Wednesday, October 28, 2015

How does traceroute work

Here is a very good document which i found from cisco documents.
Have been asked many times in interview

The traceroute command is used to discover the routes that packets actually take when traveling to
their destination. The device (for example, a router or a PC) sends out a sequence of User Datagram
Protocol (UDP) datagrams to an invalid port address at the remote host.
Three datagrams are sent, each with a Time-To-Live (TTL) field value set to one. The TTL value of 1
causes the datagram to "timeout" as soon as it hits the first router in the path; this router then responds
with an ICMP Time Exceeded Message (TEM) indicating that the datagram has expired.
Another three UDP messages are now sent, each with the TTL value set to 2, which causes the second
router to return ICMP TEMs. This process continues until the packets actually reach the other
destination. Since these datagrams are trying to access an invalid port at the destination host, ICMP
Port Unreachable Messages are returned, indicating an unreachable port; this event signals the
Traceroute program that it is finished.
The purpose behind this is to record the source of each ICMP Time Exceeded Message to provide a
trace of the path the packet took to reach the destination.

Why is it required that iBGP peers always form full mesh?

eBGP uses the AS_PATH as loop avoidance mechanism since iBGP router doesn't change AS_PATH attribute while advertising routes to another iBGP peer we can't use it as loop avoidance in iBGP. To avoid loop iBGP peer doesn't advertised routes learned from another iBGP peer. So in order for an iBGP peers to receive all routes need to establish BGP session with all other peers hence full mesh.

How to Write Test Plans


Test Plans should be based on functionality and the feature to be tested. It can cover following things :

1) Configuration test cases

2) Functionality Test cases

3) Standard Based/ RFC based test cases

4)  Negative test cases

5) Performance related test cases

6) Stress Test cases

7) Logs related test case

8) Statistics Related test cases

9) User interface related test cases

10) Inter Feature test cases ( Lets say VLAN test plan is to be written and in this section we can add DHCP server related test cases, a combination of two or more  features)

what are different types of software testing

Testing Types
===========

1) Sanity testing - Speed is the main criteria. Sanity test is to rule out certain classes of obviously false results

2) Smoke testing - tests to reveal simple failures severe enough to reject a prospective software release. aims to determine whether the application is so badly broken as to make further immediate testing unnecessary

3) Regression testing - aims at finding new bugs or old reoccuring bugs when software changes enhancements have been applied.

4) Performance testing- aims to determine how software works with a given load . focuses on reponsiveness and stability

5) Load testing - with this much load. max data max useres . does the system run

6) Stress testing - with given load how long and how is it performing

7) Soak testing -  involves testing a system with a typical production load, over a continuous availability period, to validate system behavior under production use.

What are the levels of software testing

Testing levels
==========

1) Unit testing -  verify the functionality of a specific section of code

2) Integration testing -  works to expose defects in the interfaces and interaction between integrated components (modules).

3) System testing -tests a completely integrated system to verify that it meets its requirements

what are different software testing methods

Testing methods
============

1)White-Box testing - tests internal structures or workings of a program, as opposed to the functionality exposed to the end-user.  it is usually done at the unit level. It can test paths within a unit, paths between units during integration, and between subsystems during a system–level test.

2)Black-box testing - examining functionality without any knowledge of internal implementation. The testers are only aware of what the software is supposed to do, not how it does it

3)Grey-box testing - involves having knowledge of internal data structures and algorithms for purposes of designing tests, while executing those tests at the user, or black-box level. Manipulating input data and formatting output do not qualify as grey-box, because the input and output are clearly outside of the "black box" that we are calling the system under test.

Monday, October 26, 2015

BGP interview Questions

Here is a list of questions that I could come across while i studied BGP topics. This is a very rough draft.

BGP Questions
- How do you inject a network into bgp ? the command
- what is r - rib failure in sh ip bgp? - it means it is best route in bgp but we lost from the routing table as it is learnt via another protocol
- what is command  no auto-summary in bgp config? it means that put the exact network and the exact mask and it will advertise( classless).so if you have lot of 10.0.0.0 network and you insert command "network 10.0.0.0" inside bgp these networks wont be advertise via bgp. this is because autosummary is off by default and we need to type exact network and mask. if we turn on autosummary and then do this classfull network command we will see all 10 networks inside bgp
- what is no synchronization command in bgp config? if sych is off it means that i will not use the bgp route unless it is learnt via an igp. Now it is no sync by default.
- In bgp what are origin code of "i" and "?" - i means this network is into bgp from the network command and is configured on this router. "?" means that this network is into bgp from the redistribute command under bgp config
- what is sourcing a default route in bgp - it means that r1---->r2.. suppose r1 wants to inform r2 that is r2 wants to send traffic anywhere and is not specified in r2 table then send it to me r1
- How to source a default route? on r1 put the command " neighbor r2ip default-originate" . you wont see a default route on r1 . but if you check sh ip bgp of r2 you will see 0.0.0.0 next hop r1
- what is aggregation(summary) routes in bgp? how to do it? - it is here we take many detailed networks and advertise them as block of single larger address.We do this to reduce the number of router in bgp on internet.
- what is split horizon rule of bgp? as89(R8) ----- as3(R6 --R5--R3)
R8 sends ebgp update to R6. R6 will send ibgp update to R5 . But R5 will not send ibgp updat to R3 or any other internal bgp neighbors.
- why peering with loopback interface is good instead of physical interface?
- What are the ways to overcome full mesh topology in ibgp network? - confederation and routereflectors
- what are the two benefits of route reflectors? - 1) eleminate need for full mesh - ie send one update to route reflector the route reflector sends update to all its clients
2) loop prevention through cluster id- ie if i am a route reflector and i receive a route with my own cluster id i discard it.
- Explain configuring rr. ?  as3(R6 --R5--R3) on R5 we want it to be rr. neighbor 3.3.3.3 remote-as 3, neighbor 3.3.3.3 route-reflector-client. -> this is the only command needed on R5 ie rr and it will start sending updates to R3
- On router how will you check if that router is advertising bgp routes down to its neighbor ? sh ip bgp neighbor <neighbor ip> advertised-route
- does bgp send all routes it knows via bgp to its neighbor? entire sh ip bgp table? - no bgp send to its neighbor only valid routes with > sign
- if a client sends and update to rr, do  clients and nonclients get it? answer yes
- if a nonclient send a update to rr , do  clients and nonclients get it? - clients get it. Non clients dont get it
-
- in confederations does the rule of ttl of 1 between two ebgp apply? how to overcome it?.- yes it applies. to overcome it neighbor <ip> ebgp-multihop <coutn
- How to configure peer groups? neighbor MYPEERS peer-group, neighbor MYPEERS remote-as 123, neighbor MYPEERS update-source lo, neighbpr 1.1.1.1 peer-group MYPEERS
- what is bgp update-group? bgp dynamically assigns neighbors to update groups
- what is commmand to enable password for forming bgp neighbor? we need to do neighbor 1.1.1.1 password xyz
- what is ttl security in bgp?  neighbor <ip> ttl-security hops <number of hops> put on both routers
- What is NHS ? explain with example
- what is default ttl for ibgp neighbors and ebgp neighbors?
- what modifications are needed to ttl if ebgp neighbors are not directly connected
- what is advantage of peering with neighbors loopback ip address instead of physical address
- If we want to neighbor up with peers loopback address what is the additional command and what is the implication if we do not use that commnad and still use loopback to peer up with neighbor
- There are two bgp neighbors. You want one neighbor to always be server and other to be client. How can you do that? hint - update loopback sourc on one neighbor.
other neighbor dont mention this commnad... R1 forms neighborship with 2.2.2.2 using loopback and R2 when trying to form neibhborship with R1 loopback dont use update loopback source and it wil form neighborship as already it will see that it has a neighbor statement

R1-----------------------------------------------------------------------R2
on R1 - neighbor 2.2.2.2 update source lo 0
Now R1 forms neighbor with 2.2.2.2 from 1.1.1.1
From R2 - neibhbor 1.1.1.1 (no update source)
R2 thinks I already have neibhborship with 1.1.1.1 so forms neibhbor.
In this case R2 will always be server , R1 always client


- how do you change the router id of bgp and does it have impact on existing bgp established sessions?
- How do you inject a network into bgp ? the command
- what is r - rib failure in sh ip bgp? - it means it is best route in bgp but we lost from the routing table as it is learnt via another protocol
- what is command  no auto-summary in bgp config? it means that put the exact network and the exact mask and it will advertise( classless).so if you have lot of 10.0.0.0 network and you insert command "network 10.0.0.0" inside bgp these networks wont be advertise via bgp. this is because autosummary is off by default and we need to type exact network and mask. if we turn on autosummary and then do this classfull network command we will see all 10 networks inside bgp
- what is no synchronization command in bgp config? if sych is off it means that i will not use the bgp route unless it is learnt via an igp. Now it is no sync by default.
- In bgp what are origin code of "i" and "?" - i means this network is into bgp from the network command and is configured on this router. "?" means that this network is into bgp from the redistribute command under bgp config
- what is sourcing a default route in bgp - it means that r1---->r2.. suppose r1 wants to inform r2 that is r2 wants to send traffic anywhere and is not specified in r2 table then send it to me r1
- How to source a default route? on r1 put the command " neighbor r2ip default-originate" . you wont see a default route on r1 . but if you check sh ip bgp of r2 you will see 0.0.0.0 next hop r1
- what is aggregation(summary) routes in bgp? how to do it? - it is here we take many detailed networks and advertise them as block of single larger address.We do this to reduce the number of router in bgp on internet.
- what is split horizon rule of bgp? as89(R8) ----- as3(R6 --R5--R3)
R8 sends ebgp update to R6. R6 will send ibgp update to R5 . But R5 will not send ibgp updat to R3 or any other internal bgp neighbors.
- why peering with loopback interface is good instead of physical interface?
- What are the ways to overcome full mesh topology in ibgp network? - confederation and routereflectors
- what are the two benefits of route reflectors? - 1) eleminate need for full mesh - ie send one update to route reflector the route reflector sends update to all its clients
2) loop prevention through cluster id- ie if i am a route reflector and i receive a route with my own cluster id i discard it.
- Explain configuring rr. ?  as3(R6 --R5--R3) on R5 we want it to be rr. neighbor 3.3.3.3 remote-as 3, neighbor 3.3.3.3 route-reflector-client. -> this is the only command needed on R5 ie rr and it will start sending updates to R3
- On router how will you check if that router is advertising bgp routes down to its neighbor ? sh ip bgp neighbor <neighbor ip> advertised-route
- does bgp send all routes it knows via bgp to its neighbor? entire sh ip bgp table? - no bgp send to its neighbor only valid routes with > sign
- if a client sends and update to rr, do  clients and nonclients get it? answer yes
- if a nonclient send a update to rr , do  clients and nonclients get it? - clients get it. Non clients dont get it
-
- in confederations does the rule of ttl of 1 between two ebgp apply? how to overcome it?.- yes it applies. to overcome it neighbor <ip> ebgp-multihop <coutn
- How to configure peer groups? neighbor MYPEERS peer-group, neighbor MYPEERS remote-as 123, neighbor MYPEERS update-source lo, neighbpr 1.1.1.1 peer-group MYPEERS
- what is bgp update-group? bgp dynamically assigns neighbors to update groups
- what is commmand to enable password for forming bgp neighbor? we need to do neighbor 1.1.1.1 password xyz
- what is ttl security in bgp?  neighbor <ip> ttl-security hops <number of hops> put on both routers
- explain origin code in bgp? - i put into bgp with network statement.
-what are well know mandatoryattributes? give examples - well know is recognized by every bgp speaker and must be present in update eg. nh, aspath.
-what are well know discretionary? give examples - well know is recognized by every bgp speaker and discretionary means may or may not be present in an update eg atomic path aggregator
- what are optional transitive? give examples - optional may or may not be recognized by other bgp neighbors, and transitive means passed betn ebgp and ibgp neighbors
- what are optional nontransitive? give examples - non transitive means passed only between ibgp neighbors
- what is the most important aspect of as path attribute? - loop prevention, if an as sees its own as path in the updates it will not accept it
- how will u influence r6 to be the egress for all traffic to 2,2,2,2 route - set the local pref to be highest for 2.2.2.2 route on r6 . this is propagated to all nodes in as3 and all take r6 as best path to egress out to 2.2.2.2 n- w
- how will you influence ingress traffic on one link when you are hultihomed to single service provider? advertise med for the particular neighbor with lower med value
- what is atomic aggregate and aggrigator?  atomic aggregate - here atomic means one.this means we advertise one summary inor out of the as.
 aggregator is the individual who did the aggregation.
- how do we maniputlate outbound taffic ? Local pref and weight
- what is aspath prepending?why use it? - this is used to influence others to take a particular path.
- why use med when we can do inbound traffic manipulation using aspath prepend? - aspath prepand we do not know what the policy of the other as is towards our as.
- what is a distribute list explain with eg
- what is a route map explain with eg
- what is a pefix list explain with eg
- difference between acl distribute list prefix list and route map explain?
- how to load balance across multiple bgp paths
- is it possible to connecect to two diff isp? how do we do that? does load balancing work? - we must have our own as herer to connect to two diff isps
- Range of pivate AS number? and range of public AS number? - 64512 to 65535

Difference Between PPP and PPPoE

Difference Between PPP and PPPoE

PPP
- Point to Point Protocol
- TCP/IP by itself cannot be transmitted over a serial link
- Why TCP/IP Cannot be transmitted over a serial link?
The TCP/IP protocol suite was generally designed to provide implementation of the networking stack from the network layer (layer three) and above. The core protocols of TCP/IP operate at layers three and four of the OSI model, corresponding to the Internet layer and Host-to-Host Transport layer of the TCP/IP architectural model.
Since the Internet Protocol assumes certain services will be provided at layer two, there is no way to make it operate directly over a serial line. The most important L2 function that is required at a minimum is some mechanism for framing the IP datagram for transmission—that is, providing the necessary data packaging to let datagrams be transmitted over the physical layer network. Without this, IP datagrams cannot be sent over the link.
- For TCP/IP to work on serial links hence PPP was developed.
- PPP is full-featured data link layer protocol that provides framing


PPPoE
- PPP, which was designed for serial communications, has now been adapted to Ethernet, and is called PPP over Ethernet (PPPoE)
- Service Providers have started using Ethernet links on WAN.
- ISPs now require the added functionality of PPP over Ethernet, which allows them to have session through the use of user logins and have the ability to measure the volume of traffic each user generates.
- PPP helps to creat individual circuits over Ethernet media which is multicast , for each subscriber. Subscriber is a DSL end User.

Sunday, October 25, 2015

LINKGROUPS

Combination of two or more links into a single logical link is called linkgroup
Advantages of linkgroup are
1) Increased Capacity of the data and
2) Provides Redundancy incase of failover

There are Two classes of linkgroups that are defined in Ericsson Redback Routers
·      Access LAG - These are used for subscriber links.

·      Trunk LAG  - These are intended for trunk (router to router) links. Trunk LAGs are further divided into Ethernet or Dot1Q (VLAN) types. 

- Ether link-groups : This type of link-group supports only links carrying untagged traffic.
  Config Example:     link-group <lgname> ether
                             interface <intname> local
Dot1q link-groups: These are an enhancement of Ether linkgroups. Where ether linkgroup support only untagged traffic, dot1q link-groups support both tagged and untagged traffic.

Config Example : link-group <lgname> dot1q
                             encapsulation dot1q
                           interface untagged local
                             dot1q pvc 10
                           interface pvc10 local
                             dot1q pvc 20
                           interface pvc20 local

BGP PATH VECTOR PROTOCOL

Why is BGP called a Path Vector Protocol ?

BGP is a distance vector protocol in that each BGP node relies on downstream neighbors to pass along routes from their routing table; the node makes its route calculations based on those advertised routes and passes the results to upstream neighbors. However, other distance vector protocols quantify the distance with a single number, representing hop count. In contrast, BGP uses a list of AS numbers through which a packet must pass to reach the destination.Because this list fully describes the path a packet must take, BGP is called a path vector routing protocol to contrast it with traditional distance vector protocols.

Saturday, October 24, 2015

OSPF troubleshooting

OSPF TROUBLESHOOTING

OSPF runs on top of IP and uses protocol number 89
OSPF doesn't use any transport protocol, such as TCP, for reliability. The protocol itself has a reliable mechanism of transportation.
Debugs in OSPF normally are not very CPU-intensive unless the problem is impacting the entire OSPF network. For example, if OSPF neighbors are not coming up, turning on debug ip ospf adj is not CPU-intensive unless 300 neighbors are having problems at the same time.


Troubleshooting OSPF neighbor relationships
Troubleshooting OSPF route advertisement
Troubleshooting OSPF route installation
Troubleshooting redistribution problems in OSPF
Troubleshooting route summarization in OSPF
Troubleshooting CPUHOG problems
Troubleshooting dial-on-demand routing (DDR) issues in OSPF
Troubleshooting SPF calculation and route flapping
Common OSPF error messages


1)Troubleshooting OSPF neighbor relationships

-      OSPF neighbor relationship problems can be of any of these types:
The OSPF neighbor list is empty.
An OSPF neighbor is stuck in ATTEMPT.
An OSPF neighbor is stuck in INIT.
An OSPF neighbor is stuck in 2-WAY.
An OSPF neighbor is stuck in EXSTART/EXCHANGE.
An OSPF neighbor is stuck in LOADING.

1.      Problem: The OSPF neighbor list is empty
·         OSPF is not enabled on the interface.
·         Layer 1/2 is down.
·         The interface is defined as passive under OSPF.
-      When an interface is defined as passive under router OSPF, it suppresses OSPF Hellos. This means that OSPF does not send or receive any Hellos on such interfaces. Therefore, no adjacency is formed.
-      passive-interface: the command is entered so that the router cannot take part in any OSPF process on that segment. This is the case when you don't want to form any neighbor relationship on an interface but you do want to advertise that interface.
-      In OSPF, a passive interface means "do not send or receive OSPF Hellos on this interface." So, making an interface passive under OSPF with the intention of preventing the router from sending any routes on that interface but receiving all the routes is wrong.
·         An access list is blocking OSPF Hellos on both sides.
-      OSPF sends its Hello on a multicast address of 224.0.0.5. This address should be permitted.
·         A subnet number/mask has been mismatched over a broadcast link.
·         The Hello/dead interval has been mismatched.
·         The authentication type (plain text versus MD5) has been mismatched.
·         An authentication key has been mismatched.
·         An area ID has been mismatched.
·         Stub/transit/NSSA area options have been mismatched.
·         An OSPF adjacency exists with secondary IP addressing.

ü  show ip ospf neighbor - the output displays the OSPF neighbor status
ü  show ip ospf interface - to verify ospf interfaces are up/down, to verify if interface is defined as passive in the output check :(No Hellos (Passive interface))
ü  debug ip ospf adj - Look out for outputs mismatch


2.      An OSPF neighbor is stuck in ATTEMPT.

This problem is valid only for NMBA networks in which neighbor statements are defined. Stuck in ATTEMPT means that a router is trying to contact a neighbor by sending its Hello but hasn't received any response.
Causes:
·         Misconfigured neighbor statement
·         Unicast Connectivity Is Broken on NBMA, cause for this broken connectivity can be an access list is blocking the unicast.


3.      An OSPF neighbor is stuck in INIT.
When a router receives an OSPF Hello from a neighbor, it sends the Hello packet by including that neighbor's router ID in the Hello packet. If it doesn't include the neighbor's router ID, the neighbor will be stuck in INIT
Causes:
·         An access list on one side is blocking OSPF Hellos.
·         Authentication is enabled on only one side (virtual link example).
·         Hellos are getting lost on one side at Layer 2.


4.      An OSPF neighbor is stuck in 2-WAY.
Cause Priority 0 Is Configured on All Routers
It is normal in broadcast media to have a 2-WAY state because not every router becomes adjacent on broadcast media. Every router enters into FULL state with the DR and the BDR.In this example, there are only two routers on Ethernet; both are configured with priority 0. Priority 0 means that this router will not take part in DR/BDR election process. This configuration is useful when there are "low-end" routers on the segment and the desire is not to make those low-end routers DRs. For this purpose, you should configure priority 0. By default, the priority is set to 1. A
router with the highest priority on a segment wins a DR election. If all priorities are kept to the default, the router with the highest router ID becomes the DR
If all the routers on an Ethernet segment are configured with priority 0, no routers on the segment will be in FULL state with any other router. This creates problems. At least one router on the segment must have a priority that is not set to 0.

Solution:
To fix this problem, remove the priority 0 command on at least one router so that router becomes a
DR and forms a FULL adjacency



5.      An OSPF neighbor is stuck in EXSTART/EXCHANGE.
In this state, the router elects a master and a slave and the initial sequence number. The whole database also is exchanged during this state. If a neighbor is stuck in EXSTART/EXCHANGE for a long time, it is an indication of a problem
The most common possible causes of this problem are as follows:
·         Mismatched interface MTU
Solution check output of #debug ip ospf adj
Shows o/p as: OSPF: Nbr 131.108.1.2 has larger interface MTU
·         Duplicate router IDs on neighbors
·         Inability to ping across with more than certain MTU size
·         Broken unicast connectivity because of the following:
- Access list blocking the unicast
- NAT translating the unicast
If NAT is misconfigured, it will start translating the unicast packet coming toward it, which will break the unicast connectivity. R1 is configured with NAT. The outside inter-face of R1 is Serial 0.2, which connects to R2




When R2 sends a unicast packet to R1, R1 tries to translate that packet and R2 never receives the ping reply. The main thing to watch for is the access list in NAT. If the access list is permitting everything, this problem will occur To solve this problem, change access list 1 and permit only those IP address that require translation.The access list could be different from network to network. The whole idea is that the access list permit statement should not cover the neighbor's IP address. Include only the inside network 10.0.0.0/8 is permitted.


