Sunday, November 29, 2009

Opaque LSA Brought Router Down



Weird issue of OSPF has been seen with Cisco and another vendor integration. Cisco router one of the interface is sending the opaque lsa with odd bytes to the another router which forces the another vendor router to reboot.

According to RFC 2370
Opaque LSAs are Type 9, 10 and 11 link-state advertisements. These advertisements may be used directly by OSPF or indirectly by some application wishing to distribute information throughout the OSPF domain. The function of the Opaque LSA option is to provide for future extensibility of OSPF.
Opaque LSAs contain some number of octets (of application-specific
data) padded to 32-bit alignment.

But the question is that its a simple config but why Cisco is forwarding opaque LSA.

For temporary workaround we use "ip ospf database-filter all out" on specific interface which was forwarding opaque LSA.


Click Here To Read Rest Of The Post...

Wednesday, November 25, 2009

VPDN is not working on SB13



A weird issue of VPDN was observed in c7200-js-mz.122-31.SB13.bin. The VPDN was working fine but during the new installation of ios in router make all the vpdn session down. Still not able to find the exact route cause analysis.

Click Here To Read Rest Of The Post...

Thursday, November 19, 2009

Different VPN Using QOS But SP Core Has One Class Of Service




In this test lab core consists of 3 routers which are running MPLS with 2 as provider edge routers and one as provider router. Two different VPNs are connected from PE1 and PE2 routers. Both different VPNs has different QOS requirement and to meet the service level aggrements different class of service profiles have been created on PE routers. But the core is running with four type of class of services. So what ever the packets are coming from customers are checked according to the profile created on edge router and are forwarding in the core according to the class of services defined. I have shown the one way communiaction, but in real network bi directional quality of service requires. So it could be enabled but not shown in the given test lab. The QOS policies are mapped according to the high level diagram shown in previous post.

I have used the type of services to mark the packets from the customer routers and same has been checked with the help of ip accounting precedence command on remote CE routers.

Below is the config shown for the core routers with the policies defined for customers:- Config of PE2

Class Map and Policy Map Configured For VPN-2:-

class-map match-all FROM-CE2-2
match ip precedence 2
class-map match-all FROM-CE2-3
match ip precedence 3
class-map match-all FROM-CE2-1
match ip precedence 1

policy-map FROM-CE2
class FROM-CE2-1
set mpls experimental imposition 1
class FROM-CE2-2
set mpls experimental imposition 2
class FROM-CE2-3
set mpls experimental imposition 3

interface FastEthernet0/0
description connected to ce2
ip vrf forwarding TEST
ip address 172.16.1.1 255.255.255.252
ip accounting precedence input
duplex auto
speed auto
service-policy input FROM-CE2

Class Map Configured For VPN-3:-

class-map match-all CE3-2
match ip precedence 2
class-map match-all CE3-5
match ip precedence 5


policy-map FROM-CE3
class CE3-2
set mpls experimental 2
class CE3-5
set mpls experimental 5
class class-default
set mpls experimental 0

interface FastEthernet2/0
ip vrf forwarding CE3
ip address 2.2.2.14 255.255.255.252
duplex half
mpls label protocol ldp
mpls ip
service-policy input FROM-CE3


Class Map Configured Towards P:-

class-map match-all TO-P-2-3
match mpls experimental topmost 2 3
class-map match-all TO-P-1
match mpls experimental topmost 1
class-map match-all TO-P-5
match mpls experimental topmost 5
!
!
policy-map TO-PE1
class TO-P-1
bandwidth 1000
class TO-P-2-3
bandwidth 5000
class TO-P-5
bandwidth 5000
policy-map TO-P
class TO-P-1
bandwidth 1000
class TO-P-2-3
bandwidth 5000
class TO-P-5
bandwidth 2000
class class-default
!

Interface Config of P
interface FastEthernet0/0
ip address 2.2.2.2 255.255.255.252
duplex auto
speed auto
mpls label protocol ldp
mpls ip
service-policy output TO-PE1
!
interface FastEthernet0/1
ip address 1.1.1.2 255.255.255.252
duplex auto
speed auto
mpls label protocol ldp
mpls ip


Config of PE1

class-map match-all TO-CE-5
match qos-group 5
class-map match-all TO-CE-1
match qos-group 1
class-map match-all TO-CE-3
match qos-group 3
class-map match-all TO-CE-2
match qos-group 2
class-map match-all MPLS-COS-5
match mpls experimental topmost 5
class-map match-all MPLS-COS-1
match mpls experimental topmost 1
class-map match-any B-TELNET
match dscp ef
class-map match-all MPLS-COS-3
match mpls experimental topmost 3
class-map match-all MPLS-COS-2
match mpls experimental topmost 2
!
!
policy-map TO-CE1
class TO-CE-1
bandwidth 1000
class TO-CE-2
bandwidth 2000
class TO-CE-3
bandwidth 3000
policy-map TO-CE3
class TO-CE-2
bandwidth 2000
class TO-CE-5
bandwidth 1000
policy-map MPLS-COS
class MPLS-COS-1
set qos-group 1
class MPLS-COS-2
set qos-group 2
class MPLS-COS-3
set qos-group 3
class MPLS-COS-5
set qos-group 5
!


Interface of PE1

interface FastEthernet0/0
ip vrf forwarding TEST
ip address 172.168.2.1 255.255.255.252
ip accounting precedence output
load-interval 30
duplex auto
speed auto
service-policy output TO-CE1 (VPN-2)
!
interface FastEthernet0/1
ip address 2.2.2.1 255.255.255.252
load-interval 30
duplex auto
speed auto
mpls label protocol ldp
mpls ip
service-policy input MPLS-COS
!
interface FastEthernet2/0
ip vrf forwarding CE3
ip address 23.23.23.1 255.255.255.252
duplex auto
speed auto
service-policy output TO-CE3 (VPN-3)
!


Outputs of Policy Map On PE1 which is depicting the packet matches in customer profile as well as in the core profile.


PE2#sh policy-map interface
FastEthernet0/0

Service-policy input: FROM-CE2

Class-map: FROM-CE2-1 (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip precedence 1
QoS Set
mpls experimental imposition 1
Packets marked 0

Class-map: FROM-CE2-2 (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip precedence 2
QoS Set
mpls experimental imposition 2
Packets marked 0

Class-map: FROM-CE2-3 (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip precedence 3
QoS Set
mpls experimental imposition 3
Packets marked 0

Class-map: class-default (match-any)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
FastEthernet0/1

Service-policy output: TO-P

Class-map: TO-P-1 (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: mpls experimental topmost 1
Queueing
Output Queue: Conversation 265
Bandwidth 1000 (kbps)Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0

Class-map: TO-P-2-3 (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: mpls experimental topmost 2 3
Queueing
Output Queue: Conversation 266
Bandwidth 5000 (kbps)Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0

Class-map: TO-P-5 (match-all)
20 packets, 2440 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: mpls experimental topmost 5
Queueing
Output Queue: Conversation 267
Bandwidth 2000 (kbps)Max Threshold 64 (packets)
(pkts matched/bytes matched) 1/122
(depth/total drops/no-buffer drops) 0/0/0

Class-map: class-default (match-any)
971 packets, 81819 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
FastEthernet2/0

Service-policy input: FROM-CE3

Class-map: CE3-2 (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip precedence 2
QoS Set
mpls experimental imposition 2
Packets marked 0

Class-map: CE3-5 (match-all)
5 packets, 570 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: ip precedence 5
QoS Set
mpls experimental imposition 5
Packets marked 5

Class-map: class-default (match-any)
5 packets, 570 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
QoS Set
mpls experimental imposition 0
Packets marked 5



Output of P router

P#sh policy-map interface
FastEthernet0/0

Service-policy output: TO-PE1

Class-map: TO-P-1 (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: mpls experimental topmost 1
Queueing
Output Queue: Conversation 265
Bandwidth 1000 (kbps)Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0

Class-map: TO-P-2-3 (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: mpls experimental topmost 2 3
Queueing
Output Queue: Conversation 266
Bandwidth 5000 (kbps)Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0

Class-map: TO-P-5 (match-all)
15 packets, 1830 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: mpls experimental topmost 5
Queueing
Output Queue: Conversation 267
Bandwidth 5000 (kbps)Max Threshold 64 (packets)
(pkts matched/bytes matched) 1/122
(depth/total drops/no-buffer drops) 0/0/0

Class-map: class-default (match-any)
662 packets, 56017 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any


Output of PE1 router


PE1#sh policy-map interface
FastEthernet0/0

Service-policy output: TO-CE1

Class-map: TO-CE-1 (match-all)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: qos-group 1
Queueing
Output Queue: Conversation 265
Bandwidth 1000 (kbps)Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0

Class-map: TO-CE-2 (match-all)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: qos-group 2
Queueing
Output Queue: Conversation 266
Bandwidth 2000 (kbps)Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0

Class-map: TO-CE-3 (match-all)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: qos-group 3
Queueing
Output Queue: Conversation 267
Bandwidth 3000 (kbps)Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0

Class-map: class-default (match-any)
112 packets, 11393 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any
FastEthernet0/1

Service-policy input: MPLS-COS

Class-map: MPLS-COS-1 (match-all)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: mpls experimental topmost 1
QoS Set
qos-group 1
Packets marked 0

Class-map: MPLS-COS-2 (match-all)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: mpls experimental topmost 2
QoS Set
qos-group 2
Packets marked 0

Class-map: MPLS-COS-3 (match-all)
0 packets, 0 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: mpls experimental topmost 3
QoS Set
qos-group 3
Packets marked 0

Class-map: MPLS-COS-5 (match-all)
10 packets, 1220 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: mpls experimental topmost 5
QoS Set
qos-group 5
Packets marked 10

Class-map: class-default (match-any)
385 packets, 30566 bytes
30 second offered rate 0 bps, drop rate 0 bps
Match: any
FastEthernet2/0

Service-policy output: TO-CE3

Class-map: TO-CE-2 (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: qos-group 2
Queueing
Output Queue: Conversation 265
Bandwidth 2000 (kbps)Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0

Class-map: TO-CE-5 (match-all)
10 packets, 1140 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: qos-group 5
Queueing
Output Queue: Conversation 266
Bandwidth 1000 (kbps)Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(depth/total drops/no-buffer drops) 0/0/0

Class-map: class-default (match-any)
113 packets, 11453 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any



Click Here To Read Rest Of The Post...

Wednesday, November 18, 2009

Sixth Sense Technology



I cannot stop myself to share the innovation done by Pranav Mistry. The guy is passionate about integrating the digital informational experience with our real-world interactions. See the video and enjoy the sixth sense technology.

Click Here To Read Rest Of The Post...

Friday, November 13, 2009

Quality Of Service Framework





High level QOS framework is depicted in the image. The traffic is shown one way for dual way the same policies need to be implemented on different interfaces.

Click Here To Read Rest Of The Post...

Wednesday, November 11, 2009

Per VRF Traffic Forwarding




The congestion is becoming one of the stunning problem in network. In this document, I have tested a scenarion which could be implemented by the MPLSVPN service providers to deliver SLA to their esteemed clients in case the network is congested. In my previous document of MPLS TE Per VPN/VRF Basics, I have used the MPLS TE to deliver the solution but In this example a simple vrf customer is forced to towards the another link which is not primary. The main drawback of the solution is that if the VPN customer is having more than 2 sites in that case it becomes difficult to implement it.
According to the topology shown, the IGP path from PE2 to PE1 is directly connected interface. But for diverting the only vrf traffic via P router, we need to use bgp next-hop feature under IP VRF TEST.
Click here to download the full solution document.

Click Here To Read Rest Of The Post...

Monday, November 9, 2009

End To End CPE QOS Marking Delivery Without Enabling QOS In Backhaul


In this topology a small test is elaborated where in the customer is forwarding the ip packets with ip precedence of 3 and service provider which is offering the mplsvpn sevrvices is not using any qos in the cloud but still the precedence sent by the customer is delivered to the remote locations. If means the service provider cloud preserves the ip precedence bits during the forwarding of vpn traffic.

Test Setup

TEST Policy is created on CE2 with precence value of 3 which is set to all the outgoing traffic from fa0/0. The marking of packets can be checked by enabling ip accounting.



CE2#

policy-map TEST
class class-default
set ip precedence 3


interface FastEthernet0/0
ip address 172.16.1.2 255.255.255.252
ip accounting output-packets
ip accounting precedence input
duplex auto
speed auto
service-policy output TEST
!



CE2#ping 10.1.1.2 repeat 2

Type escape sequence to abort.
Sending 2, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!
Success rate is 100 percent (2/2), round-trip min/avg/max = 1040/1110/1180 ms
CE2#
CE2#
CE2#sh interfaces fastEthernet 0/0 precedence
FastEthernet0/0
Input
Precedence 3: 2 packets, 228 bytes


2 packets sent from CE2 with ip precedence 3. Now the packets reached to the PE2 where in Fa0/1 is the receiving interface which is setting the class of service 3 with label 19. Label 19 is used for vpnv4 route.


PE2#
*Nov 7 00:45:09.999: MPLS: Fa0/1: recvd: CoS=3, TTL=253, Label(s)=19
*Nov 7 00:45:10.867: MPLS: Fa0/1: recvd: CoS=3, TTL=253, Label(s)=19



From PE2 the packet reached to P router whith COS 3 and because of PHP the transport label removed and packet forwarded with label 18 to PE1 with exit interface Fa0/0.

P#
*Nov 7 00:45:06.359: MPLS: Fa0/1: recvd: CoS=3, TTL=254, Label(s)=16/18
*Nov 7 00:45:06.363: MPLS: Fa0/0: xmit: CoS=3, TTL=253, Label(s)=18
*Nov 7 00:45:07.487: MPLS: Fa0/1: recvd: CoS=3, TTL=254, Label(s)=16/18
*Nov 7 00:45:07.491: MPLS: Fa0/0: xmit: CoS=3, TTL=253, Label(s)=18



PE1 received the packet with COS 3 and forward the packet towards fa0/0 interface which is the vrf interface and attached with customer.
PE1#
*Nov 7 00:43:38.591: MPLS: Fa0/1: recvd: CoS=3, TTL=253, Label(s)=18
*Nov 7 00:43:38.595: MPLS: Fa0/0: xmit: (no label)
*Nov 7 00:43:39.779: MPLS: Fa0/1: recvd: CoS=3, TTL=253, Label(s)=18
*Nov 7 00:43:39.783: MPLS: Fa0/0: xmit: (no label)



CE1 received the packets with the ip precedence 3.

CE1#sh interfaces fastEthernet 0/0 precedence
FastEthernet0/0
Input
Precedence 3: 2 packets, 228 bytes
Click Here To Read Rest Of The Post...

Thursday, November 5, 2009

Difference Between address-family ipv4 and vpnv4

what is the difference between address-family ipv4 and vpnv4? The answer is so simple, we always accept and forward ip packets to customers, for this we need to use ipv4 address-family. When the customers packets are being received by PE they become labeled one and to forward labeled packets to different PE/RR; address-family vpnv4 is required. In short we can say that ipv4 address-family is being used for customers and vpnv4 address-family is used by SP core.


Click Here To Read Rest Of The Post...