 ms
2 15.15.15.1 (15.15.15.1) 2.767 ms 4.082 ms 2.513 ms
3 14.14.14.4 (14.14.14.4) 7.375 ms 2.817 ms 3.712 ms
4 192.168.2.6 (192.168.2.6) 5.208 ms 4.917 ms 4.254 ms

[email protected]> traceroute 192.168.3.6 source 172.16.1.7
traceroute to 192.168.3.6 (192.168.3.6) from 172.16.1.7, 30 hops max
1 35.35.35.3 (35.35.35.3) 2.008 ms 1.324 ms 1.383 ms
2 13.13.13.1 (13.13.13.1) 2.618 ms 3.165 ms 2.139 ms
3 14.14.14.4 (14.14.14.4) 233.480 ms 3.687 ms 3.074 ms
4 192.168.3.6 (192.168.3.6) 5.402 ms 4.536 ms 8.434 ms

/** 192.168.1.0 and 2.0/24  ---> Via R5
    other via ---> R3
 
Share on print
Print
Share on google
Google+
Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

Training individuals to equip with cutting-edge technologies & Certifications.

 

The Juniper All-Access | Reading List

Leave a reply

Your email address will not be published. Required fields are marked *

ADENTECH guides

We love to help.

Get our newsletter, join the community: