Search This Blog

Monday, January 14, 2013

EIGRP route influence part 1


This time I use a little complex topology but I will do my best to explain it clearly as I can, this is the topology diagram:



R1 to R5 are belonging to the SP network, all routers are running OSPF, in area 0, as IGP, LDP, BGP in AS65000 where R5 is the route-reflector and MP-BGP.

There is only one customer in this lab with 2 sites, R6 and R7, both sitting in the same VRF (TEST) and each one of them is dual homed (1x ISP, 2x links) with one link as primary and the second as backup. On each site he has a network with various nodes and one server:

R6 site: network 192.168.61.0/24 and the server is R8 – 192.168.61.8

R7 site: network 192.168.71.0/24 and the server is R10 – 192.168.71.10

R9 and R11 simulate the other nodes on each site respectively.

Also both sites running EIGRP as CE-PE routing protocol


Now the customer requirements are as follow:

-          Traffic from and to network 61 to network 71 will go through the primary link and in case of fail it will traverse to the backup link.

-          The servers can communicate with each other ONLY through the backup link; if the backup link fails they won’t go through the primary link.

So let’s start with the configuration, during this lab I will show R7 configuration but it should be done the same on R6 to achieve the result on both sites.

R7 relevant configuration:

interface FastEthernet0/0
 ip address 10.1.37.7 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 ip address 10.1.47.7 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet1/0
 ip address 192.168.71.1 255.255.255.0
 speed 100
 full-duplex
!
router eigrp 200
 network 10.1.37.7 0.0.0.0
 network 10.1.47.7 0.0.0.0
 network 192.168.71.0
 no auto-summary


And on R7 routing table:

R7#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     192.168.61.0/24 is variably subnetted, 2 subnets, 2 masks
D EX    192.168.61.0/24 [170/284160] via 10.1.47.4, 00:42:41, FastEthernet0/1
                        [170/284160] via 10.1.37.3, 00:42:41, FastEthernet0/0
D EX    192.168.61.8/32 [170/284160] via 10.1.47.4, 00:02:37, FastEthernet0/1
                        [170/284160] via 10.1.37.3, 00:02:37, FastEthernet0/0
     10.0.0.0/24 is subnetted, 4 subnets
D EX    10.1.26.0 [170/284160] via 10.1.47.4, 00:02:37, FastEthernet0/1
                  [170/284160] via 10.1.37.3, 00:02:38, FastEthernet0/0
D EX    10.1.16.0 [170/284160] via 10.1.47.4, 00:02:38, FastEthernet0/1
                  [170/284160] via 10.1.37.3, 00:02:38, FastEthernet0/0
C       10.1.47.0 is directly connected, FastEthernet0/1
C       10.1.37.0 is directly connected, FastEthernet0/0
C    192.168.71.0/24 is directly connected, FastEthernet1/0


We can see that R7 is learning R6 network though 2 routers but it learns only the full subnet (192.168.61.0/24) and not the server specific IP.

So first let’s advertise R6 server IP:

R6(config)# ip route 192.168.61.8 255.255.255.255 fastEthernet 1/0
R6(config)#router eigrp 100
R6(config-router)#redistribute static


And let’s look on R7 routing table:


R7#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     192.168.61.0/24 is variably subnetted, 2 subnets, 2 masks
D EX    192.168.61.0/24 [170/284160] via 10.1.47.4, 01:12:33, FastEthernet0/1
                        [170/284160] via 10.1.37.3, 01:12:33, FastEthernet0/0
D EX    192.168.61.8/32 [170/284160] via 10.1.47.4, 00:32:28, FastEthernet0/1
                        [170/284160] via 10.1.37.3, 00:32:28, FastEthernet0/0
     10.0.0.0/24 is subnetted, 4 subnets
D EX    10.1.26.0 [170/284160] via 10.1.47.4, 00:32:28, FastEthernet0/1
                  [170/284160] via 10.1.37.3, 00:32:30, FastEthernet0/0
D EX    10.1.16.0 [170/284160] via 10.1.47.4, 00:32:30, FastEthernet0/1
                  [170/284160] via 10.1.37.3, 00:32:30, FastEthernet0/0
C       10.1.47.0 is directly connected, FastEthernet0/1
C       10.1.37.0 is directly connected, FastEthernet0/0
     192.168.71.0/24 is variably subnetted, 2 subnets, 2 masks
S       192.168.71.10/32 is directly connected, FastEthernet1/0
C       192.168.71.0/24 is directly connected, FastEthernet1/0


Now R7 learns both 192.168.61.0/24 and 192.168.61.8/32.

Next let’s block the server IP from getting learned through Fa0/0 which is the primary link:

R7(config)#ip access-list standard NET61-DENY-R8
R7(config-std-nacl)#deny host 192.168.61.8
R7(config-std-nacl)#permit any
!
R7(config)#router eigrp 200
R7(config-router)#distribute-list NET61-DENY-R8 in fastEthernet 0/0


Let’s look on R7 routing table now:

R7#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
     192.168.61.0/24 is variably subnetted, 2 subnets, 2 masks
D EX    192.168.61.0/24 [170/284160] via 10.1.47.4, 01:28:47, FastEthernet0/1
                        [170/284160] via 10.1.37.3, 01:28:47, FastEthernet0/0
D EX    192.168.61.8/32 [170/284160] via 10.1.47.4, 00:00:16, FastEthernet0/1
     10.0.0.0/24 is subnetted, 4 subnets
D EX    10.1.26.0 [170/284160] via 10.1.47.4, 00:00:34, FastEthernet0/1
                  [170/284160] via 10.1.37.3, 00:00:34, FastEthernet0/0
D EX    10.1.16.0 [170/284160] via 10.1.47.4, 00:00:35, FastEthernet0/1
                  [170/284160] via 10.1.37.3, 00:00:35, FastEthernet0/0
C       10.1.47.0 is directly connected, FastEthernet0/1
C       10.1.37.0 is directly connected, FastEthernet0/0
     192.168.71.0/24 is variably subnetted, 2 subnets, 2 masks
S       192.168.71.10/32 is directly connected, FastEthernet1/0
C       192.168.71.0/24 is directly connected, FastEthernet1/0


Now R7 is learning the server address only from Fa0/1 and it will never learn it from Fa0/0.

And also block server IP from being advertised through Fa0/0:

R7(config)#ip access-list standard NET71-DENY-R10
R7(config-std-nacl)#deny host 192.168.71.10
R7(config-std-nacl)#permit any
!
R7(config)#router eigrp 200
R7(config-router)#distribute-list NET71-DENY-R10 out fastEthernet 0/0


Now I have to make sure that traffic from network 192.168.61.0/24 will come and go through Fa0/0 and just in case of failure will go through Fa0/1:

R7(config)#int fa 0/1
R7(config-if)#delay 5000


So now 192.168.61.0/24 is more preferred, due to lower metric, through Fa0/0:

R7#show ip eigrp topology
IP-EIGRP Topology Table for AS(200)/ID(192.168.71.1)
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status
P 10.1.26.0/24, 1 successors, FD is 284160
        via 10.1.37.3 (284160/28160), FastEthernet0/0
        via 10.1.47.4 (1538560/28160), FastEthernet0/1
P 10.1.16.0/24, 1 successors, FD is 284160
        via 10.1.37.3 (284160/28160), FastEthernet0/0
        via 10.1.47.4 (1538560/28160), FastEthernet0/1
P 10.1.47.0/24, 1 successors, FD is 1536000
        via Connected, FastEthernet0/1
        via 10.1.37.3 (307200/281600), FastEthernet0/0
P 192.168.71.10/32, 1 successors, FD is 28160
        via Rstatic (28160/0)
P 10.1.37.0/24, 1 successors, FD is 281600
        via Connected, FastEthernet0/0
P 192.168.71.0/24, 1 successors, FD is 28160
        via Connected, FastEthernet1/0
P 192.168.61.0/24, 1 successors, FD is 284160
        via 10.1.37.3 (284160/28160), FastEthernet0/0
        via 10.1.47.4 (1538560/28160), FastEthernet0/1
         
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status
P 192.168.61.8/32, 1 successors, FD is 1538560
        via 10.1.47.4 (1538560/28160), FastEthernet0/1


And last final step is to block from the servers to reach each other through the primary link, note that this valid only from server to server, if some node in the network tries to reach one of the server he should succeed.

R7(config)#ip access-list extended R7-OUTBOUND
R7(config-ext-nacl)#deny ip host 192.168.71.10 host 192.168.61.8
R7(config-ext-nacl)#permit ip any any
R7(config-ext-nacl)#exit
R7(config)#int fa 0/0
R7(config-if)#ip access-group R7-OUTBOUND out


Now let’s test the results, from R8 to R10:

R8#traceroute 192.168.71.10
Type escape sequence to abort.
Tracing the route to 192.168.71.10
  1 192.168.61.1 20 msec 20 msec 28 msec
  2 10.1.26.2 24 msec 48 msec 28 msec
  3 10.1.25.5 [MPLS: Labels 16/25 Exp 0] 92 msec 108 msec 108 msec
  4 10.1.47.4 [MPLS: Label 25 Exp 0] 92 msec 80 msec 108 msec
  5 10.1.47.7 84 msec 120 msec 80 msec
  6 192.168.71.10 148 msec *  120 msec


And from R10 to R8:

R10#traceroute 192.168.61.8
Type escape sequence to abort.
Tracing the route to 192.168.61.8
  1 192.168.71.1 44 msec 8 msec 32 msec
  2 10.1.47.4 32 msec 40 msec 52 msec
  3 10.1.45.5 [MPLS: Labels 18/27 Exp 0] 96 msec 88 msec 112 msec
  4 10.1.26.2 [MPLS: Label 27 Exp 0] 104 msec 76 msec 76 msec
  5 10.1.26.6 80 msec 100 msec 80 msec
  6 192.168.61.8 120 msec *  120 msec


From R9 to R11:

R9#traceroute  192.168.71.11
Type escape sequence to abort.
Tracing the route to 192.168.71.11
  1 192.168.61.1 48 msec 28 msec 28 msec
  2 10.1.16.1 20 msec 44 msec 36 msec
  3 10.1.15.5 [MPLS: Labels 19/24 Exp 0] 100 msec 104 msec 96 msec
  4 10.1.37.3 [MPLS: Label 24 Exp 0] 80 msec 88 msec 60 msec
  5 10.1.37.7 112 msec 96 msec 84 msec
  6 192.168.71.11 128 msec *  120 msec


And from R11 to R9:

R11#traceroute 192.168.61.9
Type escape sequence to abort.
Tracing the route to 192.168.61.9
  1 192.168.71.1 28 msec 36 msec 16 msec
  2 10.1.37.3 28 msec 32 msec 28 msec
  3 10.1.35.5 [MPLS: Labels 17/28 Exp 0] 96 msec 112 msec 72 msec
  4 10.1.16.1 [MPLS: Label 28 Exp 0] 60 msec 72 msec 92 msec
  5 10.1.16.6 112 msec 92 msec 88 msec
  6 192.168.61.9 136 msec *  132 msec


And when the link from R7 to R4 is down:

R10#traceroute 192.168.61.8
Type escape sequence to abort.
Tracing the route to 192.168.61.8
  1 192.168.71.1 44 msec 28 msec 20 msec
  2 192.168.71.1 !A  *  !A
R10#traceroute 192.168.61.9
Type escape sequence to abort.
Tracing the route to 192.168.61.9
  1 192.168.71.1 32 msec 28 msec 12 msec
  2 10.1.37.3 40 msec 48 msec 32 msec
  3 10.1.35.5 [MPLS: Labels 17/28 Exp 0] 116 msec 84 msec 116 msec
  4 10.1.16.1 [MPLS: Label 28 Exp 0] 68 msec 52 msec 64 msec
  5 10.1.16.6 88 msec 60 msec 116 msec
  6 192.168.61.9 116 msec *  136 msec

Posted by at

1 comment:

  1. Software HubJanuary 19, 2022 at 3:10 PM


    Great job on the hard effort you've put in. I appreciate it and thank you for sharing it.
    SetupVPN Lifetime Free

    ReplyDelete

Subscribe to: Post Comments (Atom)