Ticket #14

Ticket #14

Network diagram


T14

BGP diagram


T14_bgp

IGP diagram


T14_igp

The problem:

R1 can't telnet R6's Lo0. Find and fix the problem.


The solution:


First, lets try to telnet to R6's Lo0 from R1.

On R1:

R1#telnet 136.85.0.6
Trying 136.85.0.6 ... 
% Destination unreachable; gateway or host down

R1#

Indeed R1 can't telnet R6. Lets check for an ICMP connectivity.

On R1:

R1#ping 136.85.0.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 136.85.0.6, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

R1 can't even ping R6's Lo. Lets check if R1 got a route to R6's Lo0, and if not lets also check for a default route.

On R1:

R1#sh ip route 136.85.0.6
% Subnet not in table
R1#sh ip route 0.0.0.0
% Network not in table

R1 got no route to R6's Lo0 neither it got a default route.


R1 should have learn about R6's Lo0 network from R3 via OSPF. Lets check R1's routing table for any OSPF routes coming from R3.

On R1:

R1#sh ip route ospf
     136.85.0.0/16 is variably subnetted, 3 subnets, 2 masks
O       136.85.0.3/32 [110/2] via 136.85.13.3, 00:44:07, FastEthernet0/0

We do see an OSPF route from R3, which means that OSPF is functional between R1 and R3.


Lets move closer to R6 and check R3's routing table.

On R3:

R3#sh ip route 136.85.0.6
% Subnet not in table
R3#sh ip route 0.0.0.0   
% Network not in table

R3 got no route to R6's Lo0. Looking at the diagrams, R3 should have got a route to R6 via iBGP. Lets check R3's BGP table and the BGP status.

On R3:

R3#sh ip bgp

R3#sh ip bgp sum
BGP router identifier 136.85.0.3, local AS number 36
BGP table version is 3, main routing table version 3

Neighbor        V          AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
136.85.36.6     4         36      49      47        3    0    0 00:46:05        0

We can see that there are no BGP routes coming from R6, and that the BGP session to R6 is up.


Lets go to R6 to check its BGP table and how was it configured to advertise its Lo0 network.

On R6:

R6#sh ip bgp

R6#sh run | sec router bgp
router bgp 36
 no synchronization
 bgp log-neighbor-changes
 network 136.85.0.6 mask 255.255.255.255
 neighbor 136.85.36.3 remote-as 36
 no auto-summary

We can see that R6's BGP table is also empty and that R6 was configured to advertise its network using the network BGP command, however the route is not there. Why?


Lets check R6's routing table and make sure it got a 136.85.0.6/32 route, as maybe the Lo0 interface is down.

On R6:

R6#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     136.85.0.0/24 is subnetted, 2 subnets
C       136.85.0.0 is directly connected, Loopback0
C       136.85.36.0 is directly connected, FastEthernet0/1

We can see that Lo0 is up, but its a /24 route and not /32 route. Let verify that with the configuration and fix it.

On R6:

R6#sh run int lo 0
Building configuration...

Current configuration : 64 bytes
!
interface Loopback0
 ip address 136.85.0.6 255.255.255.0
end
R6(config)#int lo 0
R6(config-if)#ip address 136.85.0.6 255.255.255.255
R6(config-if)#do sh ip bgp
BGP table version is 4, local router ID is 136.85.0.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 136.85.0.6/32    0.0.0.0                  0         32768 i

Now R6 got its Lo0 in its BGP table. Lets check if R3 got the route to R6''s Lo0 too.

On R3:

R3#sh ip route 136.85.0.6
Routing entry for 136.85.0.6/32
  Known via "bgp 36", distance 200, metric 0, type internal
  Last update from 136.85.36.6 00:08:27 ago
  Routing Descriptor Blocks:
  * 136.85.36.6, from 136.85.36.6, 00:08:27 ago
      Route metric is 0, traffic share count is 1
      AS Hops 0

Now that R3 got an iBGP route to R6's Lo, lets check if R1 got a route too.

On R1:

R1#sh ip route 136.85.0.6
% Subnet not in table

R1 still got no route to R6's Lo0.

Lets have a look at how R3 should have sent the iBGP route to R1 via OSPF.

On R3:

R3#sh run | sec router ospf
router ospf 1
 log-adjacency-changes
 default-information originate route-map rmOriginate

The only thing configured on R3 is to send the default route the OSPF network only if the route-map matches any installed route.

Lets see what the route-map is trying to match.

On R3:

R3#sh route-map
route-map rmOriginate, permit, sequence 10
  Match clauses:
    ip address (access-lists): 10
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes
R3#sh ip access-list 10
Standard IP access list 10
    10 permit 136.85.0.6

The route map looks OK. It matches ACL #10, and ACL #10 matches the host route for R6's Lo0. However,  a route-map, used by default-information-originate, will never match an iBGP route!

What shell we do? Watch the magic....

On R3:

R3(config)#int tun 99
*Jul  8 20:20:50.014: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel99, changed state to down
R3(config-if)#tun so lo 0
R3(config-if)#tun dest 136.85.0.6
*Jul  8 20:21:06.910: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel99, changed state to up
R3(config-if)#ip addr 136.85.0.99 255.255.255.254
R3(config-if)#ip prefix-list pl10 permit 136.85.0.99/31
R3(config)#route-map rmOriginate
R3(config-route-map)#no mat ip addr 10
R3(config-route-map)#mat ip add prefix pl10

What have we done here? Here are the steps to victory:
  • Add a tunnel interface
  • Set the tunnel destination to R6's Lo0. As long as R3 will learn R6's Lo0 route the tunnel interface will be up
  • Set a dummy IP address for the tunnel interface
  • Configure the route-map to match the tunnel dummy IP address

So as long as R3 got R6's Lo0 route, the Tunnel interface will be up and its address will be matched by the route-map.

Now lets check R1's routing table and see if we have a default route.

On R1:

R1#sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
  Known via "ospf 1", distance 110, metric 1, candidate default path
  Tag 1, type extern 2, forward metric 1
  Last update from 136.85.13.3 on FastEthernet0/0, 00:04:29 ago
  Routing Descriptor Blocks:
  * 136.85.13.3, from 136.85.0.3, 00:04:29 ago, via FastEthernet0/0
      Route metric is 1, traffic share count is 1
      Route tag 1

Now that R1 got a route to R6's Lo0, lets try to ping to R6's Lo0.

On R1:

R1#ping 136.85.0.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 136.85.0.6, timeout is 2 seconds:
.
Success rate is 0 percent (0/1)

Lets check and see if R3 can ping R6's Lo0.

On R3:

R3#ping 136.85.0.6     

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 136.85.0.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms

R3 is able to ping to R6. Let check if R6 got a route back to R1.

On R6:

R6#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     136.85.0.0/16 is variably subnetted, 2 subnets, 2 masks
C       136.85.0.6/32 is directly connected, Loopback0
C       136.85.36.0/24 is directly connected, FastEthernet0/1

As we can see there is no route back to VLAN13, where R1 is connected to R3. Let configure R3 to advertise that network to BGP.

On R3:

R3(config)#router bgp 36
R3(config-router)#net 136.85.13.0 mask 255.255.255.0

Now lets try again to ping from R1 to R6's Lo0.

On R1:

R1#ping 136.85.0.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 136.85.0.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/23/84 ms

Now lets try to telnet from R1 to R6's Lo0.

On R1:

R1#telnet 136.85.0.6
Trying 136.85.0.6 ... 
% Connection timed out; remote host not responding

We can ping but we can't telnet from R1. Lets check if R6 is setup for telnet by trying to telnet from R6 to itself.

On R6:

R6#telnet 136.85.0.6
Trying 136.85.0.6 ... 
% Connection timed out; remote host not responding

R6 can't even telnet to itself. Lets start verifying configuration.

On R6:

R6#sh run | sec line vty    
line vty 0 5
 password cisco
 login

R6 is configured for telnet, so what is wrong? Lets check these new 12.4T features...

On R6:

R6#sh run | sec control
control-plane host
 management-interface FastEthernet0/0 allow ftp http https ssh tftp snmp beep telnet tl1 
control-plane

R6 is configured to only allow telnet session from it's F0/0 interface. But R1 connection should come form F0/1 interface. Lets correct that and try again.

On R6:

R6(config)#control-plane host
R6(config-cp-host)#management-interface FastEthernet0/1 allow 

On R1:

R1#telnet 136.85.0.6
Trying 136.85.0.6 ...
% Connection timed out; remote host not responding

R1#telnet 136.85.0.6
Trying 136.85.0.6 ... Open


User Access Verification

Password: 
R6>

Success!!!

  _____                             _ 
 / ____|                           | |
| (___  _   _  ___ ___ ___  ___ ___| |
 \___ \| | | |/ __/ __/ _ \/ __/ __| |
 ____) | |_| | (_| (_|  __/\__ \__ \_|
|_____/ \__,_|\___\___\___||___/___(_)