CCIE Pursuit Blog

August 16, 2008

Internetwork Expert Volume II: Lab 8 – Section 3

Section 3 – Interior Gateway Routing – 16 Points

3.1 OSPF

Simple OSPF task.  The only odd bit is that you’ll be configuring OSPF over the PPPoFR network.  It makes sense that the OSPF network type is point-to-point.  :-)

r3(config-router)#do sh ip os int | i proto|Type
Multilink1
is up, line protocol is up
  Process ID 100, Router ID 150.1.3.3, Network Type POINT_TO_POINT, Cost: 1

r2#sh ip os nei

Neighbor ID     Pri   State           Dead Time   Address         Interface
150.1.3.3         0   FULL/  -        00:00:38    174.1.23.3      Multilink1

“Authenticate the OSPF adjacency between r2 and r6 using OSPF type 1 authentication.”

Crap.  I think that type 1 is just clear-text (type 0 = null and type 7 = md5).  It’s weird that the task does not mention a password.  I used the old standby of “CISCO”

r6(config-router)#int FastEthernet0/1.26
r6(config-subif)#ip ospf authentication
r6(config-subif)#ip ospf authentication-key CISCO

r2(config-subif)#do sh ip os int Gi0/0.26 | i proto|authe
GigabitEthernet0/0.26 is up, line protocol is up
  Simple password authentication enabled 

3.2 OSPF

Configure area 38 so that “external LSAs” are not advertised in.

We know that we’re done to stub or totally stubby at this point.

“Ensure that devices in OSPF area 38 still have specific forwarding information about prefixes originated in other OSPF areas.”

So we need to allow IA routes (LSA 3).  That sounds like a stub area to me.

3.3 OSPF

Create area 67 and then summarize 150.1.6.6 and 150.1.7.7 with no overlapping address space:

7 0000011|1
6 0000011|0

150.1.6.0/23 or 150.1.6.0 255.255.254.0

Summary will move from area to area so use…..area range.  :-)

r6(config)#router os 100
r6(config-router)#area 67 range 150.1.6.0 255.255.254.0

r3#sh ip route 150.1.6.6
Routing entry for 150.1.6.0/23
  Known via “ospf 100″, distance 110, metric 3, type inter area
  Last update from 174.1.23.2 on Multilink1, 00:00:36 ago
  Routing Descriptor Blocks:
  * 174.1.23.2, from 150.1.6.6, 00:00:36 ago, via Multilink1
      Route metric is 3, traffic share count is 1

r3#sh ip route 150.1.7.7
Routing entry for 150.1.6.0/23

  Known via “ospf 100″, distance 110, metric 3, type inter area
  Last update from 174.1.23.2 on Multilink1, 00:00:50 ago
  Routing Descriptor Blocks:
  * 174.1.23.2, from 150.1.6.6, 00:00:50 ago, via Multilink1
      Route metric is 3, traffic share count is 1

3.4 EIGRP

Basic EIGRP task.  The only confusing bit is that the task asks you to advertise the lo0 interface of all of the EIGRP devices into EIGRP.  r3 is already advertising its lo0 interface into OSPF.  They must have meant all of the EIGRP devices except r3 (the solution guide bears this out).

Remember to disable split-horizon on the Frame Relay hub (r1):

r1(config-router)#int s0/0
r1(config-if)#no ip split-horizon eigrp 1024

3.5 RIP

Easy RIP task with authentication.

3.6 IGP Redistribution

Redistribute between RIP and EIGRP on r5 and then between OSPF and EIGRP where needed.

Remember that OSPF area 38 is a stub area so it’s not going to let in any external routes.  That means our OSPF<->EIGRP redistribution needs to happen on r3.

I ran into one issue.  I had a route to 174.1.31.0/24 on r1 (connected) as well as r2-3(OSPF).  But r4 and r5 did not have the route.

The problem is that r3 gets that route via OSPF and then advertises it to r1.  R1 does not install the route from r3 because it has that network as connected.  The route does not get passed on to the EIGRP routers behind r1.

I need to either redistribute that connected interface into EIGRP on r1 or find some way to have r1 prefer the route to r3 over the connected route.

r1(config)#route-map CONN->EIGRP
r1(config-route-map)#match int Fa0/0.13

r1(config-route-map)#router ei 1024
r1(config-router)#redist conn met 1 1 1 1 1 route-map CONN->EIGRP

r4#sh ip route 174.1.31.1
Routing entry for 174.1.31.0/24

  Known via “eigrp 1024″, distance 170, metric 2560512256, type external
  Redistributing via eigrp 1024
  Last update from 174.1.145.1 on Serial0/0, 00:00:30 ago
  Routing Descriptor Blocks:
  * 174.1.145.1, from 174.1.145.1, 00:00:30 ago, via Serial0/0
      Route metric is 2560512256, traffic share count is 1
      Total delay is 20010 microseconds, minimum bandwidth is 1 Kbit
      Reliability 1/255, minimum MTU 1 bytes
      Loading 1/255, Hops 1

r4#trace 174.1.31.1

Type escape sequence to abort.
Tracing the route to 174.1.31.1

  1 174.1.145.1 4 msec *  4 msec

I ended up with full reachability by only redistributing RIP<->EIGRP on r5, OSPF<->EIGRP on r3, and Connected (fa0/0.13) -> EIGRP on r1.

IE went a different route.  Then redistributed OSPF->EIGRP on r1, OSPF<->EIGRP on r3, as well as RIP<->EIGRP on r5.

3.7 Load Distribution

Configure the network so that traffic from r4 to r5 is distributed in a 4:1 ratio between the Ethernet connection and the Frame Relay connection.

I messed with this for tooooooooo long.  I tried messing with the metric weight and I was still mindfucked.  I’ll just eat the 3 points and move on.

Update:

I have to try this tomorrow:

Becoming a CCIE: EIGRP Unequal path load balancing

April 28, 2008

Internetwork Expert Volume II: Lab 5 – Section 3

Interior Gateway Routing – 20 Points

3.1 OSPF

You need to configure OSPF over the partial-mesh Frame Relay cloud, but you cannot change the OSPF network type on r3:

r2(config-router)#do sh ip os int s0/0/0.1 | i Type
  Process ID 100, Router ID 150.1.2.2, Network Type POINT_TO_POINT, Cost: 64

r3(config-router)#do sh ip os int s0/0:0 | i Type
  Process ID 100, Router ID 150.1.3.3, Network Type NON_BROADCAST, Cost: 65

r4(config-router)#do sh ip os int s0/0 | i Type
  Process ID 100, Router ID 150.1.4.4, Network Type NON_BROADCAST, Cost: 65

r5(config-router)#do sh ip os int s0/0 | i Type
  Process ID 100, Router ID 150.1.5.5, Network Type NON_BROADCAST, Cost: 65

So all that really means is that you’ll need to use the OSPF non-broadcast network type.  You’ll also need to configure neighbor statements.  Since r3 is the only device with direct connections to all of the other routers, you’ll want to make it the DR.

r3(config-router)#do sh ip os nei

Neighbor ID     Pri   State           Dead Time   Address         Interface
150.1.2.2         0   FULL/DROTHER    00:01:46    162.1.0.2       Serial0/0:0
150.1.5.5         0   FULL/DROTHER    00:01:51    162.1.0.5       Serial0/0:0
150.1.4.4         0   FULL/DROTHER    00:01:51    162.1.0.4       Serial0/0:0

The only point that I wasn’t clear on was whether or not to establish a neighbor relationship between r4 and r5.  I did not configure them as peers, but I would have clarified this with the proctor.  If you were to peer these routers then you would need to make one of them the DR so you would need to remove the ‘ip ospf priority 0′ on one of the routers.  You would also need to configure a neighbor statement on the DR.

The IE solution did not peer these routers.

3.2 OSPF

Configure OSPF area 27 on sw1 and then ensure that the only OSPF route it will see is a default route generated by r2.  This sounds like a totally stubby area:

Before:
sw1#sh ip route os
     162.1.0.0/24 is subnetted, 5 subnets
O IA    162.1.55.0 [110/66] via 162.1.27.2, 00:00:15, Vlan27
O IA    162.1.0.0 [110/65] via 162.1.27.2, 00:00:15, Vlan27
O IA    162.1.5.0 [110/66] via 162.1.27.2, 00:00:15, Vlan27
     150.1.0.0/16 is variably subnetted, 5 subnets, 2 masks
O IA    150.1.5.5/32 [110/66] via 162.1.27.2, 00:00:15, Vlan27
O IA    150.1.4.4/32 [110/66] via 162.1.27.2, 00:00:15, Vlan27
O IA    150.1.3.3/32 [110/66] via 162.1.27.2, 00:00:15, Vlan27
O IA    150.1.2.2/32 [110/2] via 162.1.27.2, 00:00:15, Vlan27

After:
r2
(config)#router os 100
r2(config-router)#area 27 stub no-summary

sw1(config)#router os 100
sw1(config-router)#area 27 stub

sw1#sh ip route os
O*IA 0.0.0.0/0 [110/2] via 162.1.27.2, 00:00:41, Vlan27

3.3 EIGRP

“Enable EIGRP on all interfaces of sw2, but do not use redistribution or more than one network statement to accomplish this.”

sw2(config)#ip routi
sw2(config)#router ei 200
sw2(config-router)#net 0.0.0.0

sw2(config-router)#do sh ip ei int
IP-EIGRP interfaces for process 200

                        Xmit Queue   Mean   Pacing Time   Multicast    Pending
Interface        Peers  Un/Reliable  SRTT   Un/Reliable   Flow Timer   Routes
Vl8                0        0/0         0       0/10           0           0
Vl88               0        0/0         0       0/10           0           0
Fa0/15             1        0/0         1       0/10          50           0
Po32               0        0/0         0       0/10           0           0
Lo0                0        0/0         0       0/10           0           0

3.4 EIGRP

Configure EIGRP to use bandwidth, delay, and load to compute the EIGRP metric.  Bandwidth should be three times more significant than either delay or load.

metric weights (EIGRP)

Command Defaults
tos: 0
k1: 1
k2: 0
k3: 1
k4: 0
k5: 0

You need to be careful with these k-values.  You can use the EIGRP metric equation to decipher which k-value refers to with metric variable:

If k5 equals 0, the composite EIGRP metric is computed according to the following formula:

metric = [k1 * bandwidth + (k2 * bandwidth)/(256 - load) + k3 * delay]

If k5 does not equal zero, an additional operation is performed:

metric = metric * [k5/(reliability + k4)]

k1 = bandwidth
k2 = load
k3 = delay

sw2(config-router)#metric weights 0 3 1 1 0 0

r3(config-router)#do sh ip proto | i EIGRP metric
  EIGRP metric weight K1=3, K2=1, K3=1, K4=0, K5=0

3.5 Default Routing

Configure r3 to adverise a default route to the rest of the OSPF network.

“In order to help prevent traffic black holses ensure that r3 drops traffic for all destinations it does not have a longer match for.”

default-information originate (OSPF)

The software still must have a default route for itself before it generates one, except when you have specified the always keyword.

(Optional) Always advertises the default route regardless of whether the software has a default route.

The IE solution guide has a nice write up about the benifits and pitfalls of the ‘always’ keyword.

3.6 Routing Redundancy

Configure r5 to use the PTP serial interface (no advertised into any IGP) if the Frame Relay connection is lost.  You are allowed to use static routes to accomplish this.

Sounds like a floating static route to me (I wish I would have recognized this on a recent Mock Lab…oh well).

r5(config)#ip route 0.0.0.0 0.0.0.0 162.1.45.4 111

r4(config)#do sh ip route | i via 162.1.0.5
O       162.1.55.0/24 [110/66] via 162.1.0.5, 00:11:12, Serial0/0
O       162.1.5.0/24 [110/66] via 162.1.0.5, 00:11:12, Serial0/0
O       150.1.5.5/32 [110/66] via 162.1.0.5, 00:11:12, Serial0/0

r4(config)#ip route 162.1.55.0 255.255.255.0 162.1.45.5 111
r4(config)#ip route 162.1.5.0 255.255.255.0 162.1.45.5 111
r4(config)#ip route 162.1.5.5 255.255.255.255 162.1.45.5 111

r4(config)#router os 100
r4(config-router)#redist static subnets

Let’s test this by shutting down r5’s connection to the Frame cloud:
r5(config)#int s0/0
r5(config-if)#shut

r5#sh ip route | b Gate
Gateway of last resort is 162.1.45.4 to network 0.0.0.0
 

     162.1.0.0/16 is variably subnetted, 4 subnets, 2 masks
C       162.1.45.4/32 is directly connected, Serial0/1
C       162.1.45.0/24 is directly connected, Serial0/1
C       162.1.55.0/24 is directly connected, FastEthernet0/1
C       162.1.5.0/24 is directly connected, FastEthernet0/0
     150.1.0.0/24 is subnetted, 1 subnets
C       150.1.5.0 is directly connected, Loopback0
S*   0.0.0.0/0 [111/0] via 162.1.45.4 

I did run into a problem with connectivity between r3 and r5:

r3#p 162.1.55.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 162.1.55.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/9/12 ms

r3#p 162.1.5.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 162.1.5.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/12 ms

r3#p 162.1.45.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 162.1.45.5, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)

r3#p 150.1.5.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.5.5, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)

r3#sh ip route 162.1.45.5
% Subnet not in table

Makes sense since it’s not being advertised via an IGP (we’ll take care of this during the redistribution task).

r3#sh ip route 150.1.5.5
Routing entry for 150.1.0.0/16
  Known via “eigrp 200″, distance 90, metric 207460, type internal
  Redistributing via eigrp 200
  Last update from 162.1.38.8 on FastEthernet0/0, 00:53:52 ago
  Routing Descriptor Blocks:
  * 162.1.38.8, from 162.1.38.8, 00:53:52 ago, via FastEthernet0/0
      Route metric is 207460, traffic share count is 1
      Total delay is 5100 microseconds, minimum bandwidth is 100000 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 1

Ummmm…..I think I missed a “no auto-summary” somewhere.  :-)

sw2(config-router)#do sh run | b router ei
router eigrp 200
 network 0.0.0.0
 metric weights 0 3 1 1 0 0
 auto-summary

sw2(config-router)#router ei 200
sw2(config-router)#no au

I’ve been doing that a lot lately.  :-(

r3#sh ip route 150.1.5.5
% Subnet not in table

That’s odd, I thought that I had a floating static route to the loopback on r4:

r4#sh run | i ip route
ip route 162.1.5.0 255.255.255.0 162.1.45.5 111
ip route 162.1.5.5 255.255.255.255 162.1.45.5 111
ip route 162.1.55.0 255.255.255.0 162.1.45.5 111

Damn these fat fingers!!!!

r4(config)#no ip route 162.1.5.5 255.255.255.255 162.1.45.5 111
r4(config)#ip route 150.1.5.5 255.255.255.255 162.1.45.5 111

r3#sh ip route | i 150.1.5.
O E2    150.1.5.5/32 [110/20] via 162.1.0.4, 00:00:33, Serial0/0:0

r3#p 150.1.5.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.5.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/9/12 ms

Much better.

3.7 RIPv2

Easy RIP task.  One slight twist:

“As an additional security precaution configure r1 and r6 so that no unautorized devices can receive RIP updates sent out on VLAN 162.”

neighbor (RIP)

The IE solution guide has r6 advertising VLAN 6 into RIP although it is not mentioned in the task (although it does look like it should be advertised into RIP based on the IGP drawing).

3.8 IGP Redistribution

“Redistribute in the minumum places necessary to gain full reachability thoughout the network.”
“Routers in the OSPF domain should have the miniumum amount of routes neeeded to reach the RIP routes learned from bb3.”
“Do not overlap any address space to accomplish this.”

If you hadn’t figured out that they were asking for a summary route that last requirement kind of makes it obvious.

r4#sh ip route rip
     31.0.0.0/16 is subnetted, 4 subnets
R       31.3.0.0 [120/1] via 204.12.1.254, 00:00:15, FastEthernet0/0
R       31.2.0.0 [120/1] via 204.12.1.254, 00:00:15, FastEthernet0/0
R       31.1.0.0 [120/1] via 204.12.1.254, 00:00:15, FastEthernet0/0
R       31.0.0.0 [120/1] via 204.12.1.254, 00:00:15, FastEthernet0/0
     30.0.0.0/16 is subnetted, 4 subnets
R       30.2.0.0 [120/1] via 204.12.1.254, 00:00:15, FastEthernet0/0
R       30.3.0.0 [120/1] via 204.12.1.254, 00:00:15, FastEthernet0/0
R       30.0.0.0 [120/1] via 204.12.1.254, 00:00:15, FastEthernet0/0
R       30.1.0.0 [120/1] via 204.12.1.254, 00:00:15, FastEthernet0/0

We can try to do this with a single summary but we’ll be overlapping address space, so we need two /14 summaries:

r4(config)#router os 100
r4(config-router)#summary-address 30.0.0.0 255.252.0.0
r4(config-router)#summary-address 31.0.0.0 255.252.0.0

r4#sh ip os sum

OSPF Process 100, Summary-address

30.0.0.0/255.252.0.0 Metric 16777215, Type 0, Tag 0
31.0.0.0/255.252.0.0 Metric 16777215, Type 0, Tag 0

The redistribution task was fairly easy.  There are no mutiple points of mutual redistribution between two protocols.  The only ‘gotcha’ is to remember to advertise the s0/1 interface into OSPF on r4.  This will ensure that we have reachability to 162.1.45.5 if the s0/0 interface goes down on r5 (task 3.6)

With r5’s s0/0 shut down:
r3#p 162.1.45.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 162.1.45.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/12 ms

The IE solution guide has some strangeness on r3:

Task 3.8 on solution guide Why only VLAN162 in

March 27, 2008

Question Of The Day: 27 March, 2008

Topic: Route Redistribution

The network admin on r1 is tasked with redistributing the EIGRP routes into RIP so that they appear in the routing table of the directly connected router r3 (running RIP only).  Here are the EIGRP routes currently in r1’s routing table:

r1#sh ip route eigrp
     2.0.0.0/32 is subnetted, 1 subnets
D       2.2.2.2 [90/2297856] via 10.1.12.2, 00:07:44, Serial1/0.12
     22.0.0.0/32 is subnetted, 1 subnets
D EX    22.2.2.2 [170/2560512256] via 10.1.12.2, 00:07:44, Serial1/0.12

Here is the configuration on r1:

router rip
 version 2
 redistribute eigrp 100 metric 2 route-map EIGRP->RIP
 passive-interface default
 no passive-interface Serial1/0.13
 network 10.0.0.0
 network 13.0.0.0
 default-metric 4
 no auto-summary
!
route-map EIGRP->RIP permit 10
 set metric 6

On r3, what will be the metric of the redistributed EIGRP routes?  What will be the metric of the locally generated RIP routes (i.e. 13.13.13.13/32)?

I’ll post the answer tomorrow.


Yesterday’s Question

 Question Of The Day: 26 March, 2008 

Topic: Route Redistribution 

r1 is running EIGRP and RIP:

r1#sh ip proto sum
Index Process Name
0     connected
1     static
2     eigrp 100
3     rip

r1 has the following EIGRP routes:

r1#sh ip route eigrp
     2.0.0.0/32 is subnetted, 1 subnets
D       2.2.2.2 [90/2297856] via 10.1.12.2, 00:01:06, Serial1/0.12
     22.0.0.0/32 is subnetted, 1 subnets
D EX    22.2.2.2 [170/2560512256] via 10.1.12.2, 00:00:23, Serial1/0.12

r1’s network admin wants to redistribute the EIGRP routes and pass them on to r3 in the RIP domain (directly connected to r1).  Here is his configuration:

r1(config)#route-map EIGRP->RIP perm 10
r1(config-route-map)#match route-type external
r1(config-route-map)#set tag 1170
r1(config-route-map)#route-map EIGRP->RIP perm 20
r1(config-route-map)#set tag 190
r1(config-route-map)#router rip
r1(config-router)#redistribute eigrp 100 route-map EIGRP->RIP

Which EIGRP routes will appear in r3’s (RIP) routing table?

Answer: NONE

RIP routes on r3 do not include the routes redistributed from EIGRP on r1: 

r3#sh ip route rip
     10.0.0.0/24 is subnetted, 2 subnets
R       10.1.12.0 [120/1] via 10.1.13.1, 00:00:22, Serial1/0
     13.0.0.0/32 is subnetted, 1 subnets
R       13.13.13.13 [120/1] via 10.1.13.1, 00:00:22, Serial1/0

When redistributing routes into RIP you must specify a default metric:

r1(config)#router rip
r1(config-router)#redistribute eigrp 100 metric 3route-map EIGRP->RIP

Now we should see the EIGRP routes in r3’s routing table with a metric of 3:

r3#sh ip route rip
     2.0.0.0/32 is subnetted, 1 subnets
R       2.2.2.2 [120/3] via 10.1.13.1, 00:00:19, Serial1/0
     22.0.0.0/32 is subnetted, 1 subnets
R       22.2.2.2 [120/3] via 10.1.13.1, 00:00:19, Serial1/0
     10.0.0.0/24 is subnetted, 2 subnets
R       10.1.12.0 [120/1] via 10.1.13.1, 00:00:19, Serial1/0
     12.0.0.0/32 is subnetted, 1 subnets
R       12.12.12.12 [120/3] via 10.1.13.1, 00:00:19, Serial1/0
     13.0.0.0/32 is subnetted, 1 subnets
R       13.13.13.13 [120/1] via 10.1.13.1, 00:00:19, Serial1/0

It’s pretty easy to forget the metric as the IOS will not throw an error.  You are basically redistributing the EIGRP routes with a metric of zero.  :-)

March 26, 2008

Question Of The Day: 26 March, 2008

Topic: Route Redistribution 

r1 is running EIGRP and RIP:

r1#sh ip proto sum
Index Process Name
0     connected
1     static
2     eigrp 100
3     rip

r1 has the following EIGRP routes:

r1#sh ip route eigrp
     2.0.0.0/32 is subnetted, 1 subnets
D       2.2.2.2 [90/2297856] via 10.1.12.2, 00:01:06, Serial1/0.12
     22.0.0.0/32 is subnetted, 1 subnets
D EX    22.2.2.2 [170/2560512256] via 10.1.12.2, 00:00:23, Serial1/0.12

r1’s network admin wants to redistribute the EIGRP routes and pass them on to r3 in the RIP domain (directly connected to r1).  Here is his configuration:

r1(config)#route-map EIGRP->RIP perm 10
r1(config-route-map)#match route-type external
r1(config-route-map)#set tag 1170
r1(config-route-map)#route-map EIGRP->RIP perm 20
r1(config-route-map)#set tag 190
r1(config-route-map)#router rip
r1(config-router)#redistribute eigrp 100 route-map EIGRP->RIP

Which EIGRP routes will appear in r3’s (RIP) routing table?

Click here for the answer.


Yesterday’s Question

 Question Of The Day: 25 March, 2008 

Topic: EIGRP

Which of the following commands will make EIGRP AS 100 consider delay only when calculating the EIGRP metric?

1) router eigrp 100
    default metric 1 1 0 1 1500

2) router eigrp 100
    metric weights 0 1 0 0 0 0    

3) router eigrp 100
    metric weights 0 0 1 0 0 0

4) router eigrp 100
    metric weights 0 0 0 1 0 0

Answer:

4) router eigrp 100
    metric weights 0 0 0 1 0 0


metric weights (EIGRP)

metric weights tos k1 k2 k3 k4 k5

The first value is ‘tos’ (Type of Service) and is always zero.  The remaining five values are the EIGRP ‘k-values’.

If k5 equals 0, the composite EIGRP metric is computed according to the following formula:

metric = [k1 * bandwidth + (k2 * bandwidth)/(256 - load) + k3 * delay]

If k5 does not equal zero, an additional operation is performed:

metric = metric * [k5/(reliability + k4)]

The ‘trick’ is not assuming that the five k-values match up with the five EIGRP metrics:

default-metric (EIGRP)

default-metric bandwidth delay reliability loading mtu

The five EIGRP metrics (which I memorized with the mnemonic “Big Dogs Really Love Meat”) do NOT correspond to the k-values.  So don’t do what I did and use ‘metric weights 0 0 1 0 0 0′  :-)

March 9, 2008

Internetwork Expert Volume III: Lab 1 – Section 4

Interior Gateway Routing – 24 Points

4.1 OSPF over NBMA

Nothing new here.  Simple hub-and-spoke OSPF network.  You cannot change the default network type (NBMA on the physical interfaces) so just set the spokes to OSPF priority 0 and configure neighbor statements on the hub.

4.2 OSPF

Very simple OSPF task.  The only issue I ran across was an MTU mismatch between r2 and sw2: 

r2(config-router)#do sh ip os nei

Neighbor ID     Pri   State           Dead Time   Address         Interface
150.10.5.5        1   FULL/DR         00:01:34    140.10.245.5    Serial0/0
150.10.8.8        1   DOWN/DROTHER       –        140.10.28.8     FastEthernet0/0
*Jun 11 12:01:07.591: %OSPF-5-ADJCHG: Process 100, Nbr 150.10.8.8 on FastEthernet0/0 from DOWN to DOWN, Neighbor Down: Ignore timer expired

sw2(config-router)#do sh system mtu

System MTU size is 1504 bytes
System Jumbo MTU size is 1504 bytes
Routing MTU size is 1504 bytes

r2(config-router)#int fa0/0
r2(config-if)#ip os mtu-ignore

*Jun 11 12:01:57.753: %OSPF-5-ADJCHG: Process 100, Nbr 150.10.8.8 on FastEtherne
t0/0 from LOADING to FULL, Loading Done

r2(config-if)#do sh ip os nei

Neighbor ID     Pri   State           Dead Time   Address         Interface
150.10.5.5        1   FULL/DR         00:01:54    140.10.245.5    Serial0/0
150.10.8.8        1   FULL/DR         00:00:39    140.10.28.8     FastEthernet0/0

You can also change the system MTU back to 1500 bytes on sw2, but that requires a reload.

4.3 OSPF Stub Area

Easy OSPF stub network task.  There is no ambiguity over what type of OSPF stub to configure.

area stub

Before stub:

sw1(config-router)#do sh ip route os
     140.10.0.0/16 is variably subnetted, 6 subnets, 2 masks
O IA    140.10.0.128/25 [110/68] via 140.10.57.5, 00:00:13, FastEthernet0/21
O IA    140.10.245.0/24 [110/65] via 140.10.57.5, 00:00:13, FastEthernet0/21
O IA    140.10.0.0/25 [110/67] via 140.10.57.5, 00:00:13, FastEthernet0/21
O IA    140.10.28.0/24 [110/66] via 140.10.57.5, 00:00:13, FastEthernet0/21
O IA    140.10.100.0/24 [110/11] via 140.10.57.5, 00:00:13, FastEthernet0/21

After stub:

sw1#sh ip route os
     140.10.0.0/16 is variably subnetted, 6 subnets, 2 masks
O IA    140.10.0.128/25 [110/68] via 140.10.57.5, 00:00:04, FastEthernet0/21
O IA    140.10.245.0/24 [110/65] via 140.10.57.5, 00:00:04, FastEthernet0/21
O IA    140.10.0.0/25 [110/67] via 140.10.57.5, 00:00:04, FastEthernet0/21
O IA    140.10.28.0/24 [110/66] via 140.10.57.5, 00:00:04, FastEthernet0/21
O IA    140.10.100.0/24 [110/11] via 140.10.57.5, 00:00:04, FastEthernet0/21
O*IA 0.0.0.0/0 [110/2] via 140.10.57.5, 00:00:04, FastEthernet0/21

4.4 OSPF

Another easy task.  You need to advertise some loopbacks, but the network mask should be /24 not /32.  You’ll need to change the OSPF network type on the loopbacks to point-to-point to accomplish this.  You should see all the loop nets on r5:

r5#sh ip route os | i 150.
     150.10.0.0/24 is subnetted, 9 subnets
O IA    150.10.8.0 [110/66] via 140.10.245.2, 00:01:02, Serial0/0
O IA    150.10.9.0 [110/67] via 140.10.245.2, 00:00:34, Serial0/0
O IA    150.10.10.0 [110/68] via 140.10.245.2, 00:00:18, Serial0/0
O       150.10.4.0 [110/65] via 140.10.245.4, 00:02:31, Serial0/0
O       150.10.6.0 [110/11] via 140.10.100.6, 00:02:57, Ethernet0/0
O       150.10.7.0 [110/11] via 140.10.57.7, 00:01:55, Ethernet0/1
O IA    150.10.2.0 [110/65] via 140.10.245.2, 00:01:22, Serial0/0
O       150.10.3.0 [110/11] via 140.10.100.3, 00:02:57, Ethernet0/0

r5#sh ip route 150.10.10.10
Routing entry for 150.10.10.0/24

4.5 RIP

Very easy RIP configuration.  Just remember to use passive interfaces on devices that have multiple interfaces in the same classful network: 

r4#sh ip int br | e ass
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            140.1.14.4      YES NVRAM  up                    up
Serial0/0                  140.1.245.4     YES NVRAM  up                    up
Serial0/1                  140.1.45.4      YES NVRAM  up                    up
Loopback0                  150.1.4.4       YES NVRAM  up                    up

r4#sh run | sec router rip
router rip
 version 2
 passive-interface default
 no passive-interface FastEthernet0/0
 no passive-interface Serial0/1

 network 140.1.0.0
 no auto-summary

r4#sh ip proto | sec rip
    rip, includes subnets in redistribution
Routing Protocol is “rip”
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Sending updates every 30 seconds, next due in 18 seconds
  Invalid after 180 seconds, hold down 180, flushed after 240
  Redistributing: ospf 100, rip
  Default version control: send version 2, receive version 2
    Interface             Send  Recv  Triggered RIP  Key-chain
    FastEthernet0/0       2     2
    Serial0/1             2     2

  Automatic network summarization is not in effect
  Maximum path: 4
  Routing for Networks:
    140.1.0.0
  Passive Interface(s):
    Serial0/0
    FastEthernet0/1
    Loopback0
    VoIP-Null0

  Routing Information Sources:
    Gateway         Distance      Last Update
    140.1.14.1           120      00:00:14
    Gateway         Distance      Last Update
    140.1.45.5           120      00:00:14
  Distance: (default is 120)  

4.6 RIP

You’ll need to use an offset-list to make the metric (hop count) of 150.1.1.0 on r4 equal 10.  Remember this as it will come back in the redistribution scenario.

4.7 Redistribution

I wish all redistribution were this easy.  You simply need to set the metric-type to type-1 in your route-map and redistribute some connected networks into OSPF.

4.8 Advanced Redistribution

You need to do mutual redistribution between RIP and OSPF on three routers.  As with most of the Volume III labs, you can complete this task with the knowledge that any redistribution issues will most likely be the focus of the next task.

4.9 Advanced Redistribution

“Ensure that reachability to r1’s loopback 0 interface is maintained.”

Before redistribution:

r5(config-route-map)#do sh ip route rip | i 150
     150.1.0.0/24 is subnetted, 10 subnets
      150.1.1.0 [120/11] via 140.1.45.4, 00:00:19, Serial0/1

r4(config-route-map)#do sh ip route rip | i 150.
     150.1.0.0/24 is subnetted, 10 subnets
R       150.1.1.0 [120/10] via 140.1.14.1, 00:00:21, Ethernet0/0

r1’s lo0 interface is advertised to r4 via RIP with a metric of 10 (we changed the metric in task 4.6).  r4 advertises that route to r5 via the point-to-point serial connection.  r5 adds the route to its routing table with a metric of 11. 

After redistribution:

r4#sh ip route rip  <-no RIP routes on r4

r4#

r4#sh ip route 150.1.1.0
Routing entry for 150.1.1.0/24
  Known via “ospf 100“, distance 110, metric 20
  Tag 5120, type extern 2, forward metric 64 
  Redistributing via rip
  Advertised by rip metric 1 route-map OSPF->RIP
  Last update from 140.1.245.5 on Serial0/0, 00:00:18 ago
  Routing Descriptor Blocks:
  * 140.1.245.5, from 150.1.5.5, 00:00:18 ago, via Serial0/0
      Route metric is 20, traffic share count is 1
      Route tag 5120 <-5120 = RIP route redistributed on r5

r5#sh ip route rip | sec 150.1.1.0
     150.1.0.0/24 is subnetted, 10 subnets
R       150.1.1.0 [120/1] via 140.1.45.4, 00:00:04, Serial0/1

r5#sh ip route 150.1.1.0
Routing entry for 150.10.1.0/24
  Known via “rip”, distance 120, metric 1
  Tag 4110 <-5120 = RIP route redistributed on r5
  Redistributing via ospf 100, rip
  Advertised by ospf 100 subnets route-map RIP->OSPF
  Last update from 140.1.45.4 on Serial0/1, 00:00:11 ago
  Routing Descriptor Blocks:
  * 140.1.45.4, from 140.1.45.4, 00:00:11 ago, via Serial0/1
      Route metric is 1, traffic share count is 1
      Route tag 4110

Once we do mutual redistribution on r4 and r5, we end up with a routing loop for the 150.1.1.0/24 network:

sw2#trace 150.1.1.1

Type escape sequence to abort.
Tracing the route to 150.1.1.1

  1 140.1.28.2 9 msec 0 msec 0 msec
  2 140.1.245.525 msec 33 msec 26 msec
  3 140.1.45.450 msec 50 msec 51 msec
  4 140.1.245.541 msec 51 msec 42 msec
  5 140.1.45.4 67 msec 59 msec 59 msec
  6 140.1.245.5 58 msec 59 msec 59 msec
  7 140.1.45.4 84 msec 75 msec 75 msec
  8 140.1.245.5 76 msec 75 msec 76 msec
  9 140.1.45.4 92 msec 92 msec 11 msec
 1 140.1.245.5 84 msec 92 msec 84 msec
 11 140.1.45.4 19 msec 19 msec 19 msec
 12 140.1.245.5 19 msec 11 msec 19 msec
 13 140.1.45.4 118 msec 134 msec 117 msec
 14 140.1.245.5 117 msec 118 msec 117 msec
 15 140.1.45.4 143 msec 134 msec 142 msec
 16 140.1.245.5 135 msec 134 msec 134 msec
 17 140.1.45.4 151 msec 159 msec 151 msec
 18 140.1.245.5 151 msec 151 msec 143 msec
 19 140.1.45.4 176 msec 168 msec 168 msec
 20 140.1.245.5 167 msec 160 msec 168 msec
 21 140.1.45.4 184 msec 185 msec 184 msec
 22 140.1.245.5 176 msec 177 msec 184 msec
 23 140.1.45.4 201 msec 202 msec 201 msec
 24 140.1.245.5 193 msec 193 msec 193 msec
 25 140.1.45.4 218 msec 21 msec 218 msec
 26 140.1.245.5 21 msec 209 msec 21 msec
 27 140.1.45.4 227 msec 234 msec 227 msec
 28 140.1.245.5 226 msec 227 msec 218 msec
 29 140.1.45.4 243 msec 252 msec 243 msec
 30 140.1.245.5 235 msec 243 msec 235 msec

So initially we have:

r4 – R [120/10] from r1 via fa0/0
r5 – R [120/11] from r4 via s0/1

r4 and r5 will each redistribute their RIP routes for 150.1.1.0/24 into OSPF.  That means that r4 and r5 will hear about the 150.1.1.0/24 route from each other via OSPF.  Since OSPF has a lower metric, those routes will be installed:

r4 – R [110/20] from r5 via s0/0
r5 – R [110/20] from r4 via s0/0

This gets even uglier because the RIP route on r4 will is replaced by the OSPF route.  Now the RIP route is no longer advertised to r5 via RIP from r4 nor is it redistributed into OSPF on r4 or r5.  So the route should disappear only to reappear again once the original RIP route is restored to r4’s routing table…which will start the whole process over again.  So we should have a “blinking route”, right?

Not really.  To add to this mindfuck, we need to consider that OSPF is being redistributed into RIP.  I did this with a seed metric of 1.  So the OSPF route to 150.1.1.0/24 advertised to r4 and then redistributed into RIP has a better (lower) metric than 10, so it will be installed instead of the original RIP route with a metric of 10.  Does your head hurt yet?

Here’s how it breaks down:

1) r4 gets RIP route from r1 [120/10] and advertises it to r5 [120/11] via RIP.
2) r4 and r5 redistribute the route into OSPF.  Each installs this route (pointing to each other) in their routing tables based on a lower AD (110 vs 120).
3) These OSPF routes are redistributed into RIP as well [120/1] (note that the metric is better than our original RIP routes) but are not installed on r4 or r5 because the OSPF routes have a lower AD.
4) The original RIP route is removed from r4’s routing table.  This means that neither r4 nor r5 can advertise it into OSPF so the 150.1.1.0/24 route should drop from OSPF.
5) The original RIP route on r4 [120/10] reappears and the whole process begins again…OR due to the slow RIP route removal process, the OSPF route from r5 gets redistributed into RIP on r4 and is installed because of the lower metric (1 vs 10).  Either way, we end up with either a “blinking loop” or a “stable loop.

To stop this we need to make sure that the 150.1.1.0/24 network is not redistributed back into RIP on r5.  This means that we’ll route over the Frame cloud to reach 150.1.1.1 on r5 instead of the serial link, but we won’t get a loop.

I filtered r1 lo0 from getting redistributed into from OSPF back into RIP on r5:

router ospf 100
 redistribute ospf 100 metric 1 route-map OSPF->RIP
!
access-list 69 deny   150.1.1.0
access-list 69 permit any
!
route-map OSPF->RIP permit 10
 match ip address 69
 set tag 5110

sw2#p 150.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 109/115/118 ms

sw2#trace 150.1.1.1

Type escape sequence to abort.
Tracing the route to 150.1.1.1

  1 140.1.28.2 0 msec 0 msec 8 msec
  2 140.1.245.525 msec 25 msec 34 msec
  3 140.1.245.450 msec 50 msec 59 msec
  4 140.1.14.150 msec *  59 msec

Whew!!!

February 5, 2008

Internetwork Expert Volume II: Lab 6 – Section 3

Interior Gateway Routing – 24 Points

3.1 OSPF

Basic hub-and-spoke OSPF task:

“Do not use the ip ospf network statement on any of these devices.”

r1(config-router)#do sh ip os int s0/0 | i Type
  Process ID 100, Router ID 150.17.1.1, Network Type NON_BROADCAST, Cost: 64

r2(config-router)#do sh ip os int s0/0 | i Type
  Process ID 100, Router ID 150.17.2.2, Network Type NON_BROADCAST, Cost: 64

r5(config-router)#do sh ip os int s0/0 | i Type
  Process ID 100, Router ID 150.17.5.5, Network Type NON_BROADCAST, Cost: 64

Neighbor statements on the hub and “ip prio 0″ on the spokes will take care of the job.

r1#sh ip os neig

Neighbor ID     Pri   State           Dead Time   Address         Interface
150.17.2.2        0   FULL/DROTHER    00:01:54    191.17.125.2    Serial0/0
150.17.5.5        0   FULL/DROTHER    00:01:46    191.17.125.5    Serial0/0

3.2 OSPF

There were a TON of subtasks on this one.

You’ll need to remember that you changed the MTU size on sw3 and sw4 back in task section 1 as you’ll need ‘mtu-ignore’ on r4 and r5.

There are a ton of redistribute connected with route-maps as well.  You’ll need to use redistristribution rather than configuring ‘ip ospf x area y’ under the loopback 0 interfaces because the switches don’t currently support that function yet.

route-map CONN->OSPF permit 10
 match int lo0
 set tag 101
router os 100
 redist conn sub route-map CONN->OSPF

You are asked to advertise r5’s loopback 0 as well but cannot use redistristribution or a network statement under the OSPF process.  You can configure this under the loopback 0 interface.  No area is specified, IE used area 0 (so did I).

r5(config)#int lo0
r5(config-if)#ip ospf 100 area 0

3.3 OSPF

Another task with a lot of configuration.

