We will implement OSPF such that traffic between (to/from) net0 to net1 and net2 will normally go through R3, and traffic between net0 and net3 will normally go through R3. But since we have a dynamic routing protocol, if R3 fails traffic all traffic will re-route through R2 automatically.
We will also have BR inject a default route into OSPF as a type 2 AS External route.
We will be using multiple ospf areas. We will put BR fxp1, R2 eth1/0 and R3 eth1/0 into area zero (the backbone area). We will also put R3 eth1/2 in area zero. We will put R2 eth1/1 and R3 eth1/1 and all interfaces on R1 into area 1.
We will use a cost of 5000 for most links, but adjust costs on R3 to implement the above specified engineering.
We will start with net0. On each router on net0 (br, r2,r3) you will want to assign the ospf cost to each interface. We are also going to use md5 authentication for each interface. So we will set that up in on each router.
As an example. If we decided to use a cost of 5000 on interface eth1/0 on r3, and configure it to use md5 authentication with a shared secret of "cnt4504" we would issue the following commands: (note, for the interface commands the syntax is the same on quagga and cisco)
conf t int eth1/0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 cnt4504 ip ospf cost 5000We do this for each interface on each router. Now we are ready to bring up the ospf processes on each of the routers.
On the cisco routers we user the "router ospf PROCESSNUMBER" command, and then specify the router-id. We use the network command to specify which ip networks will participate in the ospf process and which area they will be in.
An example, if you had a router six (r6) which is a cisco router and you wanted it to use router id 10.6.5.1, and it was connected to area 0 on network 10.6.5.0/24 on eth0, area 1 network 10.6.4.64/30 on eth1 and area 0 network 10.6.7.128/25 on eth2 you would enter the following commands:
router ospf 1 router-id 10.6.5.1 network 10.6.5.0 0.0.0.255 area 0 network 10.6.4.64 0.0.0.3 area 1 network 10.6.7.128 0.0.0.127 area 0Note the second parameter of the network statement. That is a wildcard bitmap. It is the binary opposite of the netmask. So since we are talking about 10.6.4.64/30 which is 10.6.4.64 netmask 255.255.255.252, the binary opposite (where we turn each 1 into a 0 and each 0 into a 1) is 0.0.0.3. See the Binary cheat sheet for reference.
On the quagga/linux routers it is a little easier, as you can use normal CIDR representation for the network statement. Here is the same configuration as above on a linux/quagga router:
router ospf router-id 10.6.5.1 network 10.6.5.0/24 area 0 network 10.6.4.64/30 area 1 network 10.6.7.128/25 area 0
NOTE. You do not *have* to specify a router ID. If you don't the OSPF process will choose the highest IP address. If you do specify a router ID than you will want to be sure that it matches one of the IP addresses assigned to the router.
On the JunOS router you will want to refer to class12 notes to see how to configure fxp1.
After you have set up BR (only fxp1) and R2 and R3 you can take some time to verify things are working correctly so far. Here are some debugging commands:
show ip ospf neighbor [detail] - cisco / quagga show ospf neighbor [detail] - JunOS - this command will show the ospf neighbors for the router. you should see all adjacent neighbors detail option shows you Designated Router and Backup Designated Router DR and BDR. Detail option also shows the area for each neighbor. show ip ospf interface - cisco/quagga show ospf interface - JunOS - shows you per interface information. Will let you know if you have correctly brought the interface into the ospf system show ip route - cisco/quagga show route - JunOS - show you the routes in the table. On the cisco's it only shows you active routes, and labels the routes added by ospf with an O - on linux/quagga routers it shows active routes and routes that are known but not active. The active routes are marked with a asteriskAt this point you should see adjacency between the 3 routers on net0 also you should see the two point to point routes being advertised. Now configure R1 as well. After R1 is configured you should have full connectivity between all the networks.
You will also want to use the area statement in the router ospf section to effect a summarizing for area 1. Summarize area one as 10.XX.1.0/24. See notes for class 12 for more information on using area statement within router ospf stanza.
Of course we still have static routes. Since they have a smaller "administrative" distance than the OSPF routes, all traffic is still following them. You *must* remove all the static routing commands on all four routers. On quagga or IOS routers Identify them with "show run" command and then in configuration mode remove them using "no ip route ..." command. On the JunOS router you delete them from the routing-options static stanzas.
There is one exception, you can and should leave the default route on BR.
Now we are going to have BR advertise via OSPF the default route to all the ospf routers. To do this in JunOS you will need to create a policy-statement under the policy-options hierarchy. Then we will want to tell the ospf protocol to use this defined policy to effect the injection of the default route into the ospf protocol.
First we define the policy:
[edit protocols ospf] NOTE, we are starting from the edit protocols ospf level juniper@br# up We go back to the top level [edit protocols] juniper@br# up [edit] juniper@br# edit policy-options policy-statement POLICYNAME [edit policy-options policy-statement POLICYNAME] juniper@br# set term TERMNAME from route-filter 0.0.0.0/0 exact use an exact route-filter for the default route [edit policy-options policy-statement POLICYNAME] juniper@br# set term TERMNAME then metric 5000 [edit policy-options policy-statement POLICYNAME] set the metric and type to use (type 2 means the metric are not added or compared to normal metrics, but considered higher than all normal and only compared to other type 2) juniper@br# set term TERMNAME then external type 2 [edit policy-options policy-statement POLICYNAME] and accept the route juniper@br# set term TERMNAME then accept [edit policy-options policy-statement POLICYNAME] second term simply rejects any other juniper@br# set term ANOTHERTERMNAME then reject [edit policy-options policy-statement POLICYNAME] juniper@br# show term TERMNAME { from { route-filter 0.0.0.0/0 exact; } then { metric 5000; external { type 2; } accept; } } term ANOTHERTERMNAME { then reject; } [edit policy-options policy-statement POLICYNAME] juniper@br#Note that POLICYNAME and TERMNAME and ANOTHERTERMNAME can be any string you choose. It is a good idea to use meaningful names..
Now what we have defined the policy we apply it to the ospf protocol.
juniper@br# top shortcut to top level [edit] juniper@br# set protocols ospf export POLICYNAME apply our policy as what to export to ospf protocol [edit] juniper@br# show protocols ospf export POLICYNAME; area 0.0.0.0 { interface fxp1.0 { metric 5000; authentication { md5 1 key "$9$ZiDkPF39uBE3nclKv7NHqmTnC"; ## SECRET-DATA } } } [edit] juniper@br#
We also need to make sure that there is a static default route on BR that points to 10.91.0.254 (so ospf has something to advertise), so if you removed the default route from br, re-add the the static default route.
Now we will use ping from ws2 to br to generate traffic and then fail the connection to R3 and measure the time it takes to failover.
First do a show route on br and save this information for the report.
Set up tcpdump to monitor eth0 on ws0.
Start a ping on ws2 and ping br.gXX.scs. (use vnc to talk to ws2 so you can still talk to it when things are "down")
On R3 go to enable mode, then config term, then interface eth1/1 then use the shutdown command to "fail" that interface.
int eth1/1 shutdown
You should see the ping "fail" on ws2 for a few seconds (up to a minute). Make note of how long it takes to re-route through R2 and the ping starts working again.
Wait for the OSPF to converge and the pings to be flowing through R2. Now go to br and again do a show route. You should see traffic to 10.X.1.0/24 going through R2. Save the output of show route to turn in with report.
Then back on R3 you will want to use the "no shutdown" command on interface eth1/1 to bring it back up.
You can use show ip route commands on BR or R3 itself to verify that routing has shifted back through R3. Once it has you can stop the ping and end the tcpdump. You will want to use ethereal to review the pcap and to identify and save the packets you will need for the report.
You will be graded as follows:
Functionality: Group grade 15 points
Report:
1 - Configuration from BR, R1, R2, R3. (4 points)
2 - Include *one* OSPF hello packet from snoop on net0. Identify (highlight or otherwise indicate in your report) the Designated Router (DR) and Backup Designated Router (BDR). 2 points.
3 - Include *one* OSPF Link State Update packet from snoop on net0. 2 points.
4 - Include the "show route" output from br before the "failure". 2 points
5 - Include the "show route" output from br after the "failure". 2 points
6 - Description of the path of a single ICMP echo request packet going from ws2 to br including interface, IP src/dest and MAC src/dest on each hop along the path. This should be as if all routers are up (no failed interfaces) 3 points
Example: packet leaves ws2 eth0 src IP=XX.XX.XX.XX src mac=xx:xx:xx:xx:xx:xx dst IP=YY.YY.YY.YY dst mac=xx:xx:xx:xx:xx:xx packet arrives at r1 ethZ packet leaves r1 ethZ src IP=XX.XX.XX.XX src mac=xx:xx:xx:xx:xx:xx dst IP=YY.YY.YY.YY dst mac=xx:xx:xx:xx:xx:xx packet arrives at r2 vlanX packet leaves r2 fastEthernetX src IP=XX.XX.XX.XX src mac=xx:xx:xx:xx:xx:xx dst IP=YY.YY.YY.YY dst mac=xx:xx:xx:xx:xx:xx packet arrives at br fxp1 Fill in all the X, Y, and Z's7 - Show the ospf stanza you would use on group 19's R3 if it had two new additional interfaces interfaces eth1/3 and eth1/4 with the following configurations
Original interfaces interface eth1/0 description link to net0 10.19.0.0/24 area 0 ip address 10.19.0.1 255.255.255.0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 appropriate-password ip ospf cost 5000 interface eth1/1 description link to p2p2 10.19.1.192/30 area 1 ip address 10.19.1.193 255.255.255.252 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 appropriate-password ip ospf cost 5000 interface eth1/2 description link to net3 10.19.2.0/24 area 0 ip address 10.19.2.1 255.255.255.0 ip helper-address 10.19.0.20 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 appropriate-password ip ospf cost 5000 New interfaces interface eth1/3 description link to newnet4 10.19.16.0/23 area 2 ip address 10.19.16.1 255.255.254.0 ip helper-address 10.19.0.20 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 appropriate-password ip ospf cost 5000 interface eth1/4 description link to newnet5 10.19.18.0/23 area 2 ip address 10.19.18.1 255.255.254.0 ip helper-address 10.19.0.20 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 appropriate-password ip ospf cost 5000and you want to put eth1/3 and eth1/4 into area 2 and you want to aggregate area 2's announcement to the core to only advertise an appropriate /22 for the two interfaces. You need to include all 5 interfaces (including the existing ones) in network statements and area statements of your ospf stanza.
Show everything under
router ospf 1 .... .....This is worth 8 points.
8 - Show the ospf stanza you would use on group 19's R2 if it had interfaces eth1/4, eth1/5 and eth1/6 with the following configurations
interface eth1/0 description link to net0 10.19.0.0/24 area 0 ip address 10.19.0.1 255.255.255.0 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 appropriate-password ip ospf cost 5000 interface eth1/1 description link to p2p1 10.19.1.192/30 area 1 ip address 10.19.1.193 255.255.255.252 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 appropriate-password ip ospf cost 5000 interface eth1/4 description link to net4 10.19.13.0/24 ip address 10.19.13.1 255.255.255.0 ip helper-address 10.19.0.20 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 appropriate-password ip ospf cost 5000 interface eth1/5 description link to net5 10.19.14.0/24 ip address 10.19.14.1 255.255.255.0 ip helper-address 10.19.0.20 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 appropriate-password ip ospf cost 5000 interface eth1/6 description link to net6 10.19.12.0/24 ip address 10.19.12.1 255.255.255.0 ip helper-address 10.19.0.20 ip ospf authentication message-digest ip ospf message-digest-key 1 md5 appropriate-password ip ospf cost 5000You will want to put eth1/0 in area 0, eth1/1 should be put in area 1 and announce that aggregation into area 0. You will want to aggregate two appropriate interfaces into area 4, and announce that agregation to area 0. The third eth interface (that has address space that can not be aggregated) should be put in area 0.
Show everything under
router ospf 1 .... .....This is worth 12 points.