Ask the VIP Event: Unicast IP Routing Protocols - Page 3

ciscomoderator · ‎10-07-2011

With Peter Palúch

Welcome to the Cisco Support Community Ask the Expert conversation. This is an opportunity to get expert insights and learn about Unicast IP routing protocols with Cisco Designated VIP Peter Palúch. Peter Palúch is an assistant professor and a Cisco Networking Academy instructor at the University of Zilina, Slovakia. His fields of interest include routing, switching, and MPLS technologies. He is a seasoned teacher who has cooperated in various educational activities in Slovakia and abroad, focusing particularly on networking and Linux-based network server systems. Peter holds a doctoral degree in the area of VoIP quality degradation factors; he also holds CCIP certification and CCIE certification (#23527) in Routing & Switching.

Remember to use the rating system to let Peter know if you have received an adequate response.

Peter might not be able to answer each question due to the volume expected during this event. Remember that you can continue the conversation on the Network Management discussion, discussion forum shortly after the event. This event lasts through October 21, 2011. Visit this forum often to view responses to your questions and the questions of other community members.

JIRI GRYGAREK · ‎10-18-2011

Hello Peter

I have read in documentation, that I can speed-up OSPF convergence by using prefix suppression feature. I tried it in our lab, but when I put in configuration

router ospf 1

network ...

prefix suppression

all OSPF networks was gone from the routing table. What am I doing wrong? At least stub networks and loopbacks should remain.

Sincerely, Jiri

Peter Paluch · ‎10-18-2011

Hello Jiri,

Nice to hear from you again!

To be completely exact about the prefix suppression technique, I will be quoting its description from the following URL here:

http://www.cisco.com/en/US/docs/ios/iproute_ospf/configuration/guide/iro_ex_lsa_ps10591_TSD_Products_Configuration_Guide_Chapter.html

The OSPF mechanism to exclude connected IP prefixes from LSAs allows network administrators to control what IP prefixes are installed into LSAs. This functionality is implemented for router and network LSAs in the following manner:

For the router LSA, to exclude prefixes, the feature excludes link type 3 (stub link).
For the network LSA, the OSPF Designated Router (DR) generates LSAs with a special /32 network mask (0xFFFFFFFF).

Subsequently, the guide indicates:

Prefixes that are associated with loopbacks, secondary IP addresses, and passive interfaces are excluded because typical network designs require those to remain reachable.

In this particular statement, the word "excluded" actually means excluded from the prefix suppression feature, i.e. being advertised even with prefix suppression activated.

In other words, after configuring the prefix suppression globally in the OSPF configuration, the router will advertise only the following directly connected prefixes:

Loobpacks
Secondary IP addresses
Passive interfaces

of course assuming that these interfaces are assigned to the particular OSPF process.

I have confirmed this in Dynamips running 2691 12.4(15)T13 Advanced IP Services IOS - the behavior aligned perfectly with the description.

all OSPF networks was gone from the routing table. What am I doing wrong? At least stub networks and loopbacks should remain.

This surprises me. The loopbacks should not have disappeared from your routing tables if they were advertised before configuring the prefix suppression. Physical directly-connected networks are supposed to disappear - you have to manually declare the interfaces as passive in order to have them advertised if the prefix suppression is active. The router will not automatically advertise an interface's network just because it is considered a stub network (i.e. no other OSPF neighbors detected).

What is the IOS version you were using when performing these experiments? Also, would you mind posting your entire configuration so I can try to reproduce the problem? Thank you!

Best regards,

Peter

JIRI GRYGAREK · ‎10-19-2011

Hello,

thank you for your explanation. I am trying it in the Dynamips now and it is working as expected

Previously I have tried it on the real boxes (C2801, 12.4(24)T5).

I will try it again, but I do not have original configs, Maybe it is some intermittent issue.

Regards, Jiri

Peter Paluch · ‎10-19-2011

Hello Jiri,

thank you for your explanation. I am trying it in the Dynamips now and it is working as expected

Well, controlled experiments usually work to the great dismay of everyone trying to show a problematic scenario

Previously I have tried it on the real boxes (C2801, 12.4(24)T5). I will try it again

Please do, and let us know about the results. Thank you!