“Traffic from sw2 to VLAN 7 should transit the Serial link between r2 and r3.”
“In the case that the link between r1 and r3 is down traffic from sw1 to vlan 7 should transit the ethernt link between r4 and r5.”

vlan 7 is on sw1

sw2#sh ip route 191.17.7.7
% Subnet not in table

sw2 is in area 48 which does not have a connection to area 0, so we’ll need to build a virtual link first to get that route to sw2.  As a matter of fact, we’ll need need to build a number of virtual-links to complete our OSPF domain.  After connecting all areas:

sw2#sh ip route 191.17.7.0
Routing entry for 191.17.7.0/24
  Known via “ospf 100″, distance 110, metric 68, type inter area
  Last update from 191.17.48.4 on FastEthernet0/18, 00:14:33 ago
  Routing Descriptor Blocks:
  * 191.17.48.4, from 150.17.4.4, 00:14:33 ago, via FastEthernet0/18
      Route metric is 68, traffic share count is 1

sw2#trace 191.17.7.7

Type escape sequence to abort.
Tracing the route to 191.17.7.7

  1 191.17.48.4 0 msec 0 msec 0 msec
  2 191.17.45.5 8 msec 0 msec 0 msec
  3 191.17.125.1 34 msec 25 msec 34 msec
  4 191.17.125.2 58 msec 51 msec 58 msec
  5 191.17.27.7 59 msec *  51 msec

So I need to make r2 and r1 prefer the path to r3 – rather than the FR.  I can do that with cost or change the bandwidth (indirectly change cost).  The Ethernet connection from r4 to r5 will be used only as a last choice because I cranked up the cost:

r4(config-subif)#ip os cost ?
  <1-65535>  Cost
r4(config-subif)#ip os cost 65534

r5(config-router)#int fa0/1.45
r5(config-subif)#ip os cost 65534

With Frame Relay connection up:

sw2#trace 191.1.7.7

Type escape sequence to abort.
Tracing the route to 191.1.7.7

  1 191.1.48.4 0 msec 9 msec 0 msec
  2 191.1.34.30 msec 0 msec 8 msec
  3 191.1.23.20 msec 9 msec 0 msec
  4 191.1.27.7 8 msec *  0 msec

With Frame Relay down:

r3(config)#int s0/0:0
r3(config-if)#shut

sw2#trace 191.1.7.7

Type escape sequence to abort.
Tracing the route to 191.1.7.7

  1 191.1.48.40 msec 0 msec 8 msec
  2 191.1.45.50 msec 0 msec 0 msec
  3 191.1.125.1 8 msec 9 msec 0 msec
  4 191.1.125.2 8 msec 9 msec 8 msec
  5 191.1.27.7 8 msec *  0 msec

This is a pretty easy to lose track of your IGP build because the last two tasks have you building buttloads of areas.  Make sure to look at your IGP diagram and figure out where your virtual-links need to be built.

3.4 OSPF Filtering

“Configure the network so that r2 filters all routing advertisements to sw1 with the exception of a default route.”
“Do not use a distribute-list or prefix-list to accomplish this.”

Sounds like a stub network to me.  Now to decide which flavor of OSPF stub to use.

We are redistributing int lo0 on sw1:

router ospf 100
 router-id 150.1.7.7
 redistribute connected subnets route-map CONN->OSPF
!
route-map CONN->OSPF permit 10
 match interface Loopback0
 set tag 71

We’ll need to use NSSA with a default route.

area nssa

I had the right idea, but I missed the ‘no-redistribution’ keyword

no-redistribution
 (Optional) Used when the router is an NSSA Area Border Router (ABR) and you want the redistribute command to import routes only into the normal areas, but not into the NSSA area.
 
no-summary
 (Optional) Allows an area to be a not-so-stubby area but not have summary routes injected into it.

The IE solution guide says that the last two subtasks (see above) means that that sw1 should not see a specific route to sw1’s loopback.  I did not get that from reading the task, but it’s obvious that is what is meant if you look at the OSPF routes on sw1 without the no-redistribution keyword:

area 27 nssa no-summary (on r2):
sw1#sh ip route os
     150.1.0.0/24 is subnetted, 2 subnets
O N2    150.1.2.0 [110/20] via 191.1.27.2, 00:00:17, FastEthernet0/14
O*IA 0.0.0.0/0 [110/2] via 191.1.27.2, 00:00:22, FastEthernet0/14

area 27 nssa no-redistribution no-summary (on r2):
sw1#sh ip route os
O*IA 0.0.0.0/0 [110/2] via 191.1.27.2, 00:00:04, FastEthernet0/14

The solution guide has a very detailed write up about this task.

3.5 OSPF Authentication

All area 0 adjacencies should use MD5 hash and all non-area 0 adjacencies should use a clear-text password.

area authentication

message-digest
 (Optional) Enables Message Digest 5 (MD5) authentication on the area specified by the area-id argument.
 
Defaults
Type 0 authentication (no authentication)

ip ospf authentication-key

ip ospf authentication

The biggest pitfall in this task is that you need to remember that OSPF virtual-links are area 0 links (and will require md5 authentication in this task).  Don’t get thrown off by the fact that the virtual-link command shows the area that the link is transversing (i.e. ‘area 12virtual-link 150.1.2.2′) and think that you should apply the authentication method for that non-zero area.

3.6 Default Routing

You’re asked to inject a default route into the OSPF domain on r3 with this stipulation:

“In order to prevent the unnecessary forwarding of traffic that will eventually be dropped, ensure that r3 only advertises this default route if it has an active connection to either bb2 or bb3.”

I was completely lost on this task.  I knew that I needed to use ‘default-information originate’ to inject the default route, but I didn’t know how to make that route conditional.

This is one of those case where you can harvest some points from the DOC:

default-information originate (OSPF)

route-map map-name
 (Optional) Routing process will generate the default route if the route map is satisfied.

3.7 RIPv2

“r3 should not accept any routes from bb3 that have an odd number in the first octet.”

Sweet.  I’ll write an ACL and us an offset-list to poison those routes…..or not:

“Do not use a distribute-list or an offset-list to accomplish this.”

Shit.  What’s the third way?  I got stumped on this one and I really shouldn’t have been:

distance (IP)

r3#sh run | sec router rip|access-list
router rip
 version 2
 passive-interface default
 no passive-interface FastEthernet0/1
 network 204.12.1.0
 distance 255 204.12.1.254 0.0.0.0 69
 no auto-summary
!
access-list 69 permit 1.0.0.0 254.255.255.255

Before:
r3(config)#do sh ip route rip
     31.0.0.0/16 is subnetted, 4 subnets
R       31.3.0.0 [120/1] via 204.12.1.254, 00:00:04, FastEthernet0/1
R       31.2.0.0 [120/1] via 204.12.1.254, 00:00:04, FastEthernet0/1
R       31.1.0.0 [120/1] via 204.12.1.254, 00:00:04, FastEthernet0/1
R       31.0.0.0 [120/1] via 204.12.1.254, 00:00:04, FastEthernet0/1

     30.0.0.0/16 is subnetted, 4 subnets
R       30.2.0.0 [120/1] via 204.12.1.254, 00:00:04, FastEthernet0/1
R       30.3.0.0 [120/1] via 204.12.1.254, 00:00:04, FastEthernet0/1
R       30.0.0.0 [120/1] via 204.12.1.254, 00:00:04, FastEthernet0/1
R       30.1.0.0 [120/1] via 204.12.1.254, 00:00:04, FastEthernet0/1

After:
r3#sh ip route rip
     30.0.0.0/16 is subnetted, 4 subnets
R       30.2.0.0 [120/1] via 204.12.1.254, 00:00:02, FastEthernet0/1
R       30.3.0.0 [120/1] via 204.12.1.254, 00:00:02, FastEthernet0/1
R       30.0.0.0 [120/1] via 204.12.1.254, 00:00:02, FastEthernet0/1
R       30.1.0.0 [120/1] via 204.12.1.254, 00:00:02, FastEthernet0/1

I’m not sure why IE redistributed r6’s lo0 into RIP.  The subtask states:

“Advertise r6’s loopback 0 into RIP.”

The IE solution shows the 150.1.0.0 network advertised under the RIP process as well as the loopback 0 interface redistributed (via connected) into RIP.  Strange. 

I’m not the only one confused by this: 

Task 3.7

3.8 IGP Redistribution

“Redistribute between OSPF and RIP on r3.”

This has to be the easiest IGP redistribution scenario yet.  I only have to deal with RIP and OSPF and

I’m tasked with mutual redistribution on a single device.  Of course there are these requirements:

“All routers in the OPSF domain should have a longer match for r6’s interface loopback 0.”
“No other routes should be redistributed from RIP to OSPF.”

Huh?

IE says that this means:

“…simply means that RIP should be redistributed into OSPF, but when RIP is redistributed into OPSF the only prefix the should be allowed is r6’s loopback 0 network.”

Lab 6 Task 3.8 IGP redistribution

Task 3.8

Rereading this task (after messing up my configuration) I understand it now.  The last subtask specifies that only r6’s loopback should be redistributed from RIP to OSPF.  This task was like an optical illusion to me.  Once I understood what they wanted, I couldn’t figure out how I had missed it before.  :-) 

I completely screwed this task up.  If I got this in the lab I would have failed for sure.

3.9 EIGRP

You’ll start seeing this message soon after your EIGRP adjacency comes up:

*Mar  5 08:49:19.600: IP-EIGRP(Default-IP-Routing-Table:10): Neighbor 54.1.2.254 not on common subnet for Serial0/0

“…configure r6 so that it does not accept any EIGRP packets on the Frame Relay interface except for those sent from BB1.”

Oh fun.  :-(

You have to be careful when building your ACL so that you don’t break EIGRP. Don’t forget to add a permit at the end of your ACL:

ip access-list extended EIGRP_FILTER
 permit eigrp host 54.1.3.254 any
 deny   eigrp any any
 permit ip any any <-IMPORTANT!!!

3.10 VPN Routing

I nearly crapped myself when I saw ‘VPN’.  It turns out that this is a rather easy GRE tunnel task.

“As an additional integrity check ensure that any corrupt packets received on the VPN interface are discarded.”

tunnel checksum 
 

January 27, 2008

Internetwork Expert Volume III: Lab 4 – Section 4

Interior Gateway Routing – 27 Points

4.1 Bridging

“Disable ip routing on r6″

r6(config)#no ip routing

“Bridge IP between the Frame Relay and Ethernet segments on r6″

That explains why fa0/0 does not have an IP address configured. :-)

After this task, I can finally ping bb1:

r6#p 54.1.10.254

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 54.1.10.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5),
round-trip min/avg/max = 100/286/1032 ms

4.2 Bridging

This task confused the crap out of me.  My bridging skills are pretty poor.

“Configure the IP address of 54.1.10.6/24 on r6.”

Ummmm….that’s already configured as the IP address of the Frame connection to bb1.  I guess that we’re going to use the same IP address for fa0/0 as well.

“r6 should have reachability to any address of the 54.1.10.0/24 subnet.”
“Don’t use IRB for this task.”

No IRB.  CRB?  Actually, the IE solution doesn’t use IRB or CRB.  The last two subtasks are basically red herrings.  I will need to review bridging.

r6#sh bridge 1 group

Bridge Group 1 is running the IEEE compatible Spanning Tree protocol

   Port 4 (FastEthernet0/0) of bridge group 1 is forwarding
   Port 11 (Serial0/0.1 Frame Relay) of bridge group 1 is forwarding

r6#sh ip int br | i 54.1.10.6
FastEthernet0/0            54.1.10.6       YES manual up                    up
Serial0/0.1                54.1.10.6       YES manual up                    up

r6#p 54.1.10.254

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 54.1.10.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5),
round-trip min/avg/max = 48/89/100 ms

r6#p 54.1.10.100

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 54.1.10.100, timeout is 2 seconds:
…..
Success rate is 0 percent (0/5)

I can’t ping r4 but I can ping bb1.  This poster has the opposite problem:

Task 4.2 can not ping 54.1.10.254

r6#sh cdp neigh
Capability Codes: R – Router, T – Trans Bridge, B – Source Route Bridge
                  S – Switch, H – Host, I – IGMP, r – Repeater

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
BB1              Ser 0/0.1          147       R T S I     2821      Ser 0/0/0:0.401
sw2              Fas 0/0            174         S I       WS-C3560- Fas 0/6
r6#

sw2#sh run int fa0/6
interface FastEthernet0/6 <-that’s a minimal configuration :-)
end

How did I miss this?????  Because the port on r6 was initially shut down so I didn’t see it with “show cdp neighbor” on sw2.  Arrgh!!!  I need vlan 46 assigned to this port.

sw2(config)#int fa0/6
sw2(config-if)#swit acc vl 46

r6#p 54.1.10.100

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 54.1.10.100, timeout is 2 seconds:
!!!!!

I guess that I can take solace in the fact that I was able to find my mistake.  I just barely missed going down a deep rabbit hole chasing bridging options.

4.3 RIPv2

I initially thought that there was an error in the IE lab because although r6 was shown as running RIP on the protocol diagram, there was no mention of r6 in the task.  That’s because r6 is bridging the 54.1.10.0/24 network.  I turned off ip routing in task 4.1 so I wouldn’t be able to configure RIP on r6:

r6(config)#router rip
IP routing not enabled

This means that we should be able to see the routes from bb1(54.1.10.254) on r4:

r4#sh ip route rip | i 54.1.10.254
R    212.18.1.0/24 [120/1] via 54.1.10.254, 00:00:12, FastEthernet0/0
R    212.18.0.0/24 [120/1] via 54.1.10.254, 00:00:12, FastEthernet0/0
R    212.18.3.0/24 [120/1] via 54.1.10.254, 00:00:12, FastEthernet0/0
R    212.18.2.0/24 [120/1] via 54.1.10.254, 00:00:12, FastEthernet0/0

4.4 Network Redundancy

backup interface

Hmmmm….this is the reason for the point-to-point subinterface on r4 back in task 3.2

r4#sh ip int br | i Serial
Serial0/0                  unassigned      YES NVRAM  up                    up
Serial0/0.1                unassigned      YES unset  up                    up
Serial0/1                  152.1.54.4      YES NVRAM  standby mode          down

r4#sh backup
Primary Interface   Secondary Interface   Status
—————–   ——————-   ——
Serial0/0.1         Serial0/1             normal operation

4.5 EIGRP

Basic.

4.6  OSPF

“Use the OSPF network type that was specifically designed to handle issues with routers on the same logical IP subnet not having direct communication with each other.”

Remember that we have a multipoint subinterface on the hub (r3) and point-to-point subinterfaces on the hubs (r1 and r2).  The task calls for the point-to-multipoint OSPF network type.

r3#sh ip os nei

Neighbor ID     Pri   State           Dead Time   Address         Interface
150.1.2.2         0   FULL/  –        00:01:49    152.1.123.2     Serial0/0:0.1
150.1.1.1         0   FULL/  –        00:01:54    152.1.123.1     Serial0/0:0.1

r3#sh ip route os
     152.1.0.0/16 is variably subnetted, 5 subnets, 2 masks
O       152.1.123.2/32 [110/65] via 152.1.123.2, 00:00:07, Serial0/0:0.1
O       152.1.123.1/32 [110/65] via 152.1.123.1, 00:00:07, Serial0/0:0.1

4.7 OSPF

Basic

4.8 OSPF

In this task you need to advertise the loopbacks on r1 and r2 into area 0.  But r1 and r2 are not in area 0.  Time for a couple of virtual circuits.

4.9 OSPF Loopback Advertisement

“Advertise the Loopback0 networks of r3 and sw1 into OSPF.”
“These networks should appear in each other routing tables as intra-area routes.”

Since I’m not told which area to advertise the loopbacks into, can’t I just make this simple by advertising both loopbacks into area 37?  Answer: YES!

sw1#sh ip route | i 150.1.3.
O       150.1.3.3/32 [110/2] via 152.1.37.3, 00:00:37, Vlan37

r3#sh ip route | i 150.1.7.
O       150.1.7.7/32 [110/2] via 152.1.37.7, 00:00:00, FastEthernet0/0

4.10 IGP Redistribution

Four points of mutual redistribution.  Ugh.  The first two points are no worry (discontiguous RIP).  The other two are dangerous though.  I’ll work on those in task 4.11

4.11 Redistribution Loop Prevention

“Ensure that EIGRP extenal routes that are redistributed into OSPF on r1 and r2 do not get redistributed back into EIGRP.”
“Use AD to accomplish this.”

Here is a (simplified) view of the the two network redistribution points on r1 and r2:
                         ————(D)r1(O)———–
r4(R<->D)—r5(D)                                     (O)r3—(O<->R)sw1
                         ————(D)r2(O)———–
If we do mutual redistribution between EIGRP and OSPF on r1 and r2 we’re going to have problems with D EX routes (AD of 170) being reflected back into the EIGRP domain.  We’re given the method for preventing this.

I missed an issue on sw1 though:

Task 4.11 Redist Loop Prevention

You need to change the RIP distance or SW1 sees the routes learnt from BB3 as OSPF external routes which it uses over the correct RIP routes. if you check the routing table on SW1, the next hop for all the BB3 subnets is R3. This is resolved by changing the AD [router rip - distance 109].

January 20, 2008

Internetwork Expert Volume II: Lab 3 – Section 4

Interior Gateway Routing – 21 Points

4.1 OSPF

“Ensure that r2 (spoke) uses r5(hub) as the next hop to reach r4(spoke), and vice versa.”

OSPF Commands

This is a tailor-made case for the OSPF network type point-to-multipoint. 

I did have a strange error pop up during this configuration:

r5(config-router)#int s0/0.245
r5(config-subif)#ip os net point-to-mu
OSPF: Cost or database-filter option is required for point-to-multipoint broadcast network
OSPF: Neighbor 136.1.245.2 command options invalid – neighbor not configured
OSPF: Cost or database-filter option is required for point-to-multipoint broadcast network
OSPF: Neighbor 136.1.245.4 command options invalid – neighbor not configured
*Mar  1 01:23:14.170: %OSPF-5-ADJCHG: Process 100, Nbr 0.0.0.0 on Serial0/0.245 from ATTEMPT to DOWN, Neighbor Down: Interface down or detached
*Mar  1 01:23:14.170: %OSPF-5-ADJCHG: Process 100, Nbr 0.0.0.0 on Serial0/0.245 from ATTEMPT to DOWN, Neighbor Down: Interface down or detached
*Mar  1 01:23:14.238: %OSPF-5-ADJCHG: Process 100, Nbr 150.1.2.2 on Serial0/0.245 from LOADING to FULL, Loading Done

r5(config-subif)#do sh run int s0/0.245
interface Serial0/0.245 multipoint
 description ->r2, r4 FR HnS
 ip address 136.1.245.5 255.255.255.0
 ip ospf network point-to-multipoint
 frame-relay map ip 136.1.245.2 502 broadcast
 frame-relay map ip 136.1.245.4 504 broadcast
end

There is an excellent breakdown on the point-to-multipoint network type in the IE solution guide.

4.2 OSPF

Read the task carefully:

“Do not use the ip ospf network type ON R5 to accomplish this.”

This doesn’t say anything about r1.

r5#sh ip os int Serial0/0.15 | i Type
  Process ID 100, Router ID 150.1.5.5, Network Type POINT_TO_POINT, Cost: 64

Let’s change r1’s OSPF network type to point-to-point as well:

r1(config)#int s0/0
r1(config-if)#ip os net point-to-point

r1#sh ip os nei

Neighbor ID     Pri   State           Dead Time   Address         Interface
150.1.5.5         0   FULL/  -        00:00:38    136.1.15.5      Serial0/0

r1#sh ip route os
     136.1.0.0/16 is variably subnetted, 7 subnets, 2 masks
O       136.1.245.4/32 [110/129] via 136.1.15.5, 00:00:04, Serial0/0
O       136.1.245.5/32 [110/65] via 136.1.15.5, 00:00:04, Serial0/0
O       136.1.245.2/32 [110/129] via 136.1.15.5, 00:00:04, Serial0/0
O IA    136.1.4.0/24 [110/130] via 136.1.15.5, 00:00:04, Serial0/0
O IA    136.1.44.0/24 [110/130] via 136.1.15.5, 00:00:04, Serial0/0

4.3  OSPF

Easy task.  Advertise loopbacks into OSPF with /24 mask.  Just change the OSPF network type from LOOPBACK to POINT-TO-POINT on the loopback 0 interfaces.

4.4 OSPF

Configure the PTP connection from r4 to r5 in area 45 and use it only as a backup link when the Frame Relay link drops.

“Do not user the ‘backup interface’ command to accomplish this.”

I was stumped on this one initially.  I shut the Frame interface on r4 and the OSPF routes changed to the PTP link.  What I initially overlooked was that when that r4 Frame link drops, areas 4 and 44(on r4) will not have a connection to area 0.  I’ll need a virtual-link.

“Virtual-links can be used to repair broken connections to area 0, connect discontiguous area to area 0, and connect discontiguous area0s.”

The method to “trigger” the PTP connection: just give it a higher metric than the Frame Relay link.  When the Frame link drops, then traffic will route over the PTP.

ip ospf cost

area virtual-link

4.5 OSPF

“You are concerned about false routing information being injected into OSPF area 0.  In order to verify the legitimacy of routing information, configure all area 0 adjacencies to be authenticated with a secure hash value of the password CISCO.”

area authentication

Good to know:

Note:To remove the specified area from the software configuration, use the no area area-id command (with no other keywords). That is, the no area area-id command removes all area options, such as area authentication, area default-cost, area nssa, area range, area stub, and area virtual-link.

r1(config-router)#area 0 authentication ?
  message-digest  Use message-digest authentication
r1(config-router)#area 0 authentication message-digest ?
  <cr>

r1(config)#do sh ip os int br
Interface    PID   Area            IP Address/Mask    Cost  State Nbrs F/C
Lo0          100   0               150.1.1.1/24       1     P2P   0/0
Se0/0        100   0               136.1.15.1/24      65    P2P   1/1

r1(config)#int s0/0
r1(config-if)#ip os authentication-key CISCO

I did miss the “Pitfall”:

“A virtual-link is an area 0 adjacency.  If authentication is required for all OSPF area adjacencies, then it must also be configured on all virtual-links.”

I also used “ip os authentication-key CISCO” under the interfaces instead of ‘ip ospf message-digest-key md5 CISCO’.

ip ospf message-digest-key md5

4.6 OSPF

Change OSPF metrics to accommodate 10Gbps connections.

auto-cost

The OSPF metric is calculated as the ref-bw value divided by the bandwidth, with mbps equal to 108 by default, and bandwidth determined by the bandwidth (interface) command. The calculation gives FDDI a metric of 1.

If you have multiple links with high bandwidth (such as FDDI or ATM), you might want to use a larger number to differentiate the cost on those links.

The value set by the ip ospf cost command overrides the cost resulting from the auto-cost command. <-nice to know as per task 4.4

So, a bit of math:

10^8 = 100,000,000

I need to make the OSPF cost for 10Gbps (10,000,000,000) = 2

So:

x/10,000,000,000 = 2
x = 2 * 10,000,000,000
x = 20,000,000,000

r5(config-router)#auto-cost reference-bandwidth ?
  <1-4294967>  The reference bandwidth in terms of Mbits per second

Divide my answer by 1,000,000 (Mbit) = 20,000

r5(config-router)#auto-cost reference-bandwidth 20000
% OSPF: Reference bandwidth is changed.
        Please ensure reference bandwidth is consistent across all routers.

I don’t have a 10Gbps interface on my router…yet :-)  But the task does show that a T1 should have a cost of 12953.  That I can check:

r5(config-router)#do sh ip os int br
Interface    PID   Area            IP Address/Mask    Cost  State Nbrs F/C
Vl1          100   0               136.1.45.5/24      65534 P2P   1/1
Lo0          100   0               150.1.5.5/24       1     P2P   0/0
Se0/0.15     100   0               136.1.15.5/24      12953 P2P   1/1 
Se0/0.245    100   0               136.1.245.5/24     12953 P2MP  2/2
Se0/1        100   45              136.1.45.5/24      65534 P2P   1/1

You can see that s0/1’s hard set cost (65534) is not affected.

You need to apply this command to ALL routers running OSPF in your network.

One interesting bit:

r1:
r1#sh int s0/0 | i BW
  MTU 1500 bytes, BW 1536 Kbit, DLY 20000 usec,
r1#sh ip os int s0/0 | i Cost
  Process ID 100, Router ID 150.1.1.1, Network Type POINT_TO_POINT, Cost: 13020

r5:
r5#sh int s0/0.15 | i BW
  MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
r5#sh ip os int s0/0.15 | i Cost
  Process ID 100, Router ID 150.1.5.5, Network Type POINT_TO_POINT, Cost: 12953

This is another “Ask the proctor” issue.  You can easily change this:

r1(config)#int s0/0
r1(config-if)#bandwidth 1544
r1(config-if)#do sh int s0/0 | i BW
  MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
r1(config-if)#do sh ip os int s0/0 | i Cost
  Process ID 100, Router ID 150.1.1.1, Network Type POINT_TO_POINT, Cost: 12953

4.7  EIGRP

“Do not send EIGRP hello packets out any other interfaces.”
“Do not use the ‘passive interface’ command under the EIGRP process”

“under the EIGRP process”…is there a way to do this under the interface itself?

EIGRP Commands

I couldn’t find anything like that.  What about the neighbor command?

That won’t work either.

I completely overthought this one.  :-(

Just add a network mask to your EIGRP network statement:

router eigrp 100
 net 150.1.6.6 0.0.0.0

Why can’t I see r6’s loopback (150.1.6.6) on r2 or r3 or r1?

Did I forget a “no auto” statement? No. 
Something to do with router on a stick? No.
Ummmm….I forgot to advertise VLAN 16 and VLAN 36 on r6. (I caught this before consulting the solutions guide)

Nicely played.  I am learning to verify routes as I go.  :-)

4.8  RIPv2

“…use the strongest authentication on any RIP updates…”
“Do not enable RIP on any other interfaces.”

Configuring Routing Information Protocol

Enabling RIP Authentication

ip rip authentication mode
ip rip authentication mode {text | md5}

Usage Guidelines
RIP Version 1 does not support authentication. <- we use RIPv2 in the lab

passive-interface
passive-interface
 Disables sending routing updates on an interface. 

IE solution shows r5 and sw1 with “passive-interface default”, but not r6???  Why?

