From: Mathew (mathewfer@gmail.com)
Date: Wed Jan 17 2007 - 10:08:30 ART
Hi Ivan,
Thank you for the reply. Yes what you have given is a good one.
I missed one thing more in my first email. That is in my setup, I get
2 WAN connections - S0/0.1 (main) & S0/0.2 (backup). I need the router
to dial when both these WAN connections are down. I came up with the
below, tested it & all worked but I am
wondering this is a good setup to deploy on production.
As IP 2.2.2.2 is never reachable, all the routes not matched in the
routing table in R1 are LOCALLY black-holed, instead of sending them to WAN.
What is your comment on this?
I am wondering your setup can be modified as well to accomodate the S0/0.2.
Router configs:
R1:
!
!
interface Loopback1111
ip address 10.3.3.3 255.255.255.255
!
interface Tunnel1
ip address 2.2.2.1 255.255.255.252 Arbitrarily selected with /30,
this is not used in C4
keepalive 25 3
tunnel source Loopback1111
tunnel destination 1.1.1.1 - We are learning this from R2
!
interface Ethernet0
no ip address
no cdp enable
!
interface Serial0
no ip address
encapsulation frame-relay
no ip mroute-cache
no keepalive
!
interface Serial0.1 point-to-point
ip address 6.1.1.1 255.255.255.252
no cdp enable
frame-relay interface-dlci 100
!
interface Dialer1 <-------- config omitted
ip address 9.9.9.9 255.255.255.0
.
.
!
router eigrp 1
passive-interface default
no passive-interface Serial0.1
network 6.1.1.1 0.0.0.0
no auto-summary
!
ip classless
!
ip route 0.0.0.0 0.0.0.0 2.2.2.2 <--- this IP is never reachable so
"locally black-holed"
ip route 0.0.0.0 0.0.0.0 Dialer1 250
!
no ip http server
!
!
.
.
!
R1#
R2
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Ethernet0
no ip address
no cdp enable
!
interface Serial0
no ip address
encapsulation frame-relay
no ip mroute-cache
no keepalive
clockrate 125000
!
interface Serial0.1 point-to-point
ip address 6.1.1.2 255.255.255.252
no cdp enable
frame-relay interface-dlci 100
!
router eigrp 1
network 1.1.1.1 0.0.0.0
network 6.1.1.2 0.0.0.0
no auto-summary
!
.
.
!
R2#
Testing:
Under normal condition:
R1#sho ip int brie
Interface IP-Address OK? Method Status
Protocol
Dialer1 unassigned YES NVRAM up up
Ethernet0 unassigned YES NVRAM up down
Ethernet1 unassigned YES NVRAM up down
Loopback1111 10.3.3.3 YES manual up up
Serial0 unassigned YES NVRAM up up
Serial0.1 6.1.1.1 YES manual up up
Tunnel1 2.2.2.1 YES manual up up
R1#
Note Tunnel 1 is UP when IP address 1.1.1.1 is reachable.
R1#sho int tu 1
Tunnel1 is up, line protocol is up
Hardware is Tunnel
Internet address is 2.2.2.1/30
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 10.3.3.3 (Loopback1111), destination 1.1.1.1
Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
Checksumming of packets disabled, fast tunneling enabled
Last input 00:06:04, output 00:02:36, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
390 packets output, 26908 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
R1#
R1#sho ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 2.2.2.2 to network 0.0.0.0
1.0.0.0/32 is subnetted, 1 subnets
D 1.1.1.1 [90/2297856] via 6.1.1.2, 00:04:37, Serial0.1
2.0.0.0/30 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, Tunnel1
5.0.0.0/30 is subnetted, 1 subnets
C 5.1.1.0 is directly connected, Serial1
6.0.0.0/30 is subnetted, 1 subnets
C 6.1.1.0 is directly connected, Serial0.1
10.0.0.0/32 is subnetted, 1 subnets
C 10.3.3.3 is directly connected, Loopback1111
S* 0.0.0.0/0 [1/0] via 2.2.2.2
R1#ping 6.1.1.2 <----- Other end of the simulated WAN link
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/29/32 ms
R1#
R1#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/32/48 ms
R1#
R1#ping 2.2.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/8 ms
R1#
R1#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R1#
R1#tr
Protocol [ip]:
Target IP address: 64.6.6.6
Source address: 5.1.1.1
Numeric display [n]:
Timeout in seconds [3]:
Probe count [3]:
Minimum Time to Live [1]:
Maximum Time to Live [30]:
Port Number [33434]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Type escape sequence to abort.
Tracing the route to 64.6.6.6
1 * * *
2 * * *
3 * * *
4 * * *
5 *
R1#
When WAN is down & 1.1.1.1 unreachable:
When we shut the R2 of Serial 0.1, the IP - 1.1.1.1. that was learned
by IGP (EIGRP here) disappear from routing table of R1, effectively
installing the default to Dialer 1 as shown below. Here
R2#sho ip int brie
Interface IP-Address OK? Method Status
Protocol
Ethernet0 unassigned YES NVRAM up up
Ethernet1 unassigned YES NVRAM up up
Loopback0 1.1.1.1 YES NVRAM up up
Serial0 unassigned YES NVRAM up up
Serial0.1 6.1.1.2 YES manual up up
R2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R2(config)#int s 0.1
R2(config-subif)#shut
R2(config-subif)#end
R2#sho ip int brie
Interface IP-Address OK? Method Status
Protocol
Ethernet0 unassigned YES NVRAM up up
Ethernet1 unassigned YES NVRAM up up
Loopback0 1.1.1.1 YES NVRAM up up
Serial0 unassigned YES NVRAM up up
Serial0.1 6.1.1.2 YES manual administratively down down
R2#
R1#sho ip int brie
Interface IP-Address OK? Method Status
Protocol
Dialer1 unassigned YES NVRAM up up
Ethernet0 unassigned YES TFTP up down
Ethernet1 unassigned YES NVRAM up down
Loopback1111 10.3.3.3 YES manual up up
Serial0 unassigned YES NVRAM up up
Serial0.1 6.1.1.1 YES manual up up
Tunnel1 2.2.2.1 YES manual up down
R1#
R1#sho int tu 1
Tunnel1 is up, line protocol is down
Hardware is Tunnel
Internet address is 2.2.2.1/30
MTU 1514 bytes, BW 9 Kbit, DLY 500000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 10.3.3.3 (Loopback1111), destination 1.1.1.1
Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
Checksumming of packets disabled, fast tunneling enabled
Last input 01:17:57, output 00:02:08, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
388 packets output, 26708 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
R1#
R1#ping 2.2.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R1#
R1#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R1#
R1#sho ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
5.0.0.0/30 is subnetted, 1 subnets
C 5.1.1.0 is directly connected, Serial1
6.0.0.0/30 is subnetted, 1 subnets
C 6.1.1.0 is directly connected, Serial0.1
10.0.0.0/32 is subnetted, 1 subnets
C 10.3.3.3 is directly connected, Loopback1111
S* 0.0.0.0/0 is directly connected, Dialer1
R1#
R1#sho ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
Known via "static", distance 250, metric 0 (connected), candidate default path
Routing Descriptor Blocks:
* directly connected, via Dialer1
Route metric is 0, traffic share count is 1
R1#
R1#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
R1#
On 1/17/07, Ivan <ivan@iip.net> wrote:
> You must create int t100 where tunnell src/dst IP is IP from int S0/0.1. And
> make int Dialer0 backup interface for int t100. Therefore if s0/0.1 work
> correctly i.e. line protocol is up then t100 also must be up and Dialer0 will
> be in suspended state.
>
> Suppose int s0/0.1 is disconnected or down. Int tunnel100 also down such as
> src/dst ip belong ip network there isn't in FIB. And backup interface is up.
> You need to configure something like below:
>
> int s0/0.1
> ip add 1.1.1.1 255.255.255.0
>
> int t100
> ip add 100.100.100.100 255.255.255.0
> tunnel src s0/0.1
> tunnel dst 1.1.1.1
> backup interface dialer0
>
> int dialer0
>
> ip route 0.0.0.0 0.0.0.0 dialer0
> ip route 0.0.0.0 0.0.0.0 100.100.100.100
>
> Note: You don't need to tune AD in default route because only one interface
> can be up simultaneously.
>
> On Wednesday 17 January 2007 10:20, mathew Fer wrote:
> > Hello GS,
> >
> > I read the above article. Please have a look as it is very interesting one.
> >
> > URL -
> > http://www.cisco.com/web/about/ac123/ac114/downloads/packet/pdf/PK182.pdf
> >
> >
> > Now I just have 2 questions for GS.
> >
> > 1. Is the self-tunnel safe to implement?
> > 2. I have the below requirement and much appreciated if you can help
> > to come up with a suggestion based on the above configuration;
> >
> > I have a static route - "ip route 0.0.0.0 0.0.0.0 Dialer 0 30" for
> > dial backup. dynamic routes learned from IGP are in routing table with
> > specific routes with /24 etc but not the default.
> > When we send originate a packet to a destination that does not match
> > the specific routes in routing table (learned by IGP), router tries to
> > dial the back up ISDN link (configured with Dialer 0 etc). In order to
> > stop this, I have done a route - "ip route 0.0.0.0 0.0.0.0 serial
> > 0/0.1" but I want to avoid this static route to WAN link as it gets
> > congested etc. Is there a way to setup this 2nd static route to a
> > self-tunnel so that it get black-holed locally rather than sending out
> > to Serial 0/0.1 (WAN) while blocking unwanted dial ISDN calls?
> >
> > I am thinking if there is a way to get this default (set to (serial
> > 0/0.1) to an IP address configured on a self-tunnels and tunnel
> > destination being an IP address of other end of the Serial 0/0.1, it
> > should black-holed locally and when the Serial 0/0.1 is down, "ip
> > route 0.0.0.0 0.0.0.0 Dialer 0" will become active.
> >
> > Can you please help me to get this configuration clearly?
> >
> > Thanks in advance for your reply.
> > Thanks
> >
> > Mathew
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> --
> Ivan
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- ThanksMathew
This archive was generated by hypermail 2.1.4 : Thu Feb 08 2007 - 23:46:56 ART