Category: Network Technologies

OSPF: Area range vs Summary address

It seems like an easy one! I mean what could be so hard about area range and summary address command? You will be surprised how many people tend to forget this things or to apply them when not necessary or even worst where is their place to be added. It’s basic knowledge, but sometimes exactly this basic knowledge give us headache.

In the following line, I will try to explain briefly the difference between Area range and Summary address command. First let’s have a look at the following topology:

ospf area range vs summary address

We have mixed network domain with EIGRP and OSPF. From documentation we know that along other routers in OSPF domain we have 2 important routers:
ASBR (Autonomous System Boundary Router)One device at the edge of OSPF domain, that receive routes from another non-OSPF domain (e.g. RIP, EIGRP…)
ABR (Area Border Router) – One device inside the OSPF domain that assure Inter-area communication (e.g. area 0 and area 1)

You will find situation when only one physical device will be ASBR and ABR router. The functionality and rules remain the same, just that instead of having 2 device you have only one that connect to another non-OSPF domain and in the same time to multiple OSPF areas.

Why we would use this 2 commands? Well one simple explanation is that we want to summarize advertised subnets to reduce the total number of routes present in the routing table. Less routes means less overhead and load for a router.

Let’s have a look to the routers presented in the above topology. The dynamic IP routing protocols (EIGRP and OSPF) are already configured and functional. For the IP network clouds, I have used Loopback interfaces.

R1:
R1 - Interfaces and EIGRP config
On R1 the 2 IP subnets (192.168.1.0/24 and 192.168.2.0/24) are present in EIGRP routing protocol.

R2:
2
On R2, there is already a basic redistribution between OSPF and EIGRP. Also notice that the IP subnet which connect R2 and R3 is routed in OSPF area 0 (zero)

R3:
3
As well on R3, the IP subnet between R2 and R3 is present in OSPF area 0 (zero) and the other 2 subnets (10.10.1.0 /24 and 10.10.2.0 /24) are in OSPF area 1 (one). Now, if you remember from my older post, if you have a Loopback interface with a IP address (doesn’t matter what netmask) this will be always advertised in OSPF as /32. I did a little trick to be sure that they are still advertised in OSPF as presented under Loopack 1 (10.10.1.1 /24) and Loopback 2 (10.10.2.1 /24). You want to know how, check this post.

Until now, we saw how the routers are configured. Let’s have a look how the routing table appear now on this routers.
R1:
4
Among other routes, please notice that we receive the 2 networks from R3 each of them with a /24 prefix. Keep this in mind as it’s important for later.

R2:
5
On R2 we have both the EIGRP and OSPF routes, each with a /24 prefix. In some minutes we will change this. Let’s check the last router.

R3:
6
Here we have the 2 prefixes from EIGRP domain, again with /24.

After reviewing all the necessary information let’s apply the configuration. I will start with Area range command. For example in our case we want to advertise only one subnet from Area 1 to Area 0 in OSPF. We will combine the 2 x /24 subnets in one /22.
Why /22 and not /23? Because we have 10.10.1.0 /24 and 10.10.2.0 /24 and 10.10.1.0/23 will not be a valid prefix. Keep in mind that you have to stick to the subnetting rules. Indeed with this /22 we will “catch” also 10.10.0.0/24 and 10.10.3.0/24 in our range, but being in a test environment this is  not a problem for now. In the real world you have to take care about discontinuous networks and to apply summarization only when it’s possible.

On  our R3 router we should apply the following configuration:

R3
configure terminal
router ospf 1
area 1 range 10.10.0.0 255.255.252.0

If we check now R2, we should see:
7
Only one /22 subnet. IP subnet summarization is successfully taking place.

What about Summary address command? Remember that we redistribute from EIGRP into OSPF, so if you have a look about, right now in the OSPF cloud we have 2 /24 subnets imported from EIGRP domain. We want to summarize this 2 addresses in a /22 (the same reason like explained above). For this we will use the Summary address command. In short explanation, this command is only used on ASBR routers, when you want to summarize IP subnets imported from a non-OSPF domain.
On R2, we a apply the following configuration:

configure terminal
router ospf 1
summary-address 192.168.0.0 255.255.252.0

Let’s check what we receive on R1 and R3 after summarization:
9

8

We could see clear the advantage. Summary route 192.168.0.0/22 is present on R3 and again 10.10.0.0 /22 is on R1. This is the nice part and we achieved what we wanted.

Very important!
What about the blue line? That a big problem. Maybe your idea was that I did some mistake when using .1. and .2. in the third octet the subnet. It was more easier to use .0. and .1. and then I could summarize easy with /23. But I wanted to show you a hidden danger which lies beyond the summarization. Remember that I said I did just a basic redistribution  between EIGRP and OSPF? Forget that! In test environment is OK, but in real ones not. Always try to reduce the amount of redistributed subnets between 2 domains to only the necessary one using route-maps or route tagging. This should be mandatory, when redistributed summarized networks which are discontinuous.

Back to the blue line. We redistribute from EIGRP to OSPF, where we did the summarization. Due to the fact that we used 192.168.1.0/24 and 192.168.2.0/24 we had to summarize to /22, which include also the non-present subnets 192.168.0.0/24 and 192.168.3/24. Then we redistribute from OSPF to EIGRP. See the loop? EIGRP-OSPF-EIGRP. Since EIGRP see there a /22 prefix which include the 2 additional /24 subnets 192.168.0.0 and 192.168.3.0 of which R1 has no clue about, the router install this route in it’s routing table, thinking that R2 is the gateway for the 2 prefixes above. It sound complicated but I tried to simplify the explanation as much as I could. If we were using route-maps or route tagging this situation could be avoided.

Posted on by Calin 12

Cisco: Frame-Relay back-to-back routers in simple steps

In one of my earlier posts I have presented how to connect 3 routers in a Hub and Spoke Frame-Relay topology. Now I want to show you how to connect 2 routers back to back, in a Frame Relay topology. With a back to back connection and without any FR switch, things are a little bit different than in the Hub and Spooke topology.

First let’s have a look to the topology:

cisco fr b2b

We have 2 routers, connected back to back. The interface status on both routers:

sh run int s0/0
!
interface Serial0/0
no ip address
shutdown

First let set up the encapsulation to Frame-Relay and to bring the interfaces UP:

conf t
interface S0/0
encapsulation frame-relay
no shutdown

Everything should be fine now, but it’s not, as if you check your interfaces you will see that they are in a Up/Down status on both routers:

sh int s0/0
Serial0/0 is up, line protocol is down

Even this is messing up a little bit with our brains, the Up/Down status is normal in this phase. Why? Remember that we do not have a FR switch, both interface consider themselved DTE side and LMI is not working. You can check if LMI like this:

R1#sh frame-relay lmi

LMI Statistics for interface Serial0/0 (Frame Relay DTE) LMI TYPE = CISCO
Invalid Unnumbered info 0             Invalid Prot Disc 0
Invalid dummy Call Ref 0              Invalid Msg Type 0
Invalid Status Message 0              Invalid Lock Shift 0
Invalid Information ID 0              Invalid Report IE Len 0
Invalid Report Request 0              Invalid Keep IE Len 0
Num Status Enq. Sent 6                Num Status msgs Rcvd 0
Num Update Status Rcvd 0              Num Status Timeouts 5
Last Full Status Req 00:00:04         Last Full Status Rcvd never

You will see Sent packages on both routers, but nothing received as there is no FR switch. In this conditions we have to disable LMI and to assign DLCIs manually. To disable LMI, issue the following command under Frame-Relay interface:

interface S0/0
no keepalive

Now interfaces should be in a Up/Up status:

sh int s0/0
Serial0/0 is up, line protocol is up

As in this moment everything looks fine, let’s start to configure the Frame-Relay back to back connections. Obvious, at least for me, when you have a back to back connection, first things that comes into your mind is a point-to-point interface. Let’s start with this configuration (we will use from diagram the black line connection with subnet 100.100.100.0 /24) . I will show only the configuration on the primary router, but it’s the same on the secondary one, just with a different IP address in the 4th octet.

interface S0/0.100 point-to-point
ip address 100.100.100.1 255.255.255.0
frame-relay interface-dlci 100

Remember DLCIs are only local significant so you can define whatever number you want there, but of course the same DLCI number on both sides. Let’s check if everything is fine:

R1#show frame-relay map
Serial0/0.100 (up): point-to-point dlci, dlci 100(0x64,0x1840), broadcast

R1#show frame-relay pvc | i STATUS
DLCI = 100, DLCI USAGE = LOCAL, PVC STATUS = STATIC, INTERFACE = Serial0/0.100

We can see a point-to-point dlci in frame-relay map, and a static defined PVC. If you ping from R1 to R2 and viceversa it should work.

This was the straight forward solution, but going a little bit more into details, you can be required in some situations that you have to use a multipoint Frame-Relay interface. Actually what is a multipoint interface more than multiple point-to-point interfaces. Let’s take the sencond line (red one, with subnet 110.110.110.0 /24 in the topology) and configure this back to back connection using multipoint interfaces:

interface s0/0.110 multipoint
ip address 110.110.110.1 255.255.255.0
frame-relay map ip 110.110.110.2 110 broadcast
frame-relay map ip 110.110.110.1 110

As you see the configuration is different from the point-to-point interface. Actually under multipoint interface you can issue the frame-relay interface-dlci 110 command, but this will not help too much. Remember that we have disable LMI in the first steps because we do not have a FR switch. No FR switch means no automatic L3 to L2 mapping. In other words even if you specify the interface-dlci, the interface being a multipoint will not know where to forward packets. Why this didn’t happen in the point-to-point scenario, you may ask. Well, because there the keyword is interface sx/x point-to-point, so by it’s nature the interface knows that there is only one destination possible, meaning the other end (or point if you want).

In this scenario we had to manually map L3 to L2 with the command frame-relay map. Actually you only need the first frame-relay map, pointing to the other router IP address, but I add the last command just in case you want to ping your own interface.

Now maybe you ask which is the third scenario (blue line). Well, this is not very common in the real environment, but maybe you have to deal with it in a special condition like lab environment, Cisco exam and so on. Let’s say that you have a request that you need to have 3 virtual PVC connections, but only 2 subinterface. Now, you already have 2 subinterface configured, so how can you achieve the third PVC connection. The answer is that you configure the main interface with the same configuration like in multipoint subinterface scenario. By it’s nature and interface is described point to multipoint, so in a Frame Relay scenario like this you have to manually map L3 to L2:

interface Serial0/0
ip address 120.120.120.1 255.255.255.0
encapsulation frame-relay
no keepalive
frame-relay map ip 120.120.120.1 120
frame-relay map ip 120.120.120.2 120 broadcast

If you followed this tutorial, at the end you should have reachability over the 3 subnets.

Posted on by Calin 3

Cisco – Remote VTY Command Script

Running one or more interactive CLI commands is a common task in network management. Having a script to automate this task becomes a critical tool.

This script automates interactive TELNET or SSH sessions. Any command that can be issued in CLI can be issued via the VTY run command script in an automated fashion. Below are some example uses:

* Run a set of commands on hundreds of devices
* Configuration changes
* Archive configurations and software
* Audits, inventory and discovery
* Automated troubleshooting

Requirements

This script is written in Expect. A current version of Expect is required. Expect and installation requirements for Expect can be found at Expect Homepage

Tested on RHEL 5 running expect 5.43.0-5.1 and Mac OS X 10.6 running Expect 5.44.1.11.

The script is platform independent and should run on any platform that can run Expect.

Read more here…

Posted on by Calin 0

Cisco AutoQoS VoIP

QoS – one of the most interesting and challenging part of the network engineer’s life. I think I’m not wrong when I’m saying that most engineers that hear the word QoS, react somehow like “ah, that ugly stuff…” I have to be honest and say that QoS is not one of my preferred part, but as a network engineer you have to accomplish all task, not only the one that you like. With QoS you can achieve some great results, and once you have started to work with it, you’ll see that is not such a monster. The idea that QoS is not a friendly topic was develop due to historical ways to configure this service. In fact there were so many ways that without working with this topic everyday, you have no chance to remember how has to be implemented. Even among Cisco devices, there were multiple way to configure QoS from device to device. Nowadays Cisco is putting a lot of effort to standardize the implementation of QoS and in the same time to simplify it.

In this context AutoQoS appeared. First, AutoQoS VoIP was developed as the more QoS configuration is needed for Voice traffic over the network and then a more complex Auto QoS Enterprise was released. Today I plan to speak a little bit about AutoQoS VoIP and in one of the future articles about the Enterprise edition.

AutoQoS VoIP gives you the ability to deploy QoS features for converged IP telephony and data networks in a fast and reliable way, by simplifying the MQC (Modular QoS command-line interface). AutoQoS VoIP generate automatically traffic classes and policy map CLI templates. In more human terms, if AutoQoS VoIP is configured on an interface, the traffic that is passing by is receiving the required QoS treatment automatically. By doing this automatically AutoQoS spares you from having in-depth knowledge about the services policies, link  efficiency mechanism or best practice for Voice QoS. Everything is done by AutoQoS, which automatically discovers applications and provides appropriate QoS treatment, generate policies and provide configuration.

Of course that are some drawbacks like in any other technology, but this can be easy overcome if you have some knowledge about QoS configuration. It theory everything should run smoothly, but in real environment, you run into the situation that QoS should be fine tuned to reach the level of your expectation. This is easy done with AutoQoS, as after it enable and configure the QoS templates, you can easy configure them to fine tune parameters, add or delete policies. Basically you start from nice template, sourced by AutoQoS, and develop your own QoS. As I said before, you have only to do this is something is not working or if you feel the strong attraction to “make it your own way”.

AutoQoS VoIP is supported on the most popular Cisco routers and switches platform with the appropriate IOS or CatOS image. Before you configure AutoQoS VoIP you should know that:

– CEF is required to be configured, as AutoQoS use NBAR (Network-Based Application Recognition) which is based on Cisco Express Forwarding
– no QoS Policies are attached on the interface on which you are configuring AutoQoS
– correct bandwidth has to be configured on the interface; if there is no bandwidth statement, then this defaults to 1544 Mbps, which is not all the time accurate

Now a tricky part in regards to interface bandwidth. If this is 768kbps or below, you have to configure an IP address on the interface due to the fact the AutoQoS is enabling by default Multilink PPP and copy the  configured IP under the multilink interface. If you configure AutoQoS on a remote site, and the 768kbps (or lower) interface is the only connection there, please pay attention as configuring AutoQoS Voip may break your connection due to MLP situation explained above.

Another recommendation from Cisco and me, is that you should use no auto qos voip command when you stop using the interface on which AutoQoS VoIP is configured. In this way you assure that all the QoS configuration will be removed. If you just shutdown the interface or delete the PVC, without the above command, then the AutoQoS VoIP will not be completely removed.

Configuration is very simple:

router# configure terminal
router(config)# interface Serial x/y
router(config-if)# bandwidth 1540
router(config-if)# auto qos voip
router(config-if)# exit

I tried to put together a scenario like in the following topology, to generate some traffic and show you have AutoQoS behave when configuring policies:

Cisco AutoQoS VoIP topology

After applying the AutoQoS config you should see something like this in your running-config:

class-map match-any AutoQoS-VoIP-Remark
match ip dscp ef
match ip dscp cs3
match ip dscp af31
class-map match-any AutoQoS-VoIP-Control-UnTrust
match access-group name AutoQoS-VoIP-Control
class-map match-any AutoQoS-VoIP-RTP-UnTrust
match protocol rtp audio
match access-group name AutoQoS-VoIP-RTCP
!
!
policy-map AutoQoS-Policy-UnTrust
class AutoQoS-VoIP-RTP-UnTrust
priority percent 70
set dscp ef
class AutoQoS-VoIP-Control-UnTrust
bandwidth percent 5
set dscp af31
class AutoQoS-VoIP-Remark
set dscp default
class class-default
fair-queue
!
ip access-list extended AutoQoS-VoIP-Control
permit tcp any any eq 1720
permit tcp any any range 11000 11999
permit udp any any eq 2427
permit tcp any any eq 2428
permit tcp any any range 2000 2002
permit udp any any eq 1719
permit udp any any eq 5060
ip access-list extended AutoQoS-VoIP-RTCP
permit udp any any range 16384 32767

I will try to generate some traffic between this, so called, voice server and client and to let AutoQoS  VoIP do it’s job and configure automatically traffic flow policies.

Below you have a video tutorial about AutoQoS VoIP has to be configured and some monitoring commands that will output the result of traffic flow:

cisco-autoqos-voip

Posted on by Calin 0

Cisco: How to configure HSRP

In this post I proposed to discuss a little bit about Hot Standby Router Protocol and how it can be configured on a Cisco device. For this I have chosen the following topology:

cisco-configure-hsrp

I had in mind this scenario due to the fact that the traffic can take multiple paths in case of link being down and this give us the possibility to have a little bit of conversation on HSRP topic.
HSRP is defined in the document RFC2281 and according to the definition in this document: “The Hot Standby Router Protocol, HSRP, provides a mechanism which is designed to support non-disruptive failover of IP traffic in certain circumstances.” If you want to read more about the details how HSRP is working, please the RFC2281. I think there is not point in reproducing here what is already written there.
Regarding our topology, what you should know is that after configuring HSRP on R1 and R2 we will achieve a failover mechanism for the traffic from the Client (192.168.0.10) to the Server(10.10.10.10). From the beginning we will assume that R1 and R2 have the proper routing already configured to reach this destinations.

In the below presentation, you will see how the failover is achieved and what’s happening when you have a proper HSRP configuration in case that the link SC – R1 is broken:

So, how to achieve this behavior? From the topology you notice that proper configuration of HSRP involves 3 IP addresses from the same subnet (in our case this is 192.168.0.0 /24). One of the IP is configured on R1 the second one on R2 and the third one is HSRP IP address, which will be announced to the Client as gateway.

Configuration is straight forward on R1:

configure terminal
interface fa0/0
ip address 192.168.0.1 255.255.255.0
standby 1 ip 192.168.0.254
standby 1 priority 110

and on R2:

configure terminal
interface fa0/0
ip address 192.168.0.2 255.255.255.0
standby 1 ip 192.168.0.254

First we configure an IP address on the interface. Then we configure HSRP by typing the command standbyfollowed by HSRP group (in our case group 1) and then the IP address. HSRP default priority is 100, and the principle is the higher the better. To force the path R1-SC to be the preferred one, we increse the priority to 110, making R1 to be the Activeone. The other router, in our case R2, will have the HSRP status Standby. Maybe you are wondering what happens if you don’t configure the priority and both routers are having the same value 100. In this case HSRP has a mechanism that help it to chose the active router by comparing the IP addresses and chosing the one with the higher value. In our case this would be R2 (192.168.0.2 > 192.168.0.1).
Another useful feature that I recommend to configure for HSRP is preemption“. The HSRP preemption feature enables the router with highest priority to immediately become the Active router. The configuration is also very simple and inquire only one additional line to the above ones:

standby 1 preempt

Also recommended is to configure authentication between the HSRP participants:

standby 1 authentication somepassword

where “somepassword” can be what ever you want.

Going back to the topology, another scenario can take place. What if the link R1 – SC remains active, and instead the R1 – SS goes down. Since the R1 – SC is UP, the router R1 has no intention to cease the HSRP Active status. If you are having some kind of dynamic routing between R1 and R2, then you are on the safe side as the traffic will flow like in the scenario below (I’m assuming R1 to be the Active one for both R1-SC and R1-SS):

Remember that if do not have some routing between R1 and R2, the packets will be dropped on R1 as they will not have any path to the Server IP address 10.10.10.10.

This situation can be avoid with another HSRP feature, that will force the R1 to change it’s status from Active to Standby by monitoring the interface from R1 to SS. This feature is called interface tracking. This HSRP feature you have to configure at least on the router which is usual in Active mode:

standby 1 track FastEthernet1/0 30

In this scenario I assume that interface Fa1/0 is the connection to SS switch. This tracking command is watching for the status on the interface Fa1/0. When it’s status changes to “down” the “priority” value (110 in this example) is decremented with 30 (or whatever you will configure in the command line). After decremental, the “priority”
will have a value of 80 which is lower than the default one (100), forcing R2 to become the Active router and changing the R1 status to Standby.

Checking the status of an HSRP participant is very easy, and you can see this in the output below:

R1#show standby brief
P indicates configured to preempt.
|
Interface   Grp Prio P State    Active          Standby         Virtual IP
Fa0/0       1   110  P Active   local           192.168.0.2   192.168.0.254

R2#show standby brief
P indicates configured to preempt.
|
Interface   Grp Prio P State    Active          Standby         Virtual IP
Fa0/0       1   100  P Standby   192.168.0.1     local   192.168.0.254

All the HSRP configuration from this article can be fine tuned or extended according to your needs. I have presented here only the basics about the HSRP configuration. If you want don’t be afraid to explore and to “play” with the commands. Of course I would recommend to do that in test environment first.

Posted on by Calin 3