Monday, December 30, 2013

Welcome To The World Of Hierarchical LSPs...AKA Unified MPLS...AKA Seamless MPLS = RFC 3107 (Part-1)

For quite a while I have been trying to understand Hierarchical LSPs uder Cisco New Model developed for Mobile Operators known as Unified MPLS For Mobile Transport (UMMT). In case you haven't noticed, this new model came into picture officially early this year and after certain revisions they reached on version 3 or UMMT 3.0 as final model so far.

 The idea behind UMMT is to move away from Traditional flat IP network design that Service Providers have been using for many years. Where they usually run Single IS-IS Level-2 Domain across entire core or Single OSPF Area as well. This design has couple of problems to begin with:

 > Single Flat Network Domain Means any small change or instability will cause LSA Flooding or Re-Calculation.

 > The network doesn't scale very well as it grows. Eventually large IGP domains means lots of burden on IGP which also further affects our Convergence Requirements from Today's Networks.

 > You cannot break network into small pieces/domains as our LSPs requirements are End to End from PE's perspective in order to offer services such as L2/L3 MPLS VPNs & Traffic Engineering etc.

 The Idea behind UMMT 3.0 Model is to break the network into multiple domains using different IGP Instances and yet not to compromise on our End To End LSP requirements. So the final picture looks some thing like following:

But as you can below it helps allot with minimizing the routes in every single domains which further helps with Network Convergence requirements of modern networks. Though Network Convergence is a big topic in itself and there are lot of recipes that goes with it in order to achieve the ultimate goal of 50 msec or less convergence time. But I'll focus more on Network Convergence is coming posts.


Although UMMT is a kind of model only, but Cisco is showcasing it's ASR & ME Product line being part of model as follows:

UMMT uses our old friend BGP for creating End to End LSP (Inter Domain) on top of existing LDP based LSPs (Intra Domain). For this they developed something called BGP Labeled Unicast documented under rfc 3107 which to my surprise was written in 2001 :)

 With That being said. Here is a Quick Lab Demonstrating how everything fits together and how overall label space will work:


Complete Configuration:
================

 R1
##

 !
en
!
conf t
!
ho CE-1
!
no ip do lo
!
no cdp run
!
line con 0
 no exec-time
 logging syn
 exit
!
int lo0
 ip add 1.1.1.1 255.255.255.255
 exit
!
int f0/0
 ip add 150.0.0.1 255.255.255.0
 no sh
 exit
!
router eigrp 100
 no auto
 net 1.1.1.1 0.0.0.0
 net 150.0.0.1 0.0.0.0
 exit
!
end
!

 ++++++++++++++++++++++++++++

 R9
##

 !
en
!
conf t
!
ho CE-2
!
no ip do lo
!
no cdp run
!
line con 0
 no exec-time
 logging syn
 exit
!
int lo0
 ip add 9.9.9.9 255.255.255.255
 exit
!
int f0/0
 ip add 150.0.0.9 255.255.255.0
 no sh
 exit
!
router eigrp 100
 no auto
 net 9.9.9.9 0.0.0.0
 net 150.0.0.9 0.0.0.0
 exit
!
end
!

 ++++++++++++++++++++++++++++

 R2
##

 !
en
!
conf t
!
ho PE-1
!
no ip do lo
!
no cdp run
!
line con 0
 no exec-time
 logging syn
 exit
!
int lo0
 ip add 2.2.2.2 255.255.255.255
 exit
!
int f1/0
 no sh
 xconnect 8.8.8.8 1 encapsulation mpls
 exit
exit
!
int f1/1
 ip add 23.23.23.2 255.255.255.0
 mpls ip
 no sh
 exit
!
mpls label protocol ldp
!
mpls ldp router-id lo0
!
router ospf 1
 net 2.2.2.2 0.0.0.0 area 0
 net 23.23.23.2 0.0.0.0 area 0
 exit
!
router bgp 100
 no auto
 no sync
 net 2.2.2.2 mask 255.255.255.255
 nei 4.4.4.4 remote 100
 nei 4.4.4.4 update lo0
 nei 4.4.4.4 send-label
 exit
!
end
!

 ++++++++++++++++++++++++++++
R3
##

 !
en
!
conf t
!
ho P-1
!
no ip do lo
!
no cdp run
!
line con 0
 no exec-time
 logging syn
 exit
!
int lo0
 ip add 3.3.3.3 255.255.255.255
 exit
!
!
mpls label protocol ldp
!
mpls ldp router-id lo0
!
int f0/0
 ip add 23.23.23.3 255.255.255.0
 mpls ip
 no sh
 exit
!
int f0/1
 ip add 34.34.34.3 255.255.255.0
 mpls ip
 no sh
 exit
!
router ospf 1
 net 0.0.0.0 255.255.255.255 area 0
 exit
!
end
!

 ++++++++++++++++++++++++++++
R4
##

 !
en
!
conf t
!
ho RR-1
!
no ip do lo
!
no cdp run
!
line con 0
 no exec-time
 logging syn
 exit
!
int lo0
 ip add 4.4.4.4 255.255.255.255
 exit
!
!
mpls label protocol ldp
!
mpls ldp router-id lo0
!
int f1/0
 ip add 34.34.34.4 255.255.255.0
 mpls ip
 no sh
 exit
!
int f1/1
 ip add 45.45.45.4 255.255.255.0
 mpls ip
 no sh
 exit
!
router ospf 2
 net 4.4.4.4 0.0.0.0 area 0
 net 45.45.45.4 0.0.0.0 area 0
 exit
!
ip prefix-list R4Loopback0 seq 5 permit 4.4.4.4/32
!
route-map ospf2-into-ospf1 permit 10
 match ip address prefix-list R4Loopback0
 exit
!
router ospf 1
 net 34.34.34.4 0.0.0.0 area 0
 redistribute ospf 2 subnets match internal route-map ospf2-into-ospf1
 exit
!
router bgp 100
 no auto
 no sync
 nei 2.2.2.2 remote 100
 nei 2.2.2.2 update lo0
 nei 2.2.2.2 route-reflector-client
 nei 2.2.2.2 next-hop-self all
 nei 2.2.2.2 send-label

 nei 6.6.6.6 remote 100
 nei 6.6.6.6 update lo0
 nei 6.6.6.6 route-reflector-client
 nei 6.6.6.6 next-hop-self all
 nei 6.6.6.6 send-label
 exit
!
end
!
++++++++++++++++++++++++++++
R5
##

 !
en
!
conf t
!
ho P-2
!
no ip do lo
!
no cdp run
!
line con 0
 no exec-time
 logging syn
 exit
!
int lo0
 ip add 5.5.5.5 255.255.255.255
 exit
!
!
mpls label protocol ldp
!
mpls ldp router-id lo0
!
int f0/0
 ip add 45.45.45.5 255.255.255.0
 mpls ip
 no sh
 exit
!
int f0/1
 ip add 56.56.56.5 255.255.255.0
 mpls ip
 no sh
 exit
!
router ospf 2
 net 0.0.0.0 255.255.255.255 area 0
 exit
!
end
!

 ++++++++++++++++++++++++++++
R6
##

 !
en
!
conf t
!
ho RR-2
!
no ip do lo
!
no cdp run
!
line con 0
 no exec-time
 logging syn
 exit
!
int lo0
 ip add 6.6.6.6 255.255.255.255
 exit
!
!
mpls label protocol ldp
!
mpls ldp router-id lo0
!
int f1/1
 ip add 56.56.56.6 255.255.255.0
 mpls ip
 no sh
 exit
!
int f1/0
 ip add 76.76.76.6 255.255.255.0
 mpls ip
 no sh
 exit
!
!
router ospf 2
 net 6.6.6.6 0.0.0.0 area 0
 net 56.56.56.6 0.0.0.0 area 0
 exit
!
ip prefix-list R6Loopback0 seq 5 permit 6.6.6.6/32
!
route-map ospf2-into-ospf3 permit 10
 match ip address prefix-list R6Loopback0
 exit
!
router ospf 3
 net 76.76.76.6 0.0.0.0 area 0
 redistribute ospf 2 subnets match internal route-map ospf2-into-ospf3
 exit
!
router bgp 100
 no auto
 no sync
 nei 4.4.4.4 remote 100
 nei 4.4.4.4 update lo0
 nei 4.4.4.4 route-reflector-client
 nei 4.4.4.4 next-hop-self all
 nei 4.4.4.4 send-label

 nei 8.8.8.8 remote 100
 nei 8.8.8.8 update lo0
 nei 8.8.8.8 route-reflector-client
 nei 8.8.8.8 next-hop-self all
 nei 8.8.8.8 send-label
 exit
!
end
!

