PING Thyself Yet Again (PPPoFR)!
Following along the idea of pinging yourself (depending on where you live, there may actually be laws against that!), there are some further problems if we happen to be running PPP over Frame-Relay.
So let's start with some basic Frame-Relay configuration and move up from there.
R3
int s1/0
encap frame
no shut
R5
int s0/0/0
encap frame
no shut
INE-R3(config-if)#do sh frame pvc | in ACT
DLCI = 301, DLCI USAGE = UNUSED, PVC STATUS = INACTIVE, INTERFACE = Serial1/0
DLCI = 302, DLCI USAGE = UNUSED, PVC STATUS = INACTIVE, INTERFACE = Serial1/0
DLCI = 304, DLCI USAGE = UNUSED, PVC STATUS = INACTIVE, INTERFACE = Serial1/0
DLCI = 305, DLCI USAGE = UNUSED, PVC STATUS = ACTIVE, INTERFACE = Serial1/0
INE-R3(config-if)#INE-R5(config-if)#do sh frame pvc | in ACT
DLCI = 501, DLCI USAGE = LOCAL, PVC STATUS = INACTIVE, INTERFACE = Serial0/0/0
DLCI = 502, DLCI USAGE = LOCAL, PVC STATUS = INACTIVE, INTERFACE = Serial0/0/0
DLCI = 503, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0/0/0
DLCI = 504, DLCI USAGE = LOCAL, PVC STATUS = INACTIVE, INTERFACE = Serial0/0/0
DLCI = 513, DLCI USAGE = LOCAL, PVC STATUS = INACTIVE, INTERFACE = Serial0/0/0
INE-R5(config-if)#
I'm at least active between R3 and R5 now, so this is a good thing! Now, to configure PPPoFR (let's say our requirement was to authenticate the routers) we set up a Virtual Template... Let's start with the basics and we'll add complications in a little bit! :)
R3
int virtual-template 35
ip address 173.100.0.3 255.255.255.0
R5
int virtual-template 53
ip address 173.100.0.5 255.255.255.0
The virtual-template numbers are irrelevant. I just chose to match the router to/from for simplicity. I can only go up to 200 though, otherwise I'd match the DLCI number!
The virtual-template by itself though doesn't do anything. It just serves as a template (keep this in mind for later). So let's enable it!
R3
int s1/0
frame-relay interface-dlci 305 ppp virtual-template 35
R5
int s0/0/0
frame-relay interface-dlci 503 ppp virtual-template 53
If all is good we'll see:
*Dec 3 16:38:50.355: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
*Dec 3 16:38:51.479: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up
INE-R5(config-fr-dlci)#INE-R5(config-fr-dlci)#do ping 173.100.0.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 173.100.0.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/32 ms
INE-R5(config-fr-dlci)#
Good stuff, right!?!?!
INE-R5(config-fr-dlci)#do ping 173.100.0.5Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 173.100.0.5, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
INE-R5(config-fr-dlci)#
Now, why can I do one but not the other?
INE-R5(config-fr-dlci)#do sh ip ro 173.100.0.5
Routing entry for 173.100.0.0/24
Known via "connected", distance 0, metric 0 (connected, via interface)
Routing Descriptor Blocks:
* directly connected, via Virtual-Access2
Route metric is 0, traffic share count is 1INE-R5(config-fr-dlci)#
It LOOKS good.
INE-R5(config-fr-dlci)#do deb ip pack det
IP packet debugging is on (detailed)
INE-R5(config-fr-dlci)#do ping 173.100.0.5Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 173.100.0.5, timeout is 2 seconds:*Dec 3 16:40:28.531: FIBipv4-packet-proc: route packet from (local) src 0.0.0.0 dst 173.100.0.5
*Dec 3 16:40:28.531: FIBfwd-proc: Default:173.100.0.5/32 receive entry
*Dec 3 16:40:28.531: FIBipv4-packet-proc: packet routing failed
*Dec 3 16:40:28.531: IP: tableid=0, s=0.0.0.0 (local), d=173.100.0.5 (Virtual-Access2), routed via RIB
*Dec 3 16:40:28.531: IP: s=173.100.0.5 (local), d=173.100.0.5 (Virtual-Access2), len 100, sending
*Dec 3 16:40:28.531: ICMP type=8, code=0.
*Dec 3 16:40:30.531: FIBipv4-packet-proc: route packet from (local) src 0.0.0.0 dst 173.100.0.5
*Dec 3 16:40:30.531: FIBfwd-proc: Default:173.100.0.5/32 receive entry
*Dec 3 16:40:30.531: FIBipv4-packet-proc: packet routing failed
*Dec 3 16:40:30.531: IP: tableid=0, s=0.0.0.0 (local), d=173.100.0.5 (Virtual-Access2), routed via RIB
*Dec 3 16:40:30.531: IP: s=173.100.0.5 (local), d=173.100.0.5 (Virtual-Access2), len 100, sending
*Dec 3 16:40:30.531: ICMP type=8, code=0.
*Dec 3 16:40:32.531: FIBipv4-packet-proc: route packet from (local) src 0.0.0.0 dst 173.100.0.5
*Dec 3 16:40:32.531: FIBfwd-proc: Default:173.100.0.5/32 receive entry
*Dec 3 16:40:32.531: FIBipv4-packet-proc: packet routing failed
*Dec 3 16:40:32.531: IP: tableid=0, s=0.0.0.0 (local), d=173.100.0.5 (Virtual-Access2), routed via RIB
*Dec 3 16:40:32.531: IP: s=173.100.0.5 (local), d=173.100.0.5 (Virtual-Access2), len 100, sending
*Dec 3 16:40:32.531: ICMP type=8, code=0.
*Dec 3 16:40:34.531: FIBipv4-packet-proc: route packet from (local) src 0.0.0.0 dst 173.100.0.5
*Dec 3 16:40:34.531: FIBfwd-proc: Default:173.100.0.5/32 receive entry
*Dec 3 16:40:34.531: FIBipv4-packet-proc: packet routing failed
*Dec 3 16:40:34.531: IP: tableid=0, s=0.0.0.0 (local), d=173.100.0.5 (Virtual-Access2), routed via RIB
*Dec 3 16:40:34.531: IP: s=173.100.0.5 (local), d=173.100.0.5 (Virtual-Access2), len 100, sending
*Dec 3 16:40:34.531: ICMP type=8, code=0.
*Dec 3 16:40:36.531: FIBipv4-packet-proc: route packet from (local) src 0.0.0.0 dst 173.100.0.5
*Dec 3 16:40:36.531: FIBfwd-proc: Default:173.100.0.5/32 receive entry
*Dec 3 16:40:36.531: FIBipv4-packet-proc: packet routing failed
*Dec 3 16:40:36.531: IP: tableid=0, s=0.0.0.0 (local), d=173.100.0.5 (Virtual-Access2), routed via RIB
*Dec 3 16:40:36.531: IP: s=173.100.0.5 (local), d=173.100.0.5 (Virtual-Access2), len 100, sending
*Dec 3 16:40:36.531: ICMP type=8, code=0.
Success rate is 0 percent (0/5)
INE-R5(config-fr-dlci)#
Routing failed.... Hmmm.... I have the IP, correct?
INE-R5(config-fr-dlci)#do sh ip int br | e un
Interface IP-Address OK? Method Status Protocol
Virtual-Access2 173.100.0.5 YES TFTP up up
Virtual-Template53 173.100.0.5 YES manual down down
INE-R5(config-fr-dlci)#
Yes, and my Virtual-Access interface is even listed FIRST! So it SHOULD work?!? Well, sorta. :) It's IS indeed about what comes first, but it isn't the "ip interface" list to be concerned with. It's the router's view of interface numbering and for that we'll consult SNMP!
INE-R5(config)#do sh snmp mib ifmib ifindex
Virtual-Access2: Ifindex = 12
Serial0/0/0: Ifindex = 3
FastEthernet0/1: Ifindex = 2
Serial0/1/0: Ifindex = 4
VoIP-Null0: Ifindex = 5
Null0: Ifindex = 7
Virtual-Access1: Ifindex = 11
Async0/1/0: Ifindex = 9
Async0/0/0: Ifindex = 8
SSLVPN-VIF0: Ifindex = 6
FastEthernet0/0: Ifindex = 1
Virtual-Template53: Ifindex = 10
INE-R5(config)#
Notice that the Virtual Template has an index value of 10 while the Virtual Access interface has an index of 12. THAT's why we try to send things out the virtual-template first. And as we said before, the template is not really an interface. In fact, we see it as down/down when we look at "show ip interface brief" above.
Cool. Now we know WHY, but that doesn't make it work now does it? :)
We have a couple methods to use to make it work (we'll do one on each router just for fun). First, let's use "ip unnumbered".
R3
int virtual-template 35
ip unnumbered loopback 0
int loopback 0
ip addr 173.100.0.3 255.255.255.0
INE-R3(config-if)#do ping 173.100.0.5Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 173.100.0.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/36 ms
INE-R3(config-if)#do ping 173.100.0.3Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 173.100.0.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
INE-R3(config-if)#
Tah-dah... I can ping the other side still AND myself.
In case you aren't allowed to use IP Unnumbered at all, there's another method.
R5
int virtual-template 53
no ip addr
ppp multilink-group 53
int multilink 53
ip addr 173.100.0.5 255.255.255.0
Pings won't work though!
INE-R5(config-if)#do ping 173.100.0.3Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 173.100.0.3, timeout is 2 seconds:*Dec 3 16:49:29.827: FIBipv4-packet-proc: route packet from (local) src 0.0.0.0 dst 173.100.0.3
*Dec 3 16:49:29.827: FIBfwd-proc: Default:0.0.0.0/0 proces level forwarding
*Dec 3 16:49:29.827: FIBfwd-proc: depth 0 first_idx 0 paths 1 long 0(0)
*Dec 3 16:49:29.827: FIBfwd-proc: try path 0 (of 1) v4-sp first short ext 0(-1)
*Dec 3 16:49:29.827: FIBfwd-proc: v4-sp valid
*Dec 3 16:49:29.827: FIBfwd-proc: no nh type 8 - deag
*Dec 3 16:49:29.827: FIBfwd-proc: ip_pak_table 0 ip_nh_table 65535 if none nh none deag 1 via fib 0 path type special prefix
*Dec 3 16:49:29.827: FIBfwd-proc: Default:0.0.0.0/0 not enough info to forward via fib (none none)
*Dec 3 16:49:29.827: FIBipv4-packet-proc: packet routing failed
*Dec 3 16:49:29.827: IP: s=0.0.0.0 (local), d=173.100.0.3, len 100, unroutable
*Dec 3 16:49:29.827: ICMP type=8, code=0.
*Dec 3 16:49:31.827: FIBipv4-packet-proc: route packet from (local) src 0.0.0.0 dst 173.100.0.3
*Dec 3 16:49:31.827: FIBfwd-proc: Default:0.0.0.0/0 proces level forwarding
*Dec 3 16:49:31.827: FIBfwd-proc: depth 0 first_idx 0 paths 1 long 0(0)
*Dec 3 16:49:31.827: FIBfwd-proc: try path 0 (of 1) v4-sp first short ext 0(-1)
*Dec 3 16:49:31.827: FIBfwd-proc: v4-sp valid
*Dec 3 16:49:31.827: FIBfwd-proc: no nh type 8 - deag
*Dec 3 16:49:31.827: FIBfwd-proc: ip_pak_table 0 ip_nh_table 65535 if none nh none deag 1 via fib 0 path type special prefix
*Dec 3 16:49:31.827: FIBfwd-proc: Default:0.0.0.0/0 not enough info to forward via fib (none none)
*Dec 3 16:49:31.827: FIBipv4-packet-proc: packet routing failed
*Dec 3 16:49:31.827: IP: s=0.0.0.0 (local), d=173.100.0.3, len 100, unroutable
*Dec 3 16:49:31.827: ICMP type=8, code=0.
*Dec 3 16:49:33.827: FIBipv4-packet-proc: route packet from (local) src 0.0.0.0 dst 173.100.0.3
*Dec 3 16:49:33.827: FIBfwd-proc: Default:0.0.0.0/0 proces level forwarding
*Dec 3 16:49:33.827: FIBfwd-proc: depth 0 first_idx 0 paths 1 long 0(0)
*Dec 3 16:49:33.827: FIBfwd-proc: try path 0 (of 1) v4-sp first short ext 0(-1)
*Dec 3 16:49:33.827: FIBfwd-proc: v4-sp valid
*Dec 3 16:49:33.827: FIBfwd-proc: no nh type 8 - deag
*Dec 3 16:49:33.827: FIBfwd-proc: ip_pak_table 0 ip_nh_table 65535 if none nh none deag 1 via fib 0 path type special prefix
*Dec 3 16:49:33.827: FIBfwd-proc: Default:0.0.0.0/0 not enough info to forward via fib (none none)
*Dec 3 16:49:33.827: FIBipv4-packet-proc: packet routing failed
*Dec 3 16:49:33.827: IP: s=0.0.0.0 (local), d=173.100.0.3, len 100, unroutable
*Dec 3 16:49:33.827: ICMP type=8, code=0.
*Dec 3 16:49:35.827: FIBipv4-packet-proc: route packet from (local) src 0.0.0.0 dst 173.100.0.3
*Dec 3 16:49:35.827: FIBfwd-proc: Default:0.0.0.0/0 proces level forwarding
*Dec 3 16:49:35.827: FIBfwd-proc: depth 0 first_idx 0 paths 1 long 0(0)
*Dec 3 16:49:35.827: FIBfwd-proc: try path 0 (of 1) v4-sp first short ext 0(-1)
*Dec 3 16:49:35.827: FIBfwd-proc: v4-sp valid
*Dec 3 16:49:35.827: FIBfwd-proc: no nh type 8 - deag
*Dec 3 16:49:35.827: FIBfwd-proc: ip_pak_table 0 ip_nh_table 65535 if none nh none deag 1 via fib 0 path type special prefix
*Dec 3 16:49:35.827: FIBfwd-proc: Default:0.0.0.0/0 not enough info to forward via fib (none none)
*Dec 3 16:49:35.827: FIBipv4-packet-proc: packet routing failed
*Dec 3 16:49:35.827: IP: s=0.0.0.0 (local), d=173.100.0.3, len 100, unroutable
*Dec 3 16:49:35.827: ICMP type=8, code=0.
*Dec 3 16:49:37.827: FIBipv4-packet-proc: route packet from (local) src 0.0.0.0 dst 173.100.0.3
*Dec 3 16:49:37.827: FIBfwd-proc: Default:0.0.0.0/0 proces level forwarding
*Dec 3 16:49:37.827: FIBfwd-proc: depth 0 first_idx 0 paths 1 long 0(0)
*Dec 3 16:49:37.827: FIBfwd-proc: try path 0 (of 1) v4-sp first short ext 0(-1)
*Dec 3 16:49:37.827: FIBfwd-proc: v4-sp valid
*Dec 3 16:49:37.827: FIBfwd-proc: no nh type 8 - deag
*Dec 3 16:49:37.827: FIBfwd-proc: ip_pak_table 0 ip_nh_table 65535 if none nh none deag 1 via fib 0 path type special prefix
*Dec 3 16:49:37.827: FIBfwd-proc: Default:0.0.0.0/0 not enough info to forward via fib (none none)
*Dec 3 16:49:37.827: FIBipv4-packet-proc: packet routing failed
*Dec 3 16:49:37.827: IP: s=0.0.0.0 (local), d=173.100.0.3, len 100, unroutable
*Dec 3 16:49:37.827: ICMP type=8, code=0.
Success rate is 0 percent (0/5)
INE-R5(config-if)#
Not enough information..... That's a new one!
INE-R5(config-if)#do sh ppp multilink
No active bundlesMultilink53 (inactive)
Member links: 2
Vi2 (inactive)
Vt53 (inactive)
INE-R5(config-if)#
Ok, so multilink didn't come up! Remember that everything in PPP is negotiated. So can one side do multlink without the other side doing it as well? Nope.
R3
int virtual-template 35
ppp multilink
INE-R5(config-if)#
*Dec 3 16:51:25.283: %FR-3-MLPOFR_ERROR: MLPoFR not configured properly on Link Virtual-Access2 Bundle Multilink53 :Frame Relay traffic shaping must be enabled
*Dec 3 16:51:25.291: %LINK-3-UPDOWN: Interface Multilink53, changed state to up
*Dec 3 16:51:26.291: %LINEPROTO-5-UPDOWN: Line protocol on Interface Multilink53, changed state to up
INE-R5(config-if)#
BOOM! That looks better.
INE-R5(config-if)#do ping 173.100.0.3Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 173.100.0.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/30/32 ms
INE-R5(config-if)#do ping 173.100.0.5Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 173.100.0.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/59/60 ms
INE-R5(config-if)#
And once again, my pings to the other side work well, AND I can ping myself again.
In both of these methods we are kinda "cheating" in that we aren't REALLY pinging the PPPoFR link because it simply will not allow that to occur. We are pinging other interfaces that do indeed allow direct self-pinging!
So now you know, just in case you run into things in the lab how to make it work!
Since I mentioned we'd make things more entertaining, I'll keep the suspense building. Come back tomorrow! :)