Saturday, October 31, 2015

Physical Topology of a Logical Diagram with Sub Interfaces

You will find these kind of logical diagrams in some books / tutorials. All routers are connected to each other with sub-interfaces of same interface. This post is to show you how to wire this setup in a physical topology.

In these kind of diagrams, we only see the L3 part (routers). But the actual topology contains a switch.





E0/0 of all routers are connected to the switch in a star topology where the switch is in the middle.


Sub interfaces must be created as 802.1Q trunks from both router end and switch end.

VLANs must be created on the switch for each and every sub-interface network segment.







Configuration :

R1(config)#int e0/0
R1(config-if)#no shutdown
R1(config-if)#int e0/0.12
R1(config-if)#encapsulation dot1Q 12
R1(config-if)#ip address 192.168.12.1 255.255.255.0
R1(config-if)#int e0/0.13
R1(config-if)#encapsulation dot1Q 13
R1(config-if)#ip address 192.168.13.1 255.255.255.0

R2(config)#int e0/0
R2(config-if)#no shutdown
R2(config-if)#int e0/0.12
R2(config-if)#encapsulation dot1Q 12
R2(config-if)#ip address 192.168.12.2 255.255.255.0
R2(config-if)#int e0/0.13
R2(config-if)#encapsulation dot1Q 23
R2(config-if)#ip address 192.168.23.2 255.255.255.0

R3(config)#int e0/0
R3(config-if)#no shutdown
R3(config-if)#int e0/0.13
R3(config-if)#encapsulation dot1Q 13
R3(config-if)#ip address 192.168.13.3 255.255.255.0
R3(config-if)#int e0/0.23
R3(config-if)#encapsulation dot1Q 23
R3(config-if)#ip address 192.168.23.3 255.255.255.0

SW(config)#vlan 13
SW(config)#vlan 23
SW(config)#int e0/1
SW(config-if)#switchport trunk encapsulation dot1q
SW(config-if)#switchport mode trunk
SW(config-f)#int e0/2
SW(config-if)#switchport trunk encapsulation dot1q
SW(config-if)#switchport mode trunk
SW(config-if)#int e0/3
SW(config-if)#switchport trunk encapsulation dot1q
SW(config-if)#switchport mode trunk

Anyhow, final outputs must be like this,


















Saturday, October 24, 2015

Configure Cisco AP in ROMMON mode (Recover from Corrupted Image)

I am going to configure this AP fully in rommon mode which will then be work fine after connected to the network without any configuration remotely. This can be handy when the OS is corrupted / accidentally deleted.

For any error which breaks the booting sequence / accidentally images deleted, the AP will directly go to the rommon mode like below. To go to ROMMON mode manually, you will need to push and hold the mode button while reapplying power for about 10 seconds until the LED turns steady red.

If you want to know how to factory reset a Cisco AP / delete all configurations, please refer this.

Note:- To view the contents in the flash, hit dir flash:/ command. If it is not working, you may have to initialize the flash 1st by entering the command flash_init. Type help to get help with commands.

I am going to reset the AP to factory defaults by restarting the power while holding the mode button.
When the LED on AP turns to red, release the mode button.

Default SET parameters are as follows.


Now you can see that the default router and the IP address are same. These are the IP addresses we use to upload the OS from a TFTP server (my laptop)





Change the default router address to 10.0.0.2 by entering the command :
set DEFAULT_ROUTER 10.0.0.2

Now setup your TFTP server. Im using TFTPd64 on my laptop. Connect the Ethernet port of the AP to the Ethernet port of the PC and give 10.0.0.2 with the correct subnet mask to the network interface of PC.


Copy the OS .tar file to the root directory of the TFTP server. The OS image I am using is ap3g2-rcvk9w8-tar.default.tar which is just a low end image which will only help the AP to communicate with the WLC.

Then it will be able to download the real image from the WLC. You will be able to upload the real image from this method too if you have it with you.






Now enter the command:
tar -xtract tftp://10.0.0.2/ap3g2-rcvk9w8-tar.default.tar flash: 

If the above command is not accepted, you will have to initialize tftp 1st..
tftp_init

(click on the image to view in full resolution)















Now enter the following commands

set IOS_STATIC_CONTROLLER_IP_ADDR 172.31.129.22 to set the WLC IP
set IOS_STATIC_DEFAULT_GATEWAY 172.31.129.126 to set the gateway of the VLAN
set IOS_STATIC_IP_ADDR 172.31.129.119 to set the operating IP address of the AP
set IOS_STATIC_NETMASK 255.255.255.192 to set the operating subnet mask

Now enter the set command to view all the set variables. It should be like this.


