Archive

Archive for the ‘CCNP TSHOOT’ Category

IPv6 Troubleshooting

May 30th, 2010 jud 1 comment

IPV6 Addressing
• 128 bit addresses.
• Simplified header with fewer fields; IPv4 has 12 fields, IPv6 has 5 fields;
• No checksum in the header. This results in more efficient process because in IPv4 the TTL is decremented at each hop, the checksum had to be recalculated at each hop, that is not the case with IPv6.
• No packet fragmentation done by the router, instead an ICMP “packet too big” message is sent to the client. Fragmentation information has been moved to an extension header.

Types of IPv6 Addresses
• Unicast — Send to one interface.
• Multicast — Send to many hosts in a group in the FF00::/8 address range.
• Anycast — Send to the nearest host in a group.

Abbreviate IPv6 Addresses
• Leading zeros in a field can be omitted.
• Contiguous fields containing zeros can be abbreviated with “::”.
• eui-64 addresses use the MAC address for the lower 64 bits of an IPv6 address. The MAC address is split in half and FFFE is placed between the two halves to make the 48 bit MAC into 64 bits, universal/local (U/L) flag (bit 7) in the OUI portion of the address is flipped as well.

Troubleshoot IPv6
sh ipv6 int — Validates the IPv6 and status of interfaces.
sh ipv6 routers — Displays IPv6 router advertisements.
sh ipv6 route — Shows the routing table. DUH.
sh ipv6 protocols — Shows parameters and state of the active IPv6 protocols.
debug ipv6 nd — Debug IPv6 neighbor discovery.
debug ipv6 routing — Display debugging messages for IPv6 routing table and route cache updates.
debug ipv6 packet — Displays the debugging messages for IPv6 packets.

IPv6 Configuration
ipv6 cef
ipv6 unicast-routing
ipv6 address xxxx::xxxx/xxx

OSPFv3
Configure OSPFv3
ipv6 router ospf 6
router-id 10.1.1.10
log-adjacency-changes

interface Tunnel0
no ip address
ipv6 address 2026::34:2/122
ipv6 ospf 6 area 34

Troubleshoot OSPFv3
sh ipv ospf neigh
sh ipv ospf
sh ipv ospf int

sh ipv ospf neigh

R4#sh ipv osp neigh

Neighbor ID     Pri   State           Dead Time   Interface ID    Interface
10.1.1.9          1   FULL/  -        00:00:35    14              Tunnel0

sh ipv ospf

R4#sh ipv ospf
 Routing Process "ospfv3 6" with ID 10.1.1.10
 SPF schedule delay 5 secs, Hold time between two SPFs 10 secs
 Minimum LSA interval 5 secs. Minimum LSA arrival 1 secs
 LSA group pacing timer 240 secs
 Interface flood pacing timer 33 msecs
 Retransmission pacing timer 66 msecs
 Number of external LSA 0. Checksum Sum 0x000000
 Number of areas in this router is 1. 1 normal 0 stub 0 nssa
 Reference bandwidth unit is 100 mbps
    Area 34
    Number of interfaces in this area is 1
    SPF algorithm executed 3 times
    Number of LSA 8. Checksum Sum 0x03A4B8
    Number of DCbitless LSA 0
    Number of indication LSA 0
    Number of DoNotAge LSA 0
    Flood list length 0

sh ipv ospf int

R4#sh ipv ospf int
Tunnel0 is up, line protocol is up
  Link Local Address FE80::A01:10A, Interface ID 11
  Area 34, Process ID 6, Instance ID 0, Router ID 10.1.1.10
  Network Type POINT_TO_POINT, Cost: 11111
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:04
  Index 1/1/1, flood queue length 0
  Next 0x0(0)/0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 3
  Last flood scan time is 0 msec, maximum is 0 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 10.1.1.9
  Suppress hello for 0 neighbor(s)

RIPng
• IPv6 multicast address FF02::9 is the destination address for RIPng update messages.
• Link-local addresses used for next-hop addresses
• Metric is hop count and 15 is still the maximum, 16 is unreachable.
• Distance-vector

Configure RIPng
To set up a 3560 switch for IPv6 you must first configure the switch database management (SDM) template to one that supprts IPV6. The rest of the configuration is the same on a router and a layer 3 switch.

DSW1(config)#sdm prefer dual-ipv4-and-ipv6 routing
DSW1(config)#^Z
DSW1#wri mem
DSW1#reload
DSW1(config)#ipv6 cef
DSW1(config)#ipv6 unicast-routing
DSW1(config)#ipv6 router rip RIP_ZONE
DSW1(config-rtr)#int fa0/1
DSW1(config-if)#ipv6 address 2026::2:2/122
DSW1(config-if)#ipv6 rip RIP_ZONE enable

Troubleshoot RIPng
sh ipv6 protocols — What protocols are running on what interfaces.
sh ipv6 rip RIP_ZONE — Show general RIPng information concerning the specific RIP_ZONE.
sh ipv6 rip database — Shows the routes in the RIB.
sh ipv6 rip next-hops — Next hops out of this router as seen by RIPng.

sh ipv6 protocols

R4#sh ipv6 protocols
IPv6 Routing Protocol is "connected"
IPv6 Routing Protocol is "static"
IPv6 Routing Protocol is "ospf 6"
  Interfaces (Area 34):
    Tunnel0
  Redistribution:
    None
IPv6 Routing Protocol is "rip RIP_ZONE"
  Interfaces:
    FastEthernet0/1
    FastEthernet0/0
  Redistribution:
    Redistributing protocol ospf 6 with metric 5

sh ipv6 rip RIP_ZONE

R4#sh ipv6 rip RIP_ZONE
RIP process "RIP_ZONE", port 521, multicast-group FF02::9, pid 195
     Administrative distance is 120. Maximum paths is 16
     Updates every 30 seconds, expire after 180
     Holddown lasts 0 seconds, garbage collect after 120
     Split horizon is on; poison reverse is off
     Default routes are not generated
     Periodic updates 15471, trigger updates 7
  Interfaces:
    FastEthernet0/1
    FastEthernet0/0
  Redistribution:
    Redistributing protocol ospf 6 with metric 5

sh ipv6 rip database

R4#sh ipv6 rip database
RIP process "RIP_ZONE", local RIB
 2026::2:0/122, metric 2
     FastEthernet0/0/FE80::212:D9FF:FEA5:1541, expires in 166 secs

<strong>sh ipv6 rip next-hops</strong>
<code>    
R4#sh ipv6 rip next-hops
 RIP process "RIP_ZONE", Next Hops
  FE80::212:D9FF:FEA5:1541/FastEthernet0/0 [1 paths]
Categories: CCNP TSHOOT, Routing Tags:

Troubleshoot Voice, Video and Multicast

May 10th, 2010 jud No comments

I have had a hard time figuring out how they are going to test us for voice troubleshooting when the only real command they cover is auto qos and and the MQC. As a result I’m going to concentrate on the definitions.

Voice Definitions
Gatekeeper — provides bandwidth management through call admission control (CAC).
Gateway — ensures interoperability between VOIP and the public switched telephone network (PSTN).
Jitter (delay variation) — When consecutive packets experience different amounts of delay. Data applications tend to be much more forgiving of jitter than voice and video.
Delay — There are multiple types of delay in a network. Some are standard or fixed and some are variable in their affects, the TSHOOT book describes delay as propagation delay, the time it takes to get a bit from one end of a link to the other.
Drops — Congested packets overflow a buffer.

Cisco Phone Boot Process
1. Power, PoE
2. Load firmware from flash.
3. Catalyst switch informs the phone it’s voice VLAN.
4. DHCP for ip address and TFTP server.
5. Downloads configuration using TFTP.
6. Registers with call agent or Call Manager.

QoS Metrics for Video

QoS Metric HQ Audio & Video PC Video Conference Video Surveillance VOIP
One-Way Delay 150 ms 200 ms max 500 ms 150-200 ms1, 2
Jitter4 10 ms 10 ms 10 ms 30 ms
Loss 0.05 % max 0.05 % max 0.5 % max 1.0 % max 3

Sources:
1 — ONT Certification Guide p.62
2 — Cisco DocWiki
3 — Enabling VOIP
4 — TSHOOT Book

Multicasting
Class D IP address in the range 224.0.0.0 through 239.255.255.255. Source sends one packet stream to the multicast address and all hosts that have joined that group receive that packet.

Internet Group Management Protocol (IGMP)
Hosts join a multicast group by sending an IGMP join message to router, which then knows to send multicast messages out that interface. IGMP snooping allows a switch to learn which interfaces desire multicast traffic by listening for IGMP traffic between routers and hosts. This stops the switch from flooding multicast traffic out all ports.

IGMP Version 1 — Hosts join a multicast group by sending a membership report to its local router. Every 60 seconds the querier router sends a messages to all-hosts 224.0.0.1 to ensure that there is a host on that network segment that is still in the group. IGMPv1 does not have a mechanism for hosts to leave a group, and it takes three query intervals (3 minutes) to stop sending multicast traffic to a segment.

IGMP Version 2 — Adds the ability for routers to query a specific multicast group, elect a querier for a segment and allows a host to send a leave group message to the all routers address 224.0.0.2. All routers start as queriers, however, if a router hears a query from another router, the router with the highest IP address on the segment becomes the querier for that segment.

Reverse Path Forwarding (RPF) — Verifies that multicast traffic flows away from the source or root and is flowing toward the branch or host.

Protocol Independent Multicast (PIM) — Allows multicast to build distribution trees regardless of the unicast routing protocol which is running such as EIGRP or OSPF.

PIM Dense Mode (PIM-DM) — Uses a source distribution tree. At first all routers receive traffic for the group, but if no host joins using IGMP the router sends a prune message so that unnecessary traffic does not continue. Most often used when recipients are on every subnet, densely populated.

PIM Sparse Mode (PIM-SM) — Uses a shared tree with a root router or rendezvous point (RP) that is not necessarily the multicast source but is usually centrally located on the network. All multicast streams go through this router, hence the name share tree or shared distribution tree. A router only joins the tree when a host has joined the multicast group. It is built opposite of dense mode, the tree is built from the leaves to the root, it is only when a host joins a multicast group that the router forwards the membership report to the RP.

PIM Sparse-Dense Mode — Allows a router to use sparse or dense-mode or both at the same time. Dense mode is used to flood RP discovery and announcement messages so that the client can find the RP and use the RP to find the multicast server.

Multicast Configuration

switch(config)# ip igmp snooping
switch(config)# ip igmp snooping vlan x

router(config)# ip multicast-routing
router(config)# ip pim {dense-mode | sparse-mode | sparse-dense-mode}
router(config)# ip pim version {1 | 2}

Multicast Troubleshooting
ip igmp join-group — Let’s a router join a group in order to test.
sh ip igmp group — Shows the groups a router has joined.
sh ip igmp interface — Shows IGMP information for each interface.

sh ip mroute
ping multicast address
sh ip pim rp
sh ip rpf

sh ip igmp group

R1#sh ip igmp groups
IGMP Connected Group Membership
Group Address    Interface                Uptime    Expires   Last Reporter   Group Accounted
232.32.32.32     Loopback1                00:06:35  00:02:18  192.168.1.1    
224.0.1.40       Loopback1                00:06:35  00:02:16  192.168.1.1

sh ip igmp interface

R1#sh ip igmp interface
Loopback1 is up, line protocol is up
  Internet address is 192.168.1.1/24
  IGMP is enabled on interface
  Current IGMP host version is 2
  Current IGMP router version is 2
  IGMP query interval is 60 seconds
  IGMP querier timeout is 120 seconds
  IGMP max query response time is 10 seconds
  Last member query count is 2
  Last member query response interval is 1000 ms
  Inbound IGMP access group is not set
  IGMP activity: 2 joins, 0 leaves
  Multicast routing is enabled on interface
  Multicast TTL threshold is 0
  Multicast designated router (DR) is 192.168.1.1 (this system)
  IGMP querying router is 192.168.1.1 (this system)
  Multicast groups joined by this system (number of users):
      224.0.1.40(1)  232.32.32.32(1)

sh ip mroute

R1#sh ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
       L - Local, P - Pruned, R - RP-bit set, F - Register flag,
       T - SPT-bit set, J - Join SPT, M - MSDP created entry,
       X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
       U - URD, I - Received Source Specific Host Report,
       Z - Multicast Tunnel, z - MDT-data group sender,
       Y - Joined MDT-data group, y - Sending to MDT-data group
Outgoing interface flags: H - Hardware switched, A - Assert winner
 Timers: Uptime/Expires
 Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 232.32.32.32), 00:21:25/stopped, RP 0.0.0.0, flags: DCL
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Serial1/1, Forward/Dense, 00:21:25/00:00:00
    Serial1/0, Forward/Dense, 00:21:25/00:00:00
    Loopback1, Forward/Dense, 00:21:25/00:00:00

ping multicast address

R1#ping 232.32.32.32    

Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 232.32.32.32, timeout is 2 seconds:

Reply to request 0 from 172.16.102.2, 12 ms
Reply to request 0 from 172.16.103.3, 16 ms
Reply to request 0 from 192.168.1.1, 16 ms
Categories: CCNP TSHOOT, Routing Tags:

TSHOOT Sidenote

May 2nd, 2010 jud No comments

I added some more flashcards in the files directory. These all have a file name of tshoot-topic.csv and are for the Flashcards Deluxe iPhone app.

If you notice any errors in the cards please shoot an email or make a comment. At this point I have not downloaded all of them so there may be serious errors or formatting changes. I made them from my notes so any errors are mine.

Categories: CCNP TSHOOT, Routing Tags:

Troubleshoot DHCP

May 2nd, 2010 jud No comments

I am not going to get into a long discussion of DHCP. I run the DNS/DHCP servers at work and have a pretty good idea of how it all works. Even though the basics are the same, BIND is a different animal than IOS.

The DCHP process from debug messages
–> DHCPD: DHCPDISCOVER received from client
<-- DHCPD: Sending DHCPOFFER to client
–> DHCPD: DHCPREQUEST received from client
<-- DHCPD: Sending DHCPACK to client

And the actual debug output.