 ++++++++++++++++++++++++++++

 R7
##

 !
en
!
conf t
!
ho P-3
!
no ip do lo
!
no cdp run
!
line con 0
 no exec-time
 logging syn
 exit
!
int lo0
 ip add 7.7.7.7 255.255.255.255
 exit
!
!
mpls label protocol ldp
!
mpls ldp router-id lo0
!
int f0/1
 ip add 76.76.76.7 255.255.255.0
 mpls ip
 no sh
 exit
!
int f0/0
 ip add 87.87.87.7 255.255.255.0
 mpls ip
 no sh
 exit
!
router ospf 3
 net 0.0.0.0 255.255.255.255 area 0
 exit
!
end
!
++++++++++++++++++++++++++++

 R8
##

 !
en
!
conf t
!
ho PE-2
!
no ip do lo
!
no cdp run
!
line con 0
 no exec-time
 logging syn
 exit
!
int lo0
 ip add 8.8.8.8 255.255.255.255
 exit
!
!
mpls label protocol ldp
!
mpls ldp router-id lo0
!
int f1/1
 ip add 87.87.87.8 255.255.255.0
 mpls ip
 no sh
 exit
!
int f1/0
 no sh
 xconnect 2.2.2.2 1 encapsulation mpls
 exit
exit
!
router ospf 3
 net 8.8.8.8 0.0.0.0 area 0
 net 87.87.87.8 0.0.0.0 area 0
 exit
!
router bgp 100
 no auto
 no sync
 net 8.8.8.8 mask 255.255.255.255
 nei 6.6.6.6 remote 100
 nei 6.6.6.6 update lo0
 nei 6.6.6.6 send-label
 exit
!
end
!
+++++++++++++++++++++++++++++

 Label Space & Verification
=================

 PE-1#sh mpls forwarding-table
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
16         Pop Label  3.3.3.3/32       0             Fa1/1      23.23.23.3
17         Pop Label  34.34.34.0/24    0             Fa1/1      23.23.23.3
18         17         4.4.4.4/32       0             Fa1/1      23.23.23.3
19         No Label   l2ckt(1)         29118         Fa1/0      point2point

 PE-1#sh ip route 8.8.8.8
Routing entry for 8.8.8.8/32
  Known via "bgp 100", distance 200, metric 0, type internal
  Last update from 4.4.4.4 00:39:45 ago
  Routing Descriptor Blocks:
  * 4.4.4.4, from 4.4.4.4, 00:39:45 ago
      Route metric is 0, traffic share count is 1
      AS Hops 0
      MPLS label: 22

 PE-1#sh ip cef 8.8.8.8
8.8.8.8/32
  nexthop 23.23.23.3 FastEthernet1/1 label 17 22

 PE-1#sh ip cef 8.8.8.8 detail
8.8.8.8/32, epoch 0, flags rib defined all labels
  1 RR source [no flags]
  recursive via 4.4.4.4 label 22
    nexthop 23.23.23.3 FastEthernet1/1 label 17

 PE-1#sh bgp ipv4 unicast labels
   Network          Next Hop      In label/Out label
   2.2.2.2/32       0.0.0.0         imp-null/nolabel
   8.8.8.8/32       4.4.4.4         nolabel/22
P-1#sh mpls forwarding-table
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
16     Pop tag     2.2.2.2/32        60043      Fa0/0      23.23.23.2
17     Pop tag     4.4.4.4/32        63026      Fa0/1      34.34.34.4

 P-1#sh mpls forwarding-table labels 17 detail
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
17     Pop tag     4.4.4.4/32        111825     Fa0/1      34.34.34.4
        MAC/Encaps=14/14, MRU=1504, Tag Stack{}
        CA0C17A0001CC20B1B2000018847
        No output feature configured
    Per-packet load-sharing
RR-1#sh mpls forwarding-table
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
16         Pop Label  3.3.3.3/32       0             Fa1/0      34.34.34.3
17         16         2.2.2.2/32       57654         Fa1/0      34.34.34.3
18         Pop Label  23.23.23.0/24    0             Fa1/0      34.34.34.3
19         Pop Label  5.5.5.5/32       0             Fa1/1      45.45.45.5
20         Pop Label  56.56.56.0/24    0             Fa1/1      45.45.45.5
21         17         6.6.6.6/32       0             Fa1/1      45.45.45.5
22         21         8.8.8.8/32       60902         Fa1/1      45.45.45.5
RR-1#sh mpls forwarding-table labels 22 detail
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
22         21         8.8.8.8/32       111502        Fa1/1      45.45.45.5
        MAC/Encaps=14/22, MRU=1496, Label Stack{17 21}
        C20D1B200000CA0C17A0001D8847 0001100000015000
        No output feature configured

 RR-1#sh bgp ipv4 unicast labels
   Network          Next Hop      In label/Out label
   2.2.2.2/32       2.2.2.2         17/imp-null
   8.8.8.8/32       6.6.6.6         22/21
P-2#sh mpls forwarding-table
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
16     Pop tag     4.4.4.4/32        63393      Fa0/0      45.45.45.4
17     Pop tag     6.6.6.6/32        63803      Fa0/1      56.56.56.6

 P-2#sh mpls forwarding-table labels 16 detail
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
16     Pop tag     4.4.4.4/32        124541     Fa0/0      45.45.45.4
        MAC/Encaps=14/14, MRU=1504, Tag Stack{}
        CA0C17A0001DC20D1B2000008847
        No output feature configured
    Per-packet load-sharing
P-2#sh mpls forwarding-table labels 17 detail
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
17     Pop tag     6.6.6.6/32        125808     Fa0/1      56.56.56.6
        MAC/Encaps=14/14, MRU=1504, Tag Stack{}
        CA0E04F4001DC20D1B2000018847
        No output feature configured
    Per-packet load-sharing
RR-2#sh mpls forwarding-table
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
16         Pop Label  5.5.5.5/32       0             Fa1/1      56.56.56.5
17         16         4.4.4.4/32       0             Fa1/1      56.56.56.5
18         Pop Label  45.45.45.0/24    0             Fa1/1      56.56.56.5
19         Pop Label  7.7.7.7/32       0             Fa1/0      76.76.76.7
20         Pop Label  87.87.87.0/24    0             Fa1/0      76.76.76.7
21         17         8.8.8.8/32       60618         Fa1/0      76.76.76.7
22         17         2.2.2.2/32       62592         Fa1/1      56.56.56.5

 RR-2#show mpls forwarding-table labels 21 detail
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
21         17         8.8.8.8/32       124158        Fa1/0      76.76.76.7
        MAC/Encaps=14/18, MRU=1500, Label Stack{17}
        C20F1B200001CA0E04F4001C8847 00011000
        No output feature configured
RR-2#sh bgp ipv4 unicast labels
   Network          Next Hop      In label/Out label
   2.2.2.2/32       4.4.4.4         22/17
   8.8.8.8/32       8.8.8.8         21/imp-null
P-3#sh mpls forwarding-table
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
16     Pop tag     6.6.6.6/32        64910      Fa0/1      76.76.76.6
17     Pop tag     8.8.8.8/32        62636      Fa0/0      87.87.87.8

 P-3#sh mpls forwarding-table labels 17 detail
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
17     Pop tag     8.8.8.8/32        134673     Fa0/0      87.87.87.8
        MAC/Encaps=14/14, MRU=1504, Tag Stack{}
        CA101C74001DC20F1B2000008847
        No output feature configured
    Per-packet load-sharing
PE-2#sh mpls forwarding-table
Local      Outgoing   Prefix           Bytes Label   Outgoing   Next Hop
Label      Label      or Tunnel Id     Switched      interface
16         Pop Label  7.7.7.7/32       0             Fa1/1      87.87.87.7
17         Pop Label  76.76.76.0/24    0             Fa1/1      87.87.87.7
18         16         6.6.6.6/32       0             Fa1/1      87.87.87.7
19         No Label   l2ckt(1)         32252         Fa1/0      point2point
PE-1#traceroute 8.8.8.8 source loopback 0
Type escape sequence to abort.
Tracing the route to 8.8.8.8
VRF info: (vrf in name/id, vrf out name/id)
  1 23.23.23.3 [MPLS: Labels 17/22 Exp 0] 1052 msec 1084 msec 440 msec
  2 34.34.34.4 [MPLS: Label 22 Exp 0] 612 msec 1416 msec 1324 msec
  3 45.45.45.5 [MPLS: Labels 17/21 Exp 0] 864 msec 972 msec 604 msec
  4 56.56.56.6 [MPLS: Label 21 Exp 0] 644 msec 1376 msec 1292 msec
  5  *
    76.76.76.7 [MPLS: Label 17 Exp 0] 1136 msec 832 msec
  6 87.87.87.8 1752 msec 1524 msec 1464 msec
CE-1#traceroute 9.9.9.9 source loopback 0

