From: Gerry Hilton (gerry.hilton@rogers.com)
Date: Wed Mar 05 2003 - 13:39:56 GMT-3
Thanks for the great explanation!
Gerry
Brian Dennis wrote:
>This is a two part e-mail ;-) I'll do a full tech write-up in the next
>couple days covering dialer watch and its caveats but for now this
>e-mail should explain the original problem and why a dialer string
>overcame the problem but didn't really fix the problem.
>
><Part_1>
>The problem with his original dialer watch solution was that he was
>watching a /32 route. Theoretically this shouldn't be a problem and
>Cisco doesn't give any warnings about watching a /32 route with dialer
>maps at least that I've seen. But if you look at how the dialer map also
>puts a /32 connected route in the routing table once the ISDN interface
>becomes active you can see the issue. Dialer watch in the original case
>was watching a /32 route and when it was "lost" it triggered the dialer
>watch to make the call. So far no problem but once the ISDN interface
>became active the router put a /32 connected route for the dialer map in
>its routing table. This means that the dynamic route once it comes back
>will have a higher administrative distance then the route installed for
>the dialer map (connected /32).
>
>Below is the debug output (debug dialer and debug ip routing) from a
>router that is watching the 1.1.1.0/24 subnet. (If you would like to see
>the full configs of each side send me an e-mail)
>
>Rack4R4#
>03:01:18: RT: del 1.1.1.0/24 via 172.16.1.5, ospf metric [110/65]
>03:01:18: RT: delete subnet route to 1.1.1.0/24
>03:01:18: DDR: Dialer Watch: watch-group = 1
>03:01:18: DDR: network 1.1.1.0/255.255.255.0 DOWN,
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>03:01:18: DDR: primary DOWN
>03:01:18: DDR: Dialer Watch: Dial Reason: Primary of group 1 DOWN
>03:01:18: DDR: Dialer Watch: watch-group = 1,
>03:01:18: DDR: dialing secondary by dialer map 1.1.1.0 on BR0/0
>03:01:18: BR0/0 DDR: Attempting to dial 5272045
>03:01:18: RT: delete network route to 1.0.0.0
>03:01:23: %LINK-3-UPDOWN: Interface BRI0/0:2, changed state to up
>03:01:23: BR0/0:2 DDR: Dialer Watch: resetting call in progress
>03:01:23: BR0/0:2 DDR: dialer protocol up
>03:01:23: is_up: 1 state: 4 sub state: 1 line: 0
>03:01:23: RT: add 1.1.1.0/32 via 0.0.0.0, connected metric [0/0]
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>03:01:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:2,
>changed state to up
>Rack4R4#
>03:01:29: %ISDN-6-CONNECT: Interface BRI0/0:2 is now connected to
>5272045
>Rack4R4#sho ip rout
>Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
> D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
> N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
> E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
> i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS
>inter area
> * - candidate default, U - per-user static route, o - ODR
> P - periodic downloaded static route
>
>Gateway of last resort is not set
>
> 1.0.0.0/32 is subnetted, 1 subnets
>C 1.1.1.0 is directly connected, BRI0/0
> 172.16.0.0/24 is subnetted, 1 subnets
>C 172.16.1.0 is directly connected, Serial0/0
> 10.0.0.0/24 is subnetted, 1 subnets
>C 10.1.1.0 is directly connected, BRI0/0
>Rack4R4#
>
>As you can see the router is watching the 1.1.1.0/24 network but a
>connected route to 1.1.1.0/32 is put in the routing table matching the
>dialer map. This isn't a problem because when the 1.1.1.0/24 route comes
>back up the router can install it in its routing table. But if the
>watched route is a /32 learned via a dynamic routing protocol it will
>not get installed in the routing table due to the fact the dialer map
>route is also a /32 and it has an administrative distance of 0.
></Part_1>
>
><Part_2>
>There is no need for a dialer-map if a dialer string is being used. Let
>me explain the reasoning.
>
>You can create two types of interfaces with ISDN, multipoint and
>point-to-point. With multipoint you can have more than one remote site
>connected to an interface at a time. With point-to-point you can only
>have one remote site connected to an interface at a time. There isn't a
>command with ISDN that says an interface will be multipoint or
>point-to-point. It's determined by how the interface is configured.
>
>When dialer maps are used the interface is treated as multipoint. This
>enables more than one remote site to be connected to the interface at
>the same time. This also means that mappings are needed for layer three
>(IP address) to layer two (ISDN Phone Number) associations just like
>with Frame-relay and ATM multipoint interfaces (physical interfaces and
>multipoint subinterfaces) assuming no form of ARP is being used. When
>using an ISDN multipoint interface with dialer watch, a mapping is
>needed for the watched network.
>
>When dialer strings are used the interface is treated as point-to-point.
>This of course means that there can only be one remote site connected to
>the interface at a given time. With point-to-point interfaces there
>isn't a need for layer three (IP address) to layer two (ISDN Phone
>Number) associations because all layer three destinations are assumed to
>reachable via the one layer two address. This is exactly the same as
>with Frame-relay and ATM point-to-point subinterfaces. When using an
>ISDN point-to-point interface with dialer watch, only the "dialer
>watch-group" command is needed. If the watched route defined in the
>global configuration is "lost" the dialer watch is triggered and the
>dialer string is called.
></Part_2>
>
>Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security)
>brian@labforge.com
>http://www.labforge.com
>
>
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>kasturi cisco
>Sent: Tuesday, March 04, 2003 2:08 PM
>To: gerry.hilton@rogers.com
>Cc: ccielab@groupstudy.com
>Subject: Re: Dialer watch - BRI interface won't go down when primary is
>back up
>
>Gerry,
>
>I am surprised how it works without the dialer map statement for the
>watched route, bcoz when i have tried it does not work without it ? Are
>there any situations where this should be used Vs not used. when i did
>it
>worked only after adding the additonal dialer map.
>
>Can anyone add some expert comments on this.
>
>Thanks,
>
>Good Luck,[IMAGE]
>Kasturi.
>
>
>
>>From: Gerry Hilton >Reply-To: Gerry Hilton >To: adz >CC: >Subject: Re:
>>
>>
>Dialer watch - BRI interface won't go down when primary is back up
>
>
>>Date:
>>
>>
>Tue, 04 Mar 2003 14:27:14 -0500 > >Thanks! Your suggestion did work. The
>reason that I included the >dialer map statement for the watched route
>is
>that is what my Solie book >plus the Cisco CD said to do. For example,
>the following is an excerpt >from the Cisco CD: > >interface BRI0 > ip
>address 172.20.10.2 255.255.255.0 >!IP address for the BRI interface
>(backup link). > encapsulation ppp > dialer idle-timeout 30 >!Idle
>timeout(in seconds)for this backup link. >!Dialer watch checks the
>status
>of the primary link every time the >!idle-timeout expires. > dialer
>watch-disable 15 >!Delays disconnecting the backup interface for 15
>seconds after the >!primary interface is found to be up. > dialer map ip
>172.20.10.1 name maui-nas-05 broadcast 5551111 >!Dialer map for the BRI
>interface of the remote router. >* dialer map ip 172.22.53.0 name
>maui-nas-05 broadcast 5551111 >!Map statement for the route/network
>being
>watched by the >!dialer watch-list command. >!This address must exactly
>match the network configured with the >!dialer watch-list command.
>
>
>>!When
>>
>>
>the watched route disappears, this dials the specified phone number.* >
>dialer watch-group 8 >!Enable Dialer Watch on this backup interface.
>
>
>>!Watch the route specified with dialer watch-list 8. > dialer-group 1
>>!Apply interesting traffic defined in dialer-list 1. > isdn switch-type
>>
>>
>basic-ni > isdn spid1 51255522220101 5552222 > isdn spid2 51255522230101
>5552223 > ppp authentication chap >!Use chap authentication. > >I'm very
>grateful for your help! > >Gerry > >adz wrote: > > >Hi, > > > >I'ma bit
>confused as to why you have a dialer map statment for 15.5.5.5, > >the
>problem in having this, is that the router asumes that this address is >
>
>
>>owned by the remote router. > > > >the dialer watch method will cause
>>
>>
>your router to dial, if the route is > >missing, you don't need the
>extra
>dialer map. > > > >consider the following: > >interface BRI0 > > ip
>address 14.40.0.4 255.255.255.0 > > encapsulation ppp > > dialer
>idle-timeout 10 > > dialer watch-disable 2 > > dialer string 8358662 > >
>dialer watch-group 8 > > dialer-group 1 > > isdn switch-type basic-ni >
>
>
>isdn spid1 0835866101 > > isdn spid2 0835866301 > >! > > > >this should
>make it work ok > > > > > >-----Original Message----- > >From:
>nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of >
>
>
>>Gerry
>>
>>
>Hilton > >Sent: 04 March 2003 18:22 > >To: ccielab@groupstudy.com >
>
>
>>Subject: Dialer watch - BRI interface won't go down when primary is
>>
>>
>back
>
>
>>>up > > > > > >Hi. I know this issue has been raised before as I
>>>
>>>
>searched the > >archives. However, I did not find a solution that solves
>the problem > >that I am seeing. > > > >The problem is that the BRI
>interface will not drop after the primary > >interface goes back up, as
>it thinks that the primary is still down (as > >indicated by debug
>dialer). I believe this has to do with the way that > >the routing table
>changes after the primary interface is shut down. > > Instead of showing
>as via OSPF or EIGRP, it shows as directley > >connected to BRI0.
>Bringing the primary interface up again doesn't > >change this. The only
>way to fix this is to shut down BRI0, which > >causes the routing table
>to change and then dialer debug shows the > >primary as up again. > > >
>
>
>>The version on each router is Version 12.1(17) > >. > >Thanks for any
>>
>>
>help, > > Gerry > > > >Details and config follow: > > > >The route being
>watched is 15.5.5.5. It has the appropriate map > >statement under BRI0.
>The primary is S0. > > > > > >router4-1750-1#sh ip route > >Codes: C -
>connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP > > D -
>EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area > > N1 - OSPF
>NSSA external type 1, N2 - OSPF NSSA external type 2 > > E1 - OSPF
>external type 1, E2 - OSPF external type 2, E - EGP > > i - IS-IS, L1 -
>IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS > >inter area > > * -
>candidate default, U - per-user static route, o - ODR > > P - periodic
>downloaded static route > > > >Gateway of last resort is 14.70.0.7 to
>network 0.0.0.0 > > > > 14.0.0.0/8 is variably subnetted, 4 subnets, 2
>masks > >C 14.30.0.4/32 is directly connected, Loopback0 > >C
>14.40.0.0/24 is directly connected, BRI0 > >O 14.37.0.7/32 [110/2] via
>14.70.0.7, 00:02:01, Serial0 > >C 14.70.0.0/24 is directly connected,
>Serial0 > > 15.0.0.0/32 is subnetted, 1 subnets > >O 15.5.5.5 [110/2]
>via
>14.70.0.7, 00:02:01, Serial0 > >O*E2 0.0.0.0/0 [110/1] via 14.70.0.7,
>00:02:01, Serial0 > > > >Once S0 is shut down, the routing table changes
>and remains in this > >state even when S0 is brought back up: > > >
>
>
>>router4-1750-1#sh ip route > >Codes: C - connected, S - static, I -
>>
>>
>IGRP, R - RIP, M - mobile, B - BGP > > D - EIGRP, EX - EIGRP external, O
>- OSPF, IA - OSPF inter area > > N1 - OSPF NSSA external type 1, N2 -
>OSPF NSSA external type 2 > > E1 - OSPF external type 1, E2 - OSPF
>external type 2, E - EGP > > i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS
>level-2, ia - IS-IS > >inter area > > * - candidate default, U -
>per-user
>static route, o - ODR > > P - periodic downloaded static route > > >
>
>
>>Gateway of last resort is not set > > > > 14.0.0.0/8 is variably
>>
>>
>subnetted, 2 subnets, 2 masks > >C 14.30.0.4/32 is directly connected,
>Loopback0 > >C 14.40.0.0/24 is directly connected, BRI0 > > 15.0.0.0/32
>is subnetted, 1 subnets > >C 15.5.5.5 is directly connected, BRI0 >
>
>
>>router4-1750-1# > > > >debug dialer event and debug dialer packet shows
>>
>>
>the primary as down > >even when S0 is brought up: > > >
>
>
>>router4-1750-1#
>>
>>
>>>*Mar 2 05:40:44: %OSPF-5-ADJCHG: Process 1, Nbr 14.37.0.7 on Serial0
>>>
>>>
>>from LOADING to FULL, Loading Done > >router4-1750-1# > >1d05h: BR0:1
>DDR: idle timeout > >1d05h: DDR: Dialer Watch: watch-group = 8 > >1d05h:
>DDR: network 15.5.5.5/255.255.255.255 UP, > >1d05h: DDR: primary DOWN >
>
>
>>router4-1750-1# > >1d05h: BR0 DDR: ip (s=14.40.0.4, d=224.0.0.5), 64
>>
>>
>bytes, outgoing > >uninteresting (list 101) > >1d05h: BR0 DDR: sending
>broadcast to ip 15.5.5.5 > >1d05h: BR0 DDR: sending broadcast to ip
>14.40.0.7 -- succeeded > >router4-1750-1# > >1d05h: BR0:1 DDR: idle
>timeout > >1d05h: DDR: Dialer Watch: watch-group = 8 > >1d05h: DDR:
>network 15.5.5.5/255.255.255.255 UP, > >1d05h: DDR: primary DOWN >
>
>
>>router4-1750-1# > >1d05h: BR0 DDR: ip (s=14.40.0.4, d=224.0.0.5), 64
>>
>>
>bytes, outgoing > >uninteresting (list 101) > >1d05h: BR0 DDR: sending
>broadcast to ip 15.5.5.5 > >1d05h: BR0 DDR: sending broadcast to ip
>14.40.0.7 -- succeeded > >router4-1750-1# > > > >Manually shutting down
>BRI0 results in the primary (S0) being shown as > >up, although it was
>already: > > > >1d05h: BR0:1 DDR: disconnecting call > >1d05h: DDR:
>Dialer Watch: watch-group = 8 > >1d05h: DDR: network
>15.5.5.5/255.255.255.255 UP, > >1d05h: DDR: primary UP > >*Mar 2
>05:41:30: %LINK-3-UPDOWN: Interface BRI0:2, changed state to down >
>
>
>>1d05h: BR0:2 DDR: disconnecting call > >1d05h: DDR: Dialer Watch:
>>
>>
>watch-group = 8 > >1d05h: DDR: network 15.5.5.5/255.255.255.255 UP, >
>
>
>>1d05h: DDR: primary UP > >*Mar 2 05:41:31: %LINEPROTO-5-UPDOWN: Line
>>
>>
>protocol on Interface > >BRI0:1, changed state to down > > > >Configs: >
>
>
>>>>Calling router: > > > >router4-1750-1#sh ver > >Cisco Internetwork
>>>>
>>>>
>Operating System Software > >IOS (tm) C1700 Software
>(C1700-BNO3R2SV3Y56I-M), Version 12.1(17), > >RELEASE SOFTWARE (fc1) > >
>
>
>>>>>router4-1750-1#sh ru > >Building configuration... > > > >Current
>>>>>
>>>>>
>configuration : 1722 bytes > >! > >version 12.1 > >no service
>single-slot-reload-enable > >service timestamps debug uptime > >service
>timestamps log datetime > >no service password-encryption > >! >
>
>
>>hostname router4-1750-1 > >! > >logging buffered 10000 debugging > >! >
>>username zz privilege 15 nopassword > >username router7-1750-2 password
>>
>>
>0 ipexpert > >! > >! > >! > >! > >memory-size iomem 25 > >ip subnet-zero
>
>
>>>no ip domain-lookup > >! > >ip audit notify log > >ip audit po
>>>
>>>
>max-events 100 > >ip multicast-routing > >isdn switch-type basic-ni > >!
>
>
>>>! > >! > >! > >voice-port 2/0 > >! > >voice-port 2/1 > >! > >! > >! >
>>>
>>>
>>! > >interface Loopback0 > > ip address 14.30.0.4 255.255.255.255 > >
>>
>>
>ip
>ospf network point-to-point > >! > >interface Loopback1 > > no ip
>address
>
>
>>>! > >interface Serial0 > > ip address 14.70.0.4 255.255.255.0 > >
>>>
>>>
>clockrate 148000 > >! > >interface BRI0 > > ip address 14.40.0.4
>255.255.255.0 > > encapsulation ppp > > dialer idle-timeout 10 > >
>dialer
>watch-disable 2 > > dialer map ip 15.5.5.5 name router7-1750-2 broadcast
>8358662 > > dialer map ip 14.40.0.7 name router7-1750-2 broadcast
>8358662
>
>
>>>dialer watch-group 8 > > dialer-group 1 > > isdn switch-type
>>>
>>>
>basic-ni
>
>
>>>isdn spid1 0835866101 > > isdn spid2 0835866301 > >! > >interface
>>>
>>>
>FastEthernet0 > > no ip address > > speed auto > >! > >router ospf 1 > >
>log-adjacency-changes > > network 14.30.0.3 0.0.0.0 area 0 > > network
>14.40.0.0 0.0.0.255 area 0 > > network 14.70.0.0 0.0.0.255 area 0 > >
>maximum-paths 6 > >! > >ip classless > >no ip http server > >! >
>
>
>>access-list 101 deny ospf any any > >access-list 101 permit ip any any
>>
>>dialer watch-list 8 ip 15.5.5.5 255.255.255.255 > >dialer watch-list 1
>>
>>
>ip 14.37.0.7 255.255.255.255 > >dialer-list 1 protocol ip list 101 >
>
>
>>alias exec c conf t > >alias exec rb show run | begin > >alias exec ri
>>
>>
>show run | include > >! > >line con 0 > > exec-timeout 120 0 > > logging
>synchronous > > login local > >line aux 0 > >line vty 0 4 > >
>exec-timeout 120 0 > > login local > >! > >end > > > >Called router: > >
>
>
>>>router7-1750-2#sh ver > >Cisco Internetwork Operating System Software
>>>IOS (tm) C1700 Software (C1700-BNO3R2SV3Y56I-M), Version 12.1(17), >
>>>
>>>
>>RELEASE SOFTWARE (fc1) > >Copyright (c) 1986-2002 by cisco Systems,
>>
>>
>Inc.