6.      An OSPF neighbor is stuck in LOADING.
When a neighbor is stuck in the LOADING state, the local router has sent a link-state request packet to the neighbor requesting an outdated or missing LSA and is waiting for an update from its neighbor. If a neighbor doesn't reply or a neighbors' reply never reaches the local router, the router will be stuck in the LOADING state.
·         The most common possible causes of this problem are as follows:
-       Mismatched MTU
-       Corrupted link-state request packet
o   When a link-state request packet is corrupted, the neighbor discards the packet and the local router never receives the response from the neighbor.  This causes the OSPF neighbor to be stuck in the LOADING state.
Link-state request packets usually become corrupted because of the following reasons:
                                                                                                       I.            A device between the neighbors, such as a switch, is corrupting the packet.
                                                                                                    II.            The sending router's packet is invalid. In this case, either the sending router's interface is bad or the error is caused by a software bug.
                                                                                                 III.            The receiving router is calculating the wrong checksum. In this case, either the receiving router's interface is bad or the error is caused by a software bug. This is the least likely cause of this error message.
Solution
Most of the time, this problem is fixed by replacing hardware. This could be a simple bad port on the
switch or a bad interface card on the sending/receiving router


2)Troubleshooting OSPF route advertisement

OSPF is a link-state protocol. When it forms neighbor relationships, it exchanges the entire link-state database with its neighbor(s).
The most common reasons for OSPF to not share the database information about a specific link are as follows:
-       The OSPF neighbor is not advertising routes.
-       The OSPF neighbor (ABR) is not advertising the summary route.
-       The OSPF neighbor is not advertising external routes.
-       The OSPF neighbor is not advertising the default route.

1.      OSPF Neighbor Is Not Advertising Routes
When a neighbor doesn't advertise a route, that route will not show up in the local router's routing table. This means that the neighbor has not included the route in its database; otherwise, the local router must have received it.
The most common possible causes of this problem are as follows:
·         OSPF is not enabled on the interface that is supposed to be advertised.
·         The advertising interface is down.
·         The secondary interface is in a different area than the primary interface.

2. OSPF Neighbor (ABR) Not Advertising the Summary Route
The ABR generates the summary LSA for one area and sends it to another area. When the ABR fails to generate the summary LSA, the areas become isolated from each other.
The most common possible causes of this problem are as follows:
·         An area is configured as a totally stubby area.
·         An ABR is not connected to area 0.
·         A discontiguous area 0 exists.

3. OSPF Neighbor Is Not Advertising External Routes
Whenever there is a redistribution in OSPF, it generates an external LSA (Type 5) that is flooded throughout the OSPF network. External LSAs are not leaked into stub, totally stubby, and NSSA areas.
The most common possible causes of this problem are as follows:
·         The area is configured as a stub or NSSA.
·         The NSSA ABR is not translating Type 7 into Type 5 LSA.
4. OSPF Neighbor Not Advertising Default Routes
The most common possible causes for an OSPF router not to advertise the default route are as follows:
·         The default-information originate command is missing.
·         The default route is missing from the neighbor's routing table.
·         A neighbor is trying to originate a default into a stub area.
·         The NSSA ABR/ASBR is not originating the Type 7 default.


4) Troubleshooting OSPF Route Installation

It happens that OSPF routers have fully synchronized their databases with those of their neighbors but are not installing routes in the routing table.

After the route is in the database, there can be several reasons that the route is not installed in the database

The most common reasons for OSPF failing to install routes in the routing table are as follows:
·         OSPF is not installing any routes in the routing table.
·         OSPF is not installing external routes in the routing table.

1. OSPF is not installing any routes in the routing table.
This is common problem in OSPF to find routes in the database but not in the routing table.
When OSPF finds any kind of discrepancy in the database, it does not install any routes in the routing table.
·         The most common possible causes of this problem are as follows:
·         The network type is mismatched.
·         IP addresses are flipped in dual serial-connected routers or a subnet/mask mismatch has occurred.
·         One side is a numbered and the other side is an unnumbered point-to-point link.
·         A distribute list is blocking the routes' installation.



4) Troubleshooting Redistribution Problems in OSPF
When a router in OSPF does the redistribution, it becomes an ASBR. The routes that are redistributed into OSPF could be directly connected routes, static routes, or dynamically learned routes from another routing protocol or another OSPF process.



5) Troubleshooting Route Summarization in OSPF
The idea is that if there are contiguous ranges of addresses, instead of advertising every network, you can form a group of contiguous networks and summarize those networks in one, two, or fewer blocks and advertise those blocks. This feature helps reduce the size of the routing table. Reducing the routing table size decreases the convergence time and increases OSPF performance. Thus, summarization needs to be configured manually on the router.

OSPF can use two types of summarization:
·         Interarea summarization that can be done on the ABR
·         External summarization that can be done on the ASBR
Two common problems related to summarization in OSPF are as follows:
·         A router is not summarizing interarea routes.
Cause: area range Command Is Not Configured on ABR
ensure that the area range command is configured on the correct router. Area range
summarization can be done only on the ABR. In summarization, instead of originating separate LSAs for each network, the ABR originates summary LSAs to cover those ranges of addresses.
When configuring the area range command, make sure that the summarization mask is in the form of a prefix mask rather than a wildcard mask

·         A router is not summarizing external routes
Cause: summary-address Command Is NotConfigured on ASBR




6) Troubleshooting CPUHOG Problems
The CPUHOG messages usually appear in two significant stages:
·         Neighbor formation process
·         LSA refresh process

Problem: CPUHOG Messages During Adjacency Formation—Cause: Router Is Not Running Packet-Pacing Code

Problem: CPUHOG Messages During LSA Refresh Period—Cause: Router Is Not Running LSA Group-Pacing Code


7) Troubleshooting SPF Calculation and Route Flapping
Whenever there is a change in topology, OSPF runs the SPF algorithm to compute the shortest path first tree again. Unstable links existing within the OSPF network could cause constant SPF calculation. This section discusses the problem of SPF running constantly in the network for the following reasons:
·         Interface flap within the network
·         Neighbor flap within the network
·         Duplicate router ID


1. SPF Running Constantly—Cause: Interface Flap Within the Network
Whenever there is a link flap in an area, OSPF runs SPF. So, if a network has unstable links, it can cause constant SPF run. SPF itself is not a problem because OSPF is just adjusting the change in database through calculating SPF. The real prob-lem occurs if there are small routers in the network and a constant SPF run might cause a CPU spike in a router. A link flap is shown in Figure. Because R1 also is included in area 0, any link flap in area 0 causes all routers in area 0 to run SPF.

Determining How Often SPF Is Running use command  show ip ospf and check for the output SPF algorithm executed x times

to find out which particular LSA is flapping is to turn on debug ip ospf monitor. This
debug shows exactly which LSA is flapping.

R1# debug ip ospf monitor
OSPF: Schedule SPF in area 0.0.0.0
Change in LS ID 192.168.1.129, LSA type R,
OSPF: schedule SPF: spf_time 1620348064ms wait_interval 10s

next step is to go on that router whose router LSA is flapping and check the log for any interface flap.

Actually two solutions exist in this case:
·         Fix the link flap.
·         Redefine the area boundaries.

Actually two solutions exist in this case:
l Fix the link flap.
l Redefine the area boundaries.


2. SPF Running Constantly—Cause: Neighbor Flap Within the Network

When a neighbor goes down, it causes a change in topology, so SPF runs
There is a way to track the neighbor changes in OSPF. Configure ospf log-adjacency-changes under router ospf to track all the neighbor changes.

router ospf 1
ospf log-adjacency-changes
When this command is configured, it saves all the neighbor state changes in the router's sys log.

3. SPF Running Constantly—Cause: Duplicate Router ID
When two routers have identical router IDs, confusion
results in the OSPF topology database, and the route keeps getting added and deleted. The most common symptom of this problem is that the LS Age field always has a small value.
This problem usually is generated by a cut and paste of a router configuration into another router. This results in two routers with identical router IDs


Common OSPF Error Messages

1)"OSPF: Could not allocate router id"
This message appears in two situations:
l No up/up interface with a valid IP address
l Not enough up interfaces with a valid IP address for multiple OSPF processes
OSPF requires a valid IP address that is up/up so that it can allocate a router ID for the OSPF
process. The IP address must be assigned on an up/up interface. If a router fails to allocate router
IDs, OSPF will not function. This problem can be corrected by using loopback addresses.
The loopback interface solution works for both situations. Just configure a loopback interface for one
process. If you are trying to run more than one process, you might need more than one loopback
interface.





2)"%OSPF-4-BADLSATYPE"

"%OSPF-4-BADLSATYPE: Invalid lsa: Bad LSA type" Type 6
Error Message
This is normal if the neighboring router is sending the multicast OSPF (MOSPF) packet. For more
information on MOSPF, refer to RFC 1584. Cisco routers do not support MOSPF, so they simply ignore
it. To get rid of these messages, simply type the following:
router ospf 1
ignore lsa mospf
If the type is something other than 6, it's probably a bug or a memory corruption error




3)"%OSPF-4-ERRRCV"
This message means that OSPF received an invalid packet.
Three common types of this message can occur:
a)      Mismatch area ID
b)      Bad checksum
c)      OSPF not enabled on the receiving interface

a)      Mismatched Area ID

This message looks like this:
%OSPF-4-ERRRCV: Received invalid packet: mismatch area ID, from backbone area must be virtual-link but not found from 170.170.3.3, Ethernet0
This means that the neighbor's interface connecting to this interface is in area 0 but that this interface  is not in area 0. In this situation, the router will not form an OSPF adjacency with the neighbor that this packet comes from. This also happens if one side's virtual link is misconfigured.To avoid these messages, make sure that both sides have the same area ID by checking the network statement under OSPF in the router configuration. For example, if the link 10.10.10.0/24 between two routers should be in area 1, make sure that the network statement on both routers includes this particular link in area 1.

The network command would look like this:
router ospf 1
network 10.10.10.0 0.0.0.255 area 1
If a virtual link is configured, double-check the configuration for virtual link.

b)      Bad Checksum

The message looks like this:
%OSPF-4-ERRRCV: Received invalid packet: Bad Checksum from 144.100.21.141, TokenRing0/0
This means that OSPF encountered an error in a packet that was received. This is because the OSPF checksum does not match the OSPF packet that was received by this router.

This problem has three causes:
1.      A device between the neighbors, such as a switch, is corrupting the packet.
2.      The sending router's packet is invalid. In this case, either the sending router's interface is bad or a software bug is causing the error.
3.       The receiving router is calculating the wrong checksum. In this case, either the receiving router's interface is bad or a software bug is causing the error. This is the least likely cause of this error message.

This problem can be difficult to troubleshoot, but you can start with the following solution, which is effective in 90 percent of cases. It's important that you follow the steps in order:

Step 1. Change the cable between the routers. For the example given in this section, this
would be the router that is sending the bad packet (144.100.21.141) and the router that is
complaining about these bad packets.
Step 2. If Step 1 doesn't fix the problem, use a different port on the switch between the
routers.
Step 3. If Step 2 doesn't fix the problem, connect the routers directly using a cross-over
cable. If you receive no further messages, the switch most likely is corrupting the packet.
If none of these steps solves the problem, contact the Cisco Technical Assistance Center (TAC) and work with an engineer to look for a bug in Cisco IOS Software or to obtain a possible Return Material Authorization (RMA) for partial or full parts replacement.


c)      OSPF Not Enabled on the Receiving Interface

The message looks like this:

%OSPF-4-ERRRCV: Received invalid packet: OSPF not enabled on interface from
141.108.16.4, Serial0.100

The router generating this message received a packet from 141.108.16.4 on Serial0.100, but OSPF isnot enabled on the Serial0.100 interface. This message is generated only once for a non-OSPF interface.




View/Debug Commands

show ip ospf interface
show ip ospf database
show ip ospf database network 
(lsa type 2) 
show ip ospf database router 
(lsa type 1) 
show ip ospf database summary 
(lsa type 3)
show ip ospf database asbr-summary 
(lsa type 4)
show ip ospf database external 
(lsa type 5)
show ip ospf database nssa-external 
(lsa type 7)
show ip ospf virtual-links
show ip ospf border-routers
show ip ospf statistics
debug ip ospf hello
debug ip ospf adj