Answer: r6 has no overlapping classful interfaces:

r6#sh ip int br | e ass
Interface                  IP-Address      OK? Method Status                Protocol
Serial0/0                  54.1.3.6        YES NVRAM  up                    up
FastEthernet0/1            204.12.1.6      YES NVRAM  up                    up
BVI1                       136.1.136.6     YES manual up                    up
Loopback0                  150.1.6.6       YES NVRAM  up                    up

r5 and sw1 do:

r5#sh ip int br | e ass
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            192.10.1.5      YES NVRAM  up                    up
Serial0/0.15               136.1.15.5      YES NVRAM  up                    up
Serial0/0.245              136.1.245.5     YES NVRAM  up                    up
FastEthernet0/1            136.1.57.5      YES NVRAM  up                    up
Serial0/1                  136.1.45.5      YES NVRAM  up                    up
Loopback0                  150.1.5.5       YES NVRAM  up                    up

sw1:
sw1#sh ip int br | e ass
Interface              IP-Address      OK? Method Status                Protocol
Vlan7                  136.1.7.7       YES NVRAM  down                  down
Vlan57                 136.1.57.7      YES NVRAM  up                    up
Loopback0              150.1.7.7       YES NVRAM  up                    up

Why is vlan7 down?

sw1#sh run int vlan7
interface Vlan7
 ip address 136.1.7.7 255.255.255.0
end

sw1#sh vlan id 7
VLAN id 7 not found in current VLAN database

That’s the reason.  :-)

Initial Configuration for switching …. IE Lab 3

I’ll go ahead and add vlan 7:

23:39:05: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan7, changed state to up

VLAN7 is not included in IE’s solution either.  They configured “no passive-interface vlan57″, but make no mention of vlan7.  Even though the task requires:

“Enable RIP on VLAN7…”

Task 4.8 – passive interface VLAN7 on SW1 

4.9  IGP Redistribution

ICK!!!

“Redistribute where necessary to obtain full IP reachabiltity to all advertised networks.”
“r5 should route through r1 to get to the prefixes learned from bb1″
“r5 should route through r2 to get to the prefixes learned from bb3″

Looking at my diagram, I have 4 possible point of redistribution:

r1 – OSPF 100 (110)  |  EIGRP 100 (90)
r2 – OSPF 100 (110)  |  EIGRP 100 (90)
r5 – OSPF 100 (110)  |  RIP (120)
r6 – EIGRP 100 (90)  |  RIP (120)

My AD matra: “Lower to higher is good.  Higher to lower is bad.”

Tasks 2 and 3 mean that I need to redistribute RIP into EIGRP on r6 and then redistribute EIGRP into OSPF on r1 and r2.  I’ll set up route maps to filter what routes are redistributed at those points.

I’m really proud of myself.  I finished this task by myself.  I met the requirements for each task, but I used a slightly different method than IE.

Differences:
1) I did not redistribute OSPF into EIGRP on both r1 and r2.  Only on r1.  There was no requirement to do it on both routers and it cut the chance of loops down.
2) I tagged the routes on r6 based on the incoming interface (fa0/1 for BB3 and s0/0 for BB1).  I redistributed all of the routes except the routes tagged from BB1 through r1 into OSPF.  I redistributed the BB1 routes into OSPF through r2 (thinking about this now, I could have probably gotten by just tagging the BB1 routes).

This task took me FOREVER, but I did complete it successfully.

I will say that the IE solution manual is VERY light on explaining their route redistribution answer.

January 17, 2008

Internetwork Expert Volume III: Lab 2 – Section 4

Interior Gateway Routing – 27 Points

4.1 RIPv2

The IE solution confused me at first.  Why did they configure “neighbor (RIP)” statements on both routers?  The answer came when I noticed that they had not configured “no passive-interface” for the serial links.  A subtask read:

“Use the passive-interface default” command on both r1 and r2.”

I didn’t read that to mean that you could not use “no passive-interface” on any interfaces. 

Here’s why you need to the neighbor command:

Without neighbor:

r1(config-router)#do sh run | sec router rip
router rip
 version 2
 redistribute connected metric 1 route-map CONN->RIP
 passive-interface default
 network 161.1.0.0
 no auto-summary

r2(config-router)#do sh run | sec router rip
router rip
 version 2
 redistribute connected metric 1 route-map CONN->RIP
 passive-interface default
 network 161.1.0.0
 no auto-summary

r1(config-router)#do sh ip route rip

r1(config-router)#

All of the interfaces are passive.  In RIP, a passive-interface means that you cannot send any routing updates on that interface.  In this case, we’re not sending any RIP routing updates because all of the interfaces are passive.  The easy way (the way I did it) is to simply take the interfaces between r1 and r2 out of passive.  If this is prohibited, then use the RIP neighbor statement.

neighbor (RIP)

With neighbor:

r1#sh run | sec router rip
router rip
 version 2
 redistribute connected metric 1 route-map CONN->RIP
 passive-interface default
 network 161.1.0.0
 neighbor 161.1.12.1
 no auto-summary

r2#sh run | sec router rip
router rip
 version 2
 redistribute connected metric 1 route-map CONN->RIP
 passive-interface default
 network 161.1.0.0
 neighbor 161.1.12.1
 no auto-summary

r1#sh ip route rip
     161.1.0.0/24 is subnetted, 3 subnets
R       161.1.23.0 [120/1] via 161.1.12.2, 00:00:02, Serial0/0/0
     150.1.0.0/24 is subnetted, 2 subnets
R       150.1.2.0 [120/1] via 161.1.12.2, 00:00:02, Serial0/0/0

4.2 OSPF

Simple redistribution of loopbacks using route-maps.

4.3 OSPF

“Do not change the default OSPF network type of non-broadcast.”

r3#sh ip os int s0/0/0 | i Type|Hello
  Process ID 100, Router ID 150.1.3.3, Network Type NON_BROADCAST, Cost: 64
  Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
    Hello due in 00:00:26

r4#sh ip os int Serial0/0/0.403 |  i Type|Hello
  Process ID 100, Router ID 150.1.4.4, Network Type POINT_TO_POINT, Cost: 64
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:09

This is another “interpretation” question.  The task says nothing about changing the default OPSF type of Point-To-Point on r4.  :-)  Make sure that you configure a neighbor statement on r4 as well so your updates are unicast.

Don’t go down the rabbit hole of changing the OSPF hello intervals.  You’ll get an adjacency but no LSAs (because non-broadcast needs a DR and ptp does not).

r4(config)#router os 100
r4(config-router)#net 150.1.4.4 0.0.0.0 ar ea 0  <- to check routes on r3

r3(config)#int s0/0/0
r3(config-if)#ip os hello 10
r3(config-if)#^Z

r3#sh ip os neigh

Neighbor ID     Pri   State           Dead Time   Address         Interface
150.1.4.4         1   FULL/BDR        00:00:39    161.1.34.4      Serial0/0/0

r3#sh ip route os

r3#

4.4 OSPF

Easy task.  I ran into an MTU issue.  Good practice for the lab: 

r5#sh ip os neigh

Neighbor ID     Pri   State           Dead Time   Address         Interface
150.1.4.4         0   FULL/  –        00:00:36    161.1.45.4      Serial0/0/0
150.1.8.8         1   DOWN/DROTHER       –        161.1.5.9       FastEthernet0/0

*Jan 16 20:55:12.254: %OSPF-5-ADJCHG: Process 100, Nbr 150.1.8.8 on FastEthernet0/0 from DOWN to DOWN, Neighbor Down: Ignore timer expired

r5#sh int fa0/0 | i MTU
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

sw2#sh system mtu
System MTU size is 1500 bytes
System Jumbo MTU size is 1504 bytes
Routing MTU size is 1500 bytes

r5(config-router)#int fa0/0
r5(config-if)#ip ospf ?

  mtu-ignore           Ignores the MTU in DBD packets

r5(config-if)#ip ospf mtu-ignore

r5#sh ip os neigh

Neighbor ID     Pri   State           Dead Time   Address         Interface
150.1.4.4         0   FULL/  –        00:00:32    161.1.45.4      Serial0/0/0
150.1.8.8         1   FULL/DR         00:00:35    161.1.5.9       FastEthernet0/0

4.5 OSPF

Advertise in loopbacks but do not associate with an area.   Use redistribution of connected interfaces with a route-map. 

Speed Tip: You can use the same commands on each device- just cut and paste (I did change the tag on each device though):

route-map CONN->OSPF permit 10
 description Task 4.5
 match interface Loopback0
 set tag 31
!
router ospf 100
redistribute connected subnets route-map CONN->OSPF

4.6 OSPF

Easy task with summaries.  Task gives you the actual summaries to advertise, so no binary!!  :-)

You will need when and why to use area range versus summary-address.

area range

summary-address (OSPF)

4.7 OSPF Redistribution

Advertise vlan 43 on r4.  Do not use network statement.

We’re already redistributing connected, so let’s just add int fa0/0 to that existing route-map:

r4(config-router)#do sh run | sec route-map CONN->OSPF
route-map CONN->OSPF permit 10
 description Task 4.5
 match interface Loopback0
 set tag 41
r4(config-router)#route-map CONN->OSPF permit 10
r4(config-route-map)#match int fa0/0
r4(config-route-map)#do sh run | sec route-map CONN->OSPF
route-map CONN->OSPF permit 10
 description Task 4.5
 match interface Loopback0 FastEthernet0/0
 set tag 41

4.8 EIGRP

Very basic EIGRP configuration. 

4.9 EIGRP Redistribution

You’re asked to redistribute in some loopbacks.  This task will affect your IGP redistribution.

Speed Tip: Reuse commands to save time (I do alter the tags on each device):

redist conn route-map CONN->EIGRP met 1 1 1 1 1
route-map CONN->EIGRP permit 10
 description task 4.9
 match interface Loopback0
 set tag 61

4.10 IGP Redistribution

The BEAST!!!!  Actually in this lab they tell you what to do, so redistribution is not that difficult.

“Perform mutual redistribution between RIP and OSPF on r2″
“Perform mutual redistribution between OSPF and EIGRP on r4 and r5″

r2
RIP 120 -> OSPF 110
OSPF 110 -> RIP 120

I don’t see any issues on this redistribution because it’s isolated.  We don’t have any RIP routes in the routing table:

r2#sh ip route rip

r2#

The only thing we need to note is that we are already redisting lo0 into RIP:

r2#sh run | sec router rip
router rip
 version 2
 redistribute connected metric 1 route-map CONN->RIP
 passive-interface default
 network 161.1.0.0
 neighbor 161.1.12.1
 no auto-summary

route-map CONN->RIP permit 10
 description Task 4.2 lo0 to rip Tag 21
 match interface Loopback0
 set tag 11

r4 and r5

Our worry here are EIGRP routes redist on one router and then redist back into EIGRP on the other router.

r6’s loopback for instance

r5 learns it via EIGRP (90) from sw2
r5 redistributes it into OSPF (110)
r4 learns it from OSPF (110) and from EIGRP (90)

No problems….right?

Actually….we redistributed that interface into EIGRP in the last task so:

r5(config)#do sh ip route 150.1.6.6
Routing entry for 150.1.6.0/24
  Known via “eigrp 10″, distance 170, metric 2560007936
  Tag 61, type external
  Redistributing via eigrp 10
  Last update from 161.1.58.8 on FastEthernet0/1, 01:23:20 ago
  Routing Descriptor Blocks:
  * 161.1.58.8, from 161.1.58.8, 01:23:20 ago, via FastEthernet0/1
      Route metric is 2560007936, traffic share count is 1
      Total delay is 310 microseconds, minimum bandwidth is 1 Kbit
      Reliability 1/255, minimum MTU 1 bytes
      Loading 1/255, Hops 3
      Route tag 61

r5 learns it via EIGRP (170) from sw2
r5 redists it into OSPF (110)
r4 learns it from OSPF (110) and from EIGRP (170)

r4 is going to send traffic for 150.1.6.6 to r5 via frame (ospf)
r5 will send traffic for 150.1.6.6 to r4

Crap!  We need to make sure that the OSPF AD for those routes is greater than 170.  Which is precisely what we’ll do in the next task.

4.11 Redistribution Loop Prevention

This task was a bit of a bummer because it points out exactly what the problems with mutual redistribution are and how to fix them.

distance

January 13, 2008

Internetwork Expert Volume II: Lab 4 – Section 4

Section 4 – Interior Gateway Routing – 24 Points

4.1 OSPF

Easy Hub-and-Spoke OSPF network. You aren’t allowed to change the OSPF network type on r2(hub).  You can change the network type on the spokes though.

r2#sh ip os int | i Type
  Process ID 100, Router ID 150.1.2.2, Network Type NON_BROADCAST, Cost: 64
r1#sh ip os int | i Type
  Process ID 100, Router ID 150.1.1.1, Network Type POINT_TO_POINT, Cost: 65
r3#sh ip os int | i Type
  Process ID 100, Router ID 150.1.3.3, Network Type POINT_TO_POINT, Cost: 65

Change the network type on the spokes to match the hub and use neighbor statements on the hub.  Remember to configure “ip ospf priority 0″ on the spokes so that the hub is elected as the DR.

4.2 OSPF

“…configure r1 so that the only recipient of its hello packets is bb2.”

Sounds like another job for the “neighbor command”:

r1(config)#router os 100
r1(config-router)#net 192.10.1.1 0.0.0.0 are 51
r1(config-router)#neighbor 192.10.1.254
OSPF: Neighbor command is allowed only on NBMA and point-to-multipoint networks
 

r1(config-if)#do sh ip os int fa0/0 | i Type|Hello
  Process ID 100, Router ID 150.1.1.1, Network Type BROADCAST, Cost: 1
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

r1(config-if)#int fa0/0
r1(config-if)#ip os net non-broadcast

Remember to change the hello interval (the neighbor is going to have a hello interval of 10 because that’s the default for Broadcast)

r1(config-if)#do sh ip os int fa0/0 | i Type|Hello
  Process ID 100, Router ID 150.1.1.1, Network Type NON_BROADCAST, Cost: 1
  Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5
    Hello due in 00:00:03

r1(config-if)#ip os hello 10

r1(config-if)#do sh ip os int fa0/0 | i Type|Hello
  Process ID 100, Router ID 150.1.1.1, Network Type NON_BROADCAST, Cost: 1
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:03

r1(config-if)#do sh ip os neigh

Neighbor ID     Pri   State           Dead Time   Address         Interface
150.1.2.2         1   FULL/DR         00:01:32    141.1.123.2     Serial0/0.1
192.10.1.254      1   FULL/DR         00:00:30    192.10.1.254    FastEthernet0/0

r1(config-if)#do sh ip route os
     51.0.0.0/32 is subnetted, 1 subnets
O E2    51.51.51.51 [110/20] via 192.10.1.254, 00:02:08, FastEthernet0/0

There is an excellent breakdown for this task in the IE solution guide.

4.3 OSPF

“sw3 and sw4 should use sw2 as their default-gateway.”

sw3(config)#do sh ip int br | e ass
Interface              IP-Address      OK? Method Status                Protocol
Vlan255                141.1.255.9     YES manual up                    up

sw4(config)#do sh ip int br | e ass
Interface              IP-Address      OK? Method Status                Protocol
Vlan255                141.1.255.10    YES manual up                    up

sw2(config-router)#do sh ip int br | i Vlan255
Vlan255                141.1.255.8     YES manual up                    up

Use 141.1.255.8 as the default-gateway,

sw3(config)#ip default-gateway ?
  A.B.C.D  IP address of default gateway

sw3(config)#ip default-gateway 141.1.255.8

sw3#p 141.1.255.8

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 141.1.255.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/201/1000 ms

sw3#sh ip route
Default gateway is 141.1.255.8

Host               Gateway           Last Use    Total Uses  Interface
ICMP redirect cache is empty

Weird.  I couldn’t find “ip default-gateway” in either the 3550 or 3560 command guide.

4.4 OSPF

“configure the network so that route in OSPF area 1 do not see any inter-area or external OSPF routes.”

area nssa

Configuring OSPF NSSA

NSSAs

With the no-summary keyword, the NSSA ABR will not advertise the inter-area routes (Type 3 and Type 4 summary routes) inside the NSSA, instead will advertise a default route. This default route will be propagated inside the NSSA as Type 3 LSA.

Before:
sw2#sh ip route os
     51.0.0.0/32 is subnetted, 1 subnets
O E2    51.51.51.51 [110/20] via 141.1.0.2, 13:05:22, Vlan258
     141.1.0.0/24 is subnetted, 5 subnets
O IA    141.1.123.0 [110/65] via 141.1.0.2, 13:05:22, Vlan258
O IA 192.10.1.0/24 [110/66] via 141.1.0.2, 13:05:22, Vlan258
     150.1.0.0/16 is variably subnetted, 4 subnets, 2 masks
O IA    150.1.3.3/32 [110/66] via 141.1.0.2, 13:05:22, Vlan258
O IA    150.1.2.2/32 [110/2] via 141.1.0.2, 13:05:22, Vlan258
O IA    150.1.1.1/32 [110/66] via 141.1.0.2, 13:05:22, Vlan258

area nssa only:
sw2#sh ip route os
     141.1.0.0/24 is subnetted, 5 subnets
O IA    141.1.123.0 [110/65] via 141.1.0.2, 00:00:18, Vlan258
O IA 192.10.1.0/24 [110/66] via 141.1.0.2, 00:00:18, Vlan258
     150.1.0.0/16 is variably subnetted, 4 subnets, 2 masks
O IA    150.1.3.3/32 [110/66] via 141.1.0.2, 00:00:18, Vlan258
O IA    150.1.2.2/32 [110/2] via 141.1.0.2, 00:00:18, Vlan258
O IA    150.1.1.1/32 [110/66] via 141.1.0.2, 00:00:18, Vlan258

I’m still seeing inter-area routes.  Let’t try:

area nssa no-summary
 (Optional) Allows an area to be a not-so-stubby area but not have summary routes injected into it.

area nssa no-summary (configured on ASRs only):
sw2#sh ip route os
O*IA 0.0.0.0/0 [110/2] via 141.1.0.2, 00:00:05, Vlan258

Remember the loopback that we redistributed into OSPF on sw2 (area 1)?  It shows up on the ASRs as an N1 route:

r2#sh ip route | i 150.1.8.0
O N2    150.1.8.0/24 [110/20] via 141.1.0.8, 00:11:09, GigabitEthernet0/0

r5#sh ip route | i 150.1.8.0
O N2    150.1.8.0 [110/20] via 141.1.0.8, 00:13:57, FastEthernet0/1

It will show up as an E2 route in area 0:
r3#sh ip route | i 150.1.8.0
O E2    150.1.8.0/24 [110/20] via 141.1.123.2, 00:18:12, Serial0/0:0.1

4.5 OSPF

“Configure OSPF area 2 on the Ethernet, Frame Relay, and PPP segments between r4 and r5.”
“Advertise the Loopback0 interfaces of r4 and r5 into OSPF area 2.”
“You are allowed to add one additional IP subnet to accomplish this.”

That last subtask had me confused.  Area 2 will be configured on three separate links between r4 and r5.  Further complicating issues is that that area 2 has no connection to area 0.  I’ll need to configure a virtual-link across area 1.

The first issue is getting the peering up over the FR link.  I changed the OSPF network type from non-broadcast to point-to-point on each side of the link to accomplish this.

Once the peerings were established, I advertised in the loopbacks on r4 and r5.  At this point the only OSPF route that r4 could see was r5’s loopback:

r4#sh ip route os
     150.1.0.0/16 is variably subnetted, 2 subnets, 2 masks
O       150.1.5.5/32 [110/2] via 141.1.145.5, 00:00:05, FastEthernet0/0

Time to establish the virtual-link.  Is this where the additional subnet will come into play?  Will there be a problem because area 1 is a NSSA Totally Stub Area?

Well, here’s one problem:

r5#sh ip route 141.1.123.2
% Subnet not in table

My virtual-link is not going to work if I don’t have connectivity to area 0. 

Even if I did have connectivity, I cannot build a virtual-link through a stub area:

Creating Virtual Links

Note that virtual links cannot be configured through stub areas.

I think that giving me a subnet means that I can use it to set up a tunnel through area 1. 

tunnel

Since we’re going to tunnel from r5 to r2, let’s use 141.1.25.0/24.

r5
interface Tunnel25
 description ->tunnel to r2 (area2 to area0)
 ip address 141.1.25.5 255.255.255.0
 tunnel source FastEthernet0/1
 tunnel destination 141.1.25.2

r2
interface Tunnel25
 description ->tunnel to r5 (area0 to area2)
 ip address 141.1.25.2 255.255.255.0
 tunnel source GigabitEthernet0/0
 tunnel destination 141.1.25.5

One last thing.  I need to advertise the tunnel interfaces into OSPF.  This is where I boned up.  I initially advertised r5’s tunnel interface into area 2.  Doh!!!  It needs to be in area 0.  I fixed that and everything looked great until:

*Mar  1 22:13:16.319: %TUN-5-RECURDOWN: Tunnel25 temporarily disabled due to recursive routing

Crap!  I need to change my tunnel destination addresses.  I make this mistake so often when configuring tunnels.  :-(

r5#sh run int tu25
interface Tunnel25
 description ->tunnel to r2 (area2 to area0)
 ip address 141.1.25.5 255.255.255.0
 tunnel source FastEthernet0/1
 tunnel destination 141.1.0.2

r2#sh run int tu25
interface Tunnel25
 description ->tunnel to r5 (area0 to area2)
 ip address 141.1.25.2 255.255.255.0
 tunnel source GigabitEthernet0/0
 tunnel destination 141.1.0.5

Now the peering is up:

r5#sh ip os neigh | i 150.1.2.2
150.1.2.2         0   FULL/  –        00:00:34    141.1.25.2      Tunnel25
150.1.2.2         1   FULL/DROTHER    00:00:38    141.1.0.2       Fa0/1

Let’s see if r4 is getting all of the OPSF routes now:

r4#sh ip route os
     51.0.0.0/32 is subnetted, 1 subnets
O E2    51.51.51.51 [110/20] via 141.1.145.5, 00:02:14, FastEthernet0/0
     141.1.0.0/16 is variably subnetted, 10 subnets, 2 masks
O IA    141.1.255.0/24 [110/3] via 141.1.145.5, 00:02:39, FastEthernet0/0
O IA    141.1.8.0/24 [110/3] via 141.1.145.5, 00:02:39, FastEthernet0/0
O IA    141.1.0.0/24 [110/2] via 141.1.145.5, 00:02:39, FastEthernet0/0
O IA    141.1.25.0/24 [110/11112] via 141.1.145.5, 00:02:39, FastEthernet0/0
O IA    141.1.88.0/24 [110/3] via 141.1.145.5, 00:02:39, FastEthernet0/0
O IA    141.1.123.0/24 [110/11176] via 141.1.145.5, 00:02:19, FastEthernet0/0
O IA 192.10.1.0/24 [110/11177] via 141.1.145.5, 00:02:19, FastEthernet0/0
     150.1.0.0/16 is variably subnetted, 6 subnets, 2 masks
O       150.1.5.5/32 [110/2] via 141.1.145.5, 00:02:39, FastEthernet0/0
O IA    150.1.3.3/32 [110/11177] via 141.1.145.5, 00:02:19, FastEthernet0/0
O IA    150.1.2.2/32 [110/11113] via 141.1.145.5, 00:02:19, FastEthernet0/0
O IA    150.1.1.1/32 [110/11177] via 141.1.145.5, 00:02:20, FastEthernet0/0
O E2    150.1.8.0/24 [110/20] via 141.1.145.5, 00:02:15, FastEthernet0/0

Nice!  It took me a while to struggle through this task, but I am pretty proud to have solved it on my own.

There is a nice breakdown in the solution guide.

4.6 OSPF

This task asks you to load balance over the Frame Relay and Ethernet segments between r4 and r5 without using ‘ip ospf cost’.

We are currently using the Ethernet segment between the routers:

r4#sh ip route 150.1.5.5
Routing entry for 150.1.5.5/32
  Known via “ospf 100″, distance 110, metric 2, type intra area
  Last update from 141.1.145.5 on FastEthernet0/0, 00:05:53 ago
  Routing Descriptor Blocks:
  * 141.1.145.5, from 150.1.5.5, 00:05:53 ago, via FastEthernet0/0
      Route metric is 2, traffic share count is 1

I can’t change the cost.  The cost is based on bandwidth, so what if I changed the bandwidth statement to match on the Frame Relay and Ethernet links?  I’ll set the bandwidth statement on s0/0 to 100000 to match fa0/0:

r4(config)#int s0/0
r4(config-if)#band 100000

r4#sh int fa0/0| i BW
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
r4#sh int s0/0| i BW
  MTU 1500 bytes, BW 100000 Kbit, DLY 20000 usec,

r4#sh ip route 150.1.5.5
Routing entry for 150.1.5.5/32
  Known via “ospf 100″, distance 110, metric 2, type intra area
  Last update from 141.1.145.5 on FastEthernet0/0, 00:46:33 ago
  Routing Descriptor Blocks:
  * 141.1.145.5, from 150.1.5.5, 00:46:33 ago, via FastEthernet0/0
      Route metric is 2, traffic share count is 1
    141.1.54.5, from 150.1.5.5, 00:46:33 ago, via Serial0/0
      Route metric is 2, traffic share count is 1

Just need to do the same thing on r5.

4.7 OSPF

This task asks you to configure the PPP link between r4 and r5 to come up only if the Ethernet and Frame Relay connections are down.  You need to detect a failure within 10 seconds.

You have to read this task carefully.  It states that you need to “DETECT a failure of EITHER the Frame or Ethernet link WITHIN10 seconds”, but bring up the PPP link only if “BOTH the Frame and Ethernet segments are down.”

That second bit is normal behavior.  We have three links between r4 and r5, so if two of them go down then traffic will be routed over the PPP link.  When either of the other two links come back up, traffic will stop routing over the PPP link and use either/or both of the other links (better metric).

So it’s the “detect within 10 seconds” part that is the problem.

r5#sh ip os int s0/0 | i Type|Dead
  Process ID 100, Router ID 150.1.5.5, Network Type POINT_TO_POINT, Cost: 1
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
r5#sh ip os int fa0/0 | i Type|Dead
  Process ID 100, Router ID 150.1.5.5, Network Type BROADCAST, Cost: 1
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

We’ll need to change our dead timers to be less than 10 seconds.  The dead timer is 4x the Hello interval, so we’ll set our hello interval to 2 seconds on each side of the Frame and Ethernet links.

r5(config)#int fa0/0
r5(config-if)#ip os hello-interval ?
  <1-65535>  Seconds

r5(config-if)#ip os hello-interval 2
r5(config-if)#int s0/0
r5(config-if)#ip os hello-interval 2

r5#sh ip os int s0/0 | i Type|Dead
  Process ID 100, Router ID 150.1.5.5, Network Type POINT_TO_POINT, Cost: 1
  Timer intervals configured, Hello 2, Dead 8, Wait 8, Retransmit 5
r5#sh ip os int fa0/0 | i Type|Dead
  Process ID 100, Router ID 150.1.5.5, Network Type BROADCAST, Cost: 1
  Timer intervals configured, Hello 2, Dead 8, Wait 8, Retransmit 5

Test:

r4#sh ip route 150.1.5.5
Routing entry for 150.1.5.5/32
  Known via “ospf 100″, distance 110, metric 2, type intra area
  Last update from 141.1.145.5 on FastEthernet0/0, 00:14:19 ago
  Routing Descriptor Blocks:
  * 141.1.145.5, from 150.1.5.5, 00:14:19 ago, via FastEthernet0/0
      Route metric is 2, traffic share count is 1
    141.1.54.5, from 150.1.5.5, 00:14:19 ago, via Serial0/0
      Route metric is 2, traffic share count is 1

r4(config)#int s0/0
r4(config-if)#shutdown
r4(config-if)#int fa0/0
r4(config-if)#shutdown

r4#sh ip route 150.1.5.5
Routing entry for 150.1.5.5/32
  Known via “ospf 100″, distance 110, metric 66, type intra area
  Last update from 141.1.45.5 on Serial0/1, 00:00:03 ago
  Routing Descriptor Blocks:
  * 141.1.45.5, from 150.1.5.5, 00:00:03 ago, via Serial0/1
      Route metric is 66, traffic share count is 1

4.8 RIP

Very basic RIP configuration.  The only “twist” is that you need to suppress RIP updates on some interfaces by using ‘passive-interface’.

“Enable RIP on all other interfaces of SW1″ – make sure you advertise the 150.1.0.0 network

Routing Protocol is “rip”
  Sending updates every 30 seconds, next due in 18 seconds
  Invalid after 180 seconds, hold down 180, flushed after 240
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Redistributing: rip
  Default version control: send version 2, receive version 2
    Interface                 Send  Recv  Triggered RIP  Key-chain
    Vlan7                     2     2
    Vlan77                    2     2
    FastEthernet0/3           2     2
    Loopback0                 2     2

  Automatic network summarization is not in effect
  Maximum path: 4
  Routing for Networks:
    141.1.0.0
    150.1.0.0

4.9 RIP

“Routes learned from BB1 that have an even third octet should be seen with a metric of 10 on r6.”
“The access-list used to accomplish this should only have one line and should be effective for any additional networks learned from bb1 in the future.”

How do I compute complex wildcard masks for access-lists?

offset-list (RIP)

These are the routes that r6 is receiving from bb1:

r6#sh ip route rip | i 54.1.1.254
R    212.18.1.0/24 [120/1] via 54.1.1.254, 00:00:21, Serial0/0
R    212.18.0.0/24 [120/1] via 54.1.1.254, 00:00:21, Serial0/0
R    212.18.3.0/24 [120/1] via 54.1.1.254, 00:00:21, Serial0/0
R    212.18.2.0/24 [120/1] via 54.1.1.254, 00:00:21, Serial0/0

The “secret” to filtering even or odd routes is: “The least significant bit of a binary number determines whether the number is even or odd.  If the least significant bit is not set, then the number must be even.  If the least significant bit is set, then the number must be odd.”

r6(config)#access-list 69 permit 0.0.0.0 255.255.254.255
r6(config)#router rip
r6(config-router)#offset-list 69 in 9 s0/0

r6#clear ip route *
r6#sh ip route rip | i 54.1.1.254
R    212.18.1.0/24 [120/1] via 54.1.1.254, 00:00:03, Serial0/0
R    212.18.0.0/24 [120/10] via 54.1.1.254, 00:00:03, Serial0/0
R    212.18.3.0/24 [120/1] via 54.1.1.254, 00:00:03, Serial0/0
R    212.18.2.0/24 [120/10] via 54.1.1.254, 00:00:03, Serial0/0

4.10 IGP Redistribution

Perform mutual redistribution on r3 and r4.  Well, the good news is that we’re only running RIP and OSPF. :-)

I’ll start with r4:

r4(config)#route-map RIP->OSPF permit 10
r4(config-route-map)#desc Tag RIP with 4120
r4(config-route-map)#set tag 4120
r4(config-route-map)#router ospf 100
r4(config-router)#redist rip sub route-map RIP->OSPF

I should see the bb3 routes on r3 with a tag of 4120

r3#sh ip os data | i Tag|4120
Link ID         ADV Router      Age         Seq#       Checksum Tag
30.0.0.0        150.1.4.4       72          0x80000001 0x009B1F 4120
30.1.0.0        150.1.4.4       72          0x80000001 0x008F2A 4120
30.2.0.0        150.1.4.4       72          0x80000001 0x008335 4120
30.3.0.0        150.1.4.4       72          0x80000001 0x007740 4120
31.0.0.0        150.1.4.4       72          0x80000001 0x008E2B 4120
31.1.0.0        150.1.4.4       72          0x80000001 0x008236 4120
31.2.0.0        150.1.4.4       72          0x80000001 0x007641 4120
31.3.0.0        150.1.4.4       72          0x80000001 0x006A4C 4120
204.12.1.0      150.1.4.4       72          0x80000001 0x0021DD 4120

Sweet!

I shouldn’t have any problems on r4 so I’ll go ahead and redistribute OSPF into RIP:

r4(config)#route-map OSPF->RIP perm 10
r4(config-route-map)#desc Tag OSPF with 4110
r4(config-route-map)#set tag 4110
r4(config-route-map)#router rip
r4(config-router)#redist ospf 100 met 1 route-map OSPF->RIP

Okay…on to r3.  I can redist the OSPF routes into RIP (110 -> 120) with no worries as they will not be reflected back.  I also don’t think that I have to worry about the RIP routes because the RIP domain is not contiguous.

r3(config)#route-map RIP->OSPF perm 10
r3(config-route-map)#desc Tag RIP 3120
r3(config-route-map)#set tag 3120
r3(config-route-map)#router ospf 100
r3(config-router)#redist rip sub route-map RIP->OSPF

Those routes should appear on r4:

r4#sh ip os data | i Tag|3120
Link ID         ADV Router      Age         Seq#       Checksum Tag
54.1.1.0        150.1.3.3       26          0x80000003 0x00C1CA 3120
141.1.6.0       150.1.3.3       26          0x80000003 0x001B15 3120
141.1.7.0       150.1.3.3       26          0x80000003 0x00101F 3120
141.1.36.0      150.1.3.3       26          0x80000003 0x00CF42 3120
141.1.37.0      150.1.3.3       26          0x80000003 0x00C44C 3120
141.1.77.0      150.1.3.3       26          0x80000003 0x000BDD 3120
150.1.6.0       150.1.3.3       26          0x80000003 0x00A581 3120
150.1.7.0       150.1.3.3       26          0x80000003 0x009A8B 3120
212.18.0.0      150.1.3.3       26          0x80000003 0x00F1EB 3120
212.18.1.0      150.1.3.3       26          0x80000003 0x00E6F5 3120
212.18.2.0      150.1.3.3       26          0x80000003 0x00DBFF 3120
212.18.3.0      150.1.3.3       26          0x80000003 0x00D00A 3120

Now for OSPF->RIP:

r3(config)#route-map OSPF->RIP perm 10
r3(config-route-map)#desc Tag OSPF 3110
r3(config-route-map)#set tag 3110
r3(config-route-map)#router rip
r3(config-router)#redist ospf 100 met 1 route-m OSPF->RIP

r6#sh ip route 150.1.4.4
Routing entry for 150.1.4.4/32
  Known via “rip“, distance 120, metric 1
  Tag 3110
  Redistributing via rip
  Last update from 141.1.36.3 on FastEthernet0/0, 00:00:09 ago
  Routing Descriptor Blocks:
  * 141.1.36.3, from 141.1.36.3, 00:00:09 ago, via FastEthernet0/0
      Route metric is 1, traffic share count is 1
      Route tag 3110

At this point I created my ping scripts and tested connectivity (everything pinged) before completing the additional requirements:

“Routers in the OSPF domain should see two summary routes for the networks learned from BB3.”
“Do not overlap any address space when creating these summaries.”

Here are the routes learned from BB3:

r4#sh ip route rip
     31.0.0.0/16 is subnetted, 4 subnets
R       31.3.0.0 [120/1] via 204.12.1.254, 00:00:22, FastEthernet0/1
R       31.2.0.0 [120/1] via 204.12.1.254, 00:00:22, FastEthernet0/1
R       31.1.0.0 [120/1] via 204.12.1.254, 00:00:22, FastEthernet0/1
R       31.0.0.0 [120/1] via 204.12.1.254, 00:00:22, FastEthernet0/1
     30.0.0.0/16 is subnetted, 4 subnets
R       30.2.0.0 [120/1] via 204.12.1.254, 00:00:22, FastEthernet0/1
R       30.3.0.0 [120/1] via 204.12.1.254, 00:00:22, FastEthernet0/1
R       30.0.0.0 [120/1] via 204.12.1.254, 00:00:22, FastEthernet0/1
R       30.1.0.0 [120/1] via 204.12.1.254, 00:00:22, FastEthernet0/1

Let’s figure out our summary routes:

Computing Access-List and Wildcard Pairs

31.0.0.0   00011111  00000000
31.1.0.0   00011111  00000001
31.2.0.0   00011111  00000010
31.3.0.0   00011111  00000011 
AND———————————
Network  00011111  00000000 31.0.0.0

31.0.0.0   00011111  00000000
31.1.0.0   00011111  00000001
31.2.0.0   00011111  00000010
31.3.0.0   00011111  00000011 
XOR———————————
Mask       00000000  00000011 0.3.255.255 – 255.253.0.0

30.0.0.0 00011110  00000000
30.1.0.0 00011110  00000001
30.2.0.0 00011110  00000010
30.3.0.0 00011110  00000011 
AND———————————
                00011110  00000000 30.0.0.0  

30.0.0.0 00011110  00000000
30.1.0.0 00011110  00000001
30.2.0.0 00011110  00000010
30.3.0.0 00011110  00000011 
XOR———————————
               00000000  00000011 0.3.255.255 –  255.252.0.0

So our two summaries will be:

summary-address (OSPF)

r4(config)#router ospf 100
r4(config-router)#summary-address 30.0.0.0 ?
  A.B.C.D  Summary mask

r4(config-router)#summary-address 31.0.0.0 255.252.0.0 tag 4120
r4(config-router)#summary-address 30.0.0.0 255.252.0.0 tag 4120

r4#sh ip ospf summary-address

OSPF Process 100, Summary-address

30.0.0.0/255.252.0.0 Metric 20, Type 2, Tag 4120
31.0.0.0/255.252.0.0 Metric 20, Type 2, Tag 4120

r3 sees theses routes as /14 routes now:

r3#sh ip route | i 30|31
     31.0.0.0/14is subnetted, 1 subnets
O E2    31.0.0.0 [110/20] via 141.1.123.2, 00:00:54, Serial0/0:0.1
     30.0.0.0/14is subnetted, 1 subnets
O E2    30.0.0.0 [110/20] via 141.1.123.2, 00:01:04, Serial0/0:0.1

Now the final subtask:

“The summaries should have a cumulative metric throughout the OSPF domain, while the route to VLAN 43 should always be seen with a metric of 100 throughout the OSPF domain.”

“cumulative metric” = E1 routes.  It looks like we’ll need to set the metric on the VLAN 43 route to 100 and make sure that it is an E2 route.  That route is already an E2, so I just need to change the metric:

r3#sh ip route | i 204.12.1.0
O E2 204.12.1.0/24 [110/20] via 141.1.123.2, 00:50:50, Serial0/0:0.1

I just need to add a line to my RIP->OSPF route-map to set the metric-type to 1.  BUT I need to use the route-map order of operations (which I am very well acquainted with after last week’s LFU) to ensure that I am setting the metric to 100 only for the VLAN43 route:

r4:
ip prefix-list VLAN34 perm 204.12.1.0/24
!
route-map RIP->OSPF permit 10
 description If VLAN43 set metric 100 tag 4120
 match ip address prefix-list VLAN43
 set metric 100
 set tag 4120
route-map RIP->OSPF permit 20
 description If not VLAN43 set E1 tag 4120
 set metric-type type-1
 set tag 4120

r3#sh ip route 204.12.1.0
Routing entry for 204.12.1.0/24
  Known via “ospf 100″, distance 110, metric 100
  Tag 4120, type extern 2, forward metric 11177
  Redistributing via rip
  Advertised by rip metric 1 route-map OSPF->RIP
  Last update from 141.1.123.2 on Serial0/0:0.1, 00:03:38 ago
  Routing Descriptor Blocks:
  * 141.1.123.2, from 150.1.4.4, 00:03:38 ago, via Serial0/0:0.1
      Route metric is 100, traffic share count is 1
      Route tag 4120

r3#sh ip route 30.0.0.0 255.252.0.0
Routing entry for 30.0.0.0/14
  Known via “ospf 100″, distance 110, metric 11197
  Tag 4120, type extern 1
  Redistributing via rip
  Advertised by rip metric 1 route-map OSPF->RIP
  Last update from 141.1.123.2 on Serial0/0:0.1, 00:02:58 ago
  Routing Descriptor Blocks:
  * 141.1.123.2, from 150.1.4.4, 00:02:58 ago, via Serial0/0:0.1
      Route metric is 11197, traffic share count is 1
      Route tag 4120

Next Page »

The Rubric Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 113 other followers