Company ABC has multiple buildings (A, B, C and D) and two internet connections to ISP-1 (in Building-B) and ISP-2 (in Building-C). Building-A has a CORE router connected to the Border Router in Building-B (BR-B).
Both BR-B and BR-C receive a default route via eBGP from the ISPs and are configured identically to inject it into the OSPF Area 0 that covers all internal routers as shown in the diagram below:
As you can see,
At this time, connectivity to the Internet (eg. 34.34.34.4) is working fine:
CORE-A#traceroute 34.34.34.4 Type escape sequence to abort. Tracing the route to 34.34.34.4 1 192.168.15.1 24 msec 48 msec 8 msec 2 1.1.1.1 32 msec 124 msec 40 msec 3 34.34.34.4 88 msec * 68 msec CORE-A#
Note that each BR performs NAT Overload on outside interface s0/0 (but this does not affect the quiz)!
At some moment, the link to ISP-1 (1.1.1.1) is brought down as the ISP requires some maintenance on the circuit. You assume that everything will work fine since traffic will reach internet via BR-C -> ISP-2 (2.2.2.2). Unfortunatelly, you soon find out that this is not the case:
CORE-A#traceroute 34.34.34.4 Type escape sequence to abort. Tracing the route to 34.34.34.4 1 192.168.15.1 52 msec 40 msec 36 msec2 192.168.15.1 !H * !H CORE-A#
Routing and OSPF database for Area 0 look fine:
CORE-A#sh ip ospf data ... Type-5 AS External Link States Link ID ADV Router Age Seq# Checksum Tag0.0.0.0 192.168.12.2 664 0x80000003 0x00CA6E 1 0.0.0.0 192.168.15.1 1114 0x80000002 0x00BD7A 1 CORE-A# CORE-A#sh ip route ospf ...O*E2 0.0.0.0/0 [110/1] via 192.168.15.1, 00:51:22, FastEthernet0/0 CORE-A#
What is the problem ?
DEVICES' CONFIGURATIONS:
hostname CORE-A
!
!
!
interface FastEthernet0/0
ip address 192.168.15.5 255.255.255.0
speed 100
full-duplex
!
!
router ospf 1
log-adjacency-changes
network 192.168.0.0 0.0.255.255 area 0
!
!
!
hostname BR-B
!
!
!
interface FastEthernet0/0
ip address 192.168.12.1 255.255.255.0
ip nat inside
ip virtual-reassembly
speed 100
full-duplex
!
interface Serial0/0
ip address 1.1.1.2 255.255.255.252
ip nat outside
ip virtual-reassembly
clock rate 2000000
!
interface FastEthernet0/1
ip address 192.168.15.1 255.255.255.0
ip nat inside
ip virtual-reassembly
speed 100
full-duplex
!
router ospf 1
log-adjacency-changes
network 192.168.0.0 0.0.255.255 area 0
default-information originate always
!
router bgp 65001
no synchronization
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 100
no auto-summary
!
ip nat inside source list ACL_NAT interface Serial0/0 overload
!
ip access-list standard ACL_NAT
permit 192.168.0.0 0.0.255.255
!
!
hostname BR-C
!
!
interface FastEthernet0/0
ip address 192.168.12.2 255.255.255.0
ip nat inside
ip virtual-reassembly
speed 100
full-duplex
!
interface Serial0/0
ip address 2.2.2.1 255.255.255.252
ip nat outside
ip virtual-reassembly
clock rate 2000000
!
!
router ospf 1
log-adjacency-changes
network 192.168.0.0 0.0.255.255 area 0
default-information originate always
!
router bgp 65001
no synchronization
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 200
no auto-summary
!
ip nat inside source list ACL_NAT interface Serial0/0 overload
!
ip access-list standard ACL_NAT
permit 192.168.0.0 0.0.255.255
!
!
!
hostname ISP-1
!
!
interface FastEthernet0/0
ip address 34.34.34.3 255.255.255.0
speed 100
full-duplex
!
interface Serial0/0
ip address 1.1.1.1 255.255.255.252
clock rate 512000
!
!
router bgp 100
no synchronization
bgp log-neighbor-changes
neighbor 1.1.1.2 remote-as 65001
neighbor 1.1.1.2 default-originate
neighbor 34.34.34.4 remote-as 200
no auto-summary
!
ip route 2.2.2.0 255.255.255.252 34.34.34.4
!
!
hostname ISP-2
!
!
interface FastEthernet0/0
ip address 34.34.34.4 255.255.255.0
speed 100
full-duplex
!
interface Serial0/0
ip address 2.2.2.2 255.255.255.252
clock rate 512000
!
router bgp 200
no synchronization
bgp log-neighbor-changes
neighbor 2.2.2.1 remote-as 65001
neighbor 2.2.2.1 default-originate
neighbor 34.34.34.3 remote-as 100
no auto-summary
!
ip route 1.1.1.0 255.255.255.252 34.34.34.3
!
!
!
Post your answer in the ‘Comments’ section below and subscribe to this blog to get the detailed solution and more interesting quizzes.
Costi is a network and security engineer with over 10 years of experience in multi-vendor environments. He holds a CCIE Routing and Switching certification and is currently pursuing same expert-level certifications in other areas. He believes that the best way to learn and understand networking topics is to challenge yourself to fix different problems, production-wise or lab-type exams. He also enjoys teaching networking and security technologies, whevever there is an opportunity for it.
Comments
comments powered by Disqus