Wednesday, December 31, 2014

OSPF Path Selection With Default Information Originate - How You Gonna Fix It ? - Part 2

As OSPF recent design issue discussed here can possibly turn into obnoxious CCIEv5 R&S troubleshooting scenario, I got one email from another friend who also ran into interesting OSPF design issue recently around OSPF default information originate too.

Here is a quick topology of his network design:


At high level the design looks pretty simple. R1 & R2 are peering with WAN cloud using E-BGP. Between R1-R2-R3-R4-R5 we are running OSPF Area 0. To ensure R3-R4-R5 have reachability to external prefixes (Since it's always good to avoid BGP to IGP Redistribution), R1 & R2 are injecting default route into the network using "default-information originate always metric-type 1" option.

Also R1 & R2 are connected to each other over a link running OSPF.

Now let's talk about problem...which is the fun part :)

If R1's WAN connection goes down, R4 can't reach any external prefixes using default route any longer. Whereas at the same time both R3 & R5 don't lose their connectivity to same external prefixes.

Now ideally once R1 find it's WAN interface down, it should get default route from R2 and should be able to route R4's traffic in that direction.

Let me show you same behaviour using CLI :






Before R1's WAN Link goes down




After R1's WAN Link goes down 



No ICMP Packets Received Any Longer on R6


R1 is not installing default route from R2



See if you can figure out " WHY " behind this and offer different ways we can fix this design issue. Feel Free to post you solution, recommendation and findings under comments section. I'll update the post around next weekend with my findings and solutions to the design.


HTH...
Deepak Arora
Evil CCIE

Update



 In SPF Debug


Tuesday, December 2, 2014

How To Earn 50% Off On JNCIA-JUNOS Exam

While reading about Juniper Certifications on web, today evening I came across interesting URL where they asked to register first and then offered pre-assessment tests. 

As I am currently in middle of my JNCIA-JUNOS prep I thought to take a look on my progress by taking the pre-assessment exam. 

Although I scored far better than I thought to be in pre-assessment exam :) , But since I passed the pre-assessment test, to my surprise they gave me 50% discount voucher for the JNCIA-JUNOS exam.



Here is the URL in case you are interested to earn discount voucher as well :)

https://learningportal.juniper.net/

But in the mean while Jan 2015 First week seems to be good time to go for exam and start the new year with a small bang.

HTH....
Deepak Arora
Evil CCIE

Saturday, November 15, 2014

OSPF Path Selection With Default Information Originate - How You Gonna Fix It ? - Part 1

I recently got a call from friend , he was stuck with an interesting OSPF Path Selection issue. Obviously the things didn't work the way he expected it to be :)

Now initially he was been given a Consulting task that involved Design & Configuration changes to meet a new network requirement.

Here is how the network initially looked like :


The customer had active-active WAN connections where these connections were also serving both WAN as well as Internet connectivity. Where as in LAN side they were using OSPF as shown in Topology above.

Now the new requirements given were:

> Brought Up New Internet Connection that will act as Primary Path to reach internet.

> In case the New Internet connection goes down, the old WAN cloud should still work as backup path to reach internet

> From R4's perspective, the path towards R2 should be primary path to reach internet (Through New Internet GW) while path through R3 should be backup path. I am not sure why this was a Hard Requirement but I guess the path from R4 to R3 was through RF link as shown below:




> Introduction of Static Routes, PBR, NAT for whatever reasons were not allowed to be used to solve this problem 

Now my friend tried to solve this problem in an interesting way. He Introduced RIPv2 as new IGP between R5-R3-R2 to ensure he doesn't have to change anything into existing IGP since there was a large IGP domain connected to this setup.

Using RIPv2 he injected default route into RIB of R2 and R3. He had to change distance of RIPv2 originated default route so that it can get priority over BGP injected default route. Than he tried Injecting Default Routes into OSPF domain towards R4 using "Default Information Originate " option. Since the control over path selection was required here, During default route injection he used Metric Type as 1 with Higher metric given while injection route at R3 as shown below:



Obviously the solution didn't work as expected and here is why:



As you can on R4 we still have two routes instead of one in Routing Table.

Can you figure out what's the problem here and how we can fix it in easiest way ?

Or You Have any other better solution to fix it while meeting the given restrictions ?

I'll post my solution to the problem after 2 weeks.

To be on same page here is the Addressing I Used in while labbing this up:


Here is relevant configuration:











Good Luck  !!! :)

HTH...
Deepak Arora
Evil CCIE


Update For Ref: See comments section for further information.






HTH...
Deepak Arora
Evil CCIE


Monday, November 3, 2014

Does EIGRP Feasible Successor Always Work As Successor Fails ?

A recent discussion with friends brought this idea in my mind to write about this exiting subject. While I won't say all but many among them thought that it's always good to have EIGRP Feasible successors into Network while designing an EIGRP based network (Which of course is true ). And if EIGRP successor Route Ever fails, the EIGRP feasible successor will be installed quickly as it's a second best route in EIGRP Topology table based on feasibility condition, which will help minimizing convergence time.

And this is where most people start assuming that it's always going to be the case. Which of course is not true :)

Let's test this quickly based on following topology:


From R1's perspective it has three different paths to reach the destination - 5.5.5.5

Now let's review R1's routing table to first find which path is preferred.


As we can see, the middle path has been chosen as best path based on Dual Algorithm. Now let's next review R1's EIGRP topology table to figure out if we have feasible successor chosen at all and if So than which path.


 As we can see, the path through R4 has been chosen as second best path (Feasible Successor). Since there is no other entry in Topology table showing path through R2, which means it's neither successor nor feasible successor and has failed feasibility condition.

Let's verify Feasible Distance (FD) and Reported Distance (RD) for path through R2 by shutting down the path through R3 and R4.


Now here is an interesting scenario:

> Path through R3 is the best path (Lowest Metric)

> Path through R4 is meeting feasibility condition (making it feasible successor). But overall cost to destination is worst if we compare all three paths metric.

> Path through R2 is actually second best path based on total metric but got out of the equation as it failed feasibility condition

Though we can see that topology doesn't include any potential link which can lead traffic back to original source while forwarding traffic towards destination 5.5.5.5 , but EIGRP fails to recognize this fact. 

This is where we find this true that eventually EIGRP is an Advance Distance Vector protocol as it tries to avoid any possible looping with help of Dual Algorithm but is not always successful to find it's goal. But not as good as a Link State Routing protocol which would have the complete picture of the topology.

Now in this scenario what you think would happen if Successor Route fails ?



If we go by theory discussed earlier in the post, EIGRP feasible successor should take over. Right ?

But that would mean sub-optimal routing. 

But don't worry. EIGRP is intelligent enough still and it finds Optimal Path here based on overall cost to destination and avoiding sub-optimal path.

 
 To my surprise during this test two commands didn't work the way I expected. Which I must figure out sometime :)


Further Readings:

http://www.ciscopress.com/articles/article.asp?p=1763921&seqNum=5

http://books.google.co.in/books?id=XkM6vxsVJEsC&pg=PA78&lpg=PA78&dq=eigrp+convergence+with+feasible+successor&source=bl&ots=mvVF2sg2_K&sig=1jz3SMiK6TiRNnSdj1LKTIj8AHk&hl=en&sa=X&ei=EIxWVMriI8ekuQS-gIL4AQ&ved=0CD8Q6AEwBQ#v=onepage&q=eigrp%20convergence%20with%20feasible%20successor&f=false

http://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/16406-eigrp-toc.html#feasibleandreported

http://packetlife.net/blog/2010/aug/9/eigrp-feasible-successor-routes/

http://rovingengineer.wordpress.com/2010/07/28/eigrp-feasible-successor-routes/


HTH...
Deepak Arora

Evil CCIE

Sunday, October 19, 2014

OSPF Route Preference: You Sure You Know It ? ... RFC 3101...Part 2 (Final)

It's sunday, got some time today. Let's wrap up this series quickly.

The physical and logical topology is gonna remain same. The only thing I changed in this part is ... IOS Version :)


R3 is Still the Translator:
 








Let's review the routing table of R2 quickly again and see how things are:



So now the question is why results are different with different IOS ? ( IOS used in part 1 was 12.4 (20) T ).

The previous version was actually following RFC 1587 in which the route preference is same as mentioned in post 1 i.e. E2 is preferred over N2.

But the later IOS followed the RFC3101 implementation. Which states that LSA with P-bit set is preferred over the one which has P bit as Zero. The P bit is set to 1 by ASBR while redistributing the routes into NSSA except the situation where ASBR is also ABR and P bit remains unset (0).

But as an Engineer if you would like you can still go back to older IOS behavior as following:



The reason in Part 1 , the traffic (Data Plane) took the direct path because of same cost to Forwarding Address.

Further Readings:

http://blog.ipspace.net/2008/01/e1-and-e2-routes-in-ospf.html

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_ospf/configuration/15-e/iro-15-e-book/iro-ospfv2-nssa-cfg.html#GUID-C335FD95-ED21-4A51-894F-8B63119186EC

http://networklessons.com/ospf/ospf-path-selection-explained/#ixzz3GPsDJ8N8

HTH...
Deepak Arora
Evil CCIE

Saturday, October 18, 2014

OSPF Route Preference: You Sure You Know It ? ... RFC 3101...Part 1

Well I wanted to write about this for quite a while but seem to lost in time. We all know that OSPF is fairly a complex protocol to understand and work on though It makes me wonder why People usually come with OSPF as preferred choice if I ask them to choose IGP for New Enterprise Network Design. Well let's keep that story for my Network Design Series.

Now if you know me, I am one of those people who find reading books cover to cover quite hard. I prefer other methods like Video Trainings, Labing Up the topic I am trying to understand, Cisco Documentation and of course above all the Blog Posts at different forums.

While reading one of those exiting blog posts long back I came across this post from Ethan Banks on an interesting OSPF issue which he discovered during practicing one of Net Master Class CCIE R&S Lab from their workbook.

So I decided to test the scenario by my own thinking I can re-produce the issue and see get it working the way Ethan suggested.

So I created this quick topology (Of course Replaced Cat 1 with R4).

I configured everything like shown in Diagram but to my surprise the Issue didn't occur.

Now the questions was why so ?

I mean from theory standpoint the issue should have occurred. Let's review the topology from OSPF LSA Standpoint and see:


In my topology R3 became the translator.


Now by theory R2 should have seen LSA-5 (Translated by R3 & Forwarded By R1) as well as LSA-7 received directly from R4. In which case R2 should prefer LSA-5 over LSA-7 based on OSPF Route Selection Mechanism:

Regardless of a route’s metric or administrative distance, OSPF will choose routes in the following order:

Intra-Area (O)
Inter-Area (O IA)
External Type 1 (E1)
External Type 2 (E2)
NSSA Type 1 (N1)
NSSA Type 2 (N2)


Now let's review what routing table of R2 tells us first:

 
Well it seems to be following same logic. Let's take a closer look at Database Table now:



Now control plane seems to be in Sync with what Ethan suggested. But what about Data plane ?. Will R2 send traffic towards R3 to get to 200.200.200.200 network ?


So the behavior seems to be changed in recent IOS version as we didn't had to suppress the forwarding address manually or doing anything fancy.

The behavior is described under RFC 3101 which I figured out through a friend.

Well per RFC it's all about fun with P-bit. 

We will continue the discussion in next post. In the mean while go through recommended readings list:

Recommended Readings:

https://learningnetwork.cisco.com/thread/6038?start=0&tstart=0 

http://ieoc.com/forums/p/30597/246743.aspx

https://sites.google.com/site/amitsciscozone/home/important-tips/ospf/ospf-nss

http://lostintransit.se/tag/rfc-3101/

https://learningnetwork.cisco.com/thread/24346

http://www.costiser.ro/2013/02/07/ospf-p-bit-in-type-7-lsa/


HTH...
Deepak Arora
Evil CCIE

Full Configuration: