Friday, August 1, 2008

New Lab today: OSPF + IS-IS + EIGRP + OSPFv3 + NAT-PT

Here is a new lab topology:


Steps are:
  1. configure all point-to-point links, where i have a double link, i'll use L3 portchannel.
  2. configure all routing protocols for IPv4 networks
  3. configure Loopback 0 redistribution into all protocols for every router using route maps
  4. configure protocols redistribution betw OSPF, IS-IS and EIGRP avoiding loops and using tags
  5. configure all IPv6 networks and configure OSPFv3
  6. configure NAT-PT
  7. configure BGP AS 65065 and AS 64806, use Lo0 address for Ibgp and p2p address for Ebgp
Ok, i try to configure it and for each step i'll write a comment about problems.


Step1: configure all point-to-point links, where i have a multiple link, use L3 portchannel.
No problems here, i configured the two portchannels as follow, using PAGP and LACP:

Portchannels Configuration [+/-]

CON3#
interface Port-channel1
description Portchannel CON3 <-> CON2
no switchport
ip address 172.32.0.26 255.255.255.252
!
interface Port-channel2
description Portchannel CON3 <-> CON4
no switchport
no ip address
ipv6 address 2001:3434::1/64
!
interface FastEthernet1/0/1
description Portchannel CON3 <-> CON2
no switchport
no ip address
channel-group 1 mode passive
!
interface FastEthernet1/0/2
description Portchannel CON3 <-> CON2
no switchport
no ip address
channel-group 1 mode passive
!
interface FastEthernet1/0/11
description Portchannel CON3 <-> CON4
no switchport
no ip address
channel-group 2 mode auto
!
interface FastEthernet1/0/12
description Portchannel CON3 <-> CON4
no switchport
no ip address
channel-group 2 mode auto
!
CON2#
interface Port-channel1
description Portchannel CON2 <-> CON3
no switchport
ip address 172.32.0.25 255.255.255.252
!
interface FastEthernet0/3
description Portchannel CON2 <-> CON3
no switchport
no ip address
channel-group 1 mode active
!
interface FastEthernet0/4
description Portchannel CON2 <-> CON3
no switchport
no ip address
channel-group 1 mode active
!
CON4#
interface Port-channel1
description Portchannel CON4 <-> CON3
no switchport
no ip address
ipv6 address 2001:3434::2/64
!
interface FastEthernet1/0/11
description Portchannel CON4 <-> CON3
no switchport
no ip address
channel-group 1 mode desirable
!
interface FastEthernet1/0/12
description Portchannel CON4 <-> CON3
no switchport
no ip address
channel-group 1 mode desirable
2. configure all routing protocols for IPv4 networks
No problems here, i configured authentication on OSPF, EIGRP and IS-IS

3. configure Loopback 0 redistribution into all protocols for every router using route maps
Here i used a route map as follows:

Route-map for Lo0 redistribution [+/-]

route-map Redistr_Lo0 permit 10
match interface Loopback0
set tag 0
!
route-map Redistr_Lo0 deny 20


4. configure protocols redistribution betw OSPF, IS-IS and EIGRP avoiding loops and using tags
This is a difficult step: first of all, we must consider the Administrative Distance of the different protocols, here we have:
EIGRP 90
OSPF 110
ISIS 115
EIGRP-Ext 170
So we can modify default administrative distance when redistributing routes, or use tags to avoiding loops.
After i read here this Cisco
Document ID: 49111 I realized that IS-IS doesn't support route tags, so we must use Administrative Distance instead.

Loop example: [+/-]

CON1# traceroute 22.0.0.1

Type escape sequence to abort.
Tracing the route to 22.0.0.1

1 172.32.0.2 0 msec 0 msec 0 msec
2 172.32.0.10 0 msec 0 msec 4 msec
3 172.32.0.5 0 msec 0 msec 4 msec
4 172.32.0.2 0 msec 4 msec 0 msec
5 172.32.0.10 4 msec 4 msec 0 msec
6 172.32.0.5 4 msec 0 msec 4 msec
7 172.32.0.2 0 msec 4 msec 4 msec
8 172.32.0.10 0 msec 0 msec 4 msec
9 172.32.0.5 4 msec 0 msec 4 msec
10 172.32.0.2 4 msec 0 msec 0 msec
11 172.32.0.10 4 msec 4 msec 4 msec
12 172.32.0.5 4 msec 4 msec 0 msec
13 172.32.0.2 4 msec 4 msec 4 msec
14 172.32.0.10 4 msec 4 msec 4 msec
15 172.32.0.5 4 msec 4 msec 4 msec
16 172.32.0.2 4 msec 4 msec 4 msec
17 172.32.0.10 4 msec 8 msec 4 msec
18 172.32.0.5 4 msec 4 msec 4 msec
19 172.32.0.2 4 msec 4 msec 4 msec
20 172.32.0.10 8 msec 4 msec 4 msec
21 172.32.0.5 8 msec 4 msec 4 msec
22 172.32.0.2 4 msec 4 msec 4 msec
23 172.32.0.10 4 msec 8 msec 4 msec
24 172.32.0.5 8 msec 4 msec 4 msec
25 172.32.0.2 8 msec 4 msec 4 msec
26 172.32.0.10 4 msec 8 msec 4 msec
27 172.32.0.5 8 msec 4 msec 8 msec
28 172.32.0.2 4 msec 8 msec 8 msec
29 172.32.0.10 8 msec 8 msec 4 msec
30 172.32.0.5 8 msec 4 msec 8 msec
What a loop! Here CON1 sends traffic for 22.0.0.0/24 to CON5,
CON1#sh ip route 22.0.0.0
Routing entry for 22.0.0.0/24, 1 known subnets
O E1 22.0.0.0 [110/126] via 172.32.0.2, 19:34:32, FastEthernet0/24
CON5 sends to CON6
CON5#sh ip route 22.0.0.0
Routing entry for 22.0.0.0/24, 1 known subnets
Redistributing via ospf 1, isis
i L2 22.0.0.0 [115/89] via 172.32.0.10, Serial1/0
and CON6 sends back to CON1 ;-(
CON6#sh ip route 22.0.0.0
Routing entry for 22.0.0.0/24, 1 known subnets
Redistributing via eigrp 33
O E1 22.0.0.0 [110/127] via 172.32.0.5, 19:36:39, FastEthernet0/1


to understand why this happens, we must analyze every router and consider who advertise this prefix and the reason why it's placed into the routing table.


No comments: