Pages

Tuesday, May 25, 2010

HSRP on SVI (Vlan interface)


Initial Configuration

Create 4 VLANs, 10,20,30,40
Trunk between the 3 Switches
or you can follow the configuration from previous lab for the 3 Switches click here

create SVI for VLAN 10 on CORE1 and CORE2

CORE1(config)#int vlan 10
CORE1(config-if)#ip add 10.10.10.1 255.255.255.0
CORE1(config-if)#no shut

CORE2(config)#int vlan 10
CORE2(config-if)#ip add 10.10.10.2 255.255.255.0
CORE2(config-if)#no shut

configure connectivity between CORE1 and R1
on CORE1 convert L2 into L3 port to assign IP address to it

CORE1(config)#int gi1/48
CORE1(config-if)#no switchport
CORE1(config-if)#ip add 192.168.1.1 255.255.255.252
CORE1(config-if)#no shut

R1(config)#int gi0/1
R1(config-if)#ip add 192.168.1.2 255.255.255.252
R1(config-if)#no shut

configure connectivity between CORE2 and R1, CORE2 using SVI
create new VLAN and it's SVI on CORE2 for this connection, assign as access port

 CORE2(config)#int gi7/48
CORE2(config-if)#switchport
CORE2(config-if)#switchport mode access
CORE2(config-if)#switchport access vlan 19

CORE2(config)#int vlan 19
CORE2(config-if)#ip add 192.168.2.1 255.255.255.0
CORE2(config-if)#no shut

configure Routing on CORE1, CORE2 and R1


HSRP

now we'll create HSRP for VLAN 10

on CORE1
CORE1(config)#int vlan 10
CORE1(config-if)#standby 10 ip 10.10.10.99

on CORE2
CORE2(config)#int vlan 10
CORE2(config-if)#standby 10 ip 10.10.10.99

 it's that simple, show standby to make sure HSRP is working

CORE1#sh stand
Vlan10 - Group 10
  Local state is Active, priority 100 default priority is 100
  Hellotime 3 sec, holdtime 10 sec
  Next hello sent in 1.732
  Virtual IP address is 10.10.10.99 configured
  Active router is local this is primary router
  Standby router is 10.10.10.2 expires in 8.696 router 10.10.10.2 is standby
  Virtual mac address is 0000.0c07.ac0a
  2 state changes, last state change 00:01:55
  IP redundancy name is "hsrp-Vl10-10" (default)

CORE2#sh stand
Vlan10 - Group 10
  Local state is Standby, priority 100
  Hellotime 3 sec, holdtime 10 sec
  Next hello sent in 0.506
  Virtual IP address is 10.10.10.99 configured
  Active router is 10.10.10.1, priority 100 expires in 9.408
  Standby router is local
  1 state changes, last state change 00:04:06
  IP redundancy name is "hsrp-Vl10-10" (default)

manipulate priority to control active/standby router, the higher the value, the higher the chance to become an active
we'll make CORE2 (router 10.10.10.2) to be the active

CORE2(config-if)#standby 10 priority 150

CORE2#sh stand
Vlan10 - Group 10
  Local state is Standby, priority 150 priority already higher
  Hellotime 3 sec, holdtime 10 sec
  Next hello sent in 1.955
  Virtual IP address is 10.10.10.99 configured
  Active router is 10.10.10.1, priority 100 expires in 8.748
  Standby router is local but this router still on standby, this is because HSRP not 'dynamically' change, add another line to force change base on priority

CORE2(config-if)#standby 10 preempt

immediately you'll see active router change

3d19h: %STANDBY-6-STATECHANGE: Vlan10 Group 10 state Active -> Speak


Manipulating HSRP to load balancing

basically we'll create 2 gateway, and you need to divide your host into two group and each point to one gateway

here I'll just paste the running config

CORE1
interface Vlan10
 ip address 10.10.10.1 255.255.255.0
 standby 1 ip 10.10.10.10
 standby 1 priority 150
 standby 1 preempt
 standby 2 ip 10.10.10.20
 standby 2 preempt
end

CORE2
interface Vlan10
 ip address 10.10.10.2 255.255.255.0
 standby 1 ip 10.10.10.10
 standby 1 preempt
 standby 2 ip 10.10.10.20
 standby 2 priority 150
 standby 2 preempt
end

from show standby you'll see that Group 1 active on CORE1 and Group 2 active on CORE2

CORE1#sh stand
Vlan10 - Group 1
  Local state is Active, priority 150, may preempt
  Hellotime 3 sec, holdtime 10 sec
  Next hello sent in 1.609
  Virtual IP address is 10.10.10.10 configured
  Active router is local
  Standby router is 10.10.10.2 expires in 9.520
  Virtual mac address is 0000.0c07.ac01
  2 state changes, last state change 00:09:22
  IP redundancy name is "hsrp-Vl10-1" (default)
Vlan10 - Group 2
  Local state is Standby, priority 100, may preempt
  Hellotime 3 sec, holdtime 10 sec
  Next hello sent in 2.233
  Virtual IP address is 10.10.10.20 configured
  Active router is 10.10.10.2, priority 150 expires in 8.268
  Standby router is local
  4 state changes, last state change 00:05:46
  IP redundancy name is "hsrp-Vl10-2" (default)

CORE2#sh stand
Vlan10 - Group 1
  Local state is Standby, priority 100, may preempt
  Hellotime 3 sec, holdtime 10 sec
  Next hello sent in 1.560
  Virtual IP address is 10.10.10.10 configured
  Active router is 10.10.10.1, priority 150 expires in 7.608
  Standby router is local
  1 state changes, last state change 00:06:01
  IP redundancy name is "hsrp-Vl10-1" (default)
Vlan10 - Group 2
  Local state is Active, priority 150, may preempt
  Hellotime 3 sec, holdtime 10 sec
  Next hello sent in 0.550
  Virtual IP address is 10.10.10.20 configured
  Active router is local
  Standby router is 10.10.10.1 expires in 8.980
  Virtual mac address is 0000.0c07.ac02
  4 state changes, last state change 00:06:20
  IP redundancy name is "hsrp-Vl10-2" (default)

try shutdown SVI 10 on CORE2

CORE2(config)#int vlan 10
CORE2(config-if)#shut

CORE1 will be the active router for both Group
CORE1#sh stand
Vlan10 - Group 1
  Local state is Active, priority 150, may preempt
  Hellotime 3 sec, holdtime 10 sec
  Next hello sent in 0.057
  Virtual IP address is 10.10.10.10 configured
  Active router is local
  Standby router is unknown
  Virtual mac address is 0000.0c07.ac01
  2 state changes, last state change 00:14:45
  IP redundancy name is "hsrp-Vl10-1" (default)
Vlan10 - Group 2
  Local state is Active, priority 100, may preempt
  Hellotime 3 sec, holdtime 10 sec
  Next hello sent in 2.199
  Virtual IP address is 10.10.10.20 configured
  Active router is local
  Standby router is unknown
  Virtual mac address is 0000.0c07.ac02
  5 state changes, last state change 00:00:18
  IP redundancy name is "hsrp-Vl10-2" (default)


but what happen if connection on R1 down, how HSRP gonna detect that? we can use track

on CORE1 we'll keep track port Gi1/48
CORE1(config-if)#stand 1 track gigabitEthernet 1/48

on CORE2, keep track on SVI 10
CORE2(config-if)#stand 2 track vlan 19

shutdown SVI 19 to see the effect, then show standby
CORE2(config)#int vla 19
CORE2(config-if)#shut

Vlan10 - Group 2
  Local state is Active, priority 140 (confgd 150), may preempt
  Hellotime 3 sec, holdtime 10 sec
  Next hello sent in 1.184
  Virtual IP address is 10.10.10.20 configured
  Active router is local but why this is still local
  Standby router is 10.10.10.1 expires in 9.232
  Virtual mac address is 0000.0c07.ac02
  6 state changes, last state change 00:07:27
  IP redundancy name is "hsrp-Vl10-2" (default)
  Priority tracking 1 interface or object, 0 up:
    Interface or object        Decrement  State
    Vlan19                        10                Down  (administratively down) because, notice here, decrement only 10, latest value, 140, is still higher than the other side, so make sure the different between this two is no more than 10 to see the right effect

I think you should know where to adjust the priority ;) Happy Switching
6 comments:
Labels: , , , , ,

Saturday, May 22, 2010

spanning tree MST on Cat 6500, 4500, 3500

use the same network from previous lab, just remove the 3560 and Po64

let's focus on the two link between CORE1 and CORE2, and take VLAN 10, 20 as an example

before we go tot MST, there's something i forgot to mention on previous lab, this is one way to do the load balancing without using Etherchannel

CORE1#sh span vl 20
...
Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/1            Desg FWD 4         128.1    P2p
Gi1/2            Desg FWD 4         128.2    P2p
Gi1/3            Desg FWD 19        128.3    P2p

