netgo

How does the OSPF cost work?

In this post, I will handle the OSPF cost (OSPF cost and auto-cost reference-bandwidth). Normally, I use the OSPF with default setting.

1. Pre-requisite.

This is my environment to re-produce. I will write the simple configuration with default values.

s1 (1.1.1.1/32)

s2 (2.2.2.2/32)

s3 (3.3.3.3/32)

feature ospf

interface Ethernet1/1

no switchport

ip address 100.21.1.11/16

ip router ospf 1 area 0.0.0.0

no shutdown

interface Ethernet1/3

no switchport

ip address 100.31.1.13/16

ip router ospf 1 area 0.0.0.0

no shutdown

interface loopback0

ip address 1.1.1.1/32

ip router ospf 1 area 0.0.0.0

router ospf 1

router-id 1.1.1.1

feature ospf

interface Ethernet1/1

no switchport

ip address 100.21.2.11/16

ip router ospf 2 area 0.0.0.0

no shutdown

interface Ethernet1/2

no switchport

ip address 100.32.2.12/16

ip router ospf 2 area 0.0.0.0

no shutdown

interface loopback0

ip address 2.2.2.2/32

ip router ospf 2 area 0.0.0.0

router ospf 2

router-id 2.2.2.2

feature ospf

interface Ethernet1/2

no switchport

ip address 100.32.3.12/16

ip router ospf 3 area 0.0.0.0

no shutdown

interface Ethernet1/3

no switchport

ip address 100.31.3.13/16

ip router ospf 3 area 0.0.0.0

no shutdown

interface loopback0

ip address 3.3.3.3/32

ip router ospf 3 area 0.0.0.0

router ospf 3

router-id 3.3.3.3

2. Verify default status.

With default values, I can see the routing table over s1.

s1# show ip route

1.1.1.1/32, ubest/mbest: 2/0, attached

*via 1.1.1.1, Lo0, [0/0], 00:39:21, local

*via 1.1.1.1, Lo0, [0/0], 00:39:21, direct

2.2.2.2/32, ubest/mbest: 1/0

*via 100.21.2.11, Eth1/1, [110/41], 00:35:38, ospf-1, intra

3.3.3.3/32, ubest/mbest: 1/0

*via 100.31.3.13, Eth1/3, [110/41], 00:33:43, ospf-1, intra

100.21.0.0/16, ubest/mbest: 1/0, attached

*via 100.21.1.11, Eth1/1, [0/0], 00:36:44, direct

100.21.1.11/32, ubest/mbest: 1/0, attached

*via 100.21.1.11, Eth1/1, [0/0], 00:36:44, local

100.31.0.0/16, ubest/mbest: 1/0, attached

*via 100.31.1.13, Eth1/3, [0/0], 00:34:24, direct

100.31.1.13/32, ubest/mbest: 1/0, attached

*via 100.31.1.13, Eth1/3, [0/0], 00:34:24, local

100.32.0.0/16, ubest/mbest: 2/0

*via 100.21.2.11, Eth1/1, [110/80], 00:33:43, ospf-1, intra

*via 100.31.3.13, Eth1/3, [110/80], 00:33:43, ospf-1, intra

I can see the 2 kinds of values, [110/41] and [110/80]. The first value is the preference which is called as the administrative distance. In this instruction, there is the table list. In my case, I used the OSPF protocol which has 110 value as the default distance values.

The second value is the metric which means the cost. The smaller value for the cost has higher priority.

From [110/41] and [110/80], "41" and "80" are the metric cost. Before calcuate these values, I need to understand the "auto-cost referece-bandwidth".

3. About auto-cost referece-bandwidth.

The cost is obtained by "auto-cost reference-bandwidth / interface bandwidth". In this instruction, it show how to configure this auto-cost reference-bandwidth. This is overview.

In my case, I used the Cisco Nexus image. Therefore, the default value is like below from this instruction.

I can verify this value with command, "show ip ospf". This is the sample from s1.

s1# show ip ospf

Routing Process 1 with ID 1.1.1.1 VRF default

Routing Process Instance Number 1

Stateful High Availability enabled

Graceful-restart is configured

Grace period: 60 state: Inactive

Last graceful restart exit status: None

Supports only single TOS(TOS0) routes

Supports opaque LSA

Administrative distance 110

Reference Bandwidth is 40000 Mbps

SPF throttling delay time of 200.000 msecs,

SPF throttling hold time of 1000.000 msecs,

SPF throttling maximum wait time of 5000.000 msecs

LSA throttling start time of 0.000 msecs,

LSA throttling hold interval of 5000.000 msecs,

LSA throttling maximum wait time of 5000.000 msecs

Minimum LSA arrival 1000.000 msec

LSA group pacing timer 10 secs

Maximum paths to destination 8

Number of external LSAs 0, checksum sum 0

Number of opaque AS LSAs 0, checksum sum 0

Number of areas is 1, 1 normal, 0 stub, 0 nssa

Number of active areas is 1, 1 normal, 0 stub, 0 nssa

Install discard route for summarized external routes.

Install discard route for summarized internal routes.

Area BACKBONE(0.0.0.0)

Area has existed for 02:52:56

Interfaces in this area: 3 Active interfaces: 3

Passive interfaces: 0 Loopback interfaces: 1

No authentication available

SPF calculation has run 9 times

Last SPF ran for 0.001811s

Area ranges are

Number of LSAs: 6, checksum sum 0x30590

Reference Bandwidth is 40000 Mbps. In s1, ethernet 1/1 and ethernet 1/3 have 1Gbps Bandwidth

s1# show inter et 1/1
Ethernet1/1 is up
admin state is up, Dedicated Interface
  Hardware: 100/1000/10000 Ethernet, address: 0cfc.6a48.f207 (bia 0cfc.6a48.f208 )
  Internet Address is 100.21.1.11/16
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec
  reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, medium is broadcast
  full-duplex, 1000 Mb/s

s1# show inter et 1/3
Ethernet1/3 is up
admin state is up, Dedicated Interface
  Hardware: 100/1000/10000 Ethernet, address: 0cfc.6a48.f207 (bia 0cfc.6a48.f20a )
  Internet Address is 100.31.1.13/16
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec
  reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, medium is broadcast
  full-duplex, 1000 Mb/s

Thus, 40000 Mbps / 1000 Mbps = 40. This is the cost. I can verify the value only with command "show ip ospf interface" also. The below is the sample from s1.

s1# show ip ospf interface

Ethernet1/1 is up, line protocol is up

IP address 100.21.1.11/16

Process ID 1 VRF default, area 0.0.0.0

Enabled by interface configuration

State BDR, Network type BROADCAST, cost 40

Index 2, Transmit delay 1 sec, Router Priority 1

Designated Router ID: 2.2.2.2, address: 100.21.2.11

Backup Designated Router ID: 1.1.1.1, address: 100.21.1.11

1 Neighbors, flooding to 1, adjacent with 1

Timer intervals: Hello 10, Dead 40, Wait 40, Retransmit 5

Hello timer due in 00:00:04

No authentication

Number of opaque link LSAs: 0, checksum sum 0

Ethernet1/3 is up, line protocol is up

IP address 100.31.1.13/16

Process ID 1 VRF default, area 0.0.0.0

Enabled by interface configuration

State BDR, Network type BROADCAST, cost 40

Index 3, Transmit delay 1 sec, Router Priority 1

Designated Router ID: 3.3.3.3, address: 100.31.3.13

Backup Designated Router ID: 1.1.1.1, address: 100.31.1.13

1 Neighbors, flooding to 1, adjacent with 1

Timer intervals: Hello 10, Dead 40, Wait 40, Retransmit 5

Hello timer due in 00:00:03

No authentication

Number of opaque link LSAs: 0, checksum sum 0

loopback0 is up, line protocol is up

IP address 1.1.1.1/32

Process ID 1 VRF default, area 0.0.0.0

Enabled by interface configuration

State LOOPBACK, Network type LOOPBACK, cost 1

Index 1

I need to calculate these values. In this instruction, it show how to calculate and select the path.

4. Analysis the OSPF routing cost.

In s1 switch, [110/41] and [110/80] are the values as the cost.

I need to see more detail. "3.3.3.3" is the loopback interface. This IP address can be obtain with 2 path. "81" and "41" are the cost values. "41" is lower values. This is selected.

5. (Option 1) Adjust the Interface Bandwidth to change the path.

There are many method to determine the path. Most simple way is the change the interface bandwidth and speed. I change the interface bandwidth like below. Please read this instruction.

s1 (1.1.1.1/32)

s3 (3.3.3.3/32)

s1(config)# inter et 1/3

s1(config-if)# bandwidth 100000

s3(config)# inter et 1/3

s3(config-if)# bandwidth 100000

After then, I can check the interface bandwidth status

s1# show ip ospf inter et 1/3
Ethernet1/3 is up, line protocol is up
    IP address 100.31.1.13/16
    Process ID 1 VRF default, area 0.0.0.0
    Enabled by interface configuration
    State BDR, Network type BROADCAST, cost 400
    Index 3, Transmit delay 1 sec, Router Priority 1
    Designated Router ID: 3.3.3.3, address: 100.31.3.13
    Backup Designated Router ID: 1.1.1.1, address: 100.31.1.13
    1 Neighbors, flooding to 1, adjacent with 1
    Timer intervals: Hello 10, Dead 40, Wait 40, Retransmit 5
      Hello timer due in 00:00:03
    No authentication
    Number of opaque link LSAs: 0, checksum sum 0

s3# show ip ospf interface ethernet 1/3
Ethernet1/3 is up, line protocol is up
    IP address 100.31.3.13/16
    Process ID 3 VRF default, area 0.0.0.0
    Enabled by interface configuration
    State DR, Network type BROADCAST, cost 400
    Index 3, Transmit delay 1 sec, Router Priority 1
    Designated Router ID: 3.3.3.3, address: 100.31.3.13
    Backup Designated Router ID: 1.1.1.1, address: 100.31.1.13
    1 Neighbors, flooding to 1, adjacent with 1
    Timer intervals: Hello 10, Dead 40, Wait 40, Retransmit 5
      Hello timer due in 00:00:06
    No authentication
    Number of opaque link LSAs: 0, checksum sum 0

Now, I can see the routing table changed like below.

s1# show ip route

1.1.1.1/32, ubest/mbest: 2/0, attached

*via 1.1.1.1, Lo0, [0/0], 00:07:12, local

*via 1.1.1.1, Lo0, [0/0], 00:07:12, direct

2.2.2.2/32, ubest/mbest: 1/0

*via 100.21.2.11, Eth1/1, [110/41], 00:06:11, ospf-1, intra

3.3.3.3/32, ubest/mbest: 1/0

*via 100.21.2.11, Eth1/1, [110/81], 00:05:29, ospf-1, intra

100.21.0.0/16, ubest/mbest: 1/0, attached

*via 100.21.1.11, Eth1/1, [0/0], 00:07:13, direct

100.21.1.11/32, ubest/mbest: 1/0, attached

*via 100.21.1.11, Eth1/1, [0/0], 00:07:13, local

100.31.0.0/16, ubest/mbest: 1/0, attached

*via 100.31.1.13, Eth1/3, [0/0], 00:07:12, direct

100.31.1.13/32, ubest/mbest: 1/0, attached

*via 100.31.1.13, Eth1/3, [0/0], 00:07:12, local

100.32.0.0/16, ubest/mbest: 1/0

*via 100.21.2.11, Eth1/1, [110/80], 00:05:29, ospf-1, intra

6. (Option 2) Adjust the auto-cost reference bandwidth to change the path.

Auto-cost reference-bandwidth is the global parameter. Therefore, I change this value on s1 switch. There is no effect. Also there is no effect even if I change the value on s2 switch.

In this post, I will show how this value is changed.

s1(config)# router ospf 1
s1(config-router)# auto-cost reference-bandwidth 10000
s1(config-router)# exit

I can verify the ospf information

s1# show ip ospf

Routing Process 1 with ID 1.1.1.1 VRF default

Routing Process Instance Number 1

Stateful High Availability enabled

Graceful-restart is configured

Grace period: 60 state: Inactive

Last graceful restart exit status: None

Supports only single TOS(TOS0) routes

Supports opaque LSA

Administrative distance 110

Reference Bandwidth is 10000 Mbps

Therefore, the routing table will be changed like below.

s1# show ip route

1.1.1.1/32, ubest/mbest: 2/0, attached

*via 1.1.1.1, Lo0, [0/0], 00:18:15, local

*via 1.1.1.1, Lo0, [0/0], 00:18:15, direct

2.2.2.2/32, ubest/mbest: 1/0

*via 100.21.2.11, Eth1/1, [110/11], 00:02:25, ospf-1, intra

3.3.3.3/32, ubest/mbest: 1/0

*via 100.31.3.13, Eth1/3, [110/11], 00:02:25, ospf-1, intra

100.21.0.0/16, ubest/mbest: 1/0, attached

*via 100.21.1.11, Eth1/1, [0/0], 00:18:16, direct

100.21.1.11/32, ubest/mbest: 1/0, attached

*via 100.21.1.11, Eth1/1, [0/0], 00:18:16, local

100.31.0.0/16, ubest/mbest: 1/0, attached

*via 100.31.1.13, Eth1/3, [0/0], 00:18:15, direct

100.31.1.13/32, ubest/mbest: 1/0, attached

*via 100.31.1.13, Eth1/3, [0/0], 00:18:15, local

100.32.0.0/16, ubest/mbest: 2/0

*via 100.21.2.11, Eth1/1, [110/50], 00:02:25, ospf-1, intra

*via 100.31.3.13, Eth1/3, [110/50], 00:02:25, ospf-1, intra

7. (Option 3) Adjust the ip ospf cost to change the path.

This is more effective way. However, I do not recommand this way. Because this can make complexity. In this instruction, it show how to configure. This configuration will be done on each interface.

s1(config)# inter ethernet 1/3
s1(config-if)# ip ospf cost 100
s1(config-if)# exit

This is the result on s1 switch

s1# show ip ospf interface ethernet 1/3

Ethernet1/3 is up, line protocol is up

IP address 100.31.1.13/16

Process ID 1 VRF default, area 0.0.0.0

Enabled by interface configuration

State BDR, Network type BROADCAST, cost 100

Index 3, Transmit delay 1 sec, Router Priority 1

Designated Router ID: 3.3.3.3, address: 100.31.3.13

Backup Designated Router ID: 1.1.1.1, address: 100.31.1.13

1 Neighbors, flooding to 1, adjacent with 1

Timer intervals: Hello 10, Dead 40, Wait 40, Retransmit 5

Hello timer due in 00:00:03

No authentication

Number of opaque link LSAs: 0, checksum sum 0

Now, the path will be adjusted like below.

The routing table for s1 will be changed like below.

s1# show ip route

1.1.1.1/32, ubest/mbest: 2/0, attached

*via 1.1.1.1, Lo0, [0/0], 00:24:35, local

*via 1.1.1.1, Lo0, [0/0], 00:24:35, direct

2.2.2.2/32, ubest/mbest: 1/0

*via 100.21.2.11, Eth1/1, [110/41], 00:04:23, ospf-1, intra

3.3.3.3/32, ubest/mbest: 1/0

*via 100.21.2.11, Eth1/1, [110/81], 00:01:52, ospf-1, intra

100.21.0.0/16, ubest/mbest: 1/0, attached

*via 100.21.1.11, Eth1/1, [0/0], 00:24:36, direct

100.21.1.11/32, ubest/mbest: 1/0, attached

*via 100.21.1.11, Eth1/1, [0/0], 00:24:36, local

100.31.0.0/16, ubest/mbest: 1/0, attached

*via 100.31.1.13, Eth1/3, [0/0], 00:24:35, direct

100.31.1.13/32, ubest/mbest: 1/0, attached

*via 100.31.1.13, Eth1/3, [0/0], 00:24:35, local

100.32.0.0/16, ubest/mbest: 1/0

*via 100.21.2.11, Eth1/1, [110/80], 00:01:52, ospf-1, intra

This is the OSPF cost concept.

Reference

[ 1 ] https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/15986-admin-distance.html

[ 2 ] http://www.informit.com/articles/article.aspx?p=26129&seqNum=7

[ 3 ] https://www.computernetworkingnotes.com/ccna-study-guide/ospf-metric-cost-calculation-formula-explained.html

[ 4 ] https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5500/sw/command/reference/unicast/n5500-ucast-cr/n5k-ospf_cmds_a.pdf

[ 5 ] https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2012/pdf/BRKARC-3472.pdf

[ 6 ] https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/interfaces/configuration/guide/if_cli/if_layer3int.html

[ 7 ] https://community.cisco.com/t5/networking-documents/how-to-configure-ospf-cost/ta-p/3133153

저작자표시 비영리 변경금지

'Network Engineering > Basic Learning' 카테고리의 다른 글

OSPFv2 BR/BDR, Unnumbered Interface(Network Area, IP OSPF Area) Simple Concept. (0)	2020.06.05
How to ECMP load-balancing for CISCO? (ECMP Hashing) (0)	2020.04.22
How to work BGP synchronize and next hop self with Nexus? (0)	2019.07.11
What is basic BGP community concept? (0)	2019.06.18
How does the multicast (PIM sparse mode) work with MSDP? (0)	2019.06.07

How to work BGP synchronize and next hop self with Nexus?

I have already written about BGP concept simply in this another blog in Korean. For the BGP synchronization, I have also written in this blog in Korean. For Next hop self concept, this blog will be helpful. Please do not worry even if you can not read Korean. In this post, I will reproduce this synchorization and next-hop-self with nexus switches.

1. Pre-requisite

This is my environment for this post. I will configure step by step with below. For "OSPF1 + AS1" part,

s1 (lo1 110.0.0.1)

s2 (lo1 110.0.0.2)

s3 (lo1 110.0.0.3)

feature ospf

feature bgp

interface Ethernet1/2

no switchport

ip address 100.21.1.12/16

ip router ospf 1 area 0.0.0.1

no shutdown

interface Ethernet1/3

no switchport

ip address 100.31.1.13/16

ip router ospf 1 area 0.0.0.1

no shutdown

interface loopback0

ip address 110.0.0.1/32

ip router ospf 1 area 0.0.0.1

router ospf 1

router-id 110.0.0.1

feature ospf

feature bgp

interface Ethernet1/1

no switchport

ip address 100.42.2.11/16

no shutdown

interface Ethernet1/2

no switchport

ip address 100.21.2.12/16

ip router ospf 1 area 0.0.0.1

no shutdown

interface loopback0

ip address 110.0.0.2/32

ip router ospf 1 area 0.0.0.1

router ospf 1

router-id 110.0.0.2

router bgp 1

router-id 110.0.0.2

log-neighbor-changes

address-family ipv4 unicast

network 110.0.0.2/32

neighbor 100.42.4.11

remote-as 2

log-neighbor-changes

update-source loopback0

address-family ipv4 unicast

neighbor 110.0.0.3

remote-as 1

update-source loopback0

address-family ipv4 unicast

feature ospf

feature bgp

interface Ethernet1/1

no switchport

ip address 100.63.3.11/16

no shutdown

interface Ethernet1/3

no switchport

ip address 100.31.3.13/16

ip router ospf 1 area 0.0.0.1

no shutdown

interface loopback0

ip address 110.0.0.3/32

ip router ospf 1 area 0.0.0.1

router ospf 1

router-id 110.0.0.3

router bgp 1

router-id 110.0.0.3

address-family ipv4 unicast

network 110.0.0.3/32

neighbor 100.63.6.11

remote-as 3

update-source loopback0

address-family ipv4 unicast

neighbor 110.0.0.2

remote-as 1

update-source loopback0

address-family ipv4 unicast

For "OSPF2 + AS2" part,

s4 (lo1 110.0.0.4)

s5 (lo1 110.0.0.5)

feature ospf

feature bgp

interface Ethernet1/1

no switchport

ip address 100.42.4.11/16

no shutdown

interface Ethernet1/2

no switchport

ip address 100.54.4.12/16

ip router ospf 2 area 0.0.0.2

no shutdown

interface loopback0

ip address 110.0.0.4/32

router ospf 2

router-id 110.0.0.4

router bgp 2

router-id 110.0.0.4

log-neighbor-changes

address-family ipv4 unicast

network 110.0.0.4/32

neighbor 100.42.2.11

remote-as 1

log-neighbor-changes

address-family ipv4 unicast

neighbor 110.42.2.11

address-family ipv4 unicast

feature ospf

feature bgp

interface Ethernet1/2

no switchport

ip address 100.54.5.12/16

ip router ospf 2 area 0.0.0.2

no shutdown

interface loopback0

ip address 110.0.0.5/32

ip router ospf 2 area 0.0.0.2

router ospf 2

router-id 110.0.0.5

For "OSPF3 + AS3" part,

s6 (lo1 110.0.0.6)

s7 (lo1 110.0.0.7)

feature ospf

feature bgp

interface Ethernet1/1

no switchport

ip address 100.63.6.11/16

no shutdown

interface Ethernet1/2

no switchport

ip address 100.76.6.12/16

ip router ospf 3 area 0.0.0.3

no shutdown

interface loopback0

ip address 110.0.0.6/32

router ospf 3

router-id 110.0.0.6

router bgp 3

router-id 110.0.0.6

log-neighbor-changes

address-family ipv4 unicast

network 110.0.0.6/32

neighbor 100.63.3.11

remote-as 1

address-family ipv4 unicast

feature ospf

feature bgp

interface Ethernet1/2

no switchport

ip address 100.76.7.12/16

ip router ospf 3 area 0.0.0.3

no shutdown

interface loopback0

ip address 110.0.0.7/32

ip router ospf 3 area 0.0.0.3

router ospf 3

router-id 110.0.0.7

This is simple configuration. At this time, it is not perfect in traffic flow. In some case, it can not send each other. For example, S4 (110.0.0.4) and S6 (110.0.0.6) can not transfer the packets each other.

2. About BGP synchroization.

To verify the BGP synchronization, I have to look the BGP table on S3 switch.

s3# show ip bgp

BGP routing table information for VRF default, address family IPv4 Unicast

BGP table version is 16, Local Router ID is 110.0.0.3

Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best

Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i

njected

Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - b

est2

Network Next Hop Metric LocPrf Weight Path

*>i110.0.0.2/32 110.0.0.2 100 0 i

*>l110.0.0.3/32 0.0.0.0 100 32768 i

i110.0.0.4/32 100.42.4.11 100 0 2 i

*>e110.0.0.6/32 100.63.6.11 0 3 i

This is so strange. Because I did not "no synchorization" in BGP configuration, "110.0.0.4" should not be displayed. In this blog, the concept of the synchronization will be explained.

I used nexus switch image for this generation. In this instruction, there are default settings. By these values, the BGP table on S3 switch displayed S4 information.

3. About Next-Hop-Self.

This is not vaild status, even if the BGP table show S4 information. It looks like normal.

s3# show ip bgp

BGP routing table information for VRF default, address family IPv4 Unicast

BGP table version is 16, Local Router ID is 110.0.0.3

Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best

Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i

njected

Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - b

est2

Network Next Hop Metric LocPrf Weight Path

*>i110.0.0.2/32 110.0.0.2 100 0 i

*>l110.0.0.3/32 0.0.0.0 100 32768 i

i110.0.0.4/32 100.42.4.11 100 0 2 i

*>e110.0.0.6/32 100.63.6.11 0 3 i

I need to check the "Next Hop" status. "100.42.4.11" is the IP address between S2 and S4. In the routing table on S3, there is no information.

s3# show ip route

IP Route Table for VRF "default"

'*' denotes best ucast next-hop

'**' denotes best mcast next-hop

'[x/y]' denotes [preference/metric]

'%' in via output denotes VRF

100.21.0.0/16, ubest/mbest: 1/0

*via 100.31.1.13, Eth1/3, [110/80], 1d03h, ospf-1, intra

100.31.0.0/16, ubest/mbest: 1/0, attached

*via 100.31.3.13, Eth1/3, [0/0], 1d04h, direct

100.31.3.13/32, ubest/mbest: 1/0, attached

*via 100.31.3.13, Eth1/3, [0/0], 1d04h, local

100.63.0.0/16, ubest/mbest: 1/0, attached

*via 100.63.3.11, Eth1/1, [0/0], 1d04h, direct

100.63.3.11/32, ubest/mbest: 1/0, attached

*via 100.63.3.11, Eth1/1, [0/0], 1d04h, local

110.0.0.1/32, ubest/mbest: 1/0

*via 100.31.1.13, Eth1/3, [110/41], 1d03h, ospf-1, intra

110.0.0.2/32, ubest/mbest: 1/0

*via 100.31.1.13, Eth1/3, [110/81], 1d03h, ospf-1, intra

110.0.0.3/32, ubest/mbest: 2/0, attached

*via 110.0.0.3, Lo0, [0/0], 1d04h, local

*via 110.0.0.3, Lo0, [0/0], 1d04h, direct

110.0.0.6/32, ubest/mbest: 1/0

*via 100.63.6.11, [20/0], 1d02h, bgp-1, external, tag 3

It is not valid because the nexthop is not valid. To resolve this, there is the 2 ways. First, add the static route. Second, Next-hop-self.

# Add static route on s3

s3(config)# ip route 100.42.0.0/16 110.0.0.1

And then, I can see the BGP table. The status should be changed by valid.

s3# show ip bgp

BGP routing table information for VRF default, address family IPv4 Unicast

BGP table version is 17, Local Router ID is 110.0.0.3

Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best

Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i

njected

Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - b

est2

Network Next Hop Metric LocPrf Weight Path

*>i110.0.0.2/32 110.0.0.2 100 0 i

*>l110.0.0.3/32 0.0.0.0 100 32768 i

*>i110.0.0.4/32 100.42.4.11 100 0 2 i

*>e110.0.0.6/32 100.63.6.11 0 3 i

Now, I will configure "next-hop-self" on s2 switch after remove static route on s3 switch.

# Remove static route on s3

s3(config)# no ip route 100.42.0.0/16 110.0.0.1

# Add next hop self configuratoin on s2

s2(config)# router bgp 1
s2(config-router)# neighbor 110.0.0.3
s2(config-router-neighbor)# address-family ipv4 unicast
s2(config-router-neighbor-af)# next-hop-self
s2(config-router-neighbor-af)# end

Now look at the s3 switch with "show ip bgp" command

s3# show ip bgp

BGP routing table information for VRF default, address family IPv4 Unicast

BGP table version is 19, Local Router ID is 110.0.0.3

Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best

Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i

njected

Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - b

est2

Network Next Hop Metric LocPrf Weight Path

*>i110.0.0.2/32 110.0.0.2 100 0 i

*>l110.0.0.3/32 0.0.0.0 100 32768 i

*>i110.0.0.4/32 110.0.0.2 100 0 2 i

*>e110.0.0.6/32 100.63.6.11 0 3 i

There are 2 change. First, the status is changed as the valid. Second the next hop ip address is changed from "100.42.4.11" to "110.0.0.2". This "next-hop-self" feature make the "ebgp" existance clear. Now I will do again in s3 switch for next step.

s3(config)# router bgp 1

s3(config-router)# nei 110.0.0.2

s3(config-router-neighbor)# address-family ipv4 unicast

s3(config-router-neighbor-af)# next-hop-self

s3(config-router-neighbor-af)# exit

4. Troubleshooting.

Look at routing table and bgp table on the s4 switch and s6 switch. From s4 switch,

s4# show ip route

IP Route Table for VRF "default"

'*' denotes best ucast next-hop

'**' denotes best mcast next-hop

'[x/y]' denotes [preference/metric]

'%' in via output denotes VRF

100.42.0.0/16, ubest/mbest: 1/0, attached

*via 100.42.4.11, Eth1/1, [0/0], 1d04h, direct

100.42.4.11/32, ubest/mbest: 1/0, attached

*via 100.42.4.11, Eth1/1, [0/0], 1d04h, local

100.54.0.0/16, ubest/mbest: 1/0, attached

*via 100.54.4.12, Eth1/2, [0/0], 1d04h, direct

100.54.4.12/32, ubest/mbest: 1/0, attached

*via 100.54.4.12, Eth1/2, [0/0], 1d04h, local

110.0.0.2/32, ubest/mbest: 1/0

*via 100.42.2.11, [20/0], 1d02h, bgp-2, external, tag 1

110.0.0.3/32, ubest/mbest: 1/0

*via 100.42.2.11, [20/0], 1d02h, bgp-2, external, tag 1

110.0.0.4/32, ubest/mbest: 2/0, attached

*via 110.0.0.4, Lo0, [0/0], 1d04h, local

*via 110.0.0.4, Lo0, [0/0], 1d04h, direct

110.0.0.5/32, ubest/mbest: 1/0

*via 100.54.5.12, Eth1/2, [110/41], 00:40:49, ospf-2, intra

110.0.0.6/32, ubest/mbest: 1/0

*via 100.42.2.11, [20/0], 00:03:43, bgp-2, external, tag 1

s4# show ip bgp

BGP routing table information for VRF default, address family IPv4 Unicast

BGP table version is 12, Local Router ID is 110.0.0.4

Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best

Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i

njected

Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - b

est2

Network Next Hop Metric LocPrf Weight Path

*>e110.0.0.2/32 100.42.2.11 0 1 i

*>e110.0.0.3/32 100.42.2.11 0 1 i

*>l110.0.0.4/32 0.0.0.0 100 32768 i

*>e110.0.0.6/32 100.42.2.11 0 1 3 i

From s6 switch,

s6# show ip route

IP Route Table for VRF "default"

'*' denotes best ucast next-hop

'**' denotes best mcast next-hop

'[x/y]' denotes [preference/metric]

'%' in via output denotes VRF

100.63.0.0/16, ubest/mbest: 1/0, attached

*via 100.63.6.11, Eth1/1, [0/0], 1d04h, direct

100.63.6.11/32, ubest/mbest: 1/0, attached

*via 100.63.6.11, Eth1/1, [0/0], 1d04h, local

100.76.0.0/16, ubest/mbest: 1/0, attached

*via 100.76.6.12, Eth1/2, [0/0], 1d04h, direct

100.76.6.12/32, ubest/mbest: 1/0, attached

*via 100.76.6.12, Eth1/2, [0/0], 1d04h, local

110.0.0.2/32, ubest/mbest: 1/0

*via 100.63.3.11, [20/0], 1d02h, bgp-3, external, tag 1

110.0.0.3/32, ubest/mbest: 1/0

*via 100.63.3.11, [20/0], 1d02h, bgp-3, external, tag 1

110.0.0.4/32, ubest/mbest: 1/0

*via 100.63.3.11, [20/0], 00:10:28, bgp-3, external, tag 1

110.0.0.6/32, ubest/mbest: 2/0, attached

*via 110.0.0.6, Lo0, [0/0], 1d04h, local

*via 110.0.0.6, Lo0, [0/0], 1d04h, direct

110.0.0.7/32, ubest/mbest: 1/0

*via 100.76.7.12, Eth1/2, [110/41], 00:44:12, ospf-3, intra

s6# show ip bgp

BGP routing table information for VRF default, address family IPv4 Unicast

BGP table version is 15, Local Router ID is 110.0.0.6

Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best

Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i

njected

Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - b

est2

Network Next Hop Metric LocPrf Weight Path

*>e110.0.0.2/32 100.63.3.11 0 1 i

*>e110.0.0.3/32 100.63.3.11 0 1 i

*>e110.0.0.4/32 100.63.3.11 0 1 2 i

*>l110.0.0.6/32 0.0.0.0 100 32768 i

By these informations, I may send traffic each other. However, I can not. Please look at the below, I send the traffic from s4 to s6.

s4# ping 110.0.0.6 source-interface loopback 0

PING 110.0.0.6 (110.0.0.6): 56 data bytes

Request 0 timed out

--- 110.0.0.6 ping statistics ---

2 packets transmitted, 0 packets received, 100.00% packet loss

I have to check the routing table s2 and s3 also. They have also information.

s2# show ip route
110.0.0.4/32, ubest/mbest: 1/0
*via 100.42.4.11, [20/0], 1d03h, bgp-1, external, tag 2
110.0.0.6/32, ubest/mbest: 1/0
*via 110.0.0.3, [200/0], 00:09:44, bgp-1, internal, tag 3

s3# show ip route
110.0.0.4/32, ubest/mbest: 1/0
*via 110.0.0.2, [200/0], 00:14:14, bgp-1, internal, tag 2
110.0.0.6/32, ubest/mbest: 1/0
*via 100.63.6.11, [20/0], 1d02h, bgp-1, external, tag 3

Now, only s1 switch has been left. In s1 switch, I did not configure for BGP. Because of this, s1 can not get any information for s4 and s6. Now I will add static route simply on s1 switch.

s1(config)# ip route 110.0.0.4/32 110.0.0.2

s1(config)# ip route 110.0.0.5/32 110.0.0.2

s1(config)# ip route 110.0.0.6/32 110.0.0.3

s1(config)# ip route 110.0.0.7/32 110.0.0.3

After this configuration add, I can send the traffic

s4# ping 110.0.0.6 source-interface loopback 0

PING 110.0.0.6 (110.0.0.6): 56 data bytes

64 bytes from 110.0.0.6: icmp_seq=0 ttl=251 time=20.858 ms

64 bytes from 110.0.0.6: icmp_seq=1 ttl=251 time=12.801 ms

64 bytes from 110.0.0.6: icmp_seq=2 ttl=251 time=25.59 ms

64 bytes from 110.0.0.6: icmp_seq=3 ttl=251 time=13.339 ms

64 bytes from 110.0.0.6: icmp_seq=4 ttl=251 time=12.694 ms

--- 110.0.0.6 ping statistics ---

5 packets transmitted, 5 packets received, 0.00% packet loss

round-trip min/avg/max = 12.694/17.056/25.59 ms

Reference

[ 1 ] https://blog.naver.com/happy_jhyo/70151060540

[ 2 ] https://blog.naver.com/happy_jhyo/221284566856

[ 3 ] http://www.nnk.com.au/index.php?option=com_content&view=article&id=22:bgp-synchronization&catid=3:articles&Itemid=5

[ 4 ] https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/unicast/configuration/guide/l3_cli_nxos/l3_bgp.html

저작자표시 비영리 변경금지

'Network Engineering > Basic Learning' 카테고리의 다른 글

How to ECMP load-balancing for CISCO? (ECMP Hashing) (0)	2020.04.22
How does the OSPF cost work? (0)	2019.07.18
What is basic BGP community concept? (0)	2019.06.18
How does the multicast (PIM sparse mode) work with MSDP? (0)	2019.06.07
How SSL/TLS handshake can be done? (0)	2018.12.18

How to connect the CISCO Nexus with Ansible over GNS3 simply?

I want to deploy and send command to Cisco Nexus OS with this ansible. In fact, I do not have real hardware switch and router, therefore I will use GNS3 simualator for this.

1. Environments.

To produce this environment. I need CISCO Nexus and Ansible over GNS3. If I want to apply in real world, I will follow this instruction, which explan how to install ansible control node. In GNS3 marketplace, there is appliance which offer the feature for ansible. I will use this.

With this GNS3 appliance, I will produce this topology like below.

After configuration with above topology, I can login every switch/router with SSH like below.

In Network Automation host of GNS3, Ansible is pre-installed. I can verify the version like below. In my case, 2.7.11 is installed.

Now, I am ready to use ansible to deploy CISCO Nexus OS over GNS3.

2. Element of Ansible to use.

From this instruction, there are serveral elements to use ansible.

When I met these concepts as the network engineer, it is not simple to understand. In my opinions, "Control Node" is the machine to create command and transfer to the switch/router. "Managed Nodes" are the switch/router. Inventory is the list of switch/router to access, which has IP address and username. "Task" is the action which like "show verson" command. "Playbooks" is the group of the "Task". In ansible, there are 2 option to run, ansible and ansible-playbook. I will show detail later in this post.

3. Variable Syntax for Ini-stype and Yml formation.

In this middle of this instruction, there are syntax example. During create inventory or playbook, I will meet 2 types of files, ini-style and yml format. They have different format to define variable. In ini-sytpe, key=value is correct. In yml format, key:value is correct.

4. Create the Inventory file.

"Working with Inventory" and "Build Your Inventory" are instruction how to create Inventory file. This inventory file is the list of switch which can be access with IP address and username. In this inventory file, I can list per host and make group with hosts.

From here, I can verify "/etc/ansible" directory is used default. In this directory, there are 2 files and 1 directory. "ansible.cfg" is the global configuration file. "hosts" is the inventory file.

In this post, I will try to access CISCO Nexus for the network automation. To create Inventory file, I should know how to define the connection method to switch/router. In this instruction, some parameters are explained. At first, I need to how to method to connection. In my case, I will select "network_cli" which is made by "CLI over SSH".

Second, I need what kinds of OS type will be existed. In my case, I have to try to access CISCO Nexus, there It should be nxos.

If I use the "Catalyst", I may use "enable" command.

With these factors, I can create Inventory file like below. I want to make "gns3_datacenter" which has zone_core, zone_1 and zone 2 elements.

[gns3_datacenter]

[gns3_datacenter:children]
zone_core
zone_1
zone_2

[zone_core]
s_core ansible_host=100.25.2.15 ansible_network_os=nxos ansible_user=admin

[zone_1]
s1 ansible_host=100.23.3.13 ansible_network_os=nxos ansible_user=admin

[zone_2]
s2 ansible_host=100.24.4.14 ansible_network_os=nxos ansible_user=admin

[gns3_datacenter:vars]
ansible_connection=network_cli

":children" option is used to include element into the group. ":vars" option is used to define varaible such as ansibile host and ansible_connection. In this instruction, there are the behavioral inventory parameters

5. Create Password valut.

So far, I defined the host to access. However, the password part has still left. In ansible, there is the way to protect sensitive variable with ansible-vault such as password.

For this, I need to config file. In this "/etc/ansible/ansible.cfg", vault_password_file is commented. I need to change this part with what I want. In my case, "/etc/ansible/vault_password_file" is used.

After then, I will create vault_password_file with command below.

# echo "ansible_password" > /etc/ansible/vault_password_file

After I create this file, I will create encrypted password with this value.

# ansible-vault encrypt_string --vault-id admin@/etc/ansible/vault_password_file 'ansible' --name 'ansible_password'

# ansible-vault encrypt_string --vault-id <H/W username>@<vault_password_file Path> '<H/W password>' --name 'ansible_password'

I will meet this error. I have searched through google so many times. However, I can not find out why this is happen. However, I have to comment "vault_password_file" again in "/etc/ansible/ansible.cfg".

After comment, I can run command above. I will get result like below. Memorize this value. Please note un-comment "vault_password_file".

6. Organizing host and group variables

I create ansible password with vault. Now I need to add this parameter into the configuration. At this time, I will use "Organizing host and group variables" method. Because the password could be different each Hardware devices. In ansible, "group_vars/" and "host_vars/" will be used to define. Please read this instruction.

Now I will create "group_vars" directory and create file with "group name" in Inventory file. In my case, I will use "gns3_datacenter"

Now I will add the "ansible_password" above into "/etc/ansible/group_vars/gns3_datacenter"

7. Create Playbook to run command

In this ansible instruction, there is simple example. I will write like below.

root@NetworkAutomation-1:/etc/ansible# cat first_playbook.yml

- name: first playbook

hosts: gns3_datacenter

tasks:

- name: show version

nxos_command:

commands: show version

"hosts" parameter mean that group or host name in Inventory file. In the "tasks", I need to add module. In my case, I will use network module. This instruction will be helpful. In this example, I use "nxos_command" module. The below example come from "nxos_command".

8. Run Playbook.

I will run the playbook with "ansible-playbook" command. In these instructions, "Run your first network ansible command" and "Run the playbook with the command", It will be helpful.

ansible all -i vyos.example.net, -c network_cli -u my_vyos_user -k -m vyos_facts -e ansible_network_os=vyos

the host group(s) to which the command should apply (in this case, all)
the inventory (-i, the device or devices to target - without the trailing comma -i points to an inventory file)
the connection method (-c, the method for connecting and executing ansible)
the user (-u, the username for the SSH connection)
the SSH connection method (-k, please prompt for the password)
the module (-m, the ansible module to run)
an extra variable ( -e, in this case, setting the network OS value)

ansible-playbook -i vyos.example.net, -u ansible -k -e ansible_network_os=vyos first_playbook.yml

In my case, I will select second method. I can run the ansible-playbook like below.

9. Debug and Display Result.

I check everything is good. However, I can not view the result by the monitor. For this, I will use "debug" and "register" concept. Now, I will revise the playbook like below.

# cat first_playbook.yml

- name: first playbook

hosts: gns3_datacenter

tasks:

- name: show version

nxos_command:

commands: show version

register: message

- debug: var=message.stdout_lines

With red contents, I will get the result like below.

10. Troubleshooting

If I meet this error, I need to check the username and password.

To print out the result, I can meet "variable is not defined" message.

I will replace the "register" and "debug" part like below

- name: nxos_command

nxos_command:

commands: show version

register: message

- debug:

msg: "{{ message }}"

And then, I will get like this also.

Reference

[ 1 ] https://docs.gns3.com/appliances/cisco-nxosv9k.html

[ 2 ] https://www.youtube.com/watch?v=Pcksyle-roE

[ 3 ] https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-the-control-node

[ 4 ] https://docs.ansible.com/ansible/latest/network/getting_started/basic_concepts.html

[ 5 ] https://docs.ansible.com/ansible/latest/user_guide/intro_inventory.html

[ 6 ] https://docs.ansible.com/ansible/latest/network/getting_started/network_differences.html

[ 7 ] https://docs.ansible.com/ansible/latest/network/getting_started/first_playbook.html#create-and-run-your-first-network-ansible-playbook

[ 8 ] https://docs.ansible.com/ansible/latest/modules/list_of_network_modules.html

[ 9 ] https://docs.ansible.com/ansible/latest/modules/debug_module.html

[ 10 ] https://docs.ansible.com/ansible/latest/user_guide/playbooks_variables.html#registering-variables

저작자표시 비영리 변경금지

netgo

How does the OSPF cost work?

'Network Engineering > Basic Learning' 카테고리의 다른 글

How to work BGP synchronize and next hop self with Nexus?

'Network Engineering > Basic Learning' 카테고리의 다른 글

How to connect the CISCO Nexus with Ansible over GNS3 simply?

Reference

+ Recent posts

티스토리툴바