Re: RE: SR/TLB for IP Discoveries (LONG)

From: John Neiberger (neiby@xxxxxxxxxx)
Date: Thu Mar 14 2002 - 14:37:13 GMT-3

• Next message: Rastas .: "OT - Cat5K boot error"
• Previous message: MADMAN: "Re: redistribution"
• Maybe in reply to: RSiddappa@xxxxxxxxxx: "RE: SR/TLB for IP Discoveries (LONG)"
• Next in thread: Brian Lodwick: "Re: SR/TLB for IP Discoveries (LONG)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
This does make some sense because the translating router is
attached to both rings, but the client side is only aware of
its ring.

I _really_ wish I had some stuff here at work to test this
with. It would be interesting to go through the different
options again.

John

---- On Thu, 14 Mar 2002, Ahmed Mamoor Amimi (mamoor@ieee.org)
wrote:

> No there is no need for multiring xx on translating router.
> It is only add on client router on token-ring.
>
> Theory is :
> multiring is add just becaouse so that client router should
know that
> there
> are multiple rings and i should
> also check them if my destination is not found local ... so
it produce
> explorer frames then add rif .
>
> Nothing to do on translating router.... I am sure about this.
>
> -Mamoor
>
> ----- Original Message -----
> From: John Neiberger <neiby@ureach.com>
> To: <RSiddappa@NECBNS.com>; <ccielab@groupstudy.com>
> Sent: Thursday, March 14, 2002 8:26 PM
> Subject: Re: RE: SR/TLB for IP Discoveries (LONG)
>
>
> > Perhaps not, but I believe I tried to ping without adding
> > multiring ip and it did not work. It was then that I added
the
> > command and the ping succeeded.
> >
> > I've already blown away the configs to go back to work on my
> > IPSec configuration. Perhaps someone either knows the
answer
> > or will set this up and test it.
> >
> > If I think about it, I'll set it up again when I get home
> > tonight, just to make sure.
> >
> > John
> >
> > ---- On Thu, 14 Mar 2002, RSiddappa@NECBNS.com
> > (RSiddappa@NECBNS.com) wrote:
> >
> > >
> > > John,
> > >
> > > This is absolutely good and workign config. But I am stll
not
> > sure do u
> > > need
> > > that multiring Ip on the token ring interface fo the
router
> > doign
> > > Translational bridging.
> > >
> > > I do no think. I had it workign with out that few days
back.
> > >
> > > R.
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: John Neiberger [mailto:neiby@ureach.com]
> > > Sent: Thursday, March 14, 2002 12:17 AM
> > > To: ccielab@groupstudy.com
> > > Subject: SR/TLB for IP Discoveries (LONG)
> > >
> > >
> > > Since I was temporarily fed up with staring at ipsec
configs
> > I
> > > thought I'd take a crack at the SR/TLB stuff going on
today.
> > I
> > > wasn't able to make this work using the configs posted
> > today.
> > > In fact, I can't figure out why the posted configs were
> > working
> > > at all. :-)
> > >
> > > I printed out three different docs from CCO and cross-
> > > referenced that with examples from the archives to come up
> > with
> > > a working solution. Here is the scenario:
> > >
> > > R2 --- (eth) --- R4 --- (tr) --- R3
> > >
> > > Let's start with R4 since it's the most complex. The
first
> > > step is to configure SRB and transparent bridging:
> > >
> > > no ip routing
> > > !
> > > source-bridge ring-group 100
> > > !
> > > int to0
> > > source-bridge 10 5 100
> > > !
> > > int e0
> > > bridge-group 1
> > > !
> > > bridge 1 protocol ieee
> > >
> > > Then, configure SR/TLB to bridge between the two
interfaces:
> > >
> > > source-bridge transparent 100 200 5 1
> > >
> > > In that config, the first number is from the source-bridge
> > ring-
> > > group statement. The second number is the virtual ring
> > number
> > > that identifies the transparent bridging domain to the SRB
> > > domain. The third number is the bridge number taken from
the
> > > SRB config on the token ring interface. Finally, the
fourth
> > > number is the bridge-group number taken from the ethernet
> > > interface config.
> > >
> > > At this point things won't be working just yet. On R2,
the
> > > ethernet-only router, we simply need to configure an IP
> > > address. Then, we need to add an IP address to R3 that's
in
> > > the same subnet. Go ahead, try to ping...it won't work
yet,
> > > and here's where it starts to get a little tricky if
you're
> > > doing this with IP.
> > >
> > > On R4 you've configured SR/TLB which handles layer-two
> > traffic
> > > just fine but it doesn't know how to handle embedded layer
> > > three addresses. To fix this, add the following:
> > >
> > > bridge 1 bitswap-layer3-addresses
> > >
> > > That's fairly straightforward, but things aren't going to
> > work
> > > yet. If you try to ping R2 from R3, the initial ARP will
> > > fail. Why? Because the router needs to send an explorer
and
> > > it's not configured to do so. So, go to R3 and add the
> > > following:
> > >
> > > int to0
> > > source-bridge 10 4 200 (the 4 and 200 are irrelevant)
> > > source-bridge spanning
> > > multiring ip <------ important!
> > >
> > > Pings still won't work until you go back to the SR/TLB
router
> > > and add 'source-bridge spanning' and 'multiring ip'. At
that
> > > point, pings should succeed.
> > >
> > > With this solution there are no guarantees that all IP
> > traffic
> > > will work. In fact, this is configuration is probably a
> > really
> > > bad idea if you're running IP, but it at least sort of
> > works.
> > >
> > > I broke this down into sections to show the steps I went
> > > through to figure this out and make it work. Here are the
> > > final working configs:
> > >
> > > R2 (ethernet):
> > >
> > > int ethernet0
> > > ip address 172.16.43.2 255.255.255.0
> > >
> > > R3 (token ring):
> > >
> > > int tokenring0
> > > ip add 172.16.43.3 255.255.255.0
> > > source-bridge 10 4 200
> > > source-bridge spanning
> > > multiring ip
> > >
> > > R4 (SR/TLB):
> > >
> > > no ip routing
> > > !
> > > source-bridge ring-group 100
> > > source-bridge transparent 100 200 5 1
> > > !
> > > int ethernet 0
> > > bridge-group 1
> > > !
> > > int tokenring0
> > > source-bridge 10 50 100
> > > source-bridge spanning
> > > multiring ip
> > > !
> > > bridge 1 protocol ieee
> > > bridge 1 bitswap-layer3-addresses
> > >
> > > I currently have these exact configs on my routers, and
here
> > is
> > > the result:
> > >
> > > R3#
> > > R3#sho arp
> > > Protocol Address Age (min) Hardware Addr Type
> > > Interface
> > > Internet 172.16.43.3 - 0000.30e2.cc0c SNAP
> > > TokenRing0
> > > R3#ping 172.16.43.2
> > >
> > > Type escape sequence to abort.
> > > Sending 5, 100-byte ICMP Echos to 172.16.43.2, timeout is
2
> > > seconds:
> > > .!!!!
> > > Success rate is 80 percent (4/5), round-trip min/avg/max =
> > > 8/8/8 ms
> > > R3#sho arp
> > > Protocol Address Age (min) Hardware Addr Type
> > > Interface
> > > Internet 172.16.43.3 - 0000.30e2.cc0c SNAP
> > > TokenRing0
> > > Internet 172.16.43.2 0 0000.30b1.4bc1 SNAP
> > > TokenRing0
> > > R3#
> > >
> > > I sure hope I don't have to mess with this in the real
lab,
> > but
> > > this little adventure was very enlightening. At least I
> > think
> > > I could get it working if I run into it when it
counts. :-)
> > >
> > > Regards,
> > > John
> > >
> >

• Next message: Rastas .: "OT - Cat5K boot error"
• Previous message: MADMAN: "Re: redistribution"
• Maybe in reply to: RSiddappa@xxxxxxxxxx: "RE: SR/TLB for IP Discoveries (LONG)"
• Next in thread: Brian Lodwick: "Re: SR/TLB for IP Discoveries (LONG)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:08 GMT-3