CORE2#sh span vl 20
...
Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi7/1            Root FWD 4         128.769  P2p
Gi7/2            Altn BLK 4         128.770  P2p
Gi7/5            Desg FWD 19        128.773  P2p

result for VLAN 10 also should be the same, so here's what we gonna do, we want to split VLAN 10 to use Gi7/1 and VLAN 20 to use Gi7/2,

and please take a close looks on port priority (in green), because we gonna manipulate this value the get the result

CORE1#sh span vlan 10
...
Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/1            Desg FWD 4          16.1    P2p
Gi1/2            Desg FWD 4         128.2    P2p
Gi1/3            Desg FWD 19        128.3    P2p


CORE1#sh span vlan 20
....
Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/1            Desg FWD 4         128.1    P2p
Gi1/2            Desg FWD 4          16.2    P2p
Gi1/3            Desg FWD 19        128.3    P2p

now the cost has changed, let's check on CORE2, VLAN 20 should have a different Root port by now

---------------- ---- --- --------- -------- --------------------------------
Gi7/1            Altn BLK 4         128.769  P2p
Gi7/2            Root FWD 4         128.770  P2p
Gi7/5            Desg FWD 19        128.773  P2p

now we go to MST

we'll  create
  • a region REG1
  • instance 1, VLAN 10, 30, Root no CORE1
  • instance 2, VLAN 20, 40, Root on CORE2
CORE1(config)#spanning-tree mode mst
CORE1(config)#spanning-tree mst configuration
CORE1(config-mst)#revision 1
CORE1(config-mst)#name REG1
CORE1(config-mst)#instance 1 vlan 10, 30
CORE1(config-mst)#exit
CORE1(config)#spanning-tree mst 1 priority 8192

CORE1(config)#spanning-tree mst conf
CORE1(config-mst)#instance 2 vlan 20, 40
CORE1(config)#spanning-tree mst 2 prio 16384

run almost the same conf on CORE2, just change the priority for instance 1 and 2 to change the Root for each instance

CORE2(config)#spanning-tree mode mst
CORE2(config)#spanning-tree mst conf
CORE2(config-mst)#revision 1
CORE2(config-mst)#name REG1
CORE2(config-mst)#instance 1 vlan 10, 30
CORE2(config-mst)#exit
CORE2(config)#spanning-tree mst 1 priority 16384

CORE2(config)#spanning-tree mst conf
CORE2(config-mst)#instance 2 vlan 20, 40
CORE2(config-mst)#exi
CORE2(config)#spanning-tree mst 2 priority 8192

on Dist1, just run both of the instance


DIST1(config)#span mode mst
DIST1(config)#span mst conf
DIST1(config-mst)#rev 1
DIST1(config-mst)#name REG1
DIST1(config-mst)#inst 1 vlan 10, 30
DIST1(config-mst)#inst 2 vlan 20, 40

let's check is it working, by right, VLAN 10 Root is CORE1, 20 is CORE2

CORE2#sh span vl 10

MST1
  Spanning tree enabled protocol mstp
  Root ID    Priority    8193 bridge prio for VLAN 10 is 8193
             Address     0019.0787.3000
             Cost        20000
             Port        769 (GigabitEthernet7/1) via this port (CORE1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    16385  (priority 16384 sys-id-ext 1)
             Address     0019.a908.ac00
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi7/1            Root FWD 20000     128.769  P2p
Gi7/2            Altn BLK 20000     128.770  P2p  An alternate port is the next best path available back to the root bridge shall the root port fail
Gi7/5            Desg FWD 200000    128.773  P2p

CORE2#sh span vla 20

MST2
  Spanning tree enabled protocol mstp
  Root ID    Priority    8194
             Address     0019.a908.ac00
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    8194   (priority 8192 sys-id-ext 2)
             Address     0019.a908.ac00
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi7/1            Desg FWD 20000     128.769  P2p
Gi7/2            Desg FWD 20000     128.770  P2p
Gi7/5            Desg FWD 200000    128.773  P2p Root bridge ports are all in FWD state


on DIST1

DIST1#sh span root

                                        Root    Hello Max Fwd
MST Instance           Root ID          Cost    Time  Age Dly  Root Port
---------------- -------------------- --------- ----- --- ---  ------------
MST0             32768 0018.19b2.58c0         0    2   20  15
MST1              8193 0019.0787.3000    200000    2   20  15  Fa4/3 root port for instance 1 (VLAN 10, 30)
MST2              8194 0019.a908.ac00    200000    2   20  15  Fa4/5 this is for instance 2

to confirm this, check which switch on Fa4/3 and Fa4/5

DIST1#sh cdp ne

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
CORE2            Fas 4/5           159             R S I  WS-C6509- Gig 7/5 now confirm that Instance 2 root is CORE2
CORE1            Fas 4/3           173             R S I  WS-C6509- Gig 1/3
 
