From: Joel W. Ekis (jekis@xxxxxxxxx)
Date: Wed Mar 08 2000 - 16:26:35 GMT-3
John:
I assume that you didn't actually enter a static router with Null0 as the inter
face. So how did it get there? The way Cisco handles the creation of summary
routes is by placing that route in the routing table of the summarizing router
with Null0 as the interface. The assumption is that when a packet arrives beca
use of the summary route that was advertised, the router doing the advertisemen
t will know the proper component route and can forward the packet. This can ca
use blackholes if summarization is done improperly.
Summarizable routing protocols will all exhibit this behavior, notably BGP, OSP
F and EIGRP. You should be careful when using these commands. The administrat
ive distance of a summary is 5. This will overwrite almost any route in the ta
ble except statics and directly connected routes.
Here's an example of what not to do.
Assume that your IGP network is based on 172.16.0.0/12. Say you have Router A
receiving a 0/0 route from BGP (from Router B). You want to send a summary of
172.16.0.0/16 to a different neighbor. You are running EIGRP and put the summa
ry statement on the interface leading to that different neighbor (call it Route
r C). You look in the routing table of A and see the Null0 route for 172.16.0.
0/16. You look in Router C and see a route to 172.16.0.0/16 pointing to A. Al
l is well.
You now are requested to put in a summary route for 172.17.0.0/16. Thinking th
at this could get tedious if you keep getting new requests, you decide to just
delete the 172.16.0.0/16 route and use 0/0 instead. Now, even if you get anoth
er request for a summary route, you don't have to change anything. Oops, there
's a problem.
When you enter the EIGRP summary statement in A, you will create a Null0 route
for 0/0. This 0/0 route will be advertised to C with the next hop as A. That'
s OK. When a client off C wants to reach CCO, and the packet reaches C, it loo
ks for the route to the Internet, sees only the 0/0, and forwards the packet to
A.
Here's the problem. When you created the summary for 0/0, it was created with
an administrative distance of 5. This will overwrite that BGP 0/0 route that w
as in the table of A. When the packet for CCO arrives in A, the path to the In
ternet says use the route to 0/0, with a next hop of Null0. Bad news.
This was contrived, but shows the problem. If Router A has lost a component of
the 172.16.0.0/16 summary that was needed to route a packet to say 172.16.5.12
, the result would be the same. Careful design is required when summarizing in
production networks.
------
General lab guidelines are no statics, UNLESS you are told to use them. I woul
d recommend that you do know about the different ways to use Null0 routes.
------
Ding! Microwave is done...
Joel
At 08:04 AM 3/8/2000 -0800, Jim Ervin wrote:
>If a route (i.e. summary route) isn't in the BGP table
>then it won't be added to the IP routing table.
>Pointing a route to null0 is a way to get an otherwise
>unknown route into the BGP table. Then it can be
>inserted into the routing table. Can't do that in the
>lab, though, so forget about it.
>
>OSPF authentication. If one interface in an area has
>authentication enabled, then all interfaces in that
>area need to have authentication enabled. They need
>the same key number (but multiple keys may be
>configured and switched at a predetermined time) and
>password. Virtual links have a virtual interface in
>Area0 (hint).
>
>And yes, BGP and OSPF may both be on the lab.
>
>Enjoy your cupcakes.
>
>
>
>--- John Garrett <John.Garrett.B@bayer.com> wrote:
>> If I don't get some mail from this list soon, I may
>> have to join the OTHER
>> groupstudy list just so I have some lunchtime
>> reading. 200 messages a day for
>> someone going through mailing list DTs is a fix.
>> Heck, I have been reading
>> everything I get from this list before the microwave
>> is done!
>>
>> I have a few questions from things that I am working
>> on that I would like to
>> pose:
>>
>> I was wiping out my configs from a BGP session when
>> I noticed that I had a
>> route to Null0 in my router. Under what
>> circumstances would you see this
>> route?
>>
>> In OSPF, what is exactly the rule on authentication?
>> Is it simply all
>> interfaces attached to the individual network, as
>> well as any router ospf area
>> x auth commands in the area? Or does every interface
>> in , say area 0, have to
>> have the same passwords and authentication methods
>> on ALL interfaces in area
>> 0? I have built these & tried a few different
>> methods, but it seems to work
>> many times when I think it should be broken.
>>
>> What is the cisco(LAB) definition of a VPN?
>> Everybody and their brother seems
>> to have their own definition regarding tunnels,
>> encryption, pptp, vpdn, leased
>> line, etc.
>>
>> BTW, I hope I am not violating anything here, but I
>> heard a rumour that both
>> BGP AND OSPF will be on the lab. :-)
>>
>> These are some areas that I am working on - Anyone
>> wish to discuss? I would
>> like to at least get enough reading to make it
>> through the Lean Quisine that
>> the wife sends for lunch as well as the vending
>> machine cupcakes that I follow
>> it with.
>>
>> John Garrett
>>
>>
>>
>>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:04 GMT-3