Sumarización OSPF y la interface null
Fecha: 20 de marzo del
2023
Escenario
Este scenario es una continuación del anterior, y que
analiza un detalle en la tabla de enrutamiento del router ABR al momento de
sumarizar hacia el área 0, ya que genera una ruta
sumarizada en su propia tabla con next-hop a una ruta null, que es básicamente
un “agujero negro” que se traga todo el tráfico
que le llega (es más elegante decir un bit bucket).
Esta particularidad se detalla en la currícula de
CCNA R&S en EIGRP, realizamos este lab por dos motivos: uno porque en OSPF
no es común de ver sumarizaciones y el otro
porque en Packet Tracer esto no sucede. Vamos y vemos….
Agregamos al escenario una ruta por default vía
el router de backbone que está en el área 0 y que tiene una mejor métrica que
el
ASBR del escenario anterior, esto es para
verificar el efecto de la falta de ruta null en caso de eliminarla.
1.- Verificación antes de
sumarizar:
RT-ABR#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP
external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type
1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1,
E2 - OSPF external type 2
i - IS-IS, su - IS-IS
summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * -
candidate default, U - per-user static route
o - ODR, P - periodic
downloaded static route, H - NHRP, l - LISP
+ - replicated route, % -
next hop override
Gateway of last resort is 192.168.1.2 to network 0.0.0.0
O*E1 0.0.0.0/0 [110/2] via 10.0.0.2,
00:01:14, Vlan1000 (vía RT-Backbone)
10.0.0.0/8 is variably subnetted, 2 subnets,
2 masks
C 10.0.0.0/24 is directly
connected, Vlan1000
L 10.0.0.1/32 is directly
connected, Vlan1000
192.168.1.0/24 is variably
subnetted, 2 subnets, 2 masks (no existe ruta a 192.168.0.0/21)
C 192.168.1.0/24 is directly
connected, Vlan1
L 192.168.1.1/32 is directly
connected, Vlan1
192.168.2.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.2.0/24 is directly
connected, Vlan2
L 192.168.2.1/32 is directly
connected, Vlan2
192.168.3.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.3.0/24 is directly
connected, Vlan3
L 192.168.3.1/32 is directly
connected, Vlan3
192.168.4.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.4.0/24 is directly
connected, Vlan4
L 192.168.4.1/32 is directly
connected, Vlan4
192.168.5.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.5.0/24 is directly
connected, Vlan5
L 192.168.5.1/32 is directly
connected, Vlan5
192.168.6.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.6.0/24 is directly
connected, Vlan6
L 192.168.6.1/32 is directly
connected, Vlan6
192.168.7.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.7.0/24 is directly
connected, Vlan7
L 192.168.7.1/32 is directly
connected, Vlan7
192.168.8.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.8.0/24 is directly
connected, Vlan8
L 192.168.8.1/32 is directly
connected, Vlan8
RT-ABR#
2.- Activamos el debug de la
tabla de enrutamiento:
RT-ABR#debug ip routing
IP routing debugging is on
RT-ABR#
3.- Configuramos la
sumarización:
RT-ABR#conf t
Enter configuration commands, one per line. End with CNTL/Z.
RT-ABR(config)#router ospf 1
RT-ABR(config-router)#area 1 range 192.168.0.0 255.255.248.0
RT-ABR(config-router)#end
RT-ABR#
4.- Verificamos en el debug:
RT-ABR#
Mar 20 15:47:13.636: RT: updating ospf 192.168.0.0/21 (0x0) :
via 0.0.0.0 Nu0 0 1048578
Mar 20 15:47:13.636: RT: add 192.168.0.0/21 via
0.0.0.0, ospf metric [110/1]
Mar 20 15:47:13.636: RT: updating ospf 0.0.0.0/0 (0x0) :
via 192.168.1.2 Vl1 0 1048578
Mar 20 15:47:13.636: RT: closer admin distance for 0.0.0.0, flushing 1 routes
Mar 20 15:47:13.636: RT: add 0.0.0.0/0 via
192.168.1.2, ospf metric [110/1]
RT-ABR#
5.- Verificamos en la tabla:
Observamos que existe una ruta las redes
sumarizadas, similar a la que recibe RT-Backbone, pero que no entra en acción
(léase enruta paquetes) mientras existan rutas /24
a cada una de las redes que ella incluye, ya que ganan por ser rutas más
específicas, o sea con la máscara con mayor
cantidad de bits.
RT-ABR#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP
external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type
1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1,
E2 - OSPF external type 2
i - IS-IS, su - IS-IS
summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * -
candidate default, U - per-user static route
o - ODR, P - periodic
downloaded static route, H - NHRP, l - LISP
+ - replicated route, % -
next hop override
Gateway of last resort is 10.0.0.2
to network 0.0.0.0
O*E1 0.0.0.0/0 [110/2] via 10.0.0.2, 00:01:14, Vlan1000
10.0.0.0/8 is variably
subnetted, 2 subnets, 2 masks
C 10.0.0.0/24 is directly
connected, Vlan1000
L 10.0.0.1/32 is directly
connected, Vlan1000
O 192.168.0.0/21 is a
summary, 01:59:22, Null0
192.168.1.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly
connected, Vlan1
L 192.168.1.1/32 is directly
connected, Vlan1
192.168.2.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.2.0/24 is directly
connected, Vlan2
L 192.168.2.1/32 is directly
connected, Vlan2
192.168.3.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.3.0/24 is directly
connected, Vlan3
L 192.168.3.1/32 is directly
connected, Vlan3
192.168.4.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.4.0/24 is directly
connected, Vlan4
L 192.168.4.1/32 is directly
connected, Vlan4
192.168.5.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.5.0/24 is directly
connected, Vlan5
L 192.168.5.1/32 is directly
connected, Vlan5
192.168.6.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.6.0/24 is directly
connected, Vlan6
L 192.168.6.1/32 is directly
connected, Vlan6
192.168.7.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.7.0/24 is directly
connected, Vlan7
L 192.168.7.1/32 is directly
connected, Vlan7
192.168.8.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.8.0/24 is directly
connected, Vlan8
L 192.168.8.1/32 is directly
connected, Vlan8
RT-ABR#
6.- Verificamos
conectividad:
RT-Backbone#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
RT-Backbone#
7.- Generamos/simulamos la
caída de una de las redes sumarizadas:
RT-ABR#conf t
Enter configuration commands, one per line. End with CNTL/Z.
RT-ABR(config)#int vlan 2
RT-ABR(config-if)#shut
RT-ABR(config-if)#end
RT-ABR#
Mar 20 15:49:52.448: %LINK-5-CHANGED: Interface Vlan2, changed state to
administratively down
Mar 20 15:49:52.452: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Vlan2, changed state to down
RT-ABR#
8.- Verificamos en la tabla:
RT-ABR#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP
external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type
1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1,
E2 - OSPF external type 2
i - IS-IS, su - IS-IS
summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * -
candidate default, U - per-user static route
o - ODR, P - periodic
downloaded static route, H - NHRP, l - LISP
+ - replicated route, % -
next hop override
Gateway of last resort is 10.0.0.2 to network 0.0.0.0
O*E1 0.0.0.0/0
[110/2] via 10.0.0.2, 00:01:14, Vlan1000
10.0.0.0/8 is variably
subnetted, 2 subnets, 2 masks
C 10.0.0.0/24 is directly
connected, Vlan1000
L 10.0.0.1/32 is directly
connected, Vlan1000
O 192.168.0.0/21 is a
summary, 01:59:22, Null0
192.168.1.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly
connected, Vlan1
L 192.168.1.1/32 is directly
connected, Vlan1
192.168.3.0/24 is variably
subnetted, 2 subnets, 2 masks (no existe ruta a 192.168.2.0/24)
C 192.168.3.0/24 is directly
connected, Vlan3
L 192.168.3.1/32 is directly
connected, Vlan3
192.168.4.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.4.0/24 is directly
connected, Vlan4
L 192.168.4.1/32 is directly
connected, Vlan4
192.168.5.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.5.0/24 is directly
connected, Vlan5
L 192.168.5.1/32 is directly
connected, Vlan5
192.168.6.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.6.0/24 is directly
connected, Vlan6
L 192.168.6.1/32 is directly
connected, Vlan6
192.168.7.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.7.0/24 is directly
connected, Vlan7
L 192.168.7.1/32 is directly
connected, Vlan7
192.168.8.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.8.0/24 is directly
connected, Vlan8
L 192.168.8.1/32 is directly
connected, Vlan8
RT-ABR#
9.- Verificamos
conectividad:
RT-ABR#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
RT-Backbone#
Bien, hasta aquí solo descubrimos que si bajamos
la pata de la red 2 el ping no contesta (sarcasmo), vayamos a una prueba mas
real:
10.- Prueba con un trace:
C:\>tracert 192.168.2.1
Traza a
192.168.2.1 sobre caminos de 30 saltos como máximo.
1 1
ms <1 ms <1 ms 10.0.0.2 (el router RT-Backbone)
2 *
* * Tiempo de espera agotado para esta
solicitud. 2 (el router ABR y el paquete muere)
3
* * *
Tiempo de espera agotado para esta solicitud
4 * *
^C
Podemos verificar que el resultado es el mismo,
la pata 2 o una IP de la red 2 no contestaría simplemente porque se va por la
ruta nula.
11.- Configurando la interface
nula:
La única configuración que podemos realizarle a
una interface nula es que envíe mensajes ICMP unreachables al origen, por
default no
realiza ningún tipo de aviso de que el paquete se
va al cielo.
11.1.- Generamos un ping a
192.168.2.1:
C:\>ping 192.168.2.1
Pinging 192.168.2.1 with 32 bytes of data:
Request timed out.
Request timed out.
11.2.- Verificamos:
De los tres paquetes el primero el ping sale por
el router RT-Backbobe que es el Gateway de la PC, el segundo es la redirección
al Gateway
que anuncia la red 192.168.2.0, o sea RT-ABR, el
tercero el ping sale realmente hacia RT-ABR y nunca llega a destino ni tiene
respuesta de
ningún tipo (tiempo de espera agotado, destination
unreachable, etc…)
11.3.- Configuramos el aviso
ICMP unreachable:
RT-ABR#conf t
Enter configuration commands, one per line. End with CNTL/Z.
RT-ABR(config)#int null0
RT-ABR(config-if)#ip unreachables
RT-ABR(config-if)#exit
RT-ABR(config)#
El resultado fué el mismo, ninguna respuesta de
parte de la interface nula, en un foro (no de la página de Cisco) encontré que alguien
mencionaba
Que el aviso se envía si existe una ruta estática
a la ruta nula, por lo que debemos verificar si esto puede ser correcto.
11.4.- Configuramos una ruta
estática a la ruta nula:
Configuramos una ruta similar a la ruta resumen
OSPF y es esta la que entrará como activa en la tabla por mejor distancia administrativa.
RT-ABR#conf t
Enter configuration commands, one per line. End with CNTL/Z.
RT-ABR(config)#ip route 192.168.0.0 255.255.248.0 null0
RT-ABR(config)#end
RT-ABR#
11.5.- Verificamos en la tabla:
RT-ABR#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP
external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type
1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1,
E2 - OSPF external type 2
i - IS-IS, su - IS-IS
summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * -
candidate default, U - per-user static route
o - ODR, P - periodic
downloaded static route, H - NHRP, l - LISP
+ - replicated route, % -
next hop override
Gateway of last resort is 10.0.0.2 to network 0.0.0.0
O*E1 0.0.0.0/0
[110/2] via 10.0.0.2, 23:17:57, Vlan1000
10.0.0.0/8 is variably
subnetted, 2 subnets, 2 masks
C 10.0.0.0/24 is directly
connected, Vlan1000
L 10.0.0.1/32 is directly
connected, Vlan1000
S 192.168.0.0/21 is directly
connected, Null0
192.168.1.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly
connected, Vlan1
L 192.168.1.1/32 is directly
connected, Vlan1
192.168.3.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.3.0/24 is directly
connected, Vlan3
L 192.168.3.1/32 is directly
connected, Vlan3
192.168.4.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.4.0/24 is directly
connected, Vlan4
L 192.168.4.1/32 is directly
connected, Vlan4
192.168.5.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.5.0/24 is directly
connected, Vlan5
L 192.168.5.1/32 is directly
connected, Vlan5
192.168.6.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.6.0/24 is directly
connected, Vlan6
L 192.168.6.1/32 is directly
connected, Vlan6
192.168.7.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.7.0/24 is directly
connected, Vlan7
L 192.168.7.1/32 is directly
connected, Vlan7
192.168.8.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.8.0/24 is directly
connected, Vlan8
L 192.168.8.1/32 is directly
connected, Vlan8
RT-ABR#
11.6.- Generamos un ping a
192.168.2.1:
C:\>ping 192.168.2.1
Pinging 192.168.2.1 with 32 bytes of data:
Request timed out. (podemos ver
que la aplicación ping no muestra destination unreachable)
Request timed out.
Request timed out.
Request timed out.
11.7.- Verificamos:
No siempre la interface nula envió los mensajes, no
se encontró un patrón de N pings / N respuestas, sino que fueron aleatorias.
12.- Quitamos la ruta estática
de resumen a la interface nula:
Volvamos a la función que cumple la ruta de resumen
hacia la interface nula, primero quitamos la ruta estática del punto anterior.
RT-ABR(config)#no ip route 192.168.0.0 255.255.248.0 null0
RT-ABR(config)#
12.1.- Desactivamos la ruta de
resumen OSPF:
RT-ABR#conf t
Enter configuration commands, one per line. End with CNTL/Z.
RT-ABR(config)#router ospf 1
RT-ABR(config-router)#no discard-route internal
RT-ABR(config-router)#end
RT-ABR#
12.2.- Verificamos:
RT-ABR#
Mar 20 15:58:19.881: RT: delete route to 0.0.0.0/0
Mar 20 15:58:19.881: RT: default path has been cleared
Mar 20 15:58:19.881: RT: delete route to
192.168.0.0/21 (elimina la
ruta nula)
Mar 20 15:58:19.881: RT: updating ospf 0.0.0.0/0 (0x0) :
via 10.0.0.2 Vl1000 0 1048578
Mar 20 15:58:19.881: RT: add 0.0.0.0/0 via
10.0.0.2, ospf metric [110/2]
Mar 20 15:58:19.881: RT: default path is now
0.0.0.0 via 10.0.0.2 (confirma
que utilizará la ruta por defecto en caso
RT-ABR#
de no encontrar rutas válidas a un destino)
12.3.- Verificamos en la
tabla:
RT-ABR#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP
external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type
1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1,
E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS
level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * -
candidate default, U - per-user static route
o - ODR, P - periodic
downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next
hop override
Gateway of last resort is 10.0.0.2 to network 0.0.0.0
O*E1 0.0.0.0/0 [110/2] via 10.0.0.2, 00:00:09, Vlan1000
10.0.0.0/8 is variably
subnetted, 2 subnets, 2 masks
C 10.0.0.0/24 is directly
connected, Vlan1000
L 10.0.0.1/32 is directly
connected, Vlan1000
192.168.1.0/24 is variably
subnetted, 2 subnets, 2 masks (no existe ruta a 192.168.0.0/21)
C 192.168.1.0/24 is directly
connected, Vlan1
L 192.168.1.1/32 is directly
connected, Vlan1
192.168.3.0/24 is variably
subnetted, 2 subnets, 2 masks (no existe ruta a 192.168.2.0/24)
C 192.168.3.0/24 is directly
connected, Vlan3
L 192.168.3.1/32 is directly
connected, Vlan3
192.168.4.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.4.0/24 is directly
connected, Vlan4
L 192.168.4.1/32 is directly
connected, Vlan4
192.168.5.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.5.0/24 is directly
connected, Vlan5
L 192.168.5.1/32 is directly
connected, Vlan5
192.168.6.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.6.0/24 is directly
connected, Vlan6
L 192.168.6.1/32 is directly
connected, Vlan6
192.168.7.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.7.0/24 is directly
connected, Vlan7
L 192.168.7.1/32 is directly
connected, Vlan7
192.168.8.0/24 is variably
subnetted, 2 subnets, 2 masks
C 192.168.8.0/24 is directly
connected, Vlan8
L 192.168.8.1/32 is directly
connected, Vlan8
RT-ABR#
12.4.- Verificamos con un
trace:
C:\>tracert 192.168.2.1
Traza a 192.168.2.1 sobre caminos de 30 saltos como máximo.
1 4
ms 2 ms 1 ms 10.0.0.2 (RT-Backbone
via default route)
2 1
ms <1 ms <1 ms 10.0.0.1 (RT-ABR via default summary route)
3 1
ms 5 ms 1 ms 10.0.0.2 (RT-Backbone
via default route)
4 3
ms 3 ms 6 ms 10.0.0.1 (RT-ABR via default summary route)
5 2
ms 2 ms 1 ms 10.0.0.2 (RT-Backbone via default route)
6 2
ms 3 ms 3 ms 10.0.0.1 …etc…
7 2 ms
2 ms 2 ms 10.0.0.2
8 3 ms
3 ms 3 ms 10.0.0.1
9
2 ms
2 ms 2 ms 10.0.0.2
10 3 ms
3 ms 4 ms 10.0.0.1
11 3 ms
2 ms 2 ms 10.0.0.2
12 5 ms
4 ms 4 ms 10.0.0.1
13 5 ms
3 ms 15 ms 10.0.0.2
14 6 ms
6 ms 5 ms 10.0.0.1
15 4 ms
3 ms 3 ms 10.0.0.2
16 5 ms
6 ms 6 ms 10.0.0.1
17 30 ms
13 ms 4 ms 10.0.0.2
18 5 ms
6 ms 10 ms 10.0.0.1
19 7 ms
6 ms 6 ms 10.0.0.2
20 5 ms
5 ms 6 ms 10.0.0.1
21 5 ms
5 ms 5 ms 10.0.0.2
22 7 ms
6 ms 6 ms 10.0.0.1
23 5 ms
5 ms 5 ms 10.0.0.2
24 8 ms
11 ms 6 ms 10.0.0.1
25 6 ms
5 ms 5 ms 10.0.0.2
26 8 ms
6 ms 8 ms 10.0.0.1
27 6 ms
6 ms 6 ms 10.0.0.2
28 13 ms
8 ms 7 ms 10.0.0.1
29 7 ms
6 ms 6 ms 10.0.0.2
30 7 ms
8 ms 8 ms 10.0.0.1 (los 30 saltos que menciona el enunciado)
Traza completa.
13.- Verificamos en Packet
Tracer:
En Packet Tracer no tenemos esta funcionalidad,
no quiere decir que PT sea una mala herramienta por no tenerla, debemos
afirmar que para estudiar CCNA es una herramienta
formidable, aunque no deja de ser una animación y no algo fiel.
(2023) Unmasking a packet
killer
Rosario, Argentina