Automating Dial Backup

Problem

You want automatic dial recovery in case a WAN link fails.

Solution

One of the most reliable ways of implementing dial backup on a Cisco router is to use a floating static default route, as follows:

Router1#configure terminal 
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface BRI0/0
Router1(config-if)#ip address 10.1.99.55 255.255.255.0
Router1(config-if)#encapsulation ppp
Router1(config-if)#dialer idle-timeout 300
Router1(config-if)#dialer map ip 10.1.99.1 name dialhost broadcast 95551212
Router1(config-if)#dialer load-threshold 50 either
Router1(config-if)#dialer-group 1
Router1(config-if)#isdn switch-type basic-ni
Router1(config-if)#isdn spid1 800555123400 5551234
Router1(config-if)#isdn spid2 800555123500 5551235
Router1(config-if)#ppp authentication chap
Router1(config-if)#ppp multilink
Router1(config-if)#exit
Router1(config)#username dialhost password dialpassword
Router1(config)#ip route 0.0.0.0 0.0.0.0 10.1.99.1 180
Router1(config)#dialer-list 1 protocol ip list 101
Router1(config)#access-list 101 deny eigrp any any
Router1(config)#access-list 101 permit ip any any
Router1(config)#router eigrp 55
Router1(config-router)#network 10.0.0.0
Router1(config-router)#end
Router1#

Then the matching configuration of the other end is shown in Recipe 13.2.

Discussion

This recipe includes several important features. First, notice that we have configured dial backup using an ISDN BRI interface on this router. So we have to set up the ISDN configuration:

Router1(config)#interface BRI0/0
Router1(config-if)#isdn switch-type basic-ni
Router1(config-if)#isdn spid1 800555123400 5551234
Router1(config-if)#isdn spid2 800555123500 5551235

This site is connected to a National ISDN switch. So we have defined the switch type to be basic-ni. If this had been a PRI rather than a BRI, we would have used primary-ni. And because it is a National ISDN switch, we also have to include the ISDN Service Profile Identifier (SPID) values. These define the telephone numbers associated with each of the two B channels in the BRI. Note that the syntax includes essentially the same number twice:

Router1(config-if)#isdn spid1 800555123400 5551234

The first argument is the whole telephone number including area code with 00 tacked on the end. These extra two digits vary between different telephone companies. Sometimes this needs to be a different code, such as 0101. The telephone company can tell you the correct value to include.

The second number is not always required. This is essentially the phone number that you would need to call this B channel from the other B channel. In this example, the telephone company uses seven-digit local dialing, so we can eliminate the area code.

There are several different kinds of ISDN switches, and it's important to find out what your carrier uses to ensure that you configure the router properly.

For telephone companies that use AT&T switches:

Router1(config-if)#isdn switch-type basic-5ess

For telephone companies that use Nortel DMS100 switches:

Router1(config-if)#isdn switch-type basic-dms100

Telephone companies outside of North America often use different kinds of ISDN switches. In France you would use the following command:

Router1(config-if)#isdn switch-type vn3

In Australia, the telephone company uses TS013 ISDN switches:

Router1(config-if)#isdn switch-type basic-ts013

In Norway and New Zealand:

Router1(config-if)#isdn switch-type basic-net3

In Germany:

Router1(config-if)#isdn switch-type basic-1tr6

And, in Japan:

Router1(config-if)#isdn switch-type ntt

Please contact the local telephone company supplying the BRI circuit to ensure that you have the right switch type. And be sure to ask them whether you need to configure SPIDs on your router. Some switches require them; others don't.

You can verify that you have your ISDN configuration working correctly with the show isdn status command:

Router1#show isdn status
Global ISDN Switchtype = basic-ni
ISDN BRI1/0 interface
 dsl 8, interface ISDN Switchtype = basic-ni
 Layer 1 Status:
 ACTIVE
 Layer 2 Status:
 TEI = 85, Ces = 1, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
 TEI = 86, Ces = 2, SAPI = 0, State = MULTIPLE_FRAME_ESTABLISHED
 TEI 85, ces = 1, state = 8(established)
 spid1 configured, spid1 sent, spid1 valid
 TEI 86, ces = 2, state = 8(established)
 spid2 configured, spid2 sent, spid2 valid
 Layer 3 Status:
 0 Active Layer 3 Call(s)
 Activated dsl 8 CCBs = 0
 The Free Channel Mask: 0x80000003
Total Allocated ISDN CCBs = 2
Router1#

In this case, you can see you have an "active" status at Layer 1, and both of the Terminal Endpoint Identifiers (TEI) are in a "MULTIPLE_FRAME_ESTABLISHED" state. This means that the router is talking with the telephone company's ISDN switch, and that both of the B channels are ready to go. This display also says that there are currently no active calls at Layer 3. As an aside, we should point out that this refers to the ISDN circuit's Layer 3, and not the IP network layer. When the router places a call, it will establish a PPP connection, which will support IP.

The actual dialing is done by the dialer map command:

Router1(config)#dialer-list 1 protocol ip list 101
Router1(config)#access-list 101 deny eigrp any any
Router1(config)#access-list 101 permit ip any any
Router1(config)#interface BRI0/0
Router1(config-if)#dialer map ip 10.1.99.1 name dialhost broadcast 95551212
Router1(config-if)#dialer-group 1

In this case, the dialer map says that to reach the IP address 10.1.99.1, it should dial the phone number 95551212 to reach the router called dialhost. Note that we have included a "9" at the start of this phone number. Again, you will need to ask your local telephone company whether there is a special code digit. We have seen places where we needed a 9, an 8, or nothing at all.

The broadcast keyword in this command allows both multicast and broadcast traffic to use this dialup link. This is extremely important for routing protocols such as EIGRP, RIPv2, and OSPF, which use multicasts for sending their updates between routers. This example uses EIGRP, so we need to include this keyword.

With this type of dialer configuration, you also need to define a dialer group. In this case, we have assigned this interface to dialer group number 1. You configure the behavior of this dialer group with the dialer-list statement, which defines what an interesting packet is for this network.

An interesting packet is one that will bring up the dialer, or keep it active if it is already up. If the circuit is up, then the router will reset the idle timer every time it sees an interesting packet. The result is that as long as there are interesting packets to send, the router will keep the dial session active. Otherwise, it will disconnect the call when the idle timer expires. This is particularly important when you are calling long distance numbers. If the wrong packets are considered interesting, it could mean an expensive phone bill.

So we have associated the dialer list with an access list that specifies what is interesting. In this case, all IP packets except EIGRP are interesting. It's important to remember that EIGRP packets will still pass through the dial link normally. But if the link is not active, an EIGRP packet is not sufficient to bring it up. And if the link is active, the presence of EIGRP packets alone won't prevent the router from dropping it.

This is extremely important because, as we discussed in Chapter 7, the router will send an EIGRP HELLO packet every few seconds by default. But we don't want the link to remain active unless there is real user traffic to send. If you are using a different routing protocol, you should specify its update packets here instead.

However, sometimes you do want the link to remain active all the time. For example, the administrators of some small WANs like to keep ISDN sessions nailed up all the time (usually because they only pay an access charge, and not a usage or long distance charge). So if the session drops for any reasons, they want it to immediately dial up again. In this case, you could replace the access list with a new one that finds all traffic interesting:

Router1(config)#access-list 101 permit ip any any

It's easier still if you modify the dialer-list command to make all IP traffic interesting:

Router1(config)#dialer-list 1 protocol ip permit

When the router dials, it will use Point-to-Point Protocol (PPP) to carry Layer 3 protocols such as IP. So you need to define several PPP parameters:

Router1(config)#interface BRI0/0
Router1(config-if)#encapsulation ppp
Router1(config-if)#ppp authentication chap
Router1(config-if)#exit
Router1(config)#username dialhost password dialpassword

The encapsulation command simply tells the router to use PPP as its Layer 2 protocol. But because you don't want just anybody dialing into this dialhost router, it's a good idea to include some authentication. In this case, we have configured the router to use Challenge Handshake Authentication Protocol (CHAP) for authenticating PPP sessions. This basically means that both this router and the router it dials to will exchange usernames and passwords when they connect. The username for this router is the router's name. And we define the username and password for the other router with the username command.

We note in passing that Cisco supports another PPP authentication scheme called Password Authentication Protocol (PAP). CHAP is much more secure because it only passes passwords in encrypted form rather than clear text, as PAP does. CHAP is no more complex to set up, and presents no appreciable extra load on the router's resources. So we strongly recommend using CHAP rather than PAP.

Because this is an ISDN BRI interface, we would like to be able to use both of the B channels to increase the available bandwidth:

Router1(config)#interface BRI0/0
Router1(config-if)#dialer load-threshold 50 either
Router1(config-if)#ppp multilink

The command ppp multilink means that this PPP session can be split across several physical connections. This feature allows full load balancing and packet sequencing across all of the connections in the multilink bundle. In this case, we want to bond the two ISDN B channels into a single 128 Kbps PPP link. By default, the router will use only one of these channels, whichever one is available. The dialer load-threshold command specifies the rule that the router will use to bring up the second link. In this case, we have specified that if the traffic utilization in either direction (input or output) reaches ~20 percent (50/255 link utilization), then the router should bring up the second channel.

We have also modified the default idle timeout:

Router1(config)#interface BRI0/0
Router1(config-if)#dialer idle-timeout 300

By default, the router will drop the dial session if there have been no interesting packets for 120 seconds. We have increased this value to 300 seconds. Because ISDN dials so quickly, this is not vital. But with asynchronous modem dialup, it can take up to a full minute to establish a new session. You often need to increase the idle timer is to make sure that the primary connection is up and stable before disconnecting the backup circuit. It is a good idea to wait for the routing protocol to converge, and to ensure that the primary circuit isn't simply bouncing up and down. You also have to trade off between the time required to establish a new session and the cost of any long distance charges on this line. We generally recommend using an idle timeout period of 5 minutes, as shown in the example.

Finally, we come to one of the most important features of this configuration, the trigger condition. This router will dial whenever it has traffic to send to the IP address 10.1.99.1, which is the IP address of the dialhost router itself. User traffic will be directed to end devices such as servers, not to routers. The only way to bring up this dial interface is if this router needs to send an interesting packet to the dial router's IP address. This is where the floating static route comes in.

In Chapter 5, we discussed floating static routes. These are routes whose administrative distances are so high that any dynamically learned route to the same destination will be better. So the router will only install this static route if the dynamic routing protocol can't offer anything better:

Router1(config)#ip route 0.0.0.0 0.0.0.0 10.1.99.1 180

In this particular case the routing protocol is EIGRP, which has an administrative distance of 90 by default for all internal routes and 170 for external routes. So, by creating this static default route with a metric of 180, we ensure that the router will never use it if it has anything better.

The net result is that if the primary link fails, EIGRP will lose all of its routes. So the router will install the floating static route to handle any user data packets that it needs to transmit. Since this route points to the far end of the dial link, this forces the router to bring up the dial connection.

The nice thing about this way of triggering dial backup is that it is extremely robust. Anything that causes you to lose connectivity for any reason will trigger the dial backup. This is better than the backup interface solution described in Recipe 13.4, for example, because it doesn't require loss of physical connectivity to trigger the backup.

Also, as we will discuss in Recipe 13.4, which uses the backup interface method to trigger dial backup, with the floating static configuration, you have the advantage that the interface remains up but not connected when the primary circuit is working. In the case of ISDN, this means that you can use the show isdn commands that we discuss in Recipe 13.7 to ensure that your circuit is still working.

And one of the most useful features of this type of trigger mechanism is that you can test the dial backup easily. If you look at the dialer list, you will see that all the router needs to initiate a dial session is to have a packet to send to the far end that matches the dialer list. So, in this particular example, you could easily bring up a dial session for testing by just logging into the remote router and pinging the IP address of the dial backup router:

Router1#ping 10.1.99.1

 

See Also

Recipe 13.2; Recipe 13.4; Chapter 5; Chapter 7

Router Configuration and File Management

Router Management

User Access and Privilege Levels

TACACS+

IP Routing

RIP

EIGRP

OSPF

BGP

Frame Relay

Handling Queuing and Congestion

Tunnels and VPNs

Dial Backup

NTP and Time

DLSw

Router Interfaces and Media

Simple Network Management Protocol

Logging

Access-Lists

DHCP

NAT

First Hop Redundancy Protocols

IP Multicast

IP Mobility

IPv6

MPLS

Security

Appendix 1. External Software Packages

Appendix 2. IP Precedence, TOS, and DSCP Classifications

Index



Cisco IOS Cookbook
Cisco IOS Cookbook (Cookbooks (OReilly))
ISBN: 0596527225
EAN: 2147483647
Year: 2004
Pages: 505

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net