Friday, February 17, 2012

OSPF Basics

Lets take a very basic question on OSPF which requires an explanation

Q: OSPF being a link state routing protocol prepares Link State Database. I would like to understand, if OSPF advertises and redistributes routes from its Link State Database table or from its Routing Table.

A: Within the ospf flooding domain or an area ospf process exchanges LSA's (LSA type1, LSA type 2) and based on that all the ospf running routers maintain the same copy of the LSDB. Now it is upto the individual router which runs independent spf calculation for selecting the best route to reach a perticular destination.

But when ospf process needs to send an LSA (type 3,4) outside its own area it behaves like a distance vector becuase the other area routers when receives a summary LSA (type3,4) they believe on the ABR which sends those LSA into the area so these routers just need to run spf to determine cost to reach to the ABR that means these routers adds up the cost (what ABR is advertising plus cost to reach to the ABR) to reach to the routes in the other area. So technically its wrong to say aospf is advetising routes because ospf just exchanges LSAs i.e within area type 1 and 2 while from other area type 3 and 4. 

Now if you are considering redistribution of ospf process into some other IGP(RIP,EIGRP etc or other OSPF process), the redistribution will always performs from the ospf routing table i.e "show ip route ospf". In this by default "show ip route ospf" routes and "show ip ospf interface br" routes will be redistributed from ospf process to other IGP and these ospf routes will end up in the database of other IGP on the device on which redistribution is performed. The other IGP domain will then select the best path based on its best path selection procedures.
Posted by at 6:52 AM 0 comments

Thursday, February 16, 2012

Side Notes


1. Understanding the command:  spaning-tree vlan 68 root primary diameter 3 hello-time 1

Based just on diameter value, Cisco IOS may calculate all other timer values suitable for the particular STP topology. The idea is that all timers essentially depend on few fixed parameters (e.g. hello timer) and the network diameter. The command itself is a macro, which is expanded into a number of additional commands. If you want to read more on the relations between STP timers and network diameter check out the following link:
http://www.cisco.com/en/US/tech/tk389/tk621/technologies_tech_note09186a0080094954.shtml

2. There exist a command "set ip next-hop peer-address" which could be applied under a route-map. This command does the same as next-hop-self, BUT it allows you to do so on per-prefix basis. For example:

---
ip prefix-list TEST permit 150.1.1.0/24
!
route-map NEXT_HOP
match ip address prefix-list TEST
set ip next-hop peer-address
!
router bgp 100
neighbor 155.1.22 remote-as 100
...
neighbor 155.1.2.2 route-map NEXT_HOP out
---

You can also use the command "set ip next-hop 150.1.1.1" (explicit next-hop) in a route-map to change the next-hop to self. All three alternative are viable, just use the one that suits you better.
Posted by at 11:54 PM 0 comments

Sunday, February 12, 2012

OSPF over PPPoFR

PPPoFR is configured by creating a virtual-template first and then bind that template with the frame-relay interface-dlci ppp virtual-template. It does not require dynamic or static mapping since the connection is now considered as point to point. All the logical options like authentication, multilink are configured here under virtual template but not backup command.
What if we bind the virtual-template with multiple interface-dlci ? such as

interface virtual-template 1
ip address 10.0.0.5 255.255.255.0

interface S0/0/0
frame-relay interface-dlci 501 ppp virtual-template 1
frame-relay interface-dlci 502 ppp virtual-template 1

Virtual-template is just a template which create a virtual-access interface if it bind to any dlci. Here virtual template is bind to two dlci therefore it will create two different virtual access say virtual-access2 and virtual-access3. Now these are the interfaces on which dynamic protocols learns the routing updates.
Lets consider a HuB R5 and two Spokes R1 and R2 are connected via frame relay cloud.


R5#sh run int s0/0
interface Serial0/0
 no ip address
 encapsulation frame-relay
 frame-relay interface-dlci 501 ppp Virtual-Template1
 frame-relay interface-dlci 502 ppp Virtual-Template1
 frame-relay lmi-type ansi
end
R5#sh run int virtual-template 1
interface Virtual-Template1
 ip address 10.0.0.5 255.255.255.0
end
R5#sh ip int br
Interface                  IP-Address      OK? Method Status                Protocol
Serial0/0                  unassigned      YES unset  up                    up
Virtual-Access1            unassigned      YES unset  down                  down
Virtual-Template1          10.0.0.5        YES manual down                  down
Virtual-Access2            10.0.0.5        YES TFTP   up                    up
Virtual-Access3            10.0.0.5        YES TFTP   up                    up

R5#sh int virtual-access 2
Virtual-Access2 is up, line protocol is up
  Hardware is Virtual Access interface
  Internet address is 10.0.0.5/24
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Open
  Open: IPCP
  PPPoFR vaccess, cloned from Virtual-Template1
  Vaccess status 0x44
  Bound to Serial0/0 DLCI 501, Cloned from Virtual-Template1, loopback not set
  Keepalive set (10 sec)
  DTR is pulsed for 5 seconds on reset
  < skip >
R5#sh int virtual-access 3
Virtual-Access3 is up, line protocol is up
  Hardware is Virtual Access interface
  Internet address is 10.0.0.5/24
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Open
  Open: IPCP
  PPPoFR vaccess, cloned from Virtual-Template1
  Vaccess status 0x44
  Bound to Serial0/0 DLCI 502, Cloned from Virtual-Template1, loopback not set
  Keepalive set (10 sec)
  DTR is pulsed for 5 seconds on reset
 < skip >


Configuration at both R1 and R2 are similar here are the configuration at R1


R1#sh run int s0/0
interface Serial0/0
 no ip address
 encapsulation frame-relay
 frame-relay interface-dlci 105 ppp Virtual-Template1
end
R1#sh run int virtual-template 1
interface Virtual-Template1
 ip address 10.0.0.1 255.255.255.0
end

R1#sh ip int br
Interface                  IP-Address      OK? Method Status                Protocol
Serial0/0                  unassigned      YES unset  up                    up
Virtual-Access1            unassigned      YES unset  down                  down
Virtual-Template1          10.0.0.1        YES manual down                  down
Virtual-Access2            10.0.0.1        YES TFTP   up                    up
R1#sh int virtual-access 2
Virtual-Access2 is up, line protocol is up
  Hardware is Virtual Access interface
  Internet address is 10.0.0.1/24
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation PPP, LCP Open
  Open: IPCP
  PPPoFR vaccess, cloned from Virtual-Template1
  Vaccess status 0x44
  Bound to Serial0/0 DLCI 105, Cloned from Virtual-Template1, loopback not set
  Keepalive set (10 sec)
  DTR is pulsed for 5 seconds on reset
 < skip >

At R5 

R5#sh ip route 10.0.0.1
Routing entry for 10.0.0.1/32
  Known via "connected", distance 0, metric 0 (connected, via interface)
  Routing Descriptor Blocks:
  * directly connected, via Virtual-Access2
      Route metric is 0, traffic share count is 1

R5#sh ip route 10.0.0.2
Routing entry for 10.0.0.2/32
  Known via "connected", distance 0, metric 0 (connected, via interface)
  Routing Descriptor Blocks:
  * directly connected, via Virtual-Access3
      Route metric is 0, traffic share count is 1

The spokes ip addresses are learned on virtual-access 2 and virtual-access 3, meaning that if R5 tries to ping R1 or R2 it will use respective dlci to forward packets.

Lets run OSPF on R5, R1 and R2 and advertise their loopback interfaces into ospf say Area 0.

R5#sh ip ospf neighbor
Neighbor ID     Pri   State           Dead Time   Address         Interface
10.0.0.2          0   FULL/  -        00:00:34    10.0.0.2        Virtual-Access3
10.0.0.1          0   FULL/  -        00:00:36    10.0.0.1        Virtual-Access2

Notice that these neighbors are learned on virtual-access2 and virtual-access3.
Lets look into the ospf routing table
R5#sh ip route ospf
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/2] via 10.0.0.2, 00:00:18, Virtual-Access3

R1#sh ip route ospf
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/3] via 10.0.0.5, 00:00:36, Virtual-Access2
     5.0.0.0/32 is subnetted, 1 subnets
O       5.5.5.5 [110/2] via 10.0.0.5, 00:00:36, Virtual-Access2

R2#sh ip route ospf
     1.0.0.0/32 is subnetted, 1 subnets
O       1.1.1.1 [110/3] via 10.0.0.5, 00:01:15, Virtual-Access2
     5.0.0.0/32 is subnetted, 1 subnets
O       5.5.5.5 [110/2] via 10.0.0.5, 00:01:15, Virtual-Access2

We have just R2's  loopback in the R5's routing table learned on virtual-access3 but does not have R1's loopback. This is happening because ospf here network type is point to point but there are two virtual interfaces virtual-access2 and virtual-access3 on which these routes are learned so ospf process will accept the route only from one (which has the higher ifindex number).

Lets change the ospf network type to point-to-multipoint. Remember that this option of ip ospf network type point-to-multipoint will come under virtual-template. Now routing table at R5 looks likes this 
R5#sh ip route ospf
     1.0.0.0/32 is subnetted, 1 subnets
O       1.1.1.1 [110/2] via 10.0.0.1, 00:01:51, Virtual-Access3
     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/2] via 10.0.0.2, 00:01:31, Virtual-Access3

Now we have both the routes but both are learned on same virtual-access3 therefore traffic towards both routes will go to through the same dlci. So traffic send towards one will successful but drops for the other. Notice that vitual-access 3 is associated with dlci 502 so traffic for R2's loopback will get succeed.

R5#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R5#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/30/92 ms


So there is a very big issue here. How this can be resolved? There are two ways to solve this 
1. Use ip unnumbered for virtual template
2. Use multilink
3. Obtain IP address from the other source like IPCP or DHCP

These will also help in self pinging on the frame relay main interface which is not possible in normal cases.

This post has happened to be very long so rest part will be posted in my next post.














Posted by at 1:19 AM 2 comments
Subscribe to: Posts (Atom)