Avaya Phones and Cisco Switches

I was recently troubleshooting Avaya phones not going into their correct voice vlan.

interface GigabitEthernet1/0/1
 switchport access vlan 100
 switchport mode access
 switchport voice vlan 200

The phone kept on going into vlan 100.  I checked CDP and also enabled LLDP which didn’t help.  LLDP showed me the phone sitting nicely in the access vlan.

The solution was to place option 176 in the access vlan.  The Avaya phone gets this options and then puts itself in the vlan with tagging held within that option.

DHCP Option 176 : L2Q=1, L2QVLAN=200

The above shows L2Q = 1 meaning tag the traffic, and L2QVLAN=200 being the vlan tag.

Straight after this was applied the phones moved themselves in to the correct vlan.

 

Cisco WLC – Flexible Radio Assignment

This is a great feature of the Cisco WLC >8.2 software and 2800/3800 APs.  For selected APs, the second radio can be used dynamically and have its purpose allocated by the WLC.  I tested this recently during a setup of a small controller and 6 APs, because they all within 1 metre of each other.  One had decided a single 2.4Ghz radio, one in monitor mode and the remaining 4 variable radios all with dual 5GHz.  While this isn’t a great deployment being so close, it was interesting to see!

Here are Cisco notes.

Debug info:

>show advanced fra

 

 

Cisco Nexus TFTP Error

Today, I had a problem today getting a file onto a Cisco Nexus 7700.  Everything looked OK right up to the last packet of information to go then threw up an error…

Nexus-7710# copy tftp: bootflash:/// vrf management 
Enter source filename: n7000-s2-kickstart.8.1.2a.bin
Enter hostname for the tftp server: 192.19.0.10
Trying to connect to tftp server......
Connection to Server Established.
TFTP get operation failed:Undefined error code (2)

The logs from my Solarwinds TFTP software showed the peer reset the connection and error code 2 usually means Access Violation.  I couldn’t find a problem with either the TFTP file name, if it were write permissions i wouldn’t expect it to start the transfer, and there was plenty of space on the bootflash!  As a test, i downloaded and used TFTPD64 and it worked without a problem!  I’m not sure if it was the Nexus or Solarwinds not playing nicely but i’d found a solution and needed to move on with the job!  Just making a note here to remind future me to try a different TFTP server (or just use a USB if i were closer onsite!)

Nexus-7710# copy tftp: bootflash:/// vrf management 
Enter source filename: n7000-s2-kickstart.8.1.2a.bin
Enter hostname for the tftp server: 192.19.0.10
Trying to connect to tftp server......
Connection to Server Established.
TFTP get operation was successful

 

 

 

 

Study Notes : OSPF iSPF and Graceful Modes

iSPF

Incremental SPF is a feature that can be enabled on a complete area or a single router, and will allow the device to perform a partial SPF calculation on the area of the SPF affected by the LSA received.  This is configured (with no arguments):

A partial update should be initiated by changes to LSA types 3,4,5 & 7 by default.

An incremental could be initiated by changes to LSA types 1 & 2, but it depends on the scope of the change!

R1(config)#router ospf 1
R1(config-router)#ispf
R1#show ip ospf
 Routing Process "ospf 1" with ID 1.1.1.1
<omitted>
 Incremental-SPF enabled
<omitted>
R3#debug ip ospf spf topology base
OSPF SPF debugging is on for unicast base topology
OSPF SPF intra debugging is on for unicast base topology
OSPF SPF inter debugging is on for unicast base topology
OSPF SPF external debugging is on for unicast base topology
R3# (Shut down a router out of R3's Area)
*Apr 9 22:42:26.995: OSPF-1 SPF : Schedule partial SPF type 3, LSID 55.55.55.55, adv_rtr 1.1.1.1 area 1
*Apr 9 22:42:27.003: OSPF-1 SPF : Schedule partial SPF type 3, LSID 55.55.55.55, adv_rtr 9.9.9.9 area 1
*Apr 9 22:42:27.007: OSPF-1 SPF : Schedule partial SPF type 3, LSID 11.0.5.1, adv_rtr 9.9.9.9 area 1
*Apr 9 22:42:27.007: OSPF-1 SPF : Schedule partial SPF type 3, LSID 5.5.5.5, adv_rtr 9.9.9.9 area 1
*Apr 9 22:42:27.007: OSPF-1 SPF : Service partial SPF, spf instance 18, 4/0/0
*Apr 9 22:42:27.007: OSPF-1 INTER: Process partial summary spf queue
*Apr 9 22:42:27.007: OSPF-1 INTER: Process partial spfQ: type 3, LSID 55.55.55.55, mask 255.255.255.255, adv_rtr 1.1.1.1, age 1, seq 0x80000001, area 1
*Apr 9 22:42:27.007: OSPF-1 INTER: Process partial (ABR 0 Transit 0): type 3, LSID 55.55.55.55, mask 255.255.255.255, adv_rtr 1.1.1.1, age 1, seq 0x80000001, area 1
*Apr 9 22:42:27.011: OSPF-1 INTER: Start partial processing: type 3, LSID 55.55.55.55, mask 255.255.255.255,
R3#
R3#
R3# (This time shut down an interface within the area being represented by a type 2 LSA)
*Apr 9 22:48:23.383: OSPF-1 SPF : Detect change in LSA type 1, LSID 9.9.9.9 from 9.9.9.9 area 1
*Apr 9 22:48:23.383: OSPF-1 INTRA: Insert LSA to New_LSA list type 1, LSID 9.9.9.9, from 9.9.9.9 area 1
*Apr 9 22:48:23.387: OSPF-1 MON : Schedule Incremental SPF in area 1, change in LSID 9.9.9.9, LSA type R
*Apr 9 22:48:23.387: OSPF-1 MON : reset throttling to 5000ms next wait-interval 10000ms
*Apr 9 22:48:23.423: OSPF-1 SPF : Detect MAXAGE in LSA type 2, LS ID 10.49.49.9, from 9.9.9.9
*Apr 9 22:48:23.423: OSPF-1 SPF : Detect generic change in LSA type 2, LSID 10.49.49.9, from 9.9.9.9 area 1
R3#
*Apr 9 22:48:23.427: OSPF-1 INTRA: Insert LSA to New_LSA list type 2, LSID 10.49.49.9, from 9.9.9.9 area 1
*Apr 9 22:48:23.427: OSPF-1 MON : Schedule Incremental SPF in area 1, change in LSID 10.49.49.9, LSA type N
R3#
*Apr 9 22:48:28.391: OSPF-1 INTRA: Running SPF for area 1, SPF-type Incremental
*Apr 9 22:48:28.391: OSPF-1 INTRA: Initializing to run spf
*Apr 9 22:48:28.395: OSPF-1 INTRA: Running incremental SPF for area 1
*Apr 9 22:48:28.395: OSPF-1 INTRA: iSPF: checking parents for node 9.9.9.9, type 1, Adv 9.9.9.9
*Apr 9 22:48:28.399: OSPF-1 INTRA: iSPF: trying to find a link to parent 10.39.39.9 in the new LSA
*Apr 9 22:48:28.399: OSPF-1 INTRA: iSPF: found a link to parent 10.39.39.9 in the new LSA
*Apr 9 22:48:28.403: OSPF-1 INTRA: iSPF: No change in parents node 9.9.9.9, type 1, Adv. Rtr 9.9.9.9
*Apr 9 22:48:28.403: OSPF-1 INTRA: iSPF: scanning new LSA for node 9.9.9.9, type 1, Adv. Rtr. 9.9.9.9
*Apr 9 22:48:28.407: OSPF-1 INTRA: iSPF: checking parent of node 10.39.39.9, type 2, Adv. Rtr 9.9.9.9
*Apr 9 22:48:28.407: OSPF-1 INTRA: iSPF: checking parent of node 9.9.9.9, type 1, Adv. Rtr 9.9.9.9
*Apr 9 22:48:28.407: OSPF-1 INTRA: iSPF - node 10.39.39.9, type 2,
R3#Adv 9.9.9.9 found as parent of node 9.9.9.9, type 1, Adv 9.9.9.9
*Apr 9 22:48:28.411: OSPF-1 INTRA: iSPF - update all stub-routes of node 9.9.9.9, type 1, Adv 9.9.9.9
*Apr 9 22:48:28.411: OSPF-1 INTRA: iSPF: init all stub-routes on delete_list of node 9.9.9.9, type 1, Adv. Rtr 9.9.9.9
*Apr 9 22:48:28.415: OSPF-1 INTRA: iSPF: initialising node 10.49.49.255, type 0, Adv 9.9.9.9
*Apr 9 22:48:28.415: OSPF-1 INTRA: iSPF: process all stub-routes of node 9.9.9.9, type 1, Adv 9.9.9.9
*Apr 9 22:48:28.419: OSPF-1 INTRA: Update ABR Router Route 9.9.9.9 via Ethernet2/7/10.39.39.9, metric 10, area 1
*Apr 9 22:48:28.419: OSPF-1 SPF : Added ABR path to router 9.9.9.9 via 10.39.39.9, area 1, Area SPF 9, PDB SPF 35, Type Incr
*Apr 9 22:48:28.423: OSPF-1 INTRA: iSPF: checking lost links of node 9.9.9.9, type 1, Adv 9.9.9.9
*Apr 9 22:48:28.423: OSPF-1 INTRA: iSPF: checking parent of node 10.49.49.9, type 2, Adv. Rtr 9.9.9.9
*Apr 9 22:48:28.427: OSPF-1 INTRA: iSPF - node 9.9.9
R3#.9, type 1, Adv 9.9.9.9 found as parent of node 10.49.49.9, type 2, Adv 9.9.9.9
*Apr 9 22:48:28.427: OSPF-1 INTRA: iSPF: scrubing subtree of node 10.49.49.9, type 2, Adv 9.9.9.9
*Apr 9 22:48:28.427: OSPF-1 INTRA: iSPF: crubbing node 10.49.49.9, type 2, Adv 9.9.9.9
*Apr 9 22:48:28.427: OSPF-1 INTRA: iSPF: It is a network LSA 10.49.49.9. Router Count 2
*Apr 9 22:48:28.427: OSPF-1 INTRA: iSPF - Processing router id 9.9.9.9
*Apr 9 22:48:28.427: OSPF-1 INTRA: iSPF: checking parent of node 9.9.9.9, type 1, Adv. Rtr 9.9.9.9
*Apr 9 22:48:28.427: OSPF-1 INTRA: iSPF - Processing router id 4.4.4.4
*Apr 9 22:48:28.427: OSPF-1 INTRA: iSPF: checking parent of node 4.4.4.4, type 1, Adv. Rtr 4.4.4.4
*Apr 9 22:48:28.427: OSPF-1 INTRA: iSPF: putting on the orphans node 10.49.49.9, type 2, Adv 9.9.9.9
*Apr 9 22:48:28.427: OSPF-1 INTRA: iSPF: initialising node 10.49.49.9, type 2, Adv 9.9.9.9

