Cisco Advanced Routing Lab: Redistribution, Default Routes, and Virtual Tunnels

Today, I felt like challenging myself a little bit, so I created a large, somewhat complex network in GNS3 to try putting several concepts together into one, cohesive network. As usual, we'll start with the network diagram:



R1, R2, R3 and R4 are the network core. These routers all live in Area 0 (in the center of the diagram). R1 also participates in Area 1 and shares routes via BGP with R5. R5 participates in an entirely separate OSPF domain with R6 (my idea was that R5 and R6 would be "Internet" hosts for this lab). Just like R1, R2 also participates in Area 1, providing a redundant link to this area. R3 participates in OSPF area 3 and is one of the endpoints for the virtual tunnel to Area 4. R4 also belongs to Area 2. R7, 8 and 9 are pretty straightforward, existing only in Area 1. Likewise, R10 and R11 only live in Area 2; there's nothing complex about their configurations, either. R12, however, is the boundary between Area 2 and the RIP network including R13. R14 and R15 are routers belonging to Area 3, but R16 is a little more tricky. R16 participates in both Area 3 and Area 4.

However, OSPF requires ALL OSPF areas connect to the backbone (area 0) by at least one router. If you notice, there is no direct link between Area 4 and Area 0 in this network diagram, so in order to have Area 4 share routes with the rest of the network, you need to create a "virtual link" between R16 and R3. If ever you find yourself with an OSPF area that doesn't connect to the backbone, it might be worth rethinking your network design so that all of your areas do connect to Area 0. Speaking in broad generalities, there's usually something flawed with your design if you can't connect various OSPF areas directly to the backbone, but if for some reason you can't, it's pretty easy to connect R16 and R3 via a virtual tunnel. First, on R3:
R3(config)#router ospf 42
R3(config-router)#area 0.0.0.3 virtual-link 10.254.254.16


...and on R16:
R16(config)#router ospf 42
R16(config-router)#area 0.0.0.3 virtual-link 10.254.254.3


That's it! There are several options -- such as the various timers -- that you can adjust to account for various network performance issues across the virtual tunnel, but that's essentially all there is to creating the tunnel. Inside the OSPF config on each tunnel endpoint, you list the area ID of the OSPF area that the tunnel will be transiting, and you give the IP address of the other router's OSPF router-ID. In this network, I am using 10.254.254.<router number> for the loopback0 IP address, so R3 is 10.254.254.3 and R16 is 10.254.254.16.

The next "interesting" feature of this lab is the redistribution between OSPF Area 2 and the RIP network on R12. On R13, I created several 172.16.x.y networks on loopback interfaces...:
R13#sho ip int brie
Interface         IP-Address    OK? Method Status...
FastEthernet0/0   unassigned    YES unset  admin...
FastEthernet1/0   10.128.12.2   YES manual up ...
FastEthernet2/0   unassigned    YES unset  admin...
FastEthernet3/0   unassigned    YES unset  admin...
Loopback0         10.254.254.13 YES manual up...
Loopback1         172.16.1.1    YES manual up...
Loopback2         172.16.2.1    YES manual up...
Loopback3         172.17.1.1    YES manual up...
Loopback4         172.17.3.1    YES manual up...

RIPv1 is classful, while we are using classless routing, so the first thing to do is make sure that we are using RIPv2 on both R12 and R13:
R12(config)#router rip
R12(config-router)#version 2

Next, on R12, I want to tell RIP to redistribute OSPF routes, but to add a metric that is sufficiently large that R12 and R13 will prefer local routes to routes that have been imported from OSPF:
R12(config-router)#redistribute ospf 42 metric 3

Since RIP, being a distance-vector protocol, uses hop count as a metric (with a maximum of 15 hops), we start routes imported from OSPF with a hop count of 3 (the "42" is the OSPF process ID I used in the lab -- "router ospf 42"). Now, we'll do the same thing with OSPF:
R12(config-router)#router ospf 42
R12(config-router)#redistribute rip metric 50000 subnets

Again, we are setting the OSPF metric for routes important from RIP to an arbitrarily large value, so that OSPF will prefer local routes to imported routes; the exact value may require some tweaking on your network. I am also using the "subnets" option to tell OSPF to import just the specific subnets that RIP is advertising. Otherwise, any subnets from Class A IP space will be imported as /8 networks; any subnets from Class B IP space will be imported as /16 subnets; and any subnets from Class C IP space will be imported as /24 subnets (in other words, the two 172.16.x.y/24 subnets on R13 would be imported as a single 172.16.0.0/16, the two 172.16.x.y/24 subnets would be imported as a single 172.17.0.0/16, and the 10.254.254.13/32 subnet would be imported as 10.0.0.0/8 -- not at all what we wanted!).

On R1, we are advertising all of the subnets hosted in all of the OSPF areas as well as the RIP network to R5 via BGP:
router bgp 2358
no synchronization
bgp router-id 100.64.0.2
bgp log-neighbor-changes
network 10.0.0.4 mask 255.255.255.252
network 10.0.0.8 mask 255.255.255.252
network 10.0.1.4 mask 255.255.255.252
... network 172.16.0.0
network 172.17.0.0
network 192.168.9.0
neighbor 100.64.0.1 remote-as 2112
no auto-summary
!
It would also be possible to simply import OSPF into BGP, rather than list all of the subnets individually. However, this raises an interesting point: how do you import the routes that R5 is sharing via BGP into the network? The whole point of BGP is to share extremely large routing tables between routers. You don't want to import the entire Internet's routing tables into OSPF, so what is the best way to share external routes with the other routers in your internal network?

In this case, I used a simple, one-line statement to have the other routers send traffic destined for external networks to R1:
R1(config)#router ospf 42
R1(config-router)#default-information originate always
Since R5 is sharing its routes with R1, R1 knows how to reach the external subnets. By adding the "default-information originate" command to R1's OSPF config, it is essentially telling the other routers within the network that is the default gateway -- that traffic destined for unknown networks should be sent to it. R5 has the exact same statement in its OSPF config, so that R6 can reach the networks R5 has received via BGP.

JNCIA Lesson 3 -- Routing

Now that you've got your new EX3200 switches upgraded to the latest stable release, let's start working with the Layer-3 features of the switch. We'll start by reviewing a few basic concepts on how Juniper implements routing.

Juniper routers create two categories of databases while deciding how to forward packets from one network to another: the routing table and the forwarding table. The routing table is created by the routing engine, and contains the routes to various networks. The routing engine then copies the forwarding table to the packet forwarding engine, which uses the forwarding table to decide how to forward packets that come into the router.

Notice that I said JunOS creates two categories of databases. In truth, JunOS supports multiple routing instances, and therefore, multiple routing tables. If you run the "show route" command...:

root@main3200# run show route

inet.0: 14 destinations, 14 routes (14 active, 0 holddown, 0 hidden)
<...snip...>


...notice that it starts with the string, "inet.0." The inet.0 routing table is the default table for IPv4 routes. On some devices, you might also see...:

__juniper_private1__.inet.0


...which is a routing table used within JunOS to communicate with the router itself. There are also several other routing tables created by JunOS for various purposes:

• inet6.0: the default routing table for the IPv6 protocol;
• inet.1: multicast forwarding table;
• inet.2: unicast Reverse Path Forwarding (RPF) routing table;
• inet.3: MPLS routing table;
• mpls.0: MPLS routing table for LSP lookups.

There are two commands which are useful for troubleshooting routing and forwarding problems: "show route forwarding-table" and "show pfe route ip" (you can also use "show pfe route ipv6," "show pfe route mpls," and "show pfe route summary"). Since both of these commands produce a LOT of output, I won't show examples -- just go play with them :)

For a concise summary of the routes the router knows about, use the "show route" command:

root@main3200> show route

inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

10.11.12.0/30      *[Direct/0] 22:36:20
                    > via ge-0/0/21.0
10.11.12.1/32      *[Local/0] 22:36:29
                      Local via ge-0/0/21.0
100.64.170.79/32   *[Local/0] 22:36:29
                      Reject
192.168.1.0/24     *[Direct/0] 22:36:20
                    > via vlan.0
192.168.1.1/32     *[Local/0] 22:36:31
                      Local via vlan.0
192.168.2.0/24     *[OSPF/10] 22:35:32, metric 2
                    > to 10.11.12.2 via ge-0/0/21.0
192.168.10.0/24    *[Direct/0] 22:36:20
                    > via vlan.20
192.168.10.1/32    *[Local/0] 22:36:31
                      Local via vlan.20
224.0.0.5/32       *[OSPF/10] 22:36:32, metric 1
                      MultiRecv
224.0.0.22/32      *[IGMP/0] 22:36:32
                      MultiRecv         

root@main3200>


As you can see, this router already has been configured with routes to various networks. Some of these routes are created automatically, because the networks are directly connected to the router...:

10.11.12.0/30      *[Direct/0] 22:36:20
                    > via ge-0/0/21.0
10.11.12.1/32      *[Local/0] 22:36:29
                      Local via ge-0/0/21.0
...
192.168.1.0/24     *[Direct/0] 22:36:20
                    > via vlan.0
192.168.1.1/32     *[Local/0] 22:36:31
                      Local via vlan.0


...and some of these routes are known through Dynamic Routing Protocols:

192.168.2.0/24     *[OSPF/10] 22:35:32, metric 2
                    > to 10.11.12.2 via ge-0/0/21.0


I'll clear out the routing configurations on this router, and we'll start over with a very simple example: routing from this switch to a second EX3200 that we will call "branch3200", which will be connected with an Ethernet crossover cable:

root@main3200# delete routing-options

[edit]
root@main3200# delete protocols ospf

[edit]
root@main3200# delete policy-options

[edit]
root@main3200# commit
commit complete

[edit]
root@main3200#


For the moment, don't worry too much about the meaning of each of those "delete..." statements. In short, all three statements were necessary to delete all of the routes and routing options that I had created on the switch earlier. By the end of this lesson, the reason for each of those "delete" statements should be clear :)

Back to routing...We will connect ge-0/0/21 on each switch via the crossover cable. Since routing occurs at Layer-3, we'll need to configure an IP address on each switch. I'll assume for now that you are familiar with the concept of subnetting a network; if you aren't, spend some quality time with Google before continuing with these lessons, as a lot of what we will be doing will require that you understand the concept. So, operating on that assumption, we'll create a /30 network between these two EX3200's, since we only need two IP addresses between them (one for each EX3200). I'll assign the IP address 10.11.12.1/30 to main3200 and 10.11.12.2/30 to branch3200:

root@main3200# delete interfaces ge-0/0/21 unit 0 family ethernet-switching

[edit]
root@main3200# set interfaces ge-0/0/21 unit 0 family inet address 10.11.12.1/30

[edit]
root@main3200#


...and...:

root@branch3200# delete interfaces ge-0/0/21 unit 0 family ethernet-switching

[edit]
root@branch3200# set interfaces ge-0/0/21 unit 0 family inet address 10.11.12.2/30

[edit]
root@branch3200#


At this point, we should be able to ping between the two switches:

root@main3200# run ping 10.11.12.2
PING 10.11.12.2 (10.11.12.2): 56 data bytes
64 bytes from 10.11.12.2: icmp_seq=0 ttl=64 time=5.879 ms
64 bytes from 10.11.12.2: icmp_seq=1 ttl=64 time=1.767 ms
^C
--- 10.11.12.2 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.767/3.823/5.879/2.056 ms

[edit]
root@main3200#


Success! Since these two switches are directly connected across a single broadcast domain, we don't have to configure any routing at all to communicate over the 10.11.12.0/30 network. In Lesson 1 we configured a management IP address of 192.168.1.1/24 on interface vlan.0 on the main3200 switch. Let's assume that we have a mangement IP address of 192.168.2.1/24 on interface vlan.0 on the branch3200 switch. Can we ping from 192.168.1.1 to 192.168.2.1? Let's try it and see:

root@main3200# run ping 192.168.2.1
PING 192.168.2.1 (192.168.2.1): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
^C
--- 192.168.2.1 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss

[edit]
root@main3200#


Nope! By default a router (or layer-3 switch, like the EX3200's we are using) only knows directly connected routes. In other words, main3200 only knows how to reach 10.11.12.0/30 and 192.168.1.0/24, and branch3200 only knows how to reach 10.11.12.0/30 and 192.168.2.0/24. Since both switches know how to reach 10.11.12.0/30, they can communicate with each other over this network, but since they don't have the 192.168.x.0/24 networks in common, main3200 can't reach 192.168.2.x, nor can branch3200 reach 192.168.1.x. However, we can fix that very easily:

root@main3200# set routing-options static route 192.168.2.0/24 next-hop 10.11.12.2

[edit]
root@main3200# commit
commit complete

[edit]
root@main3200#


...and on the branch3200:

root@branch3200# set routing-options static route 192.168.1.0/24 next-hop 10.11.12.1

[edit]
root@branch3200# commit
commit complete

[edit]
root@branch3200#


Let's see how a ping from the main3200 switch to the management IP of the branch3200 switch works now:

root@main3200# run ping 192.168.2.1
PING 192.168.2.1 (192.168.2.1): 56 data bytes
64 bytes from 192.168.2.1: icmp_seq=0 ttl=64 time=2.043 ms
64 bytes from 192.168.2.1: icmp_seq=1 ttl=64 time=1.622 ms
^C
--- 192.168.2.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 1.622/1.833/2.043/0.211 ms

[edit]
root@main3200#


Much better! With that one line of code, we told the main3200 switch that, in order to reach the 192.168.2.0/24 network, we had to talk to the router (we'll use "router" synonymously with layer-3 switch, from here on) at 10.11.12.2, and we told the branch3200 switch to talk to 10.11.12.1 to communicate with 192.168.1.0/24. Even better, the two end-point routers don't have to be directly connected for this to work. You can have an arbitrary number of routers between end-points (sort of -- more on this later) and, as long as each router has a next-hop for the destination network, you can "chain" routes together to reach your destination.

For example, suppose you had three routers, router A, router B and router C. Each router has a 192.168.x.1 management IP, 192.168.1.1 for router A, 192.168.2.1 for router B and 192.168.3.1 for router C. Router A is connected to router B on the 10.11.12.0/30 network, just as we've described with main3200 and branch3200 above. Router B is connected to router C on the 172.16.0.0/30 network. In that case, on router A, you would run the command "set routing-options static route 192.168.3.0/24 next-hop 10.11.12.2", just as we did before. On router B, you would run TWO commands, "set routing-options static route 192.168.3.0/24 next-hop 172.16.0.2" and "set routing-options static route 192.168.1.0/24 next-hop 10.11.12.1." On router C, you would run a single command again, "set routing-options static route 192.168.1.0/24 next-hop 172.16.0.1." If router A wanted to communicate with the 192.168.2.0/24 network on router B, then on router A you would also need to add "set routing-options static route 192.168.2.0/24 next-hop 10.11.12.2" as well, and if router C wanted to communicate with the 192.168.2.0/24 network on router B, you would have to add the command "set routing-options static route 192.168.2.0/24 next-hop 172.16.0.1" also. Instead of two commands for two routers, we now have eight commands for three routers -- that's an exponential growth (2^n, where n is the number of routers in the network) for full communication across the network. Clearly, if you have a small network, static routes are fine, but for large networks (where "large" doesn't really have to be all that large at all), creating static routes is a very time-consuming and error-prone proposition.

Fortunately, there's a solution for this problem. Very early on, router manufacturers decided that, while there were scenarios where statically routing between networks was appropriate, this was actually the kind of work that a computer -- and an average router is nothing more than a low-powered computer with very specific software and two or more network ports -- is very good at performing. Consequently, they developed dynamic routing protocols: algorithms that share routes between devices automatically, relieving the network administrator of the necessity of statically configuring all of the routes between various network devices.

One of the most common routing protocols in use is OSPF (Open Shortest Path First). Let's delete our static routes and replace them with a simple OSPF configuration:

root@main3200# top

[edit]
root@main3200# edit protocols ospf

[edit protocols ospf]
root@main3200# set area 0.0.0.0 interface ge-0/0/21.0

[edit protocols ospf]
root@main3200# set area 0.0.0.0 interface vlan.0 passive

[edit protocols ospf]
root@main3200# commit
commit complete

[edit protocols ospf]
root@main3200#


Now, let's see if our configuration works:

root@main3200# run show route protocol ospf    

inet.0: 10 destinations, 10 routes (10 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

192.168.2.0/24     *[OSPF/10] 00:02:14, metric 2
                    > to 10.11.12.2 via ge-0/0/21.0
224.0.0.5/32       *[OSPF/10] 00:03:35, metric 1
                      MultiRecv

[edit protocols ospf]
root@main3200#


Perfect! We have a route to 192.168.2.0/24 on main3200.

One other tool that is useful for debugging OSPF routing problems is the "show ospf neighbor" command. Here is the output from immediately after committing the OSPF configuration. In particular, watch how the "State" changes as the two EX3200's begin to build the OSPF communications:

root@main3200# run show ospf neighbor
Address          Interface              State     ID               Pri  Dead
10.11.12.2       ge-0/0/21.0            2Way      10.11.12.2       128    39

[edit protocols ospf]
root@main3200# run show ospf neighbor          
Address          Interface              State     ID               Pri  Dead
10.11.12.2       ge-0/0/21.0            ExStart   10.11.12.2       128    33

[edit protocols ospf]
root@main3200# run show ospf neighbor          
Address          Interface              State     ID               Pri  Dead
10.11.12.2       ge-0/0/21.0            Full      10.11.12.2       128    36

[edit protocols ospf]
root@main3200#


In this sequence of captures, you can see the OSPF process begin establishing the OSPF adjacency with the neighbor router ("2Way"), exchanging routes with the neighbor ("ExStart") and fully converged ("Full"). If the routers don't move to the "Full" state after a couple of minutes, then something is wrong and you should make sure 1) that your configs are good, and 2) that you can ping from one router to the other. Once the state has changed to "Full", you can run the "show route protocol ospf" command to verify that all of the routes are being shared properly.

Let's discuss a couple of the statements in our OSPF configuration in a little more detail:

root@main3200# show
area 0.0.0.0 {
    interface ge-0/0/21.0;
    interface vlan.0 {
        passive;
    }
}

[edit protocols ospf]
root@main3200#


First, notice that all of our configuration statements fall under the "area 0.0.0.0" stanza. In OSPF, you can define multiple areas for OSPF to run in, although you always need an area 0.0.0.0 (sometimes shortened to "area 0" on some vendors' equipment, although Juniper will rewrite "area 0" as "area 0.0.0.0"). To understand areas, keep in mind that OSPF advertises routes within an area, so once a network becomes large, you can improve performance and reduce network overhead by segmenting your network into smaller subnetworks to reduce the number and size of advertisements. Area 0.0.0.0 is of particular importance because it is the "backbone network", that is, the portion of the network that connects all of the other areas (if any) together. In our case, the network is very small (just two switches), so we have put all of the networks in area 0.0.0.0.

Second, notice that under area 0.0.0.0, we have listed two interfaces, ge-0/0/21.0 and vlan.0. When we listed these interfaces, we told OSPF that we want to enable OSPF routing on these interfaces. For vlan.0, we further modified this statement by appending the "passive" parameter, which tells OSPF that, even though we want to make this interface part of the OSPF area, we don't want to form OSPF adjacencies through this interface.

That leaves us with one question remaining for this section: suppose we had multiple routes to a particular network, say one route that was defined statically, and another route to the same network that was defined through a dynamic routing protocol such as OSPF. Which patch would the router take to reach the destination? JunOS has predicted that such a scenario might occur, and has already addressed the issue through route preferences.

Basically, route preferences set a ranking of routes depending upon the way the route was derived. For example, directly connected routes are most preferable, statically defined routes are slightly less preferable, OSPF routes are even less preferable, RIP is less preferable than OSPF and BGP is the least preferable route of all (reference). These preferences aren't just academic, mind you. I once had to troubleshoot a routing problem with my upstream provider where I was experiencing a routing loop trying to reach a remote location from a second remote location in my network. My upstream provider spent several days claiming that he was advertising the proper routes through his core, until I finally asked him to check the static routing at one of the remote office locations. Since static routes are more preferable than dynamic routes, the old, incorrect static route was overriding the route he was advertising dynamically through his core, and was routing traffic to this one subnet back to my edge router, causing a loop.

This has only scratched the surface of routing on Juniper devices, but we'll save the more advanced topics for the next lesson.

Lesson 6 -- Dynamic Routing with RIP and RIPv2

The branch office is now connected to the main office, and the routers can successfully communicate with each other. Unfortunately, there's a problem, however. After getting the two routers connected, you called it a night, but the next morning, the branch office manager called you to say that none of the users in the office could connect to any of the corporate servers in the main office. You gave the branch office manager your word that you'd get the problem solved right away, but first you've got to figure out what's wrong. You fire up your laptop and start pecking away at the keyboard:

me@myllt:~$ traceroute 192.168.2.32
traceroute to 192.168.2.32 (192.168.2.32), 30 hops max, 60 byte packets
1 192.168.1.1 (192.168.1.1) 2.337 ms 2.577 ms 2.918 ms
2 100.64.1.1 (100.64.1.1) 32.245 ms 31.087 ms 32.500 ms
3 * * *
4 * * *
5 * * *
6 * * *^C
me@myllt:~$


It looks like you can reach your router like you should, but why is your router connecting your ISP's router to reach a host in the branch office? To reach the branch office, your router should be directing traffic to the T1 line, not to the Internet.

Let's take a moment here to go over a basic concept that you will need to understand if you want to be a network admin: the purpose of a router is to route (natch!) traffic appropriately. In other words, a router works very much like an old-fashioned traffic cop, directing cars through an intersection. When a car (a packet) arrives at the intersection (a network interface), the traffic cop (the router) looks at the lane position and turn signals (the destination address and routing tables), and then directs the car (the packet) towards the proper lane (outbound interface). However, routers are just electronic devices; they aren't omniscient. With an exception that I'll discuss in just a minute, routers only know how to reach networks that either are directly connected to them, or that you have explicitly told them how to reach. Therefore, the easy solution is to log in to your router and type these commands...:

lab2651rtr# conf t
lab2651rtr(config)# ip route 192.168.2.0 255.255.255.0 192.168.3.6
lab2651rtr(config)# exit
lab2651rtr#


...then try the traceroute command again:

me@myllt:~$ traceroute 192.168.2.32
traceroute to 192.168.2.32 (192.168.2.32), 30 hops max, 60 byte packets
1 192.168.1.1 (192.168.1.1) 2.047 ms 2.453 ms 3.199 ms
2 192.168.3.6 (192.168.3.6) 2.840 ms 3.697 ms 6.029 ms
3 192.168.2.32 (192.168.2.32) 3.169 ms 4.166 ms 4.522 ms
me@myllt:~$


That's better! However, what happens if you have to add another branch office? You'll need to add another static route to and from the main office, and if the two branch offices need to communicate with each other, too, then you'll need to add two more static routes on each router. If you keep following this train of thought, you'll soon realize that continuously adding static routes for every new branch office can quickly become unmanageable.

Fortunately, there is a better solution. Routers have the ability to create routes between connected devices automatically, if you enable the feature. This is called "dynamic routing" and the standards that have been established to allow interconnected routers to do this are collectively known as "dynamic routing protocols." One of the dynamic routing protocols that is easiest to understand and configure is known as "RIP" -- "Routing Information Protocol." I won't spend much time describing how RIP works -- again, there are plenty of on-line resources that explain the idea behind RIP (and you should probably spend at least a little time reading them, if you want to pass the CCNA) -- but instead, we'll dive right into configuring it. First, remove the static routes between the main office router and the branch office router:

lab2651rtr# sho run | inc route
default-router 192.168.1.1
ip route 0.0.0.0 0.0.0.0 100.64.1.1
ip route 192.168.2.0 255.255.255.0 192.168.3.6
lab2651rtr# conf t
lab2651rtr(config)# no ip route 192.168.2.0 255.255.255.0 192.168.3.6
lab2651rtr(config)#


...and...:

lab3640rtr# sho run | inc route
default-router 192.168.2.1
ip route 0.0.0.0 0.0.0.0 192.168.3.5
lab3640rtr# conf t
lab3640rtr(config)# no ip route 0.0.0.0 0.0.0.0 192.168.3.5
lab3640rtr(config)#


If you aren't familiar with the line that begins "sho run", basically all I'm doing is telling the router to show me the current configuration ("sho run"), and then I'm telling it to filter ("|") the output by including only the lines that contain the word "route." If you would like, spend a little time playing with the command until you understand what it's doing. For example, try running "sho ip int brie | inc Serial" or "sho run | inc password" There are other filters available, too, such as "sho run | begin interface" which can really help you out when troubleshooting problems.

Back to the configuration...If you try to traceroute to the branch office at his point, the traceroute should fail because the routers no longer know how to reach the internal networks on the other router. Let's fix that problem, shall we?

lab3640rtr(config)# router rip
lab3640rtr(config-router)# version 2
lab3640rtr(config-router)# network 192.168.3.4
lab3640rtr(config-router)# redistribute connected
lab3640rtr(config-router)# exit
lab3640rtr(config)# exit
lab3640rtr#


...and on the main office router:

lab2651rtr(config)# router rip
lab2651rtr(config-router)# version 2
lab2651rtr(config-router)# network 192.168.3.4
lab2651rtr(config-router)# redistribute connected
lab2651rtr(config-router)# redistribute static
lab2651rtr(config-router)# passive-interface fa0/1
lab2651rtr(config-router)# exit
lab2651rtr(config)# exit
lab2651rtr#


This should establish routing between the two routers. Here's what the commands do:
* First, we tell the router to start the RIP routing process with the "router rip" command.
* Next, we tell the router that we want to use RIP version 2. The original version of RIP was classful, meaning that it didn't understand subnetting. Version 2 introduced classless networks into RIP, and since we are using /30 addresses on the point-to-point serial link, it would be best if we used the version of RIP that supports classless networks.
* We tell RIP that we want it to send and receive router advertisements on the network interface that hosts the 192.168.3.4 network. We don't list the LAN networks (192.168.1.0 and 192.168.2.0) because they are "network stubs." There are no other routers on the LAN networks to send or receive RIP advertisements on those networks, so there is no reason to send or receive an advertisement out the LAN interface.
* Next, we tell the router that when it sends a route advertisement, we want it to include the routes to all of the networks directly connected to one of its network interfaces ("redistribute connected").
* On the main office router, we tell RIP to redistribute static routes also (so that branch office users can reach the Internet).
* Finally, also on the main office router, we tell RIP not to send route advertisements to the ISP. They don't care about routes on our internal network, and even if they did, RIP probably wouldn't be the best choice for a number of reasons that are beyond the scope of this discussion. Just take my word for it that, as of the date that I am writing this, BGP ("Border Gateway Protocol") is the routing protocol of choice for peering with service providers. Note: this command probably isn't strictly necessary, since we are only telling the routers to advertise across the serial interface, but I am including it anyway, just to prevent a typo in the future from suddenly sending advertisements to RFC-1918 IP space to our upstream provider. They should, in theory, be filtering RFC-1918 addresses out of their route advertisements, but...

Now that RIP has been configured on the two routers, hosts from the main office and the branch office should be able to reach each other. If not, then it's time to get familiar with two new Cisco commands, "sho ip route" and "sho ip rip database." "sho ip route" does exactly that -- it shows you the routes that your router "knows" about, and "sho ip rip database" shows you what networks are stored in the RIP database, and what path you would take to reach those networks.