happy Switching ;)
No comments:
Labels: , , , , , ,

Thursday, May 20, 2010

spanning tree on Cat 6500, 4510 and 3560


make sure all the cabling are fine and working, show CDP should be able to show all it's neighbor

set all the connected port above to be a trunking port

ex using int range command on CORE1 to set trunk on int Gi1/1 until Gi1/3


CORE1(config)#interface range gigabitEthernet 1/1 - 3
CORE1(config-if-range)#switchport trunk encapsulation dot1q
CORE1(config-if-range)#switchport mode trunk

configure etherchannel between CORE1 and CORE2

interface GigabitEthernet1/1 (same for Gi1/2)
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
 channel-protocol lacp
 channel-group 64 mode active
end

this will automatically create etherchannel, Po64, make sure all the attribute in physical port applied the same to the port channel

interface Port-channel64
 switchport
 switchport trunk encapsulation dot1q
 switchport mode trunk
 no ip address
end

*once you start your switch, check the name, if 'router>' then all ports are layer3 port and by default is administratively shutdown, change it to switchport (layer2)
*if start with 'switch>', then it shouldn't be any problem

make sure you configure this on all ports above, next is creating management VLAN interface, we'll use VLAN1 to be the management VLAN, by default all port are belong to this VLAN

configure on CORE1


interface Vlan1
 ip address 172.16.1.1 255.255.255.0
end

use the same subnet for int VLAN1 on CORE2, DIST1 and ACC1, just change the last octet to 2, 3 and 4 accordingly

now all the int VLAN are up, if not then you might want to check on the trunk conf, make sure it's working
use this command, and make sure all of your trunk ports are listed, check on all switch

DIST1#sh interface trunk

Port        Mode             Encapsulation  Status        Native vlan
Fa4/3       on               802.1q         trunking      1
Fa4/5       on               802.1q         trunking      1
Fa4/7       on               802.1q         trunking      1

Port        Vlans allowed on trunk
Fa4/3       1-4094
Fa4/5       1-4094
Fa4/7       1-4094

Port        Vlans allowed and active in management domain
..

configure enable and line vty password before you can telnet all the switch using VLAN1 ip address

DIST1(config)#enable secret cisco
DIST1(config)#line vty 0 15
DIST1(config-line)#password cisco
DIST1(config-line)#privilege level 15

the line will make sure you telnet session automatically goes into the enable mode
now you should be able to telnet to all the others switch

next we'll conf VTP for easy VLAN management, on CORE1

CORE1(config)#vtp mode server
CORE1(config)#vtp domain AMD
CORE1(config)#vtp version 2

conf the CORE2, DIST1 and ACC1 to be mode client

create 4 VLAN on CORE2

CORE1(config)#vlan 10
CORE1(config)#vlan 20
CORE1(config)#vlan 30
CORE1(config)#vlan 40

show vlan on all the switch, make sure all have the same VLAN, if not then troubleshoot your VTP


now we move to spanning-tree, how to configure it? no need, by default it is turned on already(PVST), but we can control the behavior of spanning tree by manipulating a few attributes

lowest priority will become a root, if all are same value, then lowest mac address take place
in this case CORE1 has the lowest priority

show spanning-tree vlan [VLAN number]
*use show spanning-tree to to get the result for every single VLAN

by default, a single switch will become a root bridge for every single VLAN inside your network

CORE1>sh span vlan 10

VLAN0010
  Spanning tree enabled protocol ieee
  Root ID    Priority    8192  this value should be same as Bridge ID (below), because the switch itself is Root
             Address     0019.0787.300a
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    8192 priority value and ID for this switch
             Address     0019.0787.300a
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi1/3            Desg FWD 19        128.3    P2p all ports in Root should be in FWD mode
Po64             Desg FWD 3         128.1665 P2p


CORE2#sh span vla 10

VLAN0010
  Spanning tree enabled protocol ieee
  Root ID    Priority    8192
             Address     0019.0787.300a
             Cost        3
             Port        1665 (Port-channel64) local port going to Root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32768 this switch can't become a Root because CORE1 has a lower priority
             Address     0019.a908.ac0a
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi7/5            Desg FWD 19        128.773  P2p port that forward traffic to the LAN segment
Po64             Root FWD 3         128.1665 P2p closest port to the root in term of cost

now we'll configure per VLAN spanning-tree, mean that we manually configure each VLAN it's own Root
there's two command to achieve this

spanning-tree vlan [VLAN X] root primary/secondary
OR
spanning-tree vlan [VLAN X] priority [Bridge ID]

we have created VLAN 10, 20, 30 and 40
divide into 2, 10 and 30 root on CORE1
20 and 40 root on CORE2