 Type escape sequence to abort.
Tracing the route to 9.9.9.9

   1 150.0.0.9 1480 msec 1100 msec 880 msec
P-1#sh ip route 8.8.8.8

% Network not in table
+++++++++++++++++++++++++++++++++++++++++

 Stay Tuned For Next Part Of Series as we will dig the UMMT deeper :)

HTH...
Deepak Arora
Evil CCIE
Posted by at 5 comments:
Labels: , , , ,

Tuesday, November 26, 2013

Consistently Inconsistent Cisco

Posted by at 1 comment:
Labels: , , ,

Thursday, November 14, 2013

OSPF Forwarding Address (FA) Part 2 - How FA Interacts With NSSA

Let's continue the series by looking at FA and it's interaction with NSSA (Not So Stubby Area).

 Below is our topology for the day:

Assuming everything is working fine. let's do a quick verification:

 R1#sh ip route ospf | b ^G
Gateway of last resort is not set

       2.0.0.0/32 is subnetted, 1 subnets
O        2.2.2.2 [110/2] via 123.0.0.2, 00:31:19, GigabitEthernet1/0
      3.0.0.0/32 is subnetted, 1 subnets
O        3.3.3.3 [110/2] via 123.0.0.3, 00:26:44, GigabitEthernet1/0
      4.0.0.0/32 is subnetted, 1 subnets
O IA     4.4.4.4 [110/3] via 123.0.0.2, 00:20:26, GigabitEthernet1/0
      5.0.0.0/32 is subnetted, 1 subnets
O E2     5.5.5.5 [110/20] via 123.0.0.2, 00:02:07, GigabitEthernet1/0
      24.0.0.0/24 is subnetted, 1 subnets
O IA     24.0.0.0 [110/2] via 123.0.0.2, 00:31:09, GigabitEthernet1/0
      34.0.0.0/24 is subnetted, 1 subnets
O IA     34.0.0.0 [110/65] via 123.0.0.3, 00:20:21, GigabitEthernet1/0
      45.0.0.0/24 is subnetted, 1 subnets

O E2     45.0.0.0 [110/20] via 123.0.0.2, 00:20:02, GigabitEthernet1/0

 So control plane seems to be working fine since 5.5.5.5/32 network is present in routing table.

 Now let's verify the data plane :

 R1#ping 5.5.5.5 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 120/170/236 ms

 So far so good...

 Now let's review LSA-5 information from R1's prospective:

 R1#sh ip ospf database external

             OSPF Router with ID (1.1.1.1) (Process ID 1)

                 Type-5 AS External Link States

   Routing Bit Set on this LSA in topology Base with MTID 0
  LS age: 284
  Options: (No TOS-capability, DC, Upward)
  LS Type: AS External Link
  Link State ID: 5.5.5.5 (External Network Number )
  Advertising Router: 3.3.3.3
  LS Seq Number: 80000001
  Checksum: 0x6F01
  Length: 36
  Network Mask: /32
        Metric Type: 2 (Larger than any link state path)
        MTID: 0
        Metric: 20
        Forward Address: 4.4.4.4
        External Route Tag: 0

   Routing Bit Set on this LSA in topology Base with MTID 0
  LS age: 1355
  Options: (No TOS-capability, DC, Upward)
  LS Type: AS External Link
  Link State ID: 45.0.0.0 (External Network Number )
  Advertising Router: 3.3.3.3
  LS Seq Number: 80000001
  Checksum: 0xB4C
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        MTID: 0
        Metric: 20
        Forward Address: 4.4.4.4

        External Route Tag: 0

 Now here are couple of interesting things to take a look at.

