This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
. Sunday, March 30, 2014
ROUTING IPv6 v3.0 With Cisco and Quagga PC based
Routers using GNS3, Cisco IOS, PC, freeBSD, Quagga, pfSense
Table of Contents1.Lab Setup................................................................................................................................................72.Introduction.............................................................................................................................................7
Two New LSAs.................................................................................................................................9Two LSAs have a new name..........................................................................................................12
3.OSPFv3 Architectures...........................................................................................................................204.Type of Area..........................................................................................................................................25
Configuration..................................................................................................................................28IPv6 route of a Totally Stubby Area Router...................................................................................29
Not So Stubby Area.............................................................................................................................30Totally Not So Stubby Area.................................................................................................................31
A. Router Configurations.........................................................................................................................32R1........................................................................................................................................................32R2........................................................................................................................................................34R3........................................................................................................................................................36R4........................................................................................................................................................37
B. GLBP...................................................................................................................................................40C. BGP Connection..................................................................................................................................42
BGP Lab Topology..............................................................................................................................42Differences with IPv6..........................................................................................................................43Some useful commands.......................................................................................................................43BGP Configuration..............................................................................................................................44
On R3..............................................................................................................................................44On R2..............................................................................................................................................45On R5..............................................................................................................................................45On R6..............................................................................................................................................46
5.Introduction to MP-BGP lab.................................................................................................................496.Lab Setup..............................................................................................................................................507.Lab BGP Configuration........................................................................................................................51
8.7 Security and MD5 Password.........................................................................................................629.Useful Cisco BGP IPv6 Commands Explained....................................................................................64
9.1. Show bgp ipv6 unicast summary..................................................................................................649.2. Show bgp ipv6 X:X:X...::X/X .....................................................................................................659.3. Show bgp ipv6 neighbor...............................................................................................................66
10.Checking data plane of BGP Recursive routes...................................................................................6810.1 Mind the BGP Next-hop Rule.....................................................................................................68
10.2 Check the BGP data path on CISCO Routers (CEFv6)..............................................................7011.Checking Redundancy.........................................................................................................................7312.Routers Configurations.......................................................................................................................75
12.1 R1................................................................................................................................................7512.2 R3................................................................................................................................................7612.3 R4................................................................................................................................................7712.4 R5 – BGP Route-Reflector..........................................................................................................7912.5 R6................................................................................................................................................8112.6 R7................................................................................................................................................8212.7 R8-ISP2. AS 64000.....................................................................................................................8412.8 R9-ISP1. AS 65000.....................................................................................................................85
13.Why a Migration to IS-IS?..................................................................................................................9014.IS-IS Reminder...................................................................................................................................91
14.1 Introduction and history..............................................................................................................9114.2 IS-IS Architecture........................................................................................................................9214.3 Security........................................................................................................................................9214.4 Neighbor Discovery....................................................................................................................9214.5 Multipoint Networks...................................................................................................................9214.6 Point to Point Networks..............................................................................................................94
15.Migration Steps...................................................................................................................................9415.1. Backbone Configuration.............................................................................................................9415.2 Verification that ISIS is running OK...........................................................................................94
Check IS-IS neighbors....................................................................................................................94Check that all IS-IS are Up from the database...............................................................................95Remove OSPF for IPv4 and check the IPv4 Routing table............................................................96Check the Router data plane (CEF and CEFv6) ............................................................................98Troubleshoot a bug with an Incomplete Adjacency. ......................................................................98Remove OSPFv3 for IPv6 and check the RIBv6..........................................................................100
17.Moving to Multiarea in the first Area................................................................................................11117.1 Migration to Multiarea Procedure.............................................................................................11117.2 IS-IS Multiarea Configuration...................................................................................................112
Configuring Multiarea on R1-R6-R5............................................................................................112R1 Configuration......................................................................................................................112R5 Configuration......................................................................................................................114R6 Configuration......................................................................................................................116
show clns neighbors......................................................................................................................117Show ipv6 route ...........................................................................................................................118Display R1 and R5 LSPs on R6....................................................................................................119
18.2 Configuring Multiarea on R3-R7-R4........................................................................................120Configure Route Leaking for Loopbacks.....................................................................................121
19.Checking the migration.....................................................................................................................12219.1 Check IS-IS...............................................................................................................................12219.2 show ip route.............................................................................................................................12219.2 show bgp connection to the RR.................................................................................................12219.3 Checking IS-IS..........................................................................................................................12319.4 Troubleshooting a bug...............................................................................................................12319.4 Check BGP Resiliency..............................................................................................................12519.5 Inspect IS-IS Database..............................................................................................................126
19.6 Check the BGP Routers Resiliency ........................................................................................13020.Multiarea final Configurations..........................................................................................................131
20.1 R6..............................................................................................................................................13120.2 R1..............................................................................................................................................13320.3 R5..............................................................................................................................................13420.4 R3..............................................................................................................................................13620.5 R4..............................................................................................................................................13820.6 R7..............................................................................................................................................14020.7 The ISP Routers R9 and R8 Configs.........................................................................................141
21.What is Quagga?...............................................................................................................................14622.Quagga Configurations.....................................................................................................................147
/usr/local/etc/quagga/zebra.conf...................................................................................................148Telnet to the Zebra daemon..........................................................................................................149Check IP route .............................................................................................................................149Check IPv6 Route.........................................................................................................................151
23.Quagga IS-IS Configuration.............................................................................................................151IS-IS Configuration file................................................................................................................151Telnet to IS-IS daemon.................................................................................................................153Two Quagga installed...................................................................................................................158
From R1...................................................................................................................................158From R1 all IS-IS Neighbors...................................................................................................159
24.Quagga BGP Configuration..............................................................................................................160BGP Configuration file.................................................................................................................160Telnet to the BGP daemon............................................................................................................161
25.Verifying the Routing is OK.............................................................................................................16226.pfSense..............................................................................................................................................16627.Final Configurations.........................................................................................................................167
27.1 The Core Level-1-2 Routers......................................................................................................167R1..................................................................................................................................................167R3..................................................................................................................................................169R4..................................................................................................................................................171R5..................................................................................................................................................172
26.2 The Customer Edge Level-1 Routers........................................................................................175R6..................................................................................................................................................175R7..................................................................................................................................................176No change on ISP R8 and R9 see previous configurations..........................................................178
26.3 Quagga Configurations..............................................................................................................178Quagga1 configuration files from /usr/local/etc/quagga/.............................................................178
1. Lab SetupThe Lab runs OSPFv2 and OSPFv3 it is dual-stacked in Area 0 except R5 which is in Area1.
Linux machines can ping each other. We have 3 VLANs and at least one PC in each VLAN. The Left hand side uses only one but I configured two VLANs.
I have also configured GLBP for IPv41 and IPv6. Configuration are available at the end of this document and on my web site with GNS3 files to copy it:
h ttp://www.ipv6forlife.com/Tutorial/labDS/
2. IntroductionLike IPv6 brought many improvements over IPv4, OSPFv3 also advertise them in the Routing Protocol. OSPFv3 is now fully optimized for IPv6 and adds new features.
To summarize for those who don't have time to read more than one page here are the
1 There is a bug in my IOS and the GLBP configured for IPv4 is converted to IPv6 in the running-config.
1.2. instancesFor example, it is possible to run multiple, up to 16 instances of OSPFv3 which do not see each other on the same VLAN. This can be very useful if many customers share a link at some point of the network. The instance number is coded in the Hello so two routers will not form a neighbor relationship if not in the same instance.
1.3. SecurityAs IPv6 should be provided with IPSec, the Authentication has been removed from OSPFv3 and is now supposed to be done by IPSec stack. Cisco has released Authentication and even Encryption of OSPFv3 traffic thanks to IPSec. IPSec is better than MD5 for Authentication as it changes the encryption key on a regular time basis and exchange it safely over the unsafe network thanks to Diffie-Helmann. Otherwise if you can capture enough traffic you can break the key and nobody will change them manually!
Example on Cisco Router Interface between R2 and R5:ipv6 ospf encryption ipsec spi 1001 esp 3des 012345678901234567890123456789012345678901234567 sha1 0123456789012345678901234567890123456789
R5#show ipv6 ospf interface g0/0GigabitEthernet0/0 is up, line protocol is up Link Local Address FE80::C807:7CFF:FEFB:8, Interface ID 5 Area 1, Process ID 1, Instance ID 0, Router ID 192.168.100.5 Network Type BROADCAST, Cost: 1 3DES encryption SHA1 auth SPI 1001, secure socket UP (errors: 0) Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 192.168.100.5, local address FE80::C807:7CFF:FEFB:8 Backup Designated router (ID) 10.0.0.2, local address FE80::C803:7CFF:FEFB:A8 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:05 Index 1/1/1, flood queue length 0 Next 0x0(0)/0x0(0)/0x0(0) Last flood scan length is 1, maximum is 3 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 10.0.0.2 (Backup Designated Router)
Link State ID: 6 (Interface ID) Advertising Router: 10.0.0.3 LS Seq Number: 8000000D Checksum: 0x35E0 Length: 44 Router Priority: 1 Link Local Address: FE80::C805:7CFF:FEFB:1C Number of Prefixes: 0
LS age: 109 Options: (V6Bit, EBit, Rbit, DCBit) LS Type: LinkLSA (Interface: GigabitEthernet2/0) Link State ID: 7 (Interface ID) Advertising Router: 10.0.0.3 LS Seq Number: 8000000D Checksum: 0x9563 Length: 44 Router Priority: 1 Link Local Address: FE80::C805:7CFF:FEFB:38 Number of Prefixes: 0
LS age: 110 Options: (V6Bit, EBit, Rbit, DCBit) LS Type: LinkLSA (Interface: GigabitEthernet3/0) Link State ID: 8 (Interface ID) Advertising Router: 10.0.0.3 LS Seq Number: 8000000D Checksum: 0xF5E5 Length: 44 Router Priority: 1 Link Local Address: FE80::C805:7CFF:FEFB:54 Number of Prefixes: 0
The Router LSA does not provide any Prefix information anymore, only topological information! So we got a LSA dedicated to advertise prefixes and a LSA to advertise topology like who are our neighbors and the status of our links. It is easier than before to figure out as we do not need to use tricks to advertise a subnet mask of a point-to-point Network like before.
Routing Bit Set on this LSA LS age: 1686 LS Type: IntraAreaPrefixLSA Link State ID: 14336 Advertising Router: 10.0.0.3 LS Seq Number: 8000000C Checksum: 0x726D Length: 44 Referenced LSA Type: 2002 Referenced Link State ID: 14 Referenced Advertising Router: 10.0.0.3 Number of Prefixes: 1 Prefix Address: 2001:DB8:678:1005:: Prefix Length: 64, Options: None, Metric: 0
Routing Bit Set on this LSA LS age: 1686 LS Type: IntraAreaPrefixLSA Link State ID: 15360 Advertising Router: 10.0.0.3 LS Seq Number: 8000000C Checksum: 0x6A6F Length: 44 Referenced LSA Type: 2002 Referenced Link State ID: 15 Referenced Advertising Router: 10.0.0.3 Number of Prefixes: 1 Prefix Address: 2001:DB8:678:1006:: Prefix Length: 64, Options: None, Metric: 0
The ABR Summary LSA (Type 3) is now an Inter-Area Prefixes LSA and the Type 4 Summary-LSA became Inter-Area-Router-LSAs
R5#show ipv6 ospf database interarea router
OSPFv3 Router with ID (192.168.100.5) (Process ID 1)
Inter Area Router Link States (Area 1)
Routing Bit Set on this LSA LS age: 61 Options: (V6Bit, EBit, Rbit, DCBit) LS Type: Inter Area Router Links Link State ID: 167772163 Advertising Router: 10.0.0.2 LS Seq Number: 80000001 Checksum: 0x706F Length: 32 Metric: 1 Destination Router ID: 10.0.0.3
1.5. Router IDNo change with OSPFv2. You still need a Router ID in IPv4 format. The best recommendation is still to configure a loopback 0 interface with an IPv4 Interface. It will be used by many protocols like BGP. So even for an IPv6 Only Router, configure a loopback with a /32 IP address.
Eventually you can also configure a /128 IPv6 Address for Router management.
R2>show ipv6 ospf Routing Process "ospfv3 1" with ID 10.0.0.2 It is an area border and autonomous system boundary router Redistributing External Routes from, static with metric 5 SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 2. Checksum Sum 0x00F2FA Number of areas in this router is 2. 2 normal 0 stub 0 nssa Reference bandwidth unit is 100 mbps
Area BACKBONE(0) Number of interfaces in this area is 6 SPF algorithm executed 804 times Number of LSA 20. Checksum Sum 0x0AD206 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0 Area 1 Number of interfaces in this area is 1 SPF algorithm executed 4 times Number of LSA 12. Checksum Sum 0x063391 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0
neighbors. The same command exist with ipv6 instead of ip which is for IPv4.
R3>sh ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface10.0.0.4 1 FULL/BDR 00:00:39 10.0.6.2 GigabitEthernet0/0.210.0.0.4 1 FULL/BDR 00:00:39 10.0.5.2 GigabitEthernet0/0.110.0.0.4 1 FULL/DR 00:00:34 10.0.100.14 GigabitEthernet1/010.0.0.2 1 FULL/BDR 00:00:33 10.0.100.6 GigabitEthernet3/0
R3>show ip ospf neighbor detail Neighbor 10.0.0.4, interface address 10.0.6.2 In the area 0 via interface GigabitEthernet0/0.2 Neighbor priority is 1, State is FULL, 6 state changes DR is 10.0.6.1 BDR is 10.0.6.2 Options is 0x12 in Hello (Ebit, Lbit) Options is 0x52 in DBD (Ebit, Lbit, Obit) LLS Options is 0x1 (LR) Dead timer due in 00:00:39 Neighbor is up for 06:50:25 Index 5/5, retransmission queue length 0, number of retransmission 0 First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0) Last retransmission scan length is 0, maximum is 0 Last retransmission scan time is 0 msec, maximum is 0 msec
R3>show ipv6 ospf interface g0/0.1 GigabitEthernet0/0.1 is up, line protocol is up Link Local Address FE80::C805:7CFF:FEFB:8, Interface ID 14 Area 0, Process ID 1, Instance ID 0, Router ID 10.0.0.3 Network Type BROADCAST, Cost: 1 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 10.0.0.3, local address FE80::C805:7CFF:FEFB:8 Backup Designated router (ID) 10.0.0.4, local address FE80::C806:7CFF:FEFB:8 Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5 Hello due in 00:00:06 Index 1/4/4, flood queue length 0 Next 0x0(0)/0x0(0)/0x0(0) Last flood scan length is 1, maximum is 7 Last flood scan time is 0 msec, maximum is 0 msec Neighbor Count is 1, Adjacent neighbor count is 1 Adjacent with neighbor 10.0.0.4 (Backup Designated Router) Suppress hello for 0 neighbor(s)
R3>show ipv6 ospf neighbor Neighbor ID Pri State Dead Time Interface ID Interface10.0.0.4 1 FULL/BDR 00:00:31 15 GigabitEthernet0/0.210.0.0.4 1 FULL/BDR 00:00:32 14 GigabitEthernet0/0.110.0.0.4 1 FULL/BDR 00:00:34 6 GigabitEthernet1/010.0.0.2 1 FULL/BDR 00:00:32 8 GigabitEthernet3/0
R3>show ipv6 ospf neighbor detail Neighbor 10.0.0.4 In the area 0 via interface GigabitEthernet0/0.2
Neighbor: interfaceid 15, linklocal address FE80::C806:7CFF:FEFB:8 Neighbor priority is 1, State is FULL, 6 state changes DR is 10.0.0.3 BDR is 10.0.0.4 Options is 0x000013 in Hello (V6Bit, EBit, Rbit) Options is 0x000013 in DBD (V6Bit, EBit, Rbit) Dead timer due in 00:00:36 Neighbor is up for 05:58:34 Index 1/4/4, retransmission queue length 0, number of retransmission 24 First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0) Last retransmission scan length is 1, maximum is 2 Last retransmission scan time is 0 msec, maximum is 0 msec Neighbor 10.0.0.4 In the area 0 via interface GigabitEthernet0/0.1 Neighbor: interfaceid 14, linklocal address FE80::C806:7CFF:FEFB:8 Neighbor priority is 1, State is FULL, 6 state changes DR is 10.0.0.3 BDR is 10.0.0.4 Options is 0x000013 in Hello (V6Bit, EBit, Rbit) Options is 0x000013 in DBD (V6Bit, EBit, Rbit) Dead timer due in 00:00:38 Neighbor is up for 05:58:49 Index 1/3/3, retransmission queue length 0, number of retransmission 16 First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0) Last retransmission scan length is 1, maximum is 2 Last retransmission scan time is 0 msec, maximum is 0 msec Neighbor 10.0.0.4 In the area 0 via interface GigabitEthernet1/0 Neighbor: interfaceid 6, linklocal address FE80::C806:7CFF:FEFB:1C Neighbor priority is 1, State is FULL, 6 state changes DR is 10.0.0.3 BDR is 10.0.0.4 Options is 0x000013 in Hello (V6Bit, EBit, Rbit) Options is 0x000013 in DBD (V6Bit, EBit, Rbit) Dead timer due in 00:00:38 Neighbor is up for 06:10:38 Index 1/2/2, retransmission queue length 0, number of retransmission 23 First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0) Last retransmission scan length is 0, maximum is 2 Last retransmission scan time is 0 msec, maximum is 0 msec Neighbor 10.0.0.2 In the area 0 via interface GigabitEthernet3/0 Neighbor: interfaceid 8, linklocal address FE80::C803:7CFF:FEFB:54 Neighbor priority is 1, State is FULL, 12 state changes DR is 10.0.0.3 BDR is 10.0.0.2 Options is 0x000013 in Hello (V6Bit, EBit, Rbit) Options is 0x000013 in DBD (V6Bit, EBit, Rbit) Dead timer due in 00:00:35 Neighbor is up for 04:20:30 Index 1/1/1, retransmission queue length 0, number of retransmission 7 First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0) Last retransmission scan length is 2, maximum is 5 Last retransmission scan time is 0 msec, maximum is 0 msec
2.1. OSPF Multicast AddressesThen you may be Adjacent if you synchronize your database with your neighbor. On a Point-to-Point all the neighbors need to be Adjacent.
On a LAN interface, you only need to be adjacent with the Designated Router or DR and its Backup or BDR. With the other neighbors of the multipoint network you are Two-Way.
On a Multipoint Network you are Adjacent with the DR and the BDR who have got a dedicated multicast address so you can send them a packet without having to duplicate.
