Ping comonent parts of a multi link PPP bundle

It is helpful to put IP addresses on the component T1s of a MLPPP bundle for testing individual links. BUT if you just put the IP address on the link, it does not show up in the routing table. in order to make it work you have to add a static route pointing to the interface itself https://supportforums.cisco.com/thread/2068848 This appears to be normal behavior but to allow for the serial interfaces to show in the routing table you will have to add a static route on the router pointing to the interface, eg: ip route 172.27.3.0 255.255.255.252 Serial0/0/0:0

strong host/weak host

One problem when you multihome and you do selective routing (the default gateway is NOT configured on all interfaces) say multiple VRFs is a deal called strong host/weak host. It can prevent one of the NIC from responding from pings from the rest of the network even if it does work in its VRF. http://technet.microsoft.com/en-us/magazine/2007.09.cableguy.aspx The default for windows 2008 is called strong host, that means that you cannot send a packet with a source IP address different than the IP address of the interface. Since we are trying to ping a backup VRF ip address from outside the backup vrf, the host has to send the ping reply out the public interface and strong host will not allow that. Could be the setting got lost in the standard build. to fix netsh interface ipv4 set interface [InterfaceNameOrIndex] weakhostsend=enabled

remember routes have masks

in a couple of previous posts (bgp and old loopbacks never die), I hinted that routers allow routes with overlapping masks and will display longer mask routes by default. For example **sho ip route 10.40.0.97 Routing entry for 10.32.0.0/11 Known via "bgp 65013", distance 20, metric 0 you see the /11 summary however you can add the subnet mask sho ip route 10.40.0.97 255.255.255.255 % Subnet not in table to get a more accurate view. It is important to closely examine the results of a display to see what route is REALLY there, as was described in the loopback post routers will have a /30 and a /32 that overlap. So use the subnet mask in the route display if it is important.

OSPF route redistribution gotcha

An often fogotten rule in OSPF is that in order to redistribute a route, the next hop must be an INTERNAL route in ospf. If you point to an interface that does not have a network statement or you did redistribute connected because you know that interface would not have any OSPF neighbors, the prefix would sho up in the sho ip ospf data BUT would not have the routing bit set so would not be redistributed.

Getting BGP to send routes

While getting a route advertiesed in an IGP like OSPF is pretty simple, getting it into BGP or redistributed can be a little more tricky. Routing process are event driven that is something has to happen to force the router (or L3 switch) to scan the tables. If you say add a network statement in BGP for a route that already exists, it may not go out to the rest of the network for awhile. This can usually be fixed with a clear ip bgp soft out but it is better to follow the following rule. Before bringing up an interface or adding a default route, make sure that all the the routing protocol configuration is in place BEFORE, so if you have a ACL on your redistribution statement, update the ACL, add any network statements you need on the routing protocol configurations, update route maps if needed. THEN bring up the interface, add the IP address to the SVI, or add the new static route. Those are events that will drive the routing protocol. Finally not everything is done in BGP by clearing a neighbor soft out, there are courner cases where the routeing logic is not fully driven. In that case shut/no shut, or remove and add is needed.

sho ip bgp will give you an entry for the default route

Was trying to troubleshoot a route distribution problem and would do a sho ip bgp for a prefix. Would see the BGP entry BUT if there is a default route, it gives you the entry for the default route not the prefix you might be looking for see below. Note you see an entry but unless you notice that the entry is for 0.0.0.0/0 you think the prefix is in BGP but its really not. rdc-all-rt100> sho ip bgp 167.127.100.0 BGP routing table entry for 0.0.0.0/0, version 4693022 Paths: (5 available, best #4, table default, RIB-failure(17) - next-hop mismatch) Multipath: eBGP Advertised to update-groups: 5 10 41 47 13979 64998

verfiy firewall rules with telnet

Often you need to check does a firewall rule work. You can do this with telnet to the port number but you have to remember that the source interface used by the telnet will be the IP address of the next hop interface. In some versions of ios you can put a /source in the telnet command then if your firewall rule is an entire subnet you can at lest test TCP connections see below for a working example woodridge1-mdf-rsw1>telnet 174.137.37.108 14002 /source vlan200 Trying 174.137.37.108, 14002 ... Open myMethod=keepAlivemyMethod=keepAlivemyMethod=keepAlivemyMethod=keepAlivemyMethod=keepAlive^CmyMethod=keepAlivemyMethod=keepAlive^C