viernes, 15 de mayo de 2009

OSPF y MTU

Posted by Nicolas | viernes, 15 de mayo de 2009 | Category: , , |

Bueno, del post anterior queda la inquietud de para qué preocuparse de las diferencias de MTU si el protocolo IP permite la fragmentación, cierto?. Bueno, a continuación veremos un ejemplo donde se manifiesta en una sencilla configuración de OSPFv2 (RFC 2328, deja obsoletos: 2178/1583/1247/1131). Más adelante mostraremos un ejemplo de pings fragmentados.

Aprovechando la topología anterior configuramos OSPF en P1R1 y P1R2.

P1R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
P1R1(config)#router ospf 1
P1R1(config-router)#network 10.0.0.0 0.255.255.255 area 0

No olvidar que tenemos limitado el tamaño de los paquetes IP en la interface FastEthernet0/1 de P1R2.

P1R2#sh run int f0/1
Building configuration...

Current configuration : 105 bytes
!
interface FastEthernet0/1
ip address 10.1.0.2 255.255.255.0
ip mtu 1498
speed 100
full-duplex
end

Continuamos configurando ahora con P1R2.

P1R2#terminal monitor
P1R2#debug ip ospf adj
OSPF adjacency events debugging is on
P1R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
P1R2(config)#router ospf 1
P1R2(config-router)#network 10.0.0.0 0.255.255.255 area 0
P1R2(config-router)#
23:27:03: OSPF: Interface FastEthernet0/0 going Up
23:27:03: OSPF: Interface FastEthernet0/1 going Up
23:27:04: OSPF: Build router LSA for area 0, router ID 2.2.2.2, seq 0x80000001
23:27:05: OSPF: 2 Way Communication to 1.1.1.1 on FastEthernet0/1, state 2WAY
23:27:05: OSPF: Backup seen Event before WAIT timer on FastEthernet0/1
23:27:05: OSPF: DR/BDR election on FastEthernet0/1
23:27:05: OSPF: Elect BDR 2.2.2.2
23:27:05: OSPF: Elect DR 1.1.1.1
23:27:05: OSPF: Elect BDR 2.2.2.2
23:27:05: OSPF: Elect DR 1.1.1.1
23:27:05:        DR: 1.1.1.1 (Id)   BDR: 2.2.2.2 (Id)
23:27:05: OSPF: Send DBD to 1.1.1.1 on FastEthernet0/1 seq 0x1E27 opt 0x42 flag 0x7 len 32
23:27:05: OSPF: Rcv DBD from 1.1.1.1 on FastEthernet0/1 seq 0xC4 opt 0x42 flag 0x7 len 32  mtu 1500 state EXSTART
23:27:05: OSPF: Nbr 1.1.1.1 has larger interface MTU
P1R2(config-router)#
23:27:05: OSPF: Rcv DBD from 1.1.1.1 on FastEthernet0/1 seq 0x1E27 opt 0x42 flag 0x2 len 52  mtu 1500 state EXSTART
23:27:05: OSPF: Nbr 1.1.1.1 has larger interface MTU
P1R2(config-router)#
23:27:10: OSPF: Send DBD to 1.1.1.1 on FastEthernet0/1 seq 0x1E27 opt 0x42 flag 0x7 len 32
23:27:10: OSPF: Retransmitting DBD to 1.1.1.1 on FastEthernet0/1 [1]
23:27:10: OSPF: Rcv DBD from 1.1.1.1 on FastEthernet0/1 seq 0x1E27 opt 0x42 flag 0x2 len 52  mtu 1500 state EXSTART
23:27:10: OSPF: Nbr 1.1.1.1 has larger interface MTU
P1R2(config-router)#

P1R2#sh ip ospf nei

Neighbor ID     Pri   State           Dead Time   Address         Interface
1.1.1.1           1   EXSTART/DR      00:00:36    10.1.0.1        FastEthernet0/1

Se puede ver que la adjacencia se ha quedado estancada en el estado de EXSTART, en el cual el router y su vecino establecen una relación maestro/esclavo que determina la secuencia incial para el intercabio de los paquetes de Database Description (DD) y así dar pie a la transferencia de paquetes Link State Request/Link State Update y así asegurar ambos tengan idéntica información en sus link state databases (tercera fase del establecimiento de adjacencias).

Pero por qué el proceso no continua?. Básicamente por lo que señala el RFC (10.6); "If the Interface MTU field in the Database Description packet indicates an IP datagram size that is larger than the router can accept on the receiving interface without fragmentation, the Database Description packet is rejected", o sea que si el campo de MTU en el header del paquete de Database Description indica que la MTU es mayor a lo que que la interface que recibe el paquete puede procesar sin fragmentar, el paquete es descartado por ende no se produce el acknowledgment necesario para la sincronización de los DD sequence number.

Cómo se soluciona?. Dos formas:

1. Modificar la MTU de los paquetes IP (no siempre es posible modificar la MTU física)

P1R2(config-router)#interface FastEthernet0/1
P1R2(config-if)#no ip mtu 1498
P1R2(config-if)#
23:27:20: OSPF: Send DBD to 1.1.1.1 on FastEthernet0/1 seq 0x1E27 opt 0x42 flag 0x7 len 32
23:27:20: OSPF: Retransmitting DBD to 1.1.1.1 on FastEthernet0/1 [3]
23:27:20: OSPF: Rcv DBD from 1.1.1.1 on FastEthernet0/1 seq 0x1E27 opt 0x42 flag 0x2 len 52  mtu 1500 state EXSTART
23:27:20: OSPF: NBR Negotiation Done. We are the MASTER
23:27:20: OSPF: Send DBD to 1.1.1.1 on FastEthernet0/1 seq 0x1E28 opt 0x42 flag 0x3 len 52
23:27:20: OSPF: Database request to 1.1.1.1
23:27:20: OSPF: sent LS REQ packet to 10.1.0.1, length 12
23:27:20: OSPF: Rcv DBD from 1.1.1.1 on FastEthernet0/1 seq 0x1E28 opt 0x42 flag 0x0 len 32  mtu 1500 state EXCHANGE
23:27:20: OSPF: Send DBD to 1.1.1.1 on FastEthernet0/1 seq 0x1E29 opt 0x42 flag 0x1 len 32
23:27:20: OSPF: Rcv DBD from 1.1.1.1 on FastEthernet0/1 seq 0x1E29 opt 0x42 flag 0x0 len 32  mtu 1500 state EXCHANGE
23:27:20: OSPF: Exchange Done with 1.1.1.1 on FastEthernet0/1
23:27:20: OSPF: Synchronized with 1.1.1.1 on FastEthernet0/1, state FULL
23:27:20: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on FastEthernet0/1 from LOADING to FULL, Loading Done
P1R2(config-if)#
23:27:20: OSPF: Build router LSA for area 0, router ID 2.2.2.2, seq 0x80000002
P1R2(config-if)#
23:27:43: OSPF: end of Wait on interface FastEthernet0/0
23:27:43: OSPF: DR/BDR election on FastEthernet0/0
23:27:43: OSPF: Elect BDR 2.2.2.2
23:27:43: OSPF: Elect DR 2.2.2.2
23:27:43: OSPF: Elect BDR 0.0.0.0
23:27:43: OSPF: Elect DR 2.2.2.2
23:27:43:        DR: 2.2.2.2 (Id)   BDR: none
23:27:44: OSPF: No full nbrs to build Net Lsa for interface FastEthernet0/0
P1R2(config-if)#

2. Configurar ip ospf mtu-ignore en la interface que presenta la limitación de MTU.

P1R2(config-if)#router ospf 1           
P1R2(config-router)#network 10.0.0.0 0.255.255.255 area 0
P1R2(config-router)#
!!!Output omitido por simplicidad
23:33:25: OSPF: Rcv DBD from 1.1.1.1 on FastEthernet0/1 seq 0x2428 opt 0x42 flag 0x2 len 52  mtu 1500 state EXSTART
23:33:25: OSPF: Nbr 1.1.1.1 has larger interface MTU
P1R2(config-router)#int f0/1
P1R2(config-if)#ip ospf mtu-ignore
P1R2(config-if)#
23:33:30: OSPF: Send DBD to 1.1.1.1 on FastEthernet0/1 seq 0x2428 opt 0x42 flag 0x7 len 32
23:33:30: OSPF: Retransmitting DBD to 1.1.1.1 on FastEthernet0/1 [1]
23:33:30: OSPF: Rcv DBD from 1.1.1.1 on FastEthernet0/1 seq 0x2428 opt 0x42 flag 0x2 len 52  mtu 1500 state EXSTART
23:33:30: OSPF: Nbr 1.1.1.1 has larger interface MTU
P1R2(config-if)#
23:33:35: OSPF: Neighbor change Event on interface FastEthernet0/1
23:33:35: OSPF: DR/BDR election on FastEthernet0/1
23:33:35: OSPF: Elect BDR 2.2.2.2
23:33:35: OSPF: Elect DR 1.1.1.1
23:33:35:        DR: 1.1.1.1 (Id)   BDR: 2.2.2.2 (Id)
23:33:35: OSPF: Send DBD to 1.1.1.1 on FastEthernet0/1 seq 0x2428 opt 0x42 flag 0x7 len 32
23:33:35: OSPF: Retransmitting DBD to 1.1.1.1 on FastEthernet0/1 [2]
23:33:35: OSPF: Rcv DBD from 1.1.1.1 on FastEthernet0/1 seq 0x2428 opt 0x42 flag 0x2 len 52  mtu 1500 state EXSTART
23:33:35: OSPF: NBR Negotiation Done. We are the MASTER
23:33:35: OSPF: Send DBD to 1.1.1.1 on FastEthernet0/1 seq 0x2429 opt 0x42 flag 0x3 len 52
23:33:35: OSPF: Database request to 1.1.1.1
23:33:35: OSPF: sent LS REQ packet to 10.1.0.1, length 12
23:33:35: OSPF: Rcv DBD from 1.1.1.1 on FastEthernet0/1 seq 0x2429 opt 0x42 flag 0x0 len 32  mtu 1500 state EXCHANGE
23:33:35: OSPF: Send DBD to 1.1.1.1 on FastEthernet0/1 seq 0x242A opt 0x42 flag 0x1 len 32
23:33:35: OSPF: Rcv DBD from 1.1.1.1 on FastEthernet0/1 seq 0x242A opt 0x42 flag 0x0 len 32  mtu 1500 state EXCHANGE
23:33:35: OSPF: Exchange Done with 1.1.1.1 on FastEthernet0/1
23:33:35: OSPF: Synchronized with 1.1.1.1 on FastEthernet0/1, state FULL
P1R2(config-if)#
23:33:35: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on FastEthernet0/1 from LOADING to FULL, Loading Done
P1R2(config-if)#
23:33:35: OSPF: Build router LSA for area 0, router ID 2.2.2.2, seq 0x80000002

Ahora si eliminamos la última modificación, la sesión es reseteada y por ende un nuevo intercambio de databases que nos devuelven al origen del problema.

P1R2(config-if)#int f0/1
P1R2(config-if)#no ip ospf mtu-ignore
P1R2(config-if)#
23:35:57: OSPF: Interface FastEthernet0/1 going Down
23:35:57: OSPF: 2.2.2.2 address 10.1.0.2 on FastEthernet0/1 is dead, state DOWN
23:35:57: OSPF: Neighbor change Event on interface FastEthernet0/1
23:35:57: OSPF: DR/BDR election on FastEthernet0/1
23:35:57: OSPF: Elect BDR 0.0.0.0
23:35:57: OSPF: Elect DR 1.1.1.1
23:35:57: OSPF: Elect BDR 0.0.0.0
23:35:57: OSPF: Elect DR 1.1.1.1
23:35:57:        DR: 1.1.1.1 (Id)   BDR: none
23:35:57: OSPF: 1.1.1.1 address 10.1.0.1 on FastEthernet0/1 is dead, state DOWN
23:35:57: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on FastEthernet0/1 from FULL to DOWN, Neighbor Down: Interface down or detached
P1R2(config-if)#
23:35:57: OSPF: Neighbor change Event on interface FastEthernet0/1
23:35:57: OSPF: DR/BDR election on FastEthernet0/1
23:35:57: OSPF: Elect BDR 0.0.0.0
23:35:57: OSPF: Elect DR 0.0.0.0
23:35:57:        DR: none    BDR: none
23:35:57: OSPF: Remember old DR 1.1.1.1 (id)
23:35:57: OSPF: Interface FastEthernet0/1 going Up
23:35:58: OSPF: Build router LSA for area 0, router ID 2.2.2.2, seq 0x80000003
P1R2(config-if)#
23:36:05: OSPF: 2 Way Communication to 1.1.1.1 on FastEthernet0/1, state 2WAY
23:36:05: OSPF: Backup seen Event before WAIT timer on FastEthernet0/1
23:36:05: OSPF: DR/BDR election on FastEthernet0/1
23:36:05: OSPF: Elect BDR 2.2.2.2
23:36:05: OSPF: Elect DR 1.1.1.1
23:36:05: OSPF: Elect BDR 2.2.2.2
23:36:05: OSPF: Elect DR 1.1.1.1
23:36:05:        DR: 1.1.1.1 (Id)   BDR: 2.2.2.2 (Id)
23:36:05: OSPF: Send DBD to 1.1.1.1 on FastEthernet0/1 seq 0x1299 opt 0x42 flag 0x7 len 32
23:36:05: OSPF: Rcv DBD from 1.1.1.1 on FastEthernet0/1 seq 0x13B6 opt 0x42 flag 0x7 len 32  mtu 1500 state EXSTART
23:36:05: OSPF: Nbr 1.1.1.1 has larger interface MTU

Sin embargo no sucede lo mismo al modificar el ip mtu de la interface de vuelta:

23:36:20: OSPF: Exchange Done with 1.1.1.1 on FastEthernet0/1
23:36:20: OSPF: Synchronized with 1.1.1.1 on FastEthernet0/1, state FULL
23:36:20: %OSPF-5-ADJCHG: Process 1, Nbr 1.1.1.1 on FastEthernet0/1 from LOADING to FULL, Loading Done
P1R2(config-if)#
23:36:20: OSPF: Build router LSA for area 0, router ID 2.2.2.2, seq 0x80000004
P1R2(config-if)#int f0/1 
P1R2(config-if)#ip mtu 1498
P1R2(config-if)#
P1R2(config-if)#^Z
P1R2#
23:36:47: %SYS-5-CONFIG_I: Configured from console by vty1 (172.31.1.3)
P1R2#sh ip ospf nei
Neighbor ID     Pri   State           Dead Time   Address         Interface
1.1.1.1           1   FULL/DR         00:00:33    10.1.0.1        FastEthernet0/1

Por qué esta diferencia?. Básicamente por que el chequo de MTU se hace durante el intercambio de paquetes de DD que sólo sucede durante la formación de la adjacencia. ¿Significa esto que nunca más se comparte el resumen de la totalidad de LSAs?. Pues sí y no, se hace pero no a través de paquetes DD, si no que cuando el router originador de un LSA ve que éste se acerca a su MaxAge (entre 0 y 3600 segundos, generalmente 30 minutos), genera una nueva versión de éste con Age 0. ¿O sea envía cada LSA independientemente?, nuevamente esto varía puesto que el router retrasa el envío del LSA el tiempo que el group-pacing interval le indique (por default 240 segundos) y así puede agrupar varíos updates- ésto se puede ajustar con el comando timers lsa-group-pacing.

P1R2#sh ip ospf data

OSPF Router with ID (2.2.2.2) (Process ID 1)

    Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
1.1.1.1         1.1.1.1         1983        0x80000012 0xD311   2
2.2.2.2         2.2.2.2         1784        0x80000009 0xB307   3

    Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
10.1.0.1        1.1.1.1         1983        0x80000004 0x69B1

Estamos alrededor de 30 minuto más el group-pacing interval, P1R1 debería pronto generar el refresco.

P1R2#
1d00h: OSPF: received update from 1.1.1.1, FastEthernet0/1
1d00h: OSPF: Rcv Update Type 1, LSID 1.1.1.1, Adv rtr 1.1.1.1, age 1, seq 0x80000013
P1R2#
1d00h: OSPF: Sending delayed ACK on FastEthernet0/1
1d00h: OSPF: Ack Type 1, LSID 1.1.1.1, Adv rtr 1.1.1.1, age 1, seq 0x80000013

Por ende hemos renovado el tiempo del LSA respectivo y numero de secuencia.

P1R2#sh ip ospf data

OSPF Router with ID (2.2.2.2) (Process ID 1)

    Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
1.1.1.1         1.1.1.1         9           0x80000013 0xD112   2
2.2.2.2         2.2.2.2         1825        0x80000009 0xB307   3


    Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
10.1.0.1        1.1.1.1         9           0x80000005 0x67B2

Todo parece en orden, salvo "Sending delayed ACK on FastEthernet0/1", lo que pareciera un error, pero es simplemente otro mecanismo para evitar utilizar múltiples recursos de la red (CPU, Bandwitdh) de una sola vez. Delayed acknowledgments, por el contrario a Direct acknowledgments, esperan un tiempo para poder reponder a múltiples neighbors con un único paquete LSA multicast. Obviamente este tiempo debe ser menor a RxmtInterval para evitar retransmiciones innecesarias.

En total 0 comentarios:


Leave a Reply

Suscribirse a: Enviar comentarios (Atom)