Re: OSPF filtering from Ivan Hrvatska on 2010-02-15 (Ccielab archives /201002)

From: Ivan Hrvatska <ivanzghr_at_gmail.com>
Date: Mon, 15 Feb 2010 13:58:18 +0100

Narbik, you have 3 BB routers that are connected to R1. You have two
SLAs where R1 pings BB1 and BB2. That SLAs are tracked and used in
route-map TST. Route-map TST sets next hop on R1. Condition is ACL 102
and 103 which matches ospf traffic between routers R1-BB2 and R1-BB3.
What exactly this route-map does in combination with local PBR?

On Thu, Feb 11, 2010 at 7:57 PM, Narbik Kocharians <narbikk_at_gmail.com> wrote:
> First of all I am sorry for the long post, this is part of my NEW boot camp
> 2.0, but lab it up this thing works, we have lots of nice stuff like this.
>
> Topology:
> R1 has three F0/0 sub-interfaces configured:
>
>
>
> R1s F0/0.11 (192.168.1.1) connects R1 to BB1s F0/0 (192.168.1.11)
>
> R1s F0/0.12 (192.168.2.1) connects R1 to BB2s F0/0 (192.168.2.22)
>
> R1s F0/0.13 (192.168.3.1) connects R1 to BB3s F0/0 (192.168.3.33)
>
>
>
> BB1 is advertising its Lo0 (1.1.1.11/32)
>
> BB2 is advertising its Lo0 (1.1.1.22/32)
>
> BB3 is advertising its Lo0 (1.1.1.33/32)
>
>
>
> On R1
>
>
>
> R1(config)#Router ospf 1
>
> R1(config-router)#Netw 192.168.1.1 0.0.0.0 area 0
>
> R1(config-router)#Netw 192.168.2.1 0.0.0.0 area 0
>
> R1(config-router)#Netw 192.168.3.1 0.0.0.0 area 0
>
>
>
> I do that to speed up recovery:
>
>
>
> R1(config)#Int F0/0.11
>
> R1(config-subif)#IP OSPF dead-interval minimal hello-multiplier 4
>
>
>
> R1(config)#Int F0/0.12
>
> R1(config-subif)#IP OSPF dead-interval minimal hello-multiplier 4
>
>
>
> R1(config)#Int F0/0.13
>
> R1(config-subif)#IP OSPF dead-interval minimal hello-multiplier 4
>
>
>
> On BB1
>
>
>
> BB1(config)#Router ospf 1
>
> BB1(config-router)#router-id 1.1.1.11
>
> BB1(config-router)#Netw 192.168.1.11 0.0.0.0 area 0
>
> BB1(config-router)#Netw 1.1.1.11 0.0.0.0 area 0
>
>
>
> BB1(config)#int F0/0
>
> BB1(config-if)#IP OSPF dead-interval minimal hello-multiplier 4
>
>
>
> On BB2
>
>
>
> BB2(config)#Router ospf 1
>
> BB2(config-router)#router-id 1.1.1.22
>
> BB2(config-router)#Netw 1.1.1.22 0.0.0.0 area 0
>
> BB2(config-router)#Netw 192.168.2.22 0.0.0.0 area 0
>
>
>
> BB2(config)#int F0/0
>
> BB2(config-if)#IP OSPF dead-interval minimal hello-multiplier 4
>
>
>
> On BB3
>
>
>
> BB3(config)#Router ospf 1
>
> BB3(config-router)#router-id 1.1.1.33
>
> BB3(config-router)#Netw 1.1.1.33 0.0.0.0 area 0
>
> BB3(config-router)#Netw 192.168.3.33 0.0.0.0 area 0
>
>
>
> BB3(config)#int F0/0
>
> BB3(config-if)#IP OSPF dead-interval minimal hello-multiplier 4
>
>
>
> To verify the configuration:
>
>
>
> On R1
>
>
>
> R1#Show ip ospf neighbor
>
>
>
> Neighbor ID Pri State Dead Time Address Interface
>
> 1.1.1.33 1 FULL/DR 776 msec 192.168.3.33
> FastEthernet0/0.14
>
> 1.1.1.22 1 FULL/DR 816 msec 192.168.2.22
> FastEthernet0/0.13
>
> 1.1.1.11 1 FULL/DR 900 msec 192.168.1.11
> FastEthernet0/0.12
>
> 1.1.1.3 0 FULL/ - 00:00:37 100.1.1.3 Serial0/1
>
>
>
> R1#Show ip route ospf | Inc O
>
>
>
> O 1.1.1.11 [110/2] via 192.168.1.11, 00:04:23, FastEthernet0/0.11
>
> O 1.1.1.22 [110/2] via 192.168.2.22, 00:04:13, FastEthernet0/0.12
>
> O 1.1.1.33 [110/2] via 192.168.3.33, 00:00:55, FastEthernet0/0.13
>
>
>
> To configure the policy:
>
>
>
> On R1
>
>
>
> R1(config)#Int F0/0.12
