10-07-2011 02:23 PM - edited 03-07-2019 02:40 AM
With Peter Palúch
Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to get expert insights and learn about Unicast IP routing protocols with Cisco Designated VIP Peter Palúch. Peter Palúch is an assistant professor and a Cisco Networking Academy instructor at the University of Zilina, Slovakia. His fields of interest include routing, switching, and MPLS technologies. He is a seasoned teacher who has cooperated in various educational activities in Slovakia and abroad, focusing particularly on networking and Linux-based network server systems. Peter holds a doctoral degree in the area of VoIP quality degradation factors; he also holds CCIP certification and CCIE certification (#23527) in Routing & Switching.
Remember to use the rating system to let Peter know if you have received an adequate response.
Peter might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Network Management discussion, discussion forum shortly after the event. This event lasts through October 21, 2011. Visit this forum often to view responses to your questions and the questions of other community members.
10-18-2011 07:35 AM
Hello Peter
I have read in documentation, that I can speed-up OSPF convergence by using prefix suppression feature. I tried it in our lab, but when I put in configuration
router ospf 1
network ...
prefix suppression
all OSPF networks was gone from the routing table. What am I doing wrong? At least stub networks and loopbacks should remain.
Sincerely, Jiri
10-18-2011 10:17 AM
Hello Jiri,
Nice to hear from you again!
To be completely exact about the prefix suppression technique, I will be quoting its description from the following URL here:
The OSPF mechanism to exclude connected IP prefixes from LSAs allows network administrators to control what IP prefixes are installed into LSAs. This functionality is implemented for router and network LSAs in the following manner:
Subsequently, the guide indicates:
Prefixes that are associated with loopbacks, secondary IP addresses, and passive interfaces are excluded because typical network designs require those to remain reachable.
In this particular statement, the word "excluded" actually means excluded from the prefix suppression feature, i.e. being advertised even with prefix suppression activated.
In other words, after configuring the prefix suppression globally in the OSPF configuration, the router will advertise only the following directly connected prefixes:
of course assuming that these interfaces are assigned to the particular OSPF process.
I have confirmed this in Dynamips running 2691 12.4(15)T13 Advanced IP Services IOS - the behavior aligned perfectly with the description.
all OSPF networks was gone from the routing table. What am I doing wrong? At least stub networks and loopbacks should remain.
This surprises me. The loopbacks should not have disappeared from your routing tables if they were advertised before configuring the prefix suppression. Physical directly-connected networks are supposed to disappear - you have to manually declare the interfaces as passive in order to have them advertised if the prefix suppression is active. The router will not automatically advertise an interface's network just because it is considered a stub network (i.e. no other OSPF neighbors detected).
What is the IOS version you were using when performing these experiments? Also, would you mind posting your entire configuration so I can try to reproduce the problem? Thank you!
Best regards,
Peter
10-19-2011 12:44 AM
Hello,
thank you for your explanation. I am trying it in the Dynamips now and it is working as expected
Previously I have tried it on the real boxes (C2801, 12.4(24)T5).
I will try it again, but I do not have original configs, Maybe it is some intermittent issue.
Regards, Jiri
10-19-2011 01:32 AM
Hello Jiri,
thank you for your explanation. I am trying it in the Dynamips now and it is working as expected
Well, controlled experiments usually work to the great dismay of everyone trying to show a problematic scenario
Previously I have tried it on the real boxes (C2801, 12.4(24)T5). I will try it again
Please do, and let us know about the results. Thank you!
Best regards,
Peter
10-19-2011 11:37 PM
Hello Peter,
yesterday I built this again in our lab, but no problem occured. I am not able to replicate exactly the last lab, I do not have original configurations, and there was more OSPF features turned on.
Sorry for bothering you for nothing.
Jiri
10-20-2011 12:38 AM
Hi Jiri,
I do not consider this "a bothering" at all - quite on the contrary, I enjoyed replicating the issue and researching the existing documents about the OSPF Prefix Suppression feature! There is absolutely no reason to apologize. I am glad you've joined the discussion.
Please feel welcome anytime to discuss any networking issues here on Cisco Support Community website - either in this thread while it is still open, or in appropriate CSC section anytime in the future.
Best regards,
Peter
10-19-2011 03:47 PM
Hello Kishore,
I am replying in a new subthread as the depth of our original thread was so deep that reading the posts was not practical anymore.
The results of your PING experiments are identical to the symptoms I have experienced with my buggy IOS where the L2TP-encapsulated packets always had the DF-bit set. An original packet with the size of at least 1463 bytes resulted in the total packet length of at least 1501 bytes after encapsulation - however, having the DF-bit set, this new packet was prohibited from being fragmented on the encapsulating router and had to be dropped. In addition, the ICMP Packet-too-big messages were sent only if the original packet had the DF-bit set, and were suppressed otherwise. Furthermore, as I explained earlier, we should not expect EIGRP to actually honor the Packet-too-big messages.
