21 nov. 2011

RIP and Frame Relay Hub & Spoke


RIP and Frame Relay Hub & Spoke
This is a hub and spoke topology :
R1 is the hub, r2 and r3 are the spokes.

RIP, Hub & Spoke and main-interfaces
Working with RIPv1 (but almost the same with RIPv2) :
R1 :
!
interface FastEthernet0/0
 ip address 150.123.1.1 255.255.255.0
!
interface Serial1/0
 ip address 150.123.0.1 255.255.255.0
 encapsulation frame-relay
!
router rip
 redistribute connected route-map CONNECTED->RIP
 network 150.123.0.0
!
route-map CONNECTED->RIP permit 10
 match interface FastEthernet0/0
!

R2 :
!
interface FastEthernet0/0
 ip address 150.123.2.2 255.255.255.0
!
interface Serial1/0
 ip address 150.123.0.2 255.255.255.0
 encapsulation frame-relay
 frame-relay map ip 150.123.0.3 201
!
!
router rip
 redistribute connected route-map CONNECTED->RIP
 network 150.123.0.0
!
route-map CONNECTED->RIP permit 10
 match interface FastEthernet0/0
!

R3 :
!
interface FastEthernet0/0
 ip address 150.123.3.3 255.255.255.0
!
interface Serial1/0
 ip address 150.123.0.3 255.255.255.0
 encapsulation frame-relay
 frame-relay map ip 150.123.0.2 301
!
!
router rip
 redistribute connected route-map CONNECTED->RIP
 network 150.123.0.0
!
route-map CONNECTED->RIP permit 10
 match interface FastEthernet0/0
!

r3#sh ip route
     150.123.0.0/24 is subnetted, 4 subnets
R       150.123.1.0 [120/1] via 150.123.0.1, 00:00:26, Serial1/0
C       150.123.0.0 is directly connected, Serial1/0
C       150.123.3.0 is directly connected, FastEthernet0/0
R       150.123.2.0 [120/2] via 150.123.0.1, 00:00:26, Serial1/0

r3#ping 150.123.2.2 source 150.123.3.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.123.2.2, timeout is 2 seconds:
Packet sent with a source address of 150.123.3.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/44/44 ms

r1#sh ip route
     150.123.0.0/24 is subnetted, 4 subnets
C       150.123.1.0 is directly connected, FastEthernet0/0
C       150.123.0.0 is directly connected, Serial1/0
R       150.123.3.0 [120/1] via 150.123.0.3, 00:00:25, Serial1/0
R       150.123.2.0 [120/1] via 150.123.0.2, 00:00:00, Serial1/0
r1#

r1#sh ip protocols
*** IP Routing is NSF aware ***

Routing Protocol is "rip"
  Sending updates every 30 seconds, next due in 15 seconds
  Invalid after 180 seconds, hold down 180, flushed after 240
  Outgoing update filter list for all interfaces is not set
  Incoming update filter list for all interfaces is not set
  Redistributing: connected, rip
  Default version control: send version 1, receive any version
    Interface             Send  Recv  Triggered RIP  Key-chain
    FastEthernet0/0       1     1 2                                  
    Serial1/0             1     1 2                                 
  Automatic network summarization is in effect
  Maximum path: 4
  Routing for Networks:
    150.123.0.0
  Routing Information Sources:
    Gateway         Distance      Last Update
    150.123.0.3          120      00:00:08
    150.123.0.2          120      00:00:11
  Distance: (default is 120)

On the physical interface, split-horizon is disabled. When r1 receives a RIP update on s1/0, it sends back this RIP update on s1/0. This allows each router spokes to have good routing information.

Check :
r1#show ip interface s1/0
Serial1/0 is up, line protocol is up
  Internet address is 150.123.0.1/24
  (...)
  Multicast reserved groups joined: 224.0.0.9
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is disabled
  ICMP redirects are always sent
  (...)

Note: even with RIPv1, the interface receives RIPv2 updates, so the interface has joined 224.0.0.9.

RIP, Hub & Spoke and sub-interfaces
Now, the hub is connected to the Frame-Relay switch via a sub-interface.
r1#sh run int s1/0.123
Building configuration...

Current configuration : 144 bytes
!
interface Serial1/0.123 multipoint
 ip address 150.123.0.1 255.255.255.0
 frame-relay interface-dlci 102
 frame-relay interface-dlci 103
end

As it is a sub-interface, dlci must be specified. Dynamic mapping is still in use :
r1#show frame-relay map
Serial1/0.123 (up): ip 150.123.0.2 dlci 102(0x66,0x1860), dynamic,
              broadcast,
              CISCO, status defined, active
Serial1/0.123 (up): ip 150.123.0.3 dlci 103(0x67,0x1870), dynamic,
              broadcast,
              CISCO, status defined, active

r1 still receives RIP updates from r2 and r3 :
r1#sh ip route rip    
     150.123.0.0/24 is subnetted, 4 subnets
R       150.123.3.0 [120/1] via 150.123.0.3, 00:00:10, Serial1/0.123
R       150.123.2.0 [120/1] via 150.123.0.2, 00:00:04, Serial1/0.123
r1#

But r2 doesn’t receives r3’s updates and vice-versa :
r2#show ip route rip
     150.123.0.0/24 is subnetted, 3 subnets
R       150.123.1.0 [120/1] via 150.123.0.1, 00:00:24, Serial1/0

r3#show ip route rip
     150.123.0.0/24 is subnetted, 3 subnets
R       150.123.1.0 [120/1] via 150.123.0.1, 00:00:12, Serial1/0

This is because split-horizon is enabled on s1/0.123 on r1 :
r1(config-subif)#do sh ip int s1/0.123  
Serial1/0.123 is up, line protocol is up
  Internet address is 150.123.0.1/24
  Broadcast address is 255.255.255.255
  (...)
  Split horizon is enabled
  (...)

Then :
r2#s ip route rip
     150.123.0.0/24 is subnetted, 4 subnets
R       150.123.1.0 [120/1] via 150.123.0.1, 00:00:00, Serial1/0
R       150.123.3.0 [120/2] via 150.123.0.1, 00:00:00, Serial1/0

r3#sh ip route rip
     150.123.0.0/24 is subnetted, 4 subnets
R       150.123.1.0 [120/1] via 150.123.0.1, 00:00:17, Serial1/0
R       150.123.2.0 [120/2] via 150.123.0.1, 00:00:17, Serial1/0
r3#

Static Mapping & RIP
Disable dynamic mapping on hub  & spokes.

r1#sh run int s1/0.123
Building configuration...

Current configuration : 201 bytes
!
interface Serial1/0.123 multipoint
 ip address 150.123.0.1 255.255.255.0
 no ip split-horizon
 frame-relay map ip 150.123.0.2 102
 frame-relay map ip 150.123.0.3 103
 no frame-relay inverse-arp
end

The same is done on r2 and r3 :
r2#sh run int s1/0
Building configuration...

Current configuration : 237 bytes
!
interface Serial1/0
 ip address 150.123.0.2 255.255.255.0
 encapsulation frame-relay
 serial restart-delay 0
 frame-relay map ip 150.123.0.3 201
 frame-relay map ip 150.123.0.1 201
 no frame-relay inverse-arp
 no clns route-cache
end

r3#sh run interface s1/0
Building configuration...

Current configuration : 237 bytes
!
interface Serial1/0
 ip address 150.123.0.3 255.255.255.0
 encapsulation frame-relay
 serial restart-delay 0
 frame-relay map ip 150.123.0.2 301
 frame-relay map ip 150.123.0.1 301
 no frame-relay inverse-arp
 no clns route-cache
end

Split-horizon is still disabled on r1.
No routes are exchanged between routers because the keyword "broadcast" hasn’t been added to the static mapping.

r1#sh ip route rip

r1#

Two solutions exists:

1. Use unicast RIP :
r1 :
router rip
 redistribute connected route-map CONNECTED->RIP
 passive-interface default
 network 150.123.0.0
 neighbor 150.123.0.2
 neighbor 150.123.0.3

r2 :
!
router rip
 redistribute connected route-map CONNECTED->RIP
 passive-interface default
 network 150.123.0.0
 neighbor 150.123.0.1
!

 r3 :
!
router rip
 redistribute connected route-map CONNECTED->RIP
 passive-interface default
 network 150.123.0.0
 neighbor 150.123.0.1
!

Now, RIP is working (It is the same prinicple with RIPv2).
r2#sh ip route rip
     150.123.0.0/24 is subnetted, 4 subnets
R       150.123.1.0 [120/1] via 150.123.0.1, 00:00:17, Serial1/0
R       150.123.3.0 [120/2] via 150.123.0.1, 00:00:17, Serial1/0

Note that the passive-interface command is added because even with the neighbor statement, broadcast updates (multicast for v2) are sent.

2. Add the broadcast keyword.
R3 :
interface Serial1/0
 ip address 150.123.0.3 255.255.255.0
 encapsulation frame-relay
 serial restart-delay 0
 frame-relay map ip 150.123.0.2 301
 frame-relay map ip 150.123.0.1 301 broadcast
 no frame-relay inverse-arp
 no clns route-cache

On r1 :
interface Serial1/0.123 multipoint
 ip address 150.123.0.1 255.255.255.0
 no ip split-horizon
 frame-relay map ip 150.123.0.2 102 broadcast
 frame-relay map ip 150.123.0.3 103 broadcast
 no frame-relay inverse-arp

Note that on the spoke routers, the broadcast is specified once per dlci, not per mapping.

It works :
r1#sh ip route rip
     150.123.0.0/24 is subnetted, 4 subnets
R       150.123.3.0 [120/1] via 150.123.0.3, 00:00:03, Serial1/0.123
R       150.123.2.0 [120/1] via 150.123.0.2, 00:00:26, Serial1/0.123



-
Libellés : , ,

NTP - ACL

NTP - Network Time Protocol Packet types: -  Control messages : don't bother with this. -  NTP request/update messages: used for time sy...

  • Create a loopback Interface on MacOS
    Create a loopback Interface on MacOS X: ifconfig lo0 alias 172.16.123.1  will add an alias IP 172.16.123.1 to the loopback adapter ifconf...
  • Unicast Reverse Path Forwarding (uRPF)
    Unicast Reverse Path Forwarding (uRPF) uRPF est une feature permettant d'éviter l'IP Spoofing. Lorsque urpf est activé sur une in...
  • OSPF Authentication #1
    Three authentication modes: 0 - null, no authentication 1 - clear-text 2 - md5 Per interface authentication r1(config)# interface s1/...