>
>
>>>>>router7-1750-2#sh ru > >Building configuration... > > > >Current
>>>>>
>>>>>
>configuration : 1794 bytes > >! > >version 12.1 > >no service
>single-slot-reload-enable > >service timestamps debug uptime > >service
>timestamps log uptime > >no service password-encryption > >! > >hostname
>router7-1750-2 > >! > >! > >username zz privilege 15 nopassword >
>
>
>>username router4-1750-1 password 0 ipexpert > >! > >! > >! > >! >
>>memory-size iomem 25 > >ip subnet-zero > >no ip domain-lookup > >! >
>>ip
>>
>>
>audit notify log > >ip audit po max-events 100 > >ip multicast-routing >
>
>
>>isdn switch-type basic-ni > >! > >! > >! > >! > >voice-port 2/0 > >! >
>>voice-port 2/1 > >! > >! > >! > >! > >interface Loopback0 > > ip
>>
>>
>address
>14.37.0.7 255.255.255.255 > > ip ospf network point-to-point > >! >
>
>
>>interface Loopback1 > > no ip address > >! > >interface Loopback2 > >
>>
>>
>ip
>address 15.5.5.5 255.255.255.255 > >! > >interface Serial0 > > ip
>address
>14.70.0.7 255.255.255.0 > >! > >interface BRI0 > > ip address 14.40.0.7
>255.255.255.0 > > encapsulation ppp > > dialer idle-timeout 0 > > dialer
>map ip 14.40.0.4 name router4-1750-1 broadcast > > dialer-group 1 > >
>isdn switch-type basic-ni > > isdn spid1 0835866201 > > isdn spid2
>0835866401 > >! > >interface FastEthernet0 > > no ip address > > ip pim
>sparse-dense-mode > > ip ospf message-digest-key 1 md5 ipexpert > > ip
>ospf priority 0 > > ip cgmp > > speed auto > >! > >router eigrp 1 > >
>network 14.0.0.0 > > no auto-summary > > no eigrp log-neighbor-changes >
>
>
>>! > >router ospf 1 > > log-adjacency-changes > > network 14.37.0.7
>>
>>
>0.0.0.0 area 0 > > network 14.40.0.0 0.0.0.255 area 0 > > network
>14.70.0.0 0.0.0.255 area 0 > > network 15.5.5.5 0.0.0.0 area 0 > >
>network 15.15.15.15 0.0.0.0 area 0 > > default-information originate >
>
>
>>!
>>
>>
>>>no ip classless > >ip route 0.0.0.0 0.0.0.0 Loopback0 > >no ip http
>>>
>>>
>server > >! > >access-list 101 deny eigrp any any > >access-list 101
>permit ip any any > >dialer-list 1 protocol ip permit > >alias exec c
>conf t > >alias exec rb show run | begin > >alias exec ri show run |
>include > >! > >line con 0 > > exec-timeout 120 0 > > login local >
>
>
>>line
>>
>>
>aux 0 > >line vty 0 4 > > exec-timeout 120 0 > > login local > >! > >end
>
>------------------------------------------------------------------------
>
>Cricket World Cup 2003 http://server1.msn.co.in/msnspecials/worldcup03/
This archive was generated by hypermail 2.1.4 : Sat Apr 05 2003 - 08:51:32 GMT-3