R4#debug ip dhcp server packet
DHCP server packet debugging is on.
R4#
*Apr 28 22:51:33.407: DHCPD: DHCPDISCOVER received from client 0063.6973.636f.2d30.3030.342e.6464.3639.2e66.6430.312d.4661.302f.30 through relay 10.2.1.1.
*Apr 28 22:51:33.407: DHCPD: Allocate an address without class information (10.2.1.0)
R4#
*Apr 28 22:51:35.407: DHCPD: Sending DHCPOFFER to client 0063.6973.636f.2d30.3030.342e.6464.3639.2e66.6430.312d.4661.302f.30 (10.2.1.7).
*Apr 28 22:51:35.407: DHCPD: unicasting BOOTREPLY for client 0004.dd69.fd01 to relay 10.2.1.1.
*Apr 28 22:51:35.411: DHCPD: DHCPREQUEST received from client 0063.6973.636f.2d30.3030.342e.6464.3639.2e66.6430.312d.4661.302f.30.
*Apr 28 22:51:35.411: DHCPD: No default domain to append - abort update
*Apr 28 22:51:35.411: DHCPD: Sending DHCPACK to client 0063.6973.636f.2d30.3030.342e.6464.3639.2e66.6430.312d.4661.302f.30 (10.2.1.7).
*Apr 28 22:51:35.411: DHCPD: unicasting BOOTREPLY for client 0004.dd69.fd01 to relay 10.2.1.1.

DHCP Message Table

Message Use
DHCPDISCOVER Host is querying available servers, sent to broadcast address 255.255.255.255 on UDP port 67.
DHCPOFFER Server responds on UDP port 68.
DHCPREQUEST Client broadcasts to a specific DHCP server requesting the offered parameters from that server
DHCPDECLINE Message sent from the client to the server that the address is already in use.
DHCPACK The server sends configuration parameters including network address to a client.
DHCPNAK The server sends a refusal to the client for request for configuration.
DHCPRELEASEClient tells a server it is giving up an address and the remaining lease.
DHCPINFORM A client already has an IP address but is requesting other configuration paramets that the DHCP server is configured to deliver such as DNS or Winbind addresses.

IOS DHCP Server Configuration
The lease command is in days. Also, the excluded-address field can be a range low to high, for instance the snippet below will exclude the range of .1 to .50 on the 10.2.1.x subnet.

ip dhcp excluded-address 10.2.1.1 10.2.1.50

DHCP Server configuration:

no ip dhcp use vrf connected
ip dhcp excluded-address 10.2.1.1
ip dhcp excluded-address 10.2.1.2
ip dhcp excluded-address 10.2.1.254
!
ip dhcp pool vlan10
   network 10.2.1.0 255.255.255.0
   default-router 10.2.1.1
   lease 5

DHCP Helper Address
DHCP uses broadcast address because the client does not have an IP address with which to communicate. Routers do not forward broadcasts, therefore routers need to set up to forward DHCP traffic, the IP helper-address command also forwards the following protocols:
TFTP
Domain Name System (DNS)
Internet Time Service (ITS)
NetBIOS name server
NetBIOS datagram server
BootP
TACACS

interface Vlan10
 ip address 10.2.1.1 255.255.255.0
 ip helper-address 10.1.4.5

An IOS router as a DHCP client:

interface FastEthernet0/0
 ip address dhcp

DHCP Troubleshooting
show ip dhcp conflict
show ip dhcp binding

R4#sh ip dhcp binding
Bindings from all pools not associated with VRF:
IP address          Client-ID/          Lease expiration        Type
            Hardware address/
            User name
10.2.1.5            0063.6973.636f.2d30.    May 06 2010 11:16 AM    Automatic
                    3064.302e.6262.6566.
                    2e36.3463.312d.4661.
                    302f.30
10.2.1.8            0063.6973.636f.2d30.    May 07 2010 07:09 PM    Automatic
                    3030.342e.6464.3639.
                    2e66.6430.312d.4661.
                    302f.30

clear ip dhcp binding *
This is not necessarily the best command to run on a production router because you clear the addresses the router knows it has given out.
clear ip dhcp conflict *
debug ip dhcp server packet
See the listing above.
debug ip dhcp server events

R4#debug ip dhcp server events
DHCP server event debugging is on.
R4#
*May  2 19:07:21.660: DHCPD: checking for expired leases.
R4#
*May  2 19:07:59.764: DHCPD: Sending notification of TERMINATION:
*May  2 19:07:59.764:  DHCPD: address 10.2.1.7 mask 255.255.255.0
*May  2 19:07:59.764:  DHCPD: reason flags: RELEASE
*May  2 19:07:59.764:   DHCPD: htype 1 chaddr 0004.dd69.fd01
*May  2 19:07:59.764:   DHCPD: lease time remaining (secs) = 315841
*May  2 19:07:59.764: DHCPD: returned 10.2.1.7 to address pool vlan10.
R4#
*May  2 19:09:04.224: DHCPD: Sending notification of DISCOVER:
*May  2 19:09:04.224:   DHCPD: htype 1 chaddr 0004.dd69.fd01
*May  2 19:09:04.224:   DHCPD: remote id 020a00000a01040500000000
*May  2 19:09:04.224:   DHCPD: circuit id 00000000
*May  2 19:09:04.224: DHCPD: Seeing if there is an internally specified pool class:
*May  2 19:09:04.224:   DHCPD: htype 1 chaddr 0004.dd69.fd01
*May  2 19:09:04.224:   DHCPD: remote id 020a00000a01040500000000
*May  2 19:09:04.224:   DHCPD: circuit id 00000000
R4#
*May  2 19:09:06.224: DHCPD: Adding binding to radix tree (10.2.1.8)
*May  2 19:09:06.224: DHCPD: Adding binding to hash tree
*May  2 19:09:06.224: DHCPD: assigned IP address 10.2.1.8 to client 0063.6973.636f.2d30.3030.342e.6464.3639.2e66.6430.312d.4661.302f.30.
*May  2 19:09:06.228: DHCPD: Sending notification of ASSIGNMENT:
*May  2 19:09:06.228:  DHCPD: address 10.2.1.8 mask 255.255.255.0
*May  2 19:09:06.228:   DHCPD: htype 1 chaddr 0004.dd69.fd01
*May  2 19:09:06.228:   DHCPD: lease time remaining (secs) = 432000
R4#
*May  2 19:09:21.660: DHCPD: checking for expired leases.

sh ip dhcp pool

R4#sh ip dhcp pool

Pool vlan10 :
 Utilization mark (high/low)    : 100 / 0
 Subnet size (first/next)       : 0 / 0
 Total addresses                : 254
 Leased addresses               : 1
 Pending event                  : none
 1 subnet is currently in the pool :
 Current index        IP address range                    Leased addresses
 10.2.1.10            10.2.1.1         - 10.2.1.254        1

Additional Source:
Document ID: 27470

Categories: CCNP TSHOOT, Routing Tags:

Troubleshoot NAT

April 27th, 2010 jud No comments

Definitions
NAT Types
Static NAT — A one-to-one mapping of private to public IP addresses, best used for a device that needs access from outside the AS.
Dynamic NAT — A dynamic one-to-one mapping between private and public IP addresses, however, the mapping can vary and depends upon the addresses left in the pool.
NAT Overloading — PAT, allows multiple private addresses to masquerade as one public IP address by using layer 4 port numbers to differentiate sessions.
Overlapping NAT — Used when the same subnets are in use in two locations and addresses overlap.

NAT Address Types
Inside Local — A private address referencing an inside device.
Inside Global — A public address referencing an inside device.
Outside Local — A private address referencing an outside device.
Outside Global — A public address referencing an outside device.
The TSHOOT book had a good mnemonic that helps everything else fall in place, global starts with g, it means good, good being a routable address on the internet.

Order of operation for an interface, inside to outside network.
1. Decryption of IPsec traffic
2. Input ACL applied
3. Input policing applied
4. Input accounting applied
5. Policy-based routing (PBR)
6. Redirecting traffic to a web cache
7. NAT translating local to global addresses
8. Crypto map application
9. Output ACL applied
10. Cisco IOS Firewall inspection performed
11. TCP intercept feature applied
12. Encryption performed

Order of operation for an interface, outside to inside network.
1. Decryption of IPsec traffic
2. Input ACL applied
3. Input policing applied
4. Input accounting applied
5. NAT translating global to local addresses
6. Policy Based Routing (PBR)
7. Redirecting traffic to a web cache
8. Crypto map application
9. Output ACL applied
10. Cisco IOS Firewall inspection performed
11. TCP intercept feature applied
12. Encryption performed

Troubleshoot NAT
show ip nat statistics
Displays general NAT information of the router.

R1#sh ip nat statistics
Total active translations: 2 (0 static, 2 dynamic; 2 extended)
Outside interfaces:
  Serial0/1/0.15
Inside interfaces:
  Serial0/0/0.12
Hits: 45  Misses: 5
CEF Translated packets: 50, CEF Punted packets: 0
Expired translations: 3
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 10 pool WAN refcount 2
 pool WAN: netmask 255.255.255.252
    start 209.65.200.225 end 209.65.200.225
    type generic, total addresses 1, allocated 1 (100%), misses 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0

sh ip nat translations
Shows the current translations on the router. These can be reset with the command clear ip nat translation *.

R1#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
icmp 209.65.200.225:7  10.1.1.10:7        209.65.200.241:7   209.65.200.241:7

debug ip nat
Shows real time source and destination of NAT sessions on the router.

R1#debug ip nat
IP NAT debugging is on
R1#
*Apr 27 23:29:54.137: NAT*: s=10.1.1.10->209.65.200.225, d=209.65.200.241 [31]
*Apr 27 23:29:54.169: NAT*: s=209.65.200.241, d=209.65.200.225->10.1.1.10 [31]
*Apr 27 23:29:54.253: NAT*: s=10.1.1.10->209.65.200.225, d=209.65.200.241 [32]
*Apr 27 23:29:54.281: NAT*: s=209.65.200.241, d=209.65.200.225->10.1.1.10 [32]
*Apr 27 23:29:54.369: NAT*: s=10.1.1.10->209.65.200.225, d=209.65.200.241 [33]
*Apr 27 23:29:54.397: NAT*: s=209.65.200.241, d=209.65.200.225->10.1.1.10 [33]
*Apr 27 23:29:54.485: NAT*: s=10.1.1.10->209.65.200.225, d=209.65.200.241 [34]
*Apr 27 23:29:54.513: NAT*: s=209.65.200.241, d=209.65.200.225->10.1.1.10 [34]
R1#
*Apr 27 23:29:54.601: NAT*: s=10.1.1.10->209.65.200.225, d=209.65.200.241 [35]
*Apr 27 23:29:54.629: NAT*: s=209.65.200.241, d=209.65.200.225->10.1.1.10 [35]
Categories: CCNP TSHOOT, Routing Tags:

Troubleshoot Security

April 26th, 2010 jud No comments

There are three planes of a router that need to be secured, the management plane, control plane and data plane.

Management Plane
Used to access and configure a switch or router. It is secured through SNMPv3, TACACS+, VTY ACLs and SSH. It is also a best practice to have role based CLI views.

TACACS+ and RADIUS are used in part to secure user access to the management plane, the major differences between them:

Characteristic TACACS+ RADIUS
Transport TCP UDP
Modularity Separates authentication, authorization and accounting Combines authentication and authorization
Security Limit commands No command limit
Encryption Entire packet Only encrypts password
Accounting Basic Robust
Standard No Yes

Sources:
Cisco Document ID 13838
TSHOOT Book p.287

Control plane
Includes routing protocols and spanning tree used between routers and switches, it is the ability of a router to route. The control plane can be secured by the command auto secure, routing protocol authentication, and CPU/memory thresholding.

See each routing protocol discussion for troubleshooting steps.

Securing STP
Root Guard — Is enabled on a per-port basis. When a port receives a superior BPDU, with a lower bridge ID, the local switch will not allow the new switch to become the root. Instead the port is changed to root-inconsistent state, no data can be sent or received until the BPDUs stop.

BPDU Guard — PortFast moves an end-user port to forwarding state without going through all of the STP checks and can induce loops in the network. If any BPDU is received on a port where BPDU guard is enabled that port is put into errdisable state. It can then be recovered manually or through the errdisable timeout function.

Data plane
Forwards data through a router or switch. The data plane can be secured through ACLs, 802.1x, Unicast Reverse Path Forwarding (uRPF), IPsec VPN tunnels.

Securing DHCP and ARP:
DHCP snooping — With DHCP snooping enabled a switch port is either trusted or untrusted. Any DHCP replies coming from an untrusted port are discarded because they must have come from a rogue DHCP server. Additionally that switch port is shut in the errdisable state.

Dynamic ARP Inspection (DAI) — Helps to prevent ARP spoofing attacks. DHCP snooping keeps track of completed DHCP bindings including MAC address, IP address offered and lease time. This database is used by DAI to stop man-in-the-middle style attacks.

802.1X
Port-based authentication is a combination of AAA authentication and port security. An 802.1x port begins in an unauthorized state and requires the client to authenticate before it is allowed to communicate. The three components of an 802.1x network are:
Supplicant — Device trying to gain access.
Authenticator — Acts as an intermediary (proxy) between the host and the authentication server, requesting identity information from the host, verifying that information with the authentication server, and relaying a response to the host.
Authentication Server — Performs the actual authentication of the supplicant. The authentication server validates the identity of the supplicant and notifies the switch if it is authorized to communicate on the network.
Source:
TSHOOT Book
6500 802.1X Configuration Guide

Categories: CCNP TSHOOT, Routing Tags:

Troubleshoot Router Performance

April 16th, 2010 jud No comments

There are three general causes of router performance issues:
1. High CPU load
2. Router packet switching mode
3. Excessive memory use

Processes that can be a cause of high CPU load:
• ARP Input process — Heavy traffic load can cause a the ARP Input process to spike.
• Net Background process — If an interface has full buffers but still needs to use a globally available buffer, the Net Background process handles it. There might also be a corresponding rise in throttles, ignored and overrun parameters of the sh int command.
• IP Background process — When an interface changes state this process does the work.

Commands to troubleshoot the different processes:
sh process cpu | inc [process name] — Is there an inordinate amount of CPU usage?
sh arp — Are there too many entries in the ARP table that would cause the ARP Input process to spike?
sh int fa0/0 — Are the throttles, ignored and overrun parameters climbing?
sh ctp stat — A high connection load can result in the TCP Timer process spiking.

sh arp

R4#sh arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.1.4.10              53   0018.1825.2543  ARPA   FastEthernet0/1
Internet  10.1.4.9                -   001b.d421.480b  ARPA   FastEthernet0/1
Internet  10.1.4.6               68   0012.d9a5.1542  ARPA   FastEthernet0/0
Internet  10.1.4.5                -   001b.d421.480a  ARPA   FastEthernet0/0

sh int fa0/0 | inc thrott|ignor|over

R4#sh int fa0/0 | inc thrott|ignor|over
     Received 851934 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

sh tcp stat

R4#sh tcp stat
Rcvd: 432 Total, 0 no port
      0 checksum error, 0 bad offset, 0 too short
      267 packets (8194 bytes) in sequence
      1 dup packets (172 bytes)
      0 partially dup packets (0 bytes)
      0 out-of-order packets (0 bytes)
      0 packets (0 bytes) with data after window
      0 packets after close
      0 window probe packets, 0 window update packets
      0 dup ack packets, 0 ack packets with unsend data
      304 ack packets (10167 bytes)
Sent: 440 Total, 0 urgent packets
      51 control packets (including 0 retransmitted)
      262 data packets (10120 bytes)
      0 data packets (0 bytes) retransmitted
      0 data packets (0 bytes) fastretransmitted
      127 ack only packets (65 delayed)
      0 window probe packets, 0 window update packets
27 Connections initiated, 0 connections accepted, 24 connections established
30 Connections closed (including 1 dropped, 3 embryonic dropped)
0 Total rxmt timeout, 0 connections dropped in rxmt timeout
0 Keepalive timeout, 0 keepalive probe, 0 Connections dropped in keepalive

Packet Switching Modes
• Process switching — The CPU is used to make packet switching decisions, the entire data flow is processed in the control plane. To turn on process switching issue the command no ip route-cache.
• Fast Switching — The CPU processes the first packet of a data flow, the rest are handled by the fast cache, reducing processor load. Turn on fast switching with the command ip route-cache.
• Cisco Express Forwarding (CEF) — CEF maintains the Forwarding Information Base (FIB) for layer 3 forwarding and the Adjacency Table for layer 2 next hops. The entire flow is processed in the data plane.

Packet Switching commands that look interesting to me:
sh ip int fa0/0 — Displays the packet switching mode.
sh ip cache — If fast switching is enabled it displays the fast cache.
sh ip cef — Displays the FIB contents.
sh adjacency det — Displays the adjacency table of a router if CEF is enabled.

sh ip int fa0/0 | inc IP

R4#sh ip int fa0/0 | inc IP
  IP fast switching is enabled
  IP fast switching on the same interface is disabled
  IP Flow switching is enabled
  IP CEF switching is enabled
  IP CEF Flow Fast switching turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, Flow cache, CEF, Subint Flow
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled

sh ip cache

R4#sh ip cache
IP routing cache 0 entries, 0 bytes
   0 adds, 0 invalidates, 0 refcounts
Minimum invalidation interval 2 seconds, maximum interval 5 seconds,
   quiet interval 3 seconds, threshold 0 requests
Invalidation rate 0 in last second, 0 in last 3 seconds
Last full cache invalidation occurred 5w1d ago

Prefix/Length           Age       Interface       Next Hop

sh ip cef

R4#sh ip cef
Prefix              Next Hop             Interface
0.0.0.0/0           0.0.0.0              Null0
0.0.0.0/8           drop
0.0.0.0/32          receive
10.1.1.0/30         10.1.1.9             Serial0/0/0.34
10.1.1.4/30         10.1.1.9             Serial0/0/0.34
10.1.1.8/30         attached             Serial0/0/0.34
10.1.1.8/32         receive
10.1.1.10/32        receive

sh adj det

R4#sh adj det
Protocol Interface                 Address
IP       FastEthernet0/1           10.1.4.10(16)
                                   0 packets, 0 bytes
                                   001818252543001BD421480B0800
                                   ARP        01:41:49  
                                   Epoch: 0
IP       FastEthernet0/0           10.1.4.6(16)
                                   17 packets, 1818 bytes
                                   0012D9A51542001BD421480A0800
                                   ARP        02:47:29  
                                   Epoch: 0
IP       Serial0/0/0.34            point2point(13)
                                   80697 packets, 102706013 bytes
                                   64310800
                                   CEF   expires: 00:02:53
                                     refresh: 00:00:53
                                   Epoch: 0

Troubleshoot Memory Usage
• Memory leak — When not all memory used by a process is returned to the memory pool.
• Memory allocation failure — Shows up as a MALLOCFAIL error message.
• Bufffer leak — Similar to a memory leak, a process does not return a buffer after use.
• Runaway process — A process is consuming an inordinate amount of memory.

Commands to troubleshoot memory problems
sh buffers — Check the number of free in the list.
sh processes memory sorted — What are the largest memory users?

sh buffers

R4#sh buffers
Buffer elements:
     1119 in free list (1119 max allowed)
     7519248 hits, 0 misses, 619 created

Public buffer pools:
Small buffers, 104 bytes (total 50, permanent 50):
     49 in free list (20 min, 150 max allowed)
     5531838 hits, 0 misses, 0 trims, 0 created
     0 failures (0 no memory)
Middle buffers, 600 bytes (total 25, permanent 25, peak 64 @ 3w4d):
     25 in free list (10 min, 150 max allowed)
     362047 hits, 14 misses, 42 trims, 42 created
     0 failures (0 no memory)

sh processes memory sorted

R4#sh processes memory sorted
Processor Pool Total:  307697040 Used:   14563424 Free:  293133616
      I/O Pool Total:   41943040 Used:    4264864 Free:   37678176

 PID TTY  Allocated      Freed    Holding    Getbufs    Retbufs Process
   0   0   27799336    6726984   14720188          0          0 *Init*          
  39   0     654476       1272     635204          0          0 USB Startup    
  26   0   67553324   66736804     605916      46720          0 Exec            
   0   0          0          0     393528          0          0 *MallocLite*
Categories: CCNP TSHOOT, Routing Tags:

TSHOOT Sidenote

April 16th, 2010 jud 2 comments

You need to purchase Troubleshooting IP Routing Protocols.

For all of the other CCNP tests I have read two books. I enjoy the different perspective from two books and the extra reading has reinforced my understanding of the topics. Unfortunately for this exam I only had the TSHOOT Official Certification Guide and had been keeping my eyes open for another book.

I came across a recent CCIE blog post that mentioned Troubleshooting IP Routing Protocols by Aziz, Liu, Martey and Shamim. I wish I could give that guy credit because this is the best routing book I have found. I sat down to glance at the chapters and began to read a section on BGP, I was stunned by the clarity. It’s not the newest book, but it is written by four low digit CCIEs and is a great book, I have not been disappointed in a section I have read yet. Unfortunately it does not cover all of the topics of the TSHOOT exam but I am glad to have this book.

