The other day I ran into some problems with a default route, which prompted a discussion with co-workers, which led me to look up the behavior of redistributing a static default route into a dynamic routing protocol.

Take, for example, the following


! default route
ip route 0.0.0.0 0.0.0.0 1.1.1.1
! pick your routing protocol
router XXXXX
redistribute static


Under what conditions will the default route make it into the routing protocol? The docs seem to indicate that the process is automatic in EIGRP, but requires intervention in IS-IS, OSPF, and BGP. Let’s validate.

Take a simple network:


1.1.1.0/24 [R1] 2.2.2.0/24 [R2] 3.3.3.0/24 [R3]


(dynagen .net)

On R1, I have


router eigrp 1
redistribute static
network 1.0.0.0
network 2.0.0.0
no auto-summary
!
ip route 0.0.0.0 0.0.0.0 1.1.1.99


and over on R3


D*EX 0.0.0.0/0 [170/33280] via 3.3.3.1, 00:01:00, FastEthernet0/0


One thing to note is that the network statement specified 1.1.1.0 and 2.2.2.0, and not 0.0.0.0. This is because the network statement in the EIGRP config is used to match the interfaces that EIGRP will run on, which is where the network information comes from. network 0.0.0.0 would match both interfaces, but still would not add the default route. The redistribute static is what causes the route to get into EIGRP (which is why it shows up in R3’s routing table as D*EX)

In OSPF, we have on R1


router ospf 1
log-adjacency-changes
redistribute static subnets
network 0.0.0.0 255.255.255.255 area 0


This time I used network 0.0.0.0 to save some typing. However R3 does not see the default route. It does see another static route I put in to 9.9.9.0/24, so we know redistribution works properly.

The solution here is the default-information originate command. Adding “default-information originate” to the OSPF config solves this:


O*E2 0.0.0.0/0 [110/1] via 3.3.3.1, 00:00:02, FastEthernet0/0


For BGP, R1 is set up as follows:


R1#show run | section router bgp
router bgp 1
no synchronization
bgp log-neighbor-changes
network 1.1.1.0
network 2.2.2.0
neighbor 2.2.2.2 remote-as 2
no auto-summary


If I redistribute static, the default route does not show up on R2:


R2#show ip route bgp
9.0.0.0/24 is subnetted, 1 subnets
B 9.9.9.0 [20/0] via 2.2.2.1, 00:00:31


At least two options exist. 1 is to do the “default-information originate” which allows the static route to be redistributed into BGP. The other is to not redistribute, but use the network 0.0.0.0 command to advertise the default route. In BGP, the network statement specifies the routes to be advertised, and not the interfaces like OSPF and EIGRP.

The difference between the two options, though, is in the BGP attributes.


! redistribute static and default-information originate
R2#show ip bgp 0.0.0.0
BGP routing table entry for 0.0.0.0/0, version 8
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
1
2.2.2.1 from 2.2.2.1 (2.2.2.1)
Origin incomplete, metric 0, localpref 100, valid, external, best
! network 0.0.0.0
R2# show ip bgp 0.0.0.0
BGP routing table entry for 0.0.0.0/0, version 12
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0×820
Not advertised to any peer
1
2.2.2.1 from 2.2.2.1 (2.2.2.1)
Origin IGP, metric 0, localpref 100, valid, external, best


The difference here is that advertising a local network marks the origin as IGP, but a redistribution marks it as incomplete. Look at step 5 of the BGP best path selection algorithm to see that IGP is preferred over incomplete (even though by the time origin is compared, weight, local preference, and AS_PATH length have already been compared)

So, the moral of the story is to watch how your default routes go into your routing protocol, because depending on the protocol, it’s handled differently.

(cross posted from my blog)

I’m giving 2 talks on using Wireshark to expose VoIP problems at Sharkfest ‘08 (schedule). Details are sketchy, I think one of the talks is more of a hands on lab, the other is me talking. I’ve expanded on my techniques from the Linux Journal article I wrote on the topic.

Some other fascinating topics going on at the same conference, especially wireless analysis and performance monitoring. Hope to see you there.

The 3750 (and it would appear, the 3560s, 4500s, and 6500s) have an integrated Time Domain Reflector which is used to test cables associated with a port.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_25_see/command/reference/cli3.html#wp2168243

Today I was troubleshooting a problem at a newly renovated remote office with an IP phone that would power up but not boot. After swapping cables and phones, I remembered the TDR and tried it out:

Switch# test cable-diagnostics tdr interface g1/0/14
TDR test started on interface Gi1/0/14
A TDR test can take a few seconds to run on an interface
Use 'show cable-diagnostics tdr' to read the TDR results.
Switch#show cable-diagnostics tdr interface gigabitEthernet 1/0/14
TDR test last run on: March 04 22:31:09

Interface Speed Local pair Pair length Remote pair Pair status
--------- ----- ---------- ------------------ ----------- --------------------
Gi1/0/14 auto Pair A 19 +/- 4 meters N/A Open
Pair B 4 +/- 4 meters N/A Open
Pair C 20 +/- 4 meters N/A Open
Pair D 20 +/- 4 meters N/A Open


Looks like a problem on Pair B! You should have heard the suprise from the (telecom) guy on the other end of the line when I finally said “looks like a problem in the cabling, get the contractor to check pair B.

When an EIGRP enabled router loses a neighbour, all routes through that neighbour need to be re-evaluated. Any feasible successors are immediately promoted to successors, and any other routes go active.

“go active” means that the EIGRP router asks all its neighbours if they have a route to the destination. Each router that is queried either responds in the affirmative, or it in turn asks its neighbours if any exist. Only after a router hears back from all its neighbours does it pass a “I don’t have this route” message back up the chain. This is the Diffusing Update Algorithm, or DUAL.

When DUAL takes too long to resolve a query, such as if the network gets busy, you get the stuck-in-active error, which means the query took more than 3 minutes to complete.

The solution (besides “get a smaller network”) to SIA is to limit the scope of your queries. There are two methods to do this. The first is summarization. When an EIGRP router summarizes a network out an interface, any queries for a summarized network coming in that interface are answered and not passed along. The second way is to declare routers as stub routers, which means that you don’t want them to act as a transit anyway.

I’ve written about EIGRP stub routers before, but after taking the BSCI exam I realized my knowledge on that topic wasn’t enough.

Continue reading this post…

A month or so ago I was sent a package from Train Signal containing their video training for the CCNA, BCMSN, and BSCI exams.

I had the chance to go through several of the BSCI videos and have to say I was really impressed. The videos are done by Chris Bryant who writes other certification related items and also contributes to Tech Republic. I’ve read his work in the past and thought him to be a smart guy with a good way of explaining things.

The videos are about an hour each, and are a screencast of a OneNote presentation, graphics, and console sessions. I found them to be informative and well paced. After having watched a few of the Video Mentor series from Cisco Press I was happy to be listening to someone without a heavy Texas accent!

The content of the videos is more or less what you’d expect from a classroom. Unlike the CCNP Video Mentor, this covers all the topics a class would.

A couple of things I didn’t like — the website claims that a PDF should be on the DVD containing a lab guide, which I didn’t find. That’s one thing I like about the CCNP Video Mentor series. Secondly, the practice exams on the DVD are terrible. The questions themselves aren’t too bad, but the interface is so brutal that I gave up on it.

At $199 per exam it’s far cheaper than taking a $3,000 class, and covers the same information. If you’re the kind of person that learns visually, checking out Train Signal’s offerings would be a smart move.

Cisco announced that Vue is the exclusive test vendor, meaning you can’t use Prometric anymore. Last day to schedule a Prometric exam is July 31st.

It was a year or two ago that Cisco split up the CCNA into two exams. (ICND and INTRO). Yesterday it was announced that things were changing again into ICND1 and ICND2 exams along with creating another certification. Passing just the first ICND makes you a Cisco Certified Entry Network Technician, then passing the second gets you the CCNA. From the news release:

Laying the groundwork for more rigorous certification, CCENT validates the knowledge and skills needed to configure and verify small routed and switched networks, including the ability to configure IP addressing, implement basic security measures and understand the concepts of wireless networking.

Cisco Press, of course, has both new CCNA and CCNENT books on the way. For those that will be doing their studying during this transition and already bought books, using the Digital Short Cuts would be cheaper than buying new books. (I previously looked at a couple of PDF based products)

A cursory look at the new CCNA exam shows that the trend of migrating content from the CCNP stream into the CCNA stream is continuing. I see some basic IPv6 and Wireless, DHCP, and security topics in there, and some more details on switching protocols.

If you don’t want to take the one big exam, you take both ICND1 (640-822) and ICND2 (640-816). Last day to test the old exams is November 6th, with the new exams coming out August 1st.

I’m always in favour of raising the bar on certifications, though I’m not sure how much traction this CCENT certification will get seeing as it’s a stepping stone to an already entry level certification. However, if it helps get more people into the game, I’m all for that.

Earlier I looked at stub areas. One problem we found was that you can’t have an ASBR in a stub area — no “redistribute static” on any external links. What a pity!

Not so stubby areas get around this by allowing the ASBR to exist and propagate LSAs. The problem is that stub areas can’t have type 5 LSAs (external), so NSSAs use a type 7 LSA which is converted back to a type 5 on the ABR as the LSA is flooded to the backbone. Because of this functionality, all routers need to be configured as a NSSA.


R4#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R4(config)#router ospf 1
R4(config-router)#area 2 nssa
OSPF: Area is configured as stub area already
R4(config-router)#no area 2 stub
R4(config-router)#area 2 nssa


And on the ABR:


r3#conf t
Enter configuration commands, one per line. End with CNTL/Z.
r3(config)#router ospf 1
r3(config-router)#no area 2 stub
r3(config-router)#area 2 nssa


Like the stub area, we have lost our external route to 1.1.1.1:


R4#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

4.0.0.0/24 is subnetted, 1 subnets
S 4.4.4.0 is directly connected, Null0
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.0.2.0/24 is directly connected, FastEthernet0/0
O IA 10.0.0.0/24 [110/3] via 10.0.2.3, 00:00:27, FastEthernet0/0
O IA 10.0.1.0/24 [110/2] via 10.0.2.3, 00:00:27, FastEthernet0/0
O IA 10.0.33.1/32 [110/4] via 10.0.2.3, 00:00:27, FastEthernet0/0


Note there is no static route injected by the ABR! Another option is needed:

r3(config)#router ospf 1
r3(config-router)#area 2 nssa ?
default-information-originate Originate Type 7 default into NSSA area
no-redistribution No redistribution into this NSSA area
no-summary Do not send summary LSA into NSSA

r3(config-router)#area 2 nssa default-information-originate

Now, R4 has a default route:


O*N2 0.0.0.0/0 [110/1] via 10.0.2.3, 00:00:49, FastEthernet0/0


Note it is N2, meaning it is a type 7 (pseudo type 5) LSA.


R4#show ip ospf database nssa-external

Routing Bit Set on this LSA
LS age: 102
Options: (No TOS-capability, No Type 7/5 translation, DC)
LS Type: AS External Link
Link State ID: 0.0.0.0 (External Network Number )
Advertising Router: 10.0.2.3
LS Seq Number: 80000001
Checksum: 0x454E
Length: 36
Network Mask: /0
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 1
Forward Address: 10.0.2.3
External Route Tag: 0


Remarkably similar to the default route we saw in the stub area!

Now, to make use of the nssa features.


R4(config)#router ospf 1
R4(config-router)#redistribute static subnets


With redistribute static subnets on, R4 generates type 7 LSAs for the 4.4.4.0 prefix:

R4#show ip ospf database nssa-external 4.4.4.0

LS age: 79
Options: (No TOS-capability, Type 7/5 translation, DC)
LS Type: AS External Link
Link State ID: 4.4.4.0 (External Network Number )
Advertising Router: 10.0.2.4
LS Seq Number: 80000001
Checksum: 0x367
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 10.0.2.4
External Route Tag: 0


And R3 sees it as a N2 route:


r3#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

1.0.0.0/24 is subnetted, 1 subnets
O E2 1.1.1.0 [110/10] via 10.0.1.2, 00:02:13, FastEthernet0/0
4.0.0.0/24 is subnetted, 1 subnets
O N2 4.4.4.0 [110/20] via 10.0.2.4, 00:00:08, FastEthernet1/0
9.0.0.0/24 is subnetted, 1 subnets
S 9.9.9.0 is directly connected, Null0
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.0.2.0/24 is directly connected, FastEthernet1/0
O IA 10.0.0.0/24 [110/2] via 10.0.1.2, 00:02:13, FastEthernet0/0
C 10.0.1.0/24 is directly connected, FastEthernet0/0
O IA 10.0.33.1/32 [110/3] via 10.0.1.2, 00:02:13, FastEthernet0/0
r3#


And way over on R1, it looks like a regular old external route:

r1>show ip route 4.4.4.0
Routing entry for 4.4.4.0/24
Known via "ospf 1", distance 110, metric 20, type extern 2, forward metric 3
Last update from 10.0.0.2 on FastEthernet0/0, 00:01:11 ago
Routing Descriptor Blocks:
* 10.0.0.2, from 10.0.2.3, 00:01:11 ago, via FastEthernet0/0
Route metric is 20, traffic share count is 1

Routing Bit Set on this LSA
LS age: 87
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 4.4.4.0 (External Network Number )
Advertising Router: 10.0.2.3
LS Seq Number: 80000001
Checksum: 0x9DD7
Length: 36
Network Mask: /24
Metric Type: 2 (Larger than any link state path)
TOS: 0
Metric: 20
Forward Address: 10.0.2.4
External Route Tag: 0


There is also a “no-summary” option to creating an NSSA, which does exactly the same thing as in stub areas.

How Does OSPF Generate Default Routes?
OSPF Not-So-Stubby Area (NSSA)

I was excited to receive Practical Packet Analysis in the mail. A book on the topic of packet analysis is one of those “gee, I wish I had thought of that!” type of things.

PPA is all about using Ethereal/Wireshark to solve network problems. While not explicitly written as such, the book is done on two parts. The first is using the Wireshark software, the second brings up scenarios where Wireshark is used to solve the problem.

Packet sniffing is like real estate, it’s all about location. I was happy to see that several mentions were made about the most appropriate place to put your tracer, talk of SPAN/Remote monitoring ports, switches vs hubs, and all that. In the scenario sections, each scenario starts with a decision of where to sniff. It’s excellent for the beginner.

The advanced user will be disappointed. There is very little here that you won’t already know. Despite the chapter on “Advanced Wireshark Features”, it’s just talking about conversations, protocol statistics, TCP streams, and I/O graphs.

The book is only 164 pages long, meaning it covers a fraction of what Wireshark can do. With another 100 pages it could have shown how to use some of the statistics, actually show how I/O graphs can help you profile an application, and how to troubleshoot VoIP. Yes, that’s right, a book on network problem solving written in 2007 and there’s no VoIP. If I can describe how to use Wireshark to Solve VoIP problems in under 2500 words, it could have fit in the book.

To its credit, there is a chapter on wireless troubleshooting. It’s OK for 15 pages, but like the rest of the advanced chapters, left me wanting more.

The capture file for each example is downloadable from the author’s site. Despite being contrived examples, they are quite effective. Besides just showing screen shots, the book makes each a learning experience, gathering a description of the problem, locating the sniffer, and walking through the process of capturing the packets and analyzing them.

For the person getting started with packet tracing (and if you don’t know it, you should) this is a good start. You’ll learn how to find a spot to sniff, how to use capture and display filters effectively, and learn some of the basic protocols and how to spot problems.

I’ve got a bunch of books on my shelf I’ve been meaning to review, but I really wanted to mention the CCNP BSCI Portable Command Guide. It was sent to me a few weeks ago and I’ve recently had the chance to go through it.

It’s a lot like O’Reilly’s cookbook series, but more concise. The inside front cover has a list of “I want to…” type statements, grouped by protocol, along with the page number. The pages inside have examples of command usage. What’s not to love?

This book is remarkable not for its study value, but for its helpfulness in the field. It’s a small book, both in page count and form (6×9). It’s got all the stuff you need to help jog your memory on routing commands. This one is going on my desk come Monday.

For some reason Cisco Press chose to offer a downloadable version for the same price. I can’t see the value of that. While people studying for BSCI won’t be hurt by having this book, it’s far more valuable for when you’re doing some work.

There are 3 others coming out for the remaining 3 exams. I’m looking forward to the switching one most of all…