PPPoFR is configured by creating a virtual-template first and then bind that template with the frame-relay interface-dlci ppp virtual-template. It does not require dynamic or static mapping since the connection is now considered as point to point. All the logical options like authentication, multilink are configured here under virtual template but not backup command.
What if we bind the virtual-template with multiple interface-dlci ? such as
interface virtual-template 1
ip address 10.0.0.5 255.255.255.0
interface S0/0/0
frame-relay interface-dlci 501 ppp virtual-template 1
frame-relay interface-dlci 502 ppp virtual-template 1
Virtual-template is just a template which create a virtual-access interface if it bind to any dlci. Here virtual template is bind to two dlci therefore it will create two different virtual access say virtual-access2 and virtual-access3. Now these are the interfaces on which dynamic protocols learns the routing updates.
Lets consider a HuB R5 and two Spokes R1 and R2 are connected via frame relay cloud.
R5#sh run int s0/0
interface Serial0/0
no ip address
encapsulation frame-relay
frame-relay interface-dlci 501 ppp Virtual-Template1
frame-relay interface-dlci 502 ppp Virtual-Template1
frame-relay lmi-type ansi
end
R5#sh run int virtual-template 1
interface Virtual-Template1
ip address 10.0.0.5 255.255.255.0
end
R5#sh ip int br
Interface IP-Address OK? Method Status Protocol
Serial0/0 unassigned YES unset up up
Virtual-Access1 unassigned YES unset down down
Virtual-Template1 10.0.0.5 YES manual down down
Virtual-Access2 10.0.0.5 YES TFTP up up
Virtual-Access3 10.0.0.5 YES TFTP up up
R5#sh int virtual-access 2
Virtual-Access2 is up, line protocol is up
Hardware is Virtual Access interface
Internet address is 10.0.0.5/24
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP
PPPoFR vaccess, cloned from Virtual-Template1
Vaccess status 0x44
Bound to Serial0/0 DLCI 501, Cloned from Virtual-Template1, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 5 seconds on reset
< skip >
R5#sh int virtual-access 3
Virtual-Access3 is up, line protocol is up
Hardware is Virtual Access interface
Internet address is 10.0.0.5/24
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP
PPPoFR vaccess, cloned from Virtual-Template1
Vaccess status 0x44
Bound to Serial0/0 DLCI 502, Cloned from Virtual-Template1, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 5 seconds on reset
< skip >
Configuration at both R1 and R2 are similar here are the configuration at R1
R1#sh run int s0/0
interface Serial0/0
no ip address
encapsulation frame-relay
frame-relay interface-dlci 105 ppp Virtual-Template1
end
R1#sh run int virtual-template 1
interface Virtual-Template1
ip address 10.0.0.1 255.255.255.0
end
R1#sh ip int br
Interface IP-Address OK? Method Status Protocol
Serial0/0 unassigned YES unset up up
Virtual-Access1 unassigned YES unset down down
Virtual-Template1 10.0.0.1 YES manual down down
Virtual-Access2 10.0.0.1 YES TFTP up up
R1#sh int virtual-access 2
Virtual-Access2 is up, line protocol is up
Hardware is Virtual Access interface
Internet address is 10.0.0.1/24
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP
PPPoFR vaccess, cloned from Virtual-Template1
Vaccess status 0x44
Bound to Serial0/0 DLCI 105, Cloned from Virtual-Template1, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 5 seconds on reset
< skip >
At R5
R5#sh ip route 10.0.0.1
Routing entry for 10.0.0.1/32
Known via "connected", distance 0, metric 0 (connected, via interface)
Routing Descriptor Blocks:
* directly connected, via Virtual-Access2
Route metric is 0, traffic share count is 1
R5#sh ip route 10.0.0.2
Routing entry for 10.0.0.2/32
Known via "connected", distance 0, metric 0 (connected, via interface)
Routing Descriptor Blocks:
* directly connected, via Virtual-Access3
Route metric is 0, traffic share count is 1
The spokes ip addresses are learned on virtual-access 2 and virtual-access 3, meaning that if R5 tries to ping R1 or R2 it will use respective dlci to forward packets.
Lets run OSPF on R5, R1 and R2 and advertise their loopback interfaces into ospf say Area 0.
R5#sh ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
10.0.0.2 0 FULL/ - 00:00:34 10.0.0.2 Virtual-Access3
10.0.0.1 0 FULL/ - 00:00:36 10.0.0.1 Virtual-Access2
Notice that these neighbors are learned on virtual-access2 and virtual-access3.
Lets look into the ospf routing table
R5#sh ip route ospf
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 10.0.0.2, 00:00:18, Virtual-Access3
R1#sh ip route ospf
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/3] via 10.0.0.5, 00:00:36, Virtual-Access2
5.0.0.0/32 is subnetted, 1 subnets
O 5.5.5.5 [110/2] via 10.0.0.5, 00:00:36, Virtual-Access2
R2#sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/3] via 10.0.0.5, 00:01:15, Virtual-Access2
5.0.0.0/32 is subnetted, 1 subnets
O 5.5.5.5 [110/2] via 10.0.0.5, 00:01:15, Virtual-Access2
We have just R2's loopback in the R5's routing table learned on virtual-access3 but does not have R1's loopback. This is happening because ospf here network type is point to point but there are two virtual interfaces virtual-access2 and virtual-access3 on which these routes are learned so ospf process will accept the route only from one (which has the higher ifindex number).
Lets change the ospf network type to point-to-multipoint. Remember that this option of ip ospf network type point-to-multipoint will come under virtual-template. Now routing table at R5 looks likes this
R5#sh ip route ospf
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/2] via 10.0.0.1, 00:01:51, Virtual-Access3
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 10.0.0.2, 00:01:31, Virtual-Access3
Now we have both the routes but both are learned on same virtual-access3 therefore traffic towards both routes will go to through the same dlci. So traffic send towards one will successful but drops for the other. Notice that vitual-access 3 is associated with dlci 502 so traffic for R2's loopback will get succeed.
R5#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R5#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/30/92 ms
So there is a very big issue here. How this can be resolved? There are two ways to solve this
1. Use ip unnumbered for virtual template
2. Use multilink
3. Obtain IP address from the other source like IPCP or DHCP
These will also help in self pinging on the frame relay main interface which is not possible in normal cases.
This post has happened to be very long so rest part will be posted in my next post.