Re: OSPF filtering from Marko Milivojevic on 2010-02-11 (Ccielab archives /201002)

From: Marko Milivojevic <markom_at_ipexpert.com>
Date: Thu, 11 Feb 2010 19:04:14 +0000
Of course, this relies on the other side responding to pings, which is
perfectly fine in the lab, but in live environments not something we
should rely on, especially when dealing wth 3rd party networks.
Pretty nice solution, though.
--
Marko Milivojevic - CCIE #18427
Senior Technical Instructor - IPexpert
Mailto: markom_at_ipexpert.com
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
R&S Video on Demand Demo: http://bit.ly/aFyrU4
On Thu, Feb 11, 2010 at 18:57, Narbik Kocharians <narbikk_at_gmail.com> wrote:
> First of all I am sorry for the long post, this is part of my NEW boot camp
> 2.0, but lab it up this thing works, we have lots of nice stuff like this.
>
> Topology:
> R1 has three F0/0 sub-interfaces configured:
>
>
>
> R1bs F0/0.11 (192.168.1.1) connects R1 to BB1bs F0/0 (192.168.1.11)
>
> R1bs F0/0.12 (192.168.2.1) connects R1 to BB2bs F0/0 (192.168.2.22)
>
> R1bs F0/0.13 (192.168.3.1) connects R1 to BB3bs F0/0 (192.168.3.33)
>
>
>
> BB1 is advertising its Lo0 (1.1.1.11/32)
>
> BB2 is advertising its Lo0 (1.1.1.22/32)
>
> BB3 is advertising its Lo0 (1.1.1.33/32)
>
>
>
> On R1
>
>
>
> R1(config)#Router ospf 1
>
> R1(config-router)#Netw 192.168.1.1 0.0.0.0 area 0
>
> R1(config-router)#Netw 192.168.2.1 0.0.0.0 area 0
>
> R1(config-router)#Netw 192.168.3.1 0.0.0.0 area 0
>
>
>
> I do that to speed up recovery:
>
>
>
> R1(config)#Int F0/0.11
>
> R1(config-subif)#IP OSPF dead-interval minimal hello-multiplier 4
>
>
>
> R1(config)#Int F0/0.12
>
> R1(config-subif)#IP OSPF dead-interval minimal hello-multiplier 4
>
>
>
> R1(config)#Int F0/0.13
>
> R1(config-subif)#IP OSPF dead-interval minimal hello-multiplier 4
>
>
>
> On BB1
>
>
>
> BB1(config)#Router ospf 1
>
> BB1(config-router)#router-id 1.1.1.11
>
> BB1(config-router)#Netw 192.168.1.11 0.0.0.0 area 0
>
> BB1(config-router)#Netw 1.1.1.11 0.0.0.0 area 0
>
>
>
> BB1(config)#int F0/0
>
> BB1(config-if)#IP OSPF dead-interval minimal hello-multiplier 4
>
>
>
> On BB2
>
>
>
> BB2(config)#Router ospf 1
>
> BB2(config-router)#router-id 1.1.1.22
>
> BB2(config-router)#Netw 1.1.1.22 0.0.0.0 area 0
>
> BB2(config-router)#Netw 192.168.2.22 0.0.0.0 area 0
>
>
>
> BB2(config)#int F0/0
>
> BB2(config-if)#IP OSPF dead-interval minimal hello-multiplier 4
>
>
>
> On BB3
>
>
>
> BB3(config)#Router ospf 1
>
> BB3(config-router)#router-id 1.1.1.33
>
> BB3(config-router)#Netw 1.1.1.33 0.0.0.0 area 0
>
> BB3(config-router)#Netw 192.168.3.33 0.0.0.0 area 0
>
>
>
> BB3(config)#int F0/0
>
> BB3(config-if)#IP OSPF dead-interval minimal hello-multiplier 4
>
>
>
> To verify the configuration:
>
>
>
> On R1
>
>
>
> R1#Show ip ospf neighbor
>
>
>
> Neighbor IDB B B B  PriB B  StateB B B B B B B B B B  Dead TimeB B  AddressB B B B B B B B  Interface
>
> 1.1.1.33B B B B B B B B B  1B B  FULL/DRB B B B B B B B  776 msecB B B  192.168.3.33
> FastEthernet0/0.14
>
> 1.1.1.22B B B B B B B B B  1B B  FULL/DRB B B B B B B B  816 msecB B B  192.168.2.22
> FastEthernet0/0.13
>
> 1.1.1.11B B B B B B B B B  1B B  FULL/DRB B B B B B B B  900 msecB B B  192.168.1.11
> FastEthernet0/0.12
>
> 1.1.1.3B B B B B B B B B B  0B B  FULL/B  -B B B B B B B  00:00:37B B B  100.1.1.3B B B B B B  Serial0/1
>
>
>
> R1#Show ip route ospf | Inc O
>
>
>
> OB B B B B B  1.1.1.11 [110/2] via 192.168.1.11, 00:04:23, FastEthernet0/0.11
>
> OB B B B B B  1.1.1.22 [110/2] via 192.168.2.22, 00:04:13, FastEthernet0/0.12
>
> OB B B B B B  1.1.1.33 [110/2] via 192.168.3.33, 00:00:55, FastEthernet0/0.13
>
>
>
> To configure the policy:
>
>
>
> On R1
>
>
>
> R1(config)#Int F0/0.12
>
> R1(config-subif)#IP OSPF Network Non-Broadcast
>
>
>
> R1(config-subif)#Int F0/0.13
>
> R1(config-subif)#IP OSPF Network Non-Broadcast
>
>
>
> R1(config-subif)#Int F0/0.14
>
> R1(config-subif)#IP OSPF Network Non-Broadcast
>
>
>
> R1(config)#Router ospf 1
>
> R1(config-router)#Neighbor 192.168.1.11
>
> R1(config-router)#Neighbor 192.168.2.22
>
> R1(config-router)#Neighbor 192.168.3.33
>
>
>
> On BB1, BB2 and BB3
>
>
>
> Rx(config)#Int F0/0
>
> Rx(config-subif)#IP OSPF Network Non-Broadcast
>
>
>
> To verify the configuration:
>
>
>
> On R1
>
>
>
> R1#Show ip ospf neighbor
>
>
>
> Neighbor IDB B B B  PriB B  StateB B B B B B B B B B  Dead TimeB B  AddressB B B B B B B B  Interface
>
> 1.1.1.33B B B B B B B B B  1B B  FULL/BDRB B B B B B B  888 msecB B B  192.168.3.33
> FastEthernet0/0.14
>
> 1.1.1.22B B B B B B B B B  1B B  FULL/BDRB B B B B B B  904 msecB B B  192.168.2.22
> FastEthernet0/0.13
>
> 1.1.1.11B B B B B B B B B  1B B  FULL/BDRB B B B B B B  888 msecB B B  192.168.1.11
> FastEthernet0/0.12
>
> 1.1.1.3B B B B B B B B B B  0B B  FULL/B  -B B B B B B B  00:00:37B B B  100.1.1.3B B B B B B  Serial0/1
>
>
> To configure the policy:
>
>
> On R1
>
>
>
> R1(config)#Access-list 102 permit ospf host 192.168.2.1 host 192.168.2.22
>
> R1(config)#Access-list 103 permit ospf host 192.168.3.1 host 192.168.3.33
>
>
>
> R1(config)#IP SLA Monitor 11
>
> R1(config-rtr)#type echo protocol ipicmpecho 192.168.1.11 source-ipaddr
> 192.168.1.1
>
> R1(config-rtr-echo)#Freq 5
>
>
>
> R1(config)#IP SLA schedule 11 start now life forever
>
>
>
> R1(config)#Track 1 rtr 11 reachability
>
> R1(config-track)#delay down 3
>
> R1(config-track)#delay up 3
>
>
>
> R1(config)#IP SLA Monitor 12
>
> R1(config-rtr)#type echo protocol ipicmpecho 192.168.2.22 source-ipaddr
> 192.168.2.1
>
> R1(config-rtr-echo)#Freq 5
>
>
>
> R1(config)#IP SLA schedule 12 start now life forever
>
>
>
> R1(config)#Track 2 rtr 12 reachability
>
> R1(config-track)#delay down 3
>
> R1(config-track)#delay up 3
>
>
>
> 1(config)#Route-map TST permit 10
>
> R1(config-route-map)#match ip addr 102 103
>
> R1(config-route-map)#set ip next-hop verify-availability 192.168.1.11 1
> track 1
>
> R1(config-route-map)#set ip next-hop verify-availability 192.168.2.22 2
> track 2
>
>
>
> R1(config)#ip local policy route-map TST
>
>
>
> To verify the configuration:
>
>
>
> On R1
>
>
>
> R1#Show ip ospf neighbor
>
>
>
> Neighbor IDB B B B  PriB B  StateB B B B B B B B B B  Dead TimeB B  AddressB B B  B B B B B Interface
>
> N/AB B B B B B B B B B B B B B  0B B  ATTEMPT/DROTHERB B B  -B B B B B B B  192.168.3.33
> FastEthernet0/0.14
>
> N/AB B B B B B B B B B B B B B  0B B  ATTEMPT/DROTHERB B B  -B B B B B B B  192.168.2.22
> FastEthernet0/0.13
>
> 1.1.1.11B B B B B B B B B  1B B  FULL/BDRB B B B B B B  920 msecB B B  192.168.1.11
> FastEthernet0/0.12
>
> 1.1.1.3B B B B B B B B B B  0B B  FULL/B  -B B B B B B B  00:00:36B B B  100.1.1.3B B B B B B  Serial0/1
>
>
>
> To test the configuration:
>
>
>
> On BB1
>
>
>
> BB1(config)#Int F0/0
>
> BB1(config-if)#Shut
>
>
>
> On R1
>
>
>
> You should see the following console message:
>
>
>
> %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.11 on FastEthernet0/0.12 from FULL to
> DOWN, Neighbor Down: Dead timer expired
>
>
>
> %TRACKING-5-STATE: 1 rtr 11 reachability Up->Down
>
>
>
> %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.22 on FastEthernet0/0.13 from LOADING
> to FULL,
>
>
>
> Loading Done
>
>
>
> R1#Show ip ospf neighbor
>
>
>
> Neighbor IDB B B B  PriB B  StateB B B B B B B B B B  Dead TimeB B  AddressB B B B B B B B  Interface
>
> N/AB B B B B B B B B B B B B B  0B B  ATTEMPT/DROTHERB B B  -B B B B B B B  192.168.3.33
> FastEthernet0/0.14
>
> 1.1.1.22B B B B B B B B B  1B B  FULL/DRB B B B B B B B  876 msecB B B  192.168.2.22
> FastEthernet0/0.13
>
> N/AB B  B B B B B B B B B B B B 0B B  ATTEMPT/DROTHERB B B  -B B B B B B B  192.168.1.11
> FastEthernet0/0.12
>
> 1.1.1.3B B B B B B B B B B  0B B  FULL/B  -B B B B B B B  00:00:30B B B  100.1.1.3B B B B B B  Serial0/1
>
>
>
> On BB2
>
>
>
> BB2(config)#int f0/0
>
> BB2(config-if)#Shut
>
>
>
> On R1
>
>
>
> R1#Show ip ospf neighbor
>
>
>
> Neighbor IDB B B B  PriB B  StateB B B B B B B B B B  Dead TimeB B  AddressB B B B B B B B  Interface
>
> 1.1.1.33B B B B B B B B B  1B B  FULL/DRB B B B B B B B  996 msecB B B  192.168.3.33
> FastEthernet0/0.14
>
> N/AB B B B B B B B B B B B B B  0B B  ATTEMPT/DROTHERB B B  -B B B B B B B  192.168.2.22
> FastEthernet0/0.13
>
> N/AB B B B B B B B B B B B B B  0B B  ATTEMPT/DROTHERB B B  -B B B B B B B  192.168.1.11
> FastEthernet0/0.12
>
> 1.1.1.3B B B B B B B B B B  0B B  FULL/B  -B B B B B B B  00:00:32B B B  100.1.1.3B B B B B B  Serial0/1
>
>
>
> To test the failover:
>
>
>
> On BB2
>
>
>
> BB2(config)#Int F0/0
>
> BB2(config-if)#NO Shut
>
>
>
> On R1
>
>
>
> You should see the following console messages:
>
>
>
> %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.22 on FastEthernet0/0.13 from LOADING
> to FULL, Loading Done
>
>
>
> %TRACKING-5-STATE: 2 rtr 12 reachability Down->Up
>
>
>
> %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.33 on FastEthernet0/0.14 from FULL to
> DOWN, Neighbor Down: Dead timer expired
>
>
>
> R1#Show ip ospf neighbor
>
>
>
> Neighbor IDB B B B  PriB B  StateB B B B B B B B B B  Dead TimeB B  AddressB B B B B B B B  Interface
>
> N/AB B B B B B B B B B B B B B  0B B  ATTEMPT/DROTHERB B B  -B B B B B B B  192.168.3.33
> FastEthernet0/0.14
>
> 1.1.1.22B B B B B B B B B  1B B  FULL/DRB B B B B B B B  940 msecB B B  192.168.2.22
> FastEthernet0/0.13
>
> N/AB B B B B B B B B B B B B B  0B B  ATTEMPT/DROTHERB B B  -B B B B B B B  192.168.1.11
> FastEthernet0/0.12
>
> 1.1.1.3B B B B B B B B B B  0B B  FULL/B  -B B B B B B B  00:00:33B B B  100.1.1.3B B B B B B  Serial0/1
>
>
>
> On BB1
>
>
>
> BB1(config)#Int F0/0
>
> BB1(config-if)#NO Shut
>
>
>
> On R1
>
>
>
> You should see the following console messages:
>
>
>
> %TRACKING-5-STATE: 1 rtr 11 reachability Down->Up
>
>
>
> %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.22 on FastEthernet0/0.13 from FULL to
> DOWN, Neighbor Down: Dead timer expired
>
>
>
> %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.11 on FastEthernet0/0.12 from LOADING
> to FULL, Loading Done
>
>
>
> R1#Show ip ospf neighbor
>
>
>
> Neighbor IDB B B B  PriB B  StateB B B B B B B B B B  Dead TimeB B  AddressB B B B B B B B  Interface
>
> N/AB B B B B B B B B B B B B B  0B B  ATTEMPT/DROTHERB B B  -B B B B B B B  192.168.3.33
> FastEthernet0/0.14
>
> N/AB B B B B  B B B B B B B B B 0B B  ATTEMPT/DROTHERB B B  -B B B B B B B  192.168.2.22
> FastEthernet0/0.13
>
> 1.1.1.11B B B B B B B B B  1B B  FULL/DRB B B B B B B B  772 msecB B B  192.168.1.11
> FastEthernet0/0.12
>
> 1.1.1.3B B B B B B B B B B  0B B  FULL/B  -B B B B B B B  00:00:37B B B  100.1.1.3B B B B B B  Serial0/1
>
>
>
>
>
> I hope this helped.
>
> On Thu, Feb 11, 2010 at 10:14 AM, Marko Milivojevic <markom_at_ipexpert.com>
> wrote:
>>
>> On Thu, Feb 11, 2010 at 18:11, Ivan Hrvatska <ivanzghr_at_gmail.com> wrote:
>> > Yes, I considered debug on reboot, so I made one event applet that
>> > turns ON that debugging if it gets syslog msg of reboot. Tested it,
>> > and it works.
>>
>> You are talking "programming routers" into whole new level, aren't you?
>> :-)
>>
>> > Narbik, I think that your idea would work. How to do it? :)
>>
>> I'm also rather curious about that. I've never heard of such feature,
>> but it does sound like something that would solve your issues...
>>
>> --
>> Marko Milivojevic - CCIE #18427
>> Senior Technical Instructor - IPexpert
>>
>> Mailto: markom_at_ipexpert.com
>> Telephone: +1.810.326.1444
>> Fax: +1.810.454.0130
>> R&S Video on Demand Demo: http://bit.ly/aFyrU4
>
>
>
> --
> Narbik Kocharians
> CCSI#30832, CCIE# 12410 (R&S, SP, Security)
> www.MicronicsTraining.com
> Sr. Technical Instructor
> YES! We take Cisco Learning Credits!
> Training And Remote Racks available
Blogs and organic groups at http://www.ccie.net
Received on Thu Feb 11 2010 - 19:04:14 ART
This archive was generated by hypermail 2.2.0 : Mon Mar 01 2010 - 06:28:35 ART