Now you can connect it to the network. If the switch is configured with the correct VLAN, everything will be fine.

Type boot and hit Enter..





The AP will bootup with the recovery image --> find the WLC -->> download the complete image & register with the WLC.
You can then configure any other setting (secondary WLC, AP name etc) via remotely if necessary.

side note:
to delete the flash with its folders enter the command: delete /recursive /force flash: in privilege mode. use with caution, it will delete all the files in flash with folders.

Sunday, October 18, 2015

LSA Recursion Process of OSPF in Path Selection for N2 Routes (LSA Type 7)

OSPF default nssa-external route type N2 has a fixed metric while N1 increments its metric when its goes through hop by hop. So when N2 is used, a router in a regular area which has several paths to ASBR will see equal metric values but chooses the lowest cost path correctly. Technically that seed metric does not do anything in path selection. It is done through the route recursion process of OSPF.























You can download initial configuration files of the above topology from here.

Quick summary of the topology:
Area 1 is a regualr area & Area 2 is a NSSA. 
R6 has a loopback 0 which is not advertised in the OSPF process directly but redistributed into the OSPF process as an N2 route. It will be the only nssa-external route.

IP address:
R1 e0/0: 1.1.12.1     e0/1: 1.1.15.1                            R2 e0/0: 1.1.12.2     e0/1: 1.1.24.2
R3 e0/0: 1.1.35.3     e0/1: 1.1.34.3                            R4 e0/2: 1.1.24.4     e0/3: 1.1.34.4
R5 e0/0: 1.1.15.5     e0/1: 1.1.35.5                            e0/2: 192.168.1.1
R6 e0/0: 192.168.1.2     LoopBack 0: 6.6.6.6

When the nssa-external route leaves area 2, it is translated to a regular external type E2 by the 2 ABR R5 which will be propagated to area 1 through area 0 through R2 & R3. 

This is the OSPF database of R4.






















This is how R4 see the external route (LSA Type 5)

The metric is 20 which is the seed metric in the LSA Type 5.

Even though the metric is 20 from both paths router has a way to figure out the best path is via R3. It is done by the recursion process.

When router sees the external LSA (Type 5), it can see that the routing bit is set. If the routing bit is not set it will not start recursion. Also it can see that the advertising router is 5.5.5.5 & the forwarding address is 192.168.1.2 which means it should start recursion towards the 192.168.1.0 network. Advertising router is not important in E2 translated N2 routes. It is like that R5 is telling that to reach the external route you should find a way to reach 192.168.1.2 not necessarily through me.

Then the recursion process starts.

1) Find whether the ASBR which is advertising is in the same area

No entry for router LSA --> Not in the same area



2) Query LSA Type 3 to find the Network summary to forwarding address

This is the key difference between the recursion processes for E2 & N2 routes. For E2 routes it starts form querying LSA type 4 while for N2 routes it starts from querying LSA type 3.
Now router can see that if it chooses the R2 path, the cost to the forwarding address is 30 & through R3 the cost is 20.

Now the router has to find out the intra area costs to the routers which advertises the forwarding address to him. 


3) Query LSA type 1 for both ABRs














Now the router can see to get to the R2 & R3 from his location it costs equally 10

Final calculation will be;
Through R2 = 10 + 30 = 40
Through R3 = 10 + 20 = 30

So the R3 is selected as the best ABR to reach the ASBR for the N2 route.




This is the fundamental logic how the router thinks for any complex N2 route.








Forward metric is the real metric which decides the path. Not the seed metric. But the seed metric is what installed in the routing table which technically has no use in path selection for both E2/N2 routes.



Saturday, October 17, 2015

LSA Recursion Process of OSPF in Path Selection for E2 Routes (LSA Type 5)

OSPF default external route type E2 has a fixed metric while E1 increments its metric when its goes through hop by hop. So when E2 is used, a router in a regular area which has several paths to ASBR will see equal metric values but chooses the lowest cost path correctly. Technically that seed metric does not do anything in path selection. It is done through the route recursion process of OSPF.


You can download initial configuration files of the above topology from here.

Quick summary of the topology:
Area 1 & 2 are regular areas. 
R5 has a loopback 0 which is not advertised in the OSPF process directly but redistributed into the OSPF process as an E2 route. It will be the only external route.

IP address:
R1 e0/0: 1.1.12.1     e0/1: 1.1.15.1                            R2 e0/0: 1.1.12.2     e0/1: 1.1.24.2
R3 e0/0: 1.1.35.3     e0/1: 1.1.34.3                            R4 e0/2: 1.1.24.4     e0/3: 1.1.34.4
R5 e0/0: 1.1.15.5     e0/1: 1.1.35.5                            e0/2: 192.168.1.1     loopback0: 5.5.5.5
R6 e0/0: 192.168.1.2

You can see there are 2 ABRs in area 1 for R4. 

If you see the database for the route to 5.5.5.5 you can see the metric is 20 which is the seed metric in the LSA Type 5.

But if you see the routing table it shows the best path as R3, not R2.

Surely the metric is 20 from both R2 & R3 because it is a fixed value. But somehow the router has figured out that the R2 path is not the best path. 


Recursion process for E2 routes is simple. This is how the router takes the above decision.

When router sees the external LSA (Type 5), it can see that the routing bit is set. If the routing bit is not set it will not start recursion. Also it can see that the advertising router is 5.5.5.5 & the forwarding address is 0.0.0.0 which means it should start recursion towards the advertising router.

1) Find whether the ASBR which is advertising is in the same area

No entry for router LSA --> Not in the same area



2) Query LSA Type 4 to find the ABSR summary to advertising router 


Now the router can see the forwarding metric to ASBR from 2 ABRs R2 & R3.

That means the cost to the ASBR is 20 from R2 & 10 from R3.

Now the router has to find the cost to the ABRs through his local area using the LSA type 1 (Shortest Path Tree)









3) Query LSA type 1 for both ABRs


















Now the router can see to get to the R2 & R3 from his location it costs equally 10

Final calculation will be;

Through R2 = 10 + 20 = 30
Through R3 = 10 + 10 = 20

So the R3 is selected as the best ABR to reach the ASBR for the E2 route.


This is the fundamental logic how the router thinks for any complex E2 route.

So in show ip route 5.5.5.5 command output you can see a forwarding metric variable which is 20 through R3 which is the real metric through the network to the destination.




Friday, October 16, 2015

Longer Match Method of OSPF Traffic Engineering in Stub Areas for External & Inter Area Routes

If a router in a stub area has 2 paths to area 0 and if you want to route traffic in 2 different paths (one path for external routes & another path for other inter area routes) here is the best way to do it.


You can download initial configuration files of the above topology from here.

Quick summary of the topology:
Area 1 is a stub area & area 2 is a regular area. 
R5 has a loopback 0 which is not advertised in the OSPF process directly but redistributed into the OSPF process. It will be the only external route.

IP address:
R1 e0/0: 1.1.12.1     e0/1: 1.1.15.1                            R2 e0/0: 1.1.12.2     e0/1: 1.1.24.2
R3 e0/0: 1.1.35.3     e0/1: 1.1.34.3                            R4 e0/2: 1.1.24.4     e0/3: 1.1.34.4
R5 e0/0: 1.1.15.5     e0/1: 1.1.35.5                            e0/2: 192.168.1.1     loopback0: 5.5.5.5
R6 e0/0: 192.168.1.2

2 ABRs in the area 1. Because area 1 is a stub area, LSA type 4 & 5 will be filtered. In R4, we will be able to see an inter-area default route to both the ABRs in routing table.





















So CEF will load balance the traffic because R4 can see both the paths as equal cost paths. But in the real diagram you can see that it is wrong. R4,R3, R5 path is much shorter than R4,R2,R1,R5. But R4 will not recognize it. This is where the traffic engineering comes in.

So in this lab I am setting up the routing paths to external routes to go through R2 and to all other inter area routes to go through R3 from area 1.

Method

Make the area 1 a totally stubby area in R2
Change the summary default cost to 0 in R2

What happens now is LSA types 3,4,5 are not advertised from R2 while LSA type 3 is advertised from R3. So the inter area routes will choose the path through R3 because inter area routes are advertised only form R3 and it will be the longer match for the inter area prefixes (not the default route). For the external routes, R4 will choose the low cost path only because there is no match for external prefixes (default route will be used) & OSPF does not support unequal cost load balancing.



















You can enter CEF commands to determine the exact route easily.
Because this is Ethernet environment, If I entered the default-cost to be 1, R4 will start load balancing again. If entered any number higher than 1, R4 will choose R3 as the low cost path to even for the external routes.