Graceful Restart

Sometimes the control plane of the routing protocol can fail and need to be recovered.  For instance, a supervisor fails in a dual supervisor system.    Rather than dropping all adjacency and neighbours, where the routes and packets on the data plane are both dropped, Graceful restart can assist as defined in RFC3623.  This is possible because of the separation between control and data planes.

The standards version is Graceful Restart (GR), and the Cisco implementation is called Non-Stop Forwarding (NSF).  Cisco supports both.

The router undergoing a graceful restart is said to be in GR Mode, and the DIRECTLY connected neighbours are said to be in Helper Mode where they pretend the GR mode neighbour isn’t experiencing a problem by:

  • Ignoring lack of hellos and maintaining adjacency.
  • Still advertise in LSA types 1 and 2 if needed.
  • Hold off DR election to keep the GR Mode router the DR if required

Be aware that NSF-Aware devices can ONLY be a helper, but a NSF-Capable device can be a helper or perform the GR if required.  There are some conditions to a GR:

  • The router allows data forwarding during a control plane issue.
  • The GR Mode router needs to send a type 9 Opaque LSA (Grace LSA).
  • LSA Database is stable (No Changes!)
  • All the neighbours are helpers.

Restart takes place in the grace period, which is 60 seconds by default, but is configuration up to the maximum of the LSA refresh time.  From the detail below, my router appears to be NSF-Aware only:

R1(config-router)#nsf ?
 cisco Cisco Non-stop forwarding
 ietf IETF graceful restart
R1(config-router)#nsf cisco ?
 helper helper support
R1(config-router)#nsf cisco he
R1(config-router)#nsf cisco helper ?
 disable disable helper support
 <cr>
R1(config-router)#nsf cisco helper
R1(config-router)#nsf iet
R1(config-router)#nsf ietf ?
 helper helper support
R1(config-router)#nsf ietf h
R1(config-router)#nsf ietf helper ?
 disable disable helper support
 strict-lsa-checking enable helper strict LSA checking
 <cr>
R1(config-router)#nsf ietf helper

Graceful Shutdown

Using a shutdown under the router process (or under a specific interface) will:

  • Drop all OSPF Adjacencies
  • Flush all Self-Originated LSAs
  • Send out Hellos with DR/BDR set to 0.0.0.0 to get neighbours back to init state
  • Stop sending or Receiving OSPF packets.
R1#show debug
OSPF:
 OSPF packet debugging is on
 OSPF adjacency debugging is on
 OSPF non-stop forwarding debugging is on
 OSPF hello debugging is on
 OSPF LSA generation debugging is on
 OSPF RIB (Routing Information Base) debugging is on for process 1
 OSPF Local RIB (Routing Information Base) debugging is on for process 1
 OSPF Global RIB (Routing Information Base) debugging is on for process 1
 OSPF Redistribution debugging is on for process 1
R1(config)#router ospf 1
R1(config-router)#shut
*Apr 9 22:06:49.759: OSPF-1 PAK : rcv. v:2 t:1 l:48 rid:2.2.2.2 aid:0.0.0.0 chk:BA91 aut:0 auk: from Ethernet1/7
*Apr 9 22:06:49.759: OSPF-1 HELLO Et1/7: Rcv hello from 2.2.2.2 area 0 10.0.12.2
R1(config-router)#shut
R1(config-router)#
*Apr 9 22:06:53.215: OSPF-1 HELLO Et1/0: Send hello to 224.0.0.5 area 1 from 10.0.13.1
*Apr 9 22:06:53.531: OSPF-1 HELLO Et1/7: Send hello to 224.0.0.5 area 0 from 10.0.12.1
*Apr 9 22:06:53.543: OSPF-1 PAK Et1/7: Drop packet, OSPF shut down on interface
*Apr 9 22:06:53.571: OSPF-1 HELLO Et1/1: Send hello to 224.0.0.5 area 1 from 10.0.14.1
*Apr 9 22:06:53.575: OSPF-1 HELLO Et1/0: Send hello to 224.0.0.5 area 1 from 10.0.13.1
*Apr 9 22:06:53.595: OSPF-1 PAK Et1/0: Drop packet, OSPF shut down on interface
*Apr 9 22:06:53.599: OSPF-1 PAK Et1/1: Drop packet, OSPF shut down on interface
R1(config-router)#
*Apr 9 22:06:53.603: OSPF-1 PAK Et1/1: Drop packet, OSPF shut down on interface
*Apr 9 22:06:53.611: OSPF-1 LSGEN: Flushing External LSAs
*Apr 9 22:06:53.611: OSPF-1 LSGEN: Flushing Opaque AS LSAs
*Apr 9 22:06:53.683: OSPF-1 LSGEN: Flushing Link states in area 0
*Apr 9 22:06:53.731: OSPF-1 ADJ Lo111: Interface going Down
*Apr 9 22:06:53.731: OSPF-1 ADJ Lo111: 1.1.1.1 address 11.11.11.11 is dead, state DOWN
*Apr 9 22:06:53.735: OSPF-1 ADJ Et1/7: Interface going Down
*Apr 9 22:06:53.735: OSPF-1 ADJ Et1/7: 2.2.2.2 address 10.0.12.2 is dead, state DOWN
*Apr 9 22:06:53.739: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Ethernet1/7 from FULL to DOWN, Neighbor Down: Interface down or detached
*Apr 9 22:06:53.743: OSPF-1 ADJ Et1/7: Neighbor change event
*Apr 9 22:06:53.743: OSPF-1 ADJ Et1/7: DR/BDR election
*Apr 9 22:06:53.743: OSPF-1 ADJ Et1/7: Elect BDR 1.1.1.1
*Apr 9 22:06:53.747: OSPF-1 ADJ Et1/7: Elect DR 1.1.1.1
*Apr 9 22:06:53.747: OSPF-1 ADJ
R1(config-router)# Et1/7: Elect BDR 0.0.0.0
*Apr 9 22:06:53.751: OSPF-1 ADJ Et1/7: Elect DR 1.1.1.1
*Apr 9 22:06:53.751: OSPF-1 ADJ Et1/7: DR: 1.1.1.1 (Id) BDR: none
*Apr 9 22:06:53.755: OSPF-1 LSGEN: Scheduling network LSA on Ethernet1/7
*Apr 9 22:06:53.755: OSPF-1 ADJ Et1/7: Remember old DR 2.2.2.2 (id)
*Apr 9 22:06:53.755: OSPF-1 ADJ Et1/7: 1.1.1.1 address 10.0.12.1 is dead, state DOWN
*Apr 9 22:06:53.759: OSPF-1 ADJ Et1/7: Neighbor change event
*Apr 9 22:06:53.759: OSPF-1 ADJ Et1/7: DR/BDR election
*Apr 9 22:06:53.763: OSPF-1 ADJ Et1/7: Elect BDR 0.0.0.0
*Apr 9 22:06:53.763: OSPF-1 ADJ Et1/7: Elect DR 0.0.0.0
*Apr 9 22:06:53.763: OSPF-1 ADJ Et1/7: Elect BDR 0.0.0.0
*Apr 9 22:06:53.767: OSPF-1 ADJ Et1/7: Elect DR 0.0.0.0
*Apr 9 22:06:53.767: OSPF-1 ADJ Et1/7: DR: none BDR: none
*Apr 9 22:06:53.771: OSPF-1 ADJ Et1/7: Flush network LSA immediately
*Apr 9 22:06:53.771: OSPF-1 LSGEN: Scheduling network LSA on Ethernet1/7
*Apr 9 22:06:53.775:
R1(config-router)#OSPF-1 ADJ Et1/7: Remember old DR 1.1.1.1 (id)
*Apr 9 22:06:53.775: OSPF-1 LSGEN: Flushing Link states in area 1
*Apr 9 22:06:53.811: OSPF-1 ADJ Et1/1: Interface going Down
*Apr 9 22:06:53.811: OSPF-1 ADJ Et1/1: 4.4.4.4 address 10.0.14.4 is dead, state DOWN
*Apr 9 22:06:53.815: %OSPF-5-ADJCHG: Process 1, Nbr 4.4.4.4 on Ethernet1/1 from FULL to DOWN, Neighbor Down: Interface down or detached
*Apr 9 22:06:53.815: OSPF-1 ADJ Et1/1: Neighbor change event
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/1: DR/BDR election
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/1: Elect BDR 1.1.1.1
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/1: Elect DR 1.1.1.1
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/1: Elect BDR 0.0.0.0
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/1: Elect DR 1.1.1.1
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/1: DR: 1.1.1.1 (Id) BDR: none
*Apr 9 22:06:53.819: OSPF-1 LSGEN: Scheduling network LSA on Ethernet1/1
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/1: Remember old DR 4.4.4.4 (id)
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/1: 1.1.1.1 address 10.0.14.1 is dead, state DOWN
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/1: Neighbor change event
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/1: DR/BDR election
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/1: Elect BDR 0.0.0.0
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/1: Elect DR 0.0.0.0
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/1: Elect BDR 0.0.0.0
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/1: Elect DR 0.0.0.0
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/1: DR: none BDR: none
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/1: Flush network LSA immediately
*Apr 9 22:06:53.819: OSPF-1 LSGEN: Scheduling network LSA on Ethernet1/1
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/1: Remember old DR 1.1.1.1 (id)
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/0: Interface going Down
*Apr 9 22:06:53.819: OSPF-1 ADJ
R1(config-router)# Et1/0: 3.3.3.3 address 10.0.13.3 is dead, state DOWN
*Apr 9 22:06:53.819: %OSPF-5-ADJCHG: Process 1, Nbr 3.3.3.3 on Ethernet1/0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/0: Neighbor change event
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/0: DR/BDR election
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/0: Elect BDR 1.1.1.1
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/0: Elect DR 1.1.1.1
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/0: Elect BDR 0.0.0.0
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/0: Elect DR 1.1.1.1
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/0: DR: 1.1.1.1 (Id) BDR: none
*Apr 9 22:06:53.819: OSPF-1 LSGEN: Scheduling network LSA on Ethernet1/0
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/0: Remember old DR 3.3.3.3 (id)
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/0: 1.1.1.1 address 10.0.13.1 is dead, state DOWN
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/0: Neighbor change event
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/0: DR/BDR election
*Apr
R1(config-router)# 9 22:06:53.819: OSPF-1 ADJ Et1/0: Elect BDR 0.0.0.0
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/0: Elect DR 0.0.0.0
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/0: Elect BDR 0.0.0.0
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/0: Elect DR 0.0.0.0
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/0: DR: none BDR: none
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/0: Flush network LSA immediately
*Apr 9 22:06:53.819: OSPF-1 LSGEN: Scheduling network LSA on Ethernet1/0
*Apr 9 22:06:53.819: OSPF-1 ADJ Et1/0: Remember old DR 1.1.1.1 (id)
*Apr 9 22:06:53.819: OSPF-1 LSGEN: Flushing Link states in area 2
*Apr 9 22:06:53.855: OSPF-1 LRIB : Local RIB clear
*Apr 9 22:06:53.955: %IPMCAST_RPF-4-RPF_LOOKUP_LOOP: RPF route lookup loop for 1.1.1.1
*Apr 9 22:06:54.095: OSPF-1 PAK Et1/0: Drop packet, OSPF shut down on interface
*Apr 9 22:06:54.255: OSPF-1 LSGEN: Not DR on intf Ethernet1/7 to build Net LSA
*Apr 9 22:06:54.319: OSPF-1 LSGEN: Not DR on intf Ethernet1/1 to build Net LSA
*Apr 9 22:06:54.31
R1(config-router)#9: OSPF-1 LSGEN: Not DR on intf Ethernet1/0 to build Net LSA
*Apr 9 22:06:57.411: OSPF-1 PAK Et1/1: Drop packet, OSPF shut down on interface
*Apr 9 22:06:57.459: OSPF-1 PAK Et1/0: Drop packet, OSPF shut down on interface
*Apr 9 22:06:57.467: OSPF-1 PAK Et1/7: Drop packet, OSPF shut down on interface
R1(config-router)#
*Apr 9 22:07:05.123: OSPF-1 PAK Et1/7: Drop packet, OSPF shut down on interface
R1(config-router)#
*Apr 9 22:07:08.755: OSPF-1 PAK Et1/0: Drop packet, OSPF shut down on interface
*Apr 9 22:07:09.115: OSPF-1 PAK Et1/1: Drop packet, OSPF shut down on interface
R1(config-router)#
R1#
*Apr 9 22:07:10.567: %SYS-5-CONFIG_I: Configured from console by console
R1#
*Apr 9 22:07:13.247: %LINEPROTO-5-UPDOWN: Line protocol on Interface Tunnel0, changed state to down
R1#
*Apr 9 22:07:20.351: OSPF-1 PAK Et1/7: Drop packet, OSPF shut down on interface
R1#un all
*Apr 9 22:07:24.711: OSPF-1 PAK Et1/0: Drop packet, OSPF shut down on interface
R1#un all
All possible debugging has been turned off

Cisco Security Express Exam 500-651

I was recently asked to take the Cisco Security Express SA Exam 500-651.  This had its problems pre-March 2018 where many of the questions didn’t actually make sense!  I watched the videos (which along with the blueprint represents ALL the study material!).

Here is the mind map i made from watching the videos and prior to passing the exam!  Please ignore any spelling etc errors.  It was done in a rush so obviously no warranty provided!

S,

Cisco Security Express SA Exam 500-651

 

Study Notes : OSPF Throttling

These are my notes on OSPF Throttling for CCIE study.

SPF Throttling

This is a feature to delay running the SPF process which could be useful in unstable networks or for other reasons.  It works on the basis that the router controls when to run the shortest path first algorithm, and in a network where LSA are constantly being received can reduce the burden on the router.  The default for Cisco routers are spf-start & hold of 5secs, and max is 10sec.  There are 3 variables:

spf-start: The time between receiving an LSA and rerunning SPF calculation

spf-hold: The minimum delay AFTER running SPF, before allowing another recalculation.  This values doubles each time its referenced until its more than max-wait.

spf-max-wait: this is used for both the max wait between SPF calcs, and the time to pass before the network is considered stable.

Example Below
 R4#conf t
 Enter configuration commands, one per line. End with CNTL/Z.
 R4(config)#router ospf 1

R4(config-router)#timers throttle ?
 lsa OSPF LSA throttle timers
 spf OSPF SPF throttle timers

R4(config-router)#timers throttle spf ?
 Delay between receiving a change to SPF calculation in
 milliseconds

R4(config-router)#timers throttle spf 3000 ?
 Delay between first and second SPF calculation in milliseconds

R4(config-router)#timers throttle spf 3000 10000 ?
 Maximum wait time in milliseconds for SPF calculations

R4(config-router)#timers throttle spf 3000 10000 50000

R4# show ip ospf | in SPF
 Initial SPF schedule delay 3000 msecs
 Minimum hold time between two consecutive SPFs 10000 msecs
 Maximum wait time between two consecutive SPFs 50000 msecs
 Incremental-SPF disabled
 SPF algorithm last executed 00:17:44.824 ago
 SPF algorithm executed 11 times
 SPF algorithm last executed never ago
 SPF algorithm executed 0 times

R4#debug ip ospf spf statistic
 OSPF SPF statistics debugging is on
 ###I then shut, unshut an interface within the area several times.
 R4#
 *Apr 8 22:17:04.827: OSPF-1 MON : reset throttling to 3000ms next wait-interval 10000ms
 R4#
 *Apr 8 22:17:07.827: OSPF-1 STATS: Begin SPF at 2321.288ms, process time 468ms
 *Apr 8 22:17:07.827: OSPF-1 STATS: Last spf_time 00:36:45.964, wait_interval 3000ms
 *Apr 8 22:17:07.851: OSPF-1 MON : Setting next wait-interval to 10000ms <<< Sets to hold
 *Apr 8 22:17:07.851: OSPF-1 STATS: Schedule time 00:38:41.312, Next wait_interval 10000ms

