BRI is up, spoofing

Answered Question
May 16th, 2007

Hi all, I am a little confused when it comes to BRI/PRI sppofing itself.

I found this information on another forum:

"The layer 2 protocol does not have a peer to communicate with when there is no phone call / connection established. Normally, the absence of a layer 2 peer would cause the protocol to go 'down.'

Here, "spoofing" infers that they layer 2 protocol is being 'fooled' internally to think that there is a connection to a peer when in fact there is no connection, because there hasn't been any phone call placed yet.

When you establish the connection, the 'spoofing' should go away because a real layer 2 peer will now be available to keep the protocol 'up.'"

My question is, why does the layer 2 protocol need to be 'fooled' in the first place? What would be the problem if the layer 2 protocol knew that the line protocol was down?

My thought is that perhaps it would think that the connection is broken therefore unusable which in turn would ruin the idea of using it as a dial backup. Is that at all correct?

I have this problem too.
0 votes
Correct Answer by Richard Burts about 9 years 6 months ago

Will

Your understanding is pretty close to exact. Lets start from a basic operation in IOS: if an interface is up then IOS puts the subnet of that interface into the routing table as a connected subnet and IOS now knows that it can get to anything within that subnet by going through that interface. In IOS when an interface goes down, then IOS removes the subnet of that interface from the routing table and does not use that interface to get anything in that subnet.

If we understand that basic operation then we can better understand the spoofing of the BRI. If there is no call active on the BRI then there is no layer 2 (data link layer) connectivity and the interface would normally be down and therefore the subnet would be removed from the routing table. And therefore the BRI would not function for dial backup because the IOS does not think that it can reach anything through the BRI because it is not in the routing table.

So the BRI spoofs. It acts like it is up even when it is logically down. It remains in the routing table even though there is really no layer 2 connection. And so dial backup works because the BRI is spoofing.

HTH

Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.4 (5 ratings)
Loading.
Correct Answer
Richard Burts Wed, 05/16/2007 - 16:51

Will

Your understanding is pretty close to exact. Lets start from a basic operation in IOS: if an interface is up then IOS puts the subnet of that interface into the routing table as a connected subnet and IOS now knows that it can get to anything within that subnet by going through that interface. In IOS when an interface goes down, then IOS removes the subnet of that interface from the routing table and does not use that interface to get anything in that subnet.

If we understand that basic operation then we can better understand the spoofing of the BRI. If there is no call active on the BRI then there is no layer 2 (data link layer) connectivity and the interface would normally be down and therefore the subnet would be removed from the routing table. And therefore the BRI would not function for dial backup because the IOS does not think that it can reach anything through the BRI because it is not in the routing table.

So the BRI spoofs. It acts like it is up even when it is logically down. It remains in the routing table even though there is really no layer 2 connection. And so dial backup works because the BRI is spoofing.

HTH

Rick

voiper_99 Wed, 05/16/2007 - 16:56

Rick you have once again provided me with an excellent and clear explanation. Thank you very much.

Your idea of referring back to basic IOS functionality was brilliant, great work.

Richard Burts Wed, 05/16/2007 - 17:05

Will

Thank you for the compliment. I am really glad when my answers help people to understand what is going on in the network. And thanks for the rating.

HTH

Rick

voiper_99 Wed, 05/16/2007 - 18:48

I just have one other question. I have a site where the ADSL is currently down (Dialer 1) and the backup ISDN is up (Dialer 2), however, the output is as follows:

Dialer1 is up (spoofing), line protocol is up (spoofing)

Dialer2 is up, line protocol is up (spoofing)

Async1 is up, line protocol is up

How come Dialer 2 is still spoofing if that is the interface currently being use? Or perhaps Aysnc1 is the one being used?

(As you can probably tell I did not put this config together. I have started a new job and am currently learning the network so that I can take over in a few months). I am reluctant to paste the config in here due to confidentiality.

EDIT: I think I see what is happening here. Would I be correct in saying that the Dialer interface is always spoofed but the interface to which it is bound to is not?

The reason why I came to this conclusion is because I looked at another service which is working on ADSL and the Dialer 1 interface is spoofed as up and the Virtual Access port it is bound to is up.

Either way, this leads me to another question. If a preferred dialer is spoofed as up but in actual fact it is not working then how does the router know to use its backup dialer? Wouldn't it continue trying to use Dialer 1 because it sees it as being up?

Richard Burts Wed, 05/16/2007 - 19:02

Will

I believe that your understanding about the dialer spoofing is correct.

I believe that how it handles a situation where the preferred dialer has a problem depends on the nature of the problem. If the router can detect that there is a problem at layer 1 or at layer 2 (especially effective with ISDN where the router is using the D channel to communicate with the ISDN switch) then it marks the interface down and will not attempt to use it. Otherwise I believe that the router would attempt to use the preferred dialer and if it did not work then the router falls back to the backup dialer.

HTH

Rick

voiper_99 Wed, 05/16/2007 - 19:07

But what is confusing me is that the ADSL (Dialer 1) is down at one of my sites yet it is still being spoofed as up. If the router knows that it has no CD with the DSLAM, shouldn't it know that the interface should be completely down and not spoofed because the networks will be unreachable until the ADSL returns?

By the way, I could really use your input over at my other conversation if you have time :)

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=LAN%2C%20Switching%20and%20Routing&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40.1dde84cc

bjornarsb Fri, 05/18/2007 - 11:51

Hi,

One question:

Is it possible to configure release of ipcp negotiated address when interface is spoofing ?

BR,

Bjornarsb

Richard Burts Fri, 05/18/2007 - 12:09

Bjornarsb

Perhaps I do not understand something in your question correctly. I do not have a router to check it on right now but I believe that the IPCP negotiates an address when the PPP connection is being established. And that when the PPP connection is being torn down that the address is released. No configuration is necessary for this.

If that is not what you were asking then perhaps you can clarify your question.

HTH

Rick

bjornarsb Fri, 05/18/2007 - 13:05

Hi,

We are using the new 3g card from cisco.

The case is that even if cellular 0/0/0 is down, the dialer 1 still has its ipcp address even if its spoofing.

When it dials after a while (after idle-timeout) it gets a new ip. Thats actually our problem. The dialer have an ip and ipcp tries to apply a new one without success.

I have found a cmd that migth help us:

int dialer 1

ip add neg previuos.

I will try that cmd on monday.

BR,

Bjornarsb

Actions

This Discussion