E2 & N2 routes will install routes with the default metric of 20 not incrementing the metric but it will increment the forward metric. So if the asbr is 3 hops away it will have a forward metric of 3 . So E2 + N2 routes seperate the metric and the forward metric. The only time this really matters is when there is multiple exit points out of the area (multiple ABRs) It will then compare forward metric.
In E1 & N1 there is differentiate metric + forward metric The routes will be installed with a seed metric of 20 + the cost to reach the ASBR
We could potentially use E1 and E2 as traffic engineering. OSPF by default will prefer E1 routes over E2 so like you could redistribute E2 routes on one ASBR and redistribute E1 routes on another no matter of the metric or admin distance the E1 routes will be preferred
In general once you have all your routes redistributed you need to check reachability. An issue you may get is that
like your default source interface running the protocol may have reachability but other interfaces you may wish to check that you can reach the address via different sources
ping "ip" source "interface/ip"
if you have a very large routing table this might be way to time consuming
One of the cli tools we could use to check this is TCL PING Scripting
TCL (Tool Command Language)
- is open source programming language
- not cisco propiertary
- iOS supports TCL 8.3.4
Example script for simple ping
-------------------------------
tclsh - starts the tcl shell
foreach X { - foreach x is your variable and we open bracket
1.2.3.4
5.6.7.8
11.11.11.11 - just address we need to ping
} {ping $X } - so we close the brackets then open straight away and ping for all x variable i.e the ips
If we were from notepad just write out
ping 1.2.3.4
ping 5.6.7.8
so on
and paste into our cli we would overrun the buffer we would try and process next command before the other command is complete so this is the easiest way to do this
Ping with different source
-----------------------------
tclsh
foreach X {
1.2.3.4
5.6.7.8
11.11.11.11
} {ping $X }
also if wanted to added multiples the argument is ;
tclsh
foreach X {
1.2.3.4
5.6.7.8
11.11.11.11
} {
ping $X source lo0;
ping $X source lo1;
ping $X source lo2;
ping $X source lo3; }
If a ping fails it will keep retrying it will loop retrying the same address this is how we know quickly if an address listed failed
to get out of this loop on console connection
CTRL-SHIFT-6 x
on access server
CTRL-SHIFT-6 x
When doing work with tcl parser it is important to note that the parser is processed before the ios
- you may have potential problems with overlapping commands
e.g set command can cause issue in routemap if it goes to the tcl parser first it does not proces properly
and will look like it has processed but not go into the running config
to stop the behaviour when you finished your tcl scripting for testing you can use the command
tclquit
this will stop the service running on the ios and will not be using tcl parser
LAB
----
For the LAB i will look at E1 & E2 routes and do TCL script checking reachability in the previously configured redistribution network
so on r3 we have redistributed eigrp routes into ospf
r3#sh run | sec router
router eigrp 1
redistribute ospf 1 metric 100 100 100 100 100 match internal
network 3.3.3.3 0.0.0.0
network 10.229.254.0 0.0.0.255
network 10.0.0.0
no auto-summary
neighbor 10.229.254.2 Serial1/0
neighbor 10.229.254.1 Serial1/0
router ospf 1
log-adjacency-changes
redistribute eigrp 1 subnets
network 192.168.1.0 0.0.0.255 area 0
on s1
switch1#sh ip route ospf
O E2 1.0.0.0/8 [110/20] via 192.168.1.3, 00:01:37, FastEthernet0/3
2.0.0.0/32 is subnetted, 1 subnets
O E2 2.2.2.2 [110/20] via 192.168.1.3, 00:01:37, FastEthernet0/3
33.0.0.0/32 is subnetted, 1 subnets
O 33.33.33.33 [110/2] via 192.168.4.3, 00:01:37, Port-channel4
3.0.0.0/32 is subnetted, 1 subnets
O E2 3.3.3.3 [110/20] via 192.168.1.3, 00:01:37, FastEthernet0/3
22.0.0.0/32 is subnetted, 1 subnets
O 22.22.22.22 [110/2] via 192.168.2.2, 00:01:37, Port-channel2
10.0.0.0/24 is subnetted, 1 subnets
O E2 10.229.254.0 [110/20] via 192.168.1.3, 00:01:37, FastEthernet0/3
44.0.0.0/32 is subnetted, 1 subnets
O 44.44.44.44 [110/2] via 192.168.5.4, 00:01:37, Port-channel20
O 192.168.3.0/24 [110/2] via 192.168.4.3, 00:01:37, Port-channel4
[110/2] via 192.168.2.2, 00:01:37, Port-channel2
switch1#
we can see we are getting multiple ospf e2 routes
this is the default with metric of 20
switch1#sh ip route 10.229.254.0
Routing entry for 10.229.254.0/24
Known via "ospf 1", distance 110, metric 20, type extern 2, forward metric 1
Last update from 192.168.1.3 on FastEthernet0/3, 00:05:48 ago
Routing Descriptor Blocks:
* 192.168.1.3, from 3.3.3.3, 00:05:48 ago, via FastEthernet0/3
Route metric is 20, traffic share count is 1
switch1#
from s1 perspective it has metric of 20 to 10.229.254.0 and forward metric of 1
if we take a look s3
switch3#sh ip route 10.229.254.0
Routing entry for 10.229.254.0/24
Known via "ospf 1", distance 110, metric 20, type extern 2, forward metric 2
Last update from 192.168.4.1 on Port-channel1, 00:07:17 ago
Routing Descriptor Blocks:
* 192.168.4.1, from 3.3.3.3, 00:07:17 ago, via Port-channel1
Route metric is 20, traffic share count is 1
switch3#
the metric of 20 stays the same but the forward metric increments. The forward metric only comes into play if you receive the route from multiple sources
r3(config)#router ospf 1
r3(config-router)#no redistribute eigrp 1 subnets
r3(config-router)#redistribute eigrp 1 subnets metric-type 1
r3(config-router)#
on s1
------
switch1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
O E1 1.0.0.0/8 [110/21] via 192.168.1.3, 00:00:54, FastEthernet0/3
2.0.0.0/32 is subnetted, 1 subnets
O E1 2.2.2.2 [110/21] via 192.168.1.3, 00:00:54, FastEthernet0/3
33.0.0.0/32 is subnetted, 1 subnets
O 33.33.33.33 [110/2] via 192.168.4.3, 00:11:13, Port-channel4
3.0.0.0/32 is subnetted, 1 subnets
O E1 3.3.3.3 [110/21] via 192.168.1.3, 00:00:54, FastEthernet0/3
22.0.0.0/32 is subnetted, 1 subnets
O 22.22.22.22 [110/2] via 192.168.2.2, 00:11:13, Port-channel2
C 192.168.4.0/24 is directly connected, Port-channel4
C 192.168.5.0/24 is directly connected, Port-channel20
10.0.0.0/24 is subnetted, 1 subnets
O E1 10.229.254.0 [110/21] via 192.168.1.3, 00:00:54, FastEthernet0/3
11.0.0.0/32 is subnetted, 1 subnets
C 11.11.11.11 is directly connected, Loopback0
C 192.168.1.0/24 is directly connected, FastEthernet0/3
C 192.168.2.0/24 is directly connected, Port-channel2
44.0.0.0/32 is subnetted, 1 subnets
O 44.44.44.44 [110/2] via 192.168.5.4, 00:11:14, Port-channel20
O 192.168.3.0/24 [110/2] via 192.168.4.3, 00:11:14, Port-channel4
[110/2] via 192.168.2.2, 00:11:14, Port-channel2
switch1#
all the metric type have changed to e2 and on s1 they have metric of 21 this would have been a seed metric of 20 and the cost of 1 to get from switch 1 to r3
switch1#sh ip route 10.229.254.0
Routing entry for 10.229.254.0/24
Known via "ospf 1", distance 110, metric 21, type extern 1
Last update from 192.168.1.3 on FastEthernet0/3, 00:02:01 ago
Routing Descriptor Blocks:
* 192.168.1.3, from 3.3.3.3, 00:02:01 ago, via FastEthernet0/3
Route metric is 21, traffic share count is 1
notice on e1 routes we have no forward metric we only have metric
lets check s3
s3
--
switch3#sh ip route 10.229.254.0
Routing entry for 10.229.254.0/24
Known via "ospf 1", distance 110, metric 22, type extern 1
Last update from 192.168.4.1 on Port-channel1, 00:03:13 ago
Routing Descriptor Blocks:
* 192.168.4.1, from 3.3.3.3, 00:03:13 ago, via Port-channel1
Route metric is 22, traffic share count is 1
switch3#
the metric is 22 so 2 to get to r3 + seed metric of 20
Ok so next portion of the LAB
We have done redistributing on both eigrp and ospf on r3
if i take a look at the route table on r2
r2#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
D 1.0.0.0/8 [90/21152000] via 10.229.254.3, 00:17:29, Serial0/0
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
33.0.0.0/32 is subnetted, 1 subnets
D EX 33.33.33.33 [170/26137600] via 10.229.254.3, 00:14:37, Serial0/0
3.0.0.0/32 is subnetted, 1 subnets
D 3.3.3.3 [90/2297856] via 10.229.254.3, 00:25:26, Serial0/0
22.0.0.0/32 is subnetted, 1 subnets
D EX 22.22.22.22 [170/26137600] via 10.229.254.3, 00:14:37, Serial0/0
D EX 192.168.4.0/24 [170/26137600] via 10.229.254.3, 00:14:38, Serial0/0
D EX 192.168.5.0/24 [170/26137600] via 10.229.254.3, 00:14:38, Serial0/0
10.0.0.0/24 is subnetted, 1 subnets
C 10.229.254.0 is directly connected, Serial0/0
11.0.0.0/32 is subnetted, 1 subnets
D EX 11.11.11.11 [170/26137600] via 10.229.254.3, 00:14:39, Serial0/0
D EX 192.168.1.0/24 [170/26137600] via 10.229.254.3, 00:14:55, Serial0/0
D EX 192.168.2.0/24 [170/26137600] via 10.229.254.3, 00:14:39, Serial0/0
44.0.0.0/32 is subnetted, 1 subnets
D EX 44.44.44.44 [170/26137600] via 10.229.254.3, 00:14:39, Serial0/0
D EX 192.168.3.0/24 [170/26137600] via 10.229.254.3, 00:14:39, Serial0/0
r2#
it appears everything is fine but we need to test we have reachability to all address from all interface
r2#ping 33.33.33.33
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/68/72 ms
r2#
*Mar 1 03:26:38.515: ICMP: echo reply rcvd, src 33.33.33.33, dst 10.229.254.2
*Mar 1 03:26:38.587: ICMP: echo reply rcvd, src 33.33.33.33, dst 10.229.254.2
*Mar 1 03:26:38.655: ICMP: echo reply rcvd, src 33.33.33.33, dst 10.229.254.2
*Mar 1 03:26:38.723: ICMP: echo reply rcvd, src 33.33.33.33, dst 10.229.254.2
*Mar 1 03:26:38.787: ICMP: echo reply rcvd, src 33.33.33.33, dst 10.229.254.2
if i just do a ping it will source it from the interface that it has in the routing in this case s0/0 with ip of 10.229.254.2
r2#ping 33.33.33.33 source 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/66/68 ms
r2#
*Mar 1 03:28:18.395: ICMP: echo reply rcvd, src 33.33.33.33, dst 2.2.2.2
*Mar 1 03:28:18.459: ICMP: echo reply rcvd, src 33.33.33.33, dst 2.2.2.2
*Mar 1 03:28:18.527: ICMP: echo reply rcvd, src 33.33.33.33, dst 2.2.2.2
*Mar 1 03:28:18.595: ICMP: echo reply rcvd, src 33.33.33.33, dst 2.2.2.2
*Mar 1 03:28:18.663: ICMP: echo reply rcvd, src 33.33.33.33, dst 2.2.2.2
so this is working for this route now for 1 route this process may not seem to bad if you have 1000 of routes in your routing a multiple interfaces on your device it could be very time consuming
say for example we just wrote out in notepad and tried to paste it in
ping 33.33.33.33
ping 22.22.22.22
ping 11.11.11.11
if i paste that in all i get is
r2#ping 33.33.33.33
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/67/68 ms
r2#
as the buffer is overflowed with the 3 commands going in and they are trying to process while 33.33.33.33 is showing output this effectively loses the other 2 pings
r2(tcl)#foreach TEST {
+>(tcl)#33.33.33.33
+>(tcl)#11.11.11.11
+>(tcl)#22.22.22.22
+>(tcl)#} {ping $TEST}
so the following TEST variable was created and i was able to ping all address
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/76/112 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/66/68 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 22.22.22.22, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/67/68 ms
r2(tcl)#tclsh
r2(tcl)#foreach TEST2 {
+>(tcl)#33.33.33.33
+>(tcl)#11.11.11.11
+>(tcl)#22.22.22.22
+>(tcl)#} {ping $TEST2 source lo0}
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/67/72 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/66/68 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 22.22.22.22, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/65/68 ms
r2(tcl)#
r2#
*Mar 1 03:53:24.763: %SYS-5-CONFIG_I: Configured from console by console
r2#
so we can successfully ping with source lo0 to all them address i can also go further
r2#tclsh
r2(tcl)#foreach TEST2 {
+>(tcl)#33.33.33.33
+>(tcl)#11.11.11.11
+>(tcl)#22.22.22.22
+>(tcl)#} {
+>(tcl)#ping $TEST2 source lo0;
+>(tcl)#ping $TEST2 source s0/0;}
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/66/68 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds:
Packet sent with a source address of 10.229.254.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/65/68 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/66/68 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds:
Packet sent with a source address of 10.229.254.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/66/68 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 22.22.22.22, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/66/68 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 22.22.22.22, timeout is 2 seconds:
Packet sent with a source address of 10.229.254.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/66/68 ms
r2(tcl)#
i am ping all the address from both lo0 and s0/0 if i had more interfaces i could add as many as i like
A potential issue is if you are using the tclsh parser without realising
r2#tclsh
r2(tcl)#config t
Enter configuration commands, one per line. End with CNTL/Z.
r2(config)#route-map test
r2(config-route-map)#set local-pref 100
100
r2(config-route-map)#
so i want to tclsh parser then went to config mode tried to configure a route-map called test with set local-pref 100 if you notice the strange repeat of 100 on the command line the parser had an issue with the set command if i got to
r2(tcl)#sh route-map
route-map test, permit, sequence 10
Match clauses:
Set clauses:
Policy routing matches: 0 packets, 0 bytes
r2(tcl)#
we see the route-map was created but there was not set command inputed
r2#tclquit
r2#config t
Enter configuration commands, one per line. End with CNTL/Z.
r2(config)#route-map test
r2(config-route-map)#set local-preference 100
r2(config-route-map)#exit
r2(config)#do sh route-map
route-map test, permit, sequence 10
Match clauses:
Set clauses:
local-preference 100
Policy routing matches: 0 packets, 0 bytes
r2(config)#
we firstly need to do the tclquit then we can use the ios commands as normal
we will try and packet that will fail the ping test
r2(tcl)#foreach TEST2 {
+>(tcl)#33.33.33.33
+>(tcl)#11.11.11.11
+>(tcl)#22.22.22.22
+>(tcl)#27.25.25.25
+>(tcl)#} {
+>(tcl)#ping $TEST2 source lo0;
+>(tcl)#ping $TEST2 source s0/0;}
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/65/68 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.33.33.33, timeout is 2 seconds:
Packet sent with a source address of 10.229.254.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/78/80 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/65/68 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 11.11.11.11, timeout is 2 seconds:
Packet sent with a source address of 10.229.254.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/66/68 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 22.22.22.22, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/66/68 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 22.22.22.22, timeout is 2 seconds:
Packet sent with a source address of 10.229.254.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/65/68 ms
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 27.25.25.25, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
.....
Success rate is 0 percent (0/5)
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 27.25.25.25, timeout is 2 seconds:
Packet sent with a source address of 10.229.254.2
.....
Success rate is 0 percent (0/5)
it keeps loopin around the 27.25.25.25 if you have large routing table with alot failures this could take time to finish so
use break sequence
ctrl-shift-6 x if consoled in
or
ctrl-shift-6 6 if on access server to send down reverse telnet lines
No comments:
Post a Comment