Re: Dynamic Routing Updates: Now you see 'em, now you don't

eric.stewart · ‎11-27-2010

In this thread https://supportforums.cisco.com/thread/2054722?tstart=0 I mentioned that the RV220W supports RRI. I noticed something unexpected. While looking at the routing table on my interior routers (ASA 5505 and Cisco 871 both) I've noticed that the routes being advertised via RIP by the RV220W keep dropping in and out of the routing table. Very much "now you see them, now you don't"

Now you see them....

asa5505/home.breezy.ca(config)# show route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is 206.248.154.104 to network 0.0.0.0

O    192.168.123.1 255.255.255.255
           [110/11] via terminal-server, 426:46:19, dmz
S    192.168.123.0 255.255.255.0 [1/0] via terminal-server, dmz
C    192.168.91.0 255.255.255.0 is directly connected, screened-subnet
R    173.206.128.1 255.255.255.255 [120/1] via 192.168.99.139, 0:00:21, dmz <<--- RV220W WAN
C    192.168.21.0 255.255.255.0 is directly connected, webcam
C    192.168.99.128 255.255.255.128 is directly connected, dmz
S    10.99.99.0 255.255.255.0 [1/0] via 10.44.44.65, dmz2
C    10.100.100.0 255.255.255.0 is directly connected, Hotspot
C    10.44.44.64 255.255.255.192 is directly connected, dmz2
R    10.254.44.67 255.255.255.255 [120/1] via 192.168.99.139, 0:00:21, dmz <<--- RV220W SSL VPN Client

C    192.168.0.0 255.255.255.0 is directly connected, inside
D    192.168.1.0 255.255.255.0 [90/30720] via 192.168.99.136, 358:41:52, dmz
C    192.168.2.0 255.255.255.0 is directly connected, wireless
S*   0.0.0.0 0.0.0.0 [1/0] via 206.248.154.104, outside

Now you don't:

asa5505/home.breezy.ca(config)# show route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is 206.248.154.104 to network 0.0.0.0

O    192.168.123.1 255.255.255.255
           [110/11] via terminal-server, 426:49:08, dmz
S    192.168.123.0 255.255.255.0 [1/0] via terminal-server, dmz
C    192.168.91.0 255.255.255.0 is directly connected, screened-subnet
C    192.168.21.0 255.255.255.0 is directly connected, webcam
C    192.168.99.128 255.255.255.128 is directly connected, dmz
S    10.99.99.0 255.255.255.0 [1/0] via 10.44.44.65, dmz2
C    10.100.100.0 255.255.255.0 is directly connected, Hotspot
C    10.44.44.64 255.255.255.192 is directly connected, dmz2
C    192.168.0.0 255.255.255.0 is directly connected, inside
D    192.168.1.0 255.255.255.0 [90/30720] via 192.168.99.136, 358:44:42, dmz
C    192.168.2.0 255.255.255.0 is directly connected, wireless
S*   0.0.0.0 0.0.0.0 [1/0] via 206.248.154.104, outside

Message was edited by: eric.stewart (typos and line wrapping)

linksysinfo · ‎11-28-2010

i have enabled RIP-2M on both routers and i'll see what happens.

Regards Simon

ddiep · ‎12-03-2010

Eric/Simon,

Do you still see this happening? Did the missing route ever come back? Any special condition that we should know of?

We tried to recreate but didnot see it in our lab.

Please provide us a brief topology of your setup and running_config.

Regards.

eric.stewart · ‎12-03-2010

Don,

I'm at work, so while I take a quick break, I'll keep this reply quick and to the point:

Network diagrams (logical and physical) have already been posted. I will attach them here in any case FYI.
The test condition as already stated, was when an SSLVPN user was connected to the RV220W. When this happens, the RV220W automatically starts advertising the route to the VPN user's subnet via dynamic routing advertisements. In the RV220W's case, you have different combinations/permutations of dynamic routing that you can configure.
My RV220W was (is) set up for RIP version 2, multicast. Screenshot is attached too.
My Cisco ASA5505 (again, see attached diagrams) is on several common VLANs/subnets with the RV220W, but I had is set to only "listen" on VLAN 9, (192.168.99.128/25) for the test, choosing to make all the other VLANs passive interfaces. The routing table for the ASA5505 is in my original post.
Might be an issue with the ASA5505, who knows? I didn't look at the routing table on my Cisco 871, which is also on that same common subnet to see if there's an issue there.
It will be hard to test while I'm work, but I suppose I can VPN in and launch the SSLVPN connection from an inside host "behind" the ASA to the RV220W on the Internet. I'll post back here if I get that running and I'll confirm that the funny behaviour has a) disappeared and/or b) can't be replicated on the Cisco 871 who's routing table I'll also take a look at.

/Eric

eric.stewart · ‎12-03-2010

Still seeing the same behaviour. Using the latest 1.00.26 firmware. All examples cut and paste from CLI on my Cisco 871 router and Cisco ASA5505 security appliance. SSL VPN is up the entire time which is why the routes going in and out of the routing table on both devices is strange to say the least. Further complicating things is that (at least on the ASA5505) the route to the WAN interface of the RV220W appears as a learned RIP route n the routing table (good) sometimes only learned on one directly connected VLAN (bad) instead of the two that it should be. Sometimes not at all (worse). So, it's not just the SSLVPN route (advertised by RRI) but rather all advertised routes which seem to be affected. I also can't understand why, at least on the ASA, I see the route only advertised on the Hotspot VLAN (my VLAN 911) where it should be advertised (and thus learned) on all connected VLANs.

Test Case: From the Cisco 871 Router

1.) Now you See it (learned on 2 connected VLANs):
----------------
Cisco871#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 192.168.91.2 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 192.168.91.2
R     1.0.0.0/8 [120/2] via 192.168.99.129, 00:00:08, Vlan9
                [120/2] via 192.168.2.2, 00:00:08, Vlan99
      10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks
R        10.1.1.85/32 [120/1] via 192.168.99.129, 00:00:08, Vlan9
                      [120/1] via 192.168.2.2, 00:00:08, Vlan99
R        10.44.44.64/26 [120/1] via 192.168.99.139, 00:00:26, Vlan9
                        [120/1] via 192.168.99.129, 00:00:08, Vlan9
                        [120/1] via 192.168.2.139, 00:00:26, Vlan99
                        [120/1] via 192.168.2.2, 00:00:08, Vlan99
R        10.100.100.0/24 [120/1] via 192.168.99.139, 00:00:26, Vlan9
                         [120/1] via 192.168.99.129, 00:00:08, Vlan9
                         [120/1] via 192.168.2.139, 00:00:26, Vlan99
                         [120/1] via 192.168.2.2, 00:00:08, Vlan99
R        10.254.44.67/32 [120/1] via 192.168.99.139, 00:00:26, Vlan9 <- VPN Route
                         [120/1] via 192.168.2.139, 00:00:26, Vlan99 <- VPN Route
      69.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        69.196.181.96/29 is directly connected, FastEthernet4
L        69.196.181.98/32 is directly connected, FastEthernet4
      172.16.0.0/24 is subnetted, 1 subnets
R        172.16.10.0 [120/1] via 192.168.99.129, 00:00:08, Vlan9
                     [120/1] via 192.168.2.2, 00:00:08, Vlan99
      192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.0.0/24 is directly connected, Vlan1
L        192.168.0.4/32 is directly connected, Vlan1
      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/24 is directly connected, Vlan921
L        192.168.1.1/32 is directly connected, Vlan921
      192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.2.0/24 is directly connected, Vlan99
L        192.168.2.4/32 is directly connected, Vlan99
R     192.168.21.0/24 [120/1] via 192.168.99.139, 00:00:26, Vlan9
                      [120/1] via 192.168.99.129, 00:00:08, Vlan9
                      [120/1] via 192.168.2.139, 00:00:26, Vlan99
                      [120/1] via 192.168.2.2, 00:00:08, Vlan99
      192.168.91.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.91.0/24 is directly connected, FastEthernet4
L        192.168.91.4/32 is directly connected, FastEthernet4
      192.168.99.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.99.128/25 is directly connected, Vlan9
L        192.168.99.136/32 is directly connected, Vlan9

2.) Now you see it (odd, it's learned on only 1 connected VLAN):

