OSPF Loopback interfaces are treated as a stub host and will only have a 32 bit host route on the other devices no matter how the subnet mask is entered under the OSPF network statement.

We will explore how we can disable this default behaviour using a few methods.

As you can see, R4 is configured with IP address 192.168.1.4 and R5 with 192.168.1.5.

We have loopback interfaces added with /24 subnet masks on R4 and R5

R4#sh run int loop0
Building configuration...
Current configuration : 61 bytes
!
interface Loopback0
ip address 4.4.4.4 255.255.255.0
end
R4#

R5#sh run int loop 0
Building configuration...
Current configuration : 61 bytes
!
interface Loopback0
ip address 5.5.5.5 255.255.255.0
end
R5#

We are running basic OSPF Configs as follows…

R4#sh run | se router ospf 1
router ospf 1
router-id 4.4.4.4
log-adjacency-changes
network 4.4.4.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
R4#

R5#sh run | se router ospf 1
router ospf 1
router-id 5.5.5.5
log-adjacency-changes
network 5.5.5.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
R5#

This is what we are seeing on R4 and R5 and we expected this…

R5#sh ip ro ospf
4.0.0.0/32 is subnetted, 1 subnets
O       4.4.4.4 [110/11] via 192.168.1.4, 00:12:27, Ethernet0/0
R5#

R4#sh ip ro ospf
5.0.0.0/32 is subnetted, 1 subnets
O       5.5.5.5 [110/11] via 192.168.1.5, 00:12:43, Ethernet0/0
R4#

Now we will try the first method, this is to set the OSPF Network type to point-to-point under the interface configuration mode.

R4#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R4(config)#int loop 0
R4(config-if)#ip ospf network point-to-point
R4(config-if)#

R5#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R5(config)#int loop0
R5(config-if)#ip ospf network point-to-point
R5(config-if)#

As you can see this works, and now we are seeing the whole /24 Range…

R4#sh ip ro ospf
5.0.0.0/24 is subnetted, 1 subnets
O       5.5.5.0 [110/11] via 192.168.1.5, 00:00:04, Ethernet0/0
R4#

R5#sh ip ro ospf
4.0.0.0/24 is subnetted, 1 subnets
O       4.4.4.0 [110/11] via 192.168.1.4, 00:00:18, Ethernet0/0
R5#

Second option we got is to redistribute the connected network with the with the redistribute connected subnets under the Router OSPF configuration mode.

When it comes to redistribution, try not to go wild and it is always a good idea to create route-map to point out what you want redistributed.

R4#sh ip ro ospf
5.0.0.0/24 is subnetted, 1 subnets
O E2    5.5.5.0 [110/20] via 192.168.1.5, 00:00:00, Ethernet0/0
R4#

R5#sh ip ro ospf
4.0.0.0/24 is subnetted, 1 subnets
O E2    4.4.4.0 [110/20] via 192.168.1.4, 00:00:15, Ethernet0/0
R5#

The third option we have is to use the Area Range command. To accomplish this, we will need to add a few more Loopback interfaces on R4 then we will use the area x range command to summarise it.

R4#sh ip int brie | i up
Ethernet0/0    192.168.1.4     YES manual up     up
Loopback0      4.4.4.4         YES manual up     up
Loopback10     10.1.1.1        YES manual up     up
Loopback11     11.1.1.1        YES manual up     up
Loopback12     12.1.1.1        YES manual up     up
R4#

When we add the loopback interfaces into OSPF, it is still showing it as a /32 Host route…

R5#sh ip ro ospf
10.0.0.0/32 is subnetted, 1 subnets
O IA    10.1.1.1 [110/11] via 192.168.1.4, 00:00:22, Ethernet0/0
11.0.0.0/32 is subnetted, 1 subnets
O IA    11.1.1.1 [110/11] via 192.168.1.4, 00:00:12, Ethernet0/0
12.0.0.0/32 is subnetted, 1 subnets
O IA    12.1.1.1 [110/11] via 192.168.1.4, 00:00:12, Ethernet0/0
R5#

Now, we will use the Area 1 Range command to summarise it on R4. Once it is done, we can now see the end result.

Note: The above Loopback networks have been added into Area 1 under the Router OFPF configuration.

R5#sh ip ro ospf
O IA 8.0.0.0/5 [110/11] via 192.168.1.4, 00:00:10, Ethernet0/0
R5#

These are the three method I know of when it comes to disabling the /32 host route on OSPF Loopback Networks…

I was going through 6to4 tunnel configs and thought I’d post some info on converting IPv4 address into IPv6 Address. This is pretty straight forward and its obviously involves HEX conversion.

Here, I will convert the address 192.168.25.234

First we divide each octet by 16 and write down the remainder, primary school maths!

192 ÷ 16 = 12 remainder 0
168 ÷ 16 = 10 remainder 8
25 ÷ 16 = 1 remainder 9
234 ÷ 16 = 14 remainder 10

We also know that HEX has the following Values

A = 10
B = 11
C = 12
D = 13
E = 14
F = 15

So we can write 192.168.25.234 into HEX like so… C0A8:19EA

Now we will change the HEX Address C0A8:19EA into regular IPv4

C0 = (12 x 16) + 0 = 192
A8 = (10 x 16) + 8 = 168
19 = (1 x 16) + 9 = 25
EA = (14 x 16) + 10 = 234

QED

I was going through some TCP windowing over a high speed WAN link, and thought it might be worth to post some info regarding this.

We do face a typical problem of having slow speed file transfer even if the dedicated pipe is capable of supporting it.

There are three factors which affects this…

1. TCP Window Size.
2. Round trip latency of the circuit.
3. Bandwidth of the circuit.

Maximum throughput you can get from a line with 10ms latency and a TCP window of 32KB can be calculated with…

32KB –> 32 x 1024 x 8 = 262144 Bits

262144 ÷ 0.01 = 26214400 bps = 26.2144 Mbps

Let’s say we have an OC-3 line, which is at 155 Mbps and a round trip latency of 10ms, and we need to calculate the TCP window size to maximize the throughput…

155.52 x 10⁶ = 155520000 bps

TCP_WINDOW = 155520000 x 0.01 = 1555200 Bits = 194400 Bytes = 189.84375 KB

Hope I got the calculation right

Multilink is a way of bundling more than one PPP WAN links and bundle them together into one logical interface. This is one of the method you can implement when you have a primary and secondary links in place and create a logical conduit where both links are present.

This method can be used to load balance data across the links and at the same time it will support redundancy when one one link fails.

I have tested this configuration on 2 of my 2500 Routers and I haven’t tested these on more recent IOS so some commands may vary. I will be checking them on a pair of 3845s/2691s on a later date and will add my findings to this post.

As you can see the Diagram, I am using R4 and R5 which are connected via Serial 0 and Serial 1 respectivly.

R4 Configuration

Multilink Interface
interface Multilink1
ip address 172.16.1.1 255.255.255.252
ppp multilink
ppp multilink links maximum 2
ppp multilink links minimum 1
ppp multilink group 1

Serial 0

interface Serial0
no ip address
encapsulation ppp
clock rate 64000
ppp multilink
ppp multilink group 1

Serial 1

interface Serial1
no ip address
encapsulation ppp
clock rate 64000
ppp multilink
ppp multilink group 1

As you can see, since this is a lab scenario, I have set the clock rate on the link. If you are setting this up on a WAN link, you don’t need to do this as the circuit provider would be setting this up for you.

Also another thing to watch out for is to create the Multilink interface first then move onto configuring the Serial interfaces. If you do the other way around, it will not allow you to set the multilink group as it is not present on the router (See the error message below).

R4(config-if)#ppp multi gr 1
% Cannot set multilink group. Interface Multilink1 does not exist

That is all to watch out for and you can see my R5 configuration below…

R5 Configuration

Multilink

interface Multilink1
ip address 172.16.1.2 255.255.255.252
ppp multilink
ppp multilink links maximum 2
ppp multilink links minimum 1
ppp multilink group 1

Serial 0

interface Serial0
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 1

Serial 1

interface Serial1
no ip address
encapsulation ppp
ppp multilink
ppp multilink group 1

Here is how it should look…

R4#sh ip int br | i up
Multilink1    172.16.1.1    YES   manual  up  up
Serial0       unassigned    YES   manual  up  up
Serial1       unassigned    YES   manual  up  up

R5#sh ip int br | i up
Multilink1    172.16.1.2    YES   manual  up  up
Serial0       unassigned    YES   manual  up  up
Serial1       unassigned    YES   manual  up  up

R4#ping 172.16.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/44/52 ms
R4#

Now I will bring Serial 0 interface down and test the Multilink…

R4(config)#int se0
R4(config-if)#shut
R4(config-if)#

*Mar  1 01:19:41.123: %LINK-5-CHANGED: Interface Serial0, changed state to administratively down
*Mar  1 01:19:42.123: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down

R4(config-if)#do sh ip int br
Interface     IP-Address   OK?    Method  Status              Protocol
Ethernet0     unassigned   YES    NVRAM   administratively    down  down
Multilink1    172.16.1.1   YES    manual  up                  up
Serial0       unassigned   YES    manual  administratively    down  down
Serial1       unassigned   YES    manual  up                  up

R4(config-if)#do ping 172.16.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/36 ms
R4(config-if)#

As you can see, it works even when one interface is down…

Frame-Relay is one of the core concept of networking and nowadays it is one of the under appreciated part on modern networking.

I am just going to go over how to configure it using 4 Routers and one will act as a Frame-Relay cloud.

Before I go ahead and explain the configuration, You can see the below diagram which represents the physical topology.

As you can see, FRS is connected via…

Serial 1/1 to R1 Serial 1/0
Serial 1/2 to R2 Serial 1/0
Serial 1/3 to R3 Serial 1/0

Now we have got the physical topology clear, we will move onto Frame-Relay configuration and the DLCI assignment.

As you can see the DLCI configuration…

On R1 : DLCI 122 is connected to R2 and DLCI 123 is connected to R3
On R2 : DLCI 221 is connected to R1
On R3: DLCI 321 is connected to R3.

If you are configuring the DLCI then I would suggest you follow this method of numbering, Because from the DLCI Number, I can simply distinguish where the DLCI is connecting to…

For Example, we will take DLCI 122 (One Two Two ) I remember it as; From Router One 2 Two and the same goes for DLCI 321 (Three Two One) Router Three 2 One.

Here are the configuration on the FRS (Please see the first diagram for interface info…)

Serial 1/1

interface Serial1/1
no ip address
encapsulation frame-relay
logging event subif-link-status
logging event dlci-status-change
clock rate 64000
no frame-relay inverse-arp
frame-relay intf-type dce
frame-relay route 122 interface Serial1/2 221
frame-relay route 123 interface Serial1/3 321

Serial 1/2

interface Serial1/2
no ip address
encapsulation frame-relay
logging event subif-link-status
logging event dlci-status-change
clock rate 64000
no frame-relay inverse-arp
frame-relay intf-type dce
frame-relay route 221 interface Serial1/1 122

Serial 1/3

interface Serial1/3
no ip address
encapsulation frame-relay
logging event subif-link-status
logging event dlci-status-change
clock rate 64000
no frame-relay inverse-arp
frame-relay intf-type dce
frame-relay route 321 interface Serial1/1 123

As you can see, if you are configuring Frame-Relay you should understand what every command does and I will be writing a more detailed post on Frame-Relay switching where all of these commands will be covered.

Now the FRS is set, we will go ahead and configure each interface of the routers R1, R2 and R3.

R1

interface Serial1/0
ip address 172.16.10.1 255.255.255.0
encapsulation frame-relay
logging event subif-link-status
logging event dlci-status-change
no fair-queue
frame-relay map ip 172.16.10.2 122 broadcast
frame-relay map ip 172.16.10.3 123 broadcast
no frame-relay inverse-arp

R2

interface Serial1/0
ip address 172.16.10.2 255.255.255.0
encapsulation frame-relay
logging event subif-link-status
logging event dlci-status-change
no fair-queue
frame-relay map ip 172.16.10.1 221 broadcast
frame-relay map ip 172.16.10.3 221 broadcast
no frame-relay inverse-arp

R3

interface Serial1/0
ip address 172.16.10.3 255.255.255.0
encapsulation frame-relay
logging event subif-link-status
logging event dlci-status-change
no fair-queue
frame-relay map ip 172.16.10.1 321 broadcast
frame-relay map ip 172.16.10.2 321 broadcast
no frame-relay inverse-arp

The most important commands are “Frame-Relay Map” on the Routers and the “Frame-Relay Route” command on the Frame switching router.

As you can see, I have the Broadcast option at the end of the “frame-relay map” command; It is there to allow routing packets such as RIP to be passed through the Frame network. Without this option, it will not allow IP traffic to be switch through frame network.

If you don’t get the DLCI mapping correct, you will not get the circuit to come “active”

You can check the Frame route by issuing the “show frame-relay route” command on FRS.

FRS#sh fr ro
Input Intf   Input Dlci   Output Intf   Output Dlci   Status
Serial1/1    122          Serial1/2     221           active
Serial1/1    123          Serial1/3     321           active
Serial1/2    221          Serial1/1     122           active
Serial1/3    321          Serial1/1     123           active
FRS#

And “show frame-relay map” on the Routers (R1, R2, R3)

R1#sh frame map
Serial1/0 (up): ip 172.16.10.2 dlci 122(0x7A,0x1CA0), static,
broadcast,
CISCO, status defined, active
Serial1/0 (up): ip 172.16.10.3 dlci 123(0x7B,0x1CB0), static,
broadcast,
CISCO, status defined, active

R2#sh frame map
Serial1/0 (up): ip 172.16.10.1 dlci 221(0xDD,0x34D0), static,
broadcast,
CISCO, status defined, active
Serial1/0 (up): ip 172.16.10.3 dlci 221(0xDD,0x34D0), static,
broadcast,
CISCO, status defined, active

R3#sh frame map
Serial1/0 (up): ip 172.16.10.1 dlci 321(0x141,0x5010), static,
broadcast,
CISCO, status defined, active
Serial1/0 (up): ip 172.16.10.2 dlci 321(0x141,0x5010), static,
broadcast,
CISCO, status defined, active

If it says “inactive” or “deleted”, I would first check the DLCI assignment and encapsulation and so forth…

And it is always nice to see the following message…

*Mar  1 00:00:21.005: %FR-5-DLCICHANGE: Interface Serial1/1 - DLCI 122 state changed to ACTIVE
*Mar  1 00:00:21.005: %FR-5-DLCICHANGE: Interface Serial1/1 - DLCI 123 state changed to ACTIVE
*Mar  1 00:00:21.098: %FR-5-DLCICHANGE: Interface Serial1/2 - DLCI 221 state changed to ACTIVE
*Mar  1 00:00:21.146: %FR-5-DLCICHANGE: Interface Serial1/3 - DLCI 321 state changed to ACTIVE

All broadcasts messages are dropped by the router when it receives on an interface. This specific command is enables the router to convert the broadcast messages distended for a specific destination into unicast. This interface level command needs to be applied on the interface which the broadcast receives from.

R1(config-if)#ip helper-address 10.10.10.10

Also there are other options where you point the address to a vrf etc…

The following broadcasts are forwarded by default…

TIME – Port 37
TACACS – Port 49
DNS – Port 53
BOOTP/DHCP Server – Port 67
BOOTP/DHCP Client – Port 68
TFTP – Port 69
NetBIOS Name Service – Port 137
NetBios Datagram Service – Port 138

Other protocols can be forwarded by using the following Global config commanding…

R1(config)#ip forward-protocol udp ?

Use the ? to see the supported protocols. You may use the following command to remove a specific protocol being forwarded…

R1(config)#no ip forward-protocol udp ?

I have been going through YouYube and found this great video about IPSec…

This is one of the BGP configuration I have came across on my lab…

no-export : This will keep the route inside the confederation, but not to any peers.

local-as : This will keep the route inside the AS, but not even to confederation peers.

no-export –> local-as –> no-advertise

If there is no confederation present, no-export will reflect the same result as local-as.

I had to do a find and replace a string on all of the wordpress post. This can only be done via a MySQL query and won’t take more than a minute.

This is how it’s done. In the following example, I will be finding X and replacing it with Y

The string will find X in every single post and replace it with Y. This also works with phrases, URLs etc..

update wp_posts set post_content = replace(post_content, 'X', 'Y')

There are many free TFTP server sortware out there, just install one.

First of all, make sure you have IP reachablity to the TFTP Server. You can do that via Ping…

Then check whether TCP port 69 is open. Usually it is not the case, but when it comes to troubleshooting, it is the first thing to check after a succesful Ping test.

Jump onto the router you are going to do the IOS upgrade.

Make sure the IOS you are going to replace it with is compatible with your router & also you have the necessary Flash / RAM.

If your Flash is big enough to have more than two IOS images, then you can straight away go and download it from the TFTP Server.

If you are going to have two IOS images in flash, you need to specify the router which image to load on boot. It can be done via the following command…

boot system flash IMAGE_NAME_HERE

Example:
Router(config)#boot system flash c2691-adventerprisek9_ivs-mz.124-15.T9.bin
If the flash is not big enough to have both images, you need to delete the old image.

I usually use the command show flash: then delete the content via the command delete flash:

You can see an example here…

Router#show flash: all
-#- --length-- -----date/time------ path
1 32293924 Mar 1 1993 00:23:52 +00:00 c2691-adventerprisek9-mz.124-5a.bin
31739904 bytes available (32296960 bytes used)
Router#delete flash:
Delete filename []? c2691-adventerprisek9-mz.124-5a.bin
Delete flash:c2691-adventerprisek9-mz.124-5a.bin? [confirm]
Router#
Router#
Router#
Router#show flash:
No files on device
64036864 bytes available (0 bytes used)

Now copy the IOS image from the TFTP Server

Copy tftp: flash:

Example here…

Router#copy tftp: flash:
Address or name of remote host []? 192.168.1.100
Source filename []? c2691-adventerprisek9_ivs-mz.124-15.T9.bin
Destination filename [c2691-adventerprisek9_ivs-mz.124-15.T9.bin]?
Accessing tftp://192.168.1.100/c2691-adventerprisek9_ivs-mz.124-15.T9.bin...
Loading c2691-adventerprisek9_ivs-mz.124-15.T9.bin from 192.168.1.100 (via FastEthernet0/1): !!!!!!!!!!

Sometimes the router might ask you to erase Flash: but I usually do that…

Reload the router and it should be able to run the new IOS Image.

If you happen to have more than one IOS on Flash: You can hardcode which version of IOS to load with the global config command.

Router(config)#boot system flash c2691-adventerprisek9_ivs-mz.124-15.T9.bin