Dec
03

Following along the idea of pinging yourself (depending on where you live, there may actually be laws against that!), there are some further problems if we happen to be running PPP over Frame-Relay.

 

Frame-Relay Network

So let’s start with some basic Frame-Relay configuration and move up from there.

R3

int s1/0
encap frame
no shut

R5

int s0/0/0
encap frame
no shut

INE-R3(config-if)#do sh frame pvc | in ACT
DLCI = 301, DLCI USAGE = UNUSED, PVC STATUS = INACTIVE, INTERFACE = Serial1/0
DLCI = 302, DLCI USAGE = UNUSED, PVC STATUS = INACTIVE, INTERFACE = Serial1/0
DLCI = 304, DLCI USAGE = UNUSED, PVC STATUS = INACTIVE, INTERFACE = Serial1/0
DLCI = 305, DLCI USAGE = UNUSED, PVC STATUS = ACTIVE, INTERFACE = Serial1/0
INE-R3(config-if)#

INE-R5(config-if)#do sh frame pvc | in ACT
DLCI = 501, DLCI USAGE = LOCAL, PVC STATUS = INACTIVE, INTERFACE = Serial0/0/0
DLCI = 502, DLCI USAGE = LOCAL, PVC STATUS = INACTIVE, INTERFACE = Serial0/0/0
DLCI = 503, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0
DLCI = 504, DLCI USAGE = LOCAL, PVC STATUS = INACTIVE, INTERFACE = Serial0/0/0
DLCI = 513, DLCI USAGE = LOCAL, PVC STATUS = INACTIVE, INTERFACE = Serial0/0/0
INE-R5(config-if)#

I’m at least active between R3 and R5 now, so this is a good thing! Now, to configure PPPoFR (let’s say our requirement was to authenticate the routers) we set up a Virtual Template… Let’s start with the basics and we’ll add complications in a little bit! :)

R3

int virtual-template 35
ip address 173.100.0.3 255.255.255.0

R5

int virtual-template 53
ip address 173.100.0.5 255.255.255.0

The virtual-template numbers are irrelevant. I just chose to match the router to/from for simplicity. I can only go up to 200 though, otherwise I’d match the DLCI number!

The virtual-template by itself though doesn’t do anything. It just serves as a template (keep this in mind for later). So let’s enable it!

R3

int s1/0
frame-relay interface-dlci 305 ppp virtual-template 35

R5

int s0/0/0
frame-relay interface-dlci 503 ppp virtual-template 53

If all is good we’ll see:

*Dec  3 16:38:50.355: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Dec  3 16:38:51.479: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up
INE-R5(config-fr-dlci)#

INE-R5(config-fr-dlci)#do ping 173.100.0.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 173.100.0.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/32 ms
INE-R5(config-fr-dlci)#

Good stuff, right!?!?!

INE-R5(config-fr-dlci)#do ping 173.100.0.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 173.100.0.5, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
INE-R5(config-fr-dlci)#

Now, why can I do one but not the other?

INE-R5(config-fr-dlci)#do sh ip ro 173.100.0.5
Routing entry for 173.100.0.0/24
Known via "connected", distance 0, metric 0 (connected, via interface)
Routing Descriptor Blocks:
* directly connected, via Virtual-Access2
Route metric is 0, traffic share count is 1

INE-R5(config-fr-dlci)#

It LOOKS good.

INE-R5(config-fr-dlci)#do deb ip pack det
IP packet debugging is on (detailed)
INE-R5(config-fr-dlci)#do ping 173.100.0.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 173.100.0.5, timeout is 2 seconds:

*Dec  3 16:40:28.531: FIBipv4-packet-proc: route packet from (local) src 0.0.0.0 dst 173.100.0.5
*Dec  3 16:40:28.531: FIBfwd-proc: Default:173.100.0.5/32 receive entry
*Dec  3 16:40:28.531: FIBipv4-packet-proc: packet routing failed
*Dec  3 16:40:28.531: IP: tableid=0, s=0.0.0.0 (local), d=173.100.0.5 (Virtual-Access2), routed via RIB
*Dec  3 16:40:28.531: IP: s=173.100.0.5 (local), d=173.100.0.5 (Virtual-Access2), len 100, sending
*Dec  3 16:40:28.531:     ICMP type=8, code=0.
*Dec  3 16:40:30.531: FIBipv4-packet-proc: route packet from (local) src 0.0.0.0 dst 173.100.0.5
*Dec  3 16:40:30.531: FIBfwd-proc: Default:173.100.0.5/32 receive entry
*Dec  3 16:40:30.531: FIBipv4-packet-proc: packet routing failed
*Dec  3 16:40:30.531: IP: tableid=0, s=0.0.0.0 (local), d=173.100.0.5 (Virtual-Access2), routed via RIB
*Dec  3 16:40:30.531: IP: s=173.100.0.5 (local), d=173.100.0.5 (Virtual-Access2), len 100, sending
*Dec  3 16:40:30.531:     ICMP type=8, code=0.
*Dec  3 16:40:32.531: FIBipv4-packet-proc: route packet from (local) src 0.0.0.0 dst 173.100.0.5
*Dec  3 16:40:32.531: FIBfwd-proc: Default:173.100.0.5/32 receive entry
*Dec  3 16:40:32.531: FIBipv4-packet-proc: packet routing failed
*Dec  3 16:40:32.531: IP: tableid=0, s=0.0.0.0 (local), d=173.100.0.5 (Virtual-Access2), routed via RIB
*Dec  3 16:40:32.531: IP: s=173.100.0.5 (local), d=173.100.0.5 (Virtual-Access2), len 100, sending
*Dec  3 16:40:32.531:     ICMP type=8, code=0.
*Dec  3 16:40:34.531: FIBipv4-packet-proc: route packet from (local) src 0.0.0.0 dst 173.100.0.5
*Dec  3 16:40:34.531: FIBfwd-proc: Default:173.100.0.5/32 receive entry
*Dec  3 16:40:34.531: FIBipv4-packet-proc: packet routing failed
*Dec  3 16:40:34.531: IP: tableid=0, s=0.0.0.0 (local), d=173.100.0.5 (Virtual-Access2), routed via RIB
*Dec  3 16:40:34.531: IP: s=173.100.0.5 (local), d=173.100.0.5 (Virtual-Access2), len 100, sending
*Dec  3 16:40:34.531:     ICMP type=8, code=0.
*Dec  3 16:40:36.531: FIBipv4-packet-proc: route packet from (local) src 0.0.0.0 dst 173.100.0.5
*Dec  3 16:40:36.531: FIBfwd-proc: Default:173.100.0.5/32 receive entry
*Dec  3 16:40:36.531: FIBipv4-packet-proc: packet routing failed
*Dec  3 16:40:36.531: IP: tableid=0, s=0.0.0.0 (local), d=173.100.0.5 (Virtual-Access2), routed via RIB
*Dec  3 16:40:36.531: IP: s=173.100.0.5 (local), d=173.100.0.5 (Virtual-Access2), len 100, sending
*Dec  3 16:40:36.531:     ICMP type=8, code=0.
Success rate is 0 percent (0/5)
INE-R5(config-fr-dlci)#

Routing failed…. Hmmm…. I have the IP, correct?

INE-R5(config-fr-dlci)#do sh ip int br | e un
Interface                  IP-Address      OK? Method Status                Protocol
Virtual-Access2            173.100.0.5     YES TFTP   up                    up
Virtual-Template53         173.100.0.5     YES manual down                  down
INE-R5(config-fr-dlci)#

Yes, and my Virtual-Access interface is even listed FIRST! So it SHOULD work?!? Well, sorta. :) It’s IS indeed about what comes first, but it isn’t the “ip interface” list to be concerned with. It’s the router’s view of interface numbering and for that we’ll consult SNMP!

INE-R5(config)#do sh snmp mib ifmib ifindex
Virtual-Access2: Ifindex = 12
Serial0/0/0: Ifindex = 3
FastEthernet0/1: Ifindex = 2
Serial0/1/0: Ifindex = 4
VoIP-Null0: Ifindex = 5
Null0: Ifindex = 7
Virtual-Access1: Ifindex = 11
Async0/1/0: Ifindex = 9
Async0/0/0: Ifindex = 8
SSLVPN-VIF0: Ifindex = 6
FastEthernet0/0: Ifindex = 1
Virtual-Template53: Ifindex = 10
INE-R5(config)#

Notice that the Virtual Template has an index value of 10 while the Virtual Access interface has an index of 12. THAT’s why we try to send things out the virtual-template first. And as we said before, the template is not really an interface. In fact, we see it as down/down when we look at “show ip interface brief” above.

Cool. Now we know WHY, but that doesn’t make it work now does it? :)

We have a couple methods to use to make it work (we’ll do one on each router just for fun). First, let’s use “ip unnumbered”.

R3

int virtual-template 35
ip unnumbered loopback 0

int loopback 0
ip addr 173.100.0.3 255.255.255.0

INE-R3(config-if)#do ping 173.100.0.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 173.100.0.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/36 ms
INE-R3(config-if)#do ping 173.100.0.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 173.100.0.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
INE-R3(config-if)#

Tah-dah… I can ping the other side still AND myself.

In case you aren’t allowed to use IP Unnumbered at all, there’s another method.

R5

int virtual-template 53
no ip addr
ppp multilink-group 53

int multilink 53
ip addr 173.100.0.5 255.255.255.0

Pings won’t work though!

INE-R5(config-if)#do ping 173.100.0.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 173.100.0.3, timeout is 2 seconds:

*Dec  3 16:49:29.827: FIBipv4-packet-proc: route packet from (local) src 0.0.0.0 dst 173.100.0.3
*Dec  3 16:49:29.827: FIBfwd-proc: Default:0.0.0.0/0 proces level forwarding
*Dec  3 16:49:29.827: FIBfwd-proc: depth 0 first_idx 0 paths 1 long 0(0)
*Dec  3 16:49:29.827: FIBfwd-proc: try path 0 (of 1) v4-sp first short ext 0(-1)
*Dec  3 16:49:29.827: FIBfwd-proc: v4-sp valid
*Dec  3 16:49:29.827: FIBfwd-proc:  no nh type 8  - deag
*Dec  3 16:49:29.827: FIBfwd-proc: ip_pak_table 0 ip_nh_table 65535 if none nh none deag 1 via fib 0 path type special prefix
*Dec  3 16:49:29.827: FIBfwd-proc: Default:0.0.0.0/0 not enough info to forward via fib (none none)
*Dec  3 16:49:29.827: FIBipv4-packet-proc: packet routing failed
*Dec  3 16:49:29.827: IP: s=0.0.0.0 (local), d=173.100.0.3, len 100, unroutable
*Dec  3 16:49:29.827:     ICMP type=8, code=0.
*Dec  3 16:49:31.827: FIBipv4-packet-proc: route packet from (local) src 0.0.0.0 dst 173.100.0.3
*Dec  3 16:49:31.827: FIBfwd-proc: Default:0.0.0.0/0 proces level forwarding
*Dec  3 16:49:31.827: FIBfwd-proc: depth 0 first_idx 0 paths 1 long 0(0)
*Dec  3 16:49:31.827: FIBfwd-proc: try path 0 (of 1) v4-sp first short ext 0(-1)
*Dec  3 16:49:31.827: FIBfwd-proc: v4-sp valid
*Dec  3 16:49:31.827: FIBfwd-proc:  no nh type 8  - deag
*Dec  3 16:49:31.827: FIBfwd-proc: ip_pak_table 0 ip_nh_table 65535 if none nh none deag 1 via fib 0 path type special prefix
*Dec  3 16:49:31.827: FIBfwd-proc: Default:0.0.0.0/0 not enough info to forward via fib (none none)
*Dec  3 16:49:31.827: FIBipv4-packet-proc: packet routing failed
*Dec  3 16:49:31.827: IP: s=0.0.0.0 (local), d=173.100.0.3, len 100, unroutable
*Dec  3 16:49:31.827:     ICMP type=8, code=0.
*Dec  3 16:49:33.827: FIBipv4-packet-proc: route packet from (local) src 0.0.0.0 dst 173.100.0.3
*Dec  3 16:49:33.827: FIBfwd-proc: Default:0.0.0.0/0 proces level forwarding
*Dec  3 16:49:33.827: FIBfwd-proc: depth 0 first_idx 0 paths 1 long 0(0)
*Dec  3 16:49:33.827: FIBfwd-proc: try path 0 (of 1) v4-sp first short ext 0(-1)
*Dec  3 16:49:33.827: FIBfwd-proc: v4-sp valid
*Dec  3 16:49:33.827: FIBfwd-proc:  no nh type 8  - deag
*Dec  3 16:49:33.827: FIBfwd-proc: ip_pak_table 0 ip_nh_table 65535 if none nh none deag 1 via fib 0 path type special prefix
*Dec  3 16:49:33.827: FIBfwd-proc: Default:0.0.0.0/0 not enough info to forward via fib (none none)
*Dec  3 16:49:33.827: FIBipv4-packet-proc: packet routing failed
*Dec  3 16:49:33.827: IP: s=0.0.0.0 (local), d=173.100.0.3, len 100, unroutable
*Dec  3 16:49:33.827:     ICMP type=8, code=0.
*Dec  3 16:49:35.827: FIBipv4-packet-proc: route packet from (local) src 0.0.0.0 dst 173.100.0.3
*Dec  3 16:49:35.827: FIBfwd-proc: Default:0.0.0.0/0 proces level forwarding
*Dec  3 16:49:35.827: FIBfwd-proc: depth 0 first_idx 0 paths 1 long 0(0)
*Dec  3 16:49:35.827: FIBfwd-proc: try path 0 (of 1) v4-sp first short ext 0(-1)
*Dec  3 16:49:35.827: FIBfwd-proc: v4-sp valid
*Dec  3 16:49:35.827: FIBfwd-proc:  no nh type 8  - deag
*Dec  3 16:49:35.827: FIBfwd-proc: ip_pak_table 0 ip_nh_table 65535 if none nh none deag 1 via fib 0 path type special prefix
*Dec  3 16:49:35.827: FIBfwd-proc: Default:0.0.0.0/0 not enough info to forward via fib (none none)
*Dec  3 16:49:35.827: FIBipv4-packet-proc: packet routing failed
*Dec  3 16:49:35.827: IP: s=0.0.0.0 (local), d=173.100.0.3, len 100, unroutable
*Dec  3 16:49:35.827:     ICMP type=8, code=0.
*Dec  3 16:49:37.827: FIBipv4-packet-proc: route packet from (local) src 0.0.0.0 dst 173.100.0.3
*Dec  3 16:49:37.827: FIBfwd-proc: Default:0.0.0.0/0 proces level forwarding
*Dec  3 16:49:37.827: FIBfwd-proc: depth 0 first_idx 0 paths 1 long 0(0)
*Dec  3 16:49:37.827: FIBfwd-proc: try path 0 (of 1) v4-sp first short ext 0(-1)
*Dec  3 16:49:37.827: FIBfwd-proc: v4-sp valid
*Dec  3 16:49:37.827: FIBfwd-proc:  no nh type 8  - deag
*Dec  3 16:49:37.827: FIBfwd-proc: ip_pak_table 0 ip_nh_table 65535 if none nh none deag 1 via fib 0 path type special prefix
*Dec  3 16:49:37.827: FIBfwd-proc: Default:0.0.0.0/0 not enough info to forward via fib (none none)
*Dec  3 16:49:37.827: FIBipv4-packet-proc: packet routing failed
*Dec  3 16:49:37.827: IP: s=0.0.0.0 (local), d=173.100.0.3, len 100, unroutable
*Dec  3 16:49:37.827:     ICMP type=8, code=0.
Success rate is 0 percent (0/5)
INE-R5(config-if)#

Not enough information….. That’s a new one!

INE-R5(config-if)#do sh ppp multilink
No active bundles

Multilink53 (inactive)
Member links: 2
Vi2 (inactive)
Vt53 (inactive)
INE-R5(config-if)#

Ok, so multilink didn’t come up! Remember that everything in PPP is negotiated. So can one side do multlink without the other side doing it as well? Nope.

R3

int virtual-template 35
ppp multilink

INE-R5(config-if)#
*Dec  3 16:51:25.283: %FR-3-MLPOFR_ERROR: MLPoFR not configured properly on Link Virtual-Access2 Bundle Multilink53 :Frame Relay traffic shaping must be enabled
*Dec  3 16:51:25.291: %LINK-3-UPDOWN: Interface Multilink53, changed state to up
*Dec  3 16:51:26.291: %LINEPROTO-5-UPDOWN: Line protocol on Interface Multilink53, changed state to up
INE-R5(config-if)#

BOOM! That looks better.

INE-R5(config-if)#do ping 173.100.0.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 173.100.0.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/30/32 ms
INE-R5(config-if)#do ping 173.100.0.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 173.100.0.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/59/60 ms
INE-R5(config-if)#

And once again, my pings to the other side work well, AND I can ping myself again.

In both of these methods we are kinda “cheating” in that we aren’t REALLY pinging the PPPoFR link because it simply will not allow that to occur. We are pinging other interfaces that do indeed allow direct self-pinging!

So now you know, just in case you run into things in the lab how to make it work!

Since I mentioned we’d make things more entertaining, I’ll keep the suspense building. Come back tomorrow! :)


You can leave a response, or trackback from your own site.

9 Responses to “PING Thyself Yet Again (PPPoFR)!”

 
  1. Erick says:

    Hi! Nice blog. I just have one question.

    “(let’s say our requirement was to authenticate the routers)”

    Where did this happen? Did I miss it? :)

    Erick

  2. It hasn’t yet! One step at a time! (and right above your comment) “Come back tomorrow!”

    :) Patience Grasshopper.

  3. Marcio Costa says:

    You guys rock!! You make fun w/ the topics

  4. Erick says:

    LOL! I’m just messing with you. :P Stay out of those coffee houses! LOL

  5. Dengming Chen says:

    Cool. Please have more of this and others. Thanks.

  6. Deepak Arora says:

    Hi, can you please put some more details about “sh snmp mib ifmib ifindex ” command, I never used this before so don’t know much about situations where it could be helpful.

  7. I’ll keep the Interface Index in mind for a future blog. Thanks for the idea!

  8. “sh snmp mib ifmib ifindex ” command is useful simply for easily finding the indexes used for each interface. If you use an active SNMP check to track interface status, for example-using Nagios, the ifIndex has to be referenced. Try this from Linux, “snmpwalk -v 1 -c [community] [router IP address] 1.3.6.1.2.1.2.2.1.8.[ifIndex]“. Of course the router must be SNMP enabled. You should see something similiar to this, “IF-MIB::ifOperStatus.20 = INTEGER: up(1)”. In this case I used an IfIndex of 20 which would be an OID of “1.3.6.1.2.1.2.2.1.8.20″.

  9. Omar says:

    very nice blog, i do really enjoyed

 

Leave a Reply

Categories

CCIE Bloggers