CORE1(config)#spanning-tree vlan 10 root primary
CORE1(config)#spanning-tree vlan 30 root primary

CORE2(config)#spanning-tree vlan 20 root primary
CORE2(config)#spanning-tree vlan 40 root primary

CORE2#show spanning-tree vlan 20

let's confirm this
 
VLAN0020
  Spanning tree enabled protocol ieee
  Root ID    Priority    8192
             Address     0019.a908.ac14
             This bridge is the root now this switch is the root for VLAN 20
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    8192
             Address     0019.a908.ac14
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi7/5            Desg FWD 19        128.773  P2p
Po64             Desg FWD 3         128.1665 P2p

check on all the other 3 VLANs for their root

now you can configure secondary root for each VLAN using the same approach

for the second command,
remove all the configuration that we just put in, we should have the Bridge ID (by know you should know how to get the Bridge ID)
but now the problem is, all my switch have the same Bridge priority : 32788 and since CORE1 has the lowest mac, it's now the Root for all VLANs

so, I've set VLAN 10 and 30 to have a higher priority value than it's Root for now

CORE1#spanning-tree vlan 10,30 priority 36864

check on CORE2, that fella should be the Root for VLAN 20 and 30 right now

we can also confirm this on DIST1

DIST1#show spanning-tree vlan 10

VLAN0010
  Spanning tree enabled protocol ieee
  Root ID    Priority    32768
             Address     0019.a908.ac0a
             Cost        19
             Port        197 (FastEthernet4/5)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32778  (priority 32768 sys-id-ext 10)
             Address     0018.19b2.58c0
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa4/3               Altn BLK 19        128.195  P2p
Fa4/5               Root FWD 19        128.197  P2p  root port for VLAN 10 is different than 20 (below), Fa4/3 connect to CORE1, Fa4/5 to CORE2

DIST1#show spanning-tree vlan 20

VLAN0020
  Spanning tree enabled protocol ieee
  Root ID    Priority    32768
             Address     0019.0787.3014
             Cost        19
             Port        195 (FastEthernet4/3)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32788  (priority 32768 sys-id-ext 20)
             Address     0018.19b2.58c0
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Fa4/3               Root FWD 19        128.195  P2p connect to CORE1, it's the Root for VLAN20
Fa4/5               Altn BLK 19        128.197  P2p

another useful command

DIST1#show spanning-tree interface fastEthernet 4/5

Vlan                Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
VLAN0001            Altn BLK 19        128.197  P2p
VLAN0010            Root FWD 19        128.197  P2p
VLAN0020            Altn BLK 19        128.197  P2p
VLAN0030            Root FWD 19        128.197  P2p
VLAN0040            Altn BLK 19        128.197  P2p
VLAN0050            Altn BLK 19        128.197  P2p
2 comments:
Labels: , , , , , ,

Friday, May 7, 2010

OSPF route summarization

we still use same network setup from the previous lab but with a little modification
*there's a bit error on the image, L81-84 actually on R5

add 4 new loopbacks

  • on R5, advertise inside area 40
interface Loopback81
 ip address 81.1.1.1 255.0.0.0
!
interface Loopback82
 ip address 82.1.1.1 255.0.0.0
!
interface Loopback83
 ip address 83.1.1.1 255.0.0.0
!
interface Loopback84
 ip address 84.1.1.1 255.0.0.0
!
interface Loopback85
 ip address 85.1.1.1 255.255.255.0

router ospf 1
 log-adjacency-changes
..
 network 82.0.0.0 0.255.255.255 area 40
 network 83.0.0.0 0.255.255.255 area 40
 network 84.0.0.0 0.255.255.255 area 40
 network 85.1.1.0 0.0.0.255 area 40

  • on R4, advertise into RIP
interface Loopback99
 ip address 99.1.1.1 255.0.0.0
!
interface Loopback100
 ip address 100.1.1.1 255.0.0.0
!
interface Loopback101
 ip address 101.1.1.1 255.0.0.0
!
interface Loopback102
 ip address 102.1.1.1 255.0.0.0



router rip
 version 2
..
 network 99.0.0.0
 network 100.0.0.0
 network 101.0.0.0
 network 102.0.0.0
 network 192.168.1.0
 no auto-summary


there are two type of summarization perform by OSPF

  • for inter area route (area range command)
  • for external route (summary-address command at ASBR)
now that we've add all the new loopbacks, all router should learn all the new network already

R3 routing table
R3>sh ip rou
..

O E2 102.0.0.0/8 [110/20] via 172.16.3.2, 00:10:26, Serial0/0
O E2 100.0.0.0/8 [110/20] via 172.16.3.2, 00:10:26, Serial0/0
O E2 101.0.0.0/8 [110/20] via 172.16.3.2, 00:10:26, Serial0/0
O E2 99.0.0.0/8 [110/20] via 172.16.3.2, 00:10:27, Serial0/0
..


R4 routing table
R4#sh ip rou
..
     84.0.0.0/32 is subnetted, 1 subnets
     81.0.0.0/32 is subnetted, 1 subnets
     83.0.0.0/32 is subnetted, 1 subnets
     82.0.0.0/32 is subnetted, 1 subnets
..

  • let's do the inter area summary routing first
on R3
R3(config)#router os 1
R3(config-router)#area 40 range 80.0.0.0 248.0.0.0

now routing table on other routers should show summary route only

O IA 80.0.0.0/5 [110/130] via 172.16.2.2, 00:02:32, Serial0/0


  • now we'll configure external summary address, do this on ASBR to summarize route from R4
on R1
R1(config)#router os 1
R1(config-router)#summary-address 100.0.0.0 248.0.0.0

now routing table on other routers should show summary route only

O E2 96.0.0.0/5 [110/20] via 172.16.2.2, 00:00:07, Serial0/0


happy routing ;)
2 comments:
Labels: , , , , ,

Thursday, May 6, 2010

OSPF Route, Router and LSA type


we still use same network setup from the previous lab but with a little modification

remove area 50 and virtual link, advertise 50.50.50.x into area 20

R2

R2(config)#router os 1
R2(config-router)#no area 20 virtual-link 10.10.20.6

R6
R6(config)#router os 1
R6(config-router)#no area 20 virtual-link 172.16.2.1
R6(config-router)#no network 50.50.50.0 0.0.0.255 area 50
R6(config-router)#network 50.50.50.0 0.0.0.255 area 20

change area 20 to Stub area

R2
R2(config-router)#area 20 stub

R6
R6(config-router)#area 20 stub


3 Route type - O, O IA, O E1/E2


  • O - route to a destination where the area is connected to it

R2 is connected to area 20(in yellow), area 0(in green)

show ip route
     200.200.20.0/32 is subnetted, 1 subnets
O       200.200.20.1 [110/2] via 10.10.20.6, 00:03:56, FastEthernet0/0
     50.0.0.0/32 is subnetted, 1 subnets
O       50.50.50.1 [110/2] via 10.10.20.6, 00:03:56, FastEthernet0/0
     21.0.0.0/24 is subnetted, 1 subnets
O E2    21.21.21.0 [110/20] via 172.16.2.2, 00:03:56, Serial0/0
     172.16.0.0/30 is subnetted, 3 subnets
O       172.16.1.0 [110/128] via 172.16.2.2, 00:04:43, Serial0/0
C       172.16.2.0 is directly connected, Serial0/0
O       172.16.3.0 [110/128] via 172.16.2.2, 00:04:43, Serial0/0
     22.0.0.0/24 is subnetted, 1 subnets
O E2    22.22.22.0 [110/20] via 172.16.2.2, 00:03:56, Serial0/0
     10.0.0.0/24 is subnetted, 2 subnets
C       10.10.20.0 is directly connected, FastEthernet0/0
O IA    10.40.1.0 [110/129] via 172.16.2.2, 00:03:57, Serial0/0
     11.0.0.0/32 is subnetted, 1 subnets
O IA    11.11.11.1 [110/130] via 172.16.2.2, 00:03:57, Serial0/0
     12.0.0.0/32 is subnetted, 1 subnets
O IA    12.12.12.1 [110/130] via 172.16.2.2, 00:03:57, Serial0/0
O E2 192.168.1.0/24 [110/20] via 172.16.2.2, 00:03:57, Serial0/0




