RTF's configuration has introduced two new commands, as described next:

•  passive-interface type number: This router command disables sending routing updates on the specified interface. In our example, when used with RIP, this command prevents RIP updates from being sent on interface S2/1. This is in case RTF has multiple customers connected that do not need to see each other's networks.
When used with OSPF, this command disables Hello packets from being sent on the specified interface, which eventually prevents Link State information from being exchanged on that interface.

•  redistribute protocol [process-id]: The redistribute command injects routes from one routing domain into another routing domain. In this example, RTF is injecting the RIP routes into the OSPF domain (OSPF process 10). Numerous extensions (such as subnets) of the redistribute command exist; these extensions will be explained in context.

The subnet keyword is used to make sure that all subnetted information will be injected into the OSPF process. This is only needed in the case of redistributing routes into the OSPF protocol.

RTD configuration:

    interface Ethernet1/1
     ip address 192.68.10.1 255.255.255.0

     interface Serial0/0
     ip address 192.68.5.2 255.255.255.0

     router rip
     redistribute static
     network 192.68.5.0
     network 192.68.10.0
     default-metric 1
     ip route 0.0.0.0 0.0.0.0 192.68.5.1

Note that RTD has configured a static route pointing a 0/0 default toward RTF. For all destinations that are outside C1, RTD will direct the traffic to RTF. RTD will also redistribute the static default route into the internal RIP domain so that all other routers can follow a default toward AS3. The default-metric router command assigns a metric to the routes redistributed into a particular protocol. In this case, the default-metric assigns a hop count of 1 to the 0/0 route injected into RIP.

RTA configuration:

    interface Ethernet0
     ip address 172.16.220.1 255.255.255.0

    interface Ethernet1
     ip address 172.16.1.1 255.255.255.0

    interface Serial0
     ip address 172.16.20.2 255.255.255.0

    router ospf 10
     passive-interface Serial 0
     network 172.16.0.0 0.0.255.255 area 0

    router bgp 3
     redistribute ospf 10 match  external 1 external 2
     neighbor 172.16.20.1 remote-as 1
     no auto-summary

RTA has a combination of OSPF routes that belong to AS3 and other external routes that came in from the RIP domain C1. Using the redistribute router command, RTA will dynamically inject all these routes into its BGP process. Note that RTA is using the keywords "match external 1 external 2" in conjunction with the redistribute router command. This is because OSPF does not inject external OSPF routes into BGP unless it is specifically instructed to do so. This measure was put in for loop avoidance in case the external OSPF information came from BGP.

The following is a snapshot of what the IP routing table of RTA looks like:

   RTA#sh ip route
   Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2,
              * - candidate default U - per-user static route, o - ODR
    Gateway of last resort is not set
    O E2 192.68.5.0/24 [110/20] via 172.16.1.2, 2d13h, Ethernet1
    O E2 192.68.10.0/24 [110/20] via 172.16.1.2, 2d13h, Ethernet1
    B    192.68.11.0/24 [20/0] via 172.16.20.1, 2d13h
         172.16.0.0/16 is variably subnetted, 5 subnets, 3 masks
    C       172.16.2.254/32 is directly connected, Loopback0
    C       172.16.220.0/24 is directly connected, Ethernet0
    C       172.16.20.0/24 is directly connected, Serial0
    C       172.16.1.0/24 is directly connected, Ethernet1
    O       172.16.65.0/26 [110/20] via 172.16.1.2, 2d13h, Ethernet1

Note in RTA's IP table how networks 192.68.10.0/24 and 192.68.5.0/24 are listed as external OSPF routes (O E2). Dynamic redistribution will cause all these networks to be sent into BGP. The following is how the BGP table of RTC would look:

    RTC#sh ip bgp
    BGP table version is 20, local router ID is 192.68.11.1
    Status codes: s suppressed, d damped, h history, * valid, > best,
    i - internal Origin codes: i - IGP, e - EGP, ? - incomplete
     Network               Next Hop      Metric LocPrf Weight Path
    *> 172.16.1.0/24       172.16.20.2           0        0 3 ?
    *> 172.16.2.254/32     172.16.20.2           0        0 3 ?
    *> 172.16.20.0/24      172.16.20.2           0        0 3 ?
    *> 172.16.65.0/26      172.16.20.2          20        0 3 ?
    *> 172.16.220.0/24     172.16.20.2           0        0 3 ?
    *> 192.68.5.0          172.16.20.2          20        0 3 ?
    *> 192.68.10.0         172.16.20.2          20        0 3 ?
    *> 192.68.11.0         0.0.0.0               0   32768 i

Note how all networks running OSPF in AS3 have become BGP routes in AS1. Usually, not every network that belongs to your AS needs to be sent via BGP. You might be running private or illegal network numbers inside the AS that need not be advertised. Note how the loopback address 172.16.2.254/32 was also injected into BGP. No provider will enable you to advertise such prefixes and will instruct you to filter them, or the provider might filter them on its end. This restriction is put in place to make sure that customers are aggregating their routes as much as possible to prevent the explosion of the global IP routing tables. Also, the DMZ network 172.16.20.0/24 has been injected into BGP, which is not necessary. This is why redistribution should be accompanied by filtering to specify the exact routes that need to be advertised.

The following configuration of RTA gives an example of how filtering could be applied.

---

Notes:  
From now on, due to space limitations, configuration examples will focus on commands that are directly relevant to the discussion at hand. Do not be alarmed if you notice commands that are missing, such as interface commands.

---

    router ospf 10
     passive-interface Serial0
     network 172.16.0.0 0.0.255.255 area 0

    router bgp 3
     redistribute ospf 10 match  external 1 external 2
     neighbor 172.16.20.1 remote-as 1
     neighbor 172.16.20.1 route-map BLOCKROUTES out
     no auto-summary

    access-list 1 permit 172.16.2.254 0.0.0.0
    access-list 1 permit 172.16.20.0 0.0.0.255
    
    route-map BLOCKROUTES deny 10
     match ip address 1

    route-map BLOCKROUTES permit 20

Filtering in the preceding example was performed with a route map, which is an indication of a set of actions to be taken in case certain criteria are found. Our criteria here are to find a match on the host route 172.16.2.254/32 and the network 172.16.20.0/24 and to prevent them from being sent via BGP. The access-list 1 will enable us to find a match on these routes, and the route map BLOCKROUTES specifies that they are to be denied. The second instance of the route map (20) permits all other routes to be injected into BGP. (Refer to the discussion of filtering in Chapter 5 for more details.)

This is how the BGP table of RTC would look after filtering has been applied. The host route 172.16.2.254/32 and the network 172.16.20.0/24 do not show anymore.

    RTC#sh ip bgp
    BGP table version is 34, local router ID is 192.68.11.1
    Status codes: s suppressed, d damped, h history, * valid, > best,
    i - internal Origin codes: i - IGP, e - EGP, ? - incomplete
       Network             Next Hop          Metric LocPrf  Weight Path
    *> 172.16.1.0/24       172.16.20.2            0         0 3 ?
    *> 172.16.65.0/26      172.16.20.2           20         0 3 ?
    *> 172.16.220.0/24     172.16.20.2            0         0 3 ?
    *> 192.68.5.0          172.16.20.2           20         0 3 ?
    *> 192.68.10.0         172.16.20.2           20         0 3 ?
    *> 192.68.11.0         0.0.0.0                0      32768 i