To me, this appears to be an IOS bug. Do you believe you could upgrade the IOS running on your 3845 routers that terminate the L2TP PW? You are currently running 12.4(20)YA which is a short-lived train. I would recommend trying a suitable 12.4T image - personally I recommend trying the 12.4(24)T5 SP SERVICES. According to the Feature Navigator, the 12.4(24)T5 should contain practically all features of your YA image and should fit in 256/64 DRAM/FLASH just like your current YA, except a few features unique to the YA version, in particular:
ATM LANE Fast Simple Server Redundancy Protocol (LANE Fast SSRP)
BGP Neighbor Policy
Circuit Emulation over IP (CEoIP)
Disabling LANE Flush Process
Dynamic Multipoint VPN (DMVPN) Phase 1
Flexible NetFlow - IPv6 Unicast Flows
IP SLAs RTP Based VoIP Operation
LANE dCEF
LANE Optimum Switching
Multiprotocol over ATM (MPOA)
Multiprotocol over ATM for Token Ring (MPOA)
NAT - Scalability for Stateful NAT
PPPoE Circuit-ID Tag Processing
SSRP for LANE
Token Ring LANE
I doubt you are using any of these. Would an IOS upgrade be an option for you? Please note that ideally, the IOS should be upgraded on both 3845 routers.
Best regards,
Peter
10-19-2011 03:58 PM
Wow! You're actually still AWAKE at this time of the hour in Europe???? Amazing!
10-19-2011 04:08 PM
Hi Leo,
Yes, I am still awake As this event has roughly two more days to live, I want to make the most of it. Nice of you to drop by, thank you!
Best regards,
Peter
10-21-2011 04:14 AM
Hi Peter,
Today is the last day of your "Ask the Expert" so I thought i will ask you one last question here. Hope you dont mind
I am doing some testing on mpls tunnels on a 7200 image on GNS3.. Now, it's a simple set up. I am uploadig my topo here.
I have 2 tunnels.
1. dynami tunnel from PE31-P1-P32 which comes up fine.
2. explicit path going via PE31-PE-MGT-PE32.
Now the second tunnel always remains down and shows me the following error.
Name: ** MPLS-TE via PE-MGT (Tunnel1) Destination: 192.168.3.33
Status:
Admin: up Oper: down Path: not valid Signalling: Down
path option 1, type explicit PE31-PE_MGT-PE32
Config Parameters:
Bandwidth: 100 kbps (Global) Priority: 2 2 Affinity: 0x0/0xFFFF
Metric Type: TE (default)
AutoRoute: enabled LockDown: disabled Loadshare: 100 bw-based
auto-bw: disabled
History:
Tunnel:
Time since created: 8 minutes, 18 seconds
Path Option 1:
Last Error: PCALC:: Explicit path has unknown address, 192.168.5.50
PE31#sh ip route 192.168.5.50
Routing entry for 192.168.5.48/30
Known via "connected", distance 0, metric 0 (connected, via interface)
Routing Descriptor Blocks:
* directly connected, via Ethernet1/3
Route metric is 0, traffic share count is 1
PE31#sh ip explicit-paths
PATH PE31-PE_MGT-PE32 (strict source route, path complete, generation 5)
1: next-address 192.168.5.50
3: next-address 192.168.4.1
4: next-address 192.168.3.33 <<< destination of the tunnel.
PE31#
Why is it showing me unknown address although its on the directly connected subnet
PE31#show mpls traffic-eng topology | inc 192.168.5.50 <<< in the topology
link[1 ]:DR Intf Address: 192.168.5.50, gen:2
IGP Id: 192.168.5.50, Network Nod
Regards,
Kishore
10-21-2011 05:29 AM
Hi Kishore,
I thought i will ask you one last question here. Hope you dont mind
You are welcome In fact, I wish this event could last a little longer. These two weeks went by too quickly. Perhaps I will get the honor and opportunity of hosting a similar event sometime later again.
Regarding your problem: is the mpls traffic-eng tunnel command used on the PE31 Ethernet1/3 and PE-MGMT Ethernet1/0 interfaces? The show mpls traffic-eng topo is currently filtered in your post so it is hard to say who is advertising the 192.168.5.50 link.
Also, are you properly running a TE-enabled IGMP along the PE31/PE-MGMT/PE32 path?
Can you perhaps post the configuration of the PE31 and PE-MGMT? Thank you!
Best regards,
Peter
10-21-2011 05:36 AM
hi peter, i wish your event was always there forver so that we all can learn so much from you. The configs are here
++++ PE31
PE31#sh run
Building configuration...
Current configuration : 4996 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE31
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
no ip domain lookup
!
ip vrf CustA
rd 100:101
export map NMS_CustA
route-target export 100:101
route-target import 100:101
route-target import 100:501
!
ip vrf Test
rd 100:79
route-target export 100:79
route-target import 100:79
!
ip cef
mpls traffic-eng tunnels
no tag-switching ip propagate-ttl
!
!
!
!
class-map match-all REALTIME
match ip precedence 5
class-map match-all INTERACTIVE
match ip precedence 3
!
!
policy-map QOS_INGRESS
class REALTIME
police cir 512000
conform-action set-mpls-exp-imposition-transmit 5
exceed-action drop
class INTERACTIVE
police cir 128000
conform-action set-mpls-exp-imposition-transmit 3
exceed-action drop
class class-default
police cir 100000
conform-action set-mpls-exp-imposition-transmit 0
exceed-action drop
!
!
!
!
!
!
interface Loopback0
ip address 192.168.3.17 255.255.255.255
!
interface Loopback1
ip vrf forwarding Test
ip address 1.1.1.1 255.255.255.255
!
interface Loopback2
ip vrf forwarding CustA
ip address 2.2.2.2 255.255.255.255
!
interface Tunnel0
description ** MPLS-TE via P1 ***
ip unnumbered Loopback0
tunnel destination 192.168.3.33
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng priority 1 1
tunnel mpls traffic-eng bandwidth 256
tunnel mpls traffic-eng path-option 1 dynamic
!
interface Tunnel1
description ** MPLS-TE via PE-MGT
ip unnumbered Loopback0
tunnel destination 192.168.3.33
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng priority 2 2
tunnel mpls traffic-eng bandwidth 100
tunnel mpls traffic-eng path-option 1 explicit name PE31-PE_MGT-PE32
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Ethernet1/0
description ***** Link to P1
ip address 192.168.3.49 255.255.255.240
duplex full
mpls label protocol ldp
mpls traffic-eng tunnels
tag-switching mtu 1512
tag-switching ip
ip rsvp bandwidth 1000
!
interface Ethernet1/1
description ****** Link to CE31B
ip address 150.3.31.34 255.255.255.240
duplex full
!
interface Ethernet1/2
description ***** Link to CE31A
ip vrf forwarding CustA
ip address 150.3.31.18 255.255.255.248
duplex full
service-policy input QOS_INGRESS
!
interface Ethernet1/3
description *** LInk to PE-MGT1
ip address 192.168.5.49 255.255.255.252
duplex full
mpls label protocol ldp
mpls traffic-eng tunnels
tag-switching ip
ip rsvp bandwidth 1000
!
!
interface GigabitEthernet3/0
no ip address
shutdown
negotiation auto
!
router ospf 1
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0
log-adjacency-changes
network 192.168.3.0 0.0.0.255 area 0
network 192.168.5.0 0.0.0.255 area 0
!
router bgp 65001
bgp log-neighbor-changes
neighbor 192.168.3.33 remote-as 65001
neighbor 192.168.3.33 update-source Loopback0
neighbor 192.168.100.1 remote-as 65001
neighbor 192.168.100.1 update-source Loopback0
!
address-family ipv4
neighbor 192.168.3.33 activate
neighbor 192.168.100.1 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 192.168.3.33 activate
neighbor 192.168.3.33 next-hop-self
neighbor 192.168.3.33 send-community both
neighbor 192.168.100.1 activate
neighbor 192.168.100.1 next-hop-self
neighbor 192.168.100.1 send-community both
exit-address-family
!
address-family ipv4 vrf Test
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf CustA
redistribute static
neighbor 150.3.31.17 remote-as 65031
neighbor 150.3.31.17 activate
neighbor 150.3.31.17 as-override
neighbor 150.3.32.17 remote-as 65031
no neighbor 150.3.32.17 activate
default-information originate
no auto-summary
no synchronization
exit-address-family
!
ip classless
ip route vrf CustA 0.0.0.0 0.0.0.0 150.3.31.17
no ip http server
no ip http secure-server
!
!
ip explicit-path name PE31-PE_MGT-PE32 enable
next-address 192.168.5.50
index 3 next-address 192.168.4.1
next-address 192.168.3.33
!
access-list 10 permit 2.2.2.2 log
!
route-map NMS_CustA permit 10
match ip address 10
set extcommunity rt 100:500 additive
!
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end
+++++PE-MGT
PE-MGMT#sh run
Building configuration...
Current configuration : 2543 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE-MGMT
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
!
!
!
ip vrf NMS
rd 100:501
route-target export 100:501
route-target import 100:500
!
ip cef
mpls traffic-eng tunnels
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
description ****** BGP peer to PE31
ip address 192.168.100.1 255.255.255.255
!
interface Loopback200
ip vrf forwarding NMS
ip address 192.168.200.1 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Ethernet1/0
description ****** Link to PE31
ip address 192.168.5.50 255.255.255.252
duplex full
mpls label protocol ldp
mpls traffic-eng tunnels
tag-switching ip
ip rsvp bandwidth 1000
!
interface Ethernet1/1
description *** Link to PE32 ***
ip address 192.168.4.2 255.255.255.252
duplex full
mpls label protocol ldp
mpls traffic-eng tunnels
tag-switching mtu 1512
tag-switching ip
ip rsvp bandwidth 1000
!
router ospf 1
log-adjacency-changes
network 192.168.4.0 0.0.0.255 area 0
network 192.168.5.0 0.0.0.255 area 0
network 192.168.100.1 0.0.0.0 area 0
!
router bgp 65001
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 192.168.3.17 remote-as 65001
neighbor 192.168.3.17 update-source Loopback0
neighbor 192.168.3.33 remote-as 65001
neighbor 192.168.3.33 update-source Loopback0
!
address-family ipv4
neighbor 192.168.3.17 activate
neighbor 192.168.3.33 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 192.168.3.17 activate
neighbor 192.168.3.17 next-hop-self
neighbor 192.168.3.17 send-community both
neighbor 192.168.3.33 activate
neighbor 192.168.3.33 next-hop-self
neighbor 192.168.3.33 send-community both
exit-address-family
!
address-family ipv4 vrf NMS
redistribute connected
no auto-summary
no synchronization
exit-address-family
!
ip classless
no ip http server
no ip http secure-server
gatekeeper
shutdown
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
!
end
PE-MGMT#
10-21-2011 05:44 AM
Kishore,
I believe I see the problem. The OSPF on your PE-MGMT router is not configured with TE extensions. You need to add the following obligatory lines:
router ospf 1
mpls traffic-eng router-id Loopback0
mpls traffic-eng area 0
Try adding these lines to the PE-MGMT OSPF configuration and see whether the tunnel comes up. It may require a little time, or using the mpls traffic-eng reoptimize privileged level command may speed up the tunnel establishment.
i wish your event was always there forver so that we all can learn so much from you
Kishore, you are too kind, really. I appreciate it so much, thank you! The fact is that this event is finishing soon but I am still here on CSC, I am not going anywhere So after this event is over, just continue asking in appropriate sections of the Cisco Support Community and I or other friends here will certainly answer your questions as best as we can.
Best regards,
Peter
10-21-2011 05:55 AM
omg peter how did I not see it. I thought I added them on all routers.. thanks heaps for that :-) I can see th etunnels come up. I am seeing 4 Tunnels . Is it because of the unidirectional behaviour of the tunnels that I am seeing 2 in each direction? I have seen a video on youtube which shows only 2 tunnels on the PE's. Is the output IOS specific and platform specific? I am using a pretty old image 12.3.
PE31#sh mpls traffic-eng tunnels brief
Signalling Summary:
LSP Tunnels Process: running
RSVP Process: running
Forwarding: enabled
Periodic reoptimization: every 3600 seconds, next in 3579 seconds
Periodic auto-bw collection: disabled
TUNNEL NAME DESTINATION UP IF DOWN IF STATE/PROT
** MPLS-TE via P1 *** 192.168.3.33 - Et1/0 up/up
** MPLS-TE via PE-MGT 192.168.3.33 - Et1/3 up/up
** MPLS-TE via P1 *** 192.168.3.17 Et1/0 - up/up
** MPLS-TE via PE-MGT ** 192.168.3.17 Et1/3 - up/up
Displayed 2 (of 2) heads, 0 (of 0) midpoints, 2 (of 2) tails
PE31#
Thanks again for your fast help. I told my colleauges about you and your immense knowledge,patience and your explanations as well. Not for once did you just ignore any of the posts that took up. You always follow up until the other person is happy with ur answer
10-21-2011 07:48 AM
Hello Kishore,
Right, you see 4 MPLS-TE tunnels because of their unidirectional nature. As the bottom line says:
Displayed 2 (of 2) heads, 0 (of 0) midpoints, 2 (of 2) tails
You have yourself defined two tunnels, so these are the headends. The opposite router also has two tunnels terminated on your router, identified here as the tailends.
Regarding your kind words... I am speechless. Thank you, most sincerely!
Best regards,
Peter
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide