ccbootcamp lab#1 - some observations

From: Darek Kuzma (darekk@xxxxxxxxxxxxx)
Date: Sun Apr 15 2001 - 16:24:39 GMT-3

• Next message: Nodir Nazarov: "SR/TLB on Cat5xxx"
• Previous message: Jay Hennigan: "RE: External LSAs keeping ISDN line up!!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Hi,
I would like to share two observations I've made after I finished
configuration of this lab.

1. Lab objective says:
You should be able to ping EVERY interface from ANY router

Provided solution allows to ping every interface ONLY from router 4!
R2, R3, R4, R5 can't ping serial if connected to FR cloud.

Let's take R5:

r5#debug ip packet details
r5#debug frame packet
r5#ping 10.10.1.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.1.5, timeout is 2 seconds:

*Mar 1 01:57:27.499: IP: s=10.10.1.5 (local), d=10.10.1.5 (Serial1), len
100, sending
*Mar 1 01:57:27.503: ICMP type=8, code=0
*Mar 1 01:57:27.503: Serial1:Encaps failed--no map entry link 7(IP)
*Mar 1 01:57:27.507: IP: s=10.10.1.5 (local), d=10.10.1.5 (Serial1), len
100, encapsulation failed
*Mar 1 01:57:27.511: ICMP type=8, code=0.
*Mar 1 01:57:29.499: IP: s=10.10.1.5 (local), d=10.10.1.5 (Serial1), len
100, sending
*Mar 1 01:57:29.503: ICMP type=8, code=0
*Mar 1 01:57:29.503: Serial1:Encaps failed--no map entry link 7(IP)
*Mar 1 01:57:29.503: IP: s=10.10.1.5 (local), d=10.10.1.5 (Serial1), len
100, encapsulation failed
*Mar 1 01:57:29.507: ICMP type=8, code=0
*Mar 1 01:57:29.651: IP: s=11.1.1.5 (local), d=224.0.0.5 (Ethernet0), len
64, sending broad/multica
st, proto=89.
*Mar 1 01:57:31.499: IP: s=10.10.1.5 (local), d=10.10.1.5 (Serial1), len
100, sending
*Mar 1 01:57:31.503: ICMP type=8, code=0
*Mar 1 01:57:31.503: Serial1:Encaps failed--no map entry link 7(IP)
*Mar 1 01:57:31.507: IP: s=10.10.1.5 (local), d=10.10.1.5 (Serial1), len
100, encapsulation failed
*Mar 1 01:57:31.507: ICMP type=8, code=0.
*Mar 1 01:57:33.499: IP: s=10.10.1.5 (local), d=10.10.1.5 (Serial1), len
100, sending
*Mar 1 01:57:33.503: ICMP type=8, code=0
*Mar 1 01:57:33.503: Serial1:Encaps failed--no map entry link 7(IP)
*Mar 1 01:57:33.507: IP: s=10.10.1.5 (local), d=10.10.1.5 (Serial1), len
100, encapsulation failed
*Mar 1 01:57:33.507: ICMP type=8, code=0.
*Mar 1 01:57:35.499: IP: s=10.10.1.5 (local), d=10.10.1.5 (Serial1), len
100, sending
*Mar 1 01:57:35.503: ICMP type=8, code=0
*Mar 1 01:57:35.503: Serial1:Encaps failed--no map entry link 7(IP)
*Mar 1 01:57:35.507: IP: s=10.10.1.5 (local), d=10.10.1.5 (Serial1), len
100, encapsulation failed
*Mar 1 01:57:35.507: ICMP type=8, code=0
*Mar 1 01:57:35.963: Serial1(i): dlci 501(0x7C51), pkt type 0x800,
datagramsize 80
*Mar 1 01:57:35.967: IP: s=10.10.1.1 (Serial1), d=10.10.1.5, len 76, r.
Success rate is 0 percent (0/5)

I found thy way to make it work!
Just add 10.10.1.5 to access list defined for policy routing and:

r5#ping 10.10.1.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.1.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/92/92 ms

but of course packet go first to R1:
r5#trace 10.10.1.5
Type escape sequence to abort.
Tracing the route to 10.10.1.5

  1 10.10.1.1 24 msec 24 msec 28 msec
  2 10.10.1.5 48 msec * 44 msec

We can repeat the same "trick" on other routers to make solution complete.

2. Default route is useless on R4, R5, R3
It is not a objective to make this route work but ...

I took R5 for this example:

routing tables of listed router shows:
r5#sip
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, * - candidate
default
       U - per-user static route, o - ODR

Gateway of last resort is 10.10.1.2 to network 0.0.0.0

     10.0.0.0/16 is subnetted, 5 subnets
C 10.10.0.0 is directly connected, Serial1
O IA 10.1.0.0 [110/74] via 10.10.1.1, 00:04:36, Serial1
O IA 10.4.0.0 [110/138] via 10.10.1.3, 00:04:36, Serial1
O IA 10.44.0.0 [110/129] via 10.10.1.3, 00:04:36, Serial1
O IA 10.34.0.0 [110/128] via 10.10.1.3, 00:04:36, Serial1
     11.0.0.0/16 is subnetted, 1 subnets
C 11.1.0.0 is directly connected, Ethernet0
     137.20.0.0/24 is subnetted, 1 subnets
O IA 137.20.20.0 [110/74] via 10.10.1.2, 00:04:36, Serial1
O*E1 0.0.0.0/0 [110/164] via 10.10.1.2, 00:04:36, Serial1

So for all of them next hop is 10.10.1.2 !!! which is inaccessible:

Let's try to use default route:
r5#ping 100.100.100.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 100.100.100.1, timeout is 2 seconds:

*Mar 1 02:08:34.731: IP: s=10.10.1.5 (local), d=100.100.100.1 (Serial1),
len 100, sending
*Mar 1 02:08:34.735: Serial1:Encaps failed--no map entry link 7(IP)
*Mar 1 02:08:34.735: IP: s=10.10.1.5 (local), d=100.100.100.1 (Serial1),
len 100, encapsulation fai
led.
*Mar 1 02:08:36.251: Serial1(i): dlci 501(0x7C51), pkt type 0x800,
datagramsize 80
*Mar 1 02:08:36.255: IP: s=10.10.1.1 (Serial1), d=10.10.1.5, len 76, rcvd 0

*Mar 1 02:08:36.731: IP: s=10.10.1.5 (local), d=100.100.100.1 (Serial1),
len 100, sending
*Mar 1 02:08:36.735: Serial1:Encaps failed--no map entry link 7(IP)
*Mar 1 02:08:36.735: IP: s=10.10.1.5 (local), d=100.100.100.1 (Serial1),
len 100, encapsulation fai
led.
*Mar 1 02:08:38.731: IP: s=10.10.1.5 (local), d=100.100.100.1 (Serial1),
len 100, sending
*Mar 1 02:08:38.735: Serial1:Encaps failed--no map entry link 7(IP)
*Mar 1 02:08:38.735: IP: s=10.10.1.5 (local), d=100.100.100.1 (Serial1),
len 100, encapsulation fai
led.
*Mar 1 02:08:39.771: IP: s=11.1.1.5 (local), d=224.0.0.5 (Ethernet0), len
64, sending broad/multica
st
*Mar 1 02:08:40.731: IP: s=10.10.1.5 (local), d=100.100.100.1 (Serial1),
len 100, sending
*Mar 1 02:08:40.735: Serial1:Encaps failed--no map entry link 7(IP)
*Mar 1 02:08:40.735: IP: s=10.10.1.5 (local), d=100.100.100.1 (Serial1),
len 100, encapsulation fai
led.
*Mar 1 02:08:42.731: IP: s=10.10.1.5 (local), d=100.100.100.1 (Serial1),
len 100, sending
*Mar 1 02:08:42.735: Serial1:Encaps failed--no map entry link 7(IP)
*Mar 1 02:08:42.735: IP: s=10.10.1.5 (local), d=100.100.100.1 (Serial1),
len 100, encapsulation fai
led.
Success rate is 0 percent (0/5)

So the same story.

On router 5 it can be fixed by changing route-map to sth like that:

access-list 103 permit ip any any log
access-list 104 permit ip any 11.1.0.0 0.0.255.255 log

route-map POL2 deny 10
 match ip address 104
!
route-map POL2 permit 20
 match ip address 103
 set ip next-hop 10.10.1.1

On router 3 we can use similar approach but add more networks (area 3 and
44) to access-list 104 used by POL2 deny 10

3. We were trying to use dynamic routing protocol but all in all we have to
"patch it" on each of the routers involved. Bottom line is this solution
doesn't scale at all. It would be easier to configure just static routes.
Of course this lab is great for training/study purpose.

All comments and "easier/better" solutions (especially for pinging local FR
address) welcome!

Thanks,
Darek Kuzma
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: Nodir Nazarov: "SR/TLB on Cat5xxx"
• Previous message: Jay Hennigan: "RE: External LSAs keeping ISDN line up!!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:46 GMT-3