RE: IP Default-Network/IP Subnet-Zero Exploit--or old news?

From: Mas Kato (tealp729@xxxxxxxx)
Date: Thu May 03 2001 - 19:06:12 GMT-3

• Next message: Andrew Lennon: "RE: BGP and no-sync"
• Previous message: Mas Kato: "RE: CCIE #7307"
• Maybe in reply to: Mas Kato: "IP Default-Network/IP Subnet-Zero Exploit--or old news?"
• Next in thread: Mas Kato: "RE: IP Default-Network/IP Subnet-Zero Exploit--or old news?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Lachlan,

The very same questions I have with the OSPF 'summary-address' command.

I agree with your observation, but would caution you to perhaps file
it -with reference to this command only-, at least for now. The reason I
say this is, for example, BGP does check for the exact mask of the IGP
route during synchronization, so perhaps saying the IOS doesn't look at
the mask of the route in the table might be a little too general...

Regards,

Mas

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Lachlan Kidd
Sent: Thursday, May 03, 2001 1:37 AM
To: Mas Kato; 'CCIELAB'
Subject: RE: IP Default-Network/IP Subnet-Zero Exploit--or old news?

Hey Mas,
        Cool trick, works well. The question is
a) Is it a bug ?
b) Is is supposed to do that ?
It proves that IOS doesn't look at the mask of the route in the table,
just
looks for the existence of the 'classful' route.
Regards,
        Lachlan

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Mas Kato
Sent: Thursday, 3 May 2001 4:22:PM
To: 'CCIELAB'
Subject: IP Default-Network/IP Subnet-Zero Exploit--or old news?

Hello everybody,

I've been playing around with the ole' FLSM network-to-VLSM network
reachability scenario and may have stumbled across an 'ip
default-network' / 'ip subnet-zero' exploit. It's a variation on
something I found in the archives--but I'm not sure if it's old news or
not, so I thought I'd throw it out there and have you guys rip it to
shreds...

Major network: 172.16.0.0

OSPF/28--(R3)--OSPF/24--(R5)--IGRP/24--(R2)

Goal: Provide reachability to the OSPF/28 network from the IGRP/24
network while avoiding statics, blah, blah...

One of the archived suggestions is to configure a classful loopback on
R5, have IGRP advertise it to R2 and then use the 'ip default-network'
command on R2, referencing the classful network. Fine--but what if we're
limited to using subnets from just one major network?

Well, since the 'ip default-network' command is classful, if we
reference a subnet of our major network we get that lovely static route
installed to the major net and then we have to issue the 'ip
default-network' command again, this time referencing the major net. Ug.

Here's what it looked like on R2:

Gateway of last resort is 172.16.5.0 to network 172.16.0.0

 * 172.16.0.0/16 is variably subnetted, 6 subnets, 2 masks
C 172.16.52.0/24 is directly connected, Ethernet0
I 172.16.35.0/24 [100/7100] via 172.16.52.5, 00:00:13, Ethernet0
I 172.16.5.0/24 [100/1600] via 172.16.52.5, 00:00:13, Ethernet0
S* 172.16.0.0/16 [1/0] via 172.16.5.0
C 172.16.2.0/24 is directly connected, Loopback0
R2#

But then I got to thinking, "yo, what if the subnet we reference is
subnet zero?"

Now check out R2 (no static!):

Gateway of last resort is 172.16.52.5 to network 172.16.0.0

 * 172.16.0.0/24 is subnetted, 5 subnets
C 172.16.52.0 is directly connected, Ethernet0
I 172.16.35.0 [100/7100] via 172.16.52.5, 00:01:16, Ethernet0
I* 172.16.0.0 [100/1600] via 172.16.52.5, 00:01:16, Ethernet0
C 172.16.2.0 is directly connected, Loopback0
R2#

Analysis, feedback, gotchas, etc. welcomed...

Regards,

Mas Kato

(Config snippets follow...)

!!!!!!!!!!
hostname R5
!
ip subnet-zero
!
interface Loopback0
 ip address 172.16.0.5 255.255.255.0
!
interface Ethernet0
 ip address 172.16.52.5 255.255.255.0
!
interface Serial1
 bandwidth 2000
 ip address 172.16.35.5 255.255.255.0
!
router ospf 1
 log-adjacency-changes
 redistribute igrp 1 metric 10 subnets route-map IGRPNETS
 network 172.16.35.0 0.0.0.255 area 0
!
router igrp 1
 redistribute ospf 1 metric 2000 2000 255 1 1500
 passive-interface Serial1
 network 172.16.0.0
!
ip classless
!
access-list 1 permit 172.16.0.0 0.0.0.255
access-list 1 permit 172.16.2.0 0.0.0.255
access-list 1 permit 172.16.52.0 0.0.0.255
route-map IGRPNETS permit 10
 match ip address 1
!
end
R5#

!!!!!!!!!!
R2#
hostname R2
!
ip subnet-zero
!
interface Loopback0
 ip address 172.16.2.1 255.255.255.0
!
interface Ethernet0
 ip address 172.16.52.2 255.255.255.0
!
router igrp 1
 network 172.16.0.0
!
ip classless
ip default-network 172.16.0.0
end
R2#
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: Andrew Lennon: "RE: BGP and no-sync"
• Previous message: Mas Kato: "RE: CCIE #7307"
• Maybe in reply to: Mas Kato: "IP Default-Network/IP Subnet-Zero Exploit--or old news?"
• Next in thread: Mas Kato: "RE: IP Default-Network/IP Subnet-Zero Exploit--or old news?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:30:33 GMT-3