IP SLA Dual Wan Router Backup Settings

I want to discuss about backup redundant dual wan router setting using ip sla. In previous posting, I used bgp as the routing decision maker. Now we are using static route with ip sla. The requirement is to ping loopback0(pretend as server) in R2 from R4-R2.

This is the routing table in R4, default route is pointing to R2

R4#sh ip route
Gateway of last resort is 7.7.24.2 to network 0.0.0.0

     7.0.0.0/24 is subnetted, 2 subnets
C       7.7.24.0 is directly connected, FastEthernet0/1
C       7.7.34.0 is directly connected, FastEthernet0/0
S*   0.0.0.0/0 [10/0] via 7.7.24.2

There are two default route to loopback0 in R2 :

ip route 0.0.0.0 0.0.0.0 7.7.24.2 10 track 1
ip route 0.0.0.0 0.0.0.0 7.7.34.3 100

We use tracking default route to the server in R2

track 1 ip route 0.0.0.0 0.0.0.0 reachability

The tracking is combined with ip sla that use icmp echo to ping server R2 through R4 fa0/1.

R4#sh ip sla statistics

Round Trip Time (RTT) for       Index 1
        Latest RTT: 16 milliseconds
Latest operation start time: *00:38:05.195 UTC Fri Mar 1 2002
Latest operation return code: OK
Number of successes: 346
Number of failures: 20
Operation time to live: Forever

This is the configuration for ip sla in R4 :

ip sla 1
 icmp-echo 2.2.2.2 source-interface FastEthernet0/1
 threshold 3000
 frequency 5
ip sla schedule 1 life forever start-time now

Testing the backup dual wan router :

R4#traceroute 2.2.2.2

Type escape sequence to abort.
Tracing the route to 2.2.2.2

  1 7.7.24.2 24 msec 4 msec *


it is flowing from R4 to R2, then we shut R4 interface fa0/1 so the routing will move through R4 - R3 - R2. The default routing is switched and became like this :

R4#
Gateway of last resort is 7.7.34.3 to network 0.0.0.0

     7.0.0.0/24 is subnetted, 1 subnets
C       7.7.34.0 is directly connected, FastEthernet0/0
S*   0.0.0.0/0 [100/0] via 7.7.34.3

R4#traceroute 2.2.2.2

Type escape sequence to abort.
Tracing the route to 2.2.2.2

  1 7.7.34.3 24 msec 24 msec 4 msec
  2 7.7.23.2 8 msec 12 msec *

Then active interface fa0/1  in R4, so the link between R4 - R2 will become live again :

R4#sh ip route

Gateway of last resort is 7.7.24.2 to network 0.0.0.0

     7.0.0.0/24 is subnetted, 2 subnets
C       7.7.24.0 is directly connected, FastEthernet0/1
C       7.7.34.0 is directly connected, FastEthernet0/0
S*   0.0.0.0/0 [10/0] via 7.7.24.2
R4#

I have attached the gns3 files in this link below, so you can tried it at home.

http://www.4shared.com/rar/xcakXQM8/IPSLA_Backup_Router_Settings.html

Happy labbing

More about → IP SLA Dual Wan Router Backup Settings

Router BGP Inbound Outbound Policy Settings

Continuing our BGP router simulation for routing specific packets . We have seen the usage of weight and local preference to influence our outbound packets. Now we will see how to influence inbound packet from R5. So from R2 point of view, we can have this result :

R2 to 5.5.5.5 using source Lo0
R2 - R3 - R5 - R3 - R2

R2 to 50.50.50.50 using source Lo0
R2 - R4 - R5 - R4 - R2

We can see that inbound and outbound packet use the same way. To influence inbound packet use as path.

This is the topology that we used in our lab :

 

The configurations that we added in R2 is like this :

router bgp 7
 no synchronization
 bgp log-neighbor-changes
 network 7.7.23.0 mask 255.255.255.0
 network 7.7.24.0 mask 255.255.255.0
 redistribute connected
 neighbor 7.7.23.3 remote-as 33
 neighbor 7.7.23.3 soft-reconfiguration inbound
 neighbor 7.7.23.3 route-map A in
 neighbor 7.7.23.3 route-map D out
 neighbor 7.7.24.4 remote-as 44
 neighbor 7.7.24.4 soft-reconfiguration inbound
 neighbor 7.7.24.4 route-map B in
 neighbor 7.7.24.4 route-map C out
 no auto-summary


access-list 101 permit ip host 5.5.5.5 any
access-list 102 permit ip host 50.50.50.50 any
access-list 103 permit ip host 2.2.2.2 any
access-list 104 permit ip host 20.20.20.20 any





route-map C permit 10
 match ip address 103
 set as-path prepend 14
route-map C permit 20

route-map D permit 10
 match ip address 104
 set as-path prepend 15
route-map D permit 20

The logic is like this, bgp selection path is using the shortest as path. From  R2 perspective, we match loopback0 in R2 using access list. Because we want R5 lo0 to reach R2 lo0 through R3 so we make as path from R4 longer than R3. We add as path 14 to R4 way. So as the link from R5 lo1 to R2 lo1.


R5#traceroute 2.2.2.2 so lo0

Type escape sequence to abort.
Tracing the route to 2.2.2.2

  1 7.7.35.3 4 msec 4 msec 4 msec
  2 7.7.23.2 [AS 33] 12 msec *  36 msec

R5#traceroute 20.20.20.20 so lo0

Type escape sequence to abort.
Tracing the route to 20.20.20.20

  1 7.7.45.4 4 msec 8 msec 4 msec
  2 7.7.24.2 [AS 44] 8 msec *  36 msec






This configuration is useful if we only have control to R2. I have attached the GNS topology and initial config, so you can try it at home.

http://www.4shared.com/rar/SkNK_5aW/bgp-routing-in-out.html

Happy Labbing

More about → Router BGP Inbound Outbound Policy Settings

Router BGP Policy Interesting Packets Settings

The scenario is like this R7 as the CPE router and has default route towards R2. In R5 there are two loopbacks as the server. (5.5.5.5 and 50.50.50.50). R2 must use R3 to reach 5.5.5.5 and R2 must use R4 to reach 50.50.50.50
The topology is like this :

In R2, we configure bgp attributes using weight :

Router bgp 7
 no synchronization
 bgp log-neighbor-changes
 network 7.7.23.0 mask 255.255.255.0
 network 7.7.24.0 mask 255.255.255.0
 redistribute connected
 neighbor 7.7.23.3 remote-as 33
 neighbor 7.7.23.3 soft-reconfiguration inbound
 neighbor 7.7.23.3 route-map A in
 neighbor 7.7.24.4 remote-as 44
 neighbor 7.7.24.4 soft-reconfiguration inbound
 neighbor 7.7.24.4 route-map B in
 no auto-summary

Match loopback in R5

access-list 101 permit ip host 5.5.5.5 any

access-list 102 permit ip host 50.50.50.50 any

Creating Route-map to set weight and match loopback

route-map A permit 10
 match ip address 101
 set weight 1000
!
route-map A permit 20 // match others ip addresses
!
route-map B permit 10
 match ip address 102
 set weight 1000
!
route-map B permit 20 // match others ip addresses

This is what we get in R2

R2#sh ip bgp
BGP table version is 18, local router ID is 20.20.20.20
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*  2.2.2.2/32       7.7.24.4                 0             0 44 ?
*                   7.7.23.3                 0             0 33 ?
*>                  0.0.0.0                  0         32768 ?
*  5.5.5.5/32       7.7.24.4                               0 44 55 i
*>                  7.7.23.3                            1000 33 55 i
*  7.7.23.0/24      7.7.23.3                 0             0 33 i
*>                  0.0.0.0                  0         32768 i
*  7.7.24.0/24      7.7.24.4                 0             0 44 i
*>                  0.0.0.0                  0         32768 i
*  7.7.27.0/24      7.7.24.4                 0             0 44 ?
*                   7.7.23.3                 0             0 33 ?
*>                  0.0.0.0                  0         32768 ?
*  7.7.35.0/24      7.7.24.4                               0 44 55 i
*>                  7.7.23.3                 0             0 33 i
*> 7.7.45.0/24      7.7.24.4                 0             0 44 i
*                   7.7.23.3                               0 33 55 i
*  20.20.20.20/32   7.7.24.4                 0             0 44 ?
   Network          Next Hop            Metric LocPrf Weight Path
*                   7.7.23.3                 0             0 33 ?
*>                  0.0.0.0                  0         32768 ?
*> 50.50.50.50/32   7.7.24.4                            1000 44 55 i
*                   7.7.23.3                               0 33 55 i

if we do traceroute, this is what we get in R7 :



It moves to R3 then to R5

R7#traceroute 5.5.5.5

Type escape sequence to abort.
Tracing the route to 5.5.5.5

  1 7.7.27.2 4 msec 4 msec 8 msec
  2 7.7.23.3 4 msec 12 msec 8 msec
  3 7.7.35.5 8 msec *  32 msec

It flows from R4 to R5

R7#traceroute 50.50.50.50

Type escape sequence to abort.
Tracing the route to 50.50.50.50

  1 7.7.27.2 4 msec 4 msec 4 msec
  2 7.7.24.4 8 msec 12 msec 8 msec
  3 7.7.45.5 8 msec *  12 msec

This is according to the requirements from R2 point of view. We will explore more in the next posting. I have attached the gns3 file and initial configuration in here :

http://www.4shared.com/rar/uTg2U06B/BGP_Policy.html

Happy labbing

More about → Router BGP Policy Interesting Packets Settings

Router BGP Best Path Selection Settings

Easy tips to remember bgp best path selection using mnemonic

We Love Oranges AS Oranges Means Exclusive Indonesian Oldest Refreshments

1. Weight (Bigger is better)
2. Local preference is better than iBGP/eBGP learned (Bigger is better)
3. Originate Self originated (Network Locally or redistributed from IGP)
4. AS-Path (Shortest is better)
5. Origin (Prefer ORIGIN code I over E, and E over ?)
6. MED (Smaller is better)
7. External (Prefer eBGP over iBGP)
8. IGP cost (Smaller is better)
9. EBGP Peering (Older is better)
10. RID (Lower is better)



Bgp default local-preference

Default is 100;

Local and non-transit attribute
The local preference is communicated over iBGP but not over eBGP

More about → Router BGP Best Path Selection Settings

Router Load Balance Dual Wan

Continuing previous post entry about Router Multiple Dual Wan Ports Backup Settings. I am going to demonstrate router load-balancing system using bgp routing. Just to recall, this is the topology that I used for this demonstration :

To reach load balancing, you must configure the configuration in R2 :

R2
router bgp 7
no synchronization
bgp bestpath as-path multipath-relax
neighbor 7.7.23.3 remote-as 33
neighbor 7.7.24.4 remote-as 44
maximum-paths 2
no auto-summary

After you have configured it, clear bgp neighbor on R2

clear ip bgp neighbor *

And show ip route int R2, you will see there are two paths to ip 5.5.5.5/32. This shows load balance to loopback0 in R5.

 

You can see that the traffic flows to R4 and R3 alternately. viola the load balancing system is working now. Good luck in your lab.

For the GNS3 lab file, you can download here :

http://www.4shared.com/rar/wmTh27io/LoadBalance.html

More about → Router Load Balance Dual Wan

Router Multiple Dual Wan Ports Backup Settings

Today, I am going to share how to create multiple dual wan ports in the router. This method is essential for the router upstream links. Because if one of the links has a problem, then customer can still connect to their head office using the other upstream link. The configuration can be found below :

The customer network has dual multiple wan ports that connect to ISP A (BGP 33) and ISP B (BGP 44). So as the head office ports configurations. In head office, there is one ip address which is advertised to the BGP (5.5.5.5). That IP pretend as the server in the head office and we are aiming to that IP from the customer side. We are using BGP as the connection to all network. Because BGP is flexible and has a lot of advantages. This configuration also maintain as a hot backup for the router upstream links.

BGP connection inside R2 :

There are two established BGP connection and there are up. Both of them receive one prefix from R5, we can see below :

The link that we prefer as the main link is through ISP A. So we set weight 1000 for ISP A. ISP B will remain standby in case there is problem with ISP A link.

Then we try to simulate the backup mechanism by shutting down the R3 Fa0/0, so the bgp connection from R2 to R3 will be dead. R2 traffic will go through ISP B, we can see from the picture below :

What will happen if we active ISP A link again ? R2 traffic will back to normal again, the traffic will flow through ISP A. We can see the end result below :

 

Okey, this is for today sharing session. I will try to write more again soon. This is the link to download gns3 configuration.

http://www.4shared.com/rar/mX0WZiGD/Router_Dual_Multiple_Wan_Ports.html

You can try it at home. Good luck.

Thanks




 

More about → Router Multiple Dual Wan Ports Backup Settings

GNS3 Router Switch Simulator

I want to introduce a great tool to simulate network which is GNS3. This is a complete tool to simulate Cisco router, Cisco switch, Juniper router, Cisco ASA, and many more. By using IOS (Internetwork Operating System) which is a software that run cisco hardware you can do a lot of network simulation easily. GNS3 is a free software so you can download and run it freely. But the IOS software is  proprietary of Cisco. So you must have the license to use it. But you can find the IOS in the internet and download it.

GNS3 can be downloaded from here :

http://www.gns3.net/download/

I will tell what are the capabilities of GNS3. So you can use it for your network project simulation. Whatever is your network simulation just count on to this software. I can imagine about what will you next using this software. I think you will do a lot of network simulations using this software.

You can see the screenshot of GNS3 window below :

There are two routers which are connected via interface fastethernet. After pressing start button, we can run the simulation. By clicking the R1 router, we can enter into the exec command mode. You can see the result below :

it is a router that use IOS version 3725. And we have finished to simulate the router. By using this program, you can simulate router and switch without needing to invest on router. Although there area limitation in switch simulation. Because GNS3 can not simulate ASIC processor. Not all switch command can be simulated for examples mls qos, private vlan , dot1q tunnel, spanning tree mst, and many more. As alternative you can rental lab online. So you can get used to switch command. Because switch commands are easy to understand. Well, Get ready to your lab at home.

More about → GNS3 Router Switch Simulator