From: tan (tan@dia.janis.or.jp)
Date: Wed Mar 05 2003 - 20:58:39 GMT-3
Brian, this crushes my understanding of the relationship between maps and
dialer watch. Arghh. But thank you for taking the time to write extensively!
Marc
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Gerry Hilton
> Sent: Thursday, March 06, 2003 1:40 AM
> To: Brian Dennis
> Cc: ccielab@groupstudy.com
> Subject: Re: Dialer watch - BRI interface won't go down when
> primary is
> back up
>
>
> Thanks for the great explanation!
>
> Gerry
>
> Brian Dennis wrote:
>
> >This is a two part e-mail ;-) I'll do a full tech write-up
> in the next
> >couple days covering dialer watch and its caveats but for now this
> >e-mail should explain the original problem and why a dialer string
> >overcame the problem but didn't really fix the problem.
> >
> ><Part_1>
> >The problem with his original dialer watch solution was that he was
> >watching a /32 route. Theoretically this shouldn't be a problem and
> >Cisco doesn't give any warnings about watching a /32 route
> with dialer
> >maps at least that I've seen. But if you look at how the
> dialer map also
> >puts a /32 connected route in the routing table once the
> ISDN interface
> >becomes active you can see the issue. Dialer watch in the
> original case
> >was watching a /32 route and when it was "lost" it triggered
> the dialer
> >watch to make the call. So far no problem but once the ISDN interface
> >became active the router put a /32 connected route for the
> dialer map in
> >its routing table. This means that the dynamic route once it
> comes back
> >will have a higher administrative distance then the route
> installed for
> >the dialer map (connected /32).
> >
> >Below is the debug output (debug dialer and debug ip routing) from a
> >router that is watching the 1.1.1.0/24 subnet. (If you would
> like to see
> >the full configs of each side send me an e-mail)
> >
> >Rack4R4#
> >03:01:18: RT: del 1.1.1.0/24 via 172.16.1.5, ospf metric [110/65]
> >03:01:18: RT: delete subnet route to 1.1.1.0/24
> >03:01:18: DDR: Dialer Watch: watch-group = 1
> >03:01:18: DDR: network 1.1.1.0/255.255.255.0 DOWN,
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >03:01:18: DDR: primary DOWN
> >03:01:18: DDR: Dialer Watch: Dial Reason: Primary of group 1 DOWN
> >03:01:18: DDR: Dialer Watch: watch-group = 1,
> >03:01:18: DDR: dialing secondary by dialer map 1.1.1.0 on BR0/0
> >03:01:18: BR0/0 DDR: Attempting to dial 5272045
> >03:01:18: RT: delete network route to 1.0.0.0
> >03:01:23: %LINK-3-UPDOWN: Interface BRI0/0:2, changed state to up
> >03:01:23: BR0/0:2 DDR: Dialer Watch: resetting call in progress
> >03:01:23: BR0/0:2 DDR: dialer protocol up
> >03:01:23: is_up: 1 state: 4 sub state: 1 line: 0
> >03:01:23: RT: add 1.1.1.0/32 via 0.0.0.0, connected metric [0/0]
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> >03:01:24: %LINEPROTO-5-UPDOWN: Line protocol on Interface BRI0/0:2,
> >changed state to up
> >Rack4R4#
> >03:01:29: %ISDN-6-CONNECT: Interface BRI0/0:2 is now connected to
> >5272045
> >Rack4R4#sho ip rout
> >Codes: C - connected, S - static, I - IGRP, R - RIP, M -
> mobile, B - BGP
> > D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF
> inter area
> > N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
> > E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
> > i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS
> >inter area
> > * - candidate default, U - per-user static route, o - ODR
> > P - periodic downloaded static route
> >
> >Gateway of last resort is not set
> >
> > 1.0.0.0/32 is subnetted, 1 subnets
> >C 1.1.1.0 is directly connected, BRI0/0
> > 172.16.0.0/24 is subnetted, 1 subnets
> >C 172.16.1.0 is directly connected, Serial0/0
> > 10.0.0.0/24 is subnetted, 1 subnets
> >C 10.1.1.0 is directly connected, BRI0/0
> >Rack4R4#
> >
> >As you can see the router is watching the 1.1.1.0/24 network but a
> >connected route to 1.1.1.0/32 is put in the routing table
> matching the
> >dialer map. This isn't a problem because when the 1.1.1.0/24
> route comes
> >back up the router can install it in its routing table. But if the
> >watched route is a /32 learned via a dynamic routing protocol it will
> >not get installed in the routing table due to the fact the dialer map
> >route is also a /32 and it has an administrative distance of 0.
> ></Part_1>
> >
> ><Part_2>
> >There is no need for a dialer-map if a dialer string is
> being used. Let
> >me explain the reasoning.
> >
> >You can create two types of interfaces with ISDN, multipoint and
> >point-to-point. With multipoint you can have more than one
> remote site
> >connected to an interface at a time. With point-to-point you can only
> >have one remote site connected to an interface at a time.
> There isn't a
> >command with ISDN that says an interface will be multipoint or
> >point-to-point. It's determined by how the interface is configured.
> >
> >When dialer maps are used the interface is treated as
> multipoint. This
> >enables more than one remote site to be connected to the interface at
> >the same time. This also means that mappings are needed for
> layer three
> >(IP address) to layer two (ISDN Phone Number) associations just like
> >with Frame-relay and ATM multipoint interfaces (physical
> interfaces and
> >multipoint subinterfaces) assuming no form of ARP is being used. When
> >using an ISDN multipoint interface with dialer watch, a mapping is
> >needed for the watched network.
> >
> >When dialer strings are used the interface is treated as
> point-to-point.
> >This of course means that there can only be one remote site
> connected to
> >the interface at a given time. With point-to-point interfaces there
> >isn't a need for layer three (IP address) to layer two (ISDN Phone
> >Number) associations because all layer three destinations
> are assumed to
> >reachable via the one layer two address. This is exactly the same as
> >with Frame-relay and ATM point-to-point subinterfaces. When using an
> >ISDN point-to-point interface with dialer watch, only the "dialer
> >watch-group" command is needed. If the watched route defined in the
> >global configuration is "lost" the dialer watch is triggered and the
> >dialer string is called.
> ></Part_2>
> >
> >Brian Dennis, CCIE #2210 (R&S/ISP Dial/Security)
> >brian@labforge.com
> >http://www.labforge.com
> >
> >
> >
> >-----Original Message-----
> >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]
> On Behalf Of
> >kasturi cisco
> >Sent: Tuesday, March 04, 2003 2:08 PM
> >To: gerry.hilton@rogers.com
> >Cc: ccielab@groupstudy.com
> >Subject: Re: Dialer watch - BRI interface won't go down when
> primary is
> >back up
> >
> >Gerry,
> >
> >I am surprised how it works without the dialer map statement for the
> >watched route, bcoz when i have tried it does not work
> without it ? Are
> >there any situations where this should be used Vs not used.
> when i did
> >it
> >worked only after adding the additonal dialer map.
> >
> >Can anyone add some expert comments on this.
> >
> >Thanks,
> >
> >Good Luck,[IMAGE]
> >Kasturi.
> >
> >
> >
> >>From: Gerry Hilton >Reply-To: Gerry Hilton >To: adz >CC:
> >Subject: Re:
> >>
> >>
> >Dialer watch - BRI interface won't go down when primary is back up
> >
> >
> >>Date:
> >>
> >>
> >Tue, 04 Mar 2003 14:27:14 -0500 > >Thanks! Your suggestion
> did work. The
> >reason that I included the >dialer map statement for the
> watched route
> >is
> >that is what my Solie book >plus the Cisco CD said to do.
> For example,
> >the following is an excerpt >from the Cisco CD: > >interface
> BRI0 > ip
> >address 172.20.10.2 255.255.255.0 >!IP address for the BRI interface
> >(backup link). > encapsulation ppp > dialer idle-timeout 30 >!Idle
> >timeout(in seconds)for this backup link. >!Dialer watch checks the
> >status
> >of the primary link every time the >!idle-timeout expires. > dialer
> >watch-disable 15 >!Delays disconnecting the backup interface for 15
> >seconds after the >!primary interface is found to be up. >
> dialer map ip
> >172.20.10.1 name maui-nas-05 broadcast 5551111 >!Dialer map
> for the BRI
> >interface of the remote router. >* dialer map ip 172.22.53.0 name
> >maui-nas-05 broadcast 5551111 >!Map statement for the route/network
> >being
> >watched by the >!dialer watch-list command. >!This address
> must exactly
> >match the network configured with the >!dialer watch-list command.
> >
> >
> >>!When
> >>
> >>
> >the watched route disappears, this dials the specified phone
> number.* >
> >dialer watch-group 8 >!Enable Dialer Watch on this backup interface.
> >
> >
> >>!Watch the route specified with dialer watch-list 8. >
> dialer-group 1
> >>!Apply interesting traffic defined in dialer-list 1. > isdn
> switch-type
> >>
> >>
> >basic-ni > isdn spid1 51255522220101 5552222 > isdn spid2
> 51255522230101
> >5552223 > ppp authentication chap >!Use chap authentication.
> > >I'm very
> >grateful for your help! > >Gerry > >adz wrote: > > >Hi, > >
> > >I'ma bit
> >confused as to why you have a dialer map statment for
> 15.5.5.5, > >the
> >problem in having this, is that the router asumes that this
> address is >
> >
> >
> >>owned by the remote router. > > > >the dialer watch method
> will cause
> >>
> >>
> >your router to dial, if the route is > >missing, you don't need the
> >extra
> >dialer map. > > > >consider the following: > >interface BRI0 > > ip
> >address 14.40.0.4 255.255.255.0 > > encapsulation ppp > > dialer
> >idle-timeout 10 > > dialer watch-disable 2 > > dialer string
> 8358662 > >
> >dialer watch-group 8 > > dialer-group 1 > > isdn switch-type
> basic-ni >
> >
> >
> >isdn spid1 0835866101 > > isdn spid2 0835866301 > >! > > >
> >this should
> >make it work ok > > > > > >-----Original Message----- > >From:
> >nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of >
> >
> >
> >>Gerry
> >>
> >>
> >Hilton > >Sent: 04 March 2003 18:22 > >To: ccielab@groupstudy.com >
> >
> >
> >>Subject: Dialer watch - BRI interface won't go down when primary is
> >>
> >>
> >back
> >
> >
> >>>up > > > > > >Hi. I know this issue has been raised before as I
> >>>
> >>>
> >searched the > >archives. However, I did not find a solution
> that solves
> >the problem > >that I am seeing. > > > >The problem is that the BRI
> >interface will not drop after the primary > >interface goes
> back up, as
> >it thinks that the primary is still down (as > >indicated by debug
> >dialer). I believe this has to do with the way that > >the
> routing table
> >changes after the primary interface is shut down. > >
> Instead of showing
> >as via OSPF or EIGRP, it shows as directley > >connected to BRI0.
> >Bringing the primary interface up again doesn't > >change
> this. The only
> >way to fix this is to shut down BRI0, which > >causes the
> routing table
> >to change and then dialer debug shows the > >primary as up
> again. > > >
> >
> >
> >>The version on each router is Version 12.1(17) > >. >
> >Thanks for any
> >>
> >>
> >help, > > Gerry > > > >Details and config follow: > > > >The
> route being
> >watched is 15.5.5.5. It has the appropriate map > >statement
> under BRI0.
> >The primary is S0. > > > > > >router4-1750-1#sh ip route >
> >Codes: C -
> >connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP > > D -
> >EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area >
> > N1 - OSPF
> >NSSA external type 1, N2 - OSPF NSSA external type 2 > > E1 - OSPF
> >external type 1, E2 - OSPF external type 2, E - EGP > > i -
> IS-IS, L1 -
> >IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS > >inter area > > * -
> >candidate default, U - per-user static route, o - ODR > > P
> - periodic
> >downloaded static route > > > >Gateway of last resort is 14.70.0.7 to
> >network 0.0.0.0 > > > > 14.0.0.0/8 is variably subnetted, 4
> subnets, 2
> >masks > >C 14.30.0.4/32 is directly connected, Loopback0 > >C
> >14.40.0.0/24 is directly connected, BRI0 > >O 14.37.0.7/32
> [110/2] via
> >14.70.0.7, 00:02:01, Serial0 > >C 14.70.0.0/24 is directly connected,
> >Serial0 > > 15.0.0.0/32 is subnetted, 1 subnets > >O 15.5.5.5 [110/2]
> >via
> >14.70.0.7, 00:02:01, Serial0 > >O*E2 0.0.0.0/0 [110/1] via 14.70.0.7,
> >00:02:01, Serial0 > > > >Once S0 is shut down, the routing
> table changes
> >and remains in this > >state even when S0 is brought back up: > > >
> >
> >
> >>router4-1750-1#sh ip route > >Codes: C - connected, S - static, I -
> >>
> >>
> >IGRP, R - RIP, M - mobile, B - BGP > > D - EIGRP, EX - EIGRP
> external, O
> >- OSPF, IA - OSPF inter area > > N1 - OSPF NSSA external type 1, N2 -
> >OSPF NSSA external type 2 > > E1 - OSPF external type 1, E2 - OSPF
> >external type 2, E - EGP > > i - IS-IS, L1 - IS-IS level-1,
> L2 - IS-IS
> >level-2, ia - IS-IS > >inter area > > * - candidate default, U -
> >per-user
> >static route, o - ODR > > P - periodic downloaded static route > > >
> >
> >
> >>Gateway of last resort is not set > > > > 14.0.0.0/8 is variably
> >>
> >>
> >subnetted, 2 subnets, 2 masks > >C 14.30.0.4/32 is directly
> connected,
> >Loopback0 > >C 14.40.0.0/24 is directly connected, BRI0 > >
> 15.0.0.0/32
> >is subnetted, 1 subnets > >C 15.5.5.5 is directly connected, BRI0 >
> >
> >
> >>router4-1750-1# > > > >debug dialer event and debug dialer
> packet shows
> >>
> >>
> >the primary as down > >even when S0 is brought up: > > >
> >
> >
> >>router4-1750-1#
> >>
> >>
> >>>*Mar 2 05:40:44: %OSPF-5-ADJCHG: Process 1, Nbr 14.37.0.7
> on Serial0
> >>>
> >>>
> >>from LOADING to FULL, Loading Done > >router4-1750-1# >
> >1d05h: BR0:1
> >DDR: idle timeout > >1d05h: DDR: Dialer Watch: watch-group =
> 8 > >1d05h:
> >DDR: network 15.5.5.5/255.255.255.255 UP, > >1d05h: DDR:
> primary DOWN >
> >
> >
> >>router4-1750-1# > >1d05h: BR0 DDR: ip (s=14.40.0.4, d=224.0.0.5), 64
> >>
> >>
> >bytes, outgoing > >uninteresting (list 101) > >1d05h: BR0
> DDR: sending
> >broadcast to ip 15.5.5.5 > >1d05h: BR0 DDR: sending broadcast to ip
> >14.40.0.7 -- succeeded > >router4-1750-1# > >1d05h: BR0:1 DDR: idle
> >timeout > >1d05h: DDR: Dialer Watch: watch-group = 8 > >1d05h: DDR:
> >network 15.5.5.5/255.255.255.255 UP, > >1d05h: DDR: primary DOWN >
> >
> >
> >>router4-1750-1# > >1d05h: BR0 DDR: ip (s=14.40.0.4, d=224.0.0.5), 64
> >>
> >>
> >bytes, outgoing > >uninteresting (list 101) > >1d05h: BR0
> DDR: sending
> >broadcast to ip 15.5.5.5 > >1d05h: BR0 DDR: sending broadcast to ip
> >14.40.0.7 -- succeeded > >router4-1750-1# > > > >Manually
> shutting down
> >BRI0 results in the primary (S0) being shown as > >up,
> although it was
> >already: > > > >1d05h: BR0:1 DDR: disconnecting call > >1d05h: DDR:
> >Dialer Watch: watch-group = 8 > >1d05h: DDR: network
> >15.5.5.5/255.255.255.255 UP, > >1d05h: DDR: primary UP > >*Mar 2
> >05:41:30: %LINK-3-UPDOWN: Interface BRI0:2, changed state to down >
> >
> >
> >>1d05h: BR0:2 DDR: disconnecting call > >1d05h: DDR: Dialer Watch:
> >>
> >>
> >watch-group = 8 > >1d05h: DDR: network 15.5.5.5/255.255.255.255 UP, >
> >
> >
> >>1d05h: DDR: primary UP > >*Mar 2 05:41:31: %LINEPROTO-5-UPDOWN: Line
> >>
> >>
> >protocol on Interface > >BRI0:1, changed state to down > > >
> >Configs: >
> >
> >
> >>>>Calling router: > > > >router4-1750-1#sh ver > >Cisco Internetwork
> >>>>
> >>>>
> >Operating System Software > >IOS (tm) C1700 Software
> >(C1700-BNO3R2SV3Y56I-M), Version 12.1(17), > >RELEASE
> SOFTWARE (fc1) > >
> >
> >
> >>>>>router4-1750-1#sh ru > >Building configuration... > > > >Current
> >>>>>
> >>>>>
> >configuration : 1722 bytes > >! > >version 12.1 > >no service
> >single-slot-reload-enable > >service timestamps debug uptime
> > >service
> >timestamps log datetime > >no service password-encryption > >! >
> >
> >
> >>hostname router4-1750-1 > >! > >logging buffered 10000
> debugging > >! >
> >>username zz privilege 15 nopassword > >username
> router7-1750-2 password
> >>
> >>
> >0 ipexpert > >! > >! > >! > >! > >memory-size iomem 25 > >ip
> subnet-zero
> >
> >
> >>>no ip domain-lookup > >! > >ip audit notify log > >ip audit po
> >>>
> >>>
> >max-events 100 > >ip multicast-routing > >isdn switch-type
> basic-ni > >!
> >
> >
> >>>! > >! > >! > >voice-port 2/0 > >! > >voice-port 2/1 > >!
> > >! > >! >
> >>>
> >>>
> >>! > >interface Loopback0 > > ip address 14.30.0.4
> 255.255.255.255 > >
> >>
> >>
> >ip
> >ospf network point-to-point > >! > >interface Loopback1 > > no ip
> >address
> >
> >
> >>>! > >interface Serial0 > > ip address 14.70.0.4 255.255.255.0 > >
> >>>
> >>>
> >clockrate 148000 > >! > >interface BRI0 > > ip address 14.40.0.4
> >255.255.255.0 > > encapsulation ppp > > dialer idle-timeout 10 > >
> >dialer
> >watch-disable 2 > > dialer map ip 15.5.5.5 name
> router7-1750-2 broadcast
> >8358662 > > dialer map ip 14.40.0.7 name router7-1750-2 broadcast
> >8358662
> >
> >
> >>>dialer watch-group 8 > > dialer-group 1 > > isdn switch-type
> >>>
> >>>
> >basic-ni
> >
> >
> >>>isdn spid1 0835866101 > > isdn spid2 0835866301 > >! > >interface
> >>>
> >>>
> >FastEthernet0 > > no ip address > > speed auto > >! >
> >router ospf 1 > >
> >log-adjacency-changes > > network 14.30.0.3 0.0.0.0 area 0 >
> > network
> >14.40.0.0 0.0.0.255 area 0 > > network 14.70.0.0 0.0.0.255 area 0 > >
> >maximum-paths 6 > >! > >ip classless > >no ip http server > >! >
> >
> >
> >>access-list 101 deny ospf any any > >access-list 101 permit
> ip any any
> >>
> >>dialer watch-list 8 ip 15.5.5.5 255.255.255.255 > >dialer
> watch-list 1
> >>
> >>
> >ip 14.37.0.7 255.255.255.255 > >dialer-list 1 protocol ip list 101 >
> >
> >
> >>alias exec c conf t > >alias exec rb show run | begin >
> >alias exec ri
> >>
> >>
> >show run | include > >! > >line con 0 > > exec-timeout 120 0
> > > logging
> >synchronous > > login local > >line aux 0 > >line vty 0 4 > >
> >exec-timeout 120 0 > > login local > >! > >end > > > >Called
> router: > >
> >
> >
> >>>router7-1750-2#sh ver > >Cisco Internetwork Operating
> System Software
> >>>IOS (tm) C1700 Software (C1700-BNO3R2SV3Y56I-M), Version
> 12.1(17), >
> >>>
> >>>
> >>RELEASE SOFTWARE (fc1) > >Copyright (c) 1986-2002 by cisco Systems,
> >>
> >>
> >Inc.
> >
> >
> >>>>>router7-1750-2#sh ru > >Building configuration... > > > >Current
> >>>>>
> >>>>>
> >configuration : 1794 bytes > >! > >version 12.1 > >no service
> >single-slot-reload-enable > >service timestamps debug uptime
> > >service
> >timestamps log uptime > >no service password-encryption > >!
> > >hostname
> >router7-1750-2 > >! > >! > >username zz privilege 15 nopassword >
> >
> >
> >>username router4-1750-1 password 0 ipexpert > >! > >! > >! > >! >
> >>memory-size iomem 25 > >ip subnet-zero > >no ip domain-lookup > >! >
> >>ip
> >>
> >>
> >audit notify log > >ip audit po max-events 100 > >ip
> multicast-routing >
> >
> >
> >>isdn switch-type basic-ni > >! > >! > >! > >! > >voice-port
> 2/0 > >! >
> >>voice-port 2/1 > >! > >! > >! > >! > >interface Loopback0 > > ip
> >>
> >>
> >address
> >14.37.0.7 255.255.255.255 > > ip ospf network point-to-point > >! >
> >
> >
> >>interface Loopback1 > > no ip address > >! > >interface
> Loopback2 > >
> >>
> >>
> >ip
> >address 15.5.5.5 255.255.255.255 > >! > >interface Serial0 > > ip
> >address
> >14.70.0.7 255.255.255.0 > >! > >interface BRI0 > > ip
> address 14.40.0.7
> >255.255.255.0 > > encapsulation ppp > > dialer idle-timeout
> 0 > > dialer
> >map ip 14.40.0.4 name router4-1750-1 broadcast > > dialer-group 1 > >
> >isdn switch-type basic-ni > > isdn spid1 0835866201 > > isdn spid2
> >0835866401 > >! > >interface FastEthernet0 > > no ip address
> > > ip pim
> >sparse-dense-mode > > ip ospf message-digest-key 1 md5
> ipexpert > > ip
> >ospf priority 0 > > ip cgmp > > speed auto > >! > >router eigrp 1 > >
> >network 14.0.0.0 > > no auto-summary > > no eigrp
> log-neighbor-changes >
> >
> >
> >>! > >router ospf 1 > > log-adjacency-changes > > network 14.37.0.7
> >>
> >>
> >0.0.0.0 area 0 > > network 14.40.0.0 0.0.0.255 area 0 > > network
> >14.70.0.0 0.0.0.255 area 0 > > network 15.5.5.5 0.0.0.0 area 0 > >
> >network 15.15.15.15 0.0.0.0 area 0 > > default-information
> originate >
> >
> >
> >>!
> >>
> >>
> >>>no ip classless > >ip route 0.0.0.0 0.0.0.0 Loopback0 > >no ip http
> >>>
> >>>
> >server > >! > >access-list 101 deny eigrp any any > >access-list 101
> >permit ip any any > >dialer-list 1 protocol ip permit > >alias exec c
> >conf t > >alias exec rb show run | begin > >alias exec ri show run |
> >include > >! > >line con 0 > > exec-timeout 120 0 > > login local >
> >
> >
> >>line
> >>
> >>
> >aux 0 > >line vty 0 4 > > exec-timeout 120 0 > > login local
> > >! > >end
> >
> >-------------------------------------------------------------
> -----------
> >
> >Cricket World Cup 2003
> http://server1.msn.co.in/msnspecials/worldcup03/
This archive was generated by hypermail 2.1.4 : Sat Apr 05 2003 - 08:51:33 GMT-3