Routing Issue over ATM link

jonlenninger · ‎10-05-2011

Hi everyone,

Thank everyone for their kind words in advance - I'm having to relive some technology Im not as familar with so Im hoping some more experienced than I could lend some information to steer me in the right direction. This was in fact working well over a serial link - routing with public IP addresses to each LAN and performing NAT at the PC facing interface - they decided to change things and now I'm here

Router 1 Router2 Router 3

FE1: 10.0.0.1 /24 DHCP Server---------FE0: 10.0.0.2 /24 FE0: 10.0.0.3 /24--------------- PC 10.0.0.200 /24 thru dhcp

FE0: WAN ATM0.10: 10.10.10.1 /24----------------ATM0.10: 10.10.10.2 /24

Keeping the PC, and both routers ethernet interfaces on the same network and forwarding all DHCP requests from the far end to the Gateway Router. Essentially forwarding all routing requests to the next hop until it gets a response from Router 1.

Should be easy I know!

I can ping to Router 1 from Router 2 and vice versa

I can ping to Router 3 over the ATM link from Router 2 and vice versa.

I can ping to Router 3 FE0 if I use a "ip route 10.0.0.140 /32 ATM0.10" in Router 2. It errors out if I try and use a /24 network or any combination.

I cannot ping anything from Router 3 except the far end ATM interface.

I cannot ping anything on the internet from Router 2 even though I can ping its LAN and other devices on the network plugged into Router 1.

I can ping to the internet on a PC plugged directly into Router 1 (so its not blocking it).

I know its something in my route statements - it has to be. I for whatever reason just aint seeing it. Anyways, here is the base code.

Router 2:

no aaa new-model

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

!

ip cef

!

controller DSL 0

mode atm

line-term co

line-mode 4-wire enhanced

line-rate 4608

!

interface ATM0

no ip address

no atm ilmi-keepalive

!

interface ATM0.10 point-to-point

ip address 10.10.10.1 255.255.255.0

no snmp trap link-status

pvc 0/10

encapsulation aal5snap

!

interface FastEthernet0

ip address 10.0.0.2 255.255.255.0

speed auto

full-duplex

!

ip route 0.0.0.0 0.0.0.0 FastEthernet0

ip route 10.0.0.0 255.255.255.0 Ethernet0 10.0.0.1

no ip http server

!

control-plane

!

line con 0

line aux 0

line vty 0 4

Router 3:

no aaa new-model

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

!

ip cef

!

controller DSL 0

mode atm

line-term cpe

line-mode 4-wire enhanced

line-rate 4608

!

interface ATM0

no ip address

no atm ilmi-keepalive

!

interface ATM0.10 point-to-point

ip address 10.10.10.2 255.255.255.0

no snmp trap link-status

pvc 0/10

encapsulation aal5snap

!

interface FastEthernet0

ip address 10.0.0.3 255.255.255.0

speed auto

full-duplex

!

ip route 0.0.0.0 0.0.0.0 ATM0.10

no ip http server

!

control-plane

!

line con 0

line aux 0

line vty 0 4

Marius Gunnerud · ‎10-05-2011

Part of the issue here is that doesn't know how to get to the network connected to R3 as its route for 10.0.0.0/24 is point toward R1.

ip route 10.0.0.0 255.255.255.0 Ethernet0 10.0.0.1

The next issue is that both LANs have the same IP address range and when sending traffic to the 10.0.0.0/24 network each LAN will think it is directly connected therefore not forwarding the traffic over the point to point link.

You could use proxy arp to solve this but that would mean you need to not lease out a given address range on both LANs.

The best solution would be to change the IP address of the LAN attached to R3 to something link 10.0.1.0/24 and then create a static route on R2 and R1 for traffic headed there.

--
Please remember to select a correct answer and rate helpful posts

jonlenninger · ‎10-06-2011

Thanks Marius,

I actually came to that conclusion shortly after posting and was working on implementing it before being forced into stopping for the night. I was overlooking that prior to this we had public ip addresses forwarded through router 2's serial (T1/DS1) link. Router 1 was essentially the ISP router. Static routes on Router 2 were in effect forwarding those to the ATM interface and assigned to the Ethernet Interface on Router 3. Why it was working then and not now. It knew where each hop was.

So the pref. method - do the following?

R1: 10.0.1.0 255.255.255.0 10.0.0.1

R2: no ip route 10.0.0.0 255.255.255.0 FE0 10.0.0.1, ip route 10.0.1.0 255.255.255.0 ATM0.10

R3: no ip address 10.0.0.3 /24, ip address 10.0.1.1 /24,

I was attempting to use proxy arp... just unsucessfully. Wanting Router 3 to send all requests to the ATM interface to Router 2 then to FE0 which would forward them on to Router 1 and vice versa. While being able to telnet to the IP address of the FE0 for managment purposes. Assuming proxy arp was enabled by default (I think I read that once years ago). When you say "not lease out a given address range on both LANs", what do you mean? No IP's assigned to the FE0 interfaces; manual addressing on the network devices, or? Just trying to understand the method. Is this the only way to "bridge" the two together on the same 10.0.0.0 /24 network over the ATM link?

Marius Gunnerud · ‎10-07-2011

What I mean by "not lease out a given address range on both LANs" is that you configure your DHCP to lease out addresses in the range 10.0.0.1 - 10.0.0.100 on the one LAN and 10.0.0.101 - 10.0.0.200 on the other and not to lease addresses that fall within each range on the other LAN (if you get my meaning).

The only time I have seen proxy arp work is when one network is using a 255.255.0.0 subnet while the other is using 255.255.255.0 subnet. In this case the 255.255.0.0 network will think that host addresses on the 255.255.255.0 are directly attached and therefore proxy arp is needed to help out.

I would assume that the same principle applies to when the same subnet is being used in both networks. However, in order for the router to use proxy arp to forward traffic, that address must not exist on the local network. So no devices on either network can have IP addresses from the other network.

I would suggest that the best method is to change the IP network range of one of the sites. This will cut out confusion incase a device is accidentally configured with an incorrect static IP and doing this will make the network more scaleable. Also if proxy arp, if not configured correctly, can cause lots of problems and open the network for DoS attacks.

--
Please remember to select a correct answer and rate helpful posts