Jump to content
Firass81

TS2, Backup bath testing????

Recommended Posts

Hi everyone,

 

I have finished TS2,

 

The good news is the bacup bath from AS65005 is perfectly working, when u r shuting the neighbor on R50 towards MPLS down, all the domain deveices go through DMVP tunnel on R51, of course taking into consedring the default-information originate with always command on R51 DMVPN and without it on R50, there is no VRF on DMVPN.

 

The bad news is the AS 65005 itself lost the connectivity to internet in AS1999, and by the way all users too in AS 65006 don't have INERNET.?????!!!!!

 

Everythings looks like good, the PE routers R51,60 have the default gateway from internet here R9. but they couldn't connect to net.

 

I have searched to finde what the Problem is, but without getting a thing.

 

to reply to this problem, would be helpful.

 

appriciate it

 

Thanks

Share this post


Link to post
Share on other sites

Hi everyone,

 

I have finished TS2,

 

The good news is the bacup bath from AS65005 is perfectly working, when u r shuting the neighbor on R50 towards MPLS down, all the domain deveices go through DMVP tunnel on R51, of course taking into consedring the default-information originate with always command on R51 DMVPN and without it on R50, there is no VRF on DMVPN.

 

The bad news is the AS 65005 itself lost the connectivity to internet in AS1999, and by the way all users too in AS 65006 don't have INERNET.?????!!!!!

 

Everythings looks like good, the PE routers R51,60 have the default gateway from internet here R9. but they couldn't connect to net.

 

I have searched to finde what the Problem is, but without getting a thing.

 

to reply to this problem, would be helpful.

 

appriciate it

 

Thanks

Share this post


Link to post
Share on other sites

Hi Firas

 

 

could you share your confg @ R51, R50, R14 & R15

I shall also try to check by creating similar scenario on VM

Share this post


Link to post
Share on other sites
Hi Firas could you share your confg @ R51, R50, R14 & R15 I shall also try to check by creating similar scenario on VM

 

R50:

--------

 

ip prefix-list AS65005 permit 10.5.0.0/16

route-map AS65005 permit 10

match ip address prefix AS65005

 

router bgp 65005

redistribute ospf 65005 route-map AS65005 ---------> this is to make AS Medium Office AS65005 not tranisit area, exaclty what we do in H3 but by using as-path access-list in bgp.

router ospf 65004

default-informatioin originate metric 1 -------> advertise a default route without always and with metric lower than from default route on R51.

 

R51:

--------

 

ip route 0.0.0.0 .0.0.0.0 10.100.051 (ip address of tunnel 0) -------> we must configure a static default route for INTERNET to go directly to R14. without that we cant go to internet when R50 down.

 

router os 1

redistribute ospf 65005 subnets

summary-address 10.5.0.0 255.255.0.0

 

router os 65005

redistribute os 1 subnets route-map AS65006

default-informatioin originate always metric 2

 

ip prefix-list AS65006 permit 10.6.0.0/16

route-map AS65006 permit 10

match ip add prefix AS65006

 

R14:

-----------

 

int tun0

ip nat inside

 

 

that is what i have done and it works.

 

All the bests

Share this post


Link to post
Share on other sites

Firass not configure in ts2 for nothing reason ip route...in TBS guidelines is mandatory, if u configure static route or default static route u can take 0 point...

Edited by rocchino75

Share this post


Link to post
Share on other sites

Firass not configure in ts2 for nothing reason ip route...in TBS guidelines is mandatory, if u configure static route or default static route u can take 0 point...

 

Hi rcochino75,

 

Thank a lot for your advice, yes i know, but this configuration just for practice, or praparing for the worst, in case we get like this.

 

The static route, only to go the internet, and TS has nothing about it, so we don't need it right now,

 

All the best.

Share this post


Link to post
Share on other sites

Why do you have a

router os 65005

redistribute os 1 subnets route-map AS65006 ?

 

Isn't enough that default is redistributed?

Share this post


Link to post
Share on other sites

Hi pacino5,

 

this is not for redistribut a default route, we don't need to redistribut the default route.

 

But you'r right, we get the default route from R14 on R51, but because R51 has already it a default route from ISP R9 through BGP with AD20, the traffic will go throuhg it to ISP, and ISP has a policy to deny all triffce from outside, we can't go to INETERN only from R14, so we must configure a static route on R51 for tow reasons:

 

1. To override the BGP default route with tne new one AD = 1.

2, For the traffic to get back from R14, without it, we'll get our traffic no to get back to R51.

 

Regards.

Share this post


Link to post
Share on other sites

From Feedback

 

 

 

Ticket 7: The daunting ticket 7. It wanted primary over MPLS and backup over DMVPN and tests were from server 1 and sw502. MPLS issue was the ldp password; modified and double checked vrf export/import. There may have been one or two that were missing. The primary path was fine. Now the backup.. Before touching anything, I knew what was required. R51 had two OSPF processes, one for tu0 (call it 1) and one for the local OSPF (call it 10). Looking at the processes, they didn't have anything in them! So I knew, 10 needed to be redistributed into 1 so that 51 can send routes to R14. Secondly, I also know 51 needs to originate a default route in proc 10 so I did that. R50 had the default originate command but without the metric-type 1 so I added it. So I shut the neighbor between R5 and R50.. SW502 --> Server 1 was fine..Server 1 to SW502 was fine.. Im happy. So now I switched it back to mpls and verified again. SW502 --> Server1 was ok, Server2 to SW502 still preferred the tunnel. So rather than freaking out, I analyzed the routing table then the BGP rib table. I first looked at server2's neighbor's routing table. Noticed it took a /24 over to R14. That meant R51 isn't summarizing a /16. So on R51, since I'm redistributing ospf 10 into 1, I created a summary address on proc 1 for /16. I go back to SW111 and see it now has a /16 but still prefers R14 over R10. Then I recalled everyone's feedback about the distance command but no devices were configured with it. At this point there was 1.5 hours left and I'm thinking (do I screw around with it or no...) because knowing my luck I know I need these points because I could have messed something up with other tickets so I went for it.. Before entering random distance commands, I wanted to understand why R14 was still being preferred. R50 is supposed to send BGP /16 to 5 and then to 3 and then to 10. RR13 is supposed to push out BGP route. when looking at R14, I looked at the bgp rib-failure table and noticed the higher distance which was proof that we need the distance command. I added the distance command on all devices (maybe unnecessary) but it worked. I retested both sides like 10x and it was fine.

Edited by farahatzahran
  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...