 The "Advertising Router" is marked as 3.3.3.3, Which means between R2 & R3, it's only R3 doing the translation of LSA-7 into LSA-5. Now to make it simple, when we have two or more ABRs between NSSA & Backbone Area. Only the router with higher Router ID (RID) is responsible for Type-7 to Type-5 translation. But on the flip side this translator router need not be in Data Plane path technically to reach the external prefixes. Let's verify this:

 R1#traceroute 5.5.5.5 source loopback 0
Type escape sequence to abort.
Tracing the route to 5.5.5.5
VRF info: (vrf in name/id, vrf out name/id)
  1 123.0.0.2 116 msec *  64 msec
  2 24.0.0.4 188 msec 184 msec 136 msec

  3 45.0.0.5 164 msec 92 msec 220 msec

 So basically election of path to reach External Prefixes completely depends upon cost to ASBR.


Also the FA is set to 4.4.4.4 instead of 45.0.0.5. This is because at the moment OSPF in not enabled on 45.0.0.X/24 Network. Also FA is set automatically instead of being 0.0.0.0 like in previous case. Which is also interesting.

 Now let's try to filter Forwarding-Address (FA) and see what happens:


R1(config)#ip prefix-list FILTER-FA deny 4.4.4.4/32
R1(config)#ip prefix-list FILTER-FA permit 0.0.0.0/0 le 32

 R1(config)#router ospf 1
R1(config-router)#distribute-list prefix FILTER-FA in

R1(config-router)#exit

 Now Let's verify the Data Plane again:

 R1#ping 5.5.5.5 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
.....

Success rate is 0 percent (0/5)

 Oops....Seems to be broken.

 Let's try traceroute:

 R1#traceroute 5.5.5.5 source loopback 0
Type escape sequence to abort.
Tracing the route to 5.5.5.5
VRF info: (vrf in name/id, vrf out name/id)
  1  *  *  *
  2  *  *  *

  3  *  *  *

 No Luck....

 Let's verify the control plane by looking at Routing Table:

 R1#sh ip route ospf | b ^G
Gateway of last resort is not set

       2.0.0.0/32 is subnetted, 1 subnets
O        2.2.2.2 [110/2] via 123.0.0.2, 00:02:15, GigabitEthernet1/0
      3.0.0.0/32 is subnetted, 1 subnets
O        3.3.3.3 [110/2] via 123.0.0.3, 00:02:15, GigabitEthernet1/0
      24.0.0.0/24 is subnetted, 1 subnets
O IA     24.0.0.0 [110/2] via 123.0.0.2, 00:02:15, GigabitEthernet1/0
      34.0.0.0/24 is subnetted, 1 subnets

O IA     34.0.0.0 [110/65] via 123.0.0.3, 00:02:15, GigabitEthernet1/0

 Hmmm...here seems to be the problem since 5.5.5.5/32 is not in RIB. 

 Let's review LSA-5 and see if the information is in OSPF LSDB atleast.

 R1#sh ip ospf database external

             OSPF Router with ID (1.1.1.1) (Process ID 1)

                 Type-5 AS External Link States

   LS age: 780
  Options: (No TOS-capability, DC, Upward)
  LS Type: AS External Link
  Link State ID: 5.5.5.5 (External Network Number )
  Advertising Router: 3.3.3.3
  LS Seq Number: 80000001
  Checksum: 0x6F01
  Length: 36
  Network Mask: /32
        Metric Type: 2 (Larger than any link state path)
        MTID: 0
        Metric: 20
        Forward Address: 4.4.4.4
        External Route Tag: 0

   LS age: 1851
  Options: (No TOS-capability, DC, Upward)
  LS Type: AS External Link
  Link State ID: 45.0.0.0 (External Network Number )
  Advertising Router: 3.3.3.3
  LS Seq Number: 80000001
  Checksum: 0xB4C
  Length: 36
  Network Mask: /24
        Metric Type: 2 (Larger than any link state path)
        MTID: 0
        Metric: 20
        Forward Address: 4.4.4.4

        External Route Tag: 0

 So We have LSA-5 for this external prefix in database but the entry is not getting installed into the Routing Table.

 So this is basically one of the reasons (Filtered FA) because of which OSPF Route is in database but not in Routing table. So add this to your ospf troubleshooting checklist :)

 But the next question is - How to we fix this ?

 Obviously Removing Distribute List on R1 is simple options :)

 Now let's solve it the other way which is known as "Forwarding Address Suppression". Which basically means let's filter the FA this time from LSA-5 itself. And since now FA will be set to 0.0.0.0 with this, it means filtering FA using Distribute List won't play any role.

 R2(config)#router ospf 1
R2(config-router)#area 1 nssa translate type7 suppress-fa

R2(config-router)#end

 Let's verify Control Plane:

 R1#sh ip route ospf | b ^G
Gateway of last resort is not set

       2.0.0.0/32 is subnetted, 1 subnets
O        2.2.2.2 [110/2] via 123.0.0.2, 00:09:33, GigabitEthernet1/0
      3.0.0.0/32 is subnetted, 1 subnets
O        3.3.3.3 [110/2] via 123.0.0.3, 00:09:33, GigabitEthernet1/0
      24.0.0.0/24 is subnetted, 1 subnets
O IA     24.0.0.0 [110/2] via 123.0.0.2, 00:09:33, GigabitEthernet1/0
      34.0.0.0/24 is subnetted, 1 subnets

O IA     34.0.0.0 [110/65] via 123.0.0.3, 00:09:33, GigabitEthernet1/0

 Hmmm...Doesn't work right ?

 This is because as I described above, it's only R3 that doing the translation to LSA-7 to LSA-5

 So let's put same configuration on R3:

 R3(config)#router ospf 1
R3(config-router)#area 1 nssa translate type7 suppress-fa

R3(config-router)#end

 Let's verify the Control Plane again:

 R1#sh ip route ospf | b ^G
Gateway of last resort is not set

       2.0.0.0/32 is subnetted, 1 subnets
O        2.2.2.2 [110/2] via 123.0.0.2, 00:10:34, GigabitEthernet1/0
      3.0.0.0/32 is subnetted, 1 subnets
O        3.3.3.3 [110/2] via 123.0.0.3, 00:10:34, GigabitEthernet1/0
      5.0.0.0/32 is subnetted, 1 subnets
O E2     5.5.5.5 [110/20] via 123.0.0.3, 00:00:19, GigabitEthernet1/0
      24.0.0.0/24 is subnetted, 1 subnets
O IA     24.0.0.0 [110/2] via 123.0.0.2, 00:10:34, GigabitEthernet1/0
      34.0.0.0/24 is subnetted, 1 subnets
O IA     34.0.0.0 [110/65] via 123.0.0.3, 00:10:34, GigabitEthernet1/0
      45.0.0.0/24 is subnetted, 1 subnets

O E2     45.0.0.0 [110/20] via 123.0.0.3, 00:00:19, GigabitEthernet1/0

 Now this looks far better. So let's review LSA-5 again:

 R1#sh ip ospf database external

             OSPF Router with ID (1.1.1.1) (Process ID 1)

                 Type-5 AS External Link States

   Routing Bit Set on this LSA in topology Base with MTID 0
  LS age: 914
  Options: (No TOS-capability, DC, Upward)
  LS Type: AS External Link
  Link State ID: 5.5.5.5 (External Network Number )
  Advertising Router: 3.3.3.3
  LS Seq Number: 80000002
  Checksum: 0xA4DA
  Length: 36
  Network Mask: /32
        Metric Type: 2 (Larger than any link state path)
        MTID: 0
        Metric: 20
        Forward Address: 0.0.0.0

        External Route Tag: 0

 So as you can see the FA is now set to 0.0.0.0, And since it all Zeros now, filtering FA won't have any affect.

 Let's review Data Plane one more time.

 R1#ping 5.5.5.5 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 88/163/240 ms
R1#traceroute 5.5.5.5 source loopback 0
Type escape sequence to abort.
Tracing the route to 5.5.5.5
VRF info: (vrf in name/id, vrf out name/id)
  1 123.0.0.3 148 msec 156 msec 32 msec
  2 34.0.0.4 208 msec 100 msec 72 msec

  3 45.0.0.5 100 msec 328 msec *

 Gr8....

 Now for one little last testing remove the Distribute List we applied on R1 and Remove FA suppression command from R2 & R3. Also we will enable OSPF on 45.0.0.X/24 to see if anything changes from FA prospective:

 R1#sh ip ospf database external

             OSPF Router with ID (1.1.1.1) (Process ID 1)

                 Type-5 AS External Link States

   Routing Bit Set on this LSA in topology Base with MTID 0
  LS age: 33
  Options: (No TOS-capability, DC, Upward)
  LS Type: AS External Link
  Link State ID: 5.5.5.5 (External Network Number )
  Advertising Router: 3.3.3.3
  LS Seq Number: 80000003
  Checksum: 0xD972
  Length: 36
  Network Mask: /32
        Metric Type: 2 (Larger than any link state path)
        MTID: 0
        Metric: 20
        Forward Address: 45.0.0.5

        External Route Tag: 0

 And surely it does :)

 HTH...
Deepak Arora
Evil CCIE

 Okay let's not forget the initials if you wan't to test this by your own:

R1
++

 !
en
!
conf t
!
ho R1
!
no ip do lo
!
no cdp run
!
line con 0
 logging syn
 no exec-time
 exit
!
int lo0
 ip add 1.1.1.1 255.255.255.255
 exit
!
int gi1/0
 ip add 123.0.0.1 255.255.255.0
 no sh
 exit
!
router ospf 1
 net 1.1.1.1 0.0.0.0 area 0
 net 123.0.0.1 0.0.0.0 area 0
 exit
!
end
!

 ===============================

R2
++

 !
en
!
conf t
!
ho R2
!
no ip do lo
!
no cdp run
!
line con 0
 logging syn
 no exec-time
 exit
!
int lo0
 ip add 2.2.2.2 255.255.255.255
 exit
!
int gi1/0
 ip add 123.0.0.2 255.255.255.0
 no sh
 exit
!
int gi2/0
 ip add 24.0.0.2 255.255.255.0
 no sh
 exit
!
router ospf 1
 net 2.2.2.2 0.0.0.0 area 0
 net 123.0.0.2 0.0.0.0 area 0
 net 24.0.0.2 0.0.0.0 area 1 
 area 1 nssa
 area 1 nssa default-information-originate
 exit
!
end
!
==========================================

 R3
++

 !
en
!
conf t
!
ho R3
!
no ip do lo
!
no cdp run
!
line con 0
 logging syn
 no exec-time
 exit
!
int lo0
 ip add 3.3.3.3 255.255.255.255
 exit
!
int gi1/0
 ip add 123.0.0.3 255.255.255.0
 no sh
 exit
!
int s2/0
 ip add 34.0.0.3 255.255.255.0
 no sh
 exit
!
router ospf 1
 net 3.3.3.3 0.0.0.0 area 0
 net 123.0.0.3 0.0.0.0 area 0
 net 34.0.0.3 0.0.0.0 area 1 
 area 1 nssa
 area 1 nssa default-information-originate
 exit
!
end
!

 ==========================================

 R4
++

 !
en
!
conf t
!
ho R4
!
no ip do lo
!
no cdp run
!
line con 0
 logging syn
 no exec-time
 exit
!
int lo0
 ip add 4.4.4.4 255.255.255.255
 exit
!
int gi1/0
 ip add 24.0.0.4 255.255.255.0
 no sh
 exit
!
int s3/0
 ip add 34.0.0.4 255.255.255.0
 no sh
 exit
!
int gi2/0
 ip add 45.0.0.4 255.255.255.0
 no sh
 exit
!
router ospf 1
 net 4.4.4.4 0.0.0.0 area 1
 net 24.0.0.4 0.0.0.0 area 1
 net 34.0.0.4 0.0.0.0 area 1 
 area 1 nssa
 redistribute eigrp 100 subnet
 exit
!
router eigrp 100
 no auto
 net 45.0.0.4 0.0.0.0
 redistribute ospf 1 metric 1 1 1 1 1
 exit
!
end
!

 ==========================================

 R5
++

 !
en
!
conf t
!
ho R5
!
no ip do lo
!
no cdp run
!
line con 0
 logging syn
 no exec-time
 exit
!
int lo0
 ip add 5.5.5.5 255.255.255.255
 exit
!
int gi1/0
 ip add 45.0.0.5 255.255.255.0
 no sh
 exit
!
router eigrp 100
 no auto
 net 5.5.5.5 0.0.0.0
 net 45.0.0.5 0.0.0.0
 exit
!
end
!
Posted by at 1 comment:
Labels: , , , , ,
Subscribe to: Posts (Atom)