R4#
 *Apr 8 22:17:32.067: OSPF-1 STATS: Begin SPF at 2345.528ms, process time 564ms
 *Apr 8 22:17:32.067: OSPF-1 STATS: Last spf_time 00:38:54.516, wait_interval 10000ms
 *Apr 8 22:17:32.079: OSPF-1 MON : Setting next wait-interval to 20000ms <<< Sets to double current hold
 *Apr 8 22:17:32.079: OSPF-1 STATS: Schedule time 00:39:05.540, Next wait_interval 20000ms

R4#
 *Apr 8 22:17:52.079: OSPF-1 STATS: Begin SPF at 2365.540ms, process time 588ms
 *Apr 8 22:17:52.079: OSPF-1 STATS: Last spf_time 00:39:05.540, wait_interval 20000ms
 *Apr 8 22:17:52.103: OSPF-1 MON : Setting next wait-interval to 40000ms <<< Sets to double current hold
 *Apr 8 22:17:52.103: OSPF-1 STATS: Schedule time 00:39:25.564, Next wait_interval 40000ms

R4#
 *Apr 8 22:18:32.107: OSPF-1 STATS: Begin SPF at 2405.568ms, process time 664ms
 *Apr 8 22:18:32.107: OSPF-1 STATS: Last spf_time 00:39:25.568, wait_interval 40000ms
 *Apr 8 22:18:32.123: OSPF-1 MON : Setting next wait-interval to 50000ms <<< Sets to Max-Age
 *Apr 8 22:18:32.123: OSPF-1 STATS: Schedule time 00:40:05.584, Next wait_interval 50000ms

R4#
 *Apr 8 22:19:22.127: OSPF-1 STATS: Begin SPF at 2455.588ms, process time 736ms
 *Apr 8 22:19:22.127: OSPF-1 STATS: Last spf_time 00:40:05.588, wait_interval 50000ms
 *Apr 8 22:19:22.151: OSPF-1 MON : Setting next wait-interval to 50000ms
 *Apr 8 22:19:22.155: OSPF-1 STATS: Schedule time 00:40:55.616, Next wait_interval 50000ms

###I waited for the max-age to time out then shut, unshut an interface within the area.
 *Apr 8 22:22:37.767: OSPF-1 MON : reset throttling to 3000ms next wait-interval 10000ms
 R4#
 *Apr 8 22:22:40.767: OSPF-1 STATS: Begin SPF at 2654.228ms, process time 776ms
 *Apr 8 22:22:40.767: OSPF-1 STATS: Last spf_time 00:40:55.616, wait_interval 3000ms
 *Apr 8 22:22:40.795: OSPF-1 MON : Setting next wait-interval to 10000ms
 *Apr 8 22:22:40.795: OSPF-1 STATS: Schedule time 00:44:14.256, Next wait_interval 10000ms

LSA Throttling

This is a feature to delay generating the same LSA (the same being link, type and originator).  There are 3 variables and these have the same functionality as the spf timers.  Start-interval, Hold-Interval an Max-interval.  The default values for Cisco are start 0Sec, hold and max of 5Secs each.

R1(config-if)#router ospf 1
R1(config-router)#timers throttle lsa 3000 10000 50000 
R1(config-if)#do show ip ospf | in LSA 
R1#show ip ospf | in LSA
 Initial LSA throttle delay 3000 msecs
 Minimum hold time for LSA throttle 10000 msecs
 Maximum wait time for LSA throttle 50000 msecs
 Minimum LSA arrival 1000 msecs
 LSA group pacing timer 240 secs

As well as throttling outbound, the command “timers lsa arrival {msec}” which will only process the first of the same LSAs with the time specified.  It is 1000 msec by default.