Network Mémos: October 2013

Tuesday, October 22, 2013

EIGRP Summary and Leak Map

Route leaking can be used when you have summarized a subnet but at the same time, you also want to announce a more specific subnet. For my lab, I have used the following design:

In a first step, I have configured my network without summarization:

R1:

interface Loopback10
ip address 10.1.0.1 255.255.255.0
!
interface Loopback20
ip address 10.1.1.1 255.255.255.0
!
interface Loopback30
ip address 10.1.2.1 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
!
router eigrp 1
network 10.0.0.0
network 192.168.1.0

R2:

interface Loopback10

ip address 192.168.2.2 255.255.255.0

interface FastEthernet0/1

ip address 192.168.1.2 255.255.255.0

router eigrp 1

network 192.168.0.0 0.0.255.255

Results (on R2):

R2# show ip route eigrp

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 3 subnets

D 10.1.0.0 [90/409600] via 192.168.1.1, 00:01:11, FastEthernet0/1

D 10.1.1.0 [90/409600] via 192.168.1.1, 00:01:11, FastEthernet0/1

D 10.1.2.0 [90/409600] via 192.168.1.1, 00:01:11, FastEthernet0/1

As you can see, 3 subnets are seen in the routing table of R2.

Now, I have configured summary network on R1:

R1:

interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip summary-address eigrp 1 10.1.0.0 255.255.252.0

Results (on R2):

R2#show ip route eigrp

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/22 is subnetted, 1 subnets

D 10.1.0.0 [90/409600] via 192.168.1.1, 00:00:39, FastEthernet0/1

Only one summarized subnet is seen on R2.

The final step is to configure the route leaking on R1:

R1:

ip access-list standard LEAK-MAP
permit 10.1.1.0 0.0.0.255
!
route-map LEAK-MAP permit 10
match ip address LEAK-MAP
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip summary-address eigrp 1 10.1.0.0 255.255.252.0 100 leak-map LEAK-MAP

Results (on R2):

R2#show ip route eigrp

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

D 10.1.0.0/22 [90/409600] via 192.168.1.1, 00:06:10, FastEthernet0/1

D 10.1.1.0/24 [90/409600] via 192.168.1.1, 00:00:34, FastEthernet0/1

Both subnet are seen on R2:

Summarized (10.1.0.0/22)
Specific (10.1.1.0/24)

For me, it's impossible to realize an equivalent configuration with OSPF.

Don't hesitate to leave a comment if you have already seen this configuration for OSPF.

Friday, October 18, 2013

MAC Flapping detection

By default, the command mac address-table notification mac-move is not configured on a 4k5. This command permits to detect a MAC flapping with a log message (see below generated logs):

#mac address-table notification mac-move

Jul 9 08:12:26.707: %C4K_EBM-4-HOSTFLAPPING: Host A4:CA:DB:48:05:B0 in vlan 50 is moving from port Gi2/16 to port Gi2/18
Jul 9 08:12:28.111: %C4K_EBM-4-HOSTFLAPPING: Host A4:CA:DB:48:05:B0 in vlan 50 is moving from port Gi2/18 to port Gi2/16
Jul 9 08:12:28.499: %C4K_EBM-4-HOSTFLAPPING: Host A4:CA:DB:48:05:B0 in vlan 50 is moving from port Gi2/16 to port Gi2/18
Jul 9 08:12:28.519: %C4K_EBM-4-HOSTFLAPPING: Host A4:CA:DB:48:05:B0 in vlan 50 is moving from port Gi2/18 to port Gi2/16

If this command is not configured you will certainly detect the MAC flapping with a high CPU (if it's monitored!). When you detect a CPU peak, it's not trivial to detect the root cause. To determine whether it's a MAC flapping you can use the following command

C4510#show platform health

%CPU %CPU RunTimeMax Priority Average %CPU Total

Target Actual Target Actual Fg Bg 5Sec Min Hour CPU

RkiosObflMan 0.50 0.00 4 0 100 500 0 0 0 51:24

GalChassisVp-review 3.00 0.11 10 40 100 500 0 0 0 1260:27

S2w-JobEventSchedule 10.00 0.90 10 8 100 500 1 1 1 15025:10

...

K5L3Unicast Adj Chan 2.00 0.00 15 1 100 500 0 0 0 12:14

K5L3Unicast Adj Tabl 2.00 11.07 15 11 100 500 6 7 5 55618:52

K5L3AdjStatsMan Revi 2.00 0.15 10 11 100 500 0 0 0 3972:07

...

K5 L2 Unicast Addres 2.00 0.00 20 10 100 500 0 0 0 0:18

K5 L2 Multicast Addr 2.00 0.00 20 0 100 500 0 0 0 0:08

K5 L2 Hardware Addre 2.00 15.06 20 14 100 500 11 12 7 88117:09

As seen above, 2 variables are abnormally high:

K5L3Unicast Adj Tabl: due to the ARP table refresh. a new MAC address is permanently associated to an IP address.
K5 L2 Hardware Addre : the relation MAC/physical interface is also permanently refreshed.

To be sure, enter the command mac address-table notification mac-move and check the logs messages.

Tuesday, October 15, 2013

Find the plain text authentication of a peer RIP router

Followings commands can be useful if you need to use authenticated 'RIP updates' between 2 routers and whether you don't have access to the peer (you don't know the authentication message used by the peer). If it's a clear text, you can use the following debug:

access-list 100 permit udp any any eq rip
debug ip packet 100 dump

Normally, the password will appear in a clear text as below:

*Sep 4 17:27:54.815: IP: s=10.10.10.2 (FastEthernet/1), d=224.0.0.9, len 72, input feature
AC43C9C0: 0100 5E000009 AABBCC00 07030800 ..^...*;L.....
AC43C9D0: 45C00048 00000000 0111C4D0 0A0A0A02 E@.H......DP....
AC43C9E0: E0000009 02080208 003453BE 02020000 `........4S>....
AC43C9F0: FFFF0002 54455354 00000000 00000000 ....TEST........
AC43CA00: 00000000 00020000 0A010100 FFFFFF00 ................
AC43CA10: 00000000 00000001 ........
Router#, MCI Check(68), rtype 0, forus FALSE, sendself FALSE, mtu 0

Saturday, October 12, 2013

Track and modify a route with EEM!

This script EEM aims to add or delete a static ip route. Each 10 seconds a ping is sent to a host. If this ping fails a static route is deleted. If this host responds, a route is added. If this host responds and if the route is already in the routing table, no change is done.

event manager applet Route_redisribute
event tag 1.0 timer watchdog time 10
action 001 cli command "enable"
action 002 cli command "ping 10.1.37.3"
action 003 regexp "!!" "$_cli_result"
action 004 if $_regexp_result eq 1
action 005 cli command "show ip route static"
action 006 regexp "10.12.37.0/24" "$_cli_result"
action 007 if $_regexp_result ne 1
action 008 cli command "conf t"
action 009 cli command "ip route 10.12.37.0 255.255.255.0 10.1.37.8 tag 100"
action 010 end
action 011 else
action 012 continue
action 013 else
action 014 cli command "conf t"
action 015 cli command "no ip route 10.12.37.0 255.255.255.0 10.1.37.8 tag 100"
action 016 end
!
end

In order to debug this script, the following command is helpful:
debug event manager action cli