Pages

Friday, April 30, 2010

OSPF Vitual link - GNS3



for R1, R2 and R3, we'll use the same setup as previous lab . there's new setting on R3 and new router, R4


R3
interface FastEthernet0/1
 ip address 172.16.1.3 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1
 log-adjacency-changes
 network 3.3.3.3 0.0.0.0 area 0
 network 172.16.1.0 0.0.0.255 area 17
 network 192.168.3.0 0.0.0.255 area 0

R4
interface Loopback0
 ip address 4.4.4.4 255.255.255.255
!
interface Loopback1
 ip address 10.1.1.1 255.255.255.0
!
interface Loopback2
 ip address 10.2.2.2 255.255.255.0
!
interface FastEthernet0/1
 ip address 172.16.1.4 255.255.255.0
 duplex auto
 speed auto
!
router ospf 1
 router-id 4.4.4.4
 log-adjacency-changes
 network 4.4.4.4 0.0.0.0 area 17
 network 10.1.1.0 0.0.0.255 area 10
 network 10.2.2.0 0.0.0.255 area 10
 network 172.16.1.0 0.0.0.255 area 17

*correction on IP address between R3 and R4, don't use the diagram IP but follow the conf instead

now we add router R4, and two area, area 17 is directly connected to area 0, and area 10

check the connectivity between R4 and R2,
ping to R2 Loopback0 from R4

R4#p 2.2.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!

work fine, so we can assume connection along the way(R4-R3-R1-R2) have no problem
now, from R2 ping to any R4 Loopback and interface

R2>p 172.16.1.4

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/67/88 ms
R2>p 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
..
Success rate is 0 percent (0/2)

why ping to R4 interface successful, but not to R4 Loopback

this is because R4 int fa0/1 is advertised to area 17, which is directly connected to area 0
R4 Loopback1 and 2 are advertised to area 10, where there is no direct connection to area 0

to solve this, we should create a virtual-link between area 10 and area 0
area 17 will be the 'bridge' to make sure area 10 can communicate to area 0

use this command , area ['bridge' area number] virtual-link [remote RID]

R4
R4(config)#router ospf 1
R4(config-router)#area 17 virtual-link 3.3.3.3

you should receive an error message on R3

*Mar  1 00:52:20.355: %OSPF-4-ERRRCV: Received invalid packet: mismatch area ID, from backbone area must be virtual-link but not found from 172.16.1.4, FastEthernet0/1
*Mar  1 00:52:30.355: %OSPF-4-ERRRCV: Received invalid packet: mismatch area ID, from backbone area must be virtual-link but not found from 172.16.1.4, FastEthernet0/1

this is because we haven't configure any virtual-link on R3 yet to connect to R4

R3
R3(config-router)#area 17 virtual-link 4.4.4.4
R3(config-router)#
*Mar  1 00:57:28.275: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on OSPF_VL1 from LOADING to FULL, Loading Done

once you configure on R3, it'll form neighbor via virtual interface OSPF_VL1 with 4.4.4.4

R3#sh ip os
*Mar  1 01:00:37.795: %SYS-5-CONFIG_I: Configured from console by console ne

Neighbor ID     Pri   State           Dead Time   Address         Interface
4.4.4.4           0   FULL/         -           -        172.16.1.4      OSPF_VL1
1.1.1.1           1   FULL/DR        00:00:31    192.168.3.1     FastEthernet0/0
4.4.4.4           1   FULL/DR         00:00:35    172.16.1.4      FastEthernet0/1

there's more detail on show ip ospf virtual-link, try on R4

R4#sh ip os virtual-links
Virtual Link OSPF_VL0 to router 3.3.3.3 is up
  Run as demand circuit
  DoNotAge LSA allowed.
  Transit area 17, via interface FastEthernet0/1, Cost of using 1
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:08
    Adjacency State FULL (Hello suppressed)
    Index 1/1, retransmission queue length 0, number of retransmission 1
    First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
    Last retransmission scan length is 1, maximum is 1
    Last retransmission scan time is 0 msec, maximum is 0 msec

here we can see information about virtual link and transit area (the 'bridge')

to make sure area 10 now are really connected to area 0, check from R2, try show IP route ospf

R2>sh ip rou os
     1.0.0.0/32 is subnetted, 1 subnets
O       1.1.1.1 [110/2] via 192.168.2.1, 00:09:06, FastEthernet0/0
     3.0.0.0/32 is subnetted, 1 subnets
O       3.3.3.3 [110/3] via 192.168.2.1, 00:09:06, FastEthernet0/0
     4.0.0.0/32 is subnetted, 1 subnets
O IA    4.4.4.4 [110/4] via 192.168.2.1, 00:09:06, FastEthernet0/0
     172.16.0.0/24 is subnetted, 1 subnets
O IA    172.16.1.0 [110/3] via 192.168.2.1, 00:09:06, FastEthernet0/0
     10.0.0.0/32 is subnetted, 2 subnets
O IA    10.2.2.2 [110/4] via 192.168.2.1, 00:09:06, FastEthernet0/0
O IA    10.1.1.1 [110/4] via 192.168.2.1, 00:09:06, FastEthernet0/0
O    192.168.3.0/24 [110/2] via 192.168.2.1, 00:09:06, FastEthernet0/0

now route from area 10 being advertise across the same OSPF instance, which mean our virtual-link are working fine now ;)

OSPF DR BDR election - GNS3


we'll configure OSPF Hub and Spokes network, on router R1 we'll use sub-interface to connect to R2 and R3. setup the network as below's configuration

R1

interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.2
 encapsulation dot1Q 2
 ip address 192.168.2.1 255.255.255.0
!
interface FastEthernet0/0.3
 bandwidth 100000
 encapsulation dot1Q 3
 ip address 192.168.3.1 255.255.255.0


router ospf 1
 log-adjacency-changes
 network 192.168.2.0 0.0.0.255 area 0
 network 192.168.3.0 0.0.0.255 area 0


R2

interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.2.2 255.255.255.0
 duplex auto
 speed auto


router ospf 1
 log-adjacency-changes
 network 192.168.2.0 0.0.0.255 area 0


R3
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
 bandwidth 100000
 ip address 192.168.3.3 255.255.255.0
 duplex auto
 speed auto

router ospf 1
 log-adjacency-changes
 network 192.168.3.0 0.0.0.255 area 0



for the SW2,
port 11 = dot1q
port 12 = access vlan2
port 13 = access vlan3


by default, the highest int IP address will elected as BDR, and if there's no DR yet inside that network then it'll be promoted as DR

in this case for
 network 192.168.2.X, R2 will be the DR
 network 192.168.3.X, R3 will be the DR

for the Router ID (RID), the highest IP on Loopback will win (if no Loopback then fall to highest physical address)

let's check, there's a few ways, let use this 3 command ; show ip ospf neighbor , show ip ospf interface [int number]'


*bear in mind, IF a HIGHER priority OSPF router comes online AFTER the election has taken place, it will not become DR or BDR until (at least) the DR and BDR fail.


R1#sh ip os ne


Neighbor ID     Pri   State           Dead Time   Address         Interface
3.3.3.3           1   FULL/DR         00:00:39    192.168.3.3     FastEthernet0/0.3
2.2.2.2           1   FULL/DR         00:00:37    192.168.2.2     FastEthernet0/0.2

3.3.3.3 and 2.2.2.2 are RID for R3 and R2, they became a DR because they have a higher priority on interface IP address (higher ip address)

R1>sh ip os int fa 0/0.2
FastEthernet0/0.2 is up, line protocol is up
  Internet Address 192.168.2.10/24, Area 0
  Process ID 1, Router ID 1.1.1.1, Network Type BROADCAST, Cost: 1
  Transmit Delay is 1 sec, State BDR, Priority 1
  Designated Router (ID) 2.2.2.2, Interface address 192.168.2.2
  Backup Designated router (ID) 1.1.1.1, Interface address 192.168.2.1
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:07
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 4 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 2.2.2.2  (Designated Router)
  Suppress hello for 0 neighbor(s)

but this is Hub-Spokes network, Spokes should never become a DR, to make sure this we must make sure interface in Spokes never take place in the election

set the interface priority to 0, on R2 and R3

R3(config)#int fa 0/0
R3(config-if)#ip ospf priority 0

check on R1

R1>sh ip os ne

Neighbor ID     Pri   State           Dead Time   Address         Interface
2.2.2.2           0   FULL/DROTHER    00:00:35    192.168.2.2     FastEthernet0/0.2
3.3.3.3           0   FULL/DROTHER    00:00:37    192.168.3.3     FastEthernet0/0.3

DROTHER mean it's not DR, and not BDR, now we looks good , but let's confirm this

on R2 or R3

R2#sh ip os int fa 0/0
FastEthernet0/0 is up, line protocol is up
  Internet Address 192.168.2.2/24, Area 0
  Process ID 1, Router ID 2.2.2.2, Network Type BROADCAST, Cost: 1
  Transmit Delay is 1 sec, State DROTHER, Priority 0
  Designated Router (ID) 1.1.1.1, Interface address 192.168.2.1
  No backup designated router on this network
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:00
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 1.1.1.1  (Designated Router)
  Suppress hello for 0 neighbor(s)

now we confirm this interface will never participate in the election, because now we have no BDR in this network and this interface is the only option, and it is not taking action in the election

ok, let's prove this some more

shutdown interface on R1, to see what gonna happen to this interface

R1(config)#int fa 0/0
R1(config-if)#shut

it's gonna take sometime, by default it's 40sec after no reply then the neighbor is considered death

Neighbor ID     Pri   State           Dead Time   Address         Interface
1.1.1.1           1   FULL/DR         00:00:25    192.168.2.1     FastEthernet0/0
R2#sh ip os ne

Neighbor ID     Pri   State           Dead Time   Address         Interface
1.1.1.1           1   FULL/DR         00:00:22    192.168.2.1     FastEthernet0/0
R2#sh ip os ne

Neighbor ID     Pri   State           Dead Time   Address         Interface
1.1.1.1           1   FULL/DR         00:00:20    192.168.2.1     FastEthernet0/0
R2#sh ip os ne

Neighbor ID     Pri   State           Dead Time   Address         Interface
1.1.1.1           1   FULL/DR         00:00:12    192.168.2.1     FastEthernet0/0
R2#sh ip os ne

Neighbor ID     Pri   State           Dead Time   Address         Interface
1.1.1.1           1   FULL/DR         00:00:03    192.168.2.1     FastEthernet0/0
R2#sh ip os ne

Neighbor ID     Pri   State           Dead Time   Address         Interface
1.1.1.1           1   FULL/DR         00:00:00    192.168.2.1     FastEthernet0/0
R2#
*Mar  1 08:00:52.910: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on FastEthernet0/0 from FULL to DOWN, Neighbor Down: Dead timer expired

if you keep 'show ip ospf neighbor' , you will see the increment of Dead time before it's reach 40sec and the neighbor is declared as Death

now check who is the DR 


R2#sh ip os int fa 0/0
FastEthernet0/0 is up, line protocol is up
  Internet Address 192.168.2.2/24, Area 0
  Process ID 1, Router ID 2.2.2.2, Network Type BROADCAST, Cost: 1
  Transmit Delay is 1 sec, State DROTHER, Priority 0
  No designated router on this network
  No backup designated router on this network
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:07
  Index 1/1, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 0, Adjacent neighbor count is 0
  Suppress hello for 0 neighbor(s)

yes, as configured, they'll no DR since this interface is not participate in the election

Thursday, April 29, 2010

EIGRP, route summary - GNS3

we gonna use previous network layout and setting

click here to see previous setup


add more loopback on R2


interface Loopback21
 ip address 200.1.2.2 255.255.0.0
!
interface Loopback22
 ip address 200.2.2.2 255.255.0.0
!
interface Loopback23
 ip address 200.3.2.2 255.255.0.0
!
interface Loopback24
 ip address 200.4.2.2 255.255.0.0
!
interface Loopback25
 ip address 200.5.2.2 255.255.0.0


now we'll configure address summarization on R2 for this address

we'll configure this on R2 interface f0/1 only

R2(config)#int fa 0/1
R2(config-if)#ip summary-address eigrp 1 200.0.0.0 255.248.0.0

now show routing table from R1 and R2

R1>sh ip rou
..
D    200.0.0.0/13 [90/386560] via 192.168.1.2, 00:04:19, FastEthernet0/1
D    200.1.0.0/16 [90/389120] via 192.168.1.3, 00:00:21, FastEthernet0/1
D    200.2.0.0/16 [90/389120] via 192.168.1.3, 00:00:21, FastEthernet0/1
D    200.3.0.0/16 [90/389120] via 192.168.1.3, 00:00:21, FastEthernet0/1
D    200.4.0.0/16 [90/389120] via 192.168.1.3, 00:00:21, FastEthernet0/1
D    200.5.0.0/16 [90/389120] via 192.168.1.3, 00:00:21, FastEthernet0/1


R3#sh ip rou
..
D    200.0.0.0/13 [90/386560] via 192.168.1.2, 00:05:56, FastEthernet0/1
D    200.1.0.0/16 [90/156160] via 172.16.1.2, 00:01:59, FastEthernet0/0
D    200.2.0.0/16 [90/156160] via 172.16.1.2, 00:01:59, FastEthernet0/0
D    200.3.0.0/16 [90/156160] via 172.16.1.2, 00:01:59, FastEthernet0/0
D    200.4.0.0/16 [90/156160] via 172.16.1.2, 00:01:59, FastEthernet0/0
D    200.5.0.0/16 [90/156160] via 172.16.1.2, 00:01:59, FastEthernet0/0

you see, in green there's the summary route that we just manually create, but the un-summarize still being advertised.

now lets check we did it learned from, in red is where this specific was learned from ... owh, now we know why, they learn from network 172.16.1.x which is interface 0/0

let's just turn of this interface

R2(config)#int fa 0/0
R2(config-if)#shut

show routing table again, result should only show summarize route for network 200.0.0.0

R1#sh ip rou
..
C    192.168.1.0/24 is directly connected, FastEthernet0/1
D    200.0.0.0/13 [90/386560] via 192.168.1.2, 00:00:04, FastEthernet0/1

now our address summarization work fine ;) but that is for R1 and R3, I wonder what R2 routing table looks like, let see 

R2#sh ip rou
...
C    192.168.1.0/24 is directly connected, FastEthernet0/1
D    200.0.0.0/13 is a summary, 00:12:06, Null0
C    200.1.0.0/16 is directly connected, Loopback21
C    200.2.0.0/16 is directly connected, Loopback22
C    200.3.0.0/16 is directly connected, Loopback23
C    200.4.0.0/16 is directly connected, Loopback24
C    200.5.0.0/16 is directly connected, Loopback25

by right, it shouldn't be any summary because we configure the summary on fa0/1, in yellow there's one summary and at the end it mention Null 0 , what is this for?

actually if you notice, our summary is /13 , which mean it start from 200.0.0.0 - 200.7.255.255
but our network only start from 200.1.0.0 to 200.5.0.0 only, so all packet for the rest or un-existed network within /13 will be dropped(200.5..x.x - 200.7.x.x), that's Null 0 is for. this is to prevent the loop

happy routing ;) good luck to Liverpool later

Wednesday, April 28, 2010

EIGRP Variance - GNS3

configure as below and make sure routing protocol running and working fine


R1

interface Loopback0
 ip address 1.1.1.1 255.255.255.255


interface FastEthernet0/1
 bandwidth 10000
 ip address 192.168.1.1 255.255.255.0
 duplex auto
 speed auto


router eigrp 1
 network 0.0.0.0
 no auto-summary


R2
interface Loopback0
 ip address 2.2.2.2 255.255.255.255

interface FastEthernet0/0
 ip address 172.16.1.2 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 bandwidth 10000
 ip address 192.168.1.2 255.255.255.0
 duplex auto
 speed auto

router eigrp 1
 network 0.0.0.0
 no auto-summary


R3
interface Loopback0
 ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
 ip address 172.16.1.3 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 bandwidth 10000
 ip address 192.168.1.3 255.255.255.0
 duplex auto
 speed auto
!
router eigrp 1
 network 0.0.0.0
 no auto-summary



if you notice, all interfaces inside network 192.168.1.0/24 are hard coded to be 10 000 kbps,

bandwidth 10000

this is because we want to simulate different kind of network (ie, frame-relay, ethernet, T1), to see how the bandwidth affect the matrix

show ip route from R2, you can only see one path to L0 on R3, this because routing table only show the best path to the destination

R2#sh ip rou
..

     1.0.0.0/32 is subnetted, 1 subnets
D       1.1.1.1 [90/386560] via 192.168.1.1, 00:34:27, FastEthernet0/1
     2.0.0.0/32 is subnetted, 1 subnets
C       2.2.2.2 is directly connected, Loopback0
     3.0.0.0/32 is subnetted, 1 subnets
D       3.3.3.3 [90/156160] via 172.16.1.3, 00:34:27, FastEthernet0/0
     172.16.0.0/24 is subnetted, 1 subnets
C       172.16.1.0 is directly connected, FastEthernet0/0
C    192.168.1.0/24 is directly connected, FastEthernet0/1

since Fa0/0 has speed of 100000kbps, so it should have a better matrix compare to Fa0/1 (we set it to 10000kbps), that's why we see path to 3.3.3.3 is via Fa0/0 (172.16.1.3) . 

How to see all the possible path to the destination? issue show ip eigrp topology 

R2#sh ip ei top
IP-EIGRP Topology Table for AS(1)/ID(2.2.2.2)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status

P 1.1.1.1/32, 1 successors, FD is 386560
        via 192.168.1.1 (386560/128256), FastEthernet0/1
P 3.3.3.3/32, 1 successors, FD is 156160
        via 172.16.1.3 (156160/128256), FastEthernet0/0 successor (primary)
        via 192.168.1.3 (386560/128256), FastEthernet0/1 feasible successor (backup)
P 2.2.2.2/32, 1 successors, FD is 128256
        via Connected, Loopback0
P 192.168.1.0/24, 1 successors, FD is 258560
        via Connected, FastEthernet0/1
P 172.16.1.0/24, 1 successors, FD is 28160
        via Connected, FastEthernet0/0

you can see there's two path to 3.3.3.3, with two different FD (green),

what if we want to bring both of the path to the routing table to do the load balance? this can be achieve by using Variance , theoretically it is hard to explain but actually it is very easy to use 

to achieve load balance, make sure variance(X) value is

X*[successor FD] > [feasible successor FD]

X > [386560]/[156160]

X > 2

so we'll take value that is greater than 2 for variance, we'll use 3
R2(config)#router eigrp 1
R2(config-router)#variance 3

show ip route to confirm load balance is working

R2#sh ip rou
..
     1.0.0.0/32 is subnetted, 1 subnets
D       1.1.1.1 [90/386560] via 192.168.1.1, 00:03:01, FastEthernet0/1
     2.0.0.0/32 is subnetted, 1 subnets
C       2.2.2.2 is directly connected, Loopback0
     3.0.0.0/32 is subnetted, 1 subnets
D       3.3.3.3 [90/156160] via 172.16.1.3, 00:03:01, FastEthernet0/0
                [90/386560] via 192.168.1.3, 00:03:01, FastEthernet0/1
     172.16.0.0/24 is subnetted, 1 subnets
C       172.16.1.0 is directly connected, FastEthernet0/0
C    192.168.1.0/24 is directly connected, FastEthernet0/1

now all traffic destination to 3.3.3.3 is load balanced, un-equal load balance !!, traffic will be divided according to ratio of the matrix between the two route, in this case 2/1.

we can force this to have 50-50 or equal load balance, it's not a good practice but we still can do it

R2(config)#router eigrp 1
R2(config-router)#traffic-share balanced

just want to share with you another command that might be useful, show ip eigrp topology [address] [mask]

R2#sh ip ei top 3.3.3.3 255.255.255.255

IP-EIGRP (AS 1): Topology entry for 3.3.3.3/32
  State is Passive, Query origin flag is 1, 1 Successor(s), FD is 156160
  Routing Descriptor Blocks:
  172.16.1.3 (FastEthernet0/0), from 172.16.1.3, Send flag is 0x0
      Composite metric is (156160/128256), Route is Internal
      Vector metric:
        Minimum bandwidth is 100000 Kbit
        Total delay is 5100 microseconds
        Reliability is 255/255
        Load is 1/255
        Minimum MTU is 1500
        Hop count is 1
  192.168.1.3 (FastEthernet0/1), from 192.168.1.3, Send flag is 0x0
      Composite metric is (386560/128256), Route is Internal
      Vector metric:
        Minimum bandwidth is 10000 Kbit
        Total delay is 5100 microseconds
        Reliability is 255/255
        Load is 1/255
        Minimum MTU is 1500
        Hop count is 1


happy routing and good luck to Barca ;) I'm going to watch the game later, semi-final CL, Barca V Inter !!