All OSPF routers use 224.0.0.5 and ff02::5. The DR and BDR have 224.0.0.6 for IPv4 and ff02::6 for IPv6 Multicast Addresses..
OSPF makes a difference between transit Networks and Stub Networks.
When the hello is not successful to form a relationship, check the timers .It can often occurs when you mix interface type for instance having a Point-to-point interface in front of a Non-Broadcast interface. LAN interface Timers are 10/40 when WAN interfaces timers are 30/120. The first number is the HELLO interval and the second number is the DEAD interval. Interface with different timers will not form Neighbor relationship and will never be Adjacent.
2.2. OSPF Networks TypesMany problems come from the ignorance of the different interface type that OSPF can deal with. The benefit and drawbacks from each.
The two basics Network type for OSPF are Point-to-Point and Multipoint.
The Multipoint Networks supports Broadcast and Multicast or Not (NBMA). They need a DR and a BDR to optimize the flooding and generates one LSA on the behalf of all nodes instead of repeating the same thing by all nodes.
The Point-to-Point have CISCO modes to take the most of any partiaal meshed Architectures easily. This is Point-to-Multipoint and Point-to-Multipoint Non-Broadcast.
The default for LAN interface is BROADCAST and for Serial Interface is Non-Broadcast.
The Multipoint Interfaces needs a DR, the point-to-point don't.
The Gigabit Interfaces are configured as Multipoints Interfaces by OSPF. I recommend if you use your Gig or 10Gig interface as a dedicated p2p between two routers to set them as Point-to-Point, the interface will not wait 40 Seconds before being activated when you do a no shut. Don't do it if the Gig interface is on a VLAN with multiple neighbors.
On a Point-to-Point we must be adjacent with all the neighbors.On a Multipoint we must be adjacent with the DR and the BDR and two-Way neighbors with the others.
When we are adjacent and neighbors with the right routers. We can check the Network LSA for each Multipoint interfaces: Broadcast or NBMA2. Example:
3. OSPFv3 ArchitecturesThere is no difference with OSPFv2 on the OSPF Architectures. The full topology is only available in the current Area with Router (Type 1) and Network (Type 2) LSA.
LS age: 1372 Options: (V6Bit, EBit, Rbit, DCBit) LS Type: Router Links Link State ID: 0 Advertising Router: 10.0.0.4 LS Seq Number: 80000020 Checksum: 0xEC1F Length: 88 Number of Links: 4
Link connected to: a Transit Network Link Metric: 1 Local Interface ID: 15 Neighbor (DR) Interface ID: 15 Neighbor (DR) Router ID: 10.0.0.4
Link connected to: a Transit Network Link Metric: 1 Local Interface ID: 14 Neighbor (DR) Interface ID: 14 Neighbor (DR) Router ID: 10.0.0.4
Link connected to: a Transit Network Link Metric: 1 Local Interface ID: 7 Neighbor (DR) Interface ID: 7 Neighbor (DR) Router ID: 10.0.0.4
Link connected to: a Transit Network Link Metric: 1 Local Interface ID: 6
LS age: 1579 Options: (V6Bit, EBit, Rbit, DCBit) LS Type: Network Links Link State ID: 6 (Interface ID of Designated Router) Advertising Router: 10.0.0.4 LS Seq Number: 80000002 Checksum: 0x4791 Length: 32 Attached Router: 10.0.0.4 Attached Router: 10.0.0.3
LS age: 1823 Options: (V6Bit, EBit, Rbit, DCBit) LS Type: Network Links Link State ID: 7 (Interface ID of Designated Router) Advertising Router: 10.0.0.4 LS Seq Number: 80000012 Checksum: 0xFB9 Length: 32 Attached Router: 10.0.0.4 Attached Router: 10.0.0.2
LS age: 1579 Options: (V6Bit, EBit, Rbit, DCBit) LS Type: Network Links Link State ID: 14 (Interface ID of Designated Router) Advertising Router: 10.0.0.4 LS Seq Number: 80000002 Checksum: 0xF6D9 Length: 32 Attached Router: 10.0.0.4 Attached Router: 10.0.0.3
LS age: 1580 Options: (V6Bit, EBit, Rbit, DCBit) LS Type: Network Links Link State ID: 15 (Interface ID of Designated Router) Advertising Router: 10.0.0.4 LS Seq Number: 80000002 Checksum: 0xECE2 Length: 32
The ABR summarize the routes when they can or send each route one by one as a Distance-Vector Protocol with Inter Area LSA (Type 3). This is why all Areas MUST be connected to Area 0. If it is impossible it is possible to connect the remote Area across a Transit Area using a Virtual Link.
R5>show ipv6 ospf database interarea prefix
OSPFv3 Router with ID (192.168.100.5) (Process ID 1)
Inter Area Prefix Link States (Area 1)
Routing Bit Set on this LSA LS age: 1388 LS Type: Inter Area Prefix Links Link State ID: 0 Advertising Router: 10.0.0.2 LS Seq Number: 80000008 Checksum: 0x6505 Length: 36 Metric: 1
Routing Bit Set on this LSA LS age: 1388 LS Type: Inter Area Prefix Links Link State ID: 1 Advertising Router: 10.0.0.2 LS Seq Number: 80000008 Checksum: 0x4921 Length: 36 Metric: 1 Prefix Address: 2001:DB8:678:1002:: Prefix Length: 64, Options: None
Routing Bit Set on this LSA LS age: 1391 LS Type: Inter Area Prefix Links Link State ID: 2 Advertising Router: 10.0.0.2 LS Seq Number: 80000008 Checksum: 0x2D3D Length: 36 Metric: 1
Routing Bit Set on this LSA LS age: 1397 LS Type: Inter Area Prefix Links Link State ID: 3 Advertising Router: 10.0.0.2 LS Seq Number: 80000008 Checksum: 0x83DF Length: 36 Metric: 2 Prefix Address: 2001:DB8:678:1006:: Prefix Length: 64, Options: None
Routing Bit Set on this LSA LS age: 1398 LS Type: Inter Area Prefix Links Link State ID: 4 Advertising Router: 10.0.0.2 LS Seq Number: 80000008 Checksum: 0x67FB Length: 36 Metric: 2 Prefix Address: 2001:DB8:678:1005:: Prefix Length: 64, Options: None
An Autonomous System Border Router connect your OSPF domain to another domain. For instance, a partner or the Internet. The ASBR generates a LSA Type 5 for each route that it advertizes and these LSA are flooded across the whole domain.To compute the route to the external route outside of the Area where the ASBR sits, the router needs the Inter-Area Router LSA to know how to reach the gateway. So, the ABR generates an Inter-Area Router LSA (Type 4) flooded across the whole domain for the other Area router to reach the Gateway.
R5>show ipv6 ospf database interarea router
OSPFv3 Router with ID (192.168.100.5) (Process ID 1)
Inter Area Router Link States (Area 1)
Routing Bit Set on this LSA LS age: 732 Options: (V6Bit, EBit, Rbit, DCBit) LS Type: Inter Area Router Links Link State ID: 167772163 Advertising Router: 10.0.0.2
OSPFv3 Router with ID (192.168.100.5) (Process ID 1)
Type5 AS External Link States
Routing Bit Set on this LSA LS age: 291 LS Type: AS External Link Link State ID: 0 Advertising Router: 10.0.0.2 LS Seq Number: 80000009 Checksum: 0x777D Length: 32 Prefix Address: 2001:DB8:: Prefix Length: 32, Options: None Metric Type: 2 (Larger than any link state path) Metric: 5
LS age: 26 LS Type: AS External Link Link State ID: 0 Advertising Router: 10.0.0.3 LS Seq Number: 8000000B Checksum: 0x6D84 Length: 32 Prefix Address: 2001:DB8:: Prefix Length: 32, Options: None Metric Type: 2 (Larger than any link state path) Metric: 5
4.1 Stub AreaThen you got the Stub area which filter the External Routes related LSAs:Type 4 and 5. We still receive the Inter-Area LSA (Type 3). Below is a configuration and a Routing table of such Area. “default-information originate always” inject a default route in the Area.
This is the Inter Area Prefix generated by the ABR for the default route:R8>sh ipv6 ospf database interarea prefix
OSPFv3 Router with ID (10.0.0.8) (Process ID 1)
Inter Area Prefix Link States (Area 8)
Routing Bit Set on this LSA LS age: 1370 LS Type: Inter Area Prefix Links Link State ID: 16 Advertising Router: 10.0.0.1 LS Seq Number: 80000003 Checksum: 0xA878 Length: 28 Metric: 1 Prefix Address: :: Prefix Length: 0, Options: None
And this is the Link LSA of R1:R8#sh ipv6 ospf data link advrouter 10.0.0.1
OSPFv3 Router with ID (10.0.0.8) (Process ID 1)
Link (Type8) Link States (Area 8)
LS age: 1741 Options: (V6Bit, Rbit, DCBit) LS Type: LinkLSA (Interface: GigabitEthernet1/0) Link State ID: 9 (Interface ID) Advertising Router: 10.0.0.1 LS Seq Number: 80000003 Checksum: 0xBA5B Length: 56 Router Priority: 1 Link Local Address: FE80::C802:CFF:FEF0:70 Number of Prefixes: 1 Prefix Address: 2001:DB8:678:8200:: Prefix Length: 64, Options: None
4.2 Totally Stuby AreaIn these area, the ABR also filters the Inter-Area Prefixes and injecst a default route.
Configurationipv6 router ospf 1 area 8 stub nosummary
IPv6 route of a Totally Stubby Area RouterR8>show ipv6 routeIPv6 Routing Table Default 5 entriesCodes: C Connected, L Local, S Static, U Peruser Static route B BGP, M MIPv6, R RIP, I1 ISIS L1 I2 ISIS L2, IA ISIS interarea, IS ISIS summary, D EIGRP EX EIGRP external O OSPF Intra, OI OSPF Inter, OE1 OSPF ext 1, OE2 OSPF ext 2 ON1 OSPF NSSA ext 1, ON2 OSPF NSSA ext 2OI ::/0 [110/2]
via FE80::C802:CFF:FEF0:70, GigabitEthernet1/0C 2001:DB8:678:8200::/64 [0/0] via GigabitEthernet1/0, directly connectedL 2001:DB8:678:8200::8/128 [0/0] via GigabitEthernet1/0, receiveLC 2001:DB8:ABC:8::8/128 [0/0] via Loopback0, receiveL FF00::/8 [0/0] via Null0, receive
Here is the LSA for the default Route, R1 Loopback.
#show ipv6 ospf data interarea prefix
OSPFv3 Router with ID (10.0.0.8) (Process ID 1)
Inter Area Prefix Link States (Area 8)
Routing Bit Set on this LSA LS age: 1498 LS Type: Inter Area Prefix Links Link State ID: 16 Advertising Router: 10.0.0.1 LS Seq Number: 80000002 Checksum: 0xAA77 Length: 28 Metric: 1 Prefix Address: :: Prefix Length: 0, Options: None
Not So Stubby AreaNow, what if I have a Stub Area since I do not want to receive a long routing table made of External routes but I want to redistribute in my Area a couple of Networks because a group of users have a VSAT appliance only running RIP in their Lab for instance?
In this case you can configure it as a NSSA or a Not So Stubby Area.
In this case the redistributed routes will be LSA Type 7 because Type 5 are forbidden in a Stub Area. One ABR3will be responsible to translate the LSA Type 7 to type 5 to connect the small group to the rest of the planet.
The NSSA also permit the Inter-Area Prefix LSAa (Type 3) to see routes in other Area. If this is a Problem you can configure your area as a Totally Not So Stubby Area!
R8(config)#ipv6 router ospf 1R8(configrtr)#no area 8 stubR8(configrtr)#area 8 nssaR8(configrtr)#redistribute connected
Totally Not So Stubby AreaAnd if you do not want to receive the Inter-Area Prefix (LSA Type 3) it is posssible to configure the area with tge no auto-summary option and have a TOTALLY Not So Stubby Area with “area 8 nssa nosummary”
R8#conf t
R8(config)#ipv6 router ospf 1R8(configrtr)#no area 8 nssa stubR8(configrtr)#area 8 nssa no autosummaryR8(configrtr)#redistribute connected
!interface GigabitEthernet1/0 ip address 10.0.100.13 255.255.255.252 negotiation auto ipv6 enable ipv6 ospf 1 area 0!interface GigabitEthernet2/0 ip address 10.0.100.9 255.255.255.252 negotiation auto ipv6 enable ipv6 ospf 1 area 0!interface GigabitEthernet3/0 ip address 10.0.100.5 255.255.255.252 negotiation auto ipv6 enable ipv6 ospf 1 area 0!router ospf 1 logadjacencychanges network 10.0.0.0 0.255.255.255 area 0!ip local pool fred 10.0.5.100 10.0.5.140ip forwardprotocol ndno ip http serverno ip http secureserver
ipv6 router ospf 1 logadjacencychanges!controlplane!gatekeeper shutdown!!line con 0 stopbits 1line aux 0 stopbits 1line vty 0 4 login!End
B. GLBPGLBP enable more redundancy and load-balancing as up to 4 Forwarders can be active at the same time.
It is just one line of command on the interface and the work station next hop will be a virtual address with a virtual MAC Address.
With GLBP, the Active forwarders is based on a Weigth parameter. It is possible to track an object like a routing entry and decrement the Weigth if the route is gone for another router to take over.
Show glbp….GigabitEthernet1/0.2 Group 2 State is Standby 1 state change, last state change 00:01:11 Virtual IP address is 10.0.2.100 Hello time 3 sec, hold time 10 sec Next hello sent in 0.864 secs Redirect time 600 sec, forwarder timeout 14400 sec Preemption disabled Active is 10.0.2.1, priority 100 (expires in 7.904 sec) Standby is local Priority 100 (default) Weighting 100 (default 100), thresholds: lower 1, upper 100 Load balancing: roundrobin Group members: ca04.0e68.001c (10.0.2.1) ca06.0e77.001c (10.0.2.2) local There are 2 forwarders (1 active) Forwarder 1 State is Listen MAC address is 0007.b400.0201 (learnt) Owner ID is ca04.0e68.001c Time to live: 14397.312 sec (maximum 14400 sec) Preemption enabled, min delay 30 sec Active is 10.0.2.1 (primary), weighting 100 (expires in 8.864 sec) Forwarder 2 State is Active 1 state change, last state change 00:01:04 MAC address is 0007.b400.0202 (default) Owner ID is ca06.0e77.001c Preemption enabled, min delay 30 sec Active is local, weighting 100GigabitEthernet1/0.2 Group 12 State is Active 2 state changes, last state change 00:12:05
Virtual IP address is FE80::7:B4FF:FE00:C00 (autoconfigured) Hello time 3 sec, hold time 10 sec Next hello sent in 0.864 secs Redirect time 600 sec, forwarder timeout 14400 sec Preemption disabled Active is local Standby is FE80::C804:EFF:FE68:1C, priority 100 (expires in 9.408 sec) Priority 100 (default) Weighting 100 (default 100), thresholds: lower 1, upper 100 Load balancing: roundrobin Group members: ca04.0e68.001c (FE80::C804:EFF:FE68:1C) ca06.0e77.001c (FE80::C806:EFF:FE77:1C) local There are 2 forwarders (1 active) Forwarder 1 State is Listen 4 state changes, last state change 00:10:31 MAC address is 0007.b400.0c01 (learnt) Owner ID is ca04.0e68.001c Redirection enabled, 598.400 sec remaining (maximum 600 sec) Time to live: 14398.400 sec (maximum 14400 sec) Preemption enabled, min delay 30 sec Active is FE80::C804:EFF:FE68:1C (primary), weighting 100 (expires in 8.608 sec) Forwarder 2 State is Active 1 state change, last state change 03:08:52 MAC address is 0007.b400.0c02 (default) Owner ID is ca06.0e77.001c Redirection enabled Preemption enabled, min delay 30 sec Active is local, weighting 100
A new Neighbor has been added to simulate another AS Advertising the same routes.
R2 and R5 are directly connected with an IPv4 and an IPv6 Session, same for R3 and R6. The same routes are learned by R2 from AS 65000 and R3 from AS 64000.
This is specific case with a few routes so redistribution of BGPv6 in OSPFv3 is possible. In the real life when BGP is used to learn a lot of routes like the Internet Routing Tables, there is no redistribution in OSPF. OSPF is only used to resolve the BGP next-hop. iBGP sessions are responsible to dispatch the routes into the backbone. We would use a pair of BGP Route Reflector to avoid a full mesh of iBGP sessions between all core routers.
Usually we choose the Route Reflectors out of the forwarding path to act as routes servers but here we could also choose to use R1 and R4 if they have enough resources of CPU and RAM to manage Internet Routing Tables processing.
In our case there is an iBGP session between R2 and R3 only. I will make another guide for BGP and IPV6.
Differences with IPv6We can use a different session to carry each protocol. Like here we have an IPv6 session to carry IPv6 routes and an IPv4 session to carry IPv4. In the lab for R5-R2 there are two sessions one IPv4 for IPv4 routes and one IPv6 for IPV6 routes. On R6-R3 we only have an IPv6 session.
We can also use Link-Local Addresses for eBGP sessions.
Some useful commandsThe commands are the same than IPv4 with the addition of IPv6 in the CLI commands like:
R2#show bgp ipv6 unicast summary BGP router identifier 10.0.0.2, local AS number 100BGP table version is 211, main routing table version 21114 network entries using 2184 bytes of memory28 path entries using 2128 bytes of memory3/1 BGP path/bestpath attribute entries using 504 bytes of memory2 BGP ASPATH entries using 48 bytes of memory0 BGP routemap cache entries using 0 bytes of memory0 BGP filterlist cache entries using 0 bytes of memoryBitfield cache entries: current 1 (at peak 1) using 32 bytes of memoryBGP using 4896 total bytes of memoryBGP activity 84/70 prefixes, 126/98 paths, scan interval 60 secs
This is how a routes is learned from R2 and R3. One connect to AS 64000 and the other to AS 65000.For the connection to AS 65000 we did not touch the next-hop 2001:678:ABC:1000::5 which is learned by OSPFv3. For AS64000 we do not run OSPFv3 and could not reach the next-hop so we used the bgp router command next-hop-self to change it to our Router.
