♻️ Route Redistribution Troubleshooting — Loops & Tagging

🔴 Advanced ⏱ ~2 hours 🎓 CCNP / CCIE prep

This lab demonstrates one of the most dangerous misconfiguration patterns in enterprise networking — mutual redistribution between two routing domains without loop prevention. The lab starts broken. Your job is to diagnose the loop, understand exactly why it forms, then fix it using route tagging.

⚠️

This lab is intentionally broken on boot. Routing loops are active from the moment the lab starts. You will see routes with unexpected next-hops, inflated metrics, and in some cases routes oscillating or disappearing. That is expected — it is the problem you are here to fix.

🗺️ Topology

  [EIGRP AS 100]               [OSPF Area 0]               [EIGRP AS 100]

   R1 ─────── R3-ASBR1 ─────── R2 ─────── R5 ─────── R4-ASBR2 ─────── R6
 10.1.1.1    10.3.3.3        10.2.2.2    10.5.5.5    10.4.4.4         10.6.6.6
 172.16.1.1                             172.16.5.1                    172.16.6.1

  10.13.13.0/24   10.23.23.0/24   10.25.25.0/24   10.45.45.0/24   10.46.46.0/24
  (EIGRP)         (OSPF)          (OSPF)          (OSPF)          (EIGRP)

Router	Role	Protocols	Loopbacks
`R1`	EIGRP spoke	EIGRP 100	10.1.1.1/32, 172.16.1.1/24
`R2`	OSPF transit	OSPF 1	10.2.2.2/32
`R3`	ASBR1 ⚡	EIGRP 100 + OSPF 1	10.3.3.3/32
`R4`	ASBR2 ⚡	EIGRP 100 + OSPF 1	10.4.4.4/32
`R5`	OSPF transit	OSPF 1	10.5.5.5/32, 172.16.5.1/24
`R6`	EIGRP spoke	EIGRP 100	10.6.6.6/32, 172.16.6.1/24

ℹ️

R3 and R4 are the two ASBRs — they sit at the boundary between the EIGRP domain (R1, R6) and the OSPF domain (R2, R5). Both are configured with mutual redistribution but no route tagging, which is the source of all the problems in this lab.

🔄 Understanding the Loop

Before you start diagnosing, you need to understand conceptually why the loop forms. With two ASBRs doing mutual redistribution and no tagging, this is what happens to 172.16.1.0/24 (originated by R1 in EIGRP):

R1 originates 172.16.1.0/24 in EIGRP
↓ EIGRP
R3 receives it natively in EIGRP
↓ redistribute eigrp → ospf (no tag)
R3 injects 172.16.1.0/24 into OSPF as External Type 2
↓ OSPF floods to all routers including R4
R4 sees 172.16.1.0/24 as an OSPF External route
↓ redistribute ospf → eigrp (no tag check)
R4 injects 172.16.1.0/24 back into EIGRP as External
↓ EIGRP propagates to R6 and back toward R3
R3 now sees 172.16.1.0/24 arriving via EIGRP from R4 side
↓ redistributes it BACK into OSPF again (loop!)
Result: duplicate LSAs, metric inflation, possible route oscillation

The same loop forms in reverse for 172.16.6.0/24 originated by R6. The fix is to tag routes at the point of redistribution and deny tagged routes from being re-redistributed at the other ASBR.

🧪 Lab Exercises

PHASE 1

Diagnose the Loop

Start by confirming the loop exists and understanding its scope before touching any configuration.

Task 1.1 — Check OSPF External LSAs on R2

R2 is a pure OSPF router with no redistribution. It should only see legitimate external routes — but with the loop active it will see duplicates or extra LSAs for the same prefix.

! R2
show ip ospf database external

Look for 172.16.1.0 and 172.16.6.0 appearing more than once with different advertising routers (both R3 and R4 advertising the same prefix). This is the LSA-level evidence of the loop.

Task 1.2 — Check routing table on R4 for R1's prefix

R4 is ASBR2. It should reach 172.16.1.0/24 via OSPF (learned from R3 redistributing R1's EIGRP route). But because R4 is also re-injecting it into EIGRP and hearing it back, you may see an EIGRP external entry competing with or replacing the OSPF entry.

! R4
show ip route 172.16.1.0 255.255.255.0
show ip route 172.16.1.0 255.255.255.0 longer-prefixes

A healthy result would show O E2 via R3's direction. A looping result shows D EX (EIGRP external) or both entries competing.

Task 1.3 — Check R6's routing table

R6 is a pure EIGRP spoke. It should only know about OSPF-originated routes that R4 legitimately redistributes. The problem: R4 is also re-redistributing R1's EIGRP prefix back into EIGRP, so R6 will incorrectly believe 172.16.1.0/24 is reachable via EIGRP external — through R4 — creating a suboptimal and potentially looping path.

! R6
show ip route eigrp
show ip route 172.16.1.0 255.255.255.0

172.16.1.0/24 should not appear here as D EX. If it does, R4 is re-redistributing it from OSPF back into EIGRP — that is the loop in action.

Task 1.4 — Check metrics and admin distance on R3

R3 is ASBR1. Check whether it is now preferring the looped EIGRP external path for 172.16.6.0/24 over the legitimate OSPF external path.

! R3
show ip route 172.16.6.0 255.255.255.0
show ip eigrp topology 172.16.6.0/24
show ip ospf database external

If R3 shows D EX for 172.16.6.0/24 (EIGRP external, admin distance 170) instead of O E2 (OSPF external, admin distance 110), EIGRP has won the route and R3 may be redistributing a looped version of it back into OSPF.

Task 1.5 — Confirm both ASBRs are advertising the same prefixes into OSPF

! R2
show ip ospf database external | include Link State ID|Advertising

You should see 172.16.1.0 being advertised by both R3 (3.3.3.3) and R4 (4.4.4.4) — R4 should not be advertising this prefix since it originated in R1's EIGRP domain on the R3 side. That double-advertisement is the loop proof.

PHASE 2

Fix — Apply Route Tagging at Both ASBRs

The fix has a consistent structure at each ASBR:

When redistributing into OSPF, tag the routes with this ASBR's tag number.
When redistributing into EIGRP, tag the routes with this ASBR's tag number.
Add a route-map that denies routes carrying the other ASBR's tag before redistributing.

ℹ️

Tag convention for this lab: R3 uses tag 10, R4 uses tag 20. R3 blocks tag 20 (routes that came from R4's side). R4 blocks tag 10 (routes that came from R3's side).

Task 2.1 — Configure R3: tag EIGRP→OSPF redistribution and block tag 20

Current broken config on R3

router ospf 1
 redistribute eigrp 100 subnets metric-type 2
 !   ^^^ no tag - R4 will re-redistribute these back into EIGRP
router eigrp 100
 redistribute ospf 1 metric 10000 100 255 1 1500
 !   ^^^ no tag check - accepts OSPF externals that originated in EIGRP

Apply the fix on R3

! R3

! Step 1: Create a route-map to tag routes being redistributed from EIGRP into OSPF
route-map EIGRP-TO-OSPF permit 10
 set tag 10

! Step 2: Create a route-map for OSPF-to-EIGRP redistribution
!         Deny routes tagged 20 (they came from R4 side - don't loop them back)
!         Permit everything else
route-map OSPF-TO-EIGRP deny 10
 match tag 20
route-map OSPF-TO-EIGRP permit 20

! Step 3: Apply both route-maps to the redistribution statements
router ospf 1
 no redistribute eigrp 100 subnets metric-type 2
 redistribute eigrp 100 subnets metric-type 2 route-map EIGRP-TO-OSPF

router eigrp 100
 no redistribute ospf 1 metric 10000 100 255 1 1500
 redistribute ospf 1 metric 10000 100 255 1 1500 route-map OSPF-TO-EIGRP