Cisco871#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 192.168.91.2 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 192.168.91.2
R     1.0.0.0/8 [120/2] via 192.168.99.129, 00:00:03, Vlan9
                [120/2] via 192.168.2.2, 00:00:03, Vlan99
      10.0.0.0/8 is variably subnetted, 4 subnets, 3 masks
R        10.1.1.85/32 [120/1] via 192.168.99.129, 00:00:03, Vlan9
                      [120/1] via 192.168.2.2, 00:00:03, Vlan99
R        10.44.44.64/26 [120/1] via 192.168.99.139, 00:00:12, Vlan9
                        [120/1] via 192.168.99.129, 00:00:03, Vlan9
                        [120/1] via 192.168.2.139, 00:00:12, Vlan99
                        [120/1] via 192.168.2.2, 00:00:03, Vlan99
R        10.100.100.0/24 [120/1] via 192.168.99.139, 00:00:12, Vlan9
                         [120/1] via 192.168.99.129, 00:00:03, Vlan9
                         [120/1] via 192.168.2.139, 00:00:12, Vlan99
                         [120/1] via 192.168.2.2, 00:00:03, Vlan99
R        10.254.44.67/32 [120/14] via 192.168.2.2, 00:00:01, Vlan99 <- VPN Route
      69.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        69.196.181.96/29 is directly connected, FastEthernet4
L        69.196.181.98/32 is directly connected, FastEthernet4
      172.16.0.0/24 is subnetted, 1 subnets
R        172.16.10.0 [120/1] via 192.168.99.129, 00:00:03, Vlan9
                     [120/1] via 192.168.2.2, 00:00:03, Vlan99
      173.206.0.0/32 is subnetted, 1 subnets
R        173.206.176.1 [120/1] via 192.168.99.139, 00:00:12, Vlan9
                       [120/1] via 192.168.2.139, 00:00:12, Vlan99
      192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.0.0/24 is directly connected, Vlan1
L        192.168.0.4/32 is directly connected, Vlan1
      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/24 is directly connected, Vlan921
L        192.168.1.1/32 is directly connected, Vlan921
      192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.2.0/24 is directly connected, Vlan99
L        192.168.2.4/32 is directly connected, Vlan99
R     192.168.21.0/24 [120/1] via 192.168.99.139, 00:00:12, Vlan9
                      [120/1] via 192.168.99.129, 00:00:03, Vlan9
                      [120/1] via 192.168.2.139, 00:00:12, Vlan99
                      [120/1] via 192.168.2.2, 00:00:03, Vlan99
      192.168.91.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.91.0/24 is directly connected, FastEthernet4
L        192.168.91.4/32 is directly connected, FastEthernet4
      192.168.99.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.99.128/25 is directly connected, Vlan9
L        192.168.99.136/32 is directly connected, Vlan9

3.) Now you don't:
--------------
Cisco871# show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 192.168.91.2 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 192.168.91.2
R     1.0.0.0/8 [120/2] via 192.168.99.129, 00:00:05, Vlan9
                [120/2] via 192.168.2.2, 00:00:05, Vlan99
      10.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
R        10.1.1.85/32 [120/1] via 192.168.99.129, 00:00:05, Vlan9
                      [120/1] via 192.168.2.2, 00:00:05, Vlan99
R        10.44.44.64/26 [120/1] via 192.168.99.139, 00:00:02, Vlan9
                        [120/1] via 192.168.99.129, 00:00:05, Vlan9
                        [120/1] via 192.168.2.139, 00:00:02, Vlan99
                        [120/1] via 192.168.2.2, 00:00:05, Vlan99
R        10.100.100.0/24 [120/1] via 192.168.99.139, 00:00:02, Vlan9
                         [120/1] via 192.168.99.129, 00:00:05, Vlan9
                         [120/1] via 192.168.2.139, 00:00:02, Vlan99
                         [120/1] via 192.168.2.2, 00:00:05, Vlan99
      69.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        69.196.181.96/29 is directly connected, FastEthernet4
L        69.196.181.98/32 is directly connected, FastEthernet4
      172.16.0.0/24 is subnetted, 1 subnets
R        172.16.10.0 [120/1] via 192.168.99.129, 00:00:05, Vlan9
                     [120/1] via 192.168.2.2, 00:00:05, Vlan99
      173.206.0.0/32 is subnetted, 1 subnets
R        173.206.176.1 [120/1] via 192.168.99.139, 00:00:02, Vlan9
                       [120/1] via 192.168.2.139, 00:00:02, Vlan99
      192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.0.0/24 is directly connected, Vlan1
L        192.168.0.4/32 is directly connected, Vlan1
      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/24 is directly connected, Vlan921
L        192.168.1.1/32 is directly connected, Vlan921
      192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.2.0/24 is directly connected, Vlan99
L        192.168.2.4/32 is directly connected, Vlan99
R     192.168.21.0/24 [120/1] via 192.168.99.139, 00:00:02, Vlan9
                      [120/1] via 192.168.99.129, 00:00:05, Vlan9
                      [120/1] via 192.168.2.139, 00:00:02, Vlan99
                      [120/1] via 192.168.2.2, 00:00:05, Vlan99
      192.168.91.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.91.0/24 is directly connected, FastEthernet4
L        192.168.91.4/32 is directly connected, FastEthernet4
      192.168.99.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.99.128/25 is directly connected, Vlan9
L        192.168.99.136/32 is directly connected, Vlan9

Test Case: From the ASA 5505

Also, other routes seem to be bouncing in and out of the routing table, including the one for the WAN Interface on the RV220W

On the ASA5505:

1.) Now you see it:
----------------

asa5505/home.breezy.ca(config-router)# show route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is 206.248.154.122 to network 0.0.0.0

O    192.168.123.1 255.255.255.255 [110/11] via terminal-server, 28:24:43, dmz
R    1.0.0.0 255.0.0.0 [120/1] via 192.168.0.1, 0:00:06, inside
C    192.168.91.0 255.255.255.0 is directly connected, screened-subnet
S    172.16.10.0 255.255.255.0 [1/0] via 206.248.154.122, outside
R    173.206.176.1 255.255.255.255
           [120/1] via 10.100.100.139, 0:00:21, Hotspot <----- RV220W WAN

                                                           Interface Route
C    192.168.21.0 255.255.255.0 is directly connected, webcam
C    192.168.99.128 255.255.255.128 is directly connected, dmz
C    10.100.100.0 255.255.255.0 is directly connected, Hotspot
C    10.44.44.64 255.255.255.192 is directly connected, dmz2
S    10.1.1.85 255.255.255.255 [1/0] via 206.248.154.122, outside
C    192.168.0.0 255.255.255.0 is directly connected, inside
D    192.168.1.0 255.255.255.0 [90/30720] via 192.168.99.136, 23:11:19, dmz
C    192.168.2.0 255.255.255.0 is directly connected, wireless
S*   0.0.0.0 0.0.0.0 [1/0] via 206.248.154.122, outside

2.) Now you don't
--------------
asa5505/home.breezy.ca(config-router)# show route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is 206.248.154.122 to network 0.0.0.0

O    192.168.123.1 255.255.255.255 [110/11] via terminal-server, 28:24:21, dmz
R    1.0.0.0 255.0.0.0 [120/1] via 192.168.0.1, 0:00:14, inside
C    192.168.91.0 255.255.255.0 is directly connected, screened-subnet
S    172.16.10.0 255.255.255.0 [1/0] via 206.248.154.122, outside
C    192.168.21.0 255.255.255.0 is directly connected, webcam
C    192.168.99.128 255.255.255.128 is directly connected, dmz
C    10.100.100.0 255.255.255.0 is directly connected, Hotspot
C    10.44.44.64 255.255.255.192 is directly connected, dmz2
S    10.1.1.85 255.255.255.255 [1/0] via 206.248.154.122, outside
R    10.254.44.67 255.255.255.255 [120/1] via 10.100.100.139, 0:00:29, Hotspot
C    192.168.0.0 255.255.255.0 is directly connected, inside
D    192.168.1.0 255.255.255.0 [90/30720] via 192.168.99.136, 23:10:57, dmz
C    192.168.2.0 255.255.255.0 is directly connected, wireless
S*   0.0.0.0 0.0.0.0 [1/0] via 206.248.154.122, outside