Sparkys CCNP Journey: November 2011

Tuesday 29 November 2011

Nugget 20
BGP Routing - Implementing Basic BGP 1

An Autonomous System (AS) is the foundation of everything ,it represents the networks under
1 authority.

There are public AS's and private AS's

IBGP = a relationship between 2 BGP speakers in the same AS
EBGP = is used when the two routers are different AS's (like the BGP relationship you would have if you were to peer with your ISP)

NEED to make mind change, as neighbours are now redefined .... as opposed to how we think of them with other routing protocols

Neighbours DONT have to be directly connected! they can form through routers! becuase BGP rides ONTOP of your existing network infastructure...say OSPF/EIGRP etc

USUALLY BGP does NOT REPLACE an internal routing protocol, it really is used to establish relationships with the outside world.

Thru this relationship the ISPs can exchange routes via you, so this means they end up using you as a path to reach each the other ISP (so you are a transit AS)

You can solve this by redistribution, but interior routing protocols are not designed to handle hundreds of megabyte's of routing tables, OSPF wont handle it etc ... so although this is not WISE, you can do this if you redistribute a small subset of networks

You could also bring up a WAN link between these two routers (IBGP) to directly connect them to solve this problem .... or you could run BGP on the other router ... but this needs to be able to support the hardware requirements etc ...

Nugget 19
BGP Routing - Foundation Concepts and Planning

NOTES:
The BGP series - CCIP/CCIE focuses on the cloud in BGP
whereas this series CCNP focuses on us, the customer/corporate SME/SMB

usually when running routing protocols people focus on the routes and traffic
outbound! but with BGP the main concern/focus is inbound

email/web servers , not to worried about peeps surfing web/vpn etc

organisations want redundancy so that people accessing the incoming corporate
infrastructure

How it works
You get a public block
advertise route out to both isps, then that is flooded to rest of community
if isp is unavailble then other isp has peer with with another isp

2 uses
BGP = typical aim is to make ur company redutant
BGP = shortest paths to destinations (even though bandwidth the same, maybe less hops)

Equals multihoming

NOTES ABOUT THE FACTS
Most routing protocols we have looked at so far, OSPF, EIGRP they are their own layer 4 protocol and have own reliability mechanisms ....

BGP runs on top of TCP (port 179) ... TCP already has its own reliability (ACks) so BGP uses these when sending updates, if not recieved, BGP will resend the update ..typical TCP behaviour)

METRIC - compound metric very tuneable - BGP attributes (10 or so) it goes through these attributes looking for something to break the tie.

SLOWEST PROTOCOL to converge (u can but dont!!!... well, you can use iBGP)
why use it, think of how many networks/routers a second go down on the internet ... loads and all the time! this would swarm us in chaos with updates!!!

STYLES of BGP

DEFAULT ROUTE ONLY BGP implementation

PARTIAL routing table BGP implementation

FULL routing table BGP implementation
You need a router beefy enough to hold the full routing table of the internet TWICE! if multihoming with x2 isps (like 100 odd MB each or 300MB if x3 ISPS ... etc)

although only x1 route will go into the routing table, the router still maintains the other routes in the BGP table

This is the most flexible approach and you can really shape your network to how you want it, BUT it is the most resource consuming too!

Sunday 27 November 2011

STEP 4. Enable filtering using the assigned route tags to ensure redistributed routes do not cause any looping issues.

So, we want to make sure any tags that we sent out via EIGRP do not come back round in via R3 via OSPF

We already have a route-map (EIGRP-TO-OSPF) in place that is marking the routes and setting the metrics

We also want to block the routes with tags 10,20 and 30 coming back in via OSPF into EIGRP.

R2(config)#route-map EIGRP-TO-OSPF deny 5
R2(config-route-map)#match tag 40

R2(config)#route-map OSPF-TO-EIGRP deny 5
R2(config-route-map)#match tag 10 20 30 (when aligned this acts as OR, when on new line, its AND)

So just to clarify;
route-map OSPF-TO-EIGRP, deny, sequence 5
Match clauses:
    tag 10 20 30
Set clauses:
Policy routing matches: 0 packets, 0 bytes
route-map OSPF-TO-EIGRP, permit, sequence 10
Match clauses:
Set clauses:
    metric 400 20 255 1 1500
    tag 40

Lets to do the same on R3

route-map EIGRP-TO-OSPF deny 5
match tag 40

route-map OSPF-TO-EIGRP deny 5
match tag 10 20 30

STEP 5.
R3 has the preferred route to reach the 10.1.0.0/24 network. Ensure routers prefer this path over the path from R2.

Lets check which route R4 currently favours for the 10.1.0.0/24;

R4#traceroute 10.1.0.1

Type escape sequence to abort.
Tracing the route to 10.1.0.1

1 10.1.24.2 4 msec 4 msec 4 msec
2 10.1.12.1 8 msec 4 msec *

As expected we go to R2, then R1

R4 knows about the route via EIGRP from R2:

R4#show ip route 10.1.0.0
Routing entry for 10.1.0.0/24
Known via "eigrp 100", distance 170, metric 6430720
Tag 40, type external
Redistributing via eigrp 100
Last update from 10.1.24.2 on FastEthernet0/0, 00:11:24 ago
Routing Descriptor Blocks:
* 10.1.24.2, from 10.1.24.2, 00:11:24 ago, via FastEthernet0/0
      Route metric is 6430720, traffic share count is 1
      Total delay is 1200 microseconds, minimum bandwidth is 400 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 1

RIGHT, so we have to make the route from R3 look "better" than the route from R2

Looking at the routing tables, R3 has the route 10.1.0.0/24 with an AD of 170
R2 has the route with an AD of 110 ... so even if we were to play with metrics, it still would NOT matter,

One approach is we could lower the Admin Distance of External routes of EIGRP to say 105 (anything below the AD of OSPF which is 110)

Lets try it;

currently R2's route for 10.1.0.0 is

R2#show ip route | i 10.1.0.0
O       10.1.0.0/24 [110/782] via 10.1.12.1, 00:52:01, Serial0/0

R2(config)#router eigrp 100
R2(config-router)#distance eigrp ?
<1-255> Distance for internal routes

R2(config-router)#distance eigrp 90 ?    <-- dont need to change internal, keep at default
<1-255> Distance for external routes

R2(config-router)#distance eigrp 90 105

00:55:49: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 10.1.24.4 (Ethernet0/0) is down: route configuration changed
00:55:49: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 10.1.23.3 (Serial0/1) is down: route configuration changed
00:55:51: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 10.1.23.3 (Serial0/1) is up: new adjacency
00:55:53: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 10.1.24.4 (Ethernet0/0) is up: new adjacency

SO boys n gals, whadda reckon ......

R2#show ip route | i 10.1.0.0
D EX    10.1.0.0/24 [105/6917120] via 10.1.23.3, 00:02:12, Serial0/1

YEAH BOI!!! check that out! R2 is now favouring the route via R3 with the new Admin Distance of 105, which beats the OSPF AD!

lets check the route on R4 again:

R4#tracerou 10.1.0.1

Type escape sequence to abort.
Tracing the route to 10.1.0.1

1 10.1.24.2 4 msec 4 msec 4 msec
2 10.1.23.3 8 msec 4 msec 4 msec   <---- THEREs our bud, R3!!!
3 10.1.13.1 4 msec 4 msec *

NOW! that is kool, very kool, BUT we do have to be careful with and where we make these changes, becuase if say we also go and make this change on R3, we would create ourself an infinite loop! as R3 would prefer R2 over R1 to get to 10.1.0.0/24, the packet would go back over to R2, same thing, it is going to prefer R3 ... and round and round we go! ... although split horizon would prolly kick in, but the point is still valid!

Gotta be careful with advanced route redistribution

Saturday 26 November 2011

18 - IPv4 Redistribution - Implementing Advanced Redistribution

Lets get basic routing over OSPF and EIGRP, ready for our redistribution (R2 and R3)

STEP 1

R1(config)#router ospf 1
R1(config-router)#network 10.0.0.0 0.255.255.255 area 0

R4(config)#router eigrp 100
R4(config-router)#no auto-summary
R4(config-router)#network 10.0.0.0

R2(config)#router ospf 1
R2(config-router)#network 10.1.12.0 0.0.0.255 area 0

03:51:46: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.0.1 on Serial0/0 from LOADING to FULL, Loading Done

R2(config)#router eigrp 100
R2(config-router)#no auto-summary
R2(config-router)#network 10.1.24.0 0.0.0.255

03:52:54: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 10.1.24.4 (Ethernet0/0) is up: new adjacency

R3(config)#router ospf 1
R3(config-router)#network 10.1.13.0 0.0.0.255 area 0

*Mar 1 03:54:04.403: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.0.1 on FastEthernet0/0 from LOADING to FULL, Loading Done

R3(config)#router eigrp 100
R3(config-router)#network 10.1.23.0 255.255.255.0

So Router 2 now sees all routes from both domains:

R2#show ip

     10.0.0.0/8 is variably subnetted, 11 subnets, 2 masks
O       10.1.13.0/24 [110/791] via 10.1.12.1, 00:05:04, Serial0/0
C       10.1.12.1/32 is directly connected, Serial0/0
C       10.1.12.0/24 is directly connected, Serial0/0
D       10.4.4.0/24 [90/409600] via 10.1.24.4, 00:06:40, Ethernet0/0
O       10.1.0.0/24 [110/782] via 10.1.12.1, 00:05:04, Serial0/0
D       10.4.2.0/24 [90/409600] via 10.1.24.4, 00:06:40, Ethernet0/0
D       10.4.3.0/24 [90/409600] via 10.1.24.4, 00:06:40, Ethernet0/0
D       10.4.0.0/24 [90/409600] via 10.1.24.4, 00:06:40, Ethernet0/0
D       10.4.1.0/24 [90/409600] via 10.1.24.4, 00:06:40, Ethernet0/0
C       10.1.24.0/24 is directly connected, Ethernet0/0
C       10.1.23.0/24 is directly connected, Serial0/1

STEP 1 COMPLETE

STEP 2
Enable full, mutual redistribution on R2 and R3 between OSPF and EIGRP. The 10.4.0.0/24 and 10.4.1.0/24 subnets should have a seed metric of 100 and an OSPF tag of 10 while the 10.4.2.0/24 and 10.4.3.0/24 subnets should have a seed metric of 200 and an OSPF tag of 20. All other subnets redistributed into OSPF should have a seed metric of 300 and an OSPF tag of 30. OSPF routes redistributed into EIGRP should have a seed metric of BW: 400 DLY: 20 REL: 255 LD: 1 MTU: 1500 and a tag of 40. Finally, external OSPF routes should not increment their metric as they pass through the OSPF domain.

last part of STEP 2:
external OSPF routes should not increment their metric as they pass through the OSPF domain. - is an E2 route (what we covered in last lab)

SO, best way forward, ACLs with route maps, lets group the networks by what metrics they need and go from there:

R2(config)#ip access-list standard METRIC100
R2(config-std-nacl)#permit 10.4.0.0 0.0.0.255
R2(config-std-nacl)#permit 10.4.1.0 0.0.0.255

R2(config-std-nacl)#ip access-list standard METRIC200
R2(config-std-nacl)#permit 10.4.2.0 0.0.0.255
R2(config-std-nacl)#permit 10.4.3.0 0.0.0.255

R2(config-std-nacl)#ip access-list standard DENY-10.4.4.0
R2(config-std-nacl)#permit 10.4.4.0 0.0.0.255

R2(config)#route-map EIGRP-TO-OSPF
R2(config-route-map)#match ip address METRIC100
R2(config-route-map)#set metric 100
R2(config-route-map)#set tag 10
AWESOME! so lets check that baby out:

R2#show route-map EIGRP-TO-OSPF
route-map EIGRP-TO-OSPF, permit, sequence 10
Match clauses:
    ip address (access-lists): METRIC100
Set clauses:
    metric 100
    tag 10
Policy routing matches: 0 packets, 0 bytes

SWEEET!!!! SOOOO SOOO KOOL!

route-map EIGRP-TO-OSPF permit 20
match ip address METRIC200
set metric 200
set tag 20

route-map EIGRP-TO-OSPF deny 25 <- - DENY THE ACL TRAFFIC.... which we are PERMITTING in the below ACL
match ip address DENY-10.4.4.0

NOTE, Had we of denied the subnet 10.4.4.0/24 in the ACL, we would have needed to use PERMIT in the above sequence 25
GET THIS, if you DENY at the sequence level of the route-map and deny at the ACL too, it permits it! so 2 negatives make a positive! lol, SO rule of thumb (the Jeremy way) keep route-maps at permit and do the denies at the ACL, keeps it simplier.

route-map EIGRP-TO-OSPF permit 30 <- - NO MATCH, so MATCHES EVERYTHING THAT HASN'T ALREADY BEEN MATCHED BY THE PREVIOUS SEQEUENCES!
set metric 300
set tag 30

So the above also takes care of step 3 in our objective;
3. Ensure the 10.4.4.0/24 network does not reach the OSPF routing domain.

SO, we now have our tastey route-map as follows:

route-map EIGRP-TO-OSPF, permit, sequence 10
Match clauses:
    ip address (access-lists): METRIC100
Set clauses:
    metric 100
    tag 10
Policy routing matches: 0 packets, 0 bytes
route-map EIGRP-TO-OSPF, permit, sequence 20
Match clauses:
    ip address (access-lists): METRIC200
Set clauses:
    metric 200
    tag 20
Policy routing matches: 0 packets, 0 bytes
route-map EIGRP-TO-OSPF, deny, sequence 25
Match clauses:
    ip address (access-lists): DENY-10.4.4.0
Set clauses:
Policy routing matches: 0 packets, 0 bytes
route-map EIGRP-TO-OSPF, permit, sequence 30
Match clauses:
Set clauses:
    metric 300
    tag 30
Policy routing matches: 0 packets, 0 bytes

YY-EEE-AAAAH BOI!!!! thats what im talking about!
Lets apply this bad muftha, we need to go under the OSPF process, as this is filtering EIGRP TO OSPF

R2(config)#router ospf 1
R2(config-router)#redistribute eigrp 100 subnets route-map EIGRP-TO-OSPF

DONT need to set metric or tags as that is all down in the route-map, lets check it out on R1!!!

R1#show ip route

     10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
C       10.1.12.2/32 is directly connected, Serial0/0
C       10.1.13.0/24 is directly connected, Ethernet0/0
C       10.1.12.0/24 is directly connected, Serial0/0
C       10.1.0.0/24 is directly connected, Loopback0
O E2    10.4.2.0/24 [110/200] via 10.1.12.2, 00:00:09, Serial0/0
O E2    10.4.3.0/24 [110/200] via 10.1.12.2, 00:00:09, Serial0/0
O E2    10.4.0.0/24 [110/100] via 10.1.12.2, 00:00:09, Serial0/0
O E2    10.4.1.0/24 [110/100] via 10.1.12.2, 00:00:09, Serial0/0
O E2    10.1.24.0/24 [110/300] via 10.1.12.2, 00:00:09, Serial0/0
O E2    10.1.23.0/24 [110/300] via 10.1.12.2, 00:00:09, Serial0/0

SWEEEEEEET! check it out! check out them metrics! and notice the WAN links 10.1.23 & .24.0/24 have the metric of 300!!!

lets check the TAGs (although not doing anything at the mooooo, but) :

R1#show ip route 10.4.2.0
Routing entry for 10.4.2.0/24
Known via "ospf 1", distance 110, metric 200
Tag 20, type extern 2, forward metric 781
Last update from 10.1.12.2 on Serial0/0, 00:05:48 ago

R1#show ip route 10.4.0.0
Routing entry for 10.4.0.0/24
Known via "ospf 1", distance 110, metric 100
Tag 10, type extern 2, forward metric 781
Last update from 10.1.12.2 on Serial0/0, 00:05:32 ago

R1#show ip route 10.1.24.0
Routing entry for 10.1.24.0/24
Known via "ospf 1", distance 110, metric 300
Tag 30, type extern 2, forward metric 781
Last update from 10.1.12.2 on Serial0/0, 00:06:53 ago

Lets apply the same route-map to our other re-distribution router R3;

R3(config)#route-map EIGRP-TO-OSPF permit 10
match ip address METRIC100
set metric 100
set tag 10
!
route-map EIGRP-TO-OSPF permit 20
match ip address METRIC200
set metric 200
set tag 20
!
route-map EIGRP-TO-OSPF deny 25
match ip address DENY-10.4.4.0
!
route-map EIGRP-TO-OSPF permit 30
set metric 300
set tag 30
and apply the ACL's

R3(config)#ip access-list standard DENY-10.4.4.0
permit 10.4.4.0 0.0.0.255
ip access-list standard METRIC100
permit 10.4.0.0 0.0.0.255
permit 10.4.1.0 0.0.0.255
ip access-list standard METRIC200
permit 10.4.2.0 0.0.0.255
permit 10.4.3.0 0.0.0.255

lets check R1 now;

R1#show ip route

     10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
C       10.1.12.2/32 is directly connected, Serial0/0
C       10.1.13.0/24 is directly connected, Ethernet0/0
C       10.1.12.0/24 is directly connected, Serial0/0
C       10.1.0.0/24 is directly connected, Loopback0
O E2    10.4.2.0/24 [110/200] via 10.1.13.3, 00:00:58, Ethernet0/0
O E2    10.4.3.0/24 [110/200] via 10.1.13.3, 00:00:58, Ethernet0/0
O E2    10.4.0.0/24 [110/100] via 10.1.13.3, 00:02:44, Ethernet0/0
O E2    10.4.1.0/24 [110/100] via 10.1.13.3, 00:02:44, Ethernet0/0
O E2    10.1.24.0/24 [110/300] via 10.1.13.3, 00:00:58, Ethernet0/0
O E2    10.1.23.0/24 [110/300] via 10.1.13.3, 00:00:58, Ethernet0/0

SO now, we need to look at redistributing the other way, OSPF --> EIGRP

R2(config)#route-map OSPF-TO-EIGRP
R2(config-route-map)#set metric ?                 <--NO match needed, this will match ALL
+/-<metric>     Add or subtract metric
<0-4294967295> Metric value or Bandwidth in Kbits per second
<cr>

R2(config-route-map)#set metric 400 20 255 1 1500 <--(set all K-Values)
R2(config-route-map)#set tag 40

Apply the route-map to the re-distribution process for OSPF;

R2(config)#router eigrp 100
R2(config-router)#redistribute ospf 1 route-map OSPF-TO-EIGRP
(Apply this route map to R3 as well)

Lets check the routing table of R4;

R4#show ip route

     10.0.0.0/8 is variably subnetted, 11 subnets, 2 masks
D EX    10.1.13.0/24 [170/6430720] via 10.1.24.2, 00:01:33, FastEthernet0/0
D EX    10.1.12.1/32 [170/6430720] via 10.1.24.2, 00:01:33, FastEthernet0/0
D EX    10.1.12.0/24 [170/6430720] via 10.1.24.2, 00:01:33, FastEthernet0/0
C       10.4.4.0/24 is directly connected, Loopback4
D EX    10.1.0.0/24 [170/6430720] via 10.1.24.2, 00:01:33, FastEthernet0/0
C       10.4.2.0/24 is directly connected, Loopback2
C       10.4.3.0/24 is directly connected, Loopback3
C       10.4.0.0/24 is directly connected, Loopback0
C       10.4.1.0/24 is directly connected, Loopback1
C       10.1.24.0/24 is directly connected, FastEthernet0/0
D       10.1.23.0/24 [90/2195456] via 10.1.24.2, 01:44:40, FastEthernet0/0

R4#show ip route 10.1.0.0
Routing entry for 10.1.0.0/24
Known via "eigrp 100", distance 170, metric 6430720
Tag 40, type external
Redistributing via eigrp 100
Last update from 10.1.24.2 on FastEthernet0/0, 00:02:07 ago
Routing Descriptor Blocks:
* 10.1.24.2, from 10.1.24.2, 00:02:07 ago, via FastEthernet0/0
      Route metric is 6430720, traffic share count is 1
      Total delay is 1200 microseconds, minimum bandwidth is 400 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 1

R4#show ip route 10.1.12.0
Routing entry for 10.1.12.0/24
Known via "eigrp 100", distance 170, metric 6430720
Tag 40, type external
Redistributing via eigrp 100
Last update from 10.1.24.2 on FastEthernet0/0, 00:04:19 ago
Routing Descriptor Blocks:
* 10.1.24.2, from 10.1.24.2, 00:04:19 ago, via FastEthernet0/0
      Route metric is 6430720, traffic share count is 1
      Total delay is 1200 microseconds, minimum bandwidth is 400 Kbit
      Reliability 255/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 1

And the Tags are there tooo

RIGHT, lets take on Step 4 tomorrow:

4. Enable filtering using the assigned route tags to ensure redistributed routes do not cause any looping issues.

Friday 25 November 2011

Nugget 17
IPv4 Redistribution - Implementing Simple Redistribution Steps 3 & 4

Lets crack on with the next step now steps 1 & 2 are complete;

Step 3.
Implement distribute-list filtering in such a way that the OSPF domain only sees odd numbered loopback networks coming from R1. Any even numbered subnet (including physical networks) should be hidden from OSPF.

So looking at the diagram again, we are going to need to advertise the follow loopbacks only to OSPF:

Advertise the ODD Routes
10.1.1.0/24
10.1.3.0/24
10.1.5.0/24
BUT hide the EVEN routes:

10.1.0.0/24
10.1.2.0/24
10.1.4.0/24
10.1.6.0/24
and including the physical interface;
10.1.12.0/24

Lets create an ACL that the distribution-list can use (always try and give a descriptive name to the ACL so we know what it does!):

R2(config)#ip access-list standard ODD-OSPF-NETWORKS
R2(config-std-nacl)#permit 10.1.1.0 0.0.0.255
R2(config-std-nacl)#permit 10.1.3.0 0.0.0.255
R2(config-std-nacl)#permit 10.1.5.0 0.0.0.255

Lets apply the ACL so it actually does something, this is done under the OSPF process;

R2(config-std-nacl)#router ospf 1
R2(config-router)#distribute-list ODD-OSPF-NETWORKS ?
in Filter incoming routing updates
out Filter outgoing routing updates

So the direction is key here, this is done from router2's perspective, so we want to filter the routes we advertise OUT to R3

So now we know the direction, lets check the routes we can see on R3 before we apply the distribution-list;

R3#show ip route

     10.0.0.0/8 is variably subnetted, 17 subnets, 3 masks
C       10.1.11.0/30 is directly connected, Loopback11
C       10.1.10.0/24 is directly connected, Loopback10
C       10.1.9.0/24 is directly connected, Loopback9
C       10.1.8.0/24 is directly connected, Loopback8
C       10.1.11.4/30 is directly connected, Loopback12
O E2    10.1.12.1/32 [110/100] via 10.1.23.2, 00:59:49, Serial1/0
O E2    10.1.12.0/24 [110/100] via 10.1.23.2, 00:59:49, Serial1/0
O E2    10.1.3.0/24 [110/100] via 10.1.23.2, 00:59:49, Serial1/0
C       10.1.11.8/30 is directly connected, Loopback13
C       10.1.2.0/24 is directly connected, FastEthernet0/0
O E2    10.1.1.0/24 [110/100] via 10.1.23.2, 00:59:49, Serial1/0
O E2    10.1.0.0/24 [110/100] via 10.1.23.2, 00:59:49, Serial1/0
C       10.1.7.0/24 is directly connected, Loopback7
O E2    10.1.6.0/24 [110/100] via 10.1.23.2, 00:59:49, Serial1/0
O E2    10.1.5.0/24 [110/100] via 10.1.23.2, 00:59:49, Serial1/0
O E2    10.1.4.0/24 [110/100] via 10.1.23.2, 00:59:49, Serial1/0
C       10.1.23.0/24 is directly connected, Serial1/0

So notice we have even and off routes being seen in OSPF, lets apply the distribution list;

R2(config-std-nacl)#router ospf 1
R2(config-router)#distribute-list ODD-OSPF-NETWORKS out

I'm all excited!! lets jump over and check R3!!!;

R3#show ip route

     10.0.0.0/8 is variably subnetted, 12 subnets, 2 masks
C       10.1.11.0/30 is directly connected, Loopback11
C       10.1.10.0/24 is directly connected, Loopback10
C       10.1.9.0/24 is directly connected, Loopback9
C       10.1.8.0/24 is directly connected, Loopback8
C       10.1.11.4/30 is directly connected, Loopback12
O E2    10.1.3.0/24 [110/100] via 10.1.23.2, 01:07:10, Serial1/0
C       10.1.11.8/30 is directly connected, Loopback13
C       10.1.2.0/24 is directly connected, FastEthernet0/0
O E2    10.1.1.0/24 [110/100] via 10.1.23.2, 01:07:10, Serial1/0
C       10.1.7.0/24 is directly connected, Loopback7
O E2    10.1.5.0/24 [110/100] via 10.1.23.2, 01:07:10, Serial1/0
C       10.1.23.0/24 is directly connected, Serial1/0

SWEEEET! sure enough we are now only seeing the ODD numbered subnets from the EIGRP domain :0)

STEP 3 COMPLETE

P.S
R2#show ip access-list ODD-OSPF-NETWORKS
Standard IP access list ODD-OSPF-NETWORKS
    permit 10.1.1.0, wildcard bits 0.0.0.255 (1 match)<----
    permit 10.1.3.0, wildcard bits 0.0.0.255 (1 match)<----
    permit 10.1.5.0, wildcard bits 0.0.0.255 (1 match)<---- YEAH BOI!

4. Implement route-map filtering in such a way that the EIGRP domain does not see routes with a more specific subnet mask than /24.

SO we could just accomplish this with an ACL and specify the /24 routes only are permitted, but thats boring, we are going to check out prefix-lists!

So prefix lists are here to help us get very specific with subnetmasks with route filtering and BGP, however we can also them to apply to route redistribution (remember to give them a meaning name, just like the ACLs)

So prefix lists work by given the prefix-list a name, they i would like to permit/deny the general network and mask, then we allow the specific mask;

R2(config)#ip prefix-list /24-MASK permit 10.0.0.0/8 ?
ge Minimum prefix length to be matched
le Maximum prefix length to be matched
<cr>

SO if i was to press enter now, it would only allow JUST that mask 10.0.0.0/8 (Class A), so we would be denying pretty much everything, including the WAN links (the name of the prefix-list is /24-MASK)

R2(config)#ip prefix-list /24-MASK permit 10.0.0.0/8 le 24

So the above command (as an example, lets say a route of 10.1.7.0/24 comes into the router2, the router will check the prefix-list and check that it belongs to the 10. network (Class A 10.0.0.0/8), which it does, next it will see if it is LESS than or equal to /24, in this case, yes it is equal to /24, the router PERMITs the route to pass over to the other side.

HOWEVER the 10.1.11.8/30 is not LESS than /24, it is GREATER than a /24, so he is denied.

R2(config)#ip prefix-list /24-MASK permit 10.0.0.0/8 le 24
So its kind of a range really, from the 10.0.0.0/8 ------> le or ge /24 or /30 Soooo you can do this;

R2(config)#ip prefix-list /24-MASK permit 10.0.0.0/8 ge /16 le /24
how kool is that, so we can really pin down what subnets are allowed, between a range!

SO know we can create a route map which can use the prefix-list, as the route-map is pretty much if and then statements, but they are actually called match and set, your'll see:

R2(config)#route-map FILTER_OSPF_TO_EIGRP
R2(config-route-map)#match ip address prefix-list /24-MASK

R2#show route-map FILTER_OSPF_TO_EIGRP
route-map FILTER_OSPF_TO_EIGRP, permit, sequence 10
Match clauses:
    ip address prefix-lists: /24-MASK
Set clauses:
Policy routing matches: 0 packets, 0 bytes

So the route-map is permitting (thats the default) anything that matches the prefix-list /24-MASK

NOW the kool part, we need to go under the EIGRP process and apply it to the re-distribution!
But first, lets just check the routes that R1 can see now

R1#show ip route

     10.0.0.0/8 is variably subnetted, 17 subnets, 3 masks
D EX    10.1.11.0/30 [170/26137600] via 10.1.12.2, 01:45:44, Serial0/0
D EX    10.1.10.0/24 [170/26137600] via 10.1.12.2, 01:45:44, Serial0/0
D EX    10.1.9.0/24 [170/26137600] via 10.1.12.2, 01:45:44, Serial0/0
D EX    10.1.8.0/24 [170/26137600] via 10.1.12.2, 01:45:44, Serial0/0
D EX    10.1.11.4/30 [170/26137600] via 10.1.12.2, 01:45:44, Serial0/0
C       10.1.12.2/32 is directly connected, Serial0/0
C       10.1.12.0/24 is directly connected, Serial0/0
D EX    10.1.11.8/30 [170/26137600] via 10.1.12.2, 01:45:44, Serial0/0
C       10.1.3.0/24 is directly connected, Loopback3
C       10.1.2.0/24 is directly connected, Ethernet0/0
C       10.1.1.0/24 is directly connected, Loopback1
C       10.1.0.0/24 is directly connected, Loopback0
D EX    10.1.7.0/24 [170/26137600] via 10.1.12.2, 01:45:44, Serial0/0
C       10.1.6.0/24 is directly connected, Loopback6
C       10.1.5.0/24 is directly connected, Loopback5
C       10.1.4.0/24 is directly connected, Loopback4
D EX    10.1.23.0/24 [170/26137600] via 10.1.12.2, 01:46:01, Serial0/0

R2(config)#router eigrp 100
R2(config-router)#redistribute ospf 1 metric 100 100 100 100 100 route-map FILTER_OSPF_TO_EIGRP

R1#show ip route

     10.0.0.0/8 is variably subnetted, 14 subnets, 2 masks
D EX    10.1.10.0/24 [170/26137600] via 10.1.12.2, 01:47:23, Serial0/0
D EX    10.1.9.0/24 [170/26137600] via 10.1.12.2, 01:47:23, Serial0/0
D EX    10.1.8.0/24 [170/26137600] via 10.1.12.2, 01:47:23, Serial0/0
C       10.1.12.2/32 is directly connected, Serial0/0
C       10.1.12.0/24 is directly connected, Serial0/0
C       10.1.3.0/24 is directly connected, Loopback3
C       10.1.2.0/24 is directly connected, Ethernet0/0
C       10.1.1.0/24 is directly connected, Loopback1
C       10.1.0.0/24 is directly connected, Loopback0
D EX    10.1.7.0/24 [170/26137600] via 10.1.12.2, 01:47:23, Serial0/0
C       10.1.6.0/24 is directly connected, Loopback6
C       10.1.5.0/24 is directly connected, Loopback5
C       10.1.4.0/24 is directly connected, Loopback4
D EX    10.1.23.0/24 [170/26137600] via 10.1.12.2, 01:47:39, Serial0/0

YAYE! it works! only the /24's subnets are showing
SO to confirm and clarify;

R2#show route-map FILTER_OSPF_TO_EIGRP
route-map FILTER_OSPF_TO_EIGRP, permit, sequence 10
Match clauses:
    ip address prefix-lists: /24-MASK
Set clauses:
Policy routing matches: 0 packets, 0 bytes <-- wont see matching as we are not performing policy routing(yet)

R2#show ip prefix-list /24-MASK
ip prefix-list /24-MASK: 1 entries
   seq 5 permit 10.0.0.0/8 le 24

NUGGET COMPLETE, ROLL on the advanced lab!

Thursday 24 November 2011

17 - IPv4 Redistribution - Implementing Simple Redistribution

I have already setup the lab (done this the other night, basic IP connectivity as per above)

Lets break down step 1 and configure EIGRP and OSPF on the respective routers;

R1(config)#router eigrp 100
R1(config-router)#network 10.0.0.0
R1(config-router)#no auto-summary

R2(config)#router eigrp 100
R2(config-router)#network 10.1.12.0 0.0.0.255
R2(config-router)#no auto-summary

00:06:27: %DUAL-5-NBRCHANGE: IP-EIGRP 100: Neighbor 10.1.12.1 (Serial0/0) is up: new adjacency

R2(config)#router ospf 1
R2(config-router)#network 10.1.23.0 0.0.0.255 area 0

R3(config)#router ospf 1
R3(config-router)#networ 10.0.0.0 0.255.255.255 area 0

*Mar 1 00:11:30.395: %OSPF-5-ADJCHG: Process 1, Nbr 10.1.23.2 on Serial1/0 from LOADING to FULL, Loading Done

So router2 should now show both EIGRP and OSPF routes;

R2#show ip route

     10.0.0.0/8 is variably subnetted, 16 subnets, 2 masks
O       10.1.10.1/32 [110/65] via 10.1.23.3, 00:00:06, Serial0/1
O       10.1.11.1/32 [110/65] via 10.1.23.3, 00:00:06, Serial0/1
O       10.1.8.1/32 [110/65] via 10.1.23.3, 00:00:06, Serial0/1
O       10.1.9.1/32 [110/65] via 10.1.23.3, 00:00:06, Serial0/1
O       10.1.11.5/32 [110/65] via 10.1.23.3, 00:00:06, Serial0/1
C       10.1.12.1/32 is directly connected, Serial0/0
C       10.1.12.0/24 is directly connected, Serial0/0
D       10.1.3.0/24 [90/20640000] via 10.1.12.1, 00:11:53, Serial0/0
D       10.1.2.0/24 [90/20537600] via 10.1.12.1, 00:11:53, Serial0/0
D       10.1.1.0/24 [90/20640000] via 10.1.12.1, 00:11:53, Serial0/0
D       10.1.0.0/24 [90/20640000] via 10.1.12.1, 00:11:53, Serial0/0
O       10.1.7.1/32 [110/65] via 10.1.23.3, 00:00:06, Serial0/1
D       10.1.6.0/24 [90/20640000] via 10.1.12.1, 00:11:53, Serial0/0
D       10.1.5.0/24 [90/20640000] via 10.1.12.1, 00:11:53, Serial0/0
D       10.1.4.0/24 [90/20640000] via 10.1.12.1, 00:11:53, Serial0/0
C       10.1.23.0/24 is directly connected, Serial0/1

Lets just tweak the serial point-to-point links

R3(config-if)#int loopback7
R3(config-if)#ip ospf network point-to-point
R3(config-if)#int loopback8
R3(config-if)#ip ospf network point-to-point
R3(config-if)#int loopback9
R3(config-if)#ip ospf network point-to-point
R3(config-if)#int loopback10
R3(config-if)#ip ospf network point-to-point
R3(config-if)#int loopback11
R3(config-if)#ip ospf network point-to-point
R3(config-if)#int loopback12
R3(config-if)#ip ospf network point-to-point
R3(config-if)#int loopback13
R3(config-if)#ip ospf network point-to-point

Thats better now the loopbacks look like real point-to-point links instead of that /32 host mask

R2#show ip route

     10.0.0.0/8 is variably subnetted, 17 subnets, 3 masks
O       10.1.11.0/30 [110/65] via 10.1.23.3, 00:01:41, Serial0/1
O       10.1.10.0/24 [110/65] via 10.1.23.3, 00:01:41, Serial0/1
O       10.1.9.0/24 [110/65] via 10.1.23.3, 00:01:41, Serial0/1
O       10.1.8.0/24 [110/65] via 10.1.23.3, 00:01:41, Serial0/1
O       10.1.11.4/30 [110/65] via 10.1.23.3, 00:01:41, Serial0/1
C       10.1.12.1/32 is directly connected, Serial0/0
C       10.1.12.0/24 is directly connected, Serial0/0
O       10.1.11.8/30 [110/65] via 10.1.23.3, 00:01:41, Serial0/1
D       10.1.3.0/24 [90/20640000] via 10.1.12.1, 00:16:37, Serial0/0
D       10.1.2.0/24 [90/20537600] via 10.1.12.1, 00:16:37, Serial0/0
D       10.1.1.0/24 [90/20640000] via 10.1.12.1, 00:16:37, Serial0/0
D       10.1.0.0/24 [90/20640000] via 10.1.12.1, 00:16:37, Serial0/0
O       10.1.7.0/24 [110/65] via 10.1.23.3, 00:01:41, Serial0/1
D       10.1.6.0/24 [90/20640000] via 10.1.12.1, 00:16:37, Serial0/0
D       10.1.5.0/24 [90/20640000] via 10.1.12.1, 00:16:37, Serial0/0
D       10.1.4.0/24 [90/20640000] via 10.1.12.1, 00:16:37, Serial0/0
C       10.1.23.0/24 is directly connected, Serial0/1

The problem we have with this is loosing the metric, both EIGRP and OSPF have totally different metrics:
OSPF = cost
EIGRP = composite of bandwidth and delay

As shown above RIP and EIGRP networks when distributed have an infinite metric by default
So OSPF will never see this routes as they are "unreachable" (ill prove this in abit)

OSPF networks have a default metric of 20 when distributed, BGP is whatever it was when you redistributed from the internal network (stays the same)

NOW, lets start with getting them EIGRP routes into OSPF, for this we have to go under the OSPF process;

R2(config)#router ospf 1
R2(config-router)#redistribute eigrp 100 ?
metric       Metric for redistributed routes
metric-type OSPF/IS-IS exterior metric type for redistributed routes
route-map    Route map reference
subnets      Consider subnets for redistribution into OSPF
tag          Set tag for routes redistributed into OSPF
<cr>

Now by default, when we do redistribution it will try and summarise the networks (which if you recall from our instructions we are not allowed to do)

SO we can use the "subnets" commands to keep their subnet class, rather than be summarised back to their orginal classful networks

If i miss off the subnet command (you are prompted this fact)

R2(config-router)#redistribute eigrp 100
% Only classful networks will be redistributed

R2(config-router)#redistribute eigrp 100 subnets

R3#show ip route

     10.0.0.0/8 is variably subnetted, 17 subnets, 3 masks
C       10.1.11.0/30 is directly connected, Loopback11
C       10.1.10.0/24 is directly connected, Loopback10
C       10.1.9.0/24 is directly connected, Loopback9
C       10.1.8.0/24 is directly connected, Loopback8
C       10.1.11.4/30 is directly connected, Loopback12
O E2    10.1.12.1/32 [110/20] via 10.1.23.2, 00:00:18, Serial1/0
O E2    10.1.12.0/24 [110/20] via 10.1.23.2, 00:00:18, Serial1/0
O E2    10.1.3.0/24 [110/20] via 10.1.23.2, 00:00:18, Serial1/0
C       10.1.11.8/30 is directly connected, Loopback13
C       10.1.2.0/24 is directly connected, FastEthernet0/0
O E2    10.1.1.0/24 [110/20] via 10.1.23.2, 00:00:18, Serial1/0
O E2    10.1.0.0/24 [110/20] via 10.1.23.2, 00:00:18, Serial1/0
C       10.1.7.0/24 is directly connected, Loopback7
O E2    10.1.6.0/24 [110/20] via 10.1.23.2, 00:00:18, Serial1/0
O E2    10.1.5.0/24 [110/20] via 10.1.23.2, 00:00:18, Serial1/0
O E2    10.1.4.0/24 [110/20] via 10.1.23.2, 00:00:18, Serial1/0
C       10.1.23.0/24 is directly connected, Serial1/0

NOTICE by default the routes come thru as E2 routes "E2 - OSPF external type 2"
E1 = These incriment their metric
E2 = these dont

NOTE:
If we want to change this can do via:
R2(config-router)#redistribute eigrp 100 subnets metric-type ?
1 Set OSPF External Type 1 metrics
2 Set OSPF External Type 2 metrics <- - DEFAULT (wont show under OSPF, its default)

SO if this works, great, if not we can change the metric by this command;

R2(config)#router ospf 1
R2(config-router)#redistribute eigrp 100 subnets metric 100

This now sets any redistributed routes via EIGRP to a new default metric of 100 NOT 20 (as they are E2 routes)

R3#show ip route

Gateway of last resort is not set

     10.0.0.0/8 is variably subnetted, 17 subnets, 3 masks
C       10.1.11.0/30 is directly connected, Loopback11
C       10.1.10.0/24 is directly connected, Loopback10
C       10.1.9.0/24 is directly connected, Loopback9
C       10.1.8.0/24 is directly connected, Loopback8
C       10.1.11.4/30 is directly connected, Loopback12
O E2    10.1.12.1/32 [110/100] via 10.1.23.2, 00:00:10, Serial1/0
O E2    10.1.12.0/24 [110/100] via 10.1.23.2, 00:00:10, Serial1/0
O E2    10.1.3.0/24 [110/100] via 10.1.23.2, 00:00:10, Serial1/0
C       10.1.11.8/30 is directly connected, Loopback13
C       10.1.2.0/24 is directly connected, FastEthernet0/0
O E2    10.1.1.0/24 [110/100] via 10.1.23.2, 00:00:10, Serial1/0
O E2    10.1.0.0/24 [110/100] via 10.1.23.2, 00:00:10, Serial1/0
C       10.1.7.0/24 is directly connected, Loopback7
O E2    10.1.6.0/24 [110/100] via 10.1.23.2, 00:00:10, Serial1/0
O E2    10.1.5.0/24 [110/100] via 10.1.23.2, 00:00:10, Serial1/0
O E2    10.1.4.0/24 [110/100] via 10.1.23.2, 00:00:10, Serial1/0
C       10.1.23.0/24 is directly connected, Serial1/0

The cost has changed!

RIGHT, lets get OSPF redistributed into EIGRP, so lets go under the EIGRP process as that is what we want to redistribute into;

R2(config)#router eigrp 100
R2(config-router)#redistribute ospf 1 ?
match      Redistribution of OSPF routes
metric     Metric for redistributed routes
route-map Route map reference
vrf        VPN Routing/Forwarding Instance

Not as many options here, but they are pretty self explanatory, lets run with what we have;

R2(config-router)#redistribute ospf 1

lets jump over to R1 and check whats happening;

R1#show ip route

     10.0.0.0/8 is variably subnetted, 9 subnets, 2 masks
C       10.1.12.2/32 is directly connected, Serial0/0
C       10.1.12.0/24 is directly connected, Serial0/0
C       10.1.3.0/24 is directly connected, Loopback3
C       10.1.2.0/24 is directly connected, Ethernet0/0
C       10.1.1.0/24 is directly connected, Loopback1
C       10.1.0.0/24 is directly connected, Loopback0
C       10.1.6.0/24 is directly connected, Loopback6
C       10.1.5.0/24 is directly connected, Loopback5
C       10.1.4.0/24 is directly connected, Loopback4

They are not there.......WHY?!!??
Recall what i said earlier, these routes are being redistributed with an infinite metric ... so the routes are not valid, hence they are not in the routing table

We need to set a metric;

R2(config-router)#redistribute ospf 1 metric ?
<1-4294967295> Bandwidth metric in Kbits per second

The question in this lab, does not state what metric we have to use, so lets just go with 100 for each metric (K Value of EIGRP);

R2(config-router)#redistribute ospf 1 metric 100 100 100 100 100

Lets go and check it out on router 1:

R1#show ip route

     10.0.0.0/8 is variably subnetted, 17 subnets, 3 masks
D EX    10.1.11.0/30 [170/26137600] via 10.1.12.2, 00:00:20, Serial0/0
D EX    10.1.10.0/24 [170/26137600] via 10.1.12.2, 00:00:20, Serial0/0
D EX    10.1.9.0/24 [170/26137600] via 10.1.12.2, 00:00:20, Serial0/0
D EX    10.1.8.0/24 [170/26137600] via 10.1.12.2, 00:00:20, Serial0/0
D EX    10.1.11.4/30 [170/26137600] via 10.1.12.2, 00:00:20, Serial0/0
C       10.1.12.2/32 is directly connected, Serial0/0
C       10.1.12.0/24 is directly connected, Serial0/0
D EX    10.1.11.8/30 [170/26137600] via 10.1.12.2, 00:00:20, Serial0/0
C       10.1.3.0/24 is directly connected, Loopback3
C       10.1.2.0/24 is directly connected, Ethernet0/0
C       10.1.1.0/24 is directly connected, Loopback1
C       10.1.0.0/24 is directly connected, Loopback0
D EX    10.1.7.0/24 [170/26137600] via 10.1.12.2, 00:00:20, Serial0/0
C       10.1.6.0/24 is directly connected, Loopback6
C       10.1.5.0/24 is directly connected, Loopback5
C       10.1.4.0/24 is directly connected, Loopback4
D EX    10.1.23.0/24 [170/26137600] via 10.1.12.2, 00:00:20, Serial0/0

AWESOME!!! lets ping one of the loopbacks on R3 (becuase we all love a good ping!)

R1#ping 10.1.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms

Yeah boi! Steps 1 & 2 are now complete :0)

Wednesday 23 November 2011

FINISHED EIGRP!

Started IPV4 Redistribution, starting off with the theory and the 1st nugget in the series, which was; IPv4 Redistribution - Controlling Routing Updates

One thing to say is, WOW!
It can get bloody complicated, I knew it was kool but wondered why everyone was soo weary of it, now i see, 1-way redistibution is not toooo bad, but 2-way over a mutlipoint network .... DD-AAAaaaaam!

Cant wait to get started on the next nugget "17 - IPv4 Redistribution - Implementing Simple Redistribution" which will involve labbing this sh1t :0)

Saturday 19 November 2011

OBJECTIVE 6
Configure the BB-Routers EIGRP interfaces to utilise up to 30% more of the allocated interface bandwidth than EIGRPs default configuration

NOTES
By default EIGRP will use 50% of the interface bandwidth, so if the interface bandwidth is 100k

100k    = 50k for EIGRP
2

NOW, if this a NBMA/Multipoint network it would divide the interfaces bandwidth by the amount of neighbours .... ouch!

This is done under the interface and in percentages;

BB-Router(config)#int Serial0/0
BB-Router(config-if)#ip bandwidth-percent eigrp 90 ?
<1-999999> Maximum bandwidth percentage that EIGRP may use
BB-Router(config-if)#ip bandwidth-percent eigrp 90 80

Notice we can go to 999999%! dont think that is a recommeded option lol, but for this task we need to add 30% more than the 50% default , hence the config above

OBJECTIVE 7
Enable authentication between all EIGRP routers. You should use two authentication keys:

key 1
Passphrase ccnp
accepted from midnight00:00:00 Jan 1 2010 20:45:00 Nov 19 2011
send from midnight Jan 1 2010 20:40:00 Nov 19 2011
key 2
Passphrase ccnpinthebag
accepted from 20:43:00 Nov 19 2011 till infinitity
send from 20:38:00 Nov 19 2011 till infinitity

EIGRP uses keychains which scale alot better than the usual cleartext password under the interface as used with other routing protocols.
The keychain comprises of keys that range from dates and times they will run from and too, so routers can change authentication keys on a regular rotation without downtime and without getting us network admin involved ..... pretty dam sweet!!! yes?

SO here is the config i am using;

key chain EIGRP_KEYS
key 1
key-string ccnp
accept-lifetime 00:00:00 Jan 1 2010 20:45:00 Nov 19 2011
send-lifetime 00:00:00 Jan 1 2010 20:40:00 Nov 19 2011
key 2
key-string ccnpinthebag
accept-lifetime 20:43:00 Nov 19 2011 infinite
send-lifetime 20:38:00 Nov 19 2011 infinite

Although I have two keys, if key 1 is still valid it will continue to use that key (think of an ACL, if it finds a match then it goes no further)

Now we have the keys configured, we have to apply the keys to the interface(s):
int Serial0/0
ip auth mode eigrp 90 md5
ip auth key-cha eigrp 90 EIGRP_KEYS

int Serial0/1
ip auth mode eigrp 90 md5
ip auth key-cha eigrp 90 EIGRP_KEYS

Now I have applied the config, if the other neighbours do not have the keys, the relationship will go down;

01:01:08: %DUAL-5-NBRCHANGE: IP-EIGRP 90: Neighbor 10.1.24.1 (Serial0/0) is down: authentication mode changed
01:01:20: %DUAL-5-NBRCHANGE: IP-EIGRP 90: Neighbor 10.1.2.3 (Ethernet0/0) is down: authentication mode changed

IMPORTANT NOTE: MIGHT WANT TO HAVE NTP RUNNING OVER NETWORK!

01:05:56: %DUAL-5-NBRCHANGE: IP-EIGRP 90: Neighbor 10.1.2.3 (Ethernet0/0) is down: Auth failure

Since i cut this quite close to the switch over time of the keys, the routers went straight to using key 2 after some down time :0);

BB-Router#deb eigrp packets
EIGRP Packets debugging is on
    (UPDATE, REQUEST, QUERY, REPLY, HELLO, IPXSAP, PROBE, ACK, STUB, SIAQUERY, SIAREPLY)
BB-Router#
01:00:51: EIGRP: received packet with MD5 authentication, key id = 2
01:00:51: EIGRP: Received HELLO on Serial0/1 nbr 10.1.34.2
01:00:51:   AS 90, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
01:00:52: EIGRP: Sending HELLO on Serial0/1
01:00:52:   AS 90, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0
01:00:52: EIGRP: received packet with MD5 authentication, key id = 2
01:00:52: EIGRP: Received HELLO on Serial0/0 nbr 10.1.24.2

Lets jump over on R2 and double check;

R2#deb eigrp packets
01:16:14: EIGRP: received packet with MD5 authentication, key id = 2
01:16:14: EIGRP: Received HELLO on Ethernet0/0 nbr 10.1.2.3
01:16:14:   AS 90, Flags 0x0, Seq 0/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/0
01:16:14: EIGRP: received packet with MD5 authentication, key id = 2
01:16:14: EIGRP: Received HELLO on Serial0/0 nbr 10.1.24.1

Happy days, the EIGRP network is now alot more secure;

R2#show key chain
Key-chain EIGRP_KEYS:
    key 1 -- text "ccnp"
        accept lifetime (00:00:00 UTC Jan 1 2010) - (20:45:00 UTC Nov 19 2011)
        send lifetime (00:00:00 UTC Jan 1 2010) - (20:40:00 UTC Nov 19 2011)
    key 2 -- text "ccnpinthebag"
        accept lifetime (20:43:00 UTC Nov 19 2011) - (infinite) [valid now]
        send lifetime (20:38:00 UTC Nov 19 2011) - (infinite) [valid now]

Friday 18 November 2011

Been doing alot of reading and concentrating on work atm, however have been playing with nbar and netflow for a work project, got some pretty graphs below;

Monday 14 November 2011

Objective 5

Here we are going to perform unequal cost load balancing accross the 256kbps and 128kbps link via EIGRP. This is done via the variance command which is set to 1 by default, which means it will only load balance with equal links (bandwidth speed).

To load balance we will use the variance 2 command, which means "I will load balance accross links that are twice as bad as my primary"

If we check the topology table we shall see the metric for each route;

BB-Router# show ip eigrp topology
IP-EIGRP Topology Table for AS(90)/ID(172.30.8.1)

P 10.1.2.0/24, 1 successors, FD is 10514432
         via 10.1.34.2 (10514432/28160), Serial0/1
         via 10.1.24.2 (20537600/281600), Serial0/0

The primary route has a metric of 10514432 (256kbps) and the fessiable sucessor has a metric of 20537600 (128kbps) which is rougly twice as bad;

10514432 x 2 = 21028864

So by using the variance command using a multiplier of 2 (as this will would encompass the 128kbps links metric) we can load balance

BB-Router(config)#router eigrp 90
BB-Router(config-router)#variance ?
<1-128> Metric variance multiplier
BB-Router(config-router)#variance 2

Lets check the routing table now;

BB-Router#show ip route

     172.30.0.0/16 is variably subnetted, 10 subnets, 2 masks
C       172.30.2.0/24 is directly connected, Loopback2
C       172.30.3.0/24 is directly connected, Loopback3
D       172.30.0.0/21 is a summary, 00:00:20, Null0
C       172.30.0.0/24 is directly connected, Loopback0
C       172.30.1.0/24 is directly connected, Loopback1
C       172.30.6.0/24 is directly connected, Loopback6
C       172.30.7.0/24 is directly connected, Loopback7
C       172.30.4.0/24 is directly connected, Loopback4
C       172.30.5.0/24 is directly connected, Loopback5
C       172.30.8.0/24 is directly connected, Loopback8
     10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
D       10.1.2.0/24 [90/10514432] via 10.1.34.2, 00:00:20, Serial0/1
                    [90/20537600] via 10.1.24.2, 00:00:20, Serial0/0
C       10.1.24.2/32 is directly connected, Serial0/0
D       10.1.25.0/24 [90/10642432] via 10.1.34.2, 00:00:20, Serial0/1 <--- load balancing
                     [90/20640000] via 10.1.24.2, 00:00:20, Serial0/0           <--- load balancing

Now we can see we are load balancing over both links, EIGRP will intelligent load balance over the links, for every 2 packets send over the 256kbps link it will send 1 packet of the 128kbps .... AWESOME!

Objective 4

For this objective we need to summarise 172.30.0.0 172.30.7.255 into a single network, we cant include 172.30.8.0/24 as the summarisation will not be as efficient

1    1    1 1 1    5 bits needed
128 64 32 16 8 4 2 1

   8          8        5                        = bits
11111111.11111111.11111000.0-------   = 248

mask = 255.255.248.0 /21 in CIDR notation

Routing table BEFORE

R2>show ip route

Gateway of last resort is 10.1.2.3 to network 192.168.1.0

     172.30.0.0/24 is subnetted, 9 subnets
D       172.30.2.0 [90/10665472] via 10.1.2.3, 01:08:09, Ethernet0/0
D       172.30.3.0 [90/10665472] via 10.1.2.3, 01:08:09, Ethernet0/0
D       172.30.0.0 [90/10665472] via 10.1.2.3, 01:08:09, Ethernet0/0
D       172.30.1.0 [90/10665472] via 10.1.2.3, 01:08:09, Ethernet0/0
D       172.30.6.0 [90/10665472] via 10.1.2.3, 01:08:09, Ethernet0/0
D       172.30.7.0 [90/10665472] via 10.1.2.3, 01:08:09, Ethernet0/0
D       172.30.4.0 [90/10665472] via 10.1.2.3, 01:08:09, Ethernet0/0
D       172.30.5.0 [90/10665472] via 10.1.2.3, 01:08:09, Ethernet0/0
D       172.30.8.0 [90/10665472] via 10.1.2.3, 01:08:09, Ethernet0/0
     10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
C       10.1.2.0/24 is directly connected, Ethernet0/0
C       10.1.24.1/32 is directly connected, Serial0/0
C       10.1.25.0/24 is directly connected, Loopback2
C       10.1.24.0/30 is directly connected, Serial0/0
D       10.1.34.0/30 [90/10537472] via 10.1.2.3, 01:08:12, Ethernet0/0
D*   192.168.1.0/24 [90/10537472] via 10.1.2.3, 01:08:09, Ethernet0/0

BB-Router(config)#int ser0/0
BB-Router(config-if)#ip summary-address eigrp 90 172.30.0.0 255.255.248.0

R2>show ip route

Gateway of last resort is 10.1.2.3 to network 192.168.1.0

     172.30.0.0/16 is variably subnetted, 10 subnets, 2 masks
D       172.30.2.0/24 [90/10665472] via 10.1.2.3, 01:10:11, Ethernet0/0
D       172.30.3.0/24 [90/10665472] via 10.1.2.3, 01:10:11, Ethernet0/0
D       172.30.0.0/21 [90/20640000] via 10.1.24.1, 00:00:15, Serial0/0 <---- there it is
D       172.30.0.0/24 [90/10665472] via 10.1.2.3, 01:10:11, Ethernet0/0
D       172.30.1.0/24 [90/10665472] via 10.1.2.3, 01:10:11, Ethernet0/0
D       172.30.6.0/24 [90/10665472] via 10.1.2.3, 01:10:11, Ethernet0/0
D       172.30.7.0/24 [90/10665472] via 10.1.2.3, 01:10:11, Ethernet0/0
D       172.30.4.0/24 [90/10665472] via 10.1.2.3, 01:10:11, Ethernet0/0
D       172.30.5.0/24 [90/10665472] via 10.1.2.3, 01:10:11, Ethernet0/0
D       172.30.8.0/24 [90/10665472] via 10.1.2.3, 00:00:15, Ethernet0/0
     10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
C       10.1.2.0/24 is directly connected, Ethernet0/0
C       10.1.24.1/32 is directly connected, Serial0/0
C       10.1.25.0/24 is directly connected, Loopback2
C       10.1.24.0/30 is directly connected, Serial0/0
D       10.1.34.0/30 [90/10537472] via 10.1.2.3, 00:00:15, Ethernet0/0
D*   192.168.1.0/24 [90/10537472] via 10.1.2.3, 00:00:15, Ethernet0/0

We can see the new summary route taking affect, but R2 is still learning about this network from 10.1.2.3 (R3) REMEMBER regardless of Admin distance or speed of link, if a router has a more SPECIFIC mask for a network, it will use that route!!!

lets fix that;

BB-Router(config)#int serial0/1
BB-Router(config-if)#ip summary-address eigrp 90 172.30.0.0 255.255.248.0

R2>show ip route

     172.30.0.0/16 is variably subnetted, 2 subnets, 2 masks
D       172.30.0.0/21 [90/10665472] via 10.1.2.3, 00:14:38, Ethernet0/0 <-- summary
D       172.30.8.0/24 [90/10665472] via 10.1.2.3, 00:14:38, Ethernet0/0 <--
     10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
C       10.1.2.0/24 is directly connected, Ethernet0/0
C       10.1.24.1/32 is directly connected, Serial0/0
C       10.1.25.0/24 is directly connected, Loopback2
C       10.1.24.0/30 is directly connected, Serial0/0
D       10.1.34.0/30 [90/10537472] via 10.1.2.3, 00:16:07, Ethernet0/0
D*   192.168.1.0/24 [90/10537472] via 10.1.2.3, 00:14:38, Ethernet0/0

Excellent! notice we have the 172.30.8.0/24 route too, this is becuase the summary is only advertising; 172.30.0.0 --> 172.30.7.255 and the network statement on EIGRP catches the rest of the 172 network;

router eigrp 90
passive-interface default
no passive-interface Serial0/0
no passive-interface Serial0/1
network 10.1.0.0 0.0.255.255
network 172.30.0.0
network 192.168.1.0
no auto-summary

Job done

3rd Objective;

PASSIVE INTERFACES

If we look at R2, this router has an interface in 10.1.25.0/24, there is no other router on this segment yet R2 is sending hello's out this interface trying to actively form a relationship with an EIGRP neighbour. This is a HUGE security hole as someone could plug in there own router and get EIGRP up and running and start injecting routes into the network, or better yet he could pull off a man in the middle attack and be packet sniffing all the traffic and forwarding it on.

One approach would be to remove the network from EIGRP, BUT this now means you are not advertising this network.....

This is where passive interfaces come in, as they disable the hello messages on that interface meaning no neighbour can form BUT it will still advertise the network to the rest of your EIGRP topology :0)

R2(config)#router eigrp 90
R2(config-router)#passive-interface loopback 2

(Im doing loopback2 as i didnt have another fastethernet port like on the CBT/network diagram)

So now, no hello messages will be sent out to 10.1.25.0/24 and no neighbourships will form and no routes learnt *dusts hands*

This is very different to what RIP's passive interface does;
It wont send updates out the interface (RIP doesn't form neighbours like EIGRP,just sends updates via broadcast or multicast depending on version) BUT it will still accept updates from other RIP routers and add them updates to the routing table.

----------------------------------------------------------------------------------
RIP's passive interface NOT as secure as EIGRP's passive interface
--------------------------------------------------------------------------------

Now lets secure the BackBone router, we have aload of interfaces (loopbacks in this example, but hey!) It would be alot more secure and easier for us to set all interfaces by default as passive

BB-Router(config)#router eigrp 90
BB-Router(config-router)#passive-interface default
BB-Router(config-router)#
00:36:33: %DUAL-5-NBRCHANGE: IP-EIGRP 90: Neighbor 10.1.24.2 (Serial0/0) is down: interface passive
00:36:33: %DUAL-5-NBRCHANGE: IP-EIGRP 90: Neighbor 10.1.34.2 (Serial0/1) is down: interface passive

Obviously this downs the neighbours straightaway as we have disabled the hello messages from talking to the neighbour, to get it up and running again we use the no command;

BB-Router(config-router)#no passive-interface serial0/0
BB-Router(config-router)#no passive-interface serial0/1
00:37:31: %DUAL-5-NBRCHANGE: IP-EIGRP 90: Neighbor 10.1.24.2 (Serial0/0) is up: new adjacency
00:37:31: %SYS-5-CONFIG_I: Configured from console by vty1 (10.1.34.2)
00:37:34: %DUAL-5-NBRCHANGE: IP-EIGRP 90: Neighbor 10.1.34.2 (Serial0/1) is up: new adjacency

heres it all together in the running config;

BB-Router#show run | s eigrp
router eigrp 90
passive-interface default
no passive-interface Serial0/0
no passive-interface Serial0/1
network 10.1.0.0 0.0.255.255
network 172.30.0.0
network 192.168.1.0
no auto-summary

Sunday 13 November 2011

2nd objective;

we can either use re-distrubtion, like re-distributing a static route, but then you might have other routes you do not wish to advertise so you have to filter ... turns abit of a headache (no default-information orginate command like OSPF :0( )

likewise you could create a static 0.0.0.0 0.0.0.0 <next hop> and then put this into EIGRP via network 0.0.0.0, BUT this will advertise all networks!!! BE CAREFUL WITH THAT COMMAND

IP DEFAULT NETWORK

BB-Router(config)#ip default-network 192.168.1.0
BB-Router#show ip route

S* 192.168.1.0/24 is directly connected, Null0

* - candidate default,

lets jump over and have alook at one of the other neighbours;

R3# show ip route
Gateway of last resort is 10.1.34.1 to network 192.168.1.0

D* 192.168.1.0/24 [90/10511872] via 10.1.34.1, 00:04:03, Serial1/0

COOLIO, mission accomplished (not as kool as OSPF, but hey!)

... ONE THING TO NOTE! the network for this command HAS to be classful!?!?! ... so for this route it was okay as this was a class C network, but say we wanted a default route for one of the loopbacks ... 172.32.8.0/24, we would have to use a /16 - WEIRD?!?!? .. dont like this command!

THE LAB

Sweet! managed to cram in the EIGRP lab into my cabinet :0) ... well, kinda, still need some extra room, wonder if the missus will let me get another cabinet ... LOL

Not going link this up to my other lab just yet, wanna keep it separate .... ill get to it via another wireless AP

Saturday 12 November 2011

THE EIGRP LAB

Right, I have setup a new lab (seperate from my current lab) I have setup the lab as per Jeremys instructions, just IP addressing done so far ....

NOW lets get some ROUTING sorted!

NOTES

The network command has 2 functions
1) send hello's on any 172.30.0.0 interface
2) advertise the network

lets get EIGRP up and running on this backbone router;

BB-Router(config)#router eigrp 90
BB-Router(config-router)#network 172.30.0.0 0.0.255.255
BB-Router(config-router)#network 10.1.0.0 0.0.255.255
BB-Router(config-router)#no auto-summary

you kinda expect some magic or something right about now, but remember we have no neighbours yet :0(

BUT we can confirm that EIGRP is now running on the router;

BB-Router#show ip protocols
Routing Protocol is "eigrp 90"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing: eigrp 90
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks:
    10.1.0.0/16    <----- shows /16 not /8 as not using default mask, tar no auto-summary
    172.30.0.0       <----- This is default mask, it does not have to put /16
Routing Information Sources:
    Gateway         Distance      Last Update
    (this router)         90      00:03:51
Distance: internal 90 external 170

You will notice from the output our friends the K weights (the metric);
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
And look which ones we have, K1 and K3, Bandwidth and Delay - we know all about them :0)

Lets telnet over and get R2 EIGRP'd up;

R2(config)#router eigrp 90
R2(config-router)#no auto-summary
R2(config-router)#network 10.1.2.2 0.0.0.0
R2(config-router)#network 10.1.24.2 0.0.0.0
R2(config-router)#network 10.1.25.2 0.0.0.0

Always love seeing this notification;

01:05:24: %DUAL-5-NBRCHANGE: IP-EIGRP 90: Neighbor 10.1.24.2 (Serial0/0) is up: new adjacency network

10.1.25.2

Lets check out the neighbour relationships;

R2#show ip eigrp neighbours
IP-EIGRP neighbors for process 90
H   Address                 Interface   Hold Uptime   SRTT   RTO Q Seq Type
                                        (sec)         (ms)       Cnt Num
0   10.1.24.1               Se0/0         13 00:06:43 474 2844 0 2

The H = At the beginning of the column stands for Handle, this is the order that it learnt the neighbours in, works from 0 being first, upwards ---->

Hold Time = This is the amount of time the router will wait till it considers it neighbour dead,
On a fast network (NBMA, T1 or greater) the Hold time is 15 seconds, bear in mind a HELLO is sent every 5 seconds, so if it misses 3 HELLO's that neighbour is considered dead, typically that HOLD time will not go below 10 seconds, if it does there could be some issues along the link which is causing it to miss a hello etc

Lets see;

R2#show ip eigr ne
IP-EIGRP neighbors for process 90
H   Address                 Interface   Hold Uptime   SRTT   RTO Q Seq Type
                                        (sec)         (ms)       Cnt Num
0   10.1.24.1               Se0/0         11 00:06:45 474 2844 0 2

R2#show ip eigr ne
IP-EIGRP neighbors for process 90
H   Address                 Interface   Hold Uptime   SRTT   RTO Q Seq Type
                                        (sec)         (ms)       Cnt Num
0   10.1.24.1               Se0/0         14 00:06:46 474 2844 0 2

Arh yes, we can see the 2nd time i ran it the Hold time went back up to 14 secs as it recieved an HELLO from the neighbour

SRTT = Source Round Trip Timer, how long did it take to get there and back from its neighbour (uses to this gauge how long it should wait to hear back from an UPDATE msg

RTO = Re Transmit Timeout, how long will it wait before it retransmits a msg

Q = How many packets are waiting in queue, sitting for neighbour (EIGRP msgs) should NEVER queue, if you see it go above zero, probably could be some bandwidth issues (routing protocols should send these as soon as they have it)

Seq Type = version of the EIGRP database

Lets check our routing table;

R2#show ip route

     172.30.0.0/24 is subnetted, 9 subnets
D       172.30.2.0 [90/20640000] via 10.1.24.1, 00:28:06, Serial0/0
D       172.30.3.0 [90/20640000] via 10.1.24.1, 00:28:06, Serial0/0
D       172.30.0.0 [90/20640000] via 10.1.24.1, 00:28:06, Serial0/0
D       172.30.1.0 [90/20640000] via 10.1.24.1, 00:28:06, Serial0/0
D       172.30.6.0 [90/20640000] via 10.1.24.1, 00:28:06, Serial0/0
D       172.30.7.0 [90/20640000] via 10.1.24.1, 00:28:06, Serial0/0
D       172.30.4.0 [90/20640000] via 10.1.24.1, 00:28:06, Serial0/0
D       172.30.5.0 [90/20640000] via 10.1.24.1, 00:28:06, Serial0/0
D       172.30.8.0 [90/20640000] via 10.1.24.1, 00:28:06, Serial0/0
     10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
C       10.1.2.0/24 is directly connected, Ethernet0/0
C       10.1.25.0/24 is directly connected, Loopback2
C       10.1.24.0/30 is directly connected, Serial0/0
D       10.1.34.0/30 [90/21024000] via 10.1.24.1, 00:28:07, Serial0/0

awesome! lets jump over to R3;

R3(config)#router eigrp 90
R3(config-router)#no auto-summary
R3(config-router)#network 10.1.2.3 0.0.0.0
R3(config-router)#network 10.1.34.2 0.0.0.0

Looking good;

R3#show ip eigrp neighbours
IP-EIGRP neighbors for process 90
H   Address                 Interface       Hold Uptime   SRTT   RTO Q Seq Type
                                            (sec)         (ms)       Cnt Num
1   10.1.34.1               Se1/0             11 00:00:16 706 4236 0 4
0   10.1.2.2                Fa0/0             14 00:00:24 467 2802 0 8

Lets hop back to the back bone router and checking the routes;

BB-Router#show ip route

     172.30.0.0/24 is subnetted, 9 subnets
C       172.30.2.0 is directly connected, Loopback2
C       172.30.3.0 is directly connected, Loopback3
C       172.30.0.0 is directly connected, Loopback0
C       172.30.1.0 is directly connected, Loopback1
C       172.30.6.0 is directly connected, Loopback6
C       172.30.7.0 is directly connected, Loopback7
C       172.30.4.0 is directly connected, Loopback4
C       172.30.5.0 is directly connected, Loopback5
C       172.30.8.0 is directly connected, Loopback8
     10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
D       10.1.2.0/24 [90/10514432] via 10.1.34.2, 00:04:31, Serial0/1
D       10.1.25.0/24 [90/10642432] via 10.1.34.2, 00:04:31, Serial0/1
C       10.1.24.0/30 is directly connected, Serial0/0
C       10.1.34.0/30 is directly connected, Serial0/1

awesome, now as we would expect we are seeing the routes in the routing table favoring the higher bandwidth link to R3 (10.1.34.2/out Serial0/1);

BB-Router# show int serial0/1
Serial0/1 is up, line protocol is up
Hardware is QUICC Serial
Internet address is 10.1.34.1/30
MTU 1500 bytes, BW 256 Kbit, DLY 20000 usec, <---- 256kbit

so referring to the diagram, the quickest route to 10.1.25.0 is via R3 and over the ethernet segment, as this has twice the bandwidth of serial0/0 link over to R2

BB-Router#show ip route 10.1.25.0
Routing entry for 10.1.25.0/24
Known via "eigrp 90", distance 90, metric 10642432, type internal
Redistributing via eigrp 90
Last update from 10.1.34.2 on Serial0/1, 00:08:53 ago
Routing Descriptor Blocks:
* 10.1.34.2, from 10.1.34.2, 00:08:53 ago, via Serial0/1
      Route metric is 10642432, traffic share count is 1
      Total delay is 25100 microseconds, minimum bandwidth is 256 Kbit
      Reliability 252/255, minimum MTU 1500 bytes
      Loading 1/255, Hops 2

and checking against the EIGRP topology table confirms the above;

BB-Router#show ip eigrp top 10.1.25.0 255.255.255.0
IP-EIGRP (AS 90): Topology entry for 10.1.25.0/24
State is Passive, Query origin flag is 1, 1 Successor(s), FD is 10642432
Routing Descriptor Blocks:
10.1.34.2 (Serial0/1), from 10.1.34.2, Send flag is 0x0
      Composite metric is (10642432/156160), Route is Internal
      Vector metric:
        Minimum bandwidth is 256 Kbit
        Total delay is 25100 microseconds
        Reliability is 252/255
        Load is 1/255
        Minimum MTU is 1500
        Hop count is 2
10.1.24.2 (Serial0/0), from 10.1.24.2, Send flag is 0x0
      Composite metric is (20640000/128256), Route is Internal
      Vector metric:
        Minimum bandwidth is 128 Kbit
        Total delay is 25000 microseconds
        Reliability is 255/255
        Load is 1/255
        Minimum MTU is 1500
        Hop count is 1

There we go, we see the sucessor route (this goes into the routing table) is the route via Serial0/1 to neighbour 10.1.34.2 via the 256kbit line, the route below it from 10.1.24.2 is the fessiable sucessor

hey, remember how we work out the metric, lets take the 128kbit route;

10^7 = 10000000 ÷ 128kbits (min bandwidth) = 78125
78125 + all delay links which is 25000ms (25000ms ÷ 10 = 2500usec) = 80625
80625 X 256 = 20640000 is the metric for that route :0)

BB-Router#show ip eigrp topology
IP-EIGRP Topology Table for AS(90)/ID(172.30.8.1)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
       r - reply Status, s - sia Status

P 10.1.2.0/24, 1 successors, FD is 10514432
         via 10.1.34.2 (10514432/281600), Serial0/1
         via 10.1.24.2 (20537600/281600), Serial0/0
P 10.1.24.2/32, 1 successors, FD is 20512000
         via Rconnected (20512000/0)
P 10.1.25.0/24, 1 successors, FD is 10642432
         via 10.1.34.2 (10642432/156160), Serial0/1
         via 10.1.24.2 (20640000/128256), Serial0/0
P 10.1.24.0/30, 1 successors, FD is 20512000
         via Connected, Serial0/0
P 10.1.34.0/30, 1 successors, FD is 10511872
         via Connected, Serial0/1
P 172.30.2.0/24, 1 successors, FD is 128256
         via Connected, Loopback2
P 172.30.3.0/24, 1 successors, FD is 128256
         via Connected, Loopback3
P 172.30.0.0/24, 1 successors, FD is 128256
         via Connected, Loopback0
P 172.30.1.0/24, 1 successors, FD is 128256
         via Connected, Loopback1
P 172.30.6.0/24, 1 successors, FD is 128256
         via Connected, Loopback6
P 172.30.7.0/24, 1 successors, FD is 128256
         via Connected, Loopback7
P 172.30.4.0/24, 1 successors, FD is 128256
         via Connected, Loopback4
P 172.30.5.0/24, 1 successors, FD is 128256
         via Connected, Loopback5
P 172.30.8.0/24, 1 successors, FD is 128256
         via Connected, Loopback8

All routes here are marked P, P = Passive (which is GOOD) lets have a look a route;

P 10.1.2.0/24, 1 successors, FD is 10514432
         via 10.1.34.2 (10514432/281600), Serial0/1   <--- 256kbit link
         via 10.1.24.2 (20537600/281600), Serial0/0

SO notice this 2 routes but only 1 successor, this is becuase 1 route has a better metric than the other (which is determined by the K metrics) the route via neighbour 10.1.34.2 is the successor (fessiable distance 10514432)

/28160) = Is Advertised Distance, this is the distance from your neighbour, so although both of them tied on this, the fessiable distance is the decider as to wheather they load balance or one becomes a sucessor or not (the WAN link bandwidths in this case decided it)

So KEWL! so very very KEWL!

anyways, right next step, we need a static route to be advertised about the 192.168.1.0/24

BB-Router(config)#ip route 192.168.1.0 255.255.255.0 null0

lets check the neighbours and see if they have got it;

R2#show ip route | i 192.168.1.0
D    192.168.1.0/24 [90/10537472] via 10.1.2.3, 00:01:33, Ethernet0/0

Sweeet, right thats objective 1 done.