Task 2.2 — Configure R4: tag EIGRP→OSPF redistribution and block tag 10

Apply the fix on R4

! R4

! Step 1: Tag routes redistributed from EIGRP into OSPF with tag 20
route-map EIGRP-TO-OSPF permit 10
 set tag 20

! Step 2: Block routes tagged 10 (from R3 side) from re-entering OSPF via R4
route-map OSPF-TO-EIGRP deny 10
 match tag 10
route-map OSPF-TO-EIGRP permit 20

! Step 3: Apply to redistribution
router ospf 1
 no redistribute eigrp 100 subnets metric-type 2
 redistribute eigrp 100 subnets metric-type 2 route-map EIGRP-TO-OSPF

router eigrp 100
 no redistribute ospf 1 metric 10000 100 255 1 1500
 redistribute ospf 1 metric 10000 100 255 1 1500 route-map OSPF-TO-EIGRP

Task 2.3 — Clear routes to force convergence

After applying the fix, clear the routing processes so routers withdraw the old looped LSAs and reconverge cleanly.

! R3
clear ip ospf process

! R4
clear ip ospf process

Confirm yes when prompted. Wait 30–60 seconds for OSPF and EIGRP to reconverge before verifying.

PHASE 3

Verify — Confirm Clean Routing

Task 3.1 — Confirm tags are being set on redistributed routes

! R2
show ip ospf database external

Each external LSA should now show a tag value. Routes from R3 should have tag 10, routes from R4 should have tag 20. Critically, 172.16.1.0 should only appear with advertising router 3.3.3.3 (R3) — not R4.

Task 3.2 — Verify R6 no longer has looped routes

! R6
show ip route eigrp

172.16.1.0/24 should be gone from R6's EIGRP table. R6 should only see OSPF-originated prefixes (172.16.5.0/24 from R5) as EIGRP externals via R4. R1's prefixes are now correctly blocked from looping back.

Task 3.3 — Verify correct routing on both ASBRs

! R3
show ip route 172.16.6.0 255.255.255.0

Should show O E2 (OSPF external, tag 20) via R4's direction — not D EX.

! R4
show ip route 172.16.1.0 255.255.255.0

Should show O E2 (OSPF external, tag 10) via R3's direction — not D EX.

Task 3.4 — End-to-end reachability

! R1
ping 172.16.6.1 source 172.16.1.1
ping 10.6.6.6 source 172.16.1.1

! R6
ping 172.16.1.1 source 172.16.6.1
ping 10.1.1.1 source 172.16.6.1

All pings should succeed with 5/5. If any fail, check the routing table on the intermediate routers along the path.

Task 3.5 — Verify route-map tag filtering is working

! R3
show route-map OSPF-TO-EIGRP

! R4
show route-map OSPF-TO-EIGRP

Look at the policy matches counter on the deny 10 clause. If it shows non-zero hits, routes with the blocking tag were actively filtered — proof the loop prevention is working.

✅ Completion Checklist

R2's OSPF database shows 172.16.1.0 advertised only by R3 (tag 10)
R2's OSPF database shows 172.16.6.0 advertised only by R4 (tag 20)
R6 has no D EX entry for 172.16.1.0/24
R1 has no D EX entry for 172.16.6.0/24
R3 shows O E2 (not D EX) for 172.16.6.0/24
R4 shows O E2 (not D EX) for 172.16.1.0/24
show route-map OSPF-TO-EIGRP on R3 and R4 shows non-zero deny hits
R1 can ping R6's loopback and vice versa

📖 Concept Deep-Dive

Why does the loop form?

The core problem is that redistributing routers have no way to know whether a route they are about to redistribute originated in the domain they are redistributing into. Without tagging, a route that was born in EIGRP, redistributed into OSPF by R3, and then arrives at R4 as an OSPF external looks identical to R4 to a route that genuinely originated in OSPF. R4 faithfully redistributes it back into EIGRP.

Why E2 vs E1 matters here

OSPF External Type 2 (E2) routes carry a fixed metric — the metric set at the point of redistribution does not increase as the route traverses the OSPF domain. This means a looped E2 route can appear equally preferred from any OSPF router, making it harder to spot just by looking at metrics. Type 1 (E1) adds the internal OSPF cost, so at least the metric grows — but neither type prevents the loop on its own.

Why not just use administrative distance instead of tagging?

You could raise the administrative distance of EIGRP external routes (default 170) above OSPF external (default 110) to prevent EIGRP external from winning over OSPF external on the ASBRs. But this only masks the symptom — routes are still being re-redistributed and extra LSAs are still flooding the network. Tagging is the clean solution because it prevents the re-redistribution from happening at all.

The tagging rule of thumb

ASBR	Redistributing into OSPF	Block from OSPF→EIGRP
R3 (ASBR1)	Set tag 10 on all EIGRP→OSPF routes	Deny routes with tag 20 (from R4)
R4 (ASBR2)	Set tag 20 on all EIGRP→OSPF routes	Deny routes with tag 10 (from R3)

Each ASBR tags its own redistributed routes with a unique tag. Each ASBR then denies any route carrying the other ASBR's tag from being re-redistributed. This breaks the feedback loop at both ends simultaneously.

🎓 Challenge Extensions

Add a third ASBR (R7) parallel to R3 and R4. Extend the tagging scheme to use tag 30 for R7. Note how the deny clauses on R3 and R4 need to be updated to also block tag 30.
Use administrative distance tuning instead of tagging as an alternative approach. Raise the AD of EIGRP external to 250 on both ASBRs. Observe that while routing stabilises, the extra LSAs and re-redistribution are still happening in the background.
Observe the loop with debugs before applying the fix. Run debug ip routing on R2 and watch routes being installed and withdrawn repeatedly as the loop oscillates.
Test with OSPF and BGP instead of OSPF and EIGRP. The loop mechanism is identical but BGP's AS-path loop prevention makes part of the problem self-correcting — understand which part it fixes and which part it doesn't.

💡

Real-world note: Routing loops from untagged mutual redistribution are a well-known production outage cause. In large networks, the symptom often presents as intermittent reachability or routes that appear and disappear every 30–90 seconds (the OSPF LSA refresh interval). If you ever see that pattern in production, untagged dual-ASBR redistribution is near the top of the suspect list.

🔧 Key Commands Reference

! ── OSPF database inspection ───────────────────────────────────────
show ip ospf database external
show ip ospf database external | include Link State ID|Advertising|Tag

! ── Routing table checks ────────────────────────────────────────────
show ip route                          ! full table
show ip route eigrp                    ! EIGRP-learned routes only
show ip route ospf                     ! OSPF-learned routes only
show ip route 172.16.1.0 255.255.255.0 ! specific prefix detail

! ── EIGRP topology table ────────────────────────────────────────────
show ip eigrp topology                 ! all EIGRP prefixes
show ip eigrp topology 172.16.1.0/24  ! specific prefix with successors

! ── Route-map verification ──────────────────────────────────────────
show route-map                         ! all route-maps and match counts
show route-map EIGRP-TO-OSPF
show route-map OSPF-TO-EIGRP

! ── Tag verification ────────────────────────────────────────────────
show ip ospf database external         ! tag field visible in detailed output

! ── Force reconvergence ─────────────────────────────────────────────
clear ip ospf process                  ! clears OSPF - confirm yes
clear ip eigrp neighbors               ! drops all EIGRP adjacencies - use carefully

Lab version 1.0 · Platform: Cisco Modeling Labs 2.x · Node type: IOSv · Topology: 6 routers / OSPF area 0 + EIGRP AS100 / 2 ASBRs