IS-IS Lab 16 Troubleshooting Multi-Area Solution

Previous  Next

Download Lab: VIRL | EVE-NG | GNS3


Image requirements:

Cisco IOSv (vios-adventerprisek9-m.vmdk.SPA.156-2.T)


Introduction: 
This is the solution lab for troubleshooting scenario described in the IS-IS lab 15th, here step by step, an explanation will be given on how to fix the connectivity issues encountered after reconfiguring one L2 area topology into multiple areas. Some subnets are no longer able to reach each other due to improper configuration of IS-IS protocol. Let's dive into the problem resolution.


Topology:





Reported issues:

1. Router A2 unable to ping any IP addresses assigned to loopback 0 interfaces in the topology if sourced from its own loopback 0 interface. 

2. Router B2 unable to ping any IP addresses assigned to loopback 0 interfaces in the topology if sourced from its own loopback 0 interface. 

3. Router D2 unable to ping any IP addresses assigned to loopback 0 interfaces in the topology if sourced from its own loopback 0 interface.

4. Router E2 unable to ping any IP addresses assigned to loopback 0 interfaces in the topology if sourced from its own loopback 0 interface.





Solution:

Step1: It would be nice to confirm the reported issue first before you start identifying the cause of the problem. Issue number 1 states that router A2 unable to ping any IP address of loopback 0 interfaces in the topology, so let's verify that by pinging a couple of remote addresses. 

On router A2 source ping from its loopback0 interface to the router E2 and router C2:

A2#ping 192.168.0.7 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.7, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.10
.....
Success rate is 0 percent (0/5)
 

A2#ping 192.168.0.8 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.10
.....
Success rate is 0 percent (0/5)



The results of the output indicate that ping requests are timing out. 




Step2: Draw the initial hypophysis from gathered information of the ping results. If there would be a problem at the remote location when next-hop of router A2 would potentially send back destination unreachable message but since the ping is timing out, there could be a problem for next-hop router reach back the IP address of loopback0 of router A2. Gather addition information by pinging IP address of router A1 on the link between A1 and A2. 


Identify the IP address of router A1 on the interface facing router A2:


A1#show  ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         10.255.1.41     YES TFTP   up                    up     
GigabitEthernet0/1         10.0.0.25       YES TFTP   up                    up     
GigabitEthernet0/2         10.0.0.9        YES TFTP   up                    up     
Loopback0                  192.168.0.2     YES TFTP   up                    up      



According to the diagram interface on the router A1 facing router A2 is G0/1. 
From the output, this interface has IP address of 10.0.0.25.


A2#ping 10.0.0.25
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.25, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
A2#



Ping sourced from the G0/1 interface on the router A2 shows that there is L3 connectivity between two routers. Now let's see if ping from the loopback0 interface will work. 


A2#ping 10.0.0.25 source  lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.25, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.10
.....
Success rate is 0 percent (0/5)
A2#



The result of the ping command indicates that router A1 unable to respond to the ICMP request messages. 


Step3: Gather more information, routers A1 and  A2 are both in the IS-IS L1 Area with AID of A000. Verify if IS-IS neighborship is formed between these two routers. 

A2#show  isis neighbors 
System Id       Type Interface     IP Address      State Holdtime Circuit Id
A1              L1   Gi0/1         10.0.0.25       UP    8        A1.01           



The output shows that L1 adjacency is formed, so neighborship issues can be eliminated. Next would a good idea to check what is in the IS-IS database. 


A2#show  isis  database 
IS-IS Level-1 Link State Database:
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime/Rcvd      ATT/P/OL
A1.00-00              0x00000006   0xB9B6                1071/1199      1/0/0
A1.01-00              0x00000003   0x016D                 600/1199      0/0/0
A2.00-00            * 0x00000004   0xDB9D                 504/*         0/0/0



There are three LSPs in the database. First LSP belongs to the router A1 and its LSP carrying prefixes, also it indicates that router A1 is an L1/L2 border router and A2 has to have the default route installed in RIB because ATT bit set to 1. 


The second LSP indicates that router A1 is the DIS on the link between A1 and A2 because pseudonode-ID is set to nonzero. 


Last LSP belongs to router A2, it contains prefixes router will advertise to its neighbors. Examining the detailed database for this LSP will give insights on what could be a problem. 

A2#show isis database detail A2.00-00
IS-IS Level-1 LSP A2.00-00
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime/Rcvd      ATT/P/OL
A2.00-00            * 0x00000006   0xD79F                1120/*         0/0/0
  Area Address: 49.a000
  NLPID:        0xCC
  Hostname: A2
  Metric: 10         IS A1.01
  IP Address:   10.0.0.26
  Metric: 10         IP 10.0.0.24 255.255.255.252
A2# 



Router A2 does not have in its LSP IP information regarding the loopback0 interface. 


Step4: Now it's good to see if the loopback0 interface is enabled for IS-IS protocol. 

A2#show  running-config interface  lo0Building configuration...

Current configuration : 175 bytes
!
interface Loopback0
 description Loopback
 ip address 192.168.0.10 255.255.255.255
 ip router isis
 ipv6 address 2001:DB8:B:0:1::3/128
 isis circuit-type level-2-only 


The output clearly shows that IS-IS protocol is enabled but it also reveals something else, the circuit-type is set to be level-2-only. 

But if review the isis protocol information:  

A2#show  isis  protocol  
IS-IS Router: <Null Tag>
  System Id: 0000.0000.00A2.00  IS-Type: level-1
  Manual area address(es):
        49.a000
  Routing for area address(es):
        49.a000
  Interfaces supported by IS-IS:
        GigabitEthernet0/1 - IP
        Loopback0 - IP
  Redistribute:
    static (on by default)
  Distance for L2 CLNS routes: 110
  RRR level: none
  Generate narrow metrics: level-1-2
  Accept narrow metrics:   level-1-2
  Generate wide metrics:   none
  Accept wide metrics:     none


This router is set to be IS-Type Level-1, meaning that it will not include any L2 information in its database. L2 information will not be communicated over the link as well since the interface set to be circuit-type level-1. 

A2#show  clns interface  g0/1
GigabitEthernet0/1 is up, line protocol is up
  Checksums enabled, MTU 1497, Encapsulation SAP
  ERPDUs enabled, min. interval 10 msec.
  CLNS fast switching disabled
  CLNS SSE switching disabled
  DEC compatibility mode OFF for this interface
  Next ESH/ISH in 46 seconds
  Routing Protocol: IS-IS
    Circuit Type: level-1
    Interface number 0x1, local circuit ID 0x1
    Level-1 Metric: 10, Priority: 64, Circuit ID: A1.01
    DR ID: A1.01
    Level-1 IPv6 Metric: 10
    Number of active level-1 adjacencies: 1
    Next IS-IS LAN Level-1 Hello in 7 seconds



Step5: Adequate amount of information has been collected to propose a solid hypophysis on the problem-solution. Since routers, A1 and A2 are IS-IS neighbors via the L1 adjacency and router A2 is enabled as L1 IS-type only, the L1 database is only supported on the A2 node. Configuring loopback0 as circuit-type level-2-only will disqualify this interface from participating in the IS-IS routing process. 


Step6: Implement the solution. Change the circuit-type of node A2's interface to level-1. 

A2(config)#interface  lo0
A2(config-if)#isis circuit-type level-1
A2(config-if)# end



Step7: Verify the implemented solution:

A2#show  clns interface  lo0Loopback0 is up, line protocol is up
  Checksums enabled, MTU 1514, Encapsulation LOOPBACK
  ERPDUs enabled, min. interval 10 msec.
  CLNS fast switching disabled
  CLNS SSE switching disabled
  DEC compatibility mode OFF for this interface
  Next ESH/ISH in 24 seconds
  Routing Protocol: IS-IS
    Circuit Type: level-1
    Interface number 0x0, local circuit ID 0x100
    Level-1 Metric: 10, Priority: 64, Circuit ID: A2.00
    Level-1 IPv6 Metric: 10
    Number of active level-1 adjacencies: 0
    Next IS-IS Hello in 0 seconds
    if state DOWN


 This output shows that circuit-type has been changed to level-1. 

A2#show  isis database detail A2.00-00
IS-IS Level-1 LSP A2.00-00
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime/Rcvd      ATT/P/OL
A2.00-00            * 0x00000009   0xFC1D                1019/*         0/0/0
  Area Address: 49.a000
  NLPID:        0xCC
  Hostname: A2
  Metric: 10         IS A1.01
  IP Address:   192.168.0.10
  Metric: 10         IP 10.0.0.24 255.255.255.252
  Metric: 10         IP 192.168.0.10 255.255.255.255


Now router A2's LSP contains the prefix of the loopback0 interface. Let's see if ping to some remote destinations will be successful. 

A2#ping 10.0.0.25 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.25, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.10
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/5 ms
A2#


Ping to router A1's interface G0/1 is good. Next, verify connectivity to the core router C2. 

A2#ping 192.168.0.8 source lo0        
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.10
!!!!!


Router A2 is able to communicate with core router C2. Now, can it ping the loopback0 interfaces of routers B2, D2, and E2? 

A2#ping 192.168.0.6 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.6, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.10
U.U.U
Success rate is 0 percent (0/5)
 

A2#ping 192.168.0.9 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.9, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.10
U.U.U
Success rate is 0 percent (0/5)
 

A2#ping 192.168.0.7 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.7, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.10
U.U.U
Success rate is 0 percent (0/5)


As results in the output indicate that ping failed to reach all three routers, further troubleshooting is necessary. 


Step8: Let's go to the router B2 and check what is going on with that node. A  lot of effort put into fixing A2's reachability issues and experience obtained from the time spent on resolving the problem allows you to assume that router B2 might have the same issue. Go straight and verify the database on the router B2. 

B2#show  isis database detail B2.00-00
IS-IS Level-1 LSP B2.00-00
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime/Rcvd      ATT/P/OL
B2.00-00            * 0x0000000A   0xFB56                 332/*         0/0/0
  Area Address: 49.b000
  NLPID:        0xCC
  Hostname: B2
  Metric: 10         IS B1.01
  IP Address:   10.0.0.18
  Metric: 10         IP 10.0.0.16 255.255.255.252


The output indicates that the loopback0 interface's IP address is not in the LSP for router B2. Check the circuit-type of lo0 and IS-IS protocol. 

B2#show  clns interface  lo0
Loopback0 is up, line protocol is up
  Checksums enabled, MTU 1514, Encapsulation LOOPBACK
  ERPDUs enabled, min. interval 10 msec.
  CLNS fast switching disabled
  CLNS SSE switching disabled
  DEC compatibility mode OFF for this interface
  Next ESH/ISH in 27 seconds
  Routing Protocol: IS-IS
    Circuit Type: level-2
    Interface number 0x0, local circuit ID 0x100
    Next IS-IS Hello in 0 seconds
    if state DOWN


B2#show  isis protocol  
IS-IS Router: <Null Tag>
  System Id: 0000.0000.00B2.00  IS-Type: level-1
  Manual area address(es):
        49.b000
  Routing for area address(es):
        49.b000
  Interfaces supported by IS-IS:
        GigabitEthernet0/1 - IP
        Loopback0 - IP
  Redistribute:
    static (on by default)
  Distance for L2 CLNS routes: 110
  RRR level: none
  Generate narrow metrics: level-1-2
  Accept narrow metrics:   level-1-2

  Generate wide metrics:   none
  Accept wide metrics:     none


Indeed, node B2 has the same problem as router A2. 


Step9: Change circuit-type for B2's loopback0 interface. 

B2(config)#interface  lo0
B2(config-if)#isis circuit-type level-1



Step10: Verify solution and connectivity. 

B2#show  isis database detail B2.00-00
IS-IS Level-1 LSP B2.00-00
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime/Rcvd      ATT/P/OL
B2.00-00            * 0x0000000C   0xCA2B                1116/*         0/0/0
  Area Address: 49.b000
  NLPID:        0xCC
  Hostname: B2
  Metric: 10         IS B1.01
  IP Address:   192.168.0.6
  Metric: 10         IP 10.0.0.16 255.255.255.252
  Metric: 10         IP 192.168.0.6 255.255.255.255



B2#ping 192.168.0.10 source lo0Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.10, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.6
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/7/9 ms
B2#


Ping to the router A2's loopback0 interface is successful. 

B2#ping 192.168.0.9 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.9, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.6
U.U.U
Success rate is 0 percent (0/5)
 

B2#ping 192.168.0.7 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.7, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.6
U.U.U
Success rate is 0 percent (0/5)
B2#


Well, routers D2 and E2 are still unavailable but the problem might be the same to fix this. 


Step11: Verify D2's and E2's loopback0 interfaces' circuit-type:

D2#show clns interface  lo0
Loopback0 is up, line protocol is up
  Checksums enabled, MTU 1514, Encapsulation LOOPBACK
  ERPDUs enabled, min. interval 10 msec.
  CLNS fast switching disabled
  CLNS SSE switching disabled
  DEC compatibility mode OFF for this interface
  Next ESH/ISH in 11 seconds
  Routing Protocol: IS-IS
    Circuit Type: level-2
    Interface number 0x0, local circuit ID 0x100
    Next IS-IS Hello in 0 seconds
    if state DOWN


E2#show  clns interface  lo0
Loopback0 is up, line protocol is up
  Checksums enabled, MTU 1514, Encapsulation LOOPBACK
  ERPDUs enabled, min. interval 10 msec.
  CLNS fast switching disabled
  CLNS SSE switching disabled
  DEC compatibility mode OFF for this interface
  Next ESH/ISH in 4 seconds
  Routing Protocol: IS-IS
    Circuit Type: level-2
    Interface number 0x0, local circuit ID 0x100
    Next IS-IS Hello in 0 seconds
    if state DOWN


Both of these interfaces have circuit-type of level-2 which is incorrect. 


Step12: Change circuit-type for D2's and E2's loopback0 interfaces. 

D2(config)#interface  lo0
D2(config-if)#isis circuit-type level-1 

!
E2(config)#interface  lo0
E2(config-if)#isis circuit-type level-1 



Step13: Assuming that changes in the previous step, finally fix all issues related to the connectivity, now verify that router A2 is able to ping loopback0 addresses fo B2, D2, and E3. 

A2#ping  192.168.0.6 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.6, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.10
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 7/7/9 ms
 

A2#ping  192.168.0.9 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.9, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.10
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/10 ms
 

A2#ping  192.168.0.7 source lo0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.7, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.10
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 7/7/9 ms
A2# 


Comments

Popular Posts