Categories: CCNP TSHOOT, Musings, Routing Tags:

Troubleshoot BGP

April 13th, 2010 jud No comments

BGP is a path-vector routing protocol. Routes are tracked in terms of the AS they pass through,
and routers avoid loops by rejecting routes that have already passed through their AS.

Definitions
Synchronization — Before iBGP can propagate a route, the route must be learned from an IGP.
Split Horizon — BGP will not advertise a route out the interface from which it was learned.
Path Selection — Routers avoid loops by rejecting routes that already include their AS. BGP attributes are used to determine the best route to a destination.

BGP Attributes

Order Preference Description
0. Synchronized TRUE Use only routes that meet the synchronization requirement
1. Weight
_______________

Highest Administrative override, a router will use the interface with the highest weight when multiple paths exist. Not propagated to other routers.
2. Local Preference Highest Used internally to pick path out of AS and is propagated to its internal peers.
3. Self Originated TRUE Prefer paths that originated on this router.
4. AS-Path Shortest Minimize AS-hops, prefer the route that has the shortest AS Path.
5. Origin i<? Prefer stability, where IGP is lower than EGP, and EGP is lower than incomplete.
6. Multi-Exit Discriminator (MED) Lowest Advertised to external neighbors in an attempt to influence path selection in your AS.
7. External EBGPExternal path is preferred over an internal path.
8. IGP cost Lowest Prefer the path with the lowest IGP cost.
9. EBGP Peering Oldest Prefer stability.
10. RID Lowest Finally choose the route with lowest BGP router ID.

Sources: BSCI p. 443 and TSHOOT P.229

BGP Updates three tables

Table Description Troubleshoot
Neighbor table Contains listing of neighbors, their IP address, AS Number, neighborship state. sh ip bgp summary
sh ip bgp neighbor
debug ip bgp updates
BGP table or BGP Routing Information Base (RIB) Contains routes learned from BGP neigbors and locally injected routes. sh ip bgp
__________________
IP Routing table Only the “best” routes as defined by the attributes make it into the routing table. sh ip route bgp

BGP States
BGP cycles through five states as it runs:
■ Idle—Searching for neighbors
■ Connect—TCP three-way handshake complete with neighbor
■ Open Sent—BGP Open message has been sent
■ Open Confirm—Response received
■ Established—BGP neighborship is established
Remember: Established is good, anything else is bad.

Troubleshoot BGP States
■ If a neighbor does not progress from “idle,” look for a next-hop address that cannot be reached.
■ If the neighbor stays “active,” the neighbor is not responding as expected, so look for things that
affect this reply. For instance,the peering IP address or AS number may be incorrect, the neighbor may be misconfigured, or authentication may be misconfigured.
BSCI p.406, TSHOOT p.229

TSHOOT BGP
sh ip bgp summary
Helps to debug the neighbor table.

R1#sh ip bgp summ
BGP router identifier 209.65.200.225, local AS number 65001
BGP table version is 16, main routing table version 16
2 network entries using 234 bytes of memory
3 path entries using 156 bytes of memory
3/2 BGP path/bestpath attribute entries using 372 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 786 total bytes of memory
BGP activity 7/5 prefixes, 10/7 paths, scan interval 60 secs

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
209.65.200.226  4 65002   47706   47714       16    0    0 4w5d            2

sh ip bgp neighbor
More neighbor table debugging.

R1#sh ip bgp neighbors
BGP neighbor is 209.65.200.226,  remote AS 65002, external link
  BGP version 4, remote router ID 209.65.200.242
  BGP state = Established, up for 4w5d
  Last read 00:00:54, last write 00:00:17, hold time is 180, keepalive interval is 60 seconds
  Neighbor capabilities:
    Route refresh: advertised and received(old & new)
    Address family IPv4 Unicast: advertised and received
  Message statistics:
    InQ depth is 0
    OutQ depth is 0
                         Sent       Rcvd
    Opens:                  2          2
    Notifications:          1          0
    Updates:                3          2
    Keepalives:         47711      47704
    Route Refresh:          0          0
    Total:              47717      47708
  Default minimum time between advertisement runs is 30 seconds

 For address family: IPv4 Unicast
  BGP table version 16, neighbor version 16/0
 Output queue size : 0
  Index 1, Offset 0, Mask 0x2
  1 update-group member
                                 Sent       Rcvd
  Prefix activity:               ----       ----
    Prefixes Current:               1          2 (Consumes 104 bytes)
    Prefixes Total:                 1          2
    Implicit Withdraw:              0          0
... output removed for brevity ...

sh ip bgp neigh x.x.x.x advertised-routes
This command should be in the troubleshooting list in the book but is not. It shows what advertisements you are sending to a neighbor.

R1#sh ip bgp neigh 209.65.200.226 advertised-routes
BGP table version is 16, local router ID is 209.65.200.225
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 209.65.200.224/30
                    0.0.0.0                  0         32768 i

Total number of prefixes 1

sh ip bgp neigh x.x.x.x routes
Similarly this command is not discussed in the book. This command shows which routes are being received. Helps to debug the RIB.

R1#sh ip bgp neigh 209.65.200.226 routes
BGP table version is 16, local router ID is 209.65.200.225
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*  209.65.200.224/30
                    209.65.200.226           0             0 65002 i
*> 209.65.200.240/29
                    209.65.200.226           0             0 65002 i

Total number of prefixes 2

sh ip bgp
Help to debug the RIB.

R1#sh ip bgp
BGP table version is 16, local router ID is 209.65.200.225
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*  209.65.200.224/30
                    209.65.200.226           0             0 65002 i
*>                  0.0.0.0                  0         32768 i
*> 209.65.200.240/29
                    209.65.200.226           0             0 65002 i

sh ip route bgp
What routes are making it from the RIB to routing table.

R1#sh ip route bgp
     209.65.200.0/24 is variably subnetted, 2 subnets, 2 masks
B       209.65.200.240/29 [20/0] via 209.65.200.226, 4w5d

Debug Commands
debug ip bgp
debug ip bgp updates

Categories: CCNP TSHOOT, Routing Tags:

Troubleshoot OSPF

April 12th, 2010 jud No comments

My notes for EIGRP felt like I was just regurgitating the Key Points from the book. So with OSPF I read the book and looked at the command output, then decided to copy my notes from the BSCI and edit them down. In this manner I get more detail than the book, it refreshes my mind and I don’t feel like I am bored redoing the commands shown in the book. Please note, these are my notes, you got it off the web from some CCNA who is working toward a CCNP, you get the idea.

Open Shortest Path First (OSPF)
OSPF is a vendor neutral link-state routing protocol designed around the shortest path first or Dijkstra algorithm. OSPF learns all possible routes in the network and never produces routing loops.

  • Classless and allows summarization.
  • Quickly converges
  • Conserves network bandwidth
  • Uses multicast
  • Sends incremental change based updates
  • Metric is cost
  • Generates routing updates only upon change

    • OSPF creates three tables
    1. Neighbor Table or Adjacency Database – Contains a list of recognized neighbors
    2. Topology Table or LSDB – Contains all routers and their attached links the area or network. All routers in an area have Identical LSDB
    3. Routing Table or Forwarding Database – Holds the best paths to destinations

    Basic OSPF Operation
    Exchange Hello messages to build neighbor table.
    Elect DR and BDR.
    Exchange LSA to build topology table.
    Run SPF on topology table to build routing table.

    OSPF Area Structure
    OSPF uses a two-layer hierarchy.
    1. Transit Area – Primary function is fast and efficient packet movement. End users are not usually found here. OSPF area 0 by definition is a transit area.
    2. Regular Area – Primary function is to connect users and resources. By default a regular area does not allow transit traffic. It has a number of subtypes; standard area, stub area, totally stubby area and not-so-stubby area.

    Neighorship
    OSPF sends multicast hello packets to destination address 224.0.0.5. On a broadcast link hello packets are sent every 10 seconds and every 30 seconds on a nonbroadcast link. After initial hello exchange routers become neighbors as soon as they see themselves listed in the neighbor’s hello packet, this guarantees two way communication. Neighbor negotiation applies to the primary address only, secondary addresses have to belong to the same area as the primary address.

    Routers must agree on the following to become neighbors:

  • Area-ID – If two routers share a segment, their interfaces have to belong to the same area on that segment. Should also belong to the same subnet and share the same mask.
  • Authentication – OSPF allows for a password in an area, routers must exchange the same password in an area to become neighbors.
  • Hello Interval — Hellos are a form of keep alive used for acknowledgment on a segment and to elect a designated router on multicast segments. Hello interval specifies the length of time, in seconds, between hello packets on an OSPF interface.
  • Dead Interval – Number of seconds that a router’s Hello packets have not been seen before its neighbors declare a router down.
  • Stub area flag – Routers must agree on the stub area flag in the hello packet.

    • Adjacency
    Routers form an adjacency after they have synchronized their topology databases. After the hello exchange, routers proceed to the database exchange process. In order to minimize the amount of information exchange on a particular segment OSPF elects one router as the designated router (DR) and another as the backup designated router (BDR) on each multi-access segment. Instead of routers having to exchange information with every other router in the segment, they only have to exchange information with the DR and BDR. The DR and BDR relay information to all the other routers.

    In mathematical terms this cuts communication from O(n*n) to O(n) where n is the number of routers on a segment. Each router tries to establish adjacency with the DR and BDR.

    Building the Adjacency

    Adjacency States:
    The following are the states of an interface in the process of becoming adjacent to another router.

    Down No hellos received from any router on segment
    Attempt Only valid for manually configured neighbors
    Init The router has received a hello packet from its neighbor but the receiving router’s ID was not in that hello packet.
    Two-Way Bi-directional communication has been established between the routers. At the end of this stage DR and BDR election is complete and the routers will decide whether to proceed with an adjacency.
    Exstart Routers are trying to establish the initial sequence number for packet exchange, the sequence number insures routers maintain recent information.
    Exchange Routers send entire link-state database.
    Loading Routers are finalizing their information exchange.
    Full Adjacency is complete, fully synchronized databases.

    DR Election
    OSPF routers on a LAN segment elects one DR and BDR, all other routers on that segment form full adjacencies with these two routers and pass LSAs only to them. The router with the highest OSPF priority on a segment will become the DR for that segment. Priority can be set from 0 – 255 with the default priority being 1 and a priority of 0 prevents the router from being elected.

    OSPF Multicast Addresses:
    224.0.0.5 goes to all OSPF routers.
    224.0.0.6 goes to the DR and BDR.

    Link State Advertisement (LSA)
    LSAs are reliable, delivery is acknowledged they also have a sequence number and a set lifetime, so that each router recognizes that it has the most current link state database.

    LSA Type_______ Name Description
    Types 1 and 2 are flooded througout an area and are the basis of SPF path selection.
    Type 1 Router Link LSA Generated by every router and sent to every area to which it is connected. Lists each neighbor, the cost to every neighbor, directly connected link state. Establishes and maintains neighbor relationships.

    Type 2 Network Link LSA DR generated LSA that lists all the routers on the segment, the topological database.
    Types 3 and 4 are called inter-area LSAs because they are passed between areas.
    Type 3 Network Summary Link LSA ABRs generate Type 3 LSAs to send between areas describing routes to the area’s networks. When an ABR receives type 1 LSAs it sends out type 3 LSAs to other areas advertising the networks it learned via type 1 LSAs.
    Type 4 AS external ASBR summary link LSA ASBRs produce this LSA to advertise their presence and describe routes to themselves.
    Type 5 External Link LSA Generated by ASBRs to describe routes external to OSPF, are flooded throughout the the AS except into totally stubby areas and totally stubby NSSAs.
    Type 6 Multicast LSA Used in multicast OSPF applications.
    Type 7 NSSA External LSA Created by an ASBR with one link in a NSSA. Stubby areas do not allow type 5 LSAs, so a type 7 LSA is a type 5 tunneled through the NSSA.

    OSPF Network Types
    The TSHOOT book did a much better job than my notes summarizing the OSPF network types.

    Broadcast Nonbroadcast Point-to-Point Point-to-Multipoint
    Default network type for LAN interfaces Default network type for Frame Relay serial interfaces Default network type for non-Frame Relay serial interfaces Can be configured for any interface
    Neighbors discovered Neighbors statically configured Routers form adjacency Neighbors automatically determined
    All routers on same subnet All routers on same subnet Each point-to-point link on a separate subnet All routers on same subnet
    Has a designated router Has a designated router Does not have a dedicated router Does not have a dedicated router

    TSHOOT p. 176

    sh ip route meanings

    Designator Description
    O OSPF intra-area router LSA and network LSA. Networks from within the router’s area, advertised by router and network LSAs.
    O IA OSPS interarea or summary LSA, networks from outside the router’s area but within the OSPF AS. Advertised by summary LSAs.
    O E1 Type 1 External Routes, networks from outside the router’s AS, advertised by external LSAs. Calculate the cost of an external route by adding the the external cost to the internal cost of each link the packet crosses. Use this type when multiple ASBRs are advertising an external route to the same AS.
    O E2 Type 2 External Routes, networks from outside the router’s AS advertised by external LSAs. The calculated cost is the external cost only. Use this type if only one ASBR is advertising an external route the autonomous system.

    Commands to verify OSPF configuration:
    sh ip ospf int [br]
    From the output you can see that this command give a good overview of “who” is on the other end of an interface. When the brief option is on it gives a summation of the interfaces active in OSPF and their neighbors. This is intended to help debug the interface table.

    R2#sh ip ospf int  
    Serial0/0/0.23 is up, line protocol is up
      Internet Address 10.1.1.5/30, Area 0
      Process ID 1, Router ID 10.1.1.5, Network Type POINT_TO_POINT, Cost: 64
      Transmit Delay is 1 sec, State POINT_TO_POINT
      Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
        oob-resync timeout 40
        Hello due in 00:00:01
      Supports Link-local Signaling (LLS)
      Index 1/2, flood queue length 0
      Next 0x0(0)/0x0(0)
      Last flood scan length is 2, maximum is 2
      Last flood scan time is 0 msec, maximum is 4 msec
      Neighbor Count is 1, Adjacent neighbor count is 1
        Adjacent with neighbor 10.1.1.9
      Suppress hello for 0 neighbor(s)
    R2#sh ip ospf int br
    Interface    PID   Area            IP Address/Mask    Cost  State Nbrs F/C
    Se0/0/0.23   1     0               10.1.1.5/30        64    P2P   1/1
    Se0/0/0.12   1     12              10.1.1.2/30        64    P2P   1/1

    sh ip ospf neighbor
    Intended to help debug the neighbor table of OSPF.

    R2#sh ip ospf neigh

    Neighbor ID     Pri   State           Dead Time   Address         Interface
    10.1.1.9          0   FULL/  -        00:00:39    10.1.1.6        Serial0/0/0.23
    209.65.200.225    0   FULL/  -        00:00:31    10.1.1.1        Serial0/0/0.12

    sh ip ospf database
    Shows the LSA headers contained in the link state database. Router Link States come from Type 1 LSAs and Net Link States come from Type 2 LSAs.

    R2#sh ip ospf database

                OSPF Router with ID (10.1.1.5) (Process ID 1)

            Router Link States (Area 0)

    Link ID         ADV Router      Age         Seq#       Checksum Link count
    10.1.1.5        10.1.1.5        429         0x8000066B 0x00805D 2
    10.1.1.9        10.1.1.9        1590        0x80000669 0x002AB0 2

            Summary Net Link States (Area 0)

    Link ID         ADV Router      Age         Seq#       Checksum
    10.1.1.0        10.1.1.5        429         0x80000537 0x005D4A
    10.1.1.8        10.1.1.9        1591        0x80000538 0x00F2A7

            Summary ASB Link States (Area 0)

    Link ID         ADV Router      Age         Seq#       Checksum
    10.1.4.9        10.1.1.9        1590        0x80000538 0x00CBC6
    209.65.200.225  10.1.1.5        429         0x80000537 0x00D021

            Router Link States (Area 12)

    Link ID         ADV Router      Age         Seq#       Checksum Link count
    10.1.1.5        10.1.1.5        429         0x80000667 0x00FC43 2
    209.65.200.225  209.65.200.225  1693        0x8000065E 0x00DAC1 2

            Summary Net Link States (Area 12)

    Link ID         ADV Router      Age         Seq#       Checksum
    10.1.1.4        10.1.1.5        436         0x80000539 0x003170
    10.1.1.8        10.1.1.5        436         0x80000539 0x008BD1

            Summary ASB Link States (Area 12)

    Link ID         ADV Router      Age         Seq#       Checksum
    10.1.4.9        10.1.1.5        436         0x80000539 0x0064F0

            Type-5 AS External Link States

    Link ID         ADV Router      Age         Seq#       Checksum Tag
    10.1.4.4        10.1.4.9        1287        0x800004B2 0x00CEF3 0
    10.1.4.8        10.1.4.9        1287        0x800000FC 0x001E5A 0
    10.2.1.0        10.1.4.9        1287        0x800004B2 0x001EA7 0
    10.2.2.0        10.1.4.9        1287        0x800000FC 0x008AF3 0
    10.2.4.12       10.1.4.9        1287        0x800004B8 0x00664D 0
    209.65.200.224  209.65.200.225  1693        0x80000536 0x004AB7 0
    209.65.200.240  209.65.200.225  1697        0x80000536 0x00F319 65002

    sh ip ospf statistics
    Shows the last time SPF algorithm was run, how often and the reason.

    R2#sh ip ospf statistics

                OSPF Router with ID (10.1.1.5) (Process ID 1)

      Area 0: SPF algorithm executed 34 times

      Area 12: SPF algorithm executed 25 times

      Summary OSPF SPF statistic

      SPF calculation time
    Delta T   Intra D-Intra Summ    D-Summ  Ext D-Ext   Total   Reason
    4w3d   0    0   0   0   0   0   0   R, SN, X
    4w3d   0    0   0   0   0   0   0   X
    4w3d   0    0   0   0   0   0   0   X
    4w3d   0    0   0   0   0   0   0   R, X
    4w3d   0    0   0   0   0   0   0   R, N, SN, SA, X
    4w3d   0    0   0   0   0   0   0   R,
    4w3d   0    0   0   0   0   0   0   R,
    4w3d   0    0   0   0   0   0   0   R, N, SN, SA, X
    4w3d   0    0   0   0   0   0   0   R,
    4w3d   0    0   0   0   0   0   0   R, X

      RIB manipulation time during SPF (in msec):
    Delta T     RIB Update    RIB Delete
    4w3d    0             0            
    4w3d    0             0            
    4w3d    0             0            
    4w3d    0             0            
    4w3d    0             0            
    4w3d    0             0            
    4w3d    0             0            
    4w3d    0             0            
    4w3d    0             0            
    4w3d    0             0

    sh ip ospf border-routers
    Who is sending what type of LSA?

    R2#sh ip ospf border-routers

    OSPF Process 1 internal Routing Table

    Codes: i - Intra-area route, I - Inter-area route

    i 10.1.1.9 [64] via 10.1.1.6, Serial0/0/0.23, ABR, Area 0, SPF 34
    i 209.65.200.225 [64] via 10.1.1.1, Serial0/0/0.12, ASBR, Area 12, SPF 25
    I 10.1.4.9 [128] via 10.1.1.6, Serial0/0/0.23, ASBR, Area 0, SPF 34

    sh ip route ospf
    Shows what routes are being advertised through OSPF.

    R2#sh ip route ospf
         209.65.200.0/24 is variably subnetted, 2 subnets, 2 masks
    O E2    209.65.200.240/29 [110/1] via 10.1.1.1, 4w3d, Serial0/0/0.12
    O E2    209.65.200.224/30 [110/1] via 10.1.1.1, 4w3d, Serial0/0/0.12
         10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks
    O E2    10.2.4.12/30 [110/20] via 10.1.1.6, 4w0d, Serial0/0/0.23
    O IA    10.1.1.8/30 [110/128] via 10.1.1.6, 4w3d, Serial0/0/0.23
    O E2    10.1.4.8/30 [110/20] via 10.1.1.6, 5d20h, Serial0/0/0.23
    O E2    10.2.1.0/24 [110/20] via 10.1.1.6, 3w6d, Serial0/0/0.23
    O E2    10.2.2.0/24 [110/20] via 10.1.1.6, 5d20h, Serial0/0/0.23
    O E2    10.1.4.4/30 [110/20] via 10.1.1.6, 3w6d, Serial0/0/0.23

    Commands to debug OSPF:
    log-adjacency-changes
    debug ip packet
    debug ip ospf events
    Watch the OSPF process in real time.

    R2#debug ip ospf events
    OSPF events debugging is on
    R2#
    *Apr 12 19:19:50.000: OSPF: Rcv hello from 10.1.1.9 area 0 from Serial0/0/0.23 10.1.1.6
    *Apr 12 19:19:50.000: OSPF: End of hello processing
    *Apr 12 19:19:50.388: OSPF: Send hello to 224.0.0.5 area 0 on Serial0/0/0.23 from 10.1.1.5
    *Apr 12 19:19:50.528: OSPF: Send hello to 224.0.0.5 area 12 on Serial0/0/0.12 from 10.1.1.2
    Categories: CCNP TSHOOT, Routing Tags: