Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to discuss Troubleshooting IP-EIGRP with Cisco expert Manish Tandon. Manish is a Senior Engineer with the IP Routing Protocols Group at the Technical Assistance Center (TAC) at Cisco Systems, Inc. He supports routing protocols like OSPF, EIGRP, BGP and MPLS. Feel free to post any questions relating to Troubleshooting IP-EIGRP & OSPF. Remember to use the rating system to let Manish know if youve received an adequate response.
Manish might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through November 21. Visit this forum often to view responses to your questions and the questions of other community members.
One of the big issues we run into in my study group is redistribution. Is there a chart or table anywhere that shows how redistribution works for each combination of protocols? I dont mean what are the commands. I am more interested in what gets redistributed in the following cases.
If I redist protocol A into B on rtr1, what happens to networks on connected interfaces that are in protocol A? Then, if I redist connected into protocol B, what happens to connected interfaces that are in protocol B?
I know some of this is documented but I also know that what happens varies in different releases. Id like to see a good summary of what happens in these cases for each combination of protocols in current releases.
Yes, we currently do not have a document which gives you a sort of chart on the behavior you mentioned. I have forwarded the request to the E-doc team who are responsible to maintaining content on CCO.
Yes, the behavior as you mentioned differs for "redistributed connected". Other redistributes(of one protocol to another) should show the same behavior i.e an external being populated in the database depending on whats in the routing table.
Also, the difference comes up mainly with "isis" i.e.
if ISIS and OSPF boundary is, for example, "R1"
ISIS is enabled on Serial0 and OSPF is enabled on ethernet0.
ISIS is being redistributed into OSPF.
Network address of R1's serial interface will not be
redistributed to the OSPF routers.
This is because of the configuration convention for isis. ISIS doesn't use "network" under the "router" command and the cisco redistribute commands keys off that.
If its a combination or EIGRP/OSPF or RIP/OSPF, it will work with the serial address showing up on the ospf side of things.
Let me know if you have further questions on the above.
The area-range command:
You can also filter type 3's at an ABR:
There are two scenarios when you could summarize OSPF Routes: Routing between other OSPF Areas and Routing between OSPF and another Routing Protocol. Both must be manually configured because Cisco Routers by default do not summarize OSPF routes. Here are some examples:
Say you have the following OSPF subnets in an area that you would like to summarize:
The summary address would be 192.168.100.0/26
so you could use the following command to summarize the routes for area 10:
Rtr(config)#router ospf 1
Rtr(config-router)#area 10 range 192.168.100.0 255.255.255.192
The next example is for route summarization between OSPF and another routing protocol (e.g., RIP, IGRP):
Let's say you're importing the following routes into OSPF:
The summary address would be 192.168.128.0/19 so you could use the following command:
Rtr(config)#router ospf 1
Rtr(config-router)#summary-address 192.168.128.0 255.255.224.0
These commands would be entered on ABRs or ASBRs as this is where they would be needed. I hope this helps. Ernie
Summarization between OSPF areas can summary any LSA?
For example, if my ABR connected to area 10 in which there are many LSA5 from ASBR. Can I summary this LSA to area 0?
And another question about static route for summary network to Null0. In your example, must I write
ip route 192.168.100.0 255.255.255.224 null0 ???
LSA5's summarization is done with the "summary-address" command and it can *only* be done on ASBR's. It has no affect on the ABR's.
The route to null0 should be created automatically when you summarize (as long as you are running 12.1(6) or beyond).
This url explains the summary address command
I have a cisco RDSI router that connects with a non cisco ADSL Router. This ADSL router connects with an other ADSL router in other site (I establish a VPN between them). The RDSI router connets too with this site through RDSI. I want use ADSL while the ADSL connection is active in BOTH sites (so I have connection beetwen sites). If not I want use RDSI (backup). The ADSL router aren't Cisco. Can I do that with any routing protocol in the Cisco Router? Can I establish any routing protocol based in if a remote connection is active or if I can ping to another IP through one interface? How can I resolve this issue?
I am not sure if I understand the topology enough (at the L2 layer).
You would need a routing protocol between two devices to determine if that path is available or not. The Cisco device cannot do a "ping test" to determine if that path is available or not.
Primary and Backup paths in general are configured mainly in two ways.
a) Have a routing protocol and prefer the path through one of the links using metrics.
b) Have a floating static which will kick in only at the time when the primary static goes away (which involves the router interface protocol going down - works for serial links as LAN interfaces usually stay up).
Incase of LAN interfaces, if all devices are Cisco, you can work around it by configuring policy routing with "verify next hop" featurette.
Let me know if you have further questions on the above.
I am interesting eigrp stub routing,but my each branch has two router which is directly connected.So my question is whether the stub router will not transfer any non-local routing information which received from other router.
Right now, a stub router will not advertise any routes learned from any neighbor to any other neighbor. There is a feature request filed to allow this type of readvertisement, however.
"There is a feature request filed to allow this type of readvertisement, however. "
Are there any plan to implement this ?
Yes, definitely. In fact, I would guess it's pretty high on the list of things to implement, though I don't know any specific timetables and such.
My company just got a Cisco 3745 that am supposed to change with a Cisco 3640 on a client VPN network. The 3640 is configured with EIGRP as its routing protocol and static routes redistributed in EIGRP and also has IPSEC tunnels configured from the core router (3640) to branch routers (1751). The clients (A bank) application runs over the VPN IPSEC network and to test that the application can work properly over the VPN network, the client pings 1500 bytes of data from the HQ to the branches and from the branches back to the HQ. This works perfectly on the Cisco 3640. When I change the 3640 to the 3745 with the same configuration on the 3640 copied on the 3745, I am unable to see neighbors form the sh ip eigrp neighbor command though I can ping the neighbors, I cannot also ping over 1400 bytes of data which make the banking application unusable which is not the case with the 3640. The 3745 has the same IPSEC feature set IOS as the 3640 and an AIM-VIP/HPII module.
The real issue you have here is with the IPSEC/VPN tunnel as that is not passing MTU size packets correctly.
You should be troubleshooting that (a tac case with the vpn team would be a good start).
Also, as a temporary workaround try setting the ip mtu of the tunnel to 1400 (with the ip mtu interface command).
If the application is not working (with static routes etc), it would mean the that it doesnt like fragmented packets or pmtud not working.
This link offers a detailed explanation of it
When would you use the IP ospf network non-broadcast command.As a DR is elected for type of network though the timers are 40 120 also require the neighbour command on DR/BDR only and all othe routers need ip ospf pri 0 to affirm their status.
Would you just use point-multpoint interface ?
Could you tell me or present an example of when you would set-up your network with frame-relay and IP OSPF non-broadcast
basically i'm trying to understand when this would be used non-broadcast with DR and why as apposed to using the point - multipoint topology
The non-broadcast mode does not offer many advantages over the pt-to-multipt option.
In non-broadcast mode, due to DR/BDR election (very much like the broadcast mode), you need a direct connection from all routers to them otherwise unpredictable results will occur. Hence the extra config of "priority 0" in a partial mesh so
that some routers don't become DR/BDR's and break the above.
The only advanatge I can think of is loss in efficieny as in pt-to-multipt the DB synchronization has to be done between every peer.
So, in a fully mesh env, you are better off running non-broadcast mode.
Also you might occasionally find it necessary to configure nonbroadcast mode to interoperate with other equipment.
Hope this helps.
It comes down to this, pretty much:
-- point-to-point subinterfaces are "harder" to configure, and spend more ip address space (but you can use /31's on them, which reduces the usage a good bit). They do put a single point-to-point link in the ospf topology for each subinterface, one per remote.
-- point-to-multipoint is easier to configure, but it injects a /32 for each remote that's attached to the cloud.
-- non-broadcast works, but it requires manual configuration of each adjacent peer over the cloud.
-- broadcast works, but you have to remember to set the priorities on each router connected to the cloud correctly.
Each has it's advantages and disadvantages, I think, it's just a matter of which one fits your network and management better.
At least that's my 2c.
Hello I have a cuestion:
What is the reasson for this log message??
*Nov 18 08:06:17: %OSPF-5-ADJCHG: Process 1, Nbr 184.108.40.206 on Serial1/1.22 from FULL to DOWN, Neighbor Down: Too many retransmissions
*Nov 18 08:07:17: %OSPF-5-ADJCHG: Process 1, Nbr 220.127.116.11 on Serial1/1.22 from DOWN to DOWN, Neighbor Down: Ignore timer expired
*Nov 18 08:09:08: %OSPF-5-ADJCHG: Process 1, Nbr 18.104.22.168 on Serial1/1.22 from LOADING to FULL, Loading Done
*Nov 18 10:12:15: %OSPF-5-ADJCHG: Process 1, Nbr 22.214.171.124 on Serial1/0.16 from FULL to DOWN, Neighbor Down: Interface down or detached
We have two E1 FR links attached to a Passport Switch, but the log don´t shows any DLCI down
Would this a problem with the carrier net at any point??
or a cable problem??
The carrier tell us that they don´t see any errors on the Passports
Router on the other side report the log above
*Nov 18 08:10:03: %OSPF-5-ADJCHG: Process 1, Nbr 126.96.36.199 on Serial1/1.22 from LOADING to FULL, Loading Done
*Nov 18 10:13:45: %OSPF-5-ADJCHG: Process 1, Nbr 188.8.131.52 on Serial1/0.16 from FULL to DOWN, Neighbor Down: Dead timer expired
*Nov 18 10:24:26: %OSPF-5-ADJCHG: Process 1, Nbr 184.108.40.206 on Serial1/0.16 from LOADING to FULL, Loading Done
What are the possibly reassons for the messges above??
Can you help me with this case??
Thanks in advance...Pedro
One side is indicating "too many retransmissions" while the other "dead timer expired".
Its very likely that it was a transient carrier issue in which dlci stayed up but traffic didnt make it through.
Also, make sure that your interfaces connecting to the cloud are clean (any drops/crc etc.).
At this time we don´t see any problem on the interfaces counters.
I think that it was a carrier problem.
Today the logs don´t shows any OSPF adj message.
We run a extended ping betwen interfaces and we see lost packets but only with 500 byte packet size and above. A normal (100 bytes size) ping don´t lose any packet.
Its definitely a link issue. You should be able to ping with larger size packets. If ping with larger packets doesnt work, you might have some issue at neighbor formation with it being stuck in EXCHANGE or EXSTART as large packets dont get across (hence no ack back).
Troubleshoot the link for large packets.Informing the carrier abt it would be the first step.
Thank you very much Manish
We will check it with the carrier.
We are seeing high cpu process peaks (at 92%) at different times on the day.
Can the packet loose cause the high process levels on routers?? At moment we don´t know what is the highest process at peak.
The E1 Frame-Relay links are "into" OSPF Area 0.
You would need to find out the reason for the spike i.e which process is causing it (if its not interrupt traffic).
Packet loss generally cannot spike the router so much. High cpu in turn can cause packet drops. So, its the other way around.
We will check it. I think that is very important to know which is the highest process at peaks.
But the lose of packets is present every time, also with CPU levels at 3% !!!
It is possibly that something related with packet lose cause an issue with OSPF?? example: flapping or bad circuit on carrier cloud
Packets dropping in the cloud means that hellos are not recd by the other side and neighbors drop due to dead timer expired.
If large packets dont make it across, large DBD's may not pass through and neighbors drop with too many retransmissions ..
So, the point is, link is very important.
With an unclean Layer 2, your L3 is not going anywhere.
I have two point to point 64 k connections off a single router from Site B to the main Office at Site A. Each connection terminates off a different router at the Central office Site A for redundancy. These two 64K circuits are dedicated for a single application. Eigrp is the routing protocol. I understand that Eigrp load balances automatically across equal paths however in the case i lose one of the 64K circuit will there be a slight loss in connectivity due to eigrp convergence? Any tips or insight are welcomed too
Are you currently load balancing across the two circuits ?
If yes, one failing should have no loss in connectivity as that neighbor and the corresponding route will be flushed and the other one will be used for all traffic.
If you are not load balancing currently, then does the other route show up as a successor in the topology table? (sh ip eigrp top
If it does, then again that entry will be used almost automatically. If it doesnt show up as a successor, then yes a query will be sent out and on reply will an entry be populated.