>
> R1(config-subif)#IP OSPF Network Non-Broadcast
>
>
>
> R1(config-subif)#Int F0/0.13
>
> R1(config-subif)#IP OSPF Network Non-Broadcast
>
>
>
> R1(config-subif)#Int F0/0.14
>
> R1(config-subif)#IP OSPF Network Non-Broadcast
>
>
>
> R1(config)#Router ospf 1
>
> R1(config-router)#Neighbor 192.168.1.11
>
> R1(config-router)#Neighbor 192.168.2.22
>
> R1(config-router)#Neighbor 192.168.3.33
>
>
>
> On BB1, BB2 and BB3
>
>
>
> Rx(config)#Int F0/0
>
> Rx(config-subif)#IP OSPF Network Non-Broadcast
>
>
>
> To verify the configuration:
>
>
>
> On R1
>
>
>
> R1#Show ip ospf neighbor
>
>
>
> Neighbor ID Pri State Dead Time Address Interface
>
> 1.1.1.33 1 FULL/BDR 888 msec 192.168.3.33
> FastEthernet0/0.14
>
> 1.1.1.22 1 FULL/BDR 904 msec 192.168.2.22
> FastEthernet0/0.13
>
> 1.1.1.11 1 FULL/BDR 888 msec 192.168.1.11
> FastEthernet0/0.12
>
> 1.1.1.3 0 FULL/ - 00:00:37 100.1.1.3 Serial0/1
>
>
> To configure the policy:
>
>
> On R1
>
>
>
> R1(config)#Access-list 102 permit ospf host 192.168.2.1 host 192.168.2.22
>
> R1(config)#Access-list 103 permit ospf host 192.168.3.1 host 192.168.3.33
>
>
>
> R1(config)#IP SLA Monitor 11
>
> R1(config-rtr)#type echo protocol ipicmpecho 192.168.1.11 source-ipaddr
> 192.168.1.1
>
> R1(config-rtr-echo)#Freq 5
>
>
>
> R1(config)#IP SLA schedule 11 start now life forever
>
>
>
> R1(config)#Track 1 rtr 11 reachability
>
> R1(config-track)#delay down 3
>
> R1(config-track)#delay up 3
>
>
>
> R1(config)#IP SLA Monitor 12
>
> R1(config-rtr)#type echo protocol ipicmpecho 192.168.2.22 source-ipaddr
> 192.168.2.1
>
> R1(config-rtr-echo)#Freq 5
>
>
>
> R1(config)#IP SLA schedule 12 start now life forever
>
>
>
> R1(config)#Track 2 rtr 12 reachability
>
> R1(config-track)#delay down 3
>
> R1(config-track)#delay up 3
>
>
>
> 1(config)#Route-map TST permit 10
>
> R1(config-route-map)#match ip addr 102 103
>
> R1(config-route-map)#set ip next-hop verify-availability 192.168.1.11 1
> track 1
>
> R1(config-route-map)#set ip next-hop verify-availability 192.168.2.22 2
> track 2
>
>
>
> R1(config)#ip local policy route-map TST
>
>
>
> To verify the configuration:
>
>
>
> On R1
>
>
>
> R1#Show ip ospf neighbor
>
>
>
> Neighbor ID Pri State Dead Time Address Interface
>
> N/A 0 ATTEMPT/DROTHER - 192.168.3.33
> FastEthernet0/0.14
>
> N/A 0 ATTEMPT/DROTHER - 192.168.2.22
> FastEthernet0/0.13
>
> 1.1.1.11 1 FULL/BDR 920 msec 192.168.1.11
> FastEthernet0/0.12
>
> 1.1.1.3 0 FULL/ - 00:00:36 100.1.1.3 Serial0/1
>
>
>
> To test the configuration:
>
>
>
> On BB1
>
>
>
> BB1(config)#Int F0/0
>
> BB1(config-if)#Shut
>
>
>
> On R1
>
>
>
> You should see the following console message:
>
>
>
> %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.11 on FastEthernet0/0.12 from FULL to
> DOWN, Neighbor Down: Dead timer expired
>
>
>
> %TRACKING-5-STATE: 1 rtr 11 reachability Up->Down
>
>
>
> %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.22 on FastEthernet0/0.13 from LOADING
> to FULL,
>
>
>
> Loading Done
>
>
>
> R1#Show ip ospf neighbor
>
>
>
> Neighbor ID Pri State Dead Time Address Interface
>
> N/A 0 ATTEMPT/DROTHER - 192.168.3.33
> FastEthernet0/0.14
>
> 1.1.1.22 1 FULL/DR 876 msec 192.168.2.22
> FastEthernet0/0.13
>
> N/A 0 ATTEMPT/DROTHER - 192.168.1.11
> FastEthernet0/0.12
>
> 1.1.1.3 0 FULL/ - 00:00:30 100.1.1.3 Serial0/1
>
>
>
> On BB2
>
>
>
> BB2(config)#int f0/0
>
> BB2(config-if)#Shut
>
>
>
> On R1
>
>
>
> R1#Show ip ospf neighbor
>
>
>
> Neighbor ID Pri State Dead Time Address Interface
>
> 1.1.1.33 1 FULL/DR 996 msec 192.168.3.33
> FastEthernet0/0.14
>
> N/A 0 ATTEMPT/DROTHER - 192.168.2.22
> FastEthernet0/0.13
>
> N/A 0 ATTEMPT/DROTHER - 192.168.1.11
> FastEthernet0/0.12
>
> 1.1.1.3 0 FULL/ - 00:00:32 100.1.1.3 Serial0/1
>
>
>
> To test the failover:
>
>
>
> On BB2
>
>
>
> BB2(config)#Int F0/0
>
> BB2(config-if)#NO Shut
>
>
>
> On R1
>
>
>
> You should see the following console messages:
>
>
>
> %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.22 on FastEthernet0/0.13 from LOADING
> to FULL, Loading Done
>
>
>
> %TRACKING-5-STATE: 2 rtr 12 reachability Down->Up
>
>
>
> %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.33 on FastEthernet0/0.14 from FULL to
> DOWN, Neighbor Down: Dead timer expired
>
>
>
> R1#Show ip ospf neighbor
>
>
>
> Neighbor ID Pri State Dead Time Address Interface
>
> N/A 0 ATTEMPT/DROTHER - 192.168.3.33
> FastEthernet0/0.14
>
> 1.1.1.22 1 FULL/DR 940 msec 192.168.2.22
> FastEthernet0/0.13
>
> N/A 0 ATTEMPT/DROTHER - 192.168.1.11
> FastEthernet0/0.12
>
> 1.1.1.3 0 FULL/ - 00:00:33 100.1.1.3 Serial0/1
>
>
>
> On BB1
>
>
>
> BB1(config)#Int F0/0
>
> BB1(config-if)#NO Shut
>
>
>
> On R1
>
>
>
> You should see the following console messages:
>
>
>
> %TRACKING-5-STATE: 1 rtr 11 reachability Down->Up
>
>
>
> %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.22 on FastEthernet0/0.13 from FULL to
> DOWN, Neighbor Down: Dead timer expired
>
>
>
> %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.11 on FastEthernet0/0.12 from LOADING
> to FULL, Loading Done
>
>
>
> R1#Show ip ospf neighbor
>
>
>
> Neighbor ID Pri State Dead Time Address Interface
>
> N/A 0 ATTEMPT/DROTHER - 192.168.3.33
> FastEthernet0/0.14
>
> N/A 0 ATTEMPT/DROTHER - 192.168.2.22
> FastEthernet0/0.13
>
> 1.1.1.11 1 FULL/DR 772 msec 192.168.1.11
> FastEthernet0/0.12
>
> 1.1.1.3 0 FULL/ - 00:00:37 100.1.1.3 Serial0/1
>
>
>
>
>
> I hope this helped.
>
> On Thu, Feb 11, 2010 at 10:14 AM, Marko Milivojevic <markom_at_ipexpert.com>
> wrote:
>>
>> On Thu, Feb 11, 2010 at 18:11, Ivan Hrvatska <ivanzghr_at_gmail.com> wrote:
>> > Yes, I considered debug on reboot, so I made one event applet that
>> > turns ON that debugging if it gets syslog msg of reboot. Tested it,
>> > and it works.
>>
>> You are talking "programming routers" into whole new level, aren't you?
>> :-)
>>
>> > Narbik, I think that your idea would work. How to do it? :)
>>
>> I'm also rather curious about that. I've never heard of such feature,
>> but it does sound like something that would solve your issues...
>>
>> --
>> Marko Milivojevic - CCIE #18427
>> Senior Technical Instructor - IPexpert
>>
>> Mailto: markom_at_ipexpert.com
>> Telephone: +1.810.326.1444
>> Fax: +1.810.454.0130
>> R&S Video on Demand Demo: http://bit.ly/aFyrU4
>
>
>
> --
> Narbik Kocharians
> CCSI#30832, CCIE# 12410 (R&S, SP, Security)
> www.MicronicsTraining.com
> Sr. Technical Instructor
> YES! We take Cisco Learning Credits!
> Training And Remote Racks available

Blogs and organic groups at http://www.ccie.net
Received on Mon Feb 15 2010 - 13:58:18 ART

This archive was generated by hypermail 2.2.0 : Mon Mar 01 2010 - 06:28:36 ART