RSv5 TS lab1 ticket4

Was working on ticket 4 and thought I had solved it within the restrictions.

  • Do not modify any access-lists or make any interface-level changes.
  • Do not change routing protocol metrics (link, area). This does NOT include metric set on redistribution.
  • Make a maximum of two changes in the network to solve this ticket.
So I dive in. Find the qos policy droping all traffic to this dest and start thinking I can solve this by modifying the conform and exceed actions. In my mind this is not modifying the ACL and the policy is applied to the interface but the config for it is in global. Not messing with the routing protocol metrics at all. And have only made two changes. Conform and Exceed flipped to transmit instead of drop.

 police 8000 conform-action transmit exceed-action transmit violate-action drop


R9#ping 122.1.1.20

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 122.1.1.20, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/7/24 ms




However, looking at INE's solution this was not the answer they were  going for. In fact I was way off in left feild. Answer they wanted was to not redistribute from R7 and to modify the null route to an AD of 255 thus not install it in the rib. So I remove my solution and try their however for me, it did not solve the problem


It installs the route as an ECMP route to R20's loopback



R9#sh ip route 122.1.1.20

Routing entry for 122.1.1.20/32

  Known via "ospfv3 50", distance 110, metric 1

  Tag 101, type NSSA extern 2, forward metric 2

  Last update from 122.1.1.7 on GigabitEthernet1.79, 00:00:23 ago

  Routing Descriptor Blocks:

  * 122.1.1.8, from 122.1.1.6, 00:00:23 ago, via GigabitEthernet1.89

      Route metric is 1, traffic share count is 1

      Route tag 101

    122.1.1.7, from 122.1.1.6, 00:00:23 ago, via GigabitEthernet1.79

      Route metric is 1, traffic share count is 1

      Route tag 101




R9#sh ospfv3 border-routers


          OSPFv3 50 address-family ipv4 (router-id 122.1.1.9)


Codes: i - Intra-area route, I - Inter-area route


i 122.1.1.6 [2] via 122.1.1.7, GigabitEthernet1.79, ASBR, Area 50, SPF 11

i 122.1.1.6 [2] via 122.1.1.8, GigabitEthernet1.89, ASBR, Area 50, SPF 11




So based upon their solution I have influenced the path to leave out R6 but in order to get to R6 it ecmp's across 7 and 8. 



I post this with a couple questions,


Did I interpret the restrictions wrong or is that a valid solution?


Did I make a mistake on implementing their restrictions? 

Would it break a restriction to instead of raising the AD on the predefined static route to 255 just change the route to point to R8 and the next hop?  (Tried this and it seemed to break OSPF)


Any feedback is appreciated 

Comments

  • Modifying the policy-map does not violate the restrictions, as this does not touch the interface or modify the ACLs. Keep in mind that there are multiple ways to solve these tickets. The solutions are not based on what you configure - the are based on results (as long as no restrictions are broken).

    Take this as a learning experience, and analyze the given solution.

    The solution provided does the following: 

    Routes around the policy-map, as traffic is being dropped out of this interface. This is accomplished by stopping the redistribution from R7. The static route to null0 to 122.1.1.6 would prevent any routes redistributed into the NSSA by R6 to be installed, as 122.1.1.6 is the forwarding address for these Type-7 LSAs. By changing the AD to 255, a route to the FA is properly resolved.

     

     

  • I have the exact same problem - the listed solution results in ECMP across R7/R8 which is still broken.

    can INE verify that this is indeed what happens if you follow the listed solution exactly i.e. its NOT actually correct?

    Yes learning lots, but would be good if the answer was 100% correct, or are we missing something?

  • I agree entirely with OP. The provided solution results in ECMP as per below. Hence, half the packets willl still traverse
    the R7-R9 link which invokes the service-policy that drops all traffic.

    (Note the below output is E1 because I was messing around trying E1 vs E2
    which works similarly to forcing R7 to no-redistribution except same
    result of giving R9 an ECMP route to 122.1.1.20.)

    R9#sh ip route 122.1.1.20
    Routing entry for 122.1.1.20/32
      Known via "ospfv3 50", distance 110, metric 21
      Tag 101, type NSSA extern 1
      Last update from 122.1.1.7 on GigabitEthernet1.79, 00:00:00 ago
      Routing Descriptor Blocks:
      * 122.1.1.8, from 122.1.1.6, 00:00:00 ago, via GigabitEthernet1.89
          Route metric is 21, traffic share count is 1
          Route tag 101
        122.1.1.7, from 122.1.1.6, 00:00:00 ago, via GigabitEthernet1.79
          Route metric is 21, traffic share count is 1
          Route tag 101

    If I'm interpreting INE's solution literally - how can you make that route NOT ECMP? Are we missing something?

    Yes learning lots, but if the provided solution isn't 100% correct then its really misleading...

Sign In or Register to comment.