  • O IA - route to a destination in another OSPF area

from R2, area 40 suppose to be 'another area' for it, so, all the route to this destination should start with O IA

show ip route
     200.200.20.0/32 is subnetted, 1 subnets
O       200.200.20.1 [110/2] via 10.10.20.6, 00:03:56, FastEthernet0/0
     50.0.0.0/32 is subnetted, 1 subnets
O       50.50.50.1 [110/2] via 10.10.20.6, 00:03:56, FastEthernet0/0
     21.0.0.0/24 is subnetted, 1 subnets
O E2    21.21.21.0 [110/20] via 172.16.2.2, 00:03:56, Serial0/0
     172.16.0.0/30 is subnetted, 3 subnets
O       172.16.1.0 [110/128] via 172.16.2.2, 00:04:43, Serial0/0
C       172.16.2.0 is directly connected, Serial0/0
O       172.16.3.0 [110/128] via 172.16.2.2, 00:04:43, Serial0/0
     22.0.0.0/24 is subnetted, 1 subnets
O E2    22.22.22.0 [110/20] via 172.16.2.2, 00:03:56, Serial0/0
     10.0.0.0/24 is subnetted, 2 subnets
C       10.10.20.0 is directly connected, FastEthernet0/0
O IA    10.40.1.0 [110/129] via 172.16.2.2, 00:03:57, Serial0/0
     11.0.0.0/32 is subnetted, 1 subnets
O IA    11.11.11.1 [110/130] via 172.16.2.2, 00:03:57, Serial0/0
     12.0.0.0/32 is subnetted, 1 subnets
O IA    12.12.12.1 [110/130] via 172.16.2.2, 00:03:57, Serial0/0
O E2 192.168.1.0/24 [110/20] via 172.16.2.2, 00:03:57, Serial0/0



  • O E2/E1 - External route that learned from redistribution

in this case all route that learned from RIP

show ip route
     200.200.20.0/32 is subnetted, 1 subnets
O       200.200.20.1 [110/2] via 10.10.20.6, 00:03:56, FastEthernet0/0
     50.0.0.0/32 is subnetted, 1 subnets
O       50.50.50.1 [110/2] via 10.10.20.6, 00:03:56, FastEthernet0/0
     21.0.0.0/24 is subnetted, 1 subnets
O E2    21.21.21.0 [110/20] via 172.16.2.2, 00:03:56, Serial0/0
     172.16.0.0/30 is subnetted, 3 subnets
O       172.16.1.0 [110/128] via 172.16.2.2, 00:04:43, Serial0/0
C       172.16.2.0 is directly connected, Serial0/0
O       172.16.3.0 [110/128] via 172.16.2.2, 00:04:43, Serial0/0
     22.0.0.0/24 is subnetted, 1 subnets
O E2    22.22.22.0 [110/20] via 172.16.2.2, 00:03:56, Serial0/0
     10.0.0.0/24 is subnetted, 2 subnets
C       10.10.20.0 is directly connected, FastEthernet0/0
O IA    10.40.1.0 [110/129] via 172.16.2.2, 00:03:57, Serial0/0
     11.0.0.0/32 is subnetted, 1 subnets
O IA    11.11.11.1 [110/130] via 172.16.2.2, 00:03:57, Serial0/0
     12.0.0.0/32 is subnetted, 1 subnets
O IA    12.12.12.1 [110/130] via 172.16.2.2, 00:03:57, Serial0/0
O E2 192.168.1.0/24 [110/20] via 172.16.2.2, 00:03:57, Serial0/0


4 Router type - Internal, Backbone, ABR and ASBR

show ip ospf can show all the information regarding to router type


  • Internal - All interface in single area ; R0
check how many area it has
R0>sh ip os
 Routing Process "ospf 1" with ID 172.16.3.2
 ...
 Number of areas in this router is 1. 1 normal 0 stub 0 nssa
 External flood list length 0
    Area BACKBONE(0)
        Number of interfaces in this area is 3
        Area has no authentication
        SPF algorithm last executed 00:43:05.116 ago
..
        Number of DoNotAge LSA 4
        Flood list length 0



  • Backbone - at least one interface in area 0 ; R0, R1, R2 and R3
R1>sh ip os
 Routing Process "ospf 1" with ID 172.16.1.1
 Supports only single TOS(TOS0) routes
 ..
 External flood list length 0
    Area BACKBONE(0)
        Number of interfaces in this area is 1
        Area has no authentication
  ..
        Number of DoNotAge LSA 4
        Flood list length 0
    Area 40
        Number of interfaces in this area is 0
        It is a stub area
..
        Flood list length 0



  • ABR - at least one interface in area 0, other interface interface in another area
 - all ABR are Backbone ; R1, R2 and R3
 - Backbone may be ABR, may not (where all interface in area 0); R0 is no ABR only because all int in area 0
R2>sh ip os
 Routing Process "ospf 1" with ID 172.16.2.1
 Supports only single TOS(TOS0) routes
 Supports opaque LSA
 Supports Link-local Signaling (LLS)
 It is an area border router
..



  • ASBR - where OSPF meet other routing protocol and perform route redistribution ; R1
R1>sh ip os
 Routing Process "ospf 1" with ID 172.16.1.1
 Supports only single TOS(TOS0) routes
 Supports opaque LSA
 Supports Link-local Signaling (LLS)
 It is an autonomous system boundary router
 Redistributing External Routes from,
    rip, includes subnets in redistribution
 Initial SPF schedule delay 5000 msecs
..


LSA type

use show ip ospf database


  • LSA type 1 – Router LSAs are sent from a router to other routers in the same area. It contains information regarding the routers interfaces in the same area, relevant interfaces IPs, its adjacent routers on those interfaces and sub networks. 

In this case, R2 have 2 area

R2>sh ip os da

            OSPF Router with ID (172.16.2.1) (Process ID 1)

                Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
172.16.1.1      172.16.1.1      1456        0x8000003C 0x00248A 2
172.16.2.1      172.16.2.1      1723        0x80000040 0x00297E 2
172.16.3.1      172.16.3.1      7           0x8000003B 0x004365 2
172.16.3.2      172.16.3.2      1756        0x80000042 0x003DB0 6

                Summary Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
...
200.200.20.1    172.16.2.1      1461        0x80000002 0x007261

                Router Link States (Area 20)

Link ID         ADV Router      Age         Seq#       Checksum Link count
10.10.20.6      10.10.20.6      1568        0x80000047 0x0018C2 3
172.16.2.1      172.16.2.1      1063        0x8000003F 0x009390 1

                Net Link States (Area 20)

Link ID         ADV Router      Age         Seq#       Checksum
..



  • LSA type 2 – Network LSAs are generated by the DR(on a broadcast network) on a multi access segment, and provides similar information to an LSA type 1 for the multi access segment and subnet which it belongs

in this broadcast 10.40.1.x only have 2 router, so R3 only show the other one on the database

R3>sh ip os da

            OSPF Router with ID (172.16.3.1) (Process ID 1)

                Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
172.16.1.1      172.16.1.1      1920        0x8000003C 0x00248A 2
..
172.16.3.1      172.16.3.1      232         0x80000040 0x0036D4 1

                Net Link States (Area 40)

Link ID         ADV Router      Age         Seq#       Checksum
10.40.1.1       172.16.3.1      232         0x8000003B 0x00F91D

                Summary Net Link States (Area 40)

Link ID         ADV Router      Age         Seq#       Checksum
0...


  • LSA type 3 – Network Summary LSAs are generated by ABRs and contain the subnets & costs but omit the topological data from all subnets in one area and sent to another area via the ABR

R3>sh ip os da

            OSPF Router with ID (172.16.3.1) (Process ID 1)

                Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
172.16.1.1      172.16.1.1      261         0x8000003D 0x00228B 2
172.16.2.1      172.16.2.1      496         0x80000041 0x00277F 2
172.16.3.1      172.16.3.1      821         0x8000003B 0x004365 2
172.16.3.2      172.16.3.2      581         0x80000043 0x003BB1 6

                Summary Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
10.10.20.0      172.16.2.1      243         0x80000046 0x008A84
10.40.1.0       172.16.3.1      575         0x80000046 0x00EB17
11.11.11.1      172.16.3.1      575         0x8000002B 0x00042A
12.12.12.1      172.16.3.1      575         0x8000002B 0x00DF4B
50.50.50.1      172.16.2.1      243         0x80000003 0x00D908
200.200.20.1    172.16.2.1      243         0x80000003 0x007062

                Router Link States (Area 40)

..



  • LSA type 4 -ASBR summary LSAs are from ASBRs and are identical in structure to a type 3 LSA and sent when crossing an AS boundary

somehow I can't show this information, still can't figure out where's the trick, but it should start with 'summary ASB link states'



  • LSA type 5 -Are AS external LSAs which are originated by ASBRs and describe external networks

notice that the link ID are the one that learned from RIP


R2>sh ip os da

            OSPF Router with ID (172.16.2.1) (Process ID 1)

...
                Type-5 AS External Link States

Link ID         ADV Router      Age         Seq#       Checksum Tag
21.21.21.0      172.16.1.1      1616        0x8000003A 0x00DE8A 0
22.22.22.0      172.16.1.1      1621        0x8000003A 0x00BAAB 0
192.168.1.0     172.16.1.1      1621        0x8000003A 0x001925 0

and you not gonna see this type on Stub and Totally Stubby area, try 'show ip ospf database' on R5 and R6


for type 6 and type 7, i can't show in this network setup yet... will continue soon ;)


No comments:
Labels: , , , , , , ,
Subscribe to: Posts (Atom)