### Archive

Archive for March 18, 2011

## Filtering RIP routes with an offset-list

March 18, 2011 1 comment

As you all know RIP is a distance vector routing protocol and that gives us a lot of options
when doing filtering. This time we will look at a feature that is not widely known, the
offset list. Assume that we have two routers, R1 and R2 and this is the task at hand.

• R1 should filter all RIP routes coming from R2 with an even second octet
• The access-list used may only contain one line
• Do not use the distribute-list or distance command to accomplish this

So lets look at our tasks, how do we filter routes with an even second octet?
This might look a bit complicated but it’s easy when you’ve done it before. The routes we
are receiving from R2 are 30.0.0.0 to 30.3.0.0 and 31.0.0.0 to 31.3.0.0. Lets start
by focusing on the second octet. We will convert our even subnets to binary, we only care about the first and second octet.

30.0.0.0 – 00011110 00000000
30.2.0.0 – 00011110 00000010
31.0.0.0 – 00011111 00000000
31.2.0.0 – 00011111 00000010

See the pattern? If not look at the odd subnets below.

30.1.0.0 – 00011110 00000001
30.3.0.0 – 00011110 00000011
31.1.0.0 – 00011111 00000001
31.3.0.0 – 00011111 00000011

Do you see it now? Even subnets always end with a zero for the least significant bit.
Odd subnets always end with a one. This means that the final bit in the second octet is
interesting to us, the rest is don’t care. Now we need to convert this to a wildcard mask,
set all the bits we don’t care about to one and the one we do care about to zero.
Add them up, in binary it is 11111110 which equals to 254 in decimal.

Now we need to fill in the rest of the wildcard mask, remember that we were only allowed
to use one line in the access-list. How can we match both 30 and 31 in the first octet?
Look at the binary again, only the least significant bit in the first octet differs so we do
care about all the bits except for the least significant bit. Convert this to binary and we
have 00000001 which is 1 in decimal. So now we have the wildcard 1.254.255.255 since
we don’t care about the third and fourth octet.

As stated in the tasks we need to filter even routes, how can this be accomplished
in an access-list? Either we can deny odd routes, that would filter even routes
but since there is an implicit deny we would need a permit statement for the even
routes. That would break the one line requirement. So we need to permit the even
routes in the access-list and the implicit deny will solve the rest.

access-list 1 permit 30.0.0.0 1.254.255.255

Using a distribute-list would be the most common and easiest solution but
we are not allowed to do that. By using the distance command we could filter
routes by setting the administrative distance to something not believable like 255
but we are not allowed to do that either.

That only leaves us with the offset-list. The offset-list lets us manipulate routing
metrics, we are allowed to do this since it is distance vector and that is the reason
why distance vector is often called “routing by rumor”. In a link-state protocol we
would not be allowed to do this as we would need to send the original LSA.
So we can manipulate the metric, how can this help us? Remember that in RIP
we have the hop-count as metric and only metrics of up to 15 are valid, 16 and up
are regarded as invalid routes. So we then need to set our routes to have an offset of 16.

router rip
offset-list 1 in 16 Vlan783

So we have defined our offset-list, access-list 1 is used, the direction is
inbound, we want to filter routes we are receiving. We need to define the
offset, which is 16. We also need to define on what interface the RIP routes
are received. This is the layer three interface and may or may not be the
physical interface.

By now hopefully you have picked up a new way of filtering routes and can add it to your toolbelt.

Categories: CCIE, RIP, Routing Tags: , , , ,