Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

ASK THE EXPERT INTERIOR DYNAMIC ROUTING PROTOCOLS

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to get an update on the interior dynamic routing protocols, RIPv2, OSPF and EIGRP with Cisco expert Edison Ortiz. Edison is a Network Consulting Engineer with the Advanced Services team. His team concentrates on supporting the New York Financial companies in terms of network design, deployment and troubleshooting.

Remember to use the rating system to let Edison know if you have received an adequate response.

Edison might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through August 8, 2008. Visit this forum often to view responses to your questions and the questions of other community members.

44 REPLIES
joe Bronze
Bronze

Re: ASK THE EXPERT INTERIOR DYNAMIC ROUTING PROTOCOLS

Hello Edison and thank you for taking the time to host this "ask the experts" forum.

I have two questions related to OSPF.

1. How do large enterprises often handle the placement of Area 0 (backbone)?

I have heard differing opinions from engineers who have worked on larger OSPF networks than I have had a chance to. Such suggestions include making the WAN area 0, as it could possibly be the only central area capable of being a backbone, etc.

2. How often in production do companies actually utilize the OSPF areas other than standard and the backbone area, such as STUB, NSSA, and the STUB and NSSA totally?

Thank you,

Joe

Hall of Fame Super Bronze

Re: ASK THE EXPERT INTERIOR DYNAMIC ROUTING PROTOCOLS

Hi Joe,

Good to see you here other than groupstudy :)

1. Area 0 placement is often driven by customer requirement.

If the WAN service is reliable and fast, extending Area 0 to the remote WAN router interface is often recommended. This router can act as ABR with its LAN interface running a non-zero area so summarization and filtering can be perform there.

If the WAN service isn't reliable, Area 0 is often limited to the LAN (DataCenter) and the WAN router at the DataCenter acting as ABR/ASBR.

With today's merging and acquisitions, you can also find large networks with several area 0, that are redistributed into another routing protocol (usually BGP). I haven't seen virtual-link or GRE tunneling to fix this design issue.

In short, when you see an enterprise design, you have to know the history of that enterprise to understand why OSPF was configured that way.

2.

I've seen stub, nssa and stub-nssa in several networks. As I mentioned, virtual link is one of the OSPF features that isn't used as much.

HTH,

__

Edison.

Community Member

Re: ASK THE EXPERT INTERIOR DYNAMIC ROUTING PROTOCOLS

Hi

Recently one of our service provider has started to provide us high speed E1 links on MPLS network .Our network is running OSPF as a routing protocol with area 0 ip addressing 10.175.x.x what the SP is asking us to create a new AREA 0 for super AREa 0 for MPLS can you please advise some easy and best practise to make this possible

Hall of Fame Super Bronze

Re: ASK THE EXPERT INTERIOR DYNAMIC ROUTING PROTOCOLS

Hi Faisal,

I hope you are doing well.

Your query is more inclined towards MPLS Best Practice and I'm afraid I'm not such an expert on MPLS at the moment :)

However, I've been reading a little bit on MPLS and MPLS VPN superbackbone can be accomplished with OSPF Sham Link.

I hope this URL

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t8/feature/guide/ospfshmk.html

can offer some idea regarding the ISP requirement.

HTH,

__

Edison.

Hall of Fame Super Silver

Re: ASK THE EXPERT INTERIOR DYNAMIC ROUTING PROTOCOLS

Hello Edison and Faisal,

in order to be able to build a so called Superbackbone area 0 the service provider needs to use the same OSPF process-id on all VPN sites and PE-CE links are in area 0.

Most of the complexity is on the service provider side.

OSPF LSAs are carried inside special BGP extended communities in MP-BGP.

On the customer side configuration is straightforward with the links to the PE(s) being in area 0.

If all is well configured is possible to see other VPN sites routes as O and O IA as they were connected through the backbone area.

OSPF sham-link is something more complex that helps to deal with horizontal inter-site links, between otherwise separated VPN sites.

They are a derivation of virtual-links in the way they are configured.

Hope to help

Giuseppe

Hall of Fame Super Bronze

Re: ASK THE EXPERT INTERIOR DYNAMIC ROUTING PROTOCOLS

Hello Guiseppe,

Thanks for your valuable input

Regards

__

Edison.

