Problem: RIP Broadcast Is Keeping the ISDN Link Up ‚ Cause: RIP Broadcasts Have Not Been
Denied
in the Interesting Traffic Definition
ISDN links are typically used as backup links when primary links go down. Cisco IOS Software requires that a router be instructed on which kind of traffic can bring up the ISDN link and keep it up. Such traffic is referred to as
interesting traffic.
Network operators typically want data traffic to be
considered
as interesting traffic to bring and keep the ISDN link up. RIP or other routing protocol updates should not be defined as interesting traffic. If this is not done, when the ISDN link comes up, it stays up as long as routing updates (RIP, in this case) are sent on a regular basis. That is not be the desired behavior because ISDN provides low-speed connectivity, and some data actually might go over the slow link even though the primary faster link is available.
Figure 3-44 shows the network setup that produces these particular DDR issues.
Figure 3-44. Network Setup Vulnerable to DDR Problems
Figure 3-45 shows the flowchart to follow to fix this problem.
Figure 3-45. Flowchart to Solve the RIP Broadcast Keeping the ISDN Link Up Problem
Debugs and Verification
Example 3-118 shows the configuration on Router R1 that produces this problem. In this configuration, only TCP traffic is denied. In other words, TCP traffic will not bring up and sustain the link. RIP broadcasts utilize UDP port 520. Because the
permit ip any any
command allows UDP port 520 to go through, RIP traffic is considered interesting traffic.
In Example 3-118, interface BRI 3/0 is configured to dial via the
dialer-map
command to the router with an IP address of 192.168.254.14 (R2). The number of dial is 57654. The
dialer-
group
command defines
dialer-list 1,
which relies on
access-list 100
to define the interesting traffic. In this example,
access-list 100
denies all TCP traffic and
permits
all IP traffic. In other words, TCP traffic will not bring up and keep up the ISDN link, whereas other traffic, including RIP, can do so.
Example 3-118 Configuring the ISDN Interface with
dialer-group
to Define Interesting Traffic
R1#
interface BRI3/0
ip address 192.168.254.13 255.255.255.252
encapsulation ppp
dialer map ip 192.168.254.14 name R2 broadcast 57654
dialer-group 1
isdn switch-type basic-net3
ppp authentication chap
access-list 100 deny tcp any any
access-list 100 permit ip any any
dialer-list 1 protocol ip list 100
Example 3-119 shows the output of
show dialer,
which shows that the reason for the link coming up is a RIP broadcast.
Example 3-119
show dialer
Output Reveals That a RIP Broadcast Is Keeping the ISDN Link Up
R1#
show dialer
BRI1/1:1 - dialer type = ISDN
Idle timer (120 secs), Fast idle timer (20 secs)
Wait for carrier (30 secs), Re-enable (2 secs)
Dialer state is data link layer up
Dial reason: ip (s=192.168.254.13, d=255.255.255.255)
Current call connected 00:00:08
Connected to 57654 (R2)
In Example 3-119,
Dial reason
section 255.255.255.255 is the destination IP address, which is the address where RIP-1 advertisements will go on BRI1/1:1.
Dial reason
indicates that the interesting traffic is RIP, which has caused this ISDN to dial in the first place.
Solution
When running RIP and DDR, define an access list for interesting traffic. In Example 3-118, the access list is denying only the TCP traffic and permitting all the IP traffic. RIP uses an IP broadcast address of 255.255.255.255 to send the routing updates. This address must be denied in the access list so that RIP doesn't bring up the link every 30 seconds.
Denying
255.255.255.255 as a desti-nation will block all broadcast traffic from bringing up the link. Blocking UDP port 520 will block RIP-1 and RIP-2 updates
specifically
. When the link is up, RIP can flow
freely
across the link. However, it will not keep the link up because it's not part of the interesting traffic definition.
Example 3-120 shows the correct configuration change in Router R1. In this configuration, all traffic destined to 255.255.255.255 address is denied. This covers all broadcast traffic, so RIP-1 will not bring up the link after this configuration change.
One important thing to know here is that RIP-1 uses the 255.255.255.255 address for sending RIP updates. RIP-2, on the other hand, uses 224.0.0.9. So, when dealing with RIP-2, you need to deny traffic from the multicast address of 224.0.0.9 as interesting traffic, as demonstrated in Example 1-21.
Example 3-120 Correct Configuration for Router R1 in
access
-list 100
to Deny Traffic from the RIP-1 Broadcast IP Address
R1#
access-list 100 deny ip any 255.255.255.255
access-list 100 permit ip any any
dialer-list 1 protocol ip list 100
Example 3-121 Configuration for Router R1 in
access-list 100
to Deny Traffic from the RIP-2 Broadcast IP Address
R1#
access-list 100 deny ip any 224.0.0.9
access-list 100 permit ip any any
Also, in a situation in which both RIP-1 and RIP-2 are running, both of these broadcast addresses should be denied in the access list, as demonstrated in Example 3-122.
Example 3-122 Configuration for Router R1 in
access-list 100
to Deny Traffic from the RIP-1 and RIP-2 Broadcast IP Addresses
access-list 100 deny ip any 255.255.255.255
access-list 100 deny ip any 224.0.0.9
access-list 100 permit ip any any
Because both RIP-1 and RIP-2 use UDP port 520, it would be most efficient to deny this port if RIP-1 and RIP-2 are not considered interesting traffic. Example 3-123 demon-strates this.
Example 3-123 Configuring
access-list 100
for R1 to Deny Traffic from the RIP-1 and RIP-2 UDP Port
R1#
access-list 100 deny udp any any eq 520
access-list 100 permit ip any any
The final configuration of R1 would like Example 3-124.
Example 3-124 Efficient Configuration of R1 when RIP-1 and RIP-2 Are Both Denied as Interesting Traffic
R1#
interface BRI3/0
ip address 192.168.254.13 255.255.255.252
encapsulation ppp
dialer map ip 192.168.254.14 name R2 broadcast 57654
dialer-group 1
isdn switch-type basic-net3
ppp authentication chap
!
access-list 100 deny udp any any eq 520
access-list 100 permit ip any any
!
dialer-list 1 protocol ip list 100
|
