Saturday, July 23, 2011

Mini-Lab Challenge: 6 simple tasks

Hi all,
after an intense home-working week,
I decided to challenge my readers and the Project Avatar group "CCIE mini-lab challenges" members with a small lab:


The restrictions here are:
-don't use Policy based routing
-don't use static routes

TASKS:
1- Configure interfaces and IGPs as per diagram
2- Propagate a default route to R1 and R4 using summarization
3- Configure R1 and R4 as stub
4- Redistribute RIP into EIGRP on both R1 and R4
5- Configure BGP AS 100 on R1 ; BGP AS 340 on R3 and R4 and BGP AS 200 on R2. Configure BGP peering as follow: peer R1 to R4, peer R4 to R3 and peer R3 with R2. Use only Loopback 0 for peerings
6- Redistribute RIP into BGP on both R1 and R4.

looks simple, can you imagine some problems without labbing it? (there are at least 4 issues..)
And if you lab it? how do you solve?

:-)
Have fun
Marco


PS: First think and lab it, then you can have a look at the solutions by clicking HERE

Let's start with the initial config:
## R1
hostname R1
interface Loopback0
 ip address 1.1.1.1 255.255.255.0
interface FastEthernet0/0
 ip address 10.0.12.1 255.255.255.0
line con 0
 exec-timeout 0 0
 logging synchronous

## R2
hostname R2
interface Loopback0
 ip address 2.2.2.2 255.255.255.0
interface FastEthernet0/0
 ip address 10.0.12.2 255.255.255.0
interface FastEthernet0/1
 ip address 10.0.23.2 255.255.255.0
line con 0
 exec-timeout 0 0
 logging synchronous

## R3
hostname R3
interface Loopback0
 ip address 3.3.3.3 255.255.255.0
interface FastEthernet0/0
 ip address 10.0.34.3 255.255.255.0
interface FastEthernet0/1
 ip address 10.0.23.3 255.255.255.0
line con 0
 exec-timeout 0 0
 logging synchronous

## R4
hostname R4
interface Loopback0
 ip address 4.4.4.4 255.255.255.0
interface FastEthernet0/0
 ip address 10.0.34.4 255.255.255.0
line con 0
 exec-timeout 0 0
 logging synchronous

Then solve the tasks:
1- Configure interfaces and IGPs as per diagram

This is easy and basic:
## R1
router rip
  version 2 
  no auto-summary
  network 1.0.0.0
router eigrp 100
  eigrp router-id 1.1.1.1 
  no auto-summary 
  network 10.0.12.0 0.0.0.255

## R2
router eigrp 100
  eigrp router-id 2.2.2.2
  no auto-summary
  network 0.0.0.0 0.0.0.0

## R3
router eigrp 100
  eigrp router-id 3.3.3.3
  no auto-summary
  network 0.0.0.0 0.0.0.0

## R4
router rip
  version 2 
  no auto-summary
  network 4.0.0.0
router eigrp 100
  eigrp router-id 4.4.4.4
  no auto-summary 
  network 10.0.34.0 0.0.0.255

Verify with a "show ip route eigrp" on R1 and R4:
R1#sh ip route eigrp
     2.0.0.0/24 is subnetted, 1 subnets
D       2.2.2.0 [90/156160] via 10.0.12.2, 00:01:49, FastEthernet0/0
     3.0.0.0/24 is subnetted, 1 subnets
D       3.3.3.0 [90/158720] via 10.0.12.2, 00:01:40, FastEthernet0/0
     10.0.0.0/24 is subnetted, 3 subnets
D       10.0.23.0 [90/30720] via 10.0.12.2, 00:01:49, FastEthernet0/0
D       10.0.34.0 [90/33280] via 10.0.12.2, 00:01:40, FastEthernet0/0

R4#sh ip route eigrp
     2.0.0.0/24 is subnetted, 1 subnets
D       2.2.2.0 [90/158720] via 10.0.34.3, 00:00:03, FastEthernet0/0
     3.0.0.0/24 is subnetted, 1 subnets
D       3.3.3.0 [90/156160] via 10.0.34.3, 00:00:03, FastEthernet0/0
     10.0.0.0/24 is subnetted, 3 subnets
D       10.0.12.0 [90/33280] via 10.0.34.3, 00:00:03, FastEthernet0/0
D       10.0.23.0 [90/30720] via 10.0.34.3, 00:00:03, FastEthernet0/0

2- Propagate a default route to R1 and R4 using summarization
Summarization must be configured on R2 and R3 interfaces Fa0/0:
## R2 
int fa 0/0
  ip summary-address eigrp 100 0.0.0.0 0.0.0.0

## R3 
int fa 0/0
  ip summary-address eigrp 100 0.0.0.0 0.0.0.0

You will see R1 and R4 receiving only the summary:
R1#sh ip route eigrp 
D*   0.0.0.0/0 [90/30720] via 10.0.12.2, 00:00:13, FastEthernet0/0

R4#sh ip route eigrp
D*   0.0.0.0/0 [90/30720] via 10.0.34.3, 00:00:16, FastEthernet0/0

3- Configure R1 and R4 as stub
Please note the redistribution requirements in the next task. The eigrp stub configuration must allow the redistributed routes:
## R1
router eigrp 100
  eigrp stub redistributed 

## R4
router eigrp 100
  eigrp stub redistributed 

4- Redistribute RIP into EIGRP on both R1 and R4
With this redistribution you will archieve full reachability:
## R1 
router eigrp 100
redistribute rip metric 100000 100 255 1 1500

## R4
router eigrp 100
redistribute rip metric 100000 100 255 1 1500
Quickly verify with a ping between loopbacks:
R4#ping 1.1.1.1 source lo 0 

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 4.4.4.4 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

5- Configure BGP AS 100 on R1 ; BGP AS 340 on R3 and R4 and BGP AS 200 on R2. Configure BGP peering as follow: peer R1 to R4, peer R4 to R3 and peer R3 with R2. Use only Loopback 0 for peerings.

First configure bgp peerings, then troubleshoot it :-)
## R1 
router bgp 100
  bgp router-id 1.1.1.1 
  neighbor 4.4.4.4 remote-as 340
  neighbor 4.4.4.4 update-source lo0
  neighbor 4.4.4.4 ebgp-multihop 4

## R2 
router bgp 200
  bgp router-id 2.2.2.2
  neighbor 3.3.3.3 remote-as 340
  neighbor 3.3.3.3 update-source lo0
  neighbor 3.3.3.3 ebgp-multihop 2
 
## R3
router bgp 340
  bgp router-id 3.3.3.3
  neighbor 2.2.2.2 remote-as 200
  neighbor 2.2.2.2 update-source lo0
  neighbor 2.2.2.2 ebgp-multihop 2 
  neighbor 4.4.4.4 remote-as 340
  neighbor 4.4.4.4 update-source lo0

## R4
router bgp 340
  bgp router-id 4.4.4.4
  neighbor 1.1.1.1 remote-as 100
  neighbor 1.1.1.1 update-source lo0
  neighbor 1.1.1.1 ebgp-multihop 4
  neighbor 3.3.3.3 remote-as 340
  neighbor 3.3.3.3 update-source lo0

wow simple! but are your bgp peers up? mmmm let's check:
R1#sh ip bgp summary
BGP router identifier 1.1.1.1, local AS number 100
BGP table version is 1, main routing table version 1

Neighbor        V          AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
4.4.4.4         4        340       0       0        0    0    0 never    Idle

R4#sh ip bgp summary
BGP router identifier 4.4.4.4, local AS number 340
BGP table version is 1, main routing table version 1

Neighbor        V          AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.1         4        100       0       0        0    0    0 never    Idle
3.3.3.3         4        340       5       5        1    0    0 00:03:00        0

R3#sh ip bgp summary
BGP router identifier 3.3.3.3, local AS number 340
BGP table version is 1, main routing table version 1

Neighbor        V          AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
2.2.2.2         4        200       8       8        1    0    0 00:05:10        0
4.4.4.4         4        340    1032    1033        1    0    0 00:00:03        0
Ok, seems that the peering between R1 and R4 is not working, you may remember that BGP peerings is not established through a default route.
Let's check on R4:
R4#sh ip route | beg Gate
Gateway of last resort is 10.0.34.3 to network 0.0.0.0

     4.0.0.0/24 is subnetted, 1 subnets
C       4.4.4.0 is directly connected, Loopback0
     10.0.0.0/24 is subnetted, 1 subnets
C       10.0.34.0 is directly connected, FastEthernet0/0
D*   0.0.0.0/0 [90/30720] via 10.0.34.3, 17:29:03, FastEthernet0/0
As expected, only a default route is received via EIGRP, due to the summarization task #2.
To have peering correctly working in both direction, you need a route to 4.4.4.0 on R1 and a route to 1.1.1.0 on R4, since static routing is not allowed, you may configure a leak map on the summary:
## R2 
ip prefix-list LEAK_PREFIX permit 4.4.4.0/24
route-map LEAK_MAP permit 10
  match ip address prefix-list LEAK_PREFIX
int fa 0/0
  ip summary-address eigrp 100 0.0.0.0 0.0.0.0 leak-map LEAK_MAP

## R3
ip prefix-list LEAK_PREFIX permit 1.1.1.0/24
route-map LEAK_MAP permit 10
  match ip address prefix-list LEAK_PREFIX
int fa 0/0
  ip summary-address eigrp 100 0.0.0.0 0.0.0.0 leak-map LEAK_MAP
Let's verify the routing table and bgp peering on R1 and R4:
R1#sh ip route | beg Gate
Gateway of last resort is 10.0.12.2 to network 0.0.0.0

     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
     4.0.0.0/24 is subnetted, 1 subnets
D EX    4.4.4.0 [170/58880] via 10.0.12.2, 00:01:49, FastEthernet0/0
     10.0.0.0/24 is subnetted, 1 subnets
C       10.0.12.0 is directly connected, FastEthernet0/0
D*   0.0.0.0/0 [90/30720] via 10.0.12.2, 17:54:10, FastEthernet0/0

R1#sh ip bgp summary
BGP router identifier 1.1.1.1, local AS number 100
BGP table version is 1, main routing table version 1

Neighbor        V          AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
4.4.4.4         4        340       8       8        1    0    0 00:02:36        0

R4#sh ip route | beg Gate
Gateway of last resort is 10.0.34.3 to network 0.0.0.0

     1.0.0.0/24 is subnetted, 1 subnets
D EX    1.1.1.0 [170/58880] via 10.0.34.3, 00:03:04, FastEthernet0/0
     4.0.0.0/24 is subnetted, 1 subnets
C       4.4.4.0 is directly connected, Loopback0
     10.0.0.0/24 is subnetted, 1 subnets
C       10.0.34.0 is directly connected, FastEthernet0/0
D*   0.0.0.0/0 [90/30720] via 10.0.34.3, 17:54:37, FastEthernet0/0

R4#sh ip bgp summary
BGP router identifier 4.4.4.4, local AS number 340
BGP table version is 1, main routing table version 1

Neighbor        V          AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.1         4        100       9       9        1    0    0 00:03:03        0
3.3.3.3         4        340    1062    1061        1    0    0 00:29:25        0

6- Redistribute RIP into BGP on both R1 and R4.
As usual, let's configure first, then troubleshoot:
## R1
router bgp 100
  redistribute rip 

## R4
router bgp 340
  redistribute rip
You are expected to see both prefixes (1.1.1.0/24 and 4.4.4.0/24) inserted in all bgp tables.
R1#sh ip bgp
BGP table version is 65, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 1.1.1.0/24       0.0.0.0                  0         32768 ?
*> 4.4.4.0/24       4.4.4.4                  0             0 340 ?

R4#sh ip bgp    
BGP table version is 9, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 1.1.1.0/24       1.1.1.1                  0             0 100 ?
*> 4.4.4.0/24       0.0.0.0                  0         32768 ?

R3#sh ip bgp 
BGP table version is 68, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
r>i1.1.1.0/24       1.1.1.1                  0    100      0 100 ?
r>i4.4.4.0/24       4.4.4.4                  0    100      0 ?

R2#sh ip bgp 
BGP table version is 31, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 1.1.1.0/24       3.3.3.3                                0 340 100 ?
*> 4.4.4.0/24       3.3.3.3                                0 340 ?
There are two problems:
-R1 and R4 have a bad recursive routing for 4.4.4.0/24 and 1.1.1.0/24 respectively. That happens when you receive via eBGP the same prefix that you use for peering..
-on R2 the 1.1.1.0/24 prefix is reachable via R3, that creates a blackhole/loop for that prefix.

To solve the first issue you have to configure BGP BACKDOOR on R1 and R4. (see my old post to a more detailed analysis of the bgp recursive routing)
## R1
router bgp 100
  network 4.4.4.0 mask 255.255.255.0 backdoor

## R4
router bgp 340
  network 1.1.1.0 mask 255.255.255.0 backdoor

###### Check on R4
R4#sh ip bgp
BGP table version is 302, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
r> 1.1.1.0/24       1.1.1.1                  0             0 100 ?
*> 4.4.4.0/24       0.0.0.0                  0         32768 ?

###### Check on R1
R1#sh ip bgp 
BGP table version is 927, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 1.1.1.0/24       0.0.0.0                  0         32768 ?
*> 4.4.4.0/24       4.4.4.4                  0             0 340 ?

Please note that the problem on R1 is NOT solved, the prefix 4.4.4.0/24 does NOT have the "rib failure" marked.
This could mean that the prefix is not learned via IGP!
Remember that EIGRP is a distance vector protocol (altrough it's called "hybrid"), it advertises ONLY the routes he has in the routing table or directly connected advertised by the "network" command.
In this case, R2 has now the 4.4.4.0/24 route learned via BGP, and EIGRP is not sending this route to R1 anymore.
Let's check and correct this issue using administrative distance on R2, this will also correct the bgp blackhole on R2 for the 1.1.1.0/24 prefix.

## R2
router eigrp 100
  distance eigrp 90 19 

##### Verify on R1
R1#sh ip route | beg Gate
Gateway of last resort is 10.0.12.2 to network 0.0.0.0

     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, Loopback0
     4.0.0.0/24 is subnetted, 1 subnets
D EX    4.4.4.0 [170/58880] via 10.0.12.2, 00:20:30, FastEthernet0/0
     10.0.0.0/24 is subnetted, 1 subnets
C       10.0.12.0 is directly connected, FastEthernet0/0
D*   0.0.0.0/0 [90/30720] via 10.0.12.2, 00:20:31, FastEthernet0/0

R1#sh ip bgp
BGP table version is 949, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 1.1.1.0/24       0.0.0.0                  0         32768 ?
r> 4.4.4.0/24       4.4.4.4                  0             0 340 ?

##### Verify on R2
R2#sh ip bgp
BGP table version is 189, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
r> 1.1.1.0/24       3.3.3.3                                0 340 100 ?
r> 4.4.4.0/24       3.3.3.3                                0 340 ?

:-)
Marco

1 comment:

CiSC said...

R1#sh ip bgp 4.4.4.4
BGP routing table entry for 4.4.4.0/24, version 9
Paths: (1 available, best #1, table default)
Flag: 0x820
Not advertised to any peer
340
4.4.4.4 from 4.4.4.4 (4.4.4.4)
Origin incomplete, metric 0, localpref 100, valid, external, best

This is the nicest thing IMO ;)