Best regards,

Peter

JIRI GRYGAREK · ‎10-19-2011

Hello Peter,

yesterday I built this again in our lab, but no problem occured. I am not able to replicate exactly the last lab, I do not have original configurations, and there was more OSPF features turned on.

Sorry for bothering you for nothing.

Jiri

Peter Paluch · ‎10-20-2011

Hi Jiri,

I do not consider this "a bothering" at all - quite on the contrary, I enjoyed replicating the issue and researching the existing documents about the OSPF Prefix Suppression feature! There is absolutely no reason to apologize. I am glad you've joined the discussion.

Please feel welcome anytime to discuss any networking issues here on Cisco Support Community website - either in this thread while it is still open, or in appropriate CSC section anytime in the future.

Best regards,

Peter

Peter Paluch · ‎10-19-2011

Hello Kishore,

I am replying in a new subthread as the depth of our original thread was so deep that reading the posts was not practical anymore.

The results of your PING experiments are identical to the symptoms I have experienced with my buggy IOS where the L2TP-encapsulated packets always had the DF-bit set. An original packet with the size of at least 1463 bytes resulted in the total packet length of at least 1501 bytes after encapsulation - however, having the DF-bit set, this new packet was prohibited from being fragmented on the encapsulating router and had to be dropped. In addition, the ICMP Packet-too-big messages were sent only if the original packet had the DF-bit set, and were suppressed otherwise. Furthermore, as I explained earlier, we should not expect EIGRP to actually honor the Packet-too-big messages.

To me, this appears to be an IOS bug. Do you believe you could upgrade the IOS running on your 3845 routers that terminate the L2TP PW? You are currently running 12.4(20)YA which is a short-lived train. I would recommend trying a suitable 12.4T image - personally I recommend trying the 12.4(24)T5 SP SERVICES. According to the Feature Navigator, the 12.4(24)T5 should contain practically all features of your YA image and should fit in 256/64 DRAM/FLASH just like your current YA, except a few features unique to the YA version, in particular:

ATM LANE Fast Simple Server Redundancy Protocol (LANE Fast SSRP)

BGP Neighbor Policy

Circuit Emulation over IP (CEoIP)

Disabling LANE Flush Process

Dynamic Multipoint VPN (DMVPN) Phase 1

Flexible NetFlow - IPv6 Unicast Flows

IP SLAs RTP Based VoIP Operation

LANE dCEF

LANE Optimum Switching

Multiprotocol over ATM (MPOA)

Multiprotocol over ATM for Token Ring (MPOA)

NAT - Scalability for Stateful NAT

PPPoE Circuit-ID Tag Processing

SSRP for LANE

Token Ring LANE

I doubt you are using any of these. Would an IOS upgrade be an option for you? Please note that ideally, the IOS should be upgraded on both 3845 routers.

Best regards,

Peter

Leo Laohoo · ‎10-19-2011

Wow! You're actually still AWAKE at this time of the hour in Europe???? Amazing!

Peter Paluch · ‎10-19-2011

Hi Leo,

Yes, I am still awake As this event has roughly two more days to live, I want to make the most of it. Nice of you to drop by, thank you!

Best regards,

Peter

Kishore Chennupati · ‎10-21-2011

Hi Peter,

Today is the last day of your "Ask the Expert" so I thought i will ask you one last question here. Hope you dont mind

I am doing some testing on mpls tunnels on a 7200 image on GNS3.. Now, it's a simple set up. I am uploadig my topo here.

I have 2 tunnels.

1. dynami tunnel from PE31-P1-P32 which comes up fine.

2. explicit path going via PE31-PE-MGT-PE32.

Now the second tunnel always remains down and shows me the following error.

Name: ** MPLS-TE via PE-MGT (Tunnel1) Destination: 192.168.3.33

Status:

Admin: up Oper: down Path: not valid Signalling: Down

path option 1, type explicit PE31-PE_MGT-PE32

Config Parameters:

Bandwidth: 100 kbps (Global) Priority: 2 2 Affinity: 0x0/0xFFFF

Metric Type: TE (default)

AutoRoute: enabled LockDown: disabled Loadshare: 100 bw-based

auto-bw: disabled

History:

Tunnel:

Time since created: 8 minutes, 18 seconds

Path Option 1:

Last Error: PCALC:: Explicit path has unknown address, 192.168.5.50

PE31#sh ip route 192.168.5.50

Routing entry for 192.168.5.48/30

Known via "connected", distance 0, metric 0 (connected, via interface)

Routing Descriptor Blocks:

* directly connected, via Ethernet1/3

Route metric is 0, traffic share count is 1

PE31#sh ip explicit-paths

PATH PE31-PE_MGT-PE32 (strict source route, path complete, generation 5)

1: next-address 192.168.5.50

3: next-address 192.168.4.1

4: next-address 192.168.3.33 <<< destination of the tunnel.

PE31#

Why is it showing me unknown address although its on the directly connected subnet

PE31#show mpls traffic-eng topology | inc 192.168.5.50 <<< in the topology

link[1 ]:DR Intf Address: 192.168.5.50, gen:2

IGP Id: 192.168.5.50, Network Nod

Regards,

Kishore

Peter Paluch · ‎10-21-2011

Hi Kishore,

I thought i will ask you one last question here. Hope you dont mind

You are welcome In fact, I wish this event could last a little longer. These two weeks went by too quickly. Perhaps I will get the honor and opportunity of hosting a similar event sometime later again.

Regarding your problem: is the mpls traffic-eng tunnel command used on the PE31 Ethernet1/3 and PE-MGMT Ethernet1/0 interfaces? The show mpls traffic-eng topo is currently filtered in your post so it is hard to say who is advertising the 192.168.5.50 link.

Also, are you properly running a TE-enabled IGMP along the PE31/PE-MGMT/PE32 path?

Can you perhaps post the configuration of the PE31 and PE-MGMT? Thank you!

Best regards,

Peter

Kishore Chennupati · ‎10-21-2011

hi peter, i wish your event was always there forver so that we all can learn so much from you. The configs are here

++++ PE31

PE31#sh run

Building configuration...

Current configuration : 4996 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname PE31

!

boot-start-marker

boot-end-marker

!

no aaa new-model

ip subnet-zero

!

no ip domain lookup

!

ip vrf CustA

rd 100:101

export map NMS_CustA

route-target export 100:101

route-target import 100:101

route-target import 100:501

!

ip vrf Test

rd 100:79

route-target export 100:79

route-target import 100:79

!

ip cef

mpls traffic-eng tunnels

no tag-switching ip propagate-ttl

!

class-map match-all REALTIME

match ip precedence 5

class-map match-all INTERACTIVE

match ip precedence 3

!

policy-map QOS_INGRESS

class REALTIME

police cir 512000

conform-action set-mpls-exp-imposition-transmit 5

exceed-action drop

class INTERACTIVE

police cir 128000

conform-action set-mpls-exp-imposition-transmit 3

exceed-action drop

class class-default

police cir 100000

conform-action set-mpls-exp-imposition-transmit 0

exceed-action drop

!

interface Loopback0

ip address 192.168.3.17 255.255.255.255

!

interface Loopback1

ip vrf forwarding Test

ip address 1.1.1.1 255.255.255.255

!

interface Loopback2

ip vrf forwarding CustA

ip address 2.2.2.2 255.255.255.255

!

interface Tunnel0

description ** MPLS-TE via P1 ***

ip unnumbered Loopback0

tunnel destination 192.168.3.33

tunnel mode mpls traffic-eng

tunnel mpls traffic-eng autoroute announce

tunnel mpls traffic-eng priority 1 1

tunnel mpls traffic-eng bandwidth 256

tunnel mpls traffic-eng path-option 1 dynamic

!

interface Tunnel1

description ** MPLS-TE via PE-MGT

ip unnumbered Loopback0

tunnel destination 192.168.3.33

tunnel mode mpls traffic-eng

tunnel mpls traffic-eng autoroute announce

tunnel mpls traffic-eng priority 2 2

tunnel mpls traffic-eng bandwidth 100

tunnel mpls traffic-eng path-option 1 explicit name PE31-PE_MGT-PE32

!

interface FastEthernet0/0

no ip address

shutdown

duplex half

!

interface Ethernet1/0

description ***** Link to P1

ip address 192.168.3.49 255.255.255.240

duplex full

mpls label protocol ldp

mpls traffic-eng tunnels

tag-switching mtu 1512

tag-switching ip

ip rsvp bandwidth 1000

!

interface Ethernet1/1

description ****** Link to CE31B

ip address 150.3.31.34 255.255.255.240

duplex full

!

interface Ethernet1/2

description ***** Link to CE31A

ip vrf forwarding CustA

ip address 150.3.31.18 255.255.255.248

duplex full

service-policy input QOS_INGRESS

!

interface Ethernet1/3

description *** LInk to PE-MGT1

ip address 192.168.5.49 255.255.255.252

duplex full

mpls label protocol ldp

mpls traffic-eng tunnels

tag-switching ip

ip rsvp bandwidth 1000

!

interface GigabitEthernet3/0

no ip address

shutdown

negotiation auto

!

router ospf 1

mpls traffic-eng router-id Loopback0

mpls traffic-eng area 0

log-adjacency-changes

network 192.168.3.0 0.0.0.255 area 0

network 192.168.5.0 0.0.0.255 area 0

!

router bgp 65001

bgp log-neighbor-changes

neighbor 192.168.3.33 remote-as 65001

neighbor 192.168.3.33 update-source Loopback0

neighbor 192.168.100.1 remote-as 65001

neighbor 192.168.100.1 update-source Loopback0

!

address-family ipv4

neighbor 192.168.3.33 activate

neighbor 192.168.100.1 activate

no auto-summary

no synchronization

exit-address-family

!

address-family vpnv4

neighbor 192.168.3.33 activate

neighbor 192.168.3.33 next-hop-self

neighbor 192.168.3.33 send-community both

neighbor 192.168.100.1 activate

neighbor 192.168.100.1 next-hop-self

neighbor 192.168.100.1 send-community both

exit-address-family

!

address-family ipv4 vrf Test

no auto-summary

no synchronization

exit-address-family

!

address-family ipv4 vrf CustA

redistribute static

neighbor 150.3.31.17 remote-as 65031

neighbor 150.3.31.17 activate

neighbor 150.3.31.17 as-override

neighbor 150.3.32.17 remote-as 65031

no neighbor 150.3.32.17 activate

default-information originate

no auto-summary

no synchronization

exit-address-family

!

ip classless

ip route vrf CustA 0.0.0.0 0.0.0.0 150.3.31.17

no ip http server

no ip http secure-server

!

ip explicit-path name PE31-PE_MGT-PE32 enable

next-address 192.168.5.50

index 3 next-address 192.168.4.1

next-address 192.168.3.33

!

access-list 10 permit 2.2.2.2 log

!

route-map NMS_CustA permit 10

match ip address 10

set extcommunity rt 100:500 additive

!

gatekeeper

shutdown

!

line con 0

stopbits 1

line aux 0

stopbits 1

line vty 0 4

login

!

end

+++++PE-MGT

PE-MGMT#sh run

Building configuration...

Current configuration : 2543 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname PE-MGMT

!

boot-start-marker

boot-end-marker

!

no aaa new-model

ip subnet-zero

!

ip vrf NMS

rd 100:501

route-target export 100:501

route-target import 100:500

!

ip cef

mpls traffic-eng tunnels

!

interface Loopback0

description ****** BGP peer to PE31

ip address 192.168.100.1 255.255.255.255

!

interface Loopback200

ip vrf forwarding NMS

ip address 192.168.200.1 255.255.255.255

!

interface FastEthernet0/0

no ip address

shutdown

duplex half

!

interface Ethernet1/0

description ****** Link to PE31

ip address 192.168.5.50 255.255.255.252

duplex full

mpls label protocol ldp

mpls traffic-eng tunnels

tag-switching ip

ip rsvp bandwidth 1000

!

interface Ethernet1/1

description *** Link to PE32 ***

ip address 192.168.4.2 255.255.255.252

duplex full

mpls label protocol ldp

mpls traffic-eng tunnels

tag-switching mtu 1512

tag-switching ip

ip rsvp bandwidth 1000

!