5.Introduction to MP-BGP lab. Sunday, March 30, 2014
5. Introduction to MP-BGP labh ttp://www.ipv6forlife.com/Tutorial/lab BGP
After the OSPF lab, there was an annex about BGP. In this document, this will be the opposite. I will focus on BGP and just explain the OSPF Setup. The Backbone is built on OSPFv2 for IPv4 and OSPFv3 for IPv6. There are 3 Area: 0, 1 and 2.Area 0 is in the Core: R1, R3, R4 and R5. R3, R4 are ABR for Area 1, R1 and R5 are ABR for Area 2
R1>show ipv6 ospf Routing Process "ospfv3 1" with ID 10.0.0.1 It is an area border router SPF schedule delay 5 secs, Hold time between two SPFs 10 secs Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs LSA group pacing timer 240 secs Interface flood pacing timer 33 msecs Retransmission pacing timer 66 msecs Number of external LSA 1. Checksum Sum 0x00B177 Number of areas in this router is 2. 2 normal 0 stub 0 nssa Reference bandwidth unit is 100 mbps Area BACKBONE(0) Number of interfaces in this area is 4 SPF algorithm executed 28 times Number of LSA 37. Checksum Sum 0x0E9EB2 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0 Area 2 Number of interfaces in this area is 1 SPF algorithm executed 6 times Number of LSA 31. Checksum Sum 0x10ABAA Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0
R6 and R7 are OSPF ASBR4 and connect the Internet via AS64000 and 65000.Then they relay the eBGP Update to the BGP Route-Reflector R5 which propagate the best BGP path to all the other BGP backbone routers.In the lab we set the BGP Local Preference of the BGP routes coming from AS65000 to 150 which is more than default 100. So, the exit point to the Internet will be AS65000 unless the route is no more learned from this path, then it will be using AS64000.
7.1 SummaryFor R6, IPv6 eBGP Session uses the interface Global Unicast Addresses.
For R7, IPv6 eBGP Session uses the interfaces Link-Local Addresses.
On R6 and R7, we use two eBGP sessions with R8 and R9. One for IPv4 and one for IPv6.
We use the same IPv4 iBGP Session to advertize IPv4 and IPv6 Routes to the BGP Route-Reflector and for all iBGP Sessions.
As we do not want to advertize the IPv6 route to the R8 ISP Router into the backbone, the ISP Interface to resolve the BGP route, we use a Route-Map to advertize the route to the Route-Reflector using R6 Gateway loopback ipv6 address as the next-hop. For IPv4, using next-hop-self is enough. So, if we do not tweak the BGP IPv6 next-hop, as IPv6 route are learned over IPv4 session the IPv6 Next-hop are ::ffff:10.0.0.6 and ::ffff:10.0.0.7 which are Unreachable on remote peers.
8.1 BGP Connection Messages and StatesBGP connection takes place over TCP port 179.
When the connection Open it uses an OPEN Message to start a session with its own AS number, its Router-ID and the Hold Time which is how long you consider a session active without hearing from a neighbor. If you have nothing to say you should send a KEEPALIVE to keep the session open.
When the session has not hear anything when the Hold time expires, the BGP speaker sends a NOTIFICATION message which is an abort message telling the reason for the end of the session. If there is a parameter mismatch during the OPEN, the partner will also send a NOTIFICATION like wrong AS number.
The routes are advertised or withdrawn in UPDATES Messages which must received an ACKNOWLEDGEMENT.
There are two possible neighbor relationship with BGP: eBGP and iBGP.
8.2 eBGP SessionsThe two neighbors are in different Autonomous System.
eBGP neighbor MUST be directly connected. BGP OPEN is sent with a TTL=2 to make sure that it will be dropped if it is routed.
eBGP MultihopIf you want to have more than one hop like doing loopback to loopback peering and have multiple parallel links for Load-balancing you need a neighbor multihop configuration.
eBGP Routes dampening. Increasing Stability.To fight Internet instability we can use BGP Dampening for eBGP session. When a link flap the routes which are flapping got penalties. When a down level is reached the routes will not be advertise anymore even if the link comes back up. If the link stop flapping for long enough the route is advertized again.
8.3 iBGP SessionsThe two neighbors are in the same Autonomous System.
Scaling iBGP.iBGP MUST speakers MUST be fully meshed. This can be avoided with the use of Route Reflectors (RR) as full mesh does not scale. All the routers are usually neighbors with two RRs for redundancy.
In the past Confederations were also used instead of RR. In a Confederation you have subAS that are connected together by iBGP session which behave like eBGP but does not change the Next-hop. This was another mean to avoid iBGP full mesh. It is no more popular as it is more complex than RR.
iBGP StabilityWe always use a loopback interface for iBGP peering as we must use an interface which is always UP. The loopback interface address must then be advertize by the IGP5.
8.4 BGP AttributesAll the BGP Path information are called Attributes. The BGP Routes are called NLRI. The IPv6 NLRI are coded in MP_REACH_NLRI6 or MP_UNREACH_NLRI Attributes with other information like the Next-hop, the Address family.. The AS_PATH which contains the list of all the AS that have been crossed by these NLRI UPDATE is another Attribute.
5 IGP or Interior Gateway Protocol like IS-IS or OSPF. BGP is an EGP or External Gateway Protocol.6 Network Layer Reachable Information
We can see in this UPDATE that the NLRI have two possible Next-hop. One is for the eBGP Path and one for the iBGP path.
8.5 BGP Best Path Selection AlgorithmTo explain this algorithm is out of the scope of this document as it is a well known information .BGP uses many Attributes to select the best Path starting by checking if the Next-hop is reachable and then it starts its selection preferring the higher Local Preference. Cisco has a Weight parameter which has the highest precedence.
To get the full BGP Best Path Selection algorithm just make a search on CISCO CCO and you will get the full Selection Path which is more than one page long! If you do not like CISCO you will find this document everywhere!
It is possible to advertise IPv6 Routes to a BGP IPv4 peer and you can also use next-hop self but the next-hop will use the IPv4 address of the loopback and put it in IPv6 mode like ::ffff:x.x.x.x. Let us see an example:
This is the Route Origin, R7 Configuration:Current configuration : 103 bytes!interface Loopback0 ip address 10.0.0.7 255.255.255.255 ipv6 address 2001:DB8:678:B000::1/128end!router isis fred net 39.d000.0000.0000.0007.00
The R7 configuration is missing the route-map out so the next hop is 10.0.0.7 coded in an IPv6 address ::FFFF:10.0.0.7.R7#conf tEnter configuration commands, one per line. End with CNTL/Z.R7(config)#router bgp 100R7(configrouter)#addressfamily ipv6R7(configrouteraf)# neighbor 10.0.0.201 routemap fred outR7(configrouteraf)# neighbor 10.0.0.201 routemap setloc inR7(configrouteraf)#
This is the route map:
routemap setloc permit 10 set localpreference 150!routemap fred permit 10 set ipv6 nexthop 2001:DB8:678:B000::1!
Now let's check the same path on R1
R1>show bgp ipv6 unicast 2001:DB8:ABC2::/48BGP routing table entry for 2001:DB8:ABC2::/48, version 159Paths: (3 available, best #3, table Default) Not advertised to any peer 65000 2001:DB8:678:B000::1 (metric 20) from 10.0.0.201 (10.201.0.1) Origin incomplete, metric 0, localpref 150, valid, internal Originator: 10.0.0.7, Cluster list: 10.201.0.1 65000 2001:DB8:678:B000::1 (metric 20) from 10.0.0.200 (10.0.0.201) Origin incomplete, metric 0, localpref 150, valid, internal Originator: 10.0.0.7, Cluster list: 10.0.0.201 65000 2001:DB8:678:B000::1 (metric 20) from 10.0.0.5 (10.0.0.5) Origin incomplete, metric 0, localpref 150, valid, internal, best Originator: 10.0.0.7, Cluster list: 10.0.0.5
Now the next hop is 2001:DB8:678:B000::1 instead of ::ffff:10.0.0.7
Route-ReflectorsThe Route-Reflectors are used to scale BGP, the confederation can also be used but it is more complex for the same result. With Route-Reflectors you can make multiple levels of hierarchy to consolidate all the Networks in some cases.
Peer-GroupIt is possible to group a number of neighbors in a peer-group. Then any configuration on the group will apply all the group routers. It consumes also less CPU as it group the effort to apply something to a known group having the same policy.Example below on the Route-Reflector R5 BGP Configuration before peer group:router bgp 100 bgp logneighborchanges neighbor 10.0.0.1 remoteas 100 neighbor 10.0.0.1 updatesource Loopback0 neighbor 10.0.0.3 remoteas 100 neighbor 10.0.0.3 updatesource Loopback0 neighbor 10.0.0.4 remoteas 100 neighbor 10.0.0.4 updatesource Loopback0 neighbor 10.0.0.6 remoteas 100 neighbor 10.0.0.6 updatesource Loopback0 neighbor 10.0.0.7 remoteas 100 neighbor 10.0.0.7 updatesource Loopback0 neighbor 10.0.0.200 remoteas 100 neighbor 10.0.0.200 updatesource Loopback0 neighbor 10.0.0.201 remoteas 100 neighbor 10.0.0.201 updatesource Loopback0 ! addressfamily ipv4 neighbor 10.0.0.1 activate neighbor 10.0.0.1 routereflectorclient neighbor 10.0.0.3 activate neighbor 10.0.0.3 routereflectorclient neighbor 10.0.0.4 activate neighbor 10.0.0.4 routereflectorclient neighbor 10.0.0.6 activate neighbor 10.0.0.6 routereflectorclient neighbor 10.0.0.7 activate neighbor 10.0.0.7 routereflectorclient neighbor 10.0.0.200 activate neighbor 10.0.0.200 routereflectorclient neighbor 10.0.0.201 activate no autosummary no synchronization exitaddressfamily ! addressfamily ipv6 neighbor 10.0.0.1 activate neighbor 10.0.0.1 routereflectorclient neighbor 10.0.0.3 activate neighbor 10.0.0.3 routereflectorclient neighbor 10.0.0.4 activate neighbor 10.0.0.4 routereflectorclient neighbor 10.0.0.6 activate neighbor 10.0.0.6 routereflectorclient neighbor 10.0.0.7 activate neighbor 10.0.0.7 routereflectorclient
neighbor 10.0.0.200 activate neighbor 10.0.0.200 routereflectorclient neighbor 10.0.0.201 activate no synchronization maximumpaths 2 exitaddressfamily ! Now let's configure a PeerGroup for all CISCO IOS Neighbors and configure it: router bgp 100 bgp logneighborchanges neighbor fred peergroup neighbor fred remoteas 100 neighbor fred description all clients neighbor fred updatesource Loopback0 neighbor 10.0.0.1 peergroup fred neighbor 10.0.0.3 peergroup fred neighbor 10.0.0.4 peergroup fred neighbor 10.0.0.6 peergroup fred neighbor 10.0.0.7 peergroup fred neighbor 10.0.0.200 peergroup fred neighbor 10.0.0.201 peergroup fred ! addressfamily ipv4 neighbor fred routereflectorclient neighbor fred maximumprefix 5000 warningonly neighbor 10.0.0.1 activate neighbor 10.0.0.3 activate neighbor 10.0.0.4 activate neighbor 10.0.0.7 activate neighbor 10.0.0.200 activate neighbor 10.0.0.201 activate no autosummary no synchronization exitaddressfamily ! addressfamily ipv6 neighbor fred routereflectorclient neighbor fred maximumprefix 5000 warningonly neighbor 10.0.0.1 activate neighbor 10.0.0.3 activate neighbor 10.0.0.4 activate neighbor 10.0.0.7 activate neighbor 10.0.0.200 activate neighbor 10.0.0.201 activate no synchronization maximumpaths 2 Exitaddressfamily
R5(config)#router bgp 100 R5(configrouter)#addressfamily ipv6 R5(configrouteraf)#neighbor fred activate % Peergroups are automatically activated when parameters are configured
The version I used did not let me enter the command neighbor fred activate ! May be a problem now fixed in a newer release of IOS.
8.7 Security and MD5 Password.On CISCO IOS, you can limit the maximum number of prefixes that you accept to receive because when a router runs out of memory it crashes! You use the command to set a limit which only send a console message. But in this case you need to monitor your
Adding a password to all the neighbors is easy now that we have configured a peer group on the Route-Reflector. Only apply the password to the peer-group!
R5(configrouteraf)#neighbor fred password 1 secret
Now I need to configure the secret passwor everywhere !R6#conf tEnter configuration commands, one per line. End with CNTL/Z.R6(config)#router bgp 100R6(configrouter)#neighbor 10.0.0.5 password 1 secretR6(configrouter)#*Mar 29 14:30:06.988: %TCP6BADAUTH: No MD5 digest from 10.0.0.5(179) to 10.0.0.6(20968) (RST)*Mar 29 14:30:08.984: %TCP6BADAUTH: No MD5 digest from 10.0.0.5(179) to 10.0.0.6(20968) (RST)*Mar 29 14:30:12.988: %TCP6BADAUTH: No MD5 digest from 10.0.0.5(179) to 10.0.0.6(20968) (RST)*Mar 29 14:30:20.988: %TCP6BADAUTH: No MD5 digest from 10.0.0.5(179) to 10.0.0.6(20968) (RST)
*Mar 29 14:30:58.272: %BGP5ADJCHANGE: neighbor 10.0.0.5 Up
9.Useful Cisco BGP IPv6 Commands Explained. Sunday, March 30, 2014
9. Useful Cisco BGP IPv6 Commands Explained
9.1. Show bgp ipv6 unicast summaryThis is the first command to check the status of a router.
R6#show bgp ipv6 unicast summary BGP router identifier 10.0.0.6, local AS number 100BGP table version is 80, main routing table version 8011 network entries using 1716 bytes of memory11 path entries using 836 bytes of memory3/1 BGP path/bestpath attribute entries using 504 bytes of memory1 BGP ASPATH entries using 24 bytes of memory0 BGP routemap cache entries using 0 bytes of memory0 BGP filterlist cache entries using 0 bytes of memoryBitfield cache entries: current 2 (at peak 3) using 64 bytes of memoryBGP using 3144 total bytes of memoryBGP activity 51/25 prefixes, 115/89 paths, scan interval 60 secs
The first lines gives you a quick status on the resources consumed by the router.
Then the last lines gives a status for each neighbor, the BGP Version (V), which AS it belongs to, The number of messages received and sent. Each time the BGP table is updated the Table Version increases, so the TblVer column gives you an indication of BGP stability.
Then the Input and Output Queues will tell you if the router is clear to process all the messages.
Finally and may be the most important. Up/Down tells you for how long the link is Up or Down.
If Up it tells in the next column (State/PfxRcd) how many prefixes are received and sent. If
it is not Up, it gives the state and for how long it is Down. Be careful, the state Active means
that it is Actively trying to set the connection up. Remember, BGP session takes place over TCP.
The same command with a prefix instead of summary is very useful to troubleshoot BGP and
the CISCO documentation is not very detailed about each field. So I tried to make it clear in the next chapter.
9.Useful Cisco BGP IPv6 Commands Explained. Sunday, March 30, 2014
9.2. Show bgp ipv6 X:X:X...::X/X
R6#show bgp ipv6 unicastBGP table version is 102, local router ID is 10.0.0.6Status codes: s suppressed, d damped, h history, * valid, > best, i internal, r RIBfailure, S StaleOrigin codes: i IGP, e EGP, ? incomplete
Network Next Hop Metric LocPrf Weight Path*> 2001:DB8:ABC0::/48 2001:DB8:5A:F6::8 0 0 64000 ?*> 2001:DB8:ABC1::/48 2001:DB8:5A:F6::8 0 0 64000 ?
Illustration 9: Show bgp ipv6 unicast xxxx:xxx...::/y Explained
. Sunday, March 30, 2014
9.3. Show bgp ipv6 neighborThis is a very detailed command that is not very often needed as the summary is more than enough to resolve most cases.
R6#show bgp ipv6 neighborBGP neighbor is 10.0.0.5, remote AS 100, internal link BGP version 4, remote router ID 10.0.0.5 BGP state = Established, up for 05:37:10 Last read 00:00:42, last write 00:00:42, hold time is 180, keepalive interval is 60 seconds Neighbor capabilities: Route refresh: advertised and received(new) New ASN Capability: advertised and received Address family IPv4 Unicast: advertised and received Address family IPv6 Unicast: advertised and received Message statistics: InQ depth is 0 OutQ depth is 0 Sent Rcvd Opens: 5 5 Notifications: 0 0 Updates: 33 32 Keepalives: 392 388 Route Refresh: 0 0 Total: 430 425 Default minimum time between advertisement runs is 0 seconds
For address family: IPv4 Unicast BGP table version 81, neighbor version 81/0 Output queue size : 0 Index 2, Offset 0, Mask 0x4 2 updategroup member NEXT_HOP is always this router Sent Rcvd Prefix activity: Prefixes Current: 10 5 (Consumes 260 bytes) Prefixes Total: 10 5 Implicit Withdraw: 0 0 Explicit Withdraw: 0 0 Used as bestpath: n/a 5 Used as multipath: n/a 0
Outbound Inbound Local Policy Denied Prefixes: ORIGINATOR loop: n/a 10 Bestpath from this peer: 5 n/a Total: 5 10
Number of NLRIs in the update sent: max 10, min 10
For address family: IPv6 Unicast BGP table version 102, neighbor version 102/0 Output queue size : 0 Index 2, Offset 0, Mask 0x4 2 updategroup member Outbound path policy configured Route map for outgoing advertisements is fred Sent Rcvd Prefix activity: Prefixes Current: 11 0
10.Checking data plane of BGP Recursive routes. Sunday, March 30, 2014
10. Checking data plane of BGP Recursive routesIPv6 BGP Routes often have two levels of Recursion for forwarding as the next hop is a Remote Global Unicast Address which can be recursively resolved with a local Global Unicast Address which is recursively resolved by a Link-Local Address.
10.1 Mind the BGP Next-hop RuleAll the BGP routes learned from an iBGP session are Recursive so you must check that the BGP next hop is reachable. This is the first condition for a BGP remote route to get used.
Remember the Next hop rule for BGP. eBGP speakers change the Next-hop to the interfaces addresses which advertize their routes. iBGP never changes the Next-Hop. So the remote BGP speaker which receives the iBGP update MUST be able to reach the eBGP neighbor interface. This is a problem if we use Link-Local addresses for peering as these addresses are not routable. So it must be changed by a route-map when we transmit the path to the Route-Reflector.
In the configuration below next-hop-self is used for IPv4 and a route-map for IPv6.
If we don't change the next-hop for IPv6 with this route-map it would have used the loopback IPv4 address written in IPv6 format ::ffff:10.0.0.6 for R6 and ::ffff:10.0.0.7 for R7. The address used by the nexthop is the loopback address and is advertized by OSPFv3.
10.Checking data plane of BGP Recursive routes. Sunday, March 30, 2014
10.2 Check the BGP data path on CISCO Routers (CEFv6)In our lab the exit point to the Internet is set via R7 even for R6 which has a local connection to the Internet because we set the Local Preference to a higher value (150) for the routes coming in R7 than the default (100). This preempt Administrative distance which would have preferred an eBGP route (20) over an iBGP (200).
This is a breakdown of the data path via IPv6 CEF7.
R6#show ipv6 route 2001:DB8:ABC7::/48Routing entry for 2001:DB8:ABC7::/48 Known via "bgp 100", distance 200, metric 0, type internal Route count is 1/1, share count 0 Routing paths: 2001:DB8:678:B000::12001:DB8:678:B000::1 Last updated 00:16:37 ago
There are two parallel paths to reach the next-hop: 2001:DB8:678:B000::12001:DB8:678:B000::1
R6#show ipv6 cef 2001:DB8:ABC7::/48 internal 2001:DB8:ABC7::/48, epoch 0, RIB[B], refcount 4, perdestination sharing sources: RIB feature space: IPRM: 0x00018000 ifnums: GigabitEthernet1/0(6): FE80::C805:1BFF:FE4F:70 GigabitEthernet2/0(7): FE80::C809:1BFF:FE64:70 path 6825F4B0, path list 6825E4B0, share 1/1, type recursive nexthop, for IPv6, flags resolved, eos indirection recursive via 2001:DB8:678:B000::1[IPv6:Default], fib 682618A8, 1 terminal fib path 6825FB7C, path list 6825E88C, share 1/1, type attached nexthop, for IPv6 nexthop FE80::C805:1BFF:FE4F:70 GigabitEthernet1/0, adjacency IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 66F19CC0 path 6825FB08, path list 6825E88C, share 0/1, type attached nexthop, for IPv6 nexthop FE80::C809:1BFF:FE64:70 GigabitEthernet2/0, adjacency IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80 output chain: loadinfo 682F62CC, persession, 2 choices, flags 0005, 15 locks flags: Persession, forrxIPv6
7 Cisco Express Forwarding, the CISCO data path engine. When a packet get into the router, an interrupt is sent to the CPU and a decision is made if the packet can be switched in interrupt mode by CEFv6 or be Queued and sent when the IPv6 Queue Manager will have the its processor time shared slice.
10.Checking data plane of BGP Recursive routes. Sunday, March 30, 2014
16 hash buckets < 0 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 66F19CC0 < 1 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80 < 2 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 66F19CC0 < 3 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80 < 4 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 66F19CC0 < 5 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80 < 6 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 66F19CC0 < 7 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80 < 8 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 66F19CC0 < 9 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80 <10 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 66F19CC0 <11 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80 <12 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 66F19CC0 <13 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80 <14 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 66F19CC0 <15 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80 Subblocks: None
These hash buckets are pointing to the two IPv6 CEF Adjacencies. If something is broken there you can have routes and all seems good from the control plane level but there will be no correct forwarding or no forwarding at all!
11. Checking RedundancyLet's check a BGP Internet route entry on R6.
R6#show ipv6 route 2001:DB8:ABC0::/48 Routing entry for 2001:DB8:ABC0::/48 Known via "bgp 100", distance 200, metric 0, type internal Route count is 1/1, share count 0 Routing paths: 2001:DB8:678:B000::1 Last updated 00:35:18 ago
Now, the BGP entry:
R6#show bgp ipv6 unicast 2001:DB8:ABC0::/48 BGP routing table entry for 2001:DB8:ABC0::/48, version 69Paths: (2 available, best #1, table Default) Advertised to updategroups: 1 65000 2001:DB8:678:B000::1 (metric 3) from 10.0.0.5 (10.0.0.5) Origin incomplete, metric 0, localpref 150, valid, internal, best Originator: 10.0.0.7, Cluster list: 10.0.0.5 64000 2001:DB8:5A:F6::8 (FE80::C80C:1BFF:FE4F:1C) from 2001:DB8:5A:F6::8 (10.0.0.8) Origin incomplete, metric 0, localpref 100, valid, external
Now, let's shutdown the R7-R9 Link, R6 uses the local eBGP path to the Internet.
R6#show bgp ipv6 unicast 2001:DB8:ABC0::/48 BGP routing table entry for 2001:DB8:ABC0::/48, version 70Paths: (1 available, best #1, table Default) Advertised to updategroups: 2 64000 2001:DB8:5A:F6::8 (FE80::C80C:1BFF:FE4F:1C) from 2001:DB8:5A:F6::8 (10.0.0.8) Origin incomplete, metric 0, localpref 100, valid, external, best
R6#show ipv6 route 2001:DB8:ABC0::/48 Routing entry for 2001:DB8:ABC0::/48 Known via "bgp 100", distance 20, metric 0, type external Route count is 1/1, share count 0 Routing paths: FE80::C80C:1BFF:FE4F:1C, GigabitEthernet3/0 Last updated 00:02:09 ago
When we do a no shutdown on the R7-R9 Link the exit point is back to normal on R6 and other
R7(config)#interface GigabitEthernet 3/0R7(configif)#no shutdown R7(configif)#*Mar 16 07:06:37.055: %BGP5ADJCHANGE: neighbor 172.16.1.6 Up *Mar 16 07:06:37.475: %LINK3UPDOWN: Interface GigabitEthernet3/0, changed state to up*Mar 16 07:06:38.475: %LINEPROTO5UPDOWN: Line protocol on Interface GigabitEthernet3/0, changed state to up*Mar 16 07:06:40.715: %BGP5ADJCHANGE: neighbor FE80::9%GigabitEthernet3/0 Up
R6#show ipv6 route 2001:DB8:ABC0::/48 Routing entry for 2001:DB8:ABC0::/48 Known via "bgp 100", distance 200, metric 0, type internal Route count is 1/1, share count 0 Routing paths: 2001:DB8:678:B000::1 Last updated 00:01:17 ago
R6#show bgp ipv6 2001:DB8:ABC0::/48BGP routing table entry for 2001:DB8:ABC0::/48, version 91Paths: (2 available, best #1, table Default) Advertised to updategroups: 1 65000 2001:DB8:678:B000::1 (metric 3) from 10.0.0.5 (10.0.0.5) Origin incomplete, metric 0, localpref 150, valid, internal, best Originator: 10.0.0.7, Cluster list: 10.0.0.5 64000 2001:DB8:5A:F6::8 (FE80::C80C:1BFF:FE4F:1C) from 2001:DB8:5A:F6::8 (10.0.0.8) Origin incomplete, metric 0, localpref 100, valid, external
13.Why a Migration to IS-IS?. Sunday, March 30, 2014
13. Why a Migration to IS-IS?The benefits running ISIS instead of OSPF are:
• That you only run one Routing Protocol for both IPv4 and IPv6. You can run the same SPF for both IPv4 and IPv6 or have Multiple Topologies.
• IS-IS database is far more easy to read than OSPF and you do not need to study the protocol in depth to understand it.
• ISIS run over CLNS, an OSI protocol and implement safety protocols which make it a bit harder to hack than OSPFv2.
• For the refreshment of the Database, for each LSA OSPF counts from zero up to 1800 seconds, 30 minutes and refresh it because MaxAge is one hour after which the LSA is removed from consideration when computing routes.
• With IS-IS we count from zero to a configurable MaxAge that can be different for each link. To minimize the traffic overhead in a stable Network we can set it up to more than 18 hours.
• A migration to IS-IS is a very easy process and transparent for the users as we can run both protocols, then we can make the Admin distance of OSPF higher than its default to get IS-IS routes in the tables rather than OSPFv2 and OSPFv3. Obviously it is recommended to check each protocol one at a time.
• People familiar with OSPF don't have any problem to switch to OSPF. It makes their life easier.
I decided to start with all routers in the same Area Level-2. This is what most people do but for extremely large IS-IS Networks you may need multiarea.Then we do a migration to multiarea.http://www.ipv6forlife.com/Tutorial/labISIS/
14.1 Introduction and historyIS-IS is a Link State Routing Protocol like OSPF which was designed to route OSI protocol CLNS. In the early 90s we had hit the IPv4 lack of address problems and OSI was a candidate to replace IPv4 with a 20 bytes maximum long address.Only Digital followed and Decnet Phase V was OSI protocols. Later came ATM which brought some confusion. Which one to choose. IBM made the ATM 25 Mbps choice for the desktop LAN connection. ATM was sounding great as it was proposing to unified all networks in one: Data, Video, Voice Traffic could live together and each one was receiving the Quality of Service that it wanted. Many IP QoS and others are using some parts of ATM that were great for IP too.
IS-IS do not run over IPv4 or IPv6 but CLNS, this is why you need to set the NET. The NET is also used to identify an area. The NET use the lower 48 bit to identify the host, the rest which is the highest bits of the address is the area address. In our lab we are using area 39.b000.0000.0000.000x.00, where x is the Router number. When we will split the domain in 3 Area we will use 3 NET area 39.c000 and 39.d000 will be the additional Area.
IS-IS sees two different LSP8, the LSA9 counterpart of OSPF. The Router LSP and the Network LSP generated by the Designated Intermediate System (DIS). You have a Database for Level-1 and a database for Level-2 Routeing. It is not a fault, in OSI papers you will read Routeing instead of Routing. It must have been written by a French having a problem with English language. So it makes 4 different LSPs instead of 9 and more for OSPF. IS-IS LSP can be interpreted directly it is in a clear format. OSPF LSAs needs some study to be understood.
The hierarchy in IS-IS is made with 2 Levels of Routing. Level-2 Routers are Backbone Area Routers while Level-1 Area Routers are Internal non backbone routers. To connect an Area with the Backbone you need a Level-1-2 Router. The Level-1 routers only see the local Routes and have a default route to a Level-1-2 routers.
14.2 IS-IS ArchitectureAs OSPF, it also has a 2 level routing. Level-2 Routers are the Backbone. The backbone must be continuous. Area can connect to the backbone with Level-1-210 Routers. Router which are in only one area are Level 1 except for the backbone which are Level-2.
FOR THE SAKE OF SIMPLICITY, IN THE LAB WE START WITH ONE AREAIf we follow the same Architecture that we used for OSPF in previous Volume and multiple Area we would need to do Route Leaking for the eBGP routers for BGP Next-hop to be resolved in BGP Paths.The metric-style is by default narrow which means that it is limited to 63 max, it can be set to wide and be coded with 32 bits!
14.3 SecurityISIS can be secured with Passwords which is highly recommended.
14.4 Neighbor DiscoveryFor each Level, routers sends IS to IS Hello (IIH) on a regular basis.To make sure that MTU matches, the Hello are sent at MTU.
14.5 Multipoint NetworksThe neighbors discovers themselves as they send Level-2-IIH and or Level-1-IIH. IIH stands for IS-IS Hello Packets.
For the Multipoint networks, IS-IS has an approach similar to OSPF. It elects a Designated Intermediate System (DIS). There is no backup DIS as it is not needed, any router can take over immediately the DIS role if it fails.
As for the OSPF DR, the DIS helps for two things:• It generates a Pseudonode LSP to which it is also connected to on the behalf of all
the Neighbors of the Network.• It helps Neighbors Synchronization by sending a CSNP2 message on a regular time
basis. This CSNP11 advertises the headers of all the LSP12s of the Database. If a Neighbor noticed that it has a missing or out-of-date LSP, it sends a PSNP Request to get the Last LSP.
No. Time Source Destination Protocol Length Info 13 8.726791 ca:07:1b:4f:00:54 ISISalllevel2IS's ISIS 310 L2 CSNP, SourceID: 0000.0000.0003.00, Start LSPID: 0000.0000.0000.0000, End LSPID: ffff.ffff.ffff.ffff
The CSNP are used on Point to Point at initialization only to make sure that the two ends are in synchronization. On Broadcast Networks, on a regular basis, every 10 seconds with a variation of about 3 seconds max to avoid synchronization.
11 Complete Sequence Number Packet12 Link State Packet or LSP which populate the IS-IS database.
14.6 Point to Point NetworksOn the Point-to-Point Networks we also use CSNP but only just after we discovered the neighbor with the P2P IIH for Point-to-Point IS-IS to IS-IS Hello message.
15. Migration Steps
15.1. Backbone ConfigurationConfiguration of the Core routers is very straightforward. You need to give a unique NET for each router 39.b000.0000.0000.000X.00 , x is the router number. The NET is the CLNS Address of the Router, it defines the Area, here 39.b000 is the Area Address and 0003 is the Router number.
router isis fred istype level2only net 39.b000.0000.0000.0003.00 passiveinterface lo0
interface GigabitEthernet0/0 ip router isis fred ipv6 router isis fred
Repeat the same for each core interface...
15.2 Verification that ISIS is running OK.
Check IS-IS neighborsThe easiest way is to run the command “show clns neighbor” on each node and check that the old OSPF neighbors are now also IS-IS neighbor.
R4> show clns neighbors
System Id Interface SNPA State Holdtime Type ProtocolR7 Gi3/0 ca0b.1b64.0008 Up 9 L2 ISISR1 Gi0/0 ca05.1b4f.001c Up 27 L2 ISISR5 Gi2/0 ca09.1b64.0038 Up 9 L2 ISISR3 Gi1/0 ca07.1b4f.001c Up 24 L2 ISIS
You can also us “show isis neighbors”
R4>show isis neighbors
System Id Type Interface IP Address State Holdtime Circuit IdR7 L2 Gi3/0 10.1.0.2 UP 9 R7.01 R1 L2 Gi0/0 10.0.1.1 UP 23 R4.01 R5 L2 Gi2/0 10.0.1.14 UP 7 R5.03 R3 L2 Gi1/0 10.0.1.18 UP 21 R4.02
To inspect a LSP3 in particular in the Database, for instance R4.R4 generated 2 LSP: One is the Router LSP and one because this router is also DIS4 for a LAN and is the equivalent of the DR for OSPF.
R4>show isis database R4.0000 detail
ISIS Level2 LSP R4.0000LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OLR4.0000 * 0x00000011 0x031B 1149 0/0/0 Area Address: 39.b000 NLPID: 0xCC 0x8E Hostname: R4 IP Address: 10.1.0.1 IPv6 Address: 2001:DB8:678:A000::1 Metric: 10 IS R4.02 Metric: 10 IS R4.01 Metric: 10 IS R7.01 Metric: 10 IS R5.03 Metric: 10 IP 10.0.1.0 255.255.255.252 Metric: 10 IP 10.0.1.12 255.255.255.252 Metric: 10 IP 10.0.1.16 255.255.255.252 Metric: 10 IP 10.1.0.0 255.255.255.252 Metric: 10 IPv6 2001:DB8:678:1::/64 Metric: 10 IPv6 2001:DB8:678:17::/64 Metric: 10 IPv6 2001:DB8:678:22::/64 Metric: 10 IPv6 2001:DB8:678:A000::/64
You have both the Topology information, the Neighbor Router IS and the Prefixes advertized by the
node in the Router LSP.Now let's take a look at the DIS Pseudo-node LSP. We know it is a Pseudo-node LSP because of the 01 in R4.01-00 which is different from 0, the Router LSP. This one is purely Topology and gives all the neighbors of a Multipoint Network.Also note that the second digit after – is 00 because it is fragment 0. In case we have a LSP too big for the MTU5, we fragment is and this number is the fragment number.
R4>show isis database R4.0100 detail
ISIS Level2 LSP R4.0100LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OLR4.0100 * 0x00000009 0x0AC3 985 0/0/0 Metric: 0 IS R4.00 Metric: 0 IS R1.00
Remove OSPF for IPv4 and check the IPv4 Routing tableR1#conf tTo check that ISISis OK takink no risk to have missing routes, change the OSPF Administrative distance to 120 and check that the ISIS routes are replacing the OSPF:
R5(configrouter)#distance 120
If you have a very large routing table you could start high level with a “show ip route summary” and “show ipv6 route summary”. This gives you the most important information.
R5#how ip route*Mar 18 22:57:51.756: %SYS5CONFIG_I: Configured from console by consolesCodes: C connected, S static, R RIP, M mobile, B BGP D EIGRP, EX EIGRP external, O OSPF, IA OSPF inter area N1 OSPF NSSA external type 1, N2 OSPF NSSA external type 2 E1 OSPF external type 1, E2 OSPF external type 2 i ISIS, su ISIS summary, L1 ISIS level1, L2 ISIS level2 ia ISIS inter area, * candidate default, U peruser static route o ODR, P periodic downloaded static route
Gateway of last resort is not set
B 202.3.6.0/24 [200/0] via 10.0.0.6, 1d06hB 202.3.7.0/24 [200/0] via 10.0.0.6, 1d06hB 202.3.4.0/24 [200/0] via 10.0.0.6, 1d06hB 202.3.5.0/24 [200/0] via 10.0.0.6, 1d06hB 202.3.2.0/24 [200/0] via 10.0.0.6, 1d06hB 202.3.3.0/24 [200/0] via 10.0.0.6, 1d06hB 202.3.0.0/24 [200/0] via 10.0.0.6, 1d06hB 202.3.1.0/24 [200/0] via 10.0.0.6, 1d06h 10.0.0.0/8 is variably subnetted, 16 subnets, 2 masksC 10.0.1.8/30 is directly connected, GigabitEthernet1/0C 10.0.1.12/30 is directly connected, GigabitEthernet2/0i L2 10.2.0.0/30 [115/20] via 10.2.0.6, GigabitEthernet4/0 [115/20] via 10.0.1.9, GigabitEthernet1/0O 10.0.0.3/32 [120/2] via 10.0.1.21, 00:00:06, GigabitEthernet0/0i L2 10.1.0.0/30 [115/20] via 10.0.1.13, GigabitEthernet2/0i L2 10.0.1.0/30 [115/20] via 10.0.1.13, GigabitEthernet2/0 [115/20] via 10.0.1.9, GigabitEthernet1/0i L2 10.0.0.1/32 [115/10] via 10.0.1.9, GigabitEthernet1/0C 10.2.0.4/30 is directly connected, GigabitEthernet4/0O 10.0.0.6/32 [120/2] via 10.2.0.6, 00:00:06, GigabitEthernet4/0O IA 10.0.0.7/32 [120/3] via 10.0.1.21, 00:00:06, GigabitEthernet0/0 [120/3] via 10.0.1.13, 00:00:06, GigabitEthernet2/0O 10.0.0.4/32 [120/2] via 10.0.1.13, 00:00:06, GigabitEthernet2/0i L2 10.1.0.4/30 [115/20] via 10.0.1.21, GigabitEthernet0/0i L2 10.0.1.4/30 [115/20] via 10.0.1.21, GigabitEthernet0/0 [115/20] via 10.0.1.9, GigabitEthernet1/0C 10.0.0.5/32 is directly connected, Loopback0i L2 10.0.1.16/30 [115/20] via 10.0.1.21, GigabitEthernet0/0 [115/20] via 10.0.1.13, GigabitEthernet2/0C 10.0.1.20/30 is directly connected, GigabitEthernet0/0B 202.3.8.0/24 [200/0] via 10.0.0.6, 1d06hB 202.3.9.0/24 [200/0] via 10.0.0.6, 1d06h
Here we still have OSPF routes meaning that some routers have not been configured properly. In our example as 10.0.0.3 is still an OSPF routes we probably have forgotten to configure IS-IS properly on R3.
Let's check other routes:
R5#show ip route 10.0.1.16Routing entry for 10.0.1.16/30 Known via "isis", distance 115, metric 20, type level2 Redistributing via isis
Last update from 10.0.1.13 on GigabitEthernet2/0, 00:05:13 ago Routing Descriptor Blocks: * 10.0.1.21, from 10.0.1.6, via GigabitEthernet0/0 Route metric is 20, traffic share count is 1 10.0.1.13, from 10.1.0.1, via GigabitEthernet2/0 Route metric is 20, traffic share count is 1
Check the Router data plane (CEF and CEFv6) R5#show ip cef 10.0.1.1610.0.1.16/30 nexthop 10.0.1.13 GigabitEthernet2/0 nexthop 10.0.1.21 GigabitEthernet0/0
R5#show ip cef 10.0.1.16 internal10.0.1.16/30, epoch 0, RIB[I], refcount 5, perdestination sharing sources: RIB feature space: IPRM: 0x00038000 ifnums: GigabitEthernet0/0(5): 10.0.1.21 GigabitEthernet2/0(7): 10.0.1.13 path 66EC3CE4, path list 66EC2CE0, share 1/1, type attached nexthop, for IPv4 nexthop 10.0.1.13 GigabitEthernet2/0, adjacency IP adj out of GigabitEthernet2/0, addr 10.0.1.13 66F19380 path 66EC3D58, path list 66EC2CE0, share 1/1, type attached nexthop, for IPv4 nexthop 10.0.1.21 GigabitEthernet0/0, adjacency IP adj out of GigabitEthernet0/0, addr 10.0.1.21 66F194C0 output chain: loadinfo 683E0EAC, persession, 2 choices, flags 0003, 6 locks flags: Persession, forrxIPv4 16 hash buckets < 0 > IP adj out of GigabitEthernet2/0, addr 10.0.1.13 66F19380 < 1 > IP adj out of GigabitEthernet0/0, addr 10.0.1.21 66F194C0 < 2 > IP adj out of GigabitEthernet2/0, addr 10.0.1.13 66F19380 < 3 > IP adj out of GigabitEthernet0/0, addr 10.0.1.21 66F194C0 < 4 > IP adj out of GigabitEthernet2/0, addr 10.0.1.13 66F19380 < 5 > IP adj out of GigabitEthernet0/0, addr 10.0.1.21 66F194C0 < 6 > IP adj out of GigabitEthernet2/0, addr 10.0.1.13 66F19380 < 7 > IP adj out of GigabitEthernet0/0, addr 10.0.1.21 66F194C0 < 8 > IP adj out of GigabitEthernet2/0, addr 10.0.1.13 66F19380 < 9 > IP adj out of GigabitEthernet0/0, addr 10.0.1.21 66F194C0 <10 > IP adj out of GigabitEthernet2/0, addr 10.0.1.13 66F19380 <11 > IP adj out of GigabitEthernet0/0, addr 10.0.1.21 66F194C0 <12 > IP adj out of GigabitEthernet2/0, addr 10.0.1.13 66F19380 <13 > IP adj out of GigabitEthernet0/0, addr 10.0.1.21 66F194C0 <14 > IP adj out of GigabitEthernet2/0, addr 10.0.1.13 66F19380 <15 > IP adj out of GigabitEthernet0/0, addr 10.0.1.21 66F194C0 Subblocks: None
Troubleshoot a bug with an Incomplete Adjacency. Found a Bug Entry in the Adjacency table.
IP GigabitEthernet0/0 10.0.1.21(28) 955 packets, 61599 bytes epoch 0 sourced in sevepoch 0 Encap length 14 CA071B4F0038CA091B6400080800 ARPIPV6 GigabitEthernet0/0 FE80::C807:1BFF:FE4F:38(39) (incomplete) 39 packets, 3042 bytes epoch 0 sourced in sevepoch 0 punt (ratelimited) packets no src set Punt means that is cannot be CEF switched and is punted to next level which is no good (see below). In this situation you need to check what's wrong. The image I used for this lab is really an old image and I suspect a bug as I have received other console message using OSPF or ISIS. It reminds me a bug with an Ethernet driver who was not able to deal with a small load of traffic! This punt is for IPv6 Traffic we have not yet switched to IS-IS for IPv6The address belongs to its neighbor which is cool and the other interface is OK! So it sounds like a bug if it is persistant.In this case you should troubleshoot the problem until the entry is no longer Punt. Punt means that the destination is not CEFv6 switched but switched by the processor when the IPv6 Queue will have its shared time slice. It is rate limited to avoid that the processor gets on its knees, so packets can be dropped!
Get to the TAC or your CISCO dealer if you cannot make it!
In my case I moved Gig0/0 to Gig3/0 which was free and leaved Gig0/0 which is the interface on the processor board on the c7200 which should not be used for switching traffic but for admin. I reloaded the router and the problem disappeared. Fortunately many bugs have easy workaround:
R4#conf tEnter configuration commands, one per line. End with CNTL/Z.R4(config)#no router ospf 1R4(config)#int g0/0R4(configif)#no ipv6 ospf 1 area 0R4(configif)#int g1/0R4(configif)#no ipv6 ospf 1 area 0R4(configif)#int g2/0R4(configif)#no ipv6 ospf 1 area 0R4(configif)#int g3/0R4(configif)#no ipv6 ospf 1 area 0R4(configif)#int g4/0R4(configif)#no ipv6 ospf 1 area 0*Mar 18 23:26:28.540: %OSPF5ADJCHG: Process 1, Nbr 10.0.0.5 on GigabitEthernet2/0 from FULL to DOWN, Neighbor Down: Interface down or detached*Mar 18 23:26:28.580: %OSPF5ADJCHG: Process 1, Nbr 10.0.0.7 on GigabitEthernet3/0 from FULL to DOWN, Neighbor Down: Interface down or detached*Mar 18 23:26:28.636: %OSPFv35ADJCHG: Process 1, Nbr 10.0.0.1 on GigabitEthernet0/0 from FULL to DOWN, Neighbor Down: Interface down or detached*Mar 18 23:26:28.676: %OSPFv35ADJCHG: Process 1, Nbr 10.0.0.3 on GigabitEthernet1/0 from FULL to DOWN, Neighbor Down: Interface down or detached*Mar 18 23:26:28.684: %OSPFv35ADJCHG: Process 1, Nbr 10.0.0.5 on GigabitEthernet2/0 from FULL to DOWN, Neighbor Down: Interface down or detachedR4(configif)#do show ipv6 routeIPv6 Routing Table Default 30 entriesCodes: C Connected, L Local, S Static, U Peruser Static route B BGP, M MIPv6, R RIP, I1 ISIS L1 I2 ISIS L2, IA ISIS interarea, IS ISIS summary, D EIGRP EX EIGRP external O OSPF Intra, OI OSPF Inter, OE1 OSPF ext 1, OE2 OSPF ext 2 ON1 OSPF NSSA ext 1, ON2 OSPF NSSA ext 2C 2001:DB8:678:1::/64 [0/0] via GigabitEthernet0/0, directly connected
L 2001:DB8:678:1::4/128 [0/0] via GigabitEthernet0/0, receiveI2 2001:DB8:678:2::/64 [115/20] via FE80::C807:1BFF:FE4F:1C, GigabitEthernet1/0 via FE80::C805:1BFF:FE4F:1C, GigabitEthernet0/0O 2001:DB8:678:3::/64 [110/2] via FE80::C80B:1BFF:FE64:8, GigabitEthernet3/0C 2001:DB8:678:17::/64 [0/0] via GigabitEthernet1/0, directly connectedL 2001:DB8:678:17::4/128 [0/0] via GigabitEthernet1/0, receiveC 2001:DB8:678:22::/64 [0/0] via GigabitEthernet2/0, directly connectedL 2001:DB8:678:22::3/128 [0/0] via GigabitEthernet2/0, receive [snip]
Then we check that BGP Recursive Route entries are properly resolved by CEF following the same methods that has been demonstrated many time in the previous Lab book.
15.3. Backbone Migration strategiesThe most conservative strategy I can see is:
1. You start configuring ISIS with a distance very high. Be careful this must be set for address-family ipv4 and address-family ipv6 separately. This way you can check all your IS-IS initialization is going OK. Distance 255 and the route will never go in the Routing table!1. Check the neighbors for each router. 2. Check the Database to make sure all LSPs are there
2. If OK change Administrative distance to be lower than OSPF for both address-family again.
3. You should only see IS-IS Route IPv4 and IPv6 and no more OSPF. 4. Then you can check CEF and CEFv6 initialization of a few strategic points.5. You can leave OSPF configurations a few days before removing it as it consumes
resources for nothing else but backup and IS-IS code is very stable so the risk of a bug with IS-IS is very limited! You need to set SYSLOG to log any OSPF routes popping up in the RIBs14.
16. ISIS TroubleshootingWe need to troubleshoot the previous problem with the routes to 10.0.0.3, 10.0.0.4, 10.0.0.6 and 10.0.0.7 learned by OSPF instead of ISIS. So we need to check IS-IS configuration of R3, R4, R- and R7. Actually These routers were not yet configured, so you see that this procedure is really seamless and transparent in the backbone. First, just make the Administrative distance of IS-IS better than OSPF and check both IPv4 and IPv6 Routing table. You should not see any OSPF routes anymore. Anyway if you do see an OSPF route it is very easy to identified the culprit.
We have already seen the commands which are necessary to troubleshoot ISIS Protocol. Now we need to review the initialization Sequence and the basic management of the LSP Flooding.
The IS-IS database is essential. You can check that each router has its Router LSP in our right level database:
isisd# show isis database R1.0000 detail Area DEAD:ISIS Level2 linkstate database:LSP ID PduLen SeqNumber Chksum Holdtime ATT/P/OLR1.0000 646 0x000000f5 0x6d65 481 0/0/0 Area Address: 39.b000 Area Address: 39.c000 Area Address: 39.d000 NLPID : 0xCC NLPID : 0x8E Hostname : R1 IPv4 Address: 10.0.0.1 Metric : 10 IS : R1.01 Metric : 10 IS : R5.00 Metric : 10 IS : R3.00 Metric : 10 IS : R4.00 Metric : 10 IPv4Internal : 10.0.1.0 255.255.255.252 Metric : 10 IPv4Internal : 10.0.1.4 255.255.255.252 [SNIP]
We can see that R1 is connected to R5, R3, R4 and pseudo-node R1.01. So let's see the IS-IS LSP of R1.01. Remember the first byte digit is the pseudonode number and the second number is the fragment number.
isisd# show isis database R1.0100 detail Area DEAD:ISIS Level2 linkstate database:LSP ID PduLen SeqNumber Chksum Holdtime ATT/P/OLR1.0100 63 0x00000004 0x84c1 1178 0/0/0 Metric : 0 IS : R1.00 Metric : 0 IS : R4.00 Metric : 0 IS : isisd.00
The pseudonode which is also the Network DIS15 is attached to R1, R4 and isisd which is the name of the Quagga process.
16.1 Optimization for GigabitEthernet P2PIS-IS sees interfaces as Broadcast or Point-to-Point.By Default, a GigabitEthernet is Broadcast.When you use it as a Point-to-point between two Routers, you should configure it for better performances. Be careful, If there is a mismatch IS-IS will not be Up. See example below.R4(configif)#do show clns neighbor
System Id Interface SNPA State Holdtime Type ProtocolR3 Gi1/0 ca07.1b4f.001c Up 275 IS ESISR7 Gi3/0 ca0b.1b64.0008 Up 9 L2 ISISR1 Gi0/0 ca05.1b4f.001c Up 28 L2 ISISR5 Gi2/0 ca09.1b64.0038 Up 8 L2 ISIS
System Id Interface SNPA State Holdtime Type ProtocolR3 Gi1/0 ca07.1b4f.001c Up 28 L2 ISISR7 Gi3/0 ca0b.1b64.0008 Up 9 L2 ISISR1 Gi0/0 ca05.1b4f.001c Up 25 L2 ISISR5 Gi2/0 ca09.1b64.0038 Up 7 L2 ISISR4#show clns neighbors Gi1/0 detail
System Id Interface SNPA State Holdtime Type ProtocolR3 Gi1/0 ca07.1b4f.001c Up 24 L2 ISIS Area Address(es): 39.b000 IP Address(es): 10.0.1.18* IPv6 Address(es): FE80::C807:1BFF:FE4F:1C Uptime: 00:01:48 NSF capable
Partial Initilalization of P2P16 CapturedThe CSNP17 gives a summary of each LSP in the Database, if the neighbor is missing or get an LSP18 which is too old it request a new one with a PSNP.
No. Time Source Destination Protocol Length Info 166 157.864755 ca:07:1b:4f:00:1c ISISalllevel2IS's ISIS 310 L2 CSNP, SourceID: 0000.0000.0003.00, Start LSPID: 0000.0000.0000.0000, End LSPID: ffff.ffff.ffff.ffff
Max.AREAs: (0==3): 0 ISO 10589 ISIS Partial Sequence Numbers Protocol Data Unit PDU length: 35 SourceID: 0000.0000.0003.00 LSP entries (16) LSPID: 0000.0000.0004.0000, Sequence: 0x00000030, Lifetime: 1198s, Checksum: 0xad2b
No. Time Source Destination Protocol Length Info 168 158.427892 ca:08:1b:4f:00:1c ISISalllevel2IS's ISIS 60 L2 PSNP, SourceID: 0000.0000.0004.00
Frame 168: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)IEEE 802.3 Ethernet Destination: ISISalllevel2IS's (01:80:c2:00:00:15) Source: ca:08:1b:4f:00:1c (ca:08:1b:4f:00:1c) Length: 38 Trailer: 0000000000000000LogicalLink Control DSAP: ISO Network Layer (0xfe) IG Bit: Individual SSAP: ISO Network Layer (0xfe) CR Bit: Command Control field: U, func=UI (0x03)ISO 10589 ISIS InTRA Domain Routeing Information Exchange Protocol Intra Domain Routing Protocol Discriminator: ISIS (0x83) PDU Header Length: 17 Version (==1): 1 System ID Length: 0 PDU Type : L2 PSNP (R:000) Version2 (==1): 1 Reserved (==0): 0 Max.AREAs: (0==3): 0 ISO 10589 ISIS Partial Sequence Numbers Protocol Data Unit PDU length: 35 SourceID: 0000.0000.0004.00 LSP entries (16) LSPID: 0000.0000.0003.0000, Sequence: 0x0000002d, Lifetime: 1197s, Checksum: 0x5dff
On a Broadcast LAN, only the DIS sends a CSNP on a regular time basis and all neighbors checks that they have the latest LSP and that the DIS got the latest LSPs from itself.
16.2 MP-BGP Checking
Address-family IPv4We check quickly the Routing table on R6 and see that the BGP routes are learned by eBGP, the wrong AS:
i L2 10.0.1.20/30 [115/20] via 10.2.0.5, GigabitEthernet2/0B 202.3.8.0/24 [20/0] via 172.16.1.2, 3d06hB 202.3.9.0/24 [20/0] via 172.16.1.2, 3d06h
R6>show bgp 202.3.9.0BGP routing table entry for 202.3.9.0/24, version 132Paths: (1 available, best #1, table DefaultIPRoutingTable) Advertised to updategroups: 2
64000 172.16.1.2 from 172.16.1.2 (10.0.0.8) Origin incomplete, metric 0, localpref 100, valid, external, best
This is wrong as we initially said in Volume 1 that the exit point should be AS 65000, AS 64000 should only be a fallback path in case of a problem. A quick look in the configuration of R7 and we find that the route-map to set the Local Preference was only applied to the IPv6 neighbor. Let's fix that:
R7#conf tEnter configuration commands, one per line. End with CNTL/Z.R7(config)#router bgp 100R7(configrouter)# addressfamily ipv4R7(configrouteraf)# neighbor 172.16.1.6 routemap setloc in
router bgp 100 bgp logneighborchanges neighbor 10.0.0.5 remoteas 100 neighbor 10.0.0.5 updatesource Loopback0 neighbor 172.16.1.6 remoteas 65000 neighbor FE80::9%GigabitEthernet3/0 remoteas 65000 addressfamily ipv4 neighbor 10.0.0.5 activate neighbor 10.0.0.5 nexthopself neighbor 172.16.1.6 activate neighbor 172.16.1.6 routemap setloc in no neighbor FE80::9%GigabitEthernet3/0 activate no autosummary no synchronization exitaddressfamily ! addressfamily ipv6 neighbor 10.0.0.5 activate neighbor 10.0.0.5 routemap fred out neighbor FE80::9%GigabitEthernet3/0 activate neighbor FE80::9%GigabitEthernet3/0 routemap setloc in exitaddressfamily!! routemap setloc permit 10 set localpreference 150!routemap fred permit 10 set ipv6 nexthop 2001:DB8:678:B000::1!
R6>show bgp ipv4 unicast 202.3.9.0BGP routing table entry for 202.3.9.0/24, version 212Paths: (2 available, best #1, table DefaultIPRoutingTable) Advertised to updategroups: 1 65000 10.0.0.7 (metric 30) from 10.0.0.5 (10.0.0.5) Origin incomplete, metric 5, localpref 150, valid, internal, best Originator: 10.0.0.7, Cluster list: 10.0.0.5 64000 172.16.1.2 from 172.16.1.2 (10.0.0.8) Origin incomplete, metric 0, localpref 100, valid, external
R6>show ip route 202.3.9.0Routing entry for 202.3.9.0/24 Known via "bgp 100", distance 200, metric 5 Tag 65000, type internal Last update from 10.0.0.7 00:15:16 ago Routing Descriptor Blocks: * 10.0.0.7, from 10.0.0.5, 00:15:16 ago Route metric is 5, traffic share count is 1
AS Hops 1 Route tag 65000
In the Routing table Next-hop is 10.0.0.7 which is the loopback of R7, our Internet Gateway which connect to AS 65000. 10.0.0.5 is the BGP Route-Reflector from which we received the update.
Address-family IPv6Let's do the same checking for IPv6 using “show ipv6 route B”R6>show ipv6 route bgp IPv6 Routing Table Default 32 entriesCodes: C Connected, L Local, S Static, U Peruser Static route B BGP, M MIPv6, R RIP, I1 ISIS L1 I2 ISIS L2, IA ISIS interarea, IS ISIS summary, D EIGRP EX EIGRP external O OSPF Intra, OI OSPF Inter, OE1 OSPF ext 1, OE2 OSPF ext 2 ON1 OSPF NSSA ext 1, ON2 OSPF NSSA ext 2B 2001:DB8:ABC0::/48 [200/0] via 2001:DB8:678:B000::1
Looks good as [200/0] means Administrative distance 200 which is the default for iBGP routes. So R6 does not use the directly connected neighbor with Administrative distance 20 but the remote to exit via AS 65000, correct!
BGP routing table entry for 2001:DB8:ABC0::/48, version 56Paths: (2 available, best #1, table Default)Multipath: eBGP Advertised to updategroups: 1 65000 2001:DB8:678:B000::1 (metric 30) from 10.0.0.5 (10.0.0.5) Origin incomplete, metric 0, localpref 150, valid, internal, best Originator: 10.0.0.7, Cluster list: 10.0.0.5 64000 2001:DB8:5A:F6::8 (FE80::C80C:1BFF:FE4F:1C) from 2001:DB8:5A:F6::8 (10.0.0.8) Origin incomplete, metric 0, localpref 100, valid, external
Let's check the Next-hop to make sure that CEF has been correctly initialized. We cannot inspect each entry but we can pick up 2 or 3 entries.
R6>show ipv6 route 2001:DB8:678:B000::1 Routing entry for 2001:DB8:678:B000::1/128 Known via "isis fred", distance 115, metric 30, type level2 Route count is 2/2, share count 0 Routing paths: FE80::C805:1BFF:FE4F:70, GigabitEthernet1/0 Last updated 18:37:02 ago FE80::C809:1BFF:FE64:70, GigabitEthernet2/0 Last updated 01:25:49 ago
R6#show ipv6 cef 2001:DB8:678:B000::1/128 internal2001:DB8:678:B000::1/128, epoch 0, RIB[I], refcount 5, perdestination sharing sources: RIB feature space: IPRM: 0x00038000 ifnums: GigabitEthernet1/0(6): FE80::C805:1BFF:FE4F:70 GigabitEthernet2/0(7): FE80::C809:1BFF:FE64:70 path 6825F8C4, path list 6825E710, share 1/1, type attached nexthop, for IPv6 nexthop FE80::C805:1BFF:FE4F:70 GigabitEthernet1/0, adjacency IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 (incomplete) path 6825F850, path list 6825E710, share 1/1, type attached nexthop, for IPv6 nexthop FE80::C809:1BFF:FE64:70 GigabitEthernet2/0, adjacency IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80 output chain: loadinfo 66EDB728, persession, 2 choices, flags 0005, 11 locks flags: Persession, forrxIPv6 16 hash buckets < 0 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 (incomplete) < 1 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80 < 2 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 (incomplete) < 3 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80 < 4 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 (incomplete) < 5 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80 < 6 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 (incomplete) < 7 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80 < 8 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 (incomplete)
< 9 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80 <10 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 (incomplete) <11 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80 <12 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 (incomplete) <13 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80 <14 > IPV6 adj out of GigabitEthernet1/0, addr FE80::C805:1BFF:FE4F:70 (incomplete) <15 > IPV6 adj out of GigabitEthernet2/0, addr FE80::C809:1BFF:FE64:70 66F19B80 Subblocks:
In this case we do have a problem with the incomplete entry. Let's check the Adjacency which should be punt again! The workaround was not yet applied. It is fixed later on.
R6#show adjacency GigabitEthernet1/0 detail Protocol Interface AddressIP GigabitEthernet1/0 10.2.0.1(36) 0 packets, 0 bytes epoch 0 sourced in sevepoch 0 Encap length 14 CA051B4F0070CA0A1B64001C0800 ARPIPV6 GigabitEthernet1/0 FE80::C805:1BFF:FE4F:70(31) (incomplete) 0 packets, 0 bytes epoch 0 sourced in sevepoch 2 punt (ratelimited) packets no src set
We need to check the connection on R6 Gig1/0.
R6(config)#do show clns neighbor detail
System Id Interface SNPA State Holdtime Type ProtocolR5 Gi2/0 ca09.1b64.0070 Up 21 L2 ISIS Area Address(es): 39.b000 IP Address(es): 10.2.0.5* IPv6 Address(es): FE80::C809:1BFF:FE64:70 Uptime: 01:36:10 NSF capableR1 Gi1/0 ca05.1b4f.0070 Up 28 L2 ISIS Area Address(es): 39.b000 IP Address(es): 10.2.0.1* IPv6 Address(es): FE80::C805:1BFF:FE4F:70 Uptime: 1d00h NSF capable
The IS-IS neighbor on R1 is UP for one day so the Interface looks pretty sane.
17.Moving to Multiarea in the first Area. Sunday, March 30, 2014
17. Moving to Multiarea in the first AreaThis is very rare as most networks can run in one Area without any problems even with hundreds of routers! In the big Network you may need to read a few books like the CISCO Press “IS-IS Network Design Solution” which is a great book and make IS-IS very easy.
As Level-1 Area are Totally Stubby speaking OSPF language, they only have the Area Local Routes and a default to the outside which will not be enough to resolve BGP Next-hop so Route Leaking will be necessary.
17.1 Migration to Multiarea Procedure.First we will configure the new Net on the Routers and configure th route leaking for the BGP Next hop from Level-2 to Level-1. We can also set static routes redistributed in BGP for the Next hop to make sure that it will be transparent for BGP.
17.Moving to Multiarea in the first Area. Sunday, March 30, 2014
R6>show ipv6 route bgp IPv6 Routing Table Default 32 entriesCodes: C Connected, L Local, S Static, U Peruser Static route B BGP, M MIPv6, R RIP, I1 ISIS L1 I2 ISIS L2, IA ISIS interarea, IS ISIS summary, D EIGRP EX EIGRP external O OSPF Intra, OI OSPF Inter, OE1 OSPF ext 1, OE2 OSPF ext 2 ON1 OSPF NSSA ext 1, ON2 OSPF NSSA ext 2B 2001:DB8:ABC0::/48 [200/0] via 2001:DB8:678:B000::1
R6>show ipv6 route 2001:DB8:678:B000::1Routing entry for 2001:DB8:678:B000::1/128 Known via "isis fred", distance 115, metric 30, type level2 Route count is 2/2, share count 0 Routing paths: FE80::C805:1BFF:FE4F:70, GigabitEthernet1/0 Last updated 19:59:44 ago FE80::C809:1BFF:FE64:70, GigabitEthernet2/0 Last updated 02:48:31 ago
The same process must be repeated for R7, the other BGP Gateway.But now start with the IS-IS configuration. For IPv4 we need to leak 10.0.0.X routes from Level-2 to Level-1.
For the border routers R1 and R5, here are the configs for IPv4 and the configuration for an interface and for the routing protocol, show clns neighbor check that we have a Level-1 Adjacency with L6.
17.2 IS-IS Multiarea Configuration
Configuring Multiarea on R1-R6-R5We start with R1-R6-R5 IPv4 configuration. The same plan must be followed for R3-R4-R7.
R1 Configuration!interface Loopback0 ip address 10.0.0.1 255.255.255.255 ipv6 address 2001:DB8:678:9000::1/128!interface GigabitEthernet1/0 ip address 10.0.1.1 255.255.255.252 ip router isis fred
17.Moving to Multiarea in the first Area. Sunday, March 30, 2014
exitaddressfamily! !accesslist 1 permit 10.0.0.0 0.0.0.255!routemap leak permit 10 match ip address 1!
R5 Configuration!interface Loopback0 ip address 10.0.0.5 255.255.255.255 ipv6 address 2001:DB8:678:9005::5/128!interface GigabitEthernet1/0 ip address 10.0.1.10 255.255.255.252 ip router isis fred negotiation auto ipv6 address 2001:DB8:678:3::5/64 ipv6 router isis fred isis network pointtopoint !interface GigabitEthernet2/0 ip address 10.0.1.14 255.255.255.252 ip router isis fred negotiation auto ipv6 address 2001:DB8:678:22::5/64 ipv6 router isis fred isis circuittype level2only isis network pointtopoint ! interface GigabitEthernet3/0 ip address 10.0.1.22 255.255.255.252 ip router isis fred duplex full speed 1000 mediatype gbic negotiation auto ipv6 address 2001:DB8:678:33::5/64 ipv6 router isis fred isis circuittype level2only isis network pointtopoint !interface GigabitEthernet4/0 ip address 10.2.0.5 255.255.255.252 ip router isis fred negotiation auto ipv6 address 2001:DB8:678:D005::5/64
17.Moving to Multiarea in the first Area. Sunday, March 30, 2014
neighbor 172.16.1.2 remoteas 64000 ! addressfamily ipv4 neighbor 10.0.0.5 activate neighbor 10.0.0.5 nexthopself no neighbor 2001:DB8:5A:F6::8 activate neighbor 172.16.1.2 activate no autosummary no synchronization exitaddressfamily ! addressfamily ipv6 neighbor 10.0.0.5 activate neighbor 10.0.0.5 routemap fred out neighbor 2001:DB8:5A:F6::8 activate no synchronization maximumpaths 2 exitaddressfamily!! routemap fred permit 10 set ipv6 nexthop 2001:DB8:678:C000::6
18. Checking configuration
18.1 Checking R5-R6-R1
show clns neighborsR5#show clns neighbors
System Id Interface SNPA State Holdtime Type ProtocolR1 Gi1/0 ca05.1b4f.0038 Up 27 L1L2 ISISR3 Gi0/0 ca07.1b4f.0038 Up 23 L2 ISISR6 Gi4/0 ca0a.1b64.0038 Up 24 L1 ISISR4 Gi2/0 ca08.1b4f.0038 Up 29 L2 ISIS
We could also use R5#show isis neighbors
System Id Type Interface IP Address State Holdtime Circuit IdR1 L1L2 Gi1/0 10.0.1.9 UP 22 02R3 L2 Gi0/0 10.0.1.21 UP 22 02R6 L1 Gi4/0 10.2.0.6 UP 23 01R4 L2 Gi2/0 10.0.1.13 UP 23 03
From IS-IS it's OK. Lee's check R6 IPv4 the Routing table:
18.Checking configuration . Sunday, March 30, 2014
Gateway of last resort is 10.2.0.1 to network 0.0.0.0
B 202.3.6.0/24 [200/5] via 10.0.0.7, 01:05:08B 202.3.7.0/24 [200/5] via 10.0.0.7, 01:05:08B 202.3.4.0/24 [200/5] via 10.0.0.7, 01:05:08B 202.3.5.0/24 [200/5] via 10.0.0.7, 01:05:08B 202.3.2.0/24 [200/5] via 10.0.0.7, 01:05:08B 202.3.3.0/24 [200/5] via 10.0.0.7, 01:05:08B 202.3.0.0/24 [200/5] via 10.0.0.7, 01:05:08 172.16.0.0/30 is subnetted, 1 subnetsC 172.16.1.0 is directly connected, GigabitEthernet3/0B 202.3.1.0/24 [200/5] via 10.0.0.7, 01:05:08 10.0.0.0/8 is variably subnetted, 9 subnets, 2 masksi L1 10.0.1.8/30 [115/20] via 10.2.0.1, GigabitEthernet1/0C 10.2.0.0/30 is directly connected, GigabitEthernet1/0i ia 10.0.0.3/32 [115/148] via 10.2.0.1, GigabitEthernet1/0i L1 10.0.0.1/32 [115/10] via 10.2.0.1, GigabitEthernet1/0C 10.2.0.4/30 is directly connected, GigabitEthernet2/0C 10.0.0.6/32 is directly connected, Loopback0i ia 10.0.0.7/32 [115/158] via 10.2.0.1, GigabitEthernet1/0i ia 10.0.0.4/32 [115/148] via 10.2.0.1, GigabitEthernet1/0i L1 10.0.0.5/32 [115/20] via 10.2.0.1, GigabitEthernet1/0B 202.3.8.0/24 [200/5] via 10.0.0.7, 01:05:08B 202.3.9.0/24 [200/5] via 10.0.0.7, 01:05:08i*L1 0.0.0.0/0 [115/10] via 10.2.0.1, GigabitEthernet1/0R6#
IPv4 Routing table is OK. We have a route to all core routers loopback 10.0.0.X.Let's check IPv6 Routing table now:
Show ipv6 route R6# show ipv6 routeIPv6 Routing Table Default 23 entriesCodes: C Connected, L Local, S Static, U Peruser Static route B BGP, M MIPv6, R RIP, I1 ISIS L1 I2 ISIS L2, IA ISIS interarea, IS ISIS summary, D EIGRP EX EIGRP external O OSPF Intra, OI OSPF Inter, OE1 OSPF ext 1, OE2 OSPF ext 2 ON1 OSPF NSSA ext 1, ON2 OSPF NSSA ext 2I1 ::/0 [115/10] via FE80::C805:1BFF:FE4F:70, GigabitEthernet1/0C 2001:DB8:5A:F6::/64 [0/0] via GigabitEthernet3/0, directly connectedL 2001:DB8:5A:F6::6/128 [0/0] via GigabitEthernet3/0, receiveI1 2001:DB8:678:3::/64 [115/20] via FE80::C805:1BFF:FE4F:70, GigabitEthernet1/0I1 2001:DB8:678:9000::1/128 [115/10]
18.Checking configuration . Sunday, March 30, 2014
via FE80::C805:1BFF:FE4F:70, GigabitEthernet1/0I1 2001:DB8:678:9005::5/128 [115/20] via FE80::C805:1BFF:FE4F:70, GigabitEthernet1/0LC 2001:DB8:678:C000::6/128 [0/0] via Loopback0, receiveC 2001:DB8:678:D004::/64 [0/0] via GigabitEthernet1/0, directly connectedL 2001:DB8:678:D004::6/128 [0/0] via GigabitEthernet1/0, receiveC 2001:DB8:678:D005::/64 [0/0] via GigabitEthernet2/0, directly connectedL 2001:DB8:678:D005::6/128 [0/0] via GigabitEthernet2/0, receiveB 2001:DB8:ABC0::/48 [200/0] via 2001:DB8:678:B000::1B 2001:DB8:ABC1::/48 [200/0] via 2001:DB8:678:B000::1B 2001:DB8:ABC2::/48 [200/0] via 2001:DB8:678:B000::1B 2001:DB8:ABC3::/48 [200/0] via 2001:DB8:678:B000::1B 2001:DB8:ABC4::/48 [200/0] via 2001:DB8:678:B000::1B 2001:DB8:ABC5::/48 [200/0] via 2001:DB8:678:B000::1B 2001:DB8:ABC6::/48 [200/0] via 2001:DB8:678:B000::1B 2001:DB8:ABC7::/48 [200/0] via 2001:DB8:678:B000::1B 2001:DB8:ABC8::/48 [200/0] via 2001:DB8:678:B000::1B 2001:DB8:ABC9::/48 [200/0] via 2001:DB8:678:B000::1B 2001:DB8:ABCA::/48 [200/0] via 2001:DB8:678:B000::1L FF00::/8 [0/0] via Null0, receive
Display R1 and R5 LSPs on R6R6#show isis database R1.0000 detail
ISIS Level1 LSP R1.0000LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OLR1.0000 0x00000014 0x49C8 594 1/0/0 Area Address: 39.b000 Area Address: 39.c000 NLPID: 0xCC 0x8E Hostname: R1
18.Checking configuration . Sunday, March 30, 2014
R7(config)#router isis fredR7(configrouter)# net 39.d000.0000.0000.0007.00R7(configrouter)#no net 39.b000.0000.0000.0007.00R7(configrouter)#istype level1
R4(configrouter)#do show clns neighbor
System Id Interface SNPA State Holdtime Type ProtocolR7 Gi3/0 ca0b.1b64.0008 Up 23 L1 ISISR3 Gi1/0 ca07.1b4f.001c Up 24 L1L2 ISISR5 Gi2/0 ca09.1b64.0038 Up 26 L2 ISISR1 Gi0/0 ca05.1b4f.001c Up 26 L2 ISIS
R3#show clns neighborqArea fred:System Id Interface SNPA State Holdtime Type ProtocolR7 Gi0/0 ca0b.1b64.001c Up 276 IS ESISR4 Gi1/0 ca08.1b4f.001c Up 23 L1L2 ISISR1 Gi3/0 ca05.1b4f.0054 Up 23 L2 ISISR5 Gi2/0 ca09.1b64.0008 Up 28 L2 ISISArea null:System Id Interface SNPA State Holdtime Type Protocol
R3#conf tEnter configuration commands, one per line. End with CNTL/Z.R3(config)#int G3/0R3(configif)#isis circuit Level2only R3(configif)#int G2/0 R3(configif)#isis circuit Level2only
Configure Route Leaking for LoopbacksR4# conf tEnter configuration commands, one per line. End with CNTL/Z.R4(config)#accesslist 1 permit 10.0.0.0 0.0.0.255 R4(config)#routemap leak permitR4(configroutemap)#match ip address 1R4(configroutemap)#router isis fredR4(configrouter)# redistribute isis ip level2 into level1 routemap leakR4(configrouter)#
18.Checking configuration . Sunday, March 30, 2014
Enter configuration commands, one per line. End with CNTL/Z.R3(config)#accesslist 1 permit 10.0.0.0 0.0.0.255 R3(config)#routemap leak permit R3(configroutemap)#match ip address 1R3(configroutemap)#router isis fredR3(configrouter)#redistribute isis ip level2 into level1 routemap leak
19. Checking the migration
19.1 Check IS-ISUse show clns neighbor as usual.
19.2 show ip routeR7#show ip routeCodes: C connected, S static, R RIP, M mobile, B BGP D EIGRP, EX EIGRP external, O OSPF, IA OSPF inter area N1 OSPF NSSA external type 1, N2 OSPF NSSA external type 2 E1 OSPF external type 1, E2 OSPF external type 2 i ISIS, su ISIS summary, L1 ISIS level1, L2 ISIS level2 ia ISIS inter area, * candidate default, U peruser static route o ODR, P periodic downloaded static route
Gateway of last resort is 10.1.0.1 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 8 subnets, 2 masksi L1 10.0.0.3/32 [115/20] via 10.1.0.1, GigabitEthernet0/0C 10.1.0.0/30 is directly connected, GigabitEthernet0/0i ia 10.0.0.1/32 [115/148] via 10.1.0.1, GigabitEthernet0/0C 10.0.0.7/32 is directly connected, Loopback0i L1 10.0.0.4/32 [115/10] via 10.1.0.1, GigabitEthernet0/0C 10.1.0.4/30 is directly connected, GigabitEthernet1/0i ia 10.0.0.5/32 [115/148] via 10.1.0.1, GigabitEthernet0/0i L1 10.0.1.16/30 [115/20] via 10.1.0.1, GigabitEthernet0/0i*L1 0.0.0.0/0 [115/10] via 10.1.0.1, GigabitEthernet0/0
19.2 show bgp connection to the RRR5#show bgp ipv6 unicast summaryBGP router identifier 10.0.0.5, local AS number 100BGP table version is 133, main routing table version 133
We have lost BGP connection from the BGP RR to the BGP Gateway 10.0.0.6!
19.3 Checking IS-ISR5#show clns neighbors detail
System Id Interface SNPA State Holdtime Type ProtocolR6 Gi4/0 ca0a.1b64.0038 Up 23 L1 ISIS Area Address(es): 39.c000 IP Address(es): 10.2.0.6* IPv6 Address(es): FE80::C80A:1BFF:FE64:38 Uptime: 00:30:34 NSF capable
R6#show clns neighbors
System Id Interface SNPA State Holdtime Type ProtocolR5 Gi2/0 ca09.1b64.0070 Up 25 L1 ISISR1 Gi1/0 ca05.1b4f.0070 Up 26 L1 ISIS
IS-IS neighbor OK from R6!
R6#show ip route isis
No IS-IS Route on R6!
R6#show isis database
ISIS Level1 Link State Database:LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OLR6.0000 * 0x00000012 0x924F 584 0/0/0R6#
19.4 Troubleshooting a bugISIS Database is empty on R6! IS-IS neighbors are OK...
R6#show isis database
ISIS Level1 Link State Database:LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OLR6.0000 * 0x00000012 0x924F 584 0/0/0R6#show clns neighbors
System Id Interface SNPA State Holdtime Type ProtocolR5 Gi2/0 ca09.1b64.0070 Up 25 L1 ISISR1 Gi1/0 ca05.1b4f.0070 Up 26 L1 ISIS
The good old troubleshooting method when all is OK but you don't get the expected result. Toggle the interface!
R6#conf tEnter configuration commands, one per line. End with CNTL/Z.R6(config)#int g2/0R6(configif)#shut R6(configif)#no shutR6(configif)#int g1/0R6(configif)#shutR6(configif)# *Mar 19 23:14:49.874: %LINK5CHANGED: Interface GigabitEthernet1/0, changed state to administratively down*Mar 19 23:14:50.874: %LINEPROTO5UPDOWN: Line protocol on Interface GigabitEthernet1/0, changed state to downno shutR6(configif)#*Mar 19 23:14:55.722: %LINK3UPDOWN: Interface GigabitEthernet1/0, changed state to up*Mar 19 23:14:56.722: %LINEPROTO5UPDOWN: Line protocol on Interface GigabitEthernet1/0, changed state to upR6(configif)#^ZR6#show clns neighbors *Mar 19 23:15:01.454: %SYS5CONFIG_I: Configured from console by console
System Id Interface SNPA State Holdtime Type ProtocolR1 Gi1/0 ca05.1b4f.0070 Up 28 L1 ISISR5 Gi2/0 ca09.1b64.0070 Up 23 L1 ISISR6#show isis database
ISIS Level1 Link State Database:LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OLR1.0000 0x0000001F 0x28DE 1196 1/0/0R5.0000 0x0000001F 0x984B 1187 1/0/0R6.0000 * 0x00000018 0xB229 1194 0/0/0R6#*Mar 19 23:15:13.538: %BGP5ADJCHANGE: neighbor 10.0.0.5 Up R6#show ip route isis 10.0.0.0/8 is variably subnetted, 9 subnets, 2 masksi L1 10.0.1.8/30 [115/20] via 10.2.0.5, GigabitEthernet2/0 [115/20] via 10.2.0.1, GigabitEthernet1/0i ia 10.0.0.3/32 [115/148] via 10.2.0.5, GigabitEthernet2/0 [115/148] via 10.2.0.1, GigabitEthernet1/0i L1 10.0.0.1/32 [115/10] via 10.2.0.1, GigabitEthernet1/0i ia 10.0.0.7/32 [115/158] via 10.2.0.5, GigabitEthernet2/0 [115/158] via 10.2.0.1, GigabitEthernet1/0i ia 10.0.0.4/32 [115/148] via 10.2.0.5, GigabitEthernet2/0
[115/148] via 10.2.0.1, GigabitEthernet1/0i L1 10.0.0.5/32 [115/10] via 10.2.0.5, GigabitEthernet2/0i*L1 0.0.0.0/0 [115/10] via 10.2.0.5, GigabitEthernet2/0 [115/10] via 10.2.0.1, GigabitEthernet1/0
19.4 Check BGP ResiliencyIPv4 Routing table is OK! Now Let's bring up the other Internet Gateway Interface on R7.
R6#show ip route bgp B 202.3.6.0/24 [20/0] via 172.16.1.2, 00:34:16B 202.3.7.0/24 [20/0] via 172.16.1.2, 00:34:16B 202.3.4.0/24 [20/0] via 172.16.1.2, 00:34:16B 202.3.5.0/24 [20/0] via 172.16.1.2, 00:34:16B 202.3.2.0/24 [20/0] via 172.16.1.2, 00:34:16B 202.3.3.0/24 [20/0] via 172.16.1.2, 00:34:16B 202.3.0.0/24 [20/0] via 172.16.1.2, 00:34:16B 202.3.1.0/24 [20/0] via 172.16.1.2, 00:34:16B 202.3.8.0/24 [20/0] via 172.16.1.2, 00:34:16B 202.3.9.0/24 [20/0] via 172.16.1.2, 00:34:16
R7#conf tEnter configuration commands, one per line. End with CNTL/Z.R7(config)#int g3/0R7(configif)#no shutR6#show ip route bgp B 202.3.6.0/24 [200/5] via 10.0.0.7, 00:01:55B 202.3.7.0/24 [200/5] via 10.0.0.7, 00:01:55B 202.3.4.0/24 [200/5] via 10.0.0.7, 00:01:55B 202.3.5.0/24 [200/5] via 10.0.0.7, 00:01:55B 202.3.2.0/24 [200/5] via 10.0.0.7, 00:01:55B 202.3.3.0/24 [200/5] via 10.0.0.7, 00:01:55B 202.3.0.0/24 [200/5] via 10.0.0.7, 00:01:55B 202.3.1.0/24 [200/5] via 10.0.0.7, 00:01:55B 202.3.8.0/24 [200/5] via 10.0.0.7, 00:01:55B 202.3.9.0/24 [200/5] via 10.0.0.7, 00:01:55R6#
Which is OK !Let's check IPv6 now!
R6#show ipv6 routeIPv6 Routing Table Default 23 entriesCodes: C Connected, L Local, S Static, U Peruser Static route B BGP, M MIPv6, R RIP, I1 ISIS L1 I2 ISIS L2, IA ISIS interarea, IS ISIS summary, D EIGRP EX EIGRP external
R1 and R5 have the ATTached bit set meaning they connect to the backbone Area. The Level-1 routers set a default route to the Level-1 routers with the ATTached bit set.
R6# show isis database R5.0000 detail
ISIS Level1 LSP R5.0000LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OLR5.0000 0x00000020 0x964C 877 1/0/0 Area Address: 39.b000 Area Address: 39.c000 NLPID: 0xCC 0x8E Hostname: R5 IP Address: 10.0.0.5 Metric: 10 IP 10.0.1.8 255.255.255.252 Metric: 10 IP 10.2.0.4 255.255.255.252 Metric: 0 IP 10.0.0.5 255.255.255.255 IPv6 Address: 2001:DB8:678:9005::5 Metric: 10 IPv6 2001:DB8:678:3::/64 Metric: 10 IPv6 2001:DB8:678:D005::/64 Metric: 0 IPv6 2001:DB8:678:9005::5/128 Metric: 10 IS R6.00 Metric: 10 IS R1.00 Metric: 138 IPInterarea 10.0.0.3 255.255.255.255 Metric: 138 IPInterarea 10.0.0.4 255.255.255.255 Metric: 148 IPInterarea 10.0.0.7 255.255.255.255
R6 and R7 are Level-1 only routers.So these are Lével 1 entry Routers LSP. So if we look at R5 Level-1 LSP from L6, it only sees R6 and R1. It has the ATTached bit meaning that it is connected to the Backbone Area.
R6>sh isis data R6.0000 detail
ISIS Level1 LSP R6.0000LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OLR6.0000 * 0x0000000A 0xA247 923 0/0/0 Area Address: 39.c000 NLPID: 0xCC 0x8E Hostname: R6 IP Address: 10.0.0.6 Metric: 10 IP 10.2.0.0 255.255.255.252 Metric: 10 IP 10.2.0.4 255.255.255.252 Metric: 10 IP 172.16.1.0 255.255.255.252 Metric: 0 IP 10.0.0.6 255.255.255.255
R7#conf tEnter configuration commands, one per line. End with CNTL/Z.R7(config)#interface GigabiEthernet3/0R7(configif)# shutdownR7#show bgp ipv6 unicast *Mar 19 23:38:48.153: %SYS5CONFIG_I: Configured from console by console*Mar 19 23:38:48.589: %LINK5CHANGED: Interface GigabitEthernet3/0, changed state to administratively downBGP table version is 89, local router ID is 10.0.0.7Status codes: s suppressed, d damped, h history, * valid, > best, i internal, r RIBfailure, S StaleOrigin codes: i IGP, e EGP, ? incomplete
Network Next Hop Metric LocPrf Weight Path*>i2001:DB8:ABC0::/48 2001:DB8:678:C000::6 0 100 0 64000 ?*>i2001:DB8:ABC1::/48 2001:DB8:678:C000::6 0 100 0 64000 ?[snip]R7#show bgp ipv6 unicast 2001:DB8:ABC5::/48BGP routing table entry for 2001:DB8:ABC5::/48, version 84Paths: (1 available, best #1, table Default) Not advertised to any peer 64000 2001:DB8:678:C000::6 (metric 10) from 10.0.0.5 (10.0.0.5) Origin incomplete, metric 0, localpref 100, valid, internal, best Originator: 10.0.0.6, Cluster list: 10.0.0.5
R7#show ipv6 route 2001:DB8:678:C000::6Routing entry for ::/0 Known via "isis fred", distance 115, metric 10, type level1 Route count is 1/1, share count 0 Routing paths: FE80::C808:1BFF:FE4F:54, GigabitEthernet0/0 Last updated 00:53:29 agoR7# show ipv6 neighbors IPv6 Address Age Linklayer Addr State InterfaceFE80::C807:1BFF:FE4F:8 176 ca07.1b4f.0008 STALE Gi1/0FE80::C808:1BFF:FE4F:54 177 ca08.1b4f.0054 STALE Gi0/0
20.Multiarea final Configurations. Sunday, March 30, 2014
neighbor 10.0.0.5 activate neighbor 10.0.0.5 routemap fred out neighbor 2001:DB8:5A:F6::8 activate no synchronization Maximumpaths 2exitaddressfamily! routemap fred permit 10 set ipv6 nexthop 2001:DB8:678:C000::6!
20.2 R1service timestamps debug datetime msecservice timestamps log datetime msecservice passwordencryption!hostname R1ip cef!ipv6 unicastroutingipv6 cef!interface Loopback0 ip address 10.0.0.1 255.255.255.255 ipv6 address 2001:DB8:678:9000::1/128!interface GigabitEthernet1/0 ip address 10.0.1.1 255.255.255.252 ip router isis fred negotiation auto ipv6 address 2001:DB8:678:1::1/64 ipv6 router isis fred isis circuittype level2only isis network pointtopoint !interface GigabitEthernet2/0 ip address 10.0.1.9 255.255.255.252 ip router isis fred negotiation auto ipv6 address 2001:DB8:678:3::1/64 ipv6 router isis fred isis network pointtopoint !interface GigabitEthernet3/0 ip address 10.0.1.5 255.255.255.252 ip router isis fred negotiation auto ipv6 address 2001:DB8:678:2::1/64 ipv6 router isis fred
20.Multiarea final Configurations. Sunday, March 30, 2014
ip address 10.0.0.5 255.255.255.255 ipv6 address 2001:DB8:678:9005::5/128!interface GigabitEthernet3/0 ip address 10.0.1.22 255.255.255.252 ip router isis fred duplex full speed 1000 mediatype gbic negotiation auto ipv6 address 2001:DB8:678:33::5/64 ipv6 router isis fred isis circuittype level2only isis network pointtopoint !interface GigabitEthernet1/0 ip address 10.0.1.10 255.255.255.252 ip router isis fred negotiation auto ipv6 address 2001:DB8:678:3::5/64 ipv6 router isis fred isis network pointtopoint !interface GigabitEthernet2/0 ip address 10.0.1.14 255.255.255.252 ip router isis fred negotiation auto ipv6 address 2001:DB8:678:22::5/64 ipv6 router isis fred isis circuittype level2only isis network pointtopoint !interface GigabitEthernet4/0 ip address 10.2.0.5 255.255.255.252 ip router isis fred negotiation auto ipv6 address 2001:DB8:678:D005::5/64 ipv6 router isis fred isis network pointtopoint !router isis fred net 39.b000.0000.0000.0005.00 net 39.c000.0000.0000.0005.00 redistribute isis ip level2 into level1 routemap leak passiveinterface Loopback0!router bgp 100 bgp logneighborchanges neighbor 10.0.0.1 remoteas 100 neighbor 10.0.0.1 updatesource Loopback0
21. What is Quagga?Quagga transforms your Linux Box into a Powerful Router running rip, ripng, ospf v2, ospf v3, is-is for ipv4 and IPv6, MP-BGP and more. It is perfect to run your Route-Reflector since PC can have enough resources to host a powerful CISCO-like Router!
It is a port on freeBSD and it is installed with a make install, clean It has a very rich environment and fit in our preceding lab with a small change in the topology.
We could have use the preceding topology with no change and run PC FreeBGP 9.2 begind the existing switch but in the real life you don't want to do that.
The IS-IS and MP-BGP daemons are configured to assume a Route-Reflector.
The PC host runs in a VirtualBox Virtual Machine. The configuration is very easy.
I have choosen freeBSD because it is free, very safe and Quagga is one of the 1000s of ports preinstalled. The installation is pretty long, you need to be connected to the Internet to fetch pieces of software as the make procedure claim them. But after more than an hour of patience in front of your screen answering questions, loading, compiling, installing and so on. Then after the make, you do a make install and a make clean and you're done. Then you need to copy some configuration sample files into /usr/local/etc/quagga. You also need to edit the file /etc/rc.conf. This information is widely available on the net. Check the opentodo.net server for more details.
This is a very good site where to find a good documentation “Configuring routing protocols with Quagga” about installing Quagga on freeBSD.
Illustration 14: Final Setup free9/Quagga and others PCs
22.Quagga Configurations. Sunday, March 30, 2014
cp zebra.conf.sample /usr/local/etc/quagga/
And then start the daemons /usr/local/etc/rc.d/quagga start
And you can then login to the zebra daemon to check the interface and the routing tables as you would do on a cisco router, then we will need to login to the IS-IS and BGP daemons.
You can edit the zebra.conf file and you can also check and modify it by logging to the zebra daemon port 2601.
/usr/local/etc/quagga/zebra.conf
! Zebra configuration saved from vty ! 2014/03/22 09:28:01 ! hostname zebra password cisco enable password cisco ! interface em0 ipv6 nd suppressra ! interface em1 ipv6 address 2001:db8:678:ffff::200/64 ip address 10.201.0.101/24 ipv6 nd suppressra !! interface lo description test of desc. ipv6 nd suppressra ! interface lo0 ip address 10.0.0.200/32 ! interface usbus0 ipv6 nd suppressra ! ip forwarding ! ! line vty !
Telnet to the Zebra daemon$ telnet localhost 2601Trying 127.0.0.1...Connected to localhost.Escape character is '^]'.
Hello, this is Quagga (version 0.99.22.3).Copyright 19962005 Kunihiro Ishiguro, et al.
User Access Verification
Password: zebra> enPassword:
Zebra sees two interfaces em0 which is the admin interface to which I can telnet as any device on the LAN.Interface em1 is the LAB interface to connect to the Lab Switch and exchange BGP and IS-IS updates to run a aBGP Route-Reflector.Obviously there is also loopback interfaces.
Check IP route zebra# show ip routeCodes: K kernel route, C connected, S static, R RIP, O OSPF, I ISIS, B BGP, A Babel, > selected route, * FIB route
K>* 0.0.0.0/0 via 192.168.100.254, em0I>* 10.0.0.1/32 [115/10] via 10.201.0.1, em1, 00:22:12I>* 10.0.0.3/32 [115/20] via 10.201.0.4, em1, 00:22:12 via 10.201.0.1, em1, 00:22:12I>* 10.0.0.4/32 [115/10] via 10.201.0.4, em1, 04:35:07I>* 10.0.0.5/32 [115/20] via 10.201.0.1, em1, 00:22:12 via 10.201.0.4, em1, 00:22:12I>* 10.0.0.6/32 [115/20] via 10.201.0.1, em1, 00:22:12I>* 10.0.0.7/32 [115/20] via 10.201.0.4, em1, 04:35:07C>* 10.0.0.200/32 is directly connected, lo0I>* 10.0.1.0/30 [115/20] via 10.201.0.4, em1, 00:22:12 via 10.201.0.1, em1, 00:22:12I>* 10.0.1.4/30 [115/20] via 10.201.0.1, em1, 00:22:12I>* 10.0.1.8/30 [115/20] via 10.201.0.1, em1, 00:22:12I>* 10.0.1.12/30 [115/20] via 10.201.0.4, em1, 04:35:07I>* 10.0.1.16/30 [115/20] via 10.201.0.4, em1, 04:35:07I>* 10.0.1.20/30 [115/30] via 10.201.0.4, em1, 00:22:12 via 10.201.0.1, em1, 00:22:12I>* 10.1.0.0/30 [115/20] via 10.201.0.4, em1, 04:35:07
I>* 10.1.0.4/30 [115/30] via 10.201.0.4, em1, 00:22:12 via 10.201.0.1, em1, 00:22:12I>* 10.2.0.0/30 [115/20] via 10.201.0.1, em1, 00:22:12I>* 10.2.0.4/30 [115/30] via 10.201.0.1, em1, 00:22:12 via 10.201.0.4, em1, 00:22:12C>* 10.201.0.0/24 is directly connected, em1C>* 127.0.0.0/8 is directly connected, lo0I>* 172.16.1.0/30 [115/30] via 10.201.0.1, em1, 00:22:12C>* 192.168.100.0/24 is directly connected, em0B>* 202.3.0.0/24 [200/5] via 10.0.0.7 (recursive via 10.201.0.4), 07:01:45B>* 202.3.1.0/24 [200/5] via 10.0.0.7 (recursive via 10.201.0.4), 07:01:45B>* 202.3.2.0/24 [200/5] via 10.0.0.7 (recursive via 10.201.0.4), 07:01:45B>* 202.3.3.0/24 [200/5] via 10.0.0.7 (recursive via 10.201.0.4), 07:01:45B>* 202.3.4.0/24 [200/5] via 10.0.0.7 (recursive via 10.201.0.4), 07:01:45B>* 202.3.5.0/24 [200/5] via 10.0.0.7 (recursive via 10.201.0.4), 07:01:45B>* 202.3.6.0/24 [200/5] via 10.0.0.7 (recursive via 10.201.0.4), 07:01:45B>* 202.3.7.0/24 [200/5] via 10.0.0.7 (recursive via 10.201.0.4), 07:01:45B>* 202.3.8.0/24 [200/5] via 10.0.0.7 (recursive via 10.201.0.4), 07:01:45B>* 202.3.9.0/24 [200/5] via 10.0.0.7 (recursive via 10.201.0.4), 07:01:45
Another config mistake, we forgot to configure the R1 interface to Quagga with IS-IS.
isisd# show isis neighborArea DEAD: System Id Interface L State Holdtime SNPA R4 em1 2 Up 7 ca00.0dbc.0070
Only one IS-IS neighbor! We should see two! On R1 IS-IS config was missing, put it!interface GigabitEthernet0/0.1 encapsulation dot1Q 1 native ip address 10.201.0.1 255.255.255.0 ip router isis fred ipv6 address 2001:DB8:678:FFFF::1/64 ipv6 router isis fred glbp 1 ip 10.201.0.222 glbp 2 ipv6 autoconfigEnd
isisd# show isis neighborArea DEAD: System Id Interface L State Holdtime SNPA R1 em1 2 Up 10 ca01.0dbc.0008 R4 em1 2 Up 28 ca00.0dbc.0070
We could check the IS-IS neighbors from the pseudo node LSP in the IS-IS database of the multipoint transit Networks: isisd# show isis database R1.0100 detail Area DEAD:ISIS Level2 linkstate database:LSP ID PduLen SeqNumber Chksum Holdtime ATT/P/OLR1.0100 63 0x00000002 0x88bf 561 0/0/0 Metric : 0 IS : R1.00 Metric : 0 IS : R4.00 Metric : 0 IS : isisd.00
Check IPv6 Route
23. Quagga IS-IS Configuration
IS-IS Configuration file
You need to edit the config file isisd.conf, you can change it from a telnet session later.
Illustration 15: My Working Station with GNS3 and Wireshark windows
23.Quagga IS-IS Configuration. Sunday, March 30, 2014
!! Zebra configuration saved from vty! 2014/03/22 10:11:24!hostname isisdpassword ciscoenable password ciscolog stdout!interface em0!interface em1 ip router isis DEAD ipv6 router isis DEAD isis circuittype level2only!interface lo0 ip router isis DEAD isis passive ipv6 router isis DEAD isis circuittype level2only!interface usbus0!!router isis DEAD net 39.b000.0000.0000.0201.00 metricstyle wide istype level2only!line vty!
If you have installed Quagga on the freeBSD Clone:Password: isisdquagga2# sh run
Current configuration:!hostname isisdquagga2password ciscoenable password ciscolog stdout!interface em0!interface em1 ip router isis DEAD ipv6 router isis DEAD isis circuittype level2only
23.Quagga IS-IS Configuration. Sunday, March 30, 2014
!interface lo0 ip router isis DEAD isis passive ipv6 router isis DEAD isis circuittype level2only!interface usbus0!!router isis DEAD net 39.b000.0000.0000.0202.00 metricstyle wide istype level2only!line vty!endisisdquagga2#
Telnet to IS-IS daemon
Then you can telnet to the IS-IS daemon to do some checking
$ telnet localhost 2608Trying 127.0.0.1...Connected to localhost.Escape character is '^]'.
Hello, this is Quagga (version 0.99.22.3).Copyright 19962005 Kunihiro Ishiguro, et al.
User Access Verification
Password: isisd> enPassword: isisd# isisd# sh isis neighbor Area DEAD: System Id Interface L State Holdtime SNPA R1 em1 2 Up 8 ca01.5c18.0008 R4 em1 2 Up 26 ca00.5c18.0070
isisd# sh isis neighbor detail Area DEAD: R1 Interface: em1, Level: 2, State: Up, Expires in 7s Adjacency flaps: 1, Last: 1h7m39s ago
We have 6 LSPs, R1 Pseudonode #1 R1.0100 included. This one is generated by the multipoint network DIS Let's first check R1 Router LSP then the R1.01 pseudonode LSP.
isisd# show isis database R1.0000 detail Area DEAD:ISIS Level2 linkstate database:LSP ID PduLen SeqNumber Chksum Holdtime ATT/P/OLR1.0000 646 0x000000fb 0x616b 1152 0/0/0 Area Address: 39.b000 Area Address: 39.c000 Area Address: 39.d000
isisdquagga2# show isis neighbor Area DEAD: System Id Interface L State Holdtime SNPA isisd em1 2 Up 28 0800.2772.bd9b R1 em1 2 Up 21 0002.0000.1111 R4 em1 2 Up 7 ca08.0eb7.0070isisdquagga2#
From this output we know that R4 is the DIS for the LAN connecting the 2 Quaggas PC with Routers and below we can check the LSP generated from R4 pseudo-node R4.01.Only the pseudo-node have the first number above zero.
System Id Interface SNPA State Holdtime Type ProtocolR4 Gi1/0 ca08.0eb7.0008 Up 27 L2 ISISR5 Gi2/0 ca0c.0ec6.001c Up 26 L1L2 ISISR3 Gi3/0 ca0a.0eb7.0054 Up 26 L2 ISISR6 Gi4/0 ca0d.0ec6.001c Up 24 L1 ISISR4 Gi0/0.1 ca08.0eb7.0070 Up 9 L2 ISISisisdquagga2 Gi0/0.1 0800.2797.3120 Up 28 L2 ISISisisd Gi0/0.1 0800.2772.bd9b Up 28 L2 ISIS
24.Quagga BGP Configuration. Sunday, March 30, 2014
! match ip address all! set ip nexthop 10.0.0.1!!log file bgpd.log!
log stdout
Telnet to the BGP daemon
$ telnet localhost 2605Trying 127.0.0.1...Connected to localhost.Escape character is '^]'.
Hello, this is Quagga (version 0.99.22.3).Copyright 19962005 Kunihiro Ishiguro, et al.
User Access Verification
Password: bgpd> enablebgpd# show bgp summary BGP router identifier 10.0.0.200, local AS number 100RIB entries 21, using 1512 bytes of memoryPeers 6, using 15 KiB of memory
bgpd# show bgp neighbors 10.0.0.5BGP neighbor is 10.0.0.5, remote AS 100, local AS 100, internal link BGP version 4, remote router ID 10.0.0.5 BGP state = Established, up for 21:58:38 Last read 00:00:33, hold time is 180, keepalive interval is 60 seconds Neighbor capabilities: 4 Byte AS: advertised and received Route refresh: advertised and received(old & new) Address family IPv4 Unicast: advertised and received Address family IPv6 Unicast: received Message statistics: Inq depth is 0 Outq depth is 0 Sent Rcvd Opens: 1 0 Notifications: 0 0 Updates: 3 1 Keepalives: 1320 1310 Route Refresh: 0 0
24.Quagga BGP Configuration. Sunday, March 30, 2014
Capability: 0 0 Total: 1324 1311 Minimum time between advertisement runs is 5 seconds
For address family: IPv4 Unicast RouteReflector Client Community attribute sent to this neighbor(both) 10 accepted prefixes
Connections established 1; dropped 0 Last reset neverLocal host: 10.0.0.200, Local port: 179Foreign host: 10.0.0.5, Foreign port: 59344Nexthop: 10.0.0.200Nexthop global: ::1Nexthop local: fe80::1BGP connection: non shared networkRead thread: on Write thread: off
bgpd# show bgp 2001:db8:abc3::/48BGP routing table entry for 2001:db8:abc3::/48Paths: (1 available, best #1, table DefaultIPRoutingTable) Not advertised to any peer 65000 2001:db8:678:b000::1 (metric 20) from 10.0.0.7 (10.0.0.7) Origin incomplete, metric 0, localpref 150, valid, internal, best Last update: Sun Mar 23 17:53:04 2014
25. Verifying the Routing is OK
Take a quick look on the Routing table, pick up and IS-IS or BGP entry and get down to check that all works OK. There is an example below with routing tables and BGP Path:
zebra# show ipv6 route isisCodes: K kernel route, C connected, S static, R RIPng, O OSPFv6, I ISIS, B BGP, A Babel, > selected route, * FIB route
I>* 2001:db8:5a:f6::/64 [115/30] via fe80::c801:dff:febc:8, em1, 00:19:32I>* 2001:db8:5a:f7::/64 [115/30] via fe80::c800:dff:febc:70, em1, 01:46:58I>* 2001:db8:678:1::/64 [115/20] via fe80::c801:dff:febc:8, em1, 00:19:32I>* 2001:db8:678:2::/64 [115/20] via fe80::c801:dff:febc:8, em1, 00:19:32I>* 2001:db8:678:3::/64 [115/20] via fe80::c801:dff:febc:8, em1, 00:19:32I>* 2001:db8:678:17::/64 [115/20] via fe80::c800:dff:febc:70, em1, 01:46:58I>* 2001:db8:678:22::/64 [115/20] via fe80::c800:dff:febc:70, em1, 01:46:58I>* 2001:db8:678:33::/64 [115/30] via fe80::c801:dff:febc:8, em1, 00:19:32I>* 2001:db8:678:9000::1/128 [115/10] via fe80::c801:dff:febc:8, em1, 00:19:32I>* 2001:db8:678:9003::3/128 [115/20] via fe80::c801:dff:febc:8, em1, 00:19:32I>* 2001:db8:678:9004::4/128 [115/10] via fe80::c800:dff:febc:70, em1, 01:46:58I>* 2001:db8:678:9005::5/128 [115/20] via fe80::c801:dff:febc:8, em1, 00:19:32I>* 2001:db8:678:a000::/64 [115/20] via fe80::c800:dff:febc:70, em1, 01:46:58I>* 2001:db8:678:a001::/64 [115/30] via fe80::c800:dff:febc:70, em1, 01:46:58
25.Verifying the Routing is OK. Sunday, March 30, 2014
I>* 2001:db8:678:b000::1/128 [115/20] via fe80::c800:dff:febc:70, em1, 01:46:58I>* 2001:db8:678:c000::6/128 [115/20] via fe80::c801:dff:febc:8, em1, 00:19:32I>* 2001:db8:678:d004::/64 [115/20] via fe80::c801:dff:febc:8, em1, 00:19:32I>* 2001:db8:678:d005::/64 [115/30] via fe80::c801:dff:febc:8, em1, 00:19:32I>* 2001:db8:678:d101::/64 [115/20] via fe80::c801:dff:febc:8, em1, 00:19:32zebra# zebra# show ipv6 route bgp Codes: K kernel route, C connected, S static, R RIPng, O OSPFv6, I ISIS, B BGP, A Babel, > selected route, * FIB route
B>* 2001:db8:abc0::/48 [200/0] via 2001:db8:678:b000::1 (recursive via fe80::c800:dff:febc:70), em1, 00:54:31B>* 2001:db8:abc1::/48 [200/0] via 2001:db8:678:b000::1 (recursive via fe80::c800:dff:febc:70), em1, 00:54:31B>* 2001:db8:abc2::/48 [200/0] via 2001:db8:678:b000::1 (recursive via fe80::c800:dff:febc:70), em1, 00:54:31B>* 2001:db8:abc3::/48 [200/0] via 2001:db8:678:b000::1 (recursive via fe80::c800:dff:febc:70), em1, 00:54:31B>* 2001:db8:abc4::/48 [200/0] via 2001:db8:678:b000::1 (recursive via fe80::c800:dff:febc:70), em1, 00:54:31B>* 2001:db8:abc5::/48 [200/0] via 2001:db8:678:b000::1 (recursive via fe80::c800:dff:febc:70), em1, 00:54:31B>* 2001:db8:abc6::/48 [200/0] via 2001:db8:678:b000::1 (recursive via fe80::c800:dff:febc:70), em1, 00:54:31B>* 2001:db8:abc7::/48 [200/0] via 2001:db8:678:b000::1 (recursive via fe80::c800:dff:febc:70), em1, 00:54:31B>* 2001:db8:abc8::/48 [200/0] via 2001:db8:678:b000::1 (recursive via fe80::c800:dff:febc:70), em1, 00:54:31B>* 2001:db8:abc9::/48 [200/0] via 2001:db8:678:b000::1 (recursive via fe80::c800:dff:febc:70), em1, 00:54:31B>* 2001:db8:abca::/48 [200/0] via 2001:db8:678:b000::1 (recursive via fe80::c800:dff:febc:70), em1, 00:54:31zebra# rom any Core router that IS-IS and BGP routing is OK:
On Quagga we check the Routing table from Zebra daemon. But we can check that everything is OK from a Core Router as BGP sessions need IS-IS routes to establish. So let's verify BGP:
R3#show bgp ipv6 unicast BGP table version is 177, local router ID is 10.0.0.3Status codes: s suppressed, d damped, h history, * valid, > best, i internal, r RIBfailure, S StaleOrigin codes: i IGP, e EGP, ? incomplete
25.Verifying the Routing is OK. Sunday, March 30, 2014
0 150 0 65000 ?*>i 2001:DB8:678:B000::1 0 150 0 65000 ?* i2001:DB8:ABC3::/48 2001:DB8:678:B000::1[BREAK] R3#show bgp ipv6 unicast 2001:DB8:ABC0::/48BGP routing table entry for 2001:DB8:ABC0::/48, version 177Paths: (2 available, best #2, table Default) Not advertised to any peer 65000 2001:DB8:678:B000::1 (metric 10) from 10.0.0.200 (10.0.0.200) Origin incomplete, metric 0, localpref 150, valid, internal Originator: 10.0.0.7, Cluster list: 10.0.0.200 65000 2001:DB8:678:B000::1 (metric 10) from 10.0.0.5 (10.0.0.5) Origin incomplete, metric 0, localpref 150, valid, internal, best Originator: 10.0.0.7, Cluster list: 10.0.0.5The Quagga
So now a Router learns the BGP path from 2 Route Reflectors and we have some resiliency in our Network. No problem if we need to shutdown a RR for maintenance.
We can check that IS-IS is properly running on Quagga and the stability of the Quagga router, check IS-IS flaps for instance.
$ telnet localhost 2608Trying 127.0.0.1...Connected to localhost.Escape character is '^]'.
Hello, this is Quagga (version 0.99.22.3).Copyright 19962005 Kunihiro Ishiguro, et al.
User Access Verification
Password: Password:isisd# show isis neighbor Area DEAD: System Id Interface L State Holdtime SNPA R4 em1 2 Up 26 ca00.0dbc.0070 R1 em1 2 Up 10 ca01.0dbc.0008
isisd# show isis neighbor detail Area DEAD: R4 Interface: em1, Level: 2, State: Up, Expires in 21s Adjacency flaps: 1, Last: 1h33m3s ago Circuit type: L1L2, Speaks: IPv4, IPv6 SNPA: ca00.0dbc.0070, LAN id: R1.01 LAN Priority: 64, is not DIS, DIS flaps: 3, Last: 5m37s ago Area Address(es): 39.b000 39.d000 IPv4 Address(es):
R1hostname R1!ip cefipv6 unicastroutingipv6 cef!interface Loopback0 ip address 10.0.0.1 255.255.255.255 ipv6 address 2001:DB8:678:9000::1/128!interface GigabitEthernet0/0 no ip address duplex full speed 1000 mediatype gbic negotiation auto
isis network pointtopoint !interface GigabitEthernet0/0.1 encapsulation dot1Q 1 native ip address 10.201.0.1 255.255.255.0 ip router isis fred ipv6 address 2001:DB8:678:FFFF::1/64 ipv6 router isis fred glbp 1 ip 10.201.0.222 glbp 2 ipv6 autoconfig!interface GigabitEthernet1/0 ip address 10.0.1.1 255.255.255.252 ip router isis fred negotiation auto ipv6 address 2001:DB8:678:1::1/64 ipv6 router isis fred isis circuittype level2only isis network pointtopoint !interface GigabitEthernet2/0 ip address 10.0.1.9 255.255.255.252 ip router isis fred negotiation auto ipv6 address 2001:DB8:678:3::1/64 ipv6 router isis fred isis network pointtopoint !interface GigabitEthernet3/0 ip address 10.0.1.5 255.255.255.252 ip router isis fred negotiation auto ipv6 address 2001:DB8:678:2::1/64 ipv6 router isis fred isis circuittype level2only isis network pointtopoint !interface GigabitEthernet4/0 ip address 10.2.0.1 255.255.255.252 ip router isis fred negotiation auto ipv6 address 2001:DB8:678:D004::7/64 ipv6 router isis fred isis network pointtopoint ! ! router isis fred net 39.b000.0000.0000.0001.00 net 39.c000.0000.0000.0001.00 metricstyle wide
ip address 10.201.0.101/24 ipv6 nd suppressra!interface lo0 ip address 10.0.0.200/32
ISIS config
From /usr/local/etc/quagga/isisd.conf!hostname isisdpassword ciscoenable password ciscolog stdout!interface em0!interface em1 ip router isis DEAD ipv6 router isis DEAD isis circuittype level2only!interface lo0 ip router isis DEAD isis passive ipv6 router isis DEAD isis circuittype level2only!interface usbus0!!router isis DEAD net 39.b000.0000.0000.0201.00 metricstyle wide istype level2only
ISIS Configfrom /usr/local/etc/quagga/isisd.confinterface em1 ip router isis DEAD ipv6 router isis DEAD isis circuittype level2only!interface lo0 ip router isis DEAD isis passive ipv6 router isis DEAD isis circuittype level2only!interface usbus0!!router isis DEAD net 39.b000.0000.0000.0202.00 metricstyle wide istype level2only