Hall of Fame Super Silver

Re: ASK THE EXPERT INTERIOR DYNAMIC ROUTING PROTOCOLS

Hello Edison,

I hadn't seen that in another post you had explained the usage of sham-links

Best Regards

Giuseppe

Hall of Fame Super Bronze

Re: ASK THE EXPERT INTERIOR DYNAMIC ROUTING PROTOCOLS

Hi Giuseppe,

Not a problem. Again, thanks for your contribution.

__

Edison.

Community Member

Re: ASK THE EXPERT INTERIOR DYNAMIC ROUTING PROTOCOLS

I am in the process of deploying a BGP core MPLS network with OSPF LANS at 5 locations. Each LAN location has Internet access, also.

I would like to deploy an IPSEC tunnel to each location, via the Internet lines, keeping the IPSEC network OSPF 0 Area; my dilema is to prefer the BGP redistribution point for primary traffic preference, not the IPsec TUN pipes. Of course the TUN pipes would be in place for redundancy purposes only

I'd like to see what your thoughts on this was.

Richard

Hall of Fame Super Bronze

Re: ASK THE EXPERT INTERIOR DYNAMIC ROUTING PROTOCOLS

I understand your dilemma.

The IPSec Tunnel traffic will be preferred since they are intra-area routes vs external routes that are learned via the MPLS network.

I hate being repetitive :) but the OSPF Sham Link addresses this issue.

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t8/feature/guide/ospfshmk.html

I'm currently reading MPLS Fundamentals http://www.amazon.com/MPLS-Fundamentals-Luc-Ghein/dp/1587051974/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217109078&sr=8-1 and there is a chapter on that book that addresses this scenario. I highly recommend you taking a look.

HTH,

__

Edison.

Community Member

Re: ASK THE EXPERT INTERIOR DYNAMIC ROUTING PROTOCOLS

Thank you for your prompt response! The links will solve my requirement!

Richard

Hall of Fame Super Bronze

Re: ASK THE EXPERT INTERIOR DYNAMIC ROUTING PROTOCOLS

Richard,

I'm glad I was able to help. Feel free to come back if you have any other questions.

Regards,

__

Edison.

Community Member

Re: ASK THE EXPERT INTERIOR DYNAMIC ROUTING PROTOCOLS

Hi Edison,

Recently we installed ATM to frame-relay link on 3845 router with 12.4(17). The EIGRP did not establish. We were asked to change the MTU size to 1500 and EIGRP started working.

Can you please help me to understand the logic, why we need to change MTU size

Hall of Fame Super Bronze

Re: ASK THE EXPERT INTERIOR DYNAMIC ROUTING PROTOCOLS

Hi Dhanasekaran,

It's very odd that you encountered a problem with MTU and EIGRP as the routing protocol.

EIGRP, unlike OSPF, does not use MTU for neighbor adjacency.

I tried to lab it up and see if it breaks and I unable to duplicate your problem.

I configured 2 routers in Frame-Relay and changed the IP MTU and interface MTU size on R1, see below:

interface Serial1/0

mtu 1400

ip address 192.168.12.1 255.255.255.0

encapsulation frame-relay

serial restart-delay 0

frame-relay map ip 192.168.12.2 102 broadcast

no frame-relay inverse-arp

Rack1R1#sh ip int s1/0 | i MTU

MTU is 1400 bytes

!

Rack1R1#sh int s1/0 | i MTU

MTU 1400 bytes, BW 1544 Kbit, DLY 20000 usec,

___

interface Serial1/0

ip address 192.168.12.2 255.255.255.0

encapsulation frame-relay

serial restart-delay 0

frame-relay map ip 192.168.12.1 201 broadcast

no frame-relay inverse-arp

end

Rack1R2#sh int s1/0 | i MTU

MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,

!

Rack1R2#sh ip int s1/0 | i MTU

MTU is 1500 bytes

Rack1R2#

Rack1R2#sh ver | i IOS

Cisco IOS Software, 3600 Software (C3640-IK9S-M), Version 12.4(17), RELEASE SOFTWARE (fc1)

!

Rack1R2#sh ip eigrp ne

IP-EIGRP neighbors for process 1

H Address Interface Hold Uptime SRTT RTO Q Seq

(sec) (ms) Cnt Num

0 192.168.12.1 Se1/0 167 00:05:49 1249 5000 0 6

!

Rack1R2#sh ip route eigrp

10.0.0.0/32 is subnetted, 1 subnets

D 10.1.1.1 [90/2297856] via 192.168.12.1, 00:06:02, Serial1/0

HTH,

__

Edison.

Community Member

Re: ASK THE EXPERT INTERIOR DYNAMIC ROUTING PROTOCOLS

Hi Edison,

Thanks for your Inputs. The problem of MTU occurs only when we have an ATM to Frame relay connection and not on Frame relay to frame relay

To be more specific it happens when we have a T3 card for ATM. We have faced the same problem in more than 1 occassion.

We make the eigrp to establish only by adding the MTU size. Hope I am more specific now on my problem.

Hall of Fame Super Bronze

Re: ASK THE EXPERT INTERIOR DYNAMIC ROUTING PROTOCOLS

Hi Dhanasekaran,

Thanks for supplying the additional information.

The ATM MTU (4470) is larger than the traditional Frame-Relay MTU (1500) and due to this default behavior, the hellos are being fragmented when going from large MTU to lower MTU.

The correct configuration is having the MTU set the same at both ends in order to avoid fragmentation.

HTH,

__

Edison.

Community Member

Re: ASK THE EXPERT INTERIOR DYNAMIC ROUTING PROTOCOLS

Thanks Edison, Now it makes sense.

Hall of Fame Super Bronze

Re: ASK THE EXPERT INTERIOR DYNAMIC ROUTING PROTOCOLS

Hi Dhanasekaran,

I'm glad that I was able to describe the behavior on EIGRP problem.

Please come back if you have any other questions.

Regards,

__

Edison.

Silver

Re: ASK THE EXPERT INTERIOR DYNAMIC ROUTING PROTOCOLS

Hi Edison,

I have a router in my segment that is not on the same subnet. I want this router to receive updates, how can I make this work?

Thanks

Tom

Hall of Fame Super Bronze

Re: ASK THE EXPERT INTERIOR DYNAMIC ROUTING PROTOCOLS

Hi Tom,

I believe you can accomplish this requirement with RIPv2 by disabling the validation of the source address, please see:

http://www.cisco.com/en/US/docs/ios/iproute/configuration/guide/irp_cfg_info_prot_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1055293

HTH,

__

Edison.

Re: ASK THE EXPERT INTERIOR DYNAMIC ROUTING PROTOCOLS

Hello Edison,

Thanks for taking time to host this event! My question is how do you usually recommend securing a routing protocol, and its functionality? I know authentication is a pretty common method but what about using ACL's and/or QoS? Is this a common practice or just going overboard?

Thanks,

Mark

Hall of Fame Super Bronze

Re: ASK THE EXPERT INTERIOR DYNAMIC ROUTING PROTOCOLS

Hi Mark,

Authentication is the recommended best practice for securing routing protocols. If you want to add an additional level of security, you can have the IGP configured for unicast instead of multicast by using the neighbor command under the routing process.

HTH,

__

Edison.

Re: ASK THE EXPERT INTERIOR DYNAMIC ROUTING PROTOCOLS

if i have ospf

and laso i have

ip route 0.0.0.0 0.0.0.0 [next hop]

when i redistribute the static default route

dose not apear on the ospf routing table even not as a default route

unless i use default information originate

any idea ?

Hall of Fame Super Bronze

Re: ASK THE EXPERT INTERIOR DYNAMIC ROUTING PROTOCOLS

Hi Marwan,

The redistribution of a static default route into OSPF is not allowed by the protocol.

Default-information originate allows you to inject a default route into OSPF if the router has a 0.0.0.0 route on its routing table.

If the router does not have a 0.0.0.0 route on its routing table, you must use the command Default-information originate always

HTH,

__

Edison.

Community Member

Re: ASK THE EXPERT INTERIOR DYNAMIC ROUTING PROTOCOLS

I really need an expert opinion on this. What is the difference between these two topologies?

Area1-------Area0-------Area1

And

Area1-------Area0-------Area2

I understand LSA type 1,2,3 are area specific. Why should I change the Area numbers because the areas 1 are not directly connected.

Can someone describe this.

Hall of Fame Super Bronze

Re: ASK THE EXPERT INTERIOR DYNAMIC ROUTING PROTOCOLS

While the first example is not considered "Best Practice" in OSPF design, they both produce the same result.

In the first example, routes originated in the leftmost Area1 will be seen as LSA Type 3 routes (IA) in the rightmost Area1 and vice-versa as they are connected via a backbone area.

On the backbone area, the router(s) facing the leftmost Area1 will see routes from that area as intra-area route while the router(s) facing the rightmost Area1 will see the same routes as inter-area routes.

Here is a little example I put together in the lab:

SW1(Area1)<->R1(Area0)<->R2(Area0)<->R3(Area1)

I'm advertising loopback0 from R3 (150.1.3.3)

Rack1R2#sh ip route os

O IA 192.168.17.0/24 [110/65] via 192.168.12.1, 00:09:59, Serial1/0

150.1.0.0/32 is subnetted, 1 subnets

O 150.1.3.3 [110/65] via 192.168.23.3, 00:09:59, Serial1/1

Rack1R1#sh ip route os

O IA 192.168.23.0/24 [110/128] via 192.168.12.2, 00:10:35, Serial1/0

150.1.0.0/32 is subnetted, 1 subnets

O IA 150.1.3.3 [110/129] via 192.168.12.2, 00:10:25, Serial1/0

Rack1SW1#sh ip route os

O IA 192.168.12.0/24 [110/65] via 192.168.17.1, 00:11:16, Vlan1

O IA 192.168.23.0/24 [110/129] via 192.168.17.1, 00:11:16, Vlan1

150.1.0.0/32 is subnetted, 1 subnets

O IA 150.1.3.3 [110/130] via 192.168.17.1, 00:10:58, Vlan1

HTH,

__

Edison.

Community Member

Re: ASK THE EXPERT INTERIOR DYNAMIC ROUTING PROTOCOLS

Hi. Do you speak spanish? I have a question but my english is not good.

Hall of Fame Super Bronze

Re: ASK THE EXPERT INTERIOR DYNAMIC ROUTING PROTOCOLS

Me defiendo un poco.

__

Edison.

Community Member

Re: ASK THE EXPERT INTERIOR DYNAMIC ROUTING PROTOCOLS

Muchas gracias.

Tengo una consulta puntual:

Tengo un router, con 2 WAN hacia 2 puntos distintos, ambas levantan EIGRP 100.

Ademas, este router tiene una lan local

En el proceso eigrp, basicamente puse esto:

router ei 100

red conn route-map CONECTADAS

network X.X.X.X A.A.A.B

network Y.Y.Y.Y A.A.A.B

no auto

route-map CONECTADAS permit 10

set tag 100

Basicamente lo que hago es que a las conectadas le ponga el tag 100, y despues poder usar esa info para filtrado, etc.

El punto es que al la LAN la veo con el TAG, pero a ninguna de las 2 WAN las veo con el TAG.

Si me paro en uno de los remotos de este equipo, y pregunto por la lan me dice que la ve via la serial XXXXX y tag 100, y el resto de las cosas.

Si pregunto por la WAN que los une, me dice que la ve directamente conectada sin el TAG.

Lo mas curuiso aun es que si pregunto por la WAN del remoto contra el otro router, me dice que la ve por EIGRP por la serial XXXXX pero sin el TAG.

Para probar que no sea un error de configuracion, a esta ultimna WAN (que no es la del router que estoyu parado) la saque del network de eigrp. Y ahi si, vi el TAG, que lo conozco via EIGRP por la WAN del router que estoy parado.

Obviamente, esto no me sirve, porque necesito que el eigrp esté levantado en ambas seriales.

La pregunta es como hago para ver el TAG de una conectada, cuando esta conectada está participando del proceso de EIGRP? O, CISCO boys, si la conectada es CONECTADA, por que cuando esa conectada está en un proceso EIGRP deja de tener ciertas características como, por ejemplo, lo del TAG.

Se entiende?

Espero no haberlos aburrido.

Grcs y slds

165
Views
68
Helpful
44
Replies
CreatePlease to create content