Task 3.7 OSPF

Hi,

I have configured task 3.7 which asks to ensure traffic routes to a selection of subnets via the R1 serial link from R5. I have the following configured:

ip access-list standard via-r1
 permit 139.1.11.0
 permit 139.1.2.0
 permit 139.1.0.0
 permit 139.1.6.0
 permit 139.1.7.0

router ospf 1
distance 109 150.1.1.1 0.0.0.0 via-r1

In the routing table I only see the route for 139.1.11.0 with an AD of 109

O IA    139.1.11.0/24 [109/65] via 139.1.15.1, 00:33:01, Serial1/0.15
O IA    139.1.2.0/24 [110/65] via 139.1.25.2, 00:33:01, Serial1/0.25
O IA    139.1.0.0/24 [110/138] via 139.1.25.2, 00:33:01, Serial1/0.25
                     [110/138] via 139.1.15.1, 00:33:01, Serial1/0.15
O IA    139.1.6.0/24 [110/148] via 139.1.25.2, 00:33:01, Serial1/0.25
                     [110/148] via 139.1.15.1, 00:33:01, Serial1/0.15
O IA    139.1.7.0/24 [110/139] via 139.1.25.2, 00:33:01, Serial1/0.25

When I debug ip routing I can see the routes with the AD of 109, but they dont get put into the routing table:

(see 139.1.7.0 as an example)

*Mar  1 04:21:40.642: RT: add 139.1.7.0/24 via 139.1.15.1, ospf metric [109/139]
*Mar  1 04:21:40.642: RT: NET-RED 139.1.7.0/24
*Mar  1 04:21:40.642: RT: add 139.1.7.0/24 via 139.1.25.2, ospf metric [110/139]
*Mar  1 04:21:40.642: RT: NET-RED 139.1.7.0/24

I have configured the same as the SG, but cant work this one out.

Cheers

Comments

  • People keep asking this question regularly :) The problem is that in newer IOS versions (12.3T, 12.4) they "fixed" that feature that allows using Administrative distance to select best routes insides a single OSPF process. There is even a known bug-id for that one, i published it on the forum a couple of time, and it should also be in th forum history. The solution guide probably reference to IOS version 12.2T that did not have this "bug". For more recent IOS versions, you need to look for workaround, like route summarization or filtering.

  • Thanks Petr.

    Just to close this off on the new forums this is what I configured to make this work - I just did this lab again today so thought Id follow it up!

    Rack1R2#srb router ospf
    router ospf 1
     router-id 150.1.2.2
      area 0 range 139.1.0.0 255.255.0.0

    Which gives you only a summary route on R5 for the 139.1.0.0/16 range from R2 - maening that the more specific routes are learned from R1 forcing the traffic that way.

    Rack1R5#sir ospf
         139.1.0.0/16 is variably subnetted, 16 subnets, 3 masks
    O IA    139.1.11.0/24 [110/65] via 139.1.15.1, 00:01:19, Serial1/0.501
    O IA    139.1.2.0/24 [110/193] via 139.1.15.1, 00:01:14, Serial1/0.501
    O IA    139.1.0.0/24 [110/138] via 139.1.15.1, 00:01:19, Serial1/0.501
    O IA    139.1.0.0/16 [110/65] via 139.1.25.2, 00:01:14, Serial1/0.502
    O IA    139.1.6.0/24 [110/148] via 139.1.15.1, 00:01:19, Serial1/0.501
    O IA    139.1.7.0/24 [110/139] via 139.1.15.1, 00:01:19, Serial1/0.501


  • The area range command is a much nicer way to achieve the desired result although it comes at the cost of advertising routes to subnets that don’t exist in the domain.  Your first post you specified the distance command with the router ID of router 1.  This is the reason that only the routes that originated on R1 had their distance decremented.  If you used  0.0.0.0 255.255.255.255 then it would have matched all the desired routes.

    The problem here however is that routes to say V367 can be learned via both R1 and R2.  So in effect you lose the ability to differentiate between OSPF peers and miss the point of doing it.  I my case whilst this worked for setting the AD all route still preferred R2 as the cost to R1 and R2 are equal and R2 has the higher RID and ip address. 

    As such the area range was used to achieve the desired results.  I used 139.1.0.0 255.255.240.0 as an range.

  • Trying to ask a reverse question with regards to this task.

    "DO NOT use ip ospf cost, bandwidth, virtual-link, stub or nssa commands"

     

    How do we go about in using  'ip ospf cost' & 'bandwidth & 'virtual-link', 'stub' or 'nssa' commands just to match ONLY VLANs 2,6,7, 11 and 367.

     

    Virtual-link : I tried creating a virtual-link on Area1 from R5 to R1, even with the virtual-link established, R5 is still learning ospf routes from both R1 and R2 "O"? Shouldnt routes learned from R2 considered as "IA" and routes learned from R1 as "O"?

    Rack1R5(config-router)#do sh ip route

    O       139.1.11.0 [110/65] via 139.1.15.1, 00:02:40, Serial1/0.1
    C       139.1.15.0 is directly connected, Serial1/0.1
    O       139.1.13.0 [110/128] via 139.1.15.1, 00:02:40, Serial1/0.1
    O       139.1.2.0 [110/65] via 139.1.25.2, 00:02:35, Serial1/0.2
    O       139.1.0.0 [110/138] via 139.1.25.2, 00:02:40, Serial1/0.2
                      [110/138] via 139.1.15.1, 00:02:40, Serial1/0.1
    O       139.1.6.0 [110/148] via 139.1.25.2, 00:02:40, Serial1/0.2
                      [110/148] via 139.1.15.1, 00:02:40, Serial1/0.1
    O       139.1.7.0 [110/139] via 139.1.25.2, 00:02:40, Serial1/0.2
                      [110/139] via 139.1.15.1, 00:02:40, Serial1/0.1

     

    'stub' or 'nssa': stub and nssa applies to the area as a whole. How can i further filter it off to match only VLANs 2,6,7, 11 and 367.

    By making R1 as stub, R2 as stub no-summary, and R5 as stub, i achieved the following results, preferred paths still go via R1 except it applies to all learned OSPF routes instead of just only VLANs 2,6,7, 11 and 367.

     

    Rack1R5(config-router)#do sh ip route ospf
         139.1.0.0/24 is subnetted, 13 subnets
    O IA    139.1.11.0 [110/65] via 139.1.15.1, 00:00:01, Serial1/0.1
    O IA    139.1.13.0 [110/128] via 139.1.15.1, 00:00:01, Serial1/0.1
    O IA    139.1.2.0 [110/193] via 139.1.15.1, 00:00:01, Serial1/0.1
    O IA    139.1.0.0 [110/138] via 139.1.15.1, 00:00:01, Serial1/0.1
    O IA    139.1.6.0 [110/148] via 139.1.15.1, 00:00:01, Serial1/0.1
    O IA    139.1.7.0 [110/139] via 139.1.15.1, 00:00:01, Serial1/0.1
    O IA    139.1.23.0 [110/192] via 139.1.15.1, 00:00:01, Serial1/0.1
         150.1.0.0/16 is variably subnetted, 7 subnets, 2 masks
    O IA    150.1.7.7/32 [110/139] via 139.1.15.1, 00:00:01, Serial1/0.1
    O IA    150.1.6.6/32 [110/139] via 139.1.15.1, 00:00:01, Serial1/0.1
    O IA    150.1.3.3/32 [110/129] via 139.1.15.1, 00:00:01, Serial1/0.1
    O       150.1.2.2/32 [110/65] via 139.1.25.2, 00:00:01, Serial1/0.2
    O*IA 0.0.0.0/0 [110/65] via 139.1.25.2, 00:00:01, Serial1/0.2
                   [110/65] via 139.1.15.1, 00:00:01, Serial1/0.1

     

     

     

  • wasted loads of time on this :-(

     

    izak your solution fails when the FR link between R1 & R5 fails - you will have no routes to the required subnets

  • Yep sorry... I obviously hadn't read the objectives very thoroughly.

  • I was so convinced at first it was max-metric router-lsa at first, and rushed right into the task. But nope :(

     

    RSRack1R5#sh ip ro os
         139.1.0.0/24 is subnetted, 13 subnets
    O IA    139.1.11.0 [110/65] via 139.1.15.1, 00:00:08, Serial1/0.51
    O IA    139.1.13.0 [110/128] via 139.1.15.1, 00:00:08, Serial1/0.51
    O IA    139.1.2.0 [110/65599] via 139.1.25.2, 00:00:08, Serial1/0.52
    O IA    139.1.0.0 [110/138] via 139.1.15.1, 00:00:08, Serial1/0.51
    O IA    139.1.6.0 [110/148] via 139.1.15.1, 00:00:08, Serial1/0.51
    O IA    139.1.7.0 [110/148] via 139.1.15.1, 00:00:08, Serial1/0.51

    O IA    139.1.23.0 [110/128] via 139.1.25.2, 00:00:08, Serial1/0.52
         150.1.0.0/16 is variably subnetted, 8 subnets, 2 masks
    O IA    150.1.7.7/32 [110/139] via 139.1.15.1, 00:00:08, Serial1/0.51
    O IA    150.1.6.6/32 [110/139] via 139.1.15.1, 00:00:08, Serial1/0.51
    O IA    150.1.3.3/32 [110/129] via 139.1.15.1, 00:00:08, Serial1/0.51
    O       150.1.2.2/32 [110/65] via 139.1.25.2, 00:00:08, Serial1/0.52
    O       150.1.1.1/32 [110/65] via 139.1.15.1, 00:00:08, Serial1/0.51

     

    Foiled by VLAN 2, which is directly connected to R2. Grr...

  • Hi Guys,

    For this question i configured a tunnel between R1 and R5 and then enabled OSPF area 0 over it. For me it seems to meet all the requirements and the initial "Do's and Don'ts" of the lab.

    I guess it might be a better solution, considering the "bug" (or feature) in the later trains.

    Hopefully it doesn't cause any issues later in the lab.

     

     

  • hi bobby,

    i also configured a tunnel, however i wonder if we would receive the points since it also affects two additional 139 networks, 11.0/24 and 13.0/24, not too mentioned all the loopback 150 networks as well.  backup to r2 works fine.

    jorge

  • Hello folks,

    I see that we have discussed the area range command earlier in this thread !- I used the same command as well to achieve the desired results however not sure if that would be acceptable ??

    Can any instuctor comment on whether are range would be an acceptable solution here ??

     

    Thanks

     

     

  • I wasted quite a bit of time on this one too. I finally gave up and used the range command, and figured that once I was done with the lab I will check the SG. Then I saw the distance being used in the SG. Lucky for us they have this forum.

     area 0 range 139.1.0.0 255.255.248.0
     area 0 range 139.1.10.0 255.255.254.0

  • Hi everybody , 

     

    This Task was making me crazy as I was not convinced with the Distance solution and afterall it did not work although it was used on the solution guide 

    I was Lost untill I get to your discussion here 

     

    I was thinking to create another OSPF process on R1 , R2 , and redistribute those subnets between the OSPF process , but thats too complex 

    Finaly I got to a simple solution and I think it is fine for the lab requirements , and I want to share it with you 

     


    Rack1R1(config-router)#router ospf 1

    Rack1R1(config-router)# area 0 range 139.1.2.0 255.255.255.0 cost 10

    Rack1R1(config-router)# area 0 range 139.1.6.0 255.255.255.0 cost 10

    Rack1R1(config-router)# area 0 range 139.1.7.0 255.255.255.0 cost 10

    Rack1R1(config-router)# area 0 range 139.1.11.0 255.255.255.0 cost 10

     


    Rack1R2(config-router)#router ospf 1

    Rack1R2(config-router)# area 0 range 139.1.2.0 255.255.255.0 cost 100

    Rack1R2(config-router)# area 0 range 139.1.6.0 255.255.255.0 cost 100

    Rack1R2(config-router)# area 0 range 139.1.7.0 255.255.255.0 cost 100

    Rack1R2(config-router)# area 0 range 139.1.11.0 255.255.255.0 cost 100

     

     

     


    Rack1R5#sh ip ospf database summary 139.1.2.0

     

                OSPF Router with ID (150.1.5.5) (Process ID 1)

     

                    Summary Net Link States (Area 1)

     

      Routing Bit Set on this LSA

      LS age: 2006

      Options: (No TOS-capability, DC, Upward)

      LS Type: Summary Links(Network)

      Link State ID: 139.1.2.0 (summary Network Number)

      Advertising Router: 150.1.1.1

      LS Seq Number: 8000001F

      Checksum: 0x19D3

      Length: 28

      Network Mask: /24

            TOS: 0  Metric: 10

     

      Routing Bit Set on this LSA

      LS age: 96

      Options: (No TOS-capability, DC, Upward)

      LS Type: Summary Links(Network)

      Link State ID: 139.1.2.0 (summary Network Number)

      Advertising Router: 150.1.2.2

      LS Seq Number: 80000022

      Checksum: 0x8DFF

      Length: 28

      Network Mask: /24

            TOS: 0  Metric: 100





    Rack1R5#sh ip route | i 139.1.[2,6,7,1]1?.0

    O IA    139.1.11.0 [110/74] via 139.1.15.1, 00:31:24, Serial0/0/0.15

    O IA    139.1.2.0 [110/74] via 139.1.15.1, 00:33:05, Serial0/0/0.15

    O IA    139.1.6.0 [110/74] via 139.1.15.1, 00:26:28, Serial0/0/0.15

    O IA    139.1.7.0 [110/74] via 139.1.15.1, 00:32:52, Serial0/0/0.15








    Hope it helps


    Regards

    Ahmed Farouk



  • My crazy alternative, dunno if this will be enough to get my 3 points, but let's consider it like a joke even if it is not explicity denied

    from the do and dont section. [:D]

    R1

    router bgp 65001
     no synchronization
     bgp log-neighbor-changes
     network 139.1.2.0 mask 255.255.255.0
     network 139.1.6.0 mask 255.255.255.0
     network 139.1.7.0 mask 255.255.255.0
     network 139.1.11.0 mask 255.255.255.0
     neighbor 139.1.15.5 remote-as 65005
     no auto-summary

    R5

    router bgp 65005
     no synchronization
     bgp log-neighbor-changes
     neighbor 139.1.15.1 remote-as 65001
     no auto-summary

    Rack1R5#    sh  ip route bgp
         139.1.0.0/16 is variably subnetted, 14 subnets, 2 masks
    B       139.1.11.0/24 [20/0] via 139.1.15.1, 00:04:50
    B       139.1.2.0/24 [20/129] via 139.1.15.1, 00:04:50
    B       139.1.6.0/24 [20/84] via 139.1.15.1, 00:04:50
    B       139.1.7.0/24 [20/75] via 139.1.15.1, 00:04:50
    Rack1R5#

    it works fine. if the link fails, R2 provides those routes via ospf.

     

     

     

     

     

     

     

     

  • I like the BGP alternative.  Not sure how that will play later with the BGP section.  I had used hte Max-metric router-lsa as mentioned earlier with good results.  The issue came later in the multicast section where I needed the equal cost routes from R3 to R5 loopback. 

     

    I am glad that I decided to check the forums because like the rest, I have burned a good amound of time trying to make this work. I had landed on the max-metric command similar to the earlier poster which worked for me, but had some issues once I reached the multicast section and needed the equal cost routes to R5 from R3.

     

    What is interesting to me is that in the SG the displayed verification output doesn't even include the routes that we are working on.  Didn't even meet the requirements when the SG was printed!!

     

    from the SG:

    Rack1R5#show ip route ospf | include 109
    O IA    139.1.11.0/24 [109/65] via 139.1.15.1, 00:02:25, Serial1/0.501
    O IA    139.1.13.0/24 [109/128] via 139.1.15.1, 00:02:25, Serial1/0.501
            150.1.1.1/32 [109/65] via 139.1.15.1, 00:02:26, Serial1/0.501
    O

  • I have done slightly diffrrent then SG. As qurstion says "Do not use the ip ospf cost, bandwidth, virtual-link, stub, or nssa commands to accomplish this." i thought if no Virtual-link then Why not GRE.  Can someone please comment if I am violating the Do's & Dont's or NOT?

     

    R5

    !
    interface Tunnel0
     ip address 139.1.51.5 255.255.255.0
     tunnel source 139.1.15.5
     tunnel destination 139.1.15.1

    !

    router ospf 1

     network 139.1.51.5 0.0.0.0 area 0

    R1

    !
    interface Tunnel0
     ip address 139.1.51.1 255.255.255.0
     tunnel source 139.1.15.1
     tunnel destination 139.1.15.5
    !

    router ospf 1

     network 139.1.51.1 0.0.0.0 area 0

     

    -WC

  • @wannabe.ccie - It looks like you have allocated NEW IP addresses to the tunnel. This *may* break the Do's & Don'ts of the task. Sorry I don't have the lab notes to hand to confirm whether this is a nono.

Sign In or Register to comment.