router ospf 1

log-adjacency-changes

network 192.168.4.0 0.0.0.255 area 0

network 192.168.5.0 0.0.0.255 area 0

network 192.168.100.1 0.0.0.0 area 0

!

router bgp 65001

no bgp default route-target filter

bgp log-neighbor-changes

neighbor 192.168.3.17 remote-as 65001

neighbor 192.168.3.17 update-source Loopback0

neighbor 192.168.3.33 remote-as 65001

neighbor 192.168.3.33 update-source Loopback0

!

address-family ipv4

neighbor 192.168.3.17 activate

neighbor 192.168.3.33 activate

no auto-summary

no synchronization

exit-address-family

!

address-family vpnv4

neighbor 192.168.3.17 activate

neighbor 192.168.3.17 next-hop-self

neighbor 192.168.3.17 send-community both

neighbor 192.168.3.33 activate

neighbor 192.168.3.33 next-hop-self

neighbor 192.168.3.33 send-community both

exit-address-family

!

address-family ipv4 vrf NMS

redistribute connected

no auto-summary

no synchronization

exit-address-family

!

ip classless

no ip http server

no ip http secure-server

gatekeeper

shutdown

!

line con 0

stopbits 1

line aux 0

stopbits 1

line vty 0 4

login

!

end

PE-MGMT#

Peter Paluch · ‎10-21-2011

Kishore,

I believe I see the problem. The OSPF on your PE-MGMT router is not configured with TE extensions. You need to add the following obligatory lines:

router ospf 1

mpls traffic-eng router-id Loopback0

mpls traffic-eng area 0

Try adding these lines to the PE-MGMT OSPF configuration and see whether the tunnel comes up. It may require a little time, or using the mpls traffic-eng reoptimize privileged level command may speed up the tunnel establishment.

i wish your event was always there forver so that we all can learn so much from you

Kishore, you are too kind, really. I appreciate it so much, thank you! The fact is that this event is finishing soon but I am still here on CSC, I am not going anywhere So after this event is over, just continue asking in appropriate sections of the Cisco Support Community and I or other friends here will certainly answer your questions as best as we can.

Best regards,

Peter

Kishore Chennupati · ‎10-21-2011

omg peter how did I not see it. I thought I added them on all routers.. thanks heaps for that :-) I can see th etunnels come up. I am seeing 4 Tunnels . Is it because of the unidirectional behaviour of the tunnels that I am seeing 2 in each direction? I have seen a video on youtube which shows only 2 tunnels on the PE's. Is the output IOS specific and platform specific? I am using a pretty old image 12.3.

PE31#sh mpls traffic-eng tunnels brief

Signalling Summary:

LSP Tunnels Process: running

RSVP Process: running

Forwarding: enabled

Periodic reoptimization: every 3600 seconds, next in 3579 seconds

Periodic auto-bw collection: disabled

TUNNEL NAME DESTINATION UP IF DOWN IF STATE/PROT

** MPLS-TE via P1 *** 192.168.3.33 - Et1/0 up/up

** MPLS-TE via PE-MGT 192.168.3.33 - Et1/3 up/up

** MPLS-TE via P1 *** 192.168.3.17 Et1/0 - up/up

** MPLS-TE via PE-MGT ** 192.168.3.17 Et1/3 - up/up

Displayed 2 (of 2) heads, 0 (of 0) midpoints, 2 (of 2) tails

PE31#

Thanks again for your fast help. I told my colleauges about you and your immense knowledge,patience and your explanations as well. Not for once did you just ignore any of the posts that took up. You always follow up until the other person is happy with ur answer

Peter Paluch · ‎10-21-2011

Hello Kishore,

Right, you see 4 MPLS-TE tunnels because of their unidirectional nature. As the bottom line says:

Displayed 2 (of 2) heads, 0 (of 0) midpoints, 2 (of 2) tails

You have yourself defined two tunnels, so these are the headends. The opposite router also has two tunnels terminated on your router, identified here as the tailends.

Regarding your kind words... I am speechless. Thank you, most sincerely!

Best regards,

Peter