Tuesday, November 26, 2013
Thursday, November 14, 2013
OSPF Forwarding Address (FA) Part 2 - How FA Interacts With NSSA
Let's continue the series by looking at FA and it's interaction with NSSA (Not So Stubby Area).
Below is our topology for the day:
Assuming everything is working fine. let's do a quick verification:
R1#sh ip route ospf | b ^G
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 123.0.0.2, 00:31:19, GigabitEthernet1/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 123.0.0.3, 00:26:44, GigabitEthernet1/0
4.0.0.0/32 is subnetted, 1 subnets
O IA 4.4.4.4 [110/3] via 123.0.0.2, 00:20:26, GigabitEthernet1/0
5.0.0.0/32 is subnetted, 1 subnets
O E2 5.5.5.5 [110/20] via 123.0.0.2, 00:02:07, GigabitEthernet1/0
24.0.0.0/24 is subnetted, 1 subnets
O IA 24.0.0.0 [110/2] via 123.0.0.2, 00:31:09, GigabitEthernet1/0
34.0.0.0/24 is subnetted, 1 subnets
O IA 34.0.0.0 [110/65] via 123.0.0.3, 00:20:21, GigabitEthernet1/0
45.0.0.0/24 is subnetted, 1 subnets
O E2 45.0.0.0 [110/20] via 123.0.0.2, 00:20:02, GigabitEthernet1/0
So control plane seems to be working fine since 5.5.5.5/32 network is present in routing table.
Now let's verify the data plane :
R1#ping 5.5.5.5 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 120/170/236 ms
So far so good...
Now let's review LSA-5 information from R1's prospective:
R1#sh ip ospf database external
OSPF Router with ID (1.1.1.1) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 284
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 5.5.5.5 (External Network Number )
Advertising Router: 3.3.3.3
LS Seq Number: 80000001
Checksum: 0x6F01
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20
Forward Address: 4.4.4.4
External Route Tag: 0
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 1355
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 45.0.0.0 (External Network Number )
Advertising Router: 3.3.3.3
LS Seq Number: 80000001
Checksum: 0xB4C
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20
Forward Address: 4.4.4.4
External Route Tag: 0
Now here are couple of interesting things to take a look at.
The "Advertising Router" is marked as 3.3.3.3, Which means between R2 & R3, it's only R3 doing the translation of LSA-7 into LSA-5. Now to make it simple, when we have two or more ABRs between NSSA & Backbone Area. Only the router with higher Router ID (RID) is responsible for Type-7 to Type-5 translation. But on the flip side this translator router need not be in Data Plane path technically to reach the external prefixes. Let's verify this:
R1#traceroute 5.5.5.5 source loopback 0
Type escape sequence to abort.
Tracing the route to 5.5.5.5
VRF info: (vrf in name/id, vrf out name/id)
1 123.0.0.2 116 msec * 64 msec
2 24.0.0.4 188 msec 184 msec 136 msec
3 45.0.0.5 164 msec 92 msec 220 msec
So basically election of path to reach External Prefixes completely depends upon cost to ASBR.
Also the FA is set to 4.4.4.4 instead of 45.0.0.5. This is because at the moment OSPF in not enabled on 45.0.0.X/24 Network. Also FA is set automatically instead of being 0.0.0.0 like in previous case. Which is also interesting.
Now let's try to filter Forwarding-Address (FA) and see what happens:
R1(config)#ip prefix-list FILTER-FA deny 4.4.4.4/32
R1(config)#ip prefix-list FILTER-FA permit 0.0.0.0/0 le 32
R1(config)#router ospf 1
R1(config-router)#distribute-list prefix FILTER-FA in
R1(config-router)#exit
Now Let's verify the Data Plane again:
R1#ping 5.5.5.5 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
.....
Success rate is 0 percent (0/5)
Oops....Seems to be broken.
Let's try traceroute:
R1#traceroute 5.5.5.5 source loopback 0
Type escape sequence to abort.
Tracing the route to 5.5.5.5
VRF info: (vrf in name/id, vrf out name/id)
1 * * *
2 * * *
3 * * *
No Luck....
Let's verify the control plane by looking at Routing Table:
R1#sh ip route ospf | b ^G
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 123.0.0.2, 00:02:15, GigabitEthernet1/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 123.0.0.3, 00:02:15, GigabitEthernet1/0
24.0.0.0/24 is subnetted, 1 subnets
O IA 24.0.0.0 [110/2] via 123.0.0.2, 00:02:15, GigabitEthernet1/0
34.0.0.0/24 is subnetted, 1 subnets
O IA 34.0.0.0 [110/65] via 123.0.0.3, 00:02:15, GigabitEthernet1/0
Hmmm...here seems to be the problem since 5.5.5.5/32 is not in RIB.
Let's review LSA-5 and see if the information is in OSPF LSDB atleast.
R1#sh ip ospf database external
OSPF Router with ID (1.1.1.1) (Process ID 1)
Type-5 AS External Link States
LS age: 780
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 5.5.5.5 (External Network Number )
Advertising Router: 3.3.3.3
LS Seq Number: 80000001
Checksum: 0x6F01
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20
Forward Address: 4.4.4.4
External Route Tag: 0
LS age: 1851
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 45.0.0.0 (External Network Number )
Advertising Router: 3.3.3.3
LS Seq Number: 80000001
Checksum: 0xB4C
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20
Forward Address: 4.4.4.4
External Route Tag: 0
So We have LSA-5 for this external prefix in database but the entry is not getting installed into the Routing Table.
So this is basically one of the reasons (Filtered FA) because of which OSPF Route is in database but not in Routing table. So add this to your ospf troubleshooting checklist :)
But the next question is - How to we fix this ?
Obviously Removing Distribute List on R1 is simple options :)
Now let's solve it the other way which is known as "Forwarding Address Suppression". Which basically means let's filter the FA this time from LSA-5 itself. And since now FA will be set to 0.0.0.0 with this, it means filtering FA using Distribute List won't play any role.
R2(config)#router ospf 1
R2(config-router)#area 1 nssa translate type7 suppress-fa
R2(config-router)#end
Let's verify Control Plane:
R1#sh ip route ospf | b ^G
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 123.0.0.2, 00:09:33, GigabitEthernet1/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 123.0.0.3, 00:09:33, GigabitEthernet1/0
24.0.0.0/24 is subnetted, 1 subnets
O IA 24.0.0.0 [110/2] via 123.0.0.2, 00:09:33, GigabitEthernet1/0
34.0.0.0/24 is subnetted, 1 subnets
O IA 34.0.0.0 [110/65] via 123.0.0.3, 00:09:33, GigabitEthernet1/0
Hmmm...Doesn't work right ?
This is because as I described above, it's only R3 that doing the translation to LSA-7 to LSA-5
So let's put same configuration on R3:
R3(config)#router ospf 1
R3(config-router)#area 1 nssa translate type7 suppress-fa
R3(config-router)#end
Let's verify the Control Plane again:
R1#sh ip route ospf | b ^G
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 123.0.0.2, 00:10:34, GigabitEthernet1/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 123.0.0.3, 00:10:34, GigabitEthernet1/0
5.0.0.0/32 is subnetted, 1 subnets
O E2 5.5.5.5 [110/20] via 123.0.0.3, 00:00:19, GigabitEthernet1/0
24.0.0.0/24 is subnetted, 1 subnets
O IA 24.0.0.0 [110/2] via 123.0.0.2, 00:10:34, GigabitEthernet1/0
34.0.0.0/24 is subnetted, 1 subnets
O IA 34.0.0.0 [110/65] via 123.0.0.3, 00:10:34, GigabitEthernet1/0
45.0.0.0/24 is subnetted, 1 subnets
O E2 45.0.0.0 [110/20] via 123.0.0.3, 00:00:19, GigabitEthernet1/0
Now this looks far better. So let's review LSA-5 again:
R1#sh ip ospf database external
OSPF Router with ID (1.1.1.1) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 914
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 5.5.5.5 (External Network Number )
Advertising Router: 3.3.3.3
LS Seq Number: 80000002
Checksum: 0xA4DA
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 0
So as you can see the FA is now set to 0.0.0.0, And since it all Zeros now, filtering FA won't have any affect.
Let's review Data Plane one more time.
R1#ping 5.5.5.5 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 88/163/240 ms
R1#traceroute 5.5.5.5 source loopback 0
Type escape sequence to abort.
Tracing the route to 5.5.5.5
VRF info: (vrf in name/id, vrf out name/id)
1 123.0.0.3 148 msec 156 msec 32 msec
2 34.0.0.4 208 msec 100 msec 72 msec
3 45.0.0.5 100 msec 328 msec *
Gr8....
Now for one little last testing remove the Distribute List we applied on R1 and Remove FA suppression command from R2 & R3. Also we will enable OSPF on 45.0.0.X/24 to see if anything changes from FA prospective:
R1#sh ip ospf database external
OSPF Router with ID (1.1.1.1) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 33
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 5.5.5.5 (External Network Number )
Advertising Router: 3.3.3.3
LS Seq Number: 80000003
Checksum: 0xD972
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20
Forward Address: 45.0.0.5
External Route Tag: 0
And surely it does :)
HTH...
Deepak Arora
Evil CCIE
Okay let's not forget the initials if you wan't to test this by your own:
R1
++
!
en
!
conf t
!
ho R1
!
no ip do lo
!
no cdp run
!
line con 0
logging syn
no exec-time
exit
!
int lo0
ip add 1.1.1.1 255.255.255.255
exit
!
int gi1/0
ip add 123.0.0.1 255.255.255.0
no sh
exit
!
router ospf 1
net 1.1.1.1 0.0.0.0 area 0
net 123.0.0.1 0.0.0.0 area 0
exit
!
end
!
===============================
R2
++
!
en
!
conf t
!
ho R2
!
no ip do lo
!
no cdp run
!
line con 0
logging syn
no exec-time
exit
!
int lo0
ip add 2.2.2.2 255.255.255.255
exit
!
int gi1/0
ip add 123.0.0.2 255.255.255.0
no sh
exit
!
int gi2/0
ip add 24.0.0.2 255.255.255.0
no sh
exit
!
router ospf 1
net 2.2.2.2 0.0.0.0 area 0
net 123.0.0.2 0.0.0.0 area 0
net 24.0.0.2 0.0.0.0 area 1
area 1 nssa
area 1 nssa default-information-originate
exit
!
end
!
==========================================
R3
++
!
en
!
conf t
!
ho R3
!
no ip do lo
!
no cdp run
!
line con 0
logging syn
no exec-time
exit
!
int lo0
ip add 3.3.3.3 255.255.255.255
exit
!
int gi1/0
ip add 123.0.0.3 255.255.255.0
no sh
exit
!
int s2/0
ip add 34.0.0.3 255.255.255.0
no sh
exit
!
router ospf 1
net 3.3.3.3 0.0.0.0 area 0
net 123.0.0.3 0.0.0.0 area 0
net 34.0.0.3 0.0.0.0 area 1
area 1 nssa
area 1 nssa default-information-originate
exit
!
end
!
==========================================
R4
++
!
en
!
conf t
!
ho R4
!
no ip do lo
!
no cdp run
!
line con 0
logging syn
no exec-time
exit
!
int lo0
ip add 4.4.4.4 255.255.255.255
exit
!
int gi1/0
ip add 24.0.0.4 255.255.255.0
no sh
exit
!
int s3/0
ip add 34.0.0.4 255.255.255.0
no sh
exit
!
int gi2/0
ip add 45.0.0.4 255.255.255.0
no sh
exit
!
router ospf 1
net 4.4.4.4 0.0.0.0 area 1
net 24.0.0.4 0.0.0.0 area 1
net 34.0.0.4 0.0.0.0 area 1
area 1 nssa
redistribute eigrp 100 subnet
exit
!
router eigrp 100
no auto
net 45.0.0.4 0.0.0.0
redistribute ospf 1 metric 1 1 1 1 1
exit
!
end
!
==========================================
R5
++
!
en
!
conf t
!
ho R5
!
no ip do lo
!
no cdp run
!
line con 0
logging syn
no exec-time
exit
!
int lo0
ip add 5.5.5.5 255.255.255.255
exit
!
int gi1/0
ip add 45.0.0.5 255.255.255.0
no sh
exit
!
router eigrp 100
no auto
net 5.5.5.5 0.0.0.0
net 45.0.0.5 0.0.0.0
exit
!
end
!
Below is our topology for the day:
Assuming everything is working fine. let's do a quick verification:
R1#sh ip route ospf | b ^G
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 123.0.0.2, 00:31:19, GigabitEthernet1/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 123.0.0.3, 00:26:44, GigabitEthernet1/0
4.0.0.0/32 is subnetted, 1 subnets
O IA 4.4.4.4 [110/3] via 123.0.0.2, 00:20:26, GigabitEthernet1/0
5.0.0.0/32 is subnetted, 1 subnets
O E2 5.5.5.5 [110/20] via 123.0.0.2, 00:02:07, GigabitEthernet1/0
24.0.0.0/24 is subnetted, 1 subnets
O IA 24.0.0.0 [110/2] via 123.0.0.2, 00:31:09, GigabitEthernet1/0
34.0.0.0/24 is subnetted, 1 subnets
O IA 34.0.0.0 [110/65] via 123.0.0.3, 00:20:21, GigabitEthernet1/0
45.0.0.0/24 is subnetted, 1 subnets
O E2 45.0.0.0 [110/20] via 123.0.0.2, 00:20:02, GigabitEthernet1/0
So control plane seems to be working fine since 5.5.5.5/32 network is present in routing table.
Now let's verify the data plane :
R1#ping 5.5.5.5 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 120/170/236 ms
So far so good...
Now let's review LSA-5 information from R1's prospective:
R1#sh ip ospf database external
OSPF Router with ID (1.1.1.1) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 284
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 5.5.5.5 (External Network Number )
Advertising Router: 3.3.3.3
LS Seq Number: 80000001
Checksum: 0x6F01
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20
Forward Address: 4.4.4.4
External Route Tag: 0
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 1355
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 45.0.0.0 (External Network Number )
Advertising Router: 3.3.3.3
LS Seq Number: 80000001
Checksum: 0xB4C
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20
Forward Address: 4.4.4.4
External Route Tag: 0
Now here are couple of interesting things to take a look at.
The "Advertising Router" is marked as 3.3.3.3, Which means between R2 & R3, it's only R3 doing the translation of LSA-7 into LSA-5. Now to make it simple, when we have two or more ABRs between NSSA & Backbone Area. Only the router with higher Router ID (RID) is responsible for Type-7 to Type-5 translation. But on the flip side this translator router need not be in Data Plane path technically to reach the external prefixes. Let's verify this:
R1#traceroute 5.5.5.5 source loopback 0
Type escape sequence to abort.
Tracing the route to 5.5.5.5
VRF info: (vrf in name/id, vrf out name/id)
1 123.0.0.2 116 msec * 64 msec
2 24.0.0.4 188 msec 184 msec 136 msec
3 45.0.0.5 164 msec 92 msec 220 msec
So basically election of path to reach External Prefixes completely depends upon cost to ASBR.
Also the FA is set to 4.4.4.4 instead of 45.0.0.5. This is because at the moment OSPF in not enabled on 45.0.0.X/24 Network. Also FA is set automatically instead of being 0.0.0.0 like in previous case. Which is also interesting.
Now let's try to filter Forwarding-Address (FA) and see what happens:
R1(config)#ip prefix-list FILTER-FA deny 4.4.4.4/32
R1(config)#ip prefix-list FILTER-FA permit 0.0.0.0/0 le 32
R1(config)#router ospf 1
R1(config-router)#distribute-list prefix FILTER-FA in
R1(config-router)#exit
Now Let's verify the Data Plane again:
R1#ping 5.5.5.5 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
.....
Success rate is 0 percent (0/5)
Oops....Seems to be broken.
Let's try traceroute:
R1#traceroute 5.5.5.5 source loopback 0
Type escape sequence to abort.
Tracing the route to 5.5.5.5
VRF info: (vrf in name/id, vrf out name/id)
1 * * *
2 * * *
3 * * *
No Luck....
Let's verify the control plane by looking at Routing Table:
R1#sh ip route ospf | b ^G
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 123.0.0.2, 00:02:15, GigabitEthernet1/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 123.0.0.3, 00:02:15, GigabitEthernet1/0
24.0.0.0/24 is subnetted, 1 subnets
O IA 24.0.0.0 [110/2] via 123.0.0.2, 00:02:15, GigabitEthernet1/0
34.0.0.0/24 is subnetted, 1 subnets
O IA 34.0.0.0 [110/65] via 123.0.0.3, 00:02:15, GigabitEthernet1/0
Hmmm...here seems to be the problem since 5.5.5.5/32 is not in RIB.
Let's review LSA-5 and see if the information is in OSPF LSDB atleast.
R1#sh ip ospf database external
OSPF Router with ID (1.1.1.1) (Process ID 1)
Type-5 AS External Link States
LS age: 780
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 5.5.5.5 (External Network Number )
Advertising Router: 3.3.3.3
LS Seq Number: 80000001
Checksum: 0x6F01
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20
Forward Address: 4.4.4.4
External Route Tag: 0
LS age: 1851
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 45.0.0.0 (External Network Number )
Advertising Router: 3.3.3.3
LS Seq Number: 80000001
Checksum: 0xB4C
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20
Forward Address: 4.4.4.4
External Route Tag: 0
So We have LSA-5 for this external prefix in database but the entry is not getting installed into the Routing Table.
So this is basically one of the reasons (Filtered FA) because of which OSPF Route is in database but not in Routing table. So add this to your ospf troubleshooting checklist :)
But the next question is - How to we fix this ?
Obviously Removing Distribute List on R1 is simple options :)
Now let's solve it the other way which is known as "Forwarding Address Suppression". Which basically means let's filter the FA this time from LSA-5 itself. And since now FA will be set to 0.0.0.0 with this, it means filtering FA using Distribute List won't play any role.
R2(config)#router ospf 1
R2(config-router)#area 1 nssa translate type7 suppress-fa
R2(config-router)#end
Let's verify Control Plane:
R1#sh ip route ospf | b ^G
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 123.0.0.2, 00:09:33, GigabitEthernet1/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 123.0.0.3, 00:09:33, GigabitEthernet1/0
24.0.0.0/24 is subnetted, 1 subnets
O IA 24.0.0.0 [110/2] via 123.0.0.2, 00:09:33, GigabitEthernet1/0
34.0.0.0/24 is subnetted, 1 subnets
O IA 34.0.0.0 [110/65] via 123.0.0.3, 00:09:33, GigabitEthernet1/0
Hmmm...Doesn't work right ?
This is because as I described above, it's only R3 that doing the translation to LSA-7 to LSA-5
So let's put same configuration on R3:
R3(config)#router ospf 1
R3(config-router)#area 1 nssa translate type7 suppress-fa
R3(config-router)#end
Let's verify the Control Plane again:
R1#sh ip route ospf | b ^G
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 123.0.0.2, 00:10:34, GigabitEthernet1/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 123.0.0.3, 00:10:34, GigabitEthernet1/0
5.0.0.0/32 is subnetted, 1 subnets
O E2 5.5.5.5 [110/20] via 123.0.0.3, 00:00:19, GigabitEthernet1/0
24.0.0.0/24 is subnetted, 1 subnets
O IA 24.0.0.0 [110/2] via 123.0.0.2, 00:10:34, GigabitEthernet1/0
34.0.0.0/24 is subnetted, 1 subnets
O IA 34.0.0.0 [110/65] via 123.0.0.3, 00:10:34, GigabitEthernet1/0
45.0.0.0/24 is subnetted, 1 subnets
O E2 45.0.0.0 [110/20] via 123.0.0.3, 00:00:19, GigabitEthernet1/0
Now this looks far better. So let's review LSA-5 again:
R1#sh ip ospf database external
OSPF Router with ID (1.1.1.1) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 914
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 5.5.5.5 (External Network Number )
Advertising Router: 3.3.3.3
LS Seq Number: 80000002
Checksum: 0xA4DA
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20
Forward Address: 0.0.0.0
External Route Tag: 0
So as you can see the FA is now set to 0.0.0.0, And since it all Zeros now, filtering FA won't have any affect.
Let's review Data Plane one more time.
R1#ping 5.5.5.5 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 88/163/240 ms
R1#traceroute 5.5.5.5 source loopback 0
Type escape sequence to abort.
Tracing the route to 5.5.5.5
VRF info: (vrf in name/id, vrf out name/id)
1 123.0.0.3 148 msec 156 msec 32 msec
2 34.0.0.4 208 msec 100 msec 72 msec
3 45.0.0.5 100 msec 328 msec *
Gr8....
Now for one little last testing remove the Distribute List we applied on R1 and Remove FA suppression command from R2 & R3. Also we will enable OSPF on 45.0.0.X/24 to see if anything changes from FA prospective:
R1#sh ip ospf database external
OSPF Router with ID (1.1.1.1) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 33
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 5.5.5.5 (External Network Number )
Advertising Router: 3.3.3.3
LS Seq Number: 80000003
Checksum: 0xD972
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 20
Forward Address: 45.0.0.5
External Route Tag: 0
And surely it does :)
HTH...
Deepak Arora
Evil CCIE
Okay let's not forget the initials if you wan't to test this by your own:
R1
++
!
en
!
conf t
!
ho R1
!
no ip do lo
!
no cdp run
!
line con 0
logging syn
no exec-time
exit
!
int lo0
ip add 1.1.1.1 255.255.255.255
exit
!
int gi1/0
ip add 123.0.0.1 255.255.255.0
no sh
exit
!
router ospf 1
net 1.1.1.1 0.0.0.0 area 0
net 123.0.0.1 0.0.0.0 area 0
exit
!
end
!
===============================
R2
++
!
en
!
conf t
!
ho R2
!
no ip do lo
!
no cdp run
!
line con 0
logging syn
no exec-time
exit
!
int lo0
ip add 2.2.2.2 255.255.255.255
exit
!
int gi1/0
ip add 123.0.0.2 255.255.255.0
no sh
exit
!
int gi2/0
ip add 24.0.0.2 255.255.255.0
no sh
exit
!
router ospf 1
net 2.2.2.2 0.0.0.0 area 0
net 123.0.0.2 0.0.0.0 area 0
net 24.0.0.2 0.0.0.0 area 1
area 1 nssa
area 1 nssa default-information-originate
exit
!
end
!
==========================================
R3
++
!
en
!
conf t
!
ho R3
!
no ip do lo
!
no cdp run
!
line con 0
logging syn
no exec-time
exit
!
int lo0
ip add 3.3.3.3 255.255.255.255
exit
!
int gi1/0
ip add 123.0.0.3 255.255.255.0
no sh
exit
!
int s2/0
ip add 34.0.0.3 255.255.255.0
no sh
exit
!
router ospf 1
net 3.3.3.3 0.0.0.0 area 0
net 123.0.0.3 0.0.0.0 area 0
net 34.0.0.3 0.0.0.0 area 1
area 1 nssa
area 1 nssa default-information-originate
exit
!
end
!
==========================================
R4
++
!
en
!
conf t
!
ho R4
!
no ip do lo
!
no cdp run
!
line con 0
logging syn
no exec-time
exit
!
int lo0
ip add 4.4.4.4 255.255.255.255
exit
!
int gi1/0
ip add 24.0.0.4 255.255.255.0
no sh
exit
!
int s3/0
ip add 34.0.0.4 255.255.255.0
no sh
exit
!
int gi2/0
ip add 45.0.0.4 255.255.255.0
no sh
exit
!
router ospf 1
net 4.4.4.4 0.0.0.0 area 1
net 24.0.0.4 0.0.0.0 area 1
net 34.0.0.4 0.0.0.0 area 1
area 1 nssa
redistribute eigrp 100 subnet
exit
!
router eigrp 100
no auto
net 45.0.0.4 0.0.0.0
redistribute ospf 1 metric 1 1 1 1 1
exit
!
end
!
==========================================
R5
++
!
en
!
conf t
!
ho R5
!
no ip do lo
!
no cdp run
!
line con 0
logging syn
no exec-time
exit
!
int lo0
ip add 5.5.5.5 255.255.255.255
exit
!
int gi1/0
ip add 45.0.0.5 255.255.255.0
no sh
exit
!
router eigrp 100
no auto
net 5.5.5.5 0.0.0.0
net 45.0.0.5 0.0.0.0
exit
!
end
!
Wednesday, November 13, 2013
Tuesday, November 5, 2013
OSPF Forwarding Address (FA) Part 1 - Is It All About Taking A Shortcut ?
OSPF Forwarding Address or FA is relatively less known as feature among network engineers. Okay I might be wrong... But as far I remember this feature was never been on CCNP Route/BSCI blueprint. So unless people are working on CCIE or reading through OSPF RFC, chances are quite slim they ever heard of it.
Anyways, lets start this series with Introduction of FA and later we see how it turns into good option or bad option to be enabled on network.
Now let's review our topology to begin with:
Now let first review R4 and R3's LSA-5 before making any changes:
R4#sh ip ospf database external
OSPF Router with ID (4.4.4.4) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 183
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 1.1.1.1 (External Network Number )
Advertising Router: 2.2.2.2
LS Seq Number: 80000002
Checksum: 0x289D
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 1
Forward Address: 123.0.0.1
External Route Tag: 100
Let's verify the Data Plane:
R4#traceroute 1.1.1.1 source loopback 0
Type escape sequence to abort.
Tracing the route to 1.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 24.0.0.2 56 msec 96 msec 36 msec
2 123.0.0.1 160 msec 116 msec 156 msec
Seems like though R4 knows about FA now, it is not changing anything in Data Plane.
Now we need to take a Look at R3's LSA-5 :
R3#sh ip ospf database external
OSPF Router with ID (3.3.3.3) (Process ID 1)
Type-5 AS External Link States
LS age: 49
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 1.1.1.1 (External Network Number )
Advertising Router: 2.2.2.2
LS Seq Number: 80000002
Checksum: 0x289D
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 1
Forward Address: 123.0.0.1
External Route Tag: 100
Again FA is set but let's verify Data Plane to see if it has some affect on traffic forwarding:
R3#traceroute 1.1.1.1 source loopback 0
Type escape sequence to abort.
Tracing the route to 1.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6
R3#sh ip route ospf | b ^G
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/66] via 34.0.0.4, 00:01:23, GigabitEthernet2/0
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/2] via 34.0.0.4, 00:35:47, GigabitEthernet2/0
24.0.0.0/24 is subnetted, 1 subnets
O 24.0.0.0 [110/65] via 34.0.0.4, 00:35:47, GigabitEthernet2/0
R3#sh ip route 123.0.0.1
Routing entry for 123.0.0.0/24
Known via "connected", distance 0, metric 0 (connected, via interface)
Routing Descriptor Blocks:
* directly connected, via GigabitEthernet1/0
Route metric is 0, traffic share count is 1
That's probably you don't want to see on a production network :)
We will return to details in next post talking about why R3 isn't able to reach 1.1.1.1/32 at the moment.
Let's Enable OSPF on R3's interface also facing 123.0.0.X/24 network.
R3(config)#router ospf 1
R3(config-router)#network 123.0.0.3 0.0.0.0 area 0
R3(config-router)#end
*Nov 5 14:27:11.195: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on GigabitEthernet1/0 from LOADING to FULL, Loading Done
Now Let's check our poor fellow R3 again to see if this helped:
R3#sh ip ospf database external
OSPF Router with ID (3.3.3.3) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 314
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 1.1.1.1 (External Network Number )
Advertising Router: 2.2.2.2
LS Seq Number: 80000002
Checksum: 0x289D
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 1
Forward Address: 123.0.0.1
External Route Tag: 100
R3#sh ip ospf border-routers
OSPF Router with ID (3.3.3.3) (Process ID 1)
Base Topology (MTID 0)
Internal Router Routing Table
Codes: i - Intra-area route, I - Inter-area route
i 2.2.2.2 [1] via 123.0.0.2, GigabitEthernet1/0, ASBR, Area 0, SPF 5
R3#traceroute 1.1.1.1 source loopback 0
Type escape sequence to abort.
Tracing the route to 1.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 123.0.0.1 64 msec 80 msec 108 msec
R3#sh ip route ospf | begin ^G
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O E2 1.1.1.1 [110/1] via 123.0.0.1, 00:01:50, GigabitEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 123.0.0.2, 00:01:50, GigabitEthernet1/0
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/2] via 34.0.0.4, 00:17:15, GigabitEthernet2/0
24.0.0.0/24 is subnetted, 1 subnets
O 24.0.0.0 [110/65] via 123.0.0.2, 00:01:50, GigabitEthernet1/0
[110/65] via 34.0.0.4, 00:17:15, GigabitEthernet2/0
Now it looks much better.
But anything changed from R4 prospective ? ... Remember that Poor Man's T1 Link ? :)
R4#traceroute 1.1.1.1 source loopback 0
Type escape sequence to abort.
Tracing the route to 1.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 34.0.0.3 52 msec 76 msec 48 msec
2 123.0.0.1 120 msec 124 msec 168 msec
Now wait till 2nd Part to unfold some more details and Caveats of FA.
HTH...
Deepak Arora
Evil CCIE
In case you want to lab it up yourself, below are the initials:
Initials:
R1
++
!
en
!
conf t
!
ho R1
!
no ip do lo
!
line con 0
no exec-time
exit
!
int loop0
ip add 1.1.1.1 255.255.255.255
exit
!
int gi1/0
ip add 123.0.0.1 255.255.255.0
no sh
exit
!
router bgp 100
no auto
no sync
nei 123.0.0.2 remote 200
net 1.1.1.1 mask 255.255.255.255
exit
!
end
!
=================================
R2
++
!
en
!
conf t
!
ho R2
!
no ip do lo
!
line con 0
no exec-time
exit
!
int loop0
ip add 2.2.2.2 255.255.255.255
exit
!
int gi1/0
ip add 123.0.0.2 255.255.255.0
no sh
exit
!
int s2/0
ip add 24.0.0.2 255.255.255.0
no sh
exit
!
router bgp 200
no auto
no sync
nei 123.0.0.1 remote 100
redistribute ospf 1 match internal external 1 external 2
exit
!
router ospf 1
net 2.2.2.2 0.0.0.0 area 0
net 24.0.0.2 0.0.0.0 area 0
redistribute bgp 200 subnets
exit
!
end
!
=================================
R3
++
!
en
!
conf t
!
ho R3
!
no ip do lo
!
line con 0
no exec-time
exit
!
int loop0
ip add 3.3.3.3 255.255.255.255
exit
!
int gi1/0
ip add 123.0.0.3 255.255.255.0
no sh
exit
!
int gi2/0
ip add 34.0.0.3 255.255.255.0
no sh
exit
!
router ospf 1
net 3.3.3.3 0.0.0.0 area 0
net 34.0.0.3 0.0.0.0 area 0
exit
!
end
!
=================================
R4
++
!
en
!
conf t
!
ho R4
!
no ip do lo
!
line con 0
no exec-time
exit
!
int loop0
ip add 4.4.4.4 255.255.255.255
exit
!
int s2/0
ip add 24.0.0.4 255.255.255.0
no sh
exit
!
int gi1/0
ip add 34.0.0.4 255.255.255.0
no sh
exit
!
router ospf 1
net 4.4.4.4 0.0.0.0 area 0
net 34.0.0.4 0.0.0.0 area 0
net 24.0.0.4 0.0.0.0 area 0
exit
!
end
!
Anyways, lets start this series with Introduction of FA and later we see how it turns into good option or bad option to be enabled on network.
Now let's review our topology to begin with:
In this network we are running OSPF Area 0 between R2, R3 & R4 and their respective Loopback interfaces are advertised into OSPF. Now consider that it's a transition phase for this network where you are adding BGP IN but at the moment only R2 is capable of running BGP where as R3 requires some RAM upgrade or IOS Image upgrade to run BGP. So we have enabled EBGP between R1 & R2 at the moment which means R2 is currently Acting as OSPF ASBR. Also there is no OSPF running on 123.0.0.X/24 network at the moment.
Now lets review what CLI has to tell us:
Starting with R4's Routing Table:
R4#sh ip route ospf | begin ^Gateway
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O E2 1.1.1.1 [110/1] via 24.0.0.2, 00:00:48, Serial2/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/65] via 24.0.0.2, 00:02:49, Serial2/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 34.0.0.3, 00:02:49, GigabitEthernet1/0
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O E2 1.1.1.1 [110/1] via 24.0.0.2, 00:00:48, Serial2/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/65] via 24.0.0.2, 00:02:49, Serial2/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 34.0.0.3, 00:02:49, GigabitEthernet1/0
So as we can see, R4 is pointing Route towards R2 (ASBR). Which of course seems to be okay as the only way to get out of this network to reach prefix 1.1.1.1/32 is that way only. But on the flip it doesn't seem to be most optimal path since link between R2 - R4 is a T1 connection Vs R3 - R4 as GigE connection.
Let's verify the Data Plane from R4 prospective:
R4#traceroute 1.1.1.1 source loopback 0
Type escape sequence to abort.
Tracing the route to 1.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 24.0.0.2 88 msec 80 msec 36 msec
2 123.0.0.1 140 msec 120 msec 168 msec
Type escape sequence to abort.
Tracing the route to 1.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 24.0.0.2 88 msec 80 msec 36 msec
2 123.0.0.1 140 msec 120 msec 168 msec
Now let's take a quick look what network view R3 has:
R3#sh ip route ospf | begin ^G
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O E2 1.1.1.1 [110/1] via 34.0.0.4, 00:04:55, GigabitEthernet2/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/66] via 34.0.0.4, 00:06:56, GigabitEthernet2/0
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/2] via 34.0.0.4, 00:06:56, GigabitEthernet2/0
24.0.0.0/24 is subnetted, 1 subnets
O 24.0.0.0 [110/65] via 34.0.0.4, 00:06:56, GigabitEthernet2/0
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O E2 1.1.1.1 [110/1] via 34.0.0.4, 00:04:55, GigabitEthernet2/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/66] via 34.0.0.4, 00:06:56, GigabitEthernet2/0
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/2] via 34.0.0.4, 00:06:56, GigabitEthernet2/0
24.0.0.0/24 is subnetted, 1 subnets
O 24.0.0.0 [110/65] via 34.0.0.4, 00:06:56, GigabitEthernet2/0
R3#traceroute 1.1.1.1 source loopback 0
Type escape sequence to abort.
Tracing the route to 1.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 34.0.0.4 84 msec 76 msec 164 msec
2 24.0.0.2 116 msec 64 msec 216 msec
3 123.0.0.1 156 msec 140 msec 120 msec
Type escape sequence to abort.
Tracing the route to 1.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 34.0.0.4 84 msec 76 msec 164 msec
2 24.0.0.2 116 msec 64 msec 216 msec
3 123.0.0.1 156 msec 140 msec 120 msec
Now this definitely doesn't look good even. Since we are following a longer path which also has a Poor Man's T1 connection in between.
Can we fix this design even without Running BGP on R3 ?
Of course....with FA :)
FA or Forwarding Address is a field we find under OSPF LSA Type-5. In most cases the FA is 0.0.0.0 which means "No" FA. In such case the traffic will be forwarded out to ASBR itself.
To include FA in OSPF LSA - 5, there are couple of conditions that needs to meet as follows:
"These conditions set the forwarding address field to a non-zero address:
OSPF is enabled on the ASBR's next hop interface AND
ASBR's next hop interface is non-passive under OSPF AND
ASBR's next hop interface is not point-to-point AND
ASBR's next hop interface is not point-to-multipoint AND
ASBR's next hop interface address falls under the network range specified in the router ospf command."
OSPF is enabled on the ASBR's next hop interface AND
ASBR's next hop interface is non-passive under OSPF AND
ASBR's next hop interface is not point-to-point AND
ASBR's next hop interface is not point-to-multipoint AND
ASBR's next hop interface address falls under the network range specified in the router ospf command."
Okay let's cut the crap out spelled above and make it simple " The OSPF Network Type on ASBR External interface should be Broadcast while enabling OSPF and The Interface shouldn't be passive under OSPF Process"
Now let first review R4 and R3's LSA-5 before making any changes:
R4#sh ip ospf database external
OSPF Router with ID (4.4.4.4) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 143
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 1.1.1.1 (External Network Number )
Advertising Router: 2.2.2.2
LS Seq Number: 80000001
Checksum: 0xCD75
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 1
Forward Address: 0.0.0.0
External Route Tag: 100
OSPF Router with ID (4.4.4.4) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 143
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 1.1.1.1 (External Network Number )
Advertising Router: 2.2.2.2
LS Seq Number: 80000001
Checksum: 0xCD75
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 1
Forward Address: 0.0.0.0
External Route Tag: 100
R3#sh ip ospf database external
OSPF Router with ID (3.3.3.3) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 367
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 1.1.1.1 (External Network Number )
Advertising Router: 2.2.2.2
LS Seq Number: 80000001
Checksum: 0xCD75
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 1
Forward Address: 0.0.0.0
External Route Tag: 100
OSPF Router with ID (3.3.3.3) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 367
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 1.1.1.1 (External Network Number )
Advertising Router: 2.2.2.2
LS Seq Number: 80000001
Checksum: 0xCD75
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 1
Forward Address: 0.0.0.0
External Route Tag: 100
Now let's first enable OSPF on R2 (ASBR) only on interface facing R1 to see if that helps with anything.
R2(config)#router ospf 1
R2(config-router)#network 123.0.0.2 0.0.0.0 area 0
R2(config-router)#end
R2(config-router)#network 123.0.0.2 0.0.0.0 area 0
R2(config-router)#end
Now let's review back the LSA-5 again on R3 & R4
R4#sh ip ospf database external
OSPF Router with ID (4.4.4.4) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 183
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 1.1.1.1 (External Network Number )
Advertising Router: 2.2.2.2
LS Seq Number: 80000002
Checksum: 0x289D
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 1
Forward Address: 123.0.0.1
External Route Tag: 100
Let's verify the Data Plane:
R4#traceroute 1.1.1.1 source loopback 0
Type escape sequence to abort.
Tracing the route to 1.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 24.0.0.2 56 msec 96 msec 36 msec
2 123.0.0.1 160 msec 116 msec 156 msec
Seems like though R4 knows about FA now, it is not changing anything in Data Plane.
Now we need to take a Look at R3's LSA-5 :
R3#sh ip ospf database external
OSPF Router with ID (3.3.3.3) (Process ID 1)
Type-5 AS External Link States
LS age: 49
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 1.1.1.1 (External Network Number )
Advertising Router: 2.2.2.2
LS Seq Number: 80000002
Checksum: 0x289D
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 1
Forward Address: 123.0.0.1
External Route Tag: 100
Again FA is set but let's verify Data Plane to see if it has some affect on traffic forwarding:
R3#traceroute 1.1.1.1 source loopback 0
Type escape sequence to abort.
Tracing the route to 1.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6
R3#sh ip route ospf | b ^G
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/66] via 34.0.0.4, 00:01:23, GigabitEthernet2/0
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/2] via 34.0.0.4, 00:35:47, GigabitEthernet2/0
24.0.0.0/24 is subnetted, 1 subnets
O 24.0.0.0 [110/65] via 34.0.0.4, 00:35:47, GigabitEthernet2/0
Routing entry for 123.0.0.0/24
Known via "connected", distance 0, metric 0 (connected, via interface)
Routing Descriptor Blocks:
* directly connected, via GigabitEthernet1/0
Route metric is 0, traffic share count is 1
That's probably you don't want to see on a production network :)
We will return to details in next post talking about why R3 isn't able to reach 1.1.1.1/32 at the moment.
Let's Enable OSPF on R3's interface also facing 123.0.0.X/24 network.
R3(config)#router ospf 1
R3(config-router)#network 123.0.0.3 0.0.0.0 area 0
R3(config-router)#end
*Nov 5 14:27:11.195: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on GigabitEthernet1/0 from LOADING to FULL, Loading Done
Now Let's check our poor fellow R3 again to see if this helped:
R3#sh ip ospf database external
OSPF Router with ID (3.3.3.3) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA in topology Base with MTID 0
LS age: 314
Options: (No TOS-capability, DC, Upward)
LS Type: AS External Link
Link State ID: 1.1.1.1 (External Network Number )
Advertising Router: 2.2.2.2
LS Seq Number: 80000002
Checksum: 0x289D
Length: 36
Network Mask: /32
Metric Type: 2 (Larger than any link state path)
MTID: 0
Metric: 1
Forward Address: 123.0.0.1
External Route Tag: 100
R3#sh ip ospf border-routers
OSPF Router with ID (3.3.3.3) (Process ID 1)
Base Topology (MTID 0)
Internal Router Routing Table
Codes: i - Intra-area route, I - Inter-area route
i 2.2.2.2 [1] via 123.0.0.2, GigabitEthernet1/0, ASBR, Area 0, SPF 5
R3#traceroute 1.1.1.1 source loopback 0
Type escape sequence to abort.
Tracing the route to 1.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 123.0.0.1 64 msec 80 msec 108 msec
R3#sh ip route ospf | begin ^G
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O E2 1.1.1.1 [110/1] via 123.0.0.1, 00:01:50, GigabitEthernet1/0
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 123.0.0.2, 00:01:50, GigabitEthernet1/0
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/2] via 34.0.0.4, 00:17:15, GigabitEthernet2/0
24.0.0.0/24 is subnetted, 1 subnets
O 24.0.0.0 [110/65] via 123.0.0.2, 00:01:50, GigabitEthernet1/0
[110/65] via 34.0.0.4, 00:17:15, GigabitEthernet2/0
Now it looks much better.
But anything changed from R4 prospective ? ... Remember that Poor Man's T1 Link ? :)
R4#traceroute 1.1.1.1 source loopback 0
Type escape sequence to abort.
Tracing the route to 1.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 34.0.0.3 52 msec 76 msec 48 msec
2 123.0.0.1 120 msec 124 msec 168 msec
Now wait till 2nd Part to unfold some more details and Caveats of FA.
HTH...
Deepak Arora
Evil CCIE
In case you want to lab it up yourself, below are the initials:
Initials:
R1
++
!
en
!
conf t
!
ho R1
!
no ip do lo
!
line con 0
no exec-time
exit
!
int loop0
ip add 1.1.1.1 255.255.255.255
exit
!
int gi1/0
ip add 123.0.0.1 255.255.255.0
no sh
exit
!
router bgp 100
no auto
no sync
nei 123.0.0.2 remote 200
net 1.1.1.1 mask 255.255.255.255
exit
!
end
!
=================================
R2
++
!
en
!
conf t
!
ho R2
!
no ip do lo
!
line con 0
no exec-time
exit
!
int loop0
ip add 2.2.2.2 255.255.255.255
exit
!
int gi1/0
ip add 123.0.0.2 255.255.255.0
no sh
exit
!
int s2/0
ip add 24.0.0.2 255.255.255.0
no sh
exit
!
router bgp 200
no auto
no sync
nei 123.0.0.1 remote 100
redistribute ospf 1 match internal external 1 external 2
exit
!
router ospf 1
net 2.2.2.2 0.0.0.0 area 0
net 24.0.0.2 0.0.0.0 area 0
redistribute bgp 200 subnets
exit
!
end
!
=================================
R3
++
!
en
!
conf t
!
ho R3
!
no ip do lo
!
line con 0
no exec-time
exit
!
int loop0
ip add 3.3.3.3 255.255.255.255
exit
!
int gi1/0
ip add 123.0.0.3 255.255.255.0
no sh
exit
!
int gi2/0
ip add 34.0.0.3 255.255.255.0
no sh
exit
!
router ospf 1
net 3.3.3.3 0.0.0.0 area 0
net 34.0.0.3 0.0.0.0 area 0
exit
!
end
!
=================================
R4
++
!
en
!
conf t
!
ho R4
!
no ip do lo
!
line con 0
no exec-time
exit
!
int loop0
ip add 4.4.4.4 255.255.255.255
exit
!
int s2/0
ip add 24.0.0.4 255.255.255.0
no sh
exit
!
int gi1/0
ip add 34.0.0.4 255.255.255.0
no sh
exit
!
router ospf 1
net 4.4.4.4 0.0.0.0 area 0
net 34.0.0.4 0.0.0.0 area 0
net 24.0.0.4 0.0.0.0 area 0
exit
!
end
!
Subscribe to:
Posts (Atom)