Problem: RIP Broadcast Is Keeping the ISDN Link Up-Cause: RIP Broadcasts Have Not Been Denied in the Interesting Traffic Definition

Previous page
Table of content
Next page
‚  < ‚  Free Open Study ‚  > ‚  

Problem: RIP Broadcast Is Keeping the ISDN Link Up ‚ Cause: RIP Broadcasts Have Not Been Denied in the Interesting Traffic Definition

ISDN links are typically used as backup links when primary links go down. Cisco IOS Software requires that a router be instructed on which kind of traffic can bring up the ISDN link and keep it up. Such traffic is referred to as interesting traffic. Network operators typically want data traffic to be considered as interesting traffic to bring and keep the ISDN link up. RIP or other routing protocol updates should not be defined as interesting traffic. If this is not done, when the ISDN link comes up, it stays up as long as routing updates (RIP, in this case) are sent on a regular basis. That is not be the desired behavior because ISDN provides low-speed connectivity, and some data actually might go over the slow link even though the primary faster link is available.

Figure 3-44 shows the network setup that produces these particular DDR issues.

Figure 3-44. Network Setup Vulnerable to DDR Problems

Figure 3-45 shows the flowchart to follow to fix this problem.

Figure 3-45. Flowchart to Solve the RIP Broadcast Keeping the ISDN Link Up Problem

Debugs and Verification

Example 3-118 shows the configuration on Router R1 that produces this problem. In this configuration, only TCP traffic is denied. In other words, TCP traffic will not bring up and sustain the link. RIP broadcasts utilize UDP port 520. Because the permit ip any any command allows UDP port 520 to go through, RIP traffic is considered interesting traffic.

In Example 3-118, interface BRI 3/0 is configured to dial via the dialer-map command to the router with an IP address of 192.168.254.14 (R2). The number of dial is 57654. The dialer- group command defines dialer-list 1, which relies on access-list 100 to define the interesting traffic. In this example, access-list 100 denies all TCP traffic and permits all IP traffic. In other words, TCP traffic will not bring up and keep up the ISDN link, whereas other traffic, including RIP, can do so.

Example 3-118 Configuring the ISDN Interface with dialer-group to Define Interesting Traffic 
 R1#  interface BRI3/0   ip address 192.168.254.13 255.255.255.252   encapsulation ppp   dialer map ip 192.168.254.14 name R2 broadcast 57654   dialer-group 1   isdn switch-type basic-net3   ppp authentication chap   access-list 100 deny tcp any any    access-list 100 permit ip any any    dialer-list 1 protocol ip list 100

Example 3-119 shows the output of show dialer, which shows that the reason for the link coming up is a RIP broadcast.

Example 3-119 show dialer Output Reveals That a RIP Broadcast Is Keeping the ISDN Link Up 
 R1#  show dialer  BRI1/1:1 - dialer type = ISDN Idle timer (120 secs), Fast idle timer (20 secs) Wait for carrier (30 secs), Re-enable (2 secs) Dialer state is data link layer up  Dial reason: ip (s=192.168.254.13, d=255.255.255.255)  Current call connected 00:00:08  Connected to 57654 (R2)

In Example 3-119, Dial reason section 255.255.255.255 is the destination IP address, which is the address where RIP-1 advertisements will go on BRI1/1:1. Dial reason indicates that the interesting traffic is RIP, which has caused this ISDN to dial in the first place.

Solution

When running RIP and DDR, define an access list for interesting traffic. In Example 3-118, the access list is denying only the TCP traffic and permitting all the IP traffic. RIP uses an IP broadcast address of 255.255.255.255 to send the routing updates. This address must be denied in the access list so that RIP doesn't bring up the link every 30 seconds. Denying 255.255.255.255 as a desti-nation will block all broadcast traffic from bringing up the link. Blocking UDP port 520 will block RIP-1 and RIP-2 updates specifically . When the link is up, RIP can flow freely across the link. However, it will not keep the link up because it's not part of the interesting traffic definition.

Example 3-120 shows the correct configuration change in Router R1. In this configuration, all traffic destined to 255.255.255.255 address is denied. This covers all broadcast traffic, so RIP-1 will not bring up the link after this configuration change.

One important thing to know here is that RIP-1 uses the 255.255.255.255 address for sending RIP updates. RIP-2, on the other hand, uses 224.0.0.9. So, when dealing with RIP-2, you need to deny traffic from the multicast address of 224.0.0.9 as interesting traffic, as demonstrated in Example 1-21.

Example 3-120 Correct Configuration for Router R1 in access -list 100 to Deny Traffic from the RIP-1 Broadcast IP Address 
 R1#   access-list 100 deny ip any 255.255.255.255    access-list 100 permit ip any any   dialer-list 1 protocol ip list 100
Example 3-121 Configuration for Router R1 in access-list 100 to Deny Traffic from the RIP-2 Broadcast IP Address 
 R1#   access-list 100 deny ip any 224.0.0.9    access-list 100 permit ip any any

Also, in a situation in which both RIP-1 and RIP-2 are running, both of these broadcast addresses should be denied in the access list, as demonstrated in Example 3-122.

Example 3-122 Configuration for Router R1 in access-list 100 to Deny Traffic from the RIP-1 and RIP-2 Broadcast IP Addresses 
  access-list 100 deny ip any 255.255.255.255   access-list 100 deny ip any 224.0.0.9   access-list 100 permit ip any any

Because both RIP-1 and RIP-2 use UDP port 520, it would be most efficient to deny this port if RIP-1 and RIP-2 are not considered interesting traffic. Example 3-123 demon-strates this.

Example 3-123 Configuring access-list 100 for R1 to Deny Traffic from the RIP-1 and RIP-2 UDP Port 
 R1#  access-list 100 deny udp any any eq 520   access-list 100 permit ip any any

The final configuration of R1 would like Example 3-124.

Example 3-124 Efficient Configuration of R1 when RIP-1 and RIP-2 Are Both Denied as Interesting Traffic 
 R1#  interface BRI3/0   ip address 192.168.254.13 255.255.255.252   encapsulation ppp   dialer map ip 192.168.254.14 name R2 broadcast 57654   dialer-group 1   isdn switch-type basic-net3   ppp authentication chap   !    access-list 100 deny udp any any eq 520    access-list 100 permit ip any any   !   dialer-list 1 protocol ip list 100
‚  < ‚  Free Open Study ‚  > ‚  

Previous page
Table of content
Next page
Troubleshooting IP Routing Protocols
Troubleshooting IP Routing Protocols (CCIE Professional Development Series)
ISBN: 1587050196
EAN: 2147483647
Year: 2002
Pages: 260
Authors: Zaheer Aziz, Johnson Liu, Abe Martey, Faraz Shamim
BUY ON AMAZON
Interprocess Communications in Linux: The Nooks and Crannies
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
Java How to Program (6th Edition) (How to Program (Deitel))
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
InDesign Type: Professional Typography with Adobe InDesign CS2
Extending and Embedding PHP
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy