Saturday, December 17, 2011

Split Horizon BIND9 DNS Setup


Lets dive into DNS awesomeness.....
  • This is Split Horizon type DNS setup which helps to maintain only one DNS server across all the zones.
  • As you can see, only DNS server present is 192.168.1.50 connected to Internal zone of firewall.
  • DNS server's port 53 UDP/TCP is allowed for all zones in firewall for resolution of IP addresses.
  • Internal clients have their own internal Apache server residing in Internal zone of firewall.
  • Internal Apache server is connected to Tomcat server within Internal zone.
  • External clients or VPN clients will be directed to DMZ Apache server for security.
  • DMZ Apache server is allowed to connect to Tomcat server at specific port number only.
  • Thus External clients will be served application data through DMZ Apache server.
  • Generally, two DNS servers i.e. DMZ DNS & Internal DNS server is required, as this reduces security risk.
  • View Clause capability in BIND9 DNS server is used to serve respective results to clients.
  • "match-clients" statement in View clause matches the query source address & related zone file is referred for answering the DNS query.
  • Separate zone files are maintained for External & Internal regions.
  • Recursion capability is only allowed for Internal clients.
  • Configuration snippet shows View clause based recursion statement, Access list based recursion restriction is also possible (Shown below in named.conf file).
  • In this kind of setup, it is highly recommended to implement DNSSEC capability into BIND9 so that client-server DNS transactions are encrypted. DNSSEC is not implemented here, it will require another post. :)
  • Bind working directory for my test setup is /var/lib/named. 
  • Zone files kept at /var/lib/named/zone.
named.conf file -
#Split Horizon DNS Setup for DMZ
#Internal IP range
acl Internal { 192.168.0.0/16; };
options {
directory "/var/lib/named";
dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats";
#Query source addresses allowed
allow-query { 127.0.0.1; 172.20.0.0/16; 192.168.0.0/16; };
#Recursion only for Internal clients
allow-recursion { Internal; localhost; };
};

logging {
channel query_logging {
file "/var/log/named_querylog"
versions 3 size 100M;
print-time yes;
};
category queries {
query_logging;
};
};

view "External" {
#match client IP address
match-clients { 172.20/16; };
zone "server.com" {
type master;
#Refer to External zone file
file "zone/master.server.com.External";
};
};

view "Internal" {
#match client IP address
match-clients { 192.168/16; };
zone "server.com" {
type master;
#Refer to Internal zone file
file "zone/master.server.com.Internal";
};
};

include "/etc/named.conf.include"

Zone files - 
master.server.com.External -
$TTL    86400 ;
$ORIGIN server.com.
@  1D  IN     SOA ns1.server.com.    pd.server.com. (
                  2009082600 ;
                  3H ;
                  15 ;
                  1w ;
                  3h ;
                 )
       IN  NS     ns1.server.com. ;
;
ns1    IN  A      192.168.1.50 ;
pd     IN  A      10.101.1.1 ; 
master.server.com.Internal -
$TTL    86400 ;
$ORIGIN server.com.
@  1D  IN     SOA ns1.server.com.    pd.server.com. (
                  2009082600 ;
                  3H ;
                  15 ;
                  1w ;
                  3h ;
                 )
       IN  NS     ns1.server.com. ;
;
ns1    IN  A      192.168.1.50 ;
pd     IN  A      192.168.1.100 ;

Thursday, November 10, 2011

Dual Hub Equal cost Load-Sharing Point-to-Multipoint Broadcast OSPF Frame Relay Network Topology


Recently I got into Frame Relay networks, so I decided to dig into details.
  • Above is the Dual Hub Frame Relay Network with Dual Hubs representing the Head Offices for the multiple Spoke locations. 
  • Spoke-Spoke communication is only possible through Hub locations. 
  • This topology is useful for implementing Access lists or Route filters at Hub locations.
  • Each spoke has Equal Cost routes to other spokes through both the Hub routers, OSPF equal cost load-sharing is performed here.
  • Packets from Spoke to Spoke locations will use different hubs according to the algorithm & ACL/Filter results at Hub locations. 
  • This topology adds overheads on to network as direct Spoke-Spoke communication is not mapped here [Requirement says so :-( ].
  • Frame Relay IP addresses are mapped to DLCI with "broadcast" capability.
  • Point-to-Multipoint Broadcast OSPF Network type is required for proper operation of the Network. 
  • Point-to-Multipoint Broadcast OSPF Networks does not require DR/BDR routers.
  • Neighbor configuration is not mandatory for P-to-M Broadcast networks, however I configured if with equal costs in OSPF process.
  • Each routers local DLCI needs to be mapped to his own IP address to make Interface IP addresses reachable in Frame Relay. 10.1.1.1 needs to be mapped to 103 with frame relay map to ensure Router R1 can ping 10.1.1.1.
  • OSPF Hello & Dead Timers are adjusted accordingly.
  • Everything is Statically Mapped, so there is no need for Inverse ARP LMI messages.
  • OSPF Router Id's are configured with routers Loopback interface IP addresses.
  • If Hub 2 loses connectivity to any spoke or any particular DLCI but maintains communication with Hub 1, all Spokes still will be able send packets to Hub 2 through Hub 1.OSPF protocol is intentionally used here for complete Network Transparency.
Hub 1 Router configuration -
(Lines omitted for brevity)

interface Serial0/0
 no ip address
 no ip directed-broadcast
 encapsulation frame-relay
 serial restart-delay 0
!
interface Serial0/0.1 multipoint
 ip address 10.1.1.1 255.255.255.0
 no ip directed-broadcast
 ip ospf network point-to-multipoint
 ip ospf hello-interval 20
 ip ospf dead-interval 40
 frame-relay map ip 10.1.1.1 103 broadcast
 frame-relay map ip 10.1.1.2 701 broadcast
 frame-relay map ip 10.1.1.3 103 broadcast
 frame-relay map ip 10.1.1.4 104 broadcast
 frame-relay map ip 10.1.1.5 105 broadcast
 frame-relay interface-dlci 103
 frame-relay interface-dlci 104
 frame-relay interface-dlci 105
 frame-relay interface-dlci 701
 no frame-relay inverse-arp
!
router ospf 1
 router-id 11.1.1.1
 network 10.1.1.0 0.0.0.255 area 0
 network 11.1.1.0 0.0.0.255 area 0
 network 103.1.1.0 0.0.0.255 area 0

Spoke 1 configuration -
(Lines omitted for brevity)

interface Serial0/0
 no ip address
 no ip directed-broadcast
 encapsulation frame-relay
 serial restart-delay 0
!
interface Serial0/0.3 multipoint
 ip address 10.1.1.3 255.255.255.0
 no ip directed-broadcast
 ip ospf network point-to-multipoint
 ip ospf hello-interval 20
 ip ospf dead-interval 40
 frame-relay map ip 10.1.1.1 301 broadcast
 frame-relay map ip 10.1.1.2 302 broadcast
 frame-relay map ip 10.1.1.3 301 broadcast
 frame-relay interface-dlci 301
 frame-relay interface-dlci 302
 no frame-relay inverse-arp
!
router ospf 1
 router-id 13.1.1.1
 network 10.1.1.0 0.0.0.255 area 0
 network 13.1.1.0 0.0.0.255 area 0
 network 100.1.1.0 0.0.0.255 area 0
 neighbor 10.1.1.2 cost 48
 neighbor 10.1.1.1 cost 48

Hub 1 Router OSPF neighbor adjacency -

Neighbor ID     Pri   State           Dead Time   Address         Interface
14.1.1.1          1   FULL/  -        00:00:29    10.1.1.4        Serial0/0.1
15.1.1.1          1   FULL/  -        00:00:25    10.1.1.5        Serial0/0.1
12.1.1.1          1   FULL/  -        00:00:24    10.1.1.2        Serial0/0.1
13.1.1.1          1   FULL/  -        00:00:25    10.1.1.3        Serial0/0.1
103.1.1.2         1   FULL/DR         00:00:30    103.1.1.2       FastEthernet1/0

Spoke 1 Router OSPF neighbor adjacency -

Neighbor ID     Pri   State           Dead Time   Address         Interface
12.1.1.1          1   FULL/  -        00:00:25    10.1.1.2        Serial0/0.3
11.1.1.1          1   FULL/  -        00:00:24    10.1.1.1        Serial0/0.3
100.1.1.2         1   FULL/DR         00:00:34    100.1.1.2       FastEthernet1/0

Equal Cost Load Sharing for Spoke to Spoke communication -

R3#sh ip route 101.1.1.0
Routing entry for 101.1.1.0/24
  Known via "ospf 1", distance 110, metric 97, type intra area
  Redistributing via ospf 1
  Last update from 10.1.1.2 on Serial0/0.3, 00:07:05 ago
  Routing Descriptor Blocks:
  * 10.1.1.1, from 101.1.1.2, 00:07:05 ago, via Serial0/0.3
      Route metric is 97, traffic share count is 1
    10.1.1.2, from 101.1.1.2, 00:07:05 ago, via Serial0/0.3
      Route metric is 97, traffic share count is 1

Happy Networking.

Thursday, October 20, 2011

Vmware ESXi 5.0 Hypervisor LACP (802.3ad) bonding with Enterasys Devices

Yo, back again. Busy schedule kept me from blogging. Anyway recently I got into a situation to do LACP 
(Link Aggregation 802.3ad) bonding with Vmware ESXi 5.0 Hypervisor & Enterasys N-Series devices. This is quite tricky as Hypervisor will not support active LACP frames. Normal Procedure for Linux & Enterasys LACP static bonding is not going to work here. Algorithm used for LACP in Enterasys devices is DIP-SIP (Destination IP-Source IP). More details on LACP Algorithms can be found in my earlier post.

LACP/Etherchannel Algorithms & Linux Bonding Modes 

Click on the image for original resolution

   
Steps Involved -
  • Select both the Network cards as Vmware 5.0 ESXi Cards at the time of ESXi Installation.
  • After Installation, from Vsphere Client make the Load balancing algorithm changes as per the screenshot below.
  • Enterasys employs DIP-SIP LACP algorithm.
  • Load Balancing has to be on IP based only for Enterasys to support. (This means Load balancing will be done on basis of IP addresses of Sending/Receiving Clients).
  • Shift the Network cards from Standby Adapters to Active Adapters to utilize it for Load balancing.
  • Failover group will contain standby adapters which will takeover on failure of Active adapters with same properties as Active Adapters.
  • vSwitch Configuration screenshot
  •  Enterasys involves following configurations
    • Active LACP will not work as LACP has to be negotiated forcefully.
    • Lets say interested ports are ge.3.1 & ge.3.2.
    • Commands are as follows 
set port lacp port ge.3.1 aadminkey 108
set port lacp port ge.3.2 aadminkey 108
set port lacp port ge.3.1 padminkey 108
set port lacp port ge.3.2 padminkey 108
clear port lacp port ge.3.1 aadminstate lacpactive
clear port lacp port ge.3.2 aadminstate lacpactive
set port lacp port ge.3.1 padminstate lacpagg
set port lacp port ge.3.2 padminstate lacpagg
set port lacp port ge.3.1 disable
set port lacp port ge.3.2 disable
    • Enterasys has a nifty feature to auto-configure static  LACP.
    • LACP auto-configuration commands with auto-generated aadminkey is as follows.
set lacp static lag.0.12 ge.3.1
set lacp static lag.0.12 ge.3.1
    • Enterasys will issue above commands automatically. (aadminkey is taken from lag.0.12 i.e 12 in auto-configuration).
    • Now lag group lag.0.12 will reflect the aggregated port capacity as 2Gbps.

Thursday, September 1, 2011

EIGRP over GRE Point-to-Multipoint DMVPN with IPSec


Hi Guys, Back again to bust one more topology. Lets look into DMVPN (Dynamic Multipoint VPN) technology with IPSec encryption which is useful when we want to connect multiple branch office to a head office using VPN. Now either we can go for Hub-Spoke static VPN where head office is Hub and branch offices are spokes. In this case, branch office can only communicate to head office, communication to other branch office will be through head office connection. Other case would be to have Spoke-Spoke so that branch offices can form dynamic tunnels with each other. Hub-Spoke & Spoke-Spoke topology definitely saves bandwidth as compared to the Spoke-Hub-Spoke topology. But there is a need of NHRP (Next Hop Routing Protocol) for Spoke-Spoke communication to work. I will explain more about this a later in the post.

Above is the typical scenario for implementation of DMVPN where we want to span our Internal Routing region over the WAN connection to the branch offices with Encryption for security. Lets list some important considerations related to topology.
  • EIGRP 510 with 52.1.1.0/24 network is the head office network. 
  • Router R8 is the gateway for all the traffic in head office. 
  • Router R1 is acting as DMVPN router for head office connected to ISP router R6. 
  • Router R1 is running routing processes for both EIGRP 510 & EIGRP 1000.
  • EIGRP 510 & EIGRP 1000 in Router R1 are redistributed completely. (Please read this post if you are unclear about Route Redistribution)
  • Default route for R1 is 11.1.1.2.
  • Router R1 has IPSec crypto configuration with pre-share authentication.
  • Router R1 is configured with tunnel interface 10.0.0.1. More on this in next section.
  • ISP region is configured with three routers running EIGRP protocol. It is just to realize the WAN connection to branch offices.
  • Similarly Branch office 2 is with 54.1.1.0/24 network with R2 as the DMVPN router. 
  • Router R2 runs both EIGRP 1000 & EIGRP 530 routing processes which are completely redistributed.
  • Branch Office 1 is with 53.1.1.0/24 network. R3 router is DMVPN router for Branch office 1.
  • Router R3 runs both EIGRP 1000 & EIGRP 520 routing processes completely redistributed.
  • Router R2 & R3 is configured with tunnel interface IP addresses 10.0.0.3 & 10.0.0.2 respectively.
  • ISP region sees all Internal IP traffic packets as ESP (Encapsulated Security Payload) packets.
  • EIGRP 1000 routing messages are encapsulated over GRE (Generic Routing Encapsulation) protocol.
  • Tunnels at the DMVPN routers are protected using IPSec profiles.

 Layered diagram :



Now lets look into the configuration part of topology.

Hub Section :

Lets look into Router R1 configurations

Encryption/Authentication configuration :
crypto isakmp policy 1
 encr aes
 authentication pre-share
crypto isakmp key awesome address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set awesomeset esp-aes esp-sha-hmac
!
crypto ipsec profile awesomeprofile
 set transform-set awesomeset

First we need to setup the ISAKMP (Internet Security Association Key Management Protocol). This protocol is needed to set the key exchange formats, SA (Security Associations) format. Encryption is AES (Advance Encryption System), authentication mode is pre-share. Key used is "awesome" for all the connections as this is DMVPN configuration. IPSec SA is based on Encryption algorithm, Authentication algorithm & the shared session key.
Transform set statement provides authentication mechanism along with data compression mode to be used.
Then IPSec profile is created with "awesomeset" transform set. Later we can use this profile at different stages for enforcing IPSec policy.

Tunnel configuration :
interface Tunnel0
  ip address 10.0.0.1 255.255.255.0
  no ip redirects
  no ip next-hop-self eigrp 1000
  ip nhrp map multicast dynamic
  ip nhrp network-id 1
  no ip split-horizon eigrp 1000
  tunnel source 11.1.1.1
  tunnel mode gre multipoint
  tunnel protection ipsec profile awesomeprofile

Tunnel interface is configured with 10.0.0.0/24 network. First lets analyze the NHRP (Next Hop Resolution Protocol) protocol. NHRP is layer-2 protocol used for address resolution. It is used by branch routers connected to NBMA (Non Broadcast Multi-Access) networks to determine the IP address of another branch router. 

Note - Do not consider tunnel interface IP as the actual IP address traversing in the IP Packet Header. Consider it as the Tunnel pipe on the same router where packets destined to tunnel network enters and gets mapped to actual networks. Receiving router does exactly the mirror image operation of this.

Packets destined to 10.0.0.0/24 network from R8 goes through R1 tunnel interface where NHRP protocol maps the next hop tunnel interface IP address to actual interface IP of next hop DMVPN router. To elaborate this, R8 router sees the 53.1.1.0/24 network at Branch Office 1 location at 10.0.0.0/24 network through redistribution, R8 forwards packet to R1 router. R1 router has NHRP table maintained for mapping the next hop tunnel interface IP address 10.0.0.2 to 13.1.1.2 actual IP address.

Lets summarize it again,
  • Router R8 sees 53.1.1.0/24 network through 10.0.0.2 (EIGRP 1000 Network) IP address. 
  • Route Redistribution at router R1 helps to learn the routes in the EIGRP 1000 network. 
  • R1 router maps the 10.0.0.2 address to NBMA Address 13.1.1.2. 
  • To reach 13.1.1.2 R1 forwards its packet to default route 11.1.1.2. 
  • Then it is routed through ISP network to reach 13.1.1.2. 
  • Router R3 again maps it according to the NHRP table.
  • At last, Route Redistribution at router R3 helps to learn routes in the EIGRP 520 network.

Moving on, tunnel source statement specifies the out interface for the tunnel. GRE (Generic Routing Encapsulation) protocol is used to carry the routing related information such as multicast messages over the WAN to the branch offices. EIGRP 1000 area is spanned over multiple areas. Here GRE is configured in multipoint mode. Tunnel protection is applied to encrypt all the traffic (IP and Non-IP) going out on WAN.

As I have already discussed, NHRP protocol provides a mapping between inside and outside interface IP addresses of a tunnel. These mapping can be static or dynamic. NHS (Next Hop Server) is used in case of Dynamic. Statement at R1 for nhrp map multicast provides dynamic multicast mapping for NHRP protocol.
NHRP network id is 1 here. "ip nhrp map multicast dynamic" statement automatically adds routers to multicast NHRP mappings. Multicast dynamic mapping is also required when branch end router initiates the connection with GRE. Dynamic routing protocols such as IGP protocols which sends multicast messages also requires multicast mapping.

EIGRP Split Horizon and Next-Hop-Self configuration :

For dynamic routing protocols, certain configuration needs to be done to enable the Spoke-to-Spoke communication in DMVPN.

Note - Routing protocols use IP Multicast to discover other routers participating in routing process. Static map is configured on the branch routers R3 & R2 pointing towards public address of the head office router which is configured for multicast dynamic map. This allows only branch-head to exchange the broadcast information to each other. Spokes does not receive broadcasts from each other.

no ip split-horizon eigrp 1000
This statement allows the DMVPN routers to advertise the routes received again on the same subnet. Generally this operation is prevented by split-horizon.

no ip next-hop-self eigrp 1000
This statement prevents advertising DMVPN routers as Next-Hop to be itself. It must contain original next hop router for Spoke-to-Spoke to work. By default every EIGRP hub advertises IP Next-Hop value to be itself. After applying this statement EIGRP uses the received Next-Hop value when advertising the routes.

Routing configuration :
router eigrp 1000
  redistribute eigrp 510 metric 56000 10 255 255 1500
  network 10.0.0.0 0.0.0.255
  auto-summary
!
router eigrp 510
  redistribute eigrp 1000 metric 56000 10 255 255 1500
  network 52.1.1.0 0.0.0.255
  auto-summary
!
ip route 0.0.0.0 0.0.0.0 11.1.1.2

EIGRP 510 and EIGRP 1000 are redistributed. Default route is 11.1.1.2

Spoke section :

Now lets look into Router R3 for branch router configuration

IPSec configuration is same as that of hub router.

Tunnel configuration :

interface Tunnel0
  ip address 10.0.0.2 255.255.255.0
  no ip redirects
  no ip next-hop-self eigrp 1000
  ip nhrp map 10.0.0.1 11.1.1.1
  ip nhrp map multicast 11.1.1.1
  ip nhrp network-id 1
  ip nhrp nhs 10.0.0.1
  no ip split-horizon eigrp 1000
  tunnel source 13.1.1.2
  tunnel mode gre multipoint
  tunnel protection ipsec profile awesomeprofile

NHRP is mapped to tunnel interface of the hub followed by the corresponding NBMA address. Multicast is mapped to NBMA address of hub router to forward all the routing messages through tunnel. NHS (Next Hop Server) is pointed towards the tunnel interface IP address of the hub router. Rest of the statements are pretty much same to hub router.

Router configuration :
router eigrp 1000
  redistribute eigrp 520 metric 56000 10 255 255 1500
  network 10.0.0.0 0.0.0.255
  auto-summary
!
router eigrp 520
  redistribute eigrp 1000 metric 56000 10 255 255 1500
  network 53.1.1.0 0.0.0.255
  auto-summary
!
ip route 0.0.0.0 0.0.0.0 13.1.1.1

EIGRP 1000 and EIGRP 520 are redistributed. Default route is 13.1.1.1

Router R2 has the similar configuration like router R3.

Spoke-to-Spoke Dynamic tunnel formation :

Check on R3 for flags "D-Dynamic" & "S-Static" using "sh dmvpn" command. If Spoke-to-Spoke entry is not present then try to ping spoke and then check again. Spoke-Spoke dynamic tunnel will form. IPSec crypto can be checked using "sh crypto isakmp sa".

Some interesting packet capture snapshots :

Tunnel formation at Router R1 for both spoke routers :


Spoke-Spoke dynamic tunnel formation :


This is really cool topology & this got my routing abstraction level concepts cleared.
Thats it guys, I will explore more about IPSec in upcoming posts.
Happy Networking. Do write me regarding any suggestions or problems.

All routers configurations with packet captures can be downloaded here.

Tuesday, August 16, 2011

Switching performance concepts

Today, Lets look into some basic Switching terminologies which helps us to determine Switching performance.

Wire-speed/Line-rate Performance in Ethernet
Wire-speed/Line-rate is physical layer bit rate speed. Ethernet Network as standard has some definite performance (data-xfer). As an example of Gigabit Ethernet, the maximum raw data–transfer rate is 1 billion bits per second in each direction i.e. transmit & receive (full duplex communication). This translates to 125,000,000 bytes per second (1billion bits/sec/ 8 as 8 bits= 1 byte).

Now we must consider the Interpacket Gap (IPG), It is needed as its purpose is to give Ethernet devices time to prepare for the reception of the next frame. The minimum inter-packet gap is 96 bit times, which is basically 96 nanoseconds (ns) for Gigabit Ethernet. One need to add 7-byte pre-amble & single byte start of the frame de-limiter for each frame .These all add to 20-byte idle time between transmissions of two frames on wire.

Hence the maximum amount of 64-byte frames that can be transmitted each second on Gigabit Ethernet link is 125,000000/(64+20)= 1488095 or 1.488 Mpps (million packets per second). This is wire speed performance for Gigabit Ethernet. Similarly for fast Ethernet (10/100) its 0 .1488095 Mpps (or 148810 pps) & for Ethernet i.e. 10 Mbps its 14880 pps.

Switching Throughput
It is maximum wire-speed that can be achieved in one direction. For Gigabit Ethernet switching throughput will be 1 Gigabit/s for transmit or receive.

Switching Fabric
Switching Fabric is calculated on Full-Duplex data amounts.The fabric refers to the overall amount of traffic that can be handled at any moment.Take a 24-port switch, for example. If your ports are rated for 1 Gigabit full-duplex, you can't necessarily have them all running at their limits at once depending upon the Network load, or maybe you can under extensive network load. Some connections will be quiet while others are active. That's the expectation, and that's how it works out in practice. So the switch capacities are generally oversubscribed. The Fabric Capacity basically defines the overall limit or capacity for the device -- how many of the connections can be running full speed at once and still get all the packets handled without queuing. On a smaller (8-port or 16-port) switch, it might not be as important, but as you move to 24-port, 48-port and larger switches, you can imagine that this is something you want to look at carefully if you expect a high volume of demanding network traffic.

What is Non-Blocking Switch Fabric?
In Non-blocking switch, the switch fabric capacity is greater than or equal to the theoretical total/max port capacity of switch.

Lets take an example,
1) Suppose a switch has 24 port of 10/100/1000 speed & 4  ports of combo SFP (Gigabit), total of 24 ports => 24 x 10/100/1000 =>  24 Gbps (Half duplex) => 48 Gbps (Full duplex)
So the theoretical value of switch frame handling capacity will be 48 Gbps without queuing of any data.

2) Suppose a switch has 24 port of 10/100 speed + 2 ports of SFP (Gigabit) + 2 Port of 10/100/1000 for
stack/uplink purpose
Lets do some more math :)
24 x 10/100 => 2400 Mbps or 2.4 Gbps (Half duplex) => 4.8 Gbps (Full duplex)
2 x 10/10/1000 => 2 Gbps (Half duplex) => 4 Gbps (Full duplex)
2 X 1000Mbps SFP => 2 Gbps (Half duplex) => 4 Gbps (Full Duplex)
Total  => 12.8 Gbps (Full Duplex)
Hence if the switch fabric capacity of this switch is 12.8 Gbps then it will be able to handle all the Ethernet traffic at wire-speed in non-blocking fashion, i.e. without queuing of any data. However, if the switch fabric capacity or in some cases back-plane capacity is less, then  its oversubscribed. Generally Entry-level switches are oversubscribed considering the normal standard utilization. Practically it is rare for all the connected systems to transmit/receive at full throughput speed at same instance. Core level Layer-3 switches may come across this situations under high load.

Forwarding Bandwidth
Some Network gear provides Forwarding Bandwidth. This is speed only for Bytes Sent OUT or Bytes received IN, only one at a time. So if switch has 12.8 Gbps of Switching fabric (In Non-blocking Mode) then the Forwarding Bandwidth will be 6.4 Gbps transmit or receive.

Idea behind this post is contributed by my friend & avid Networker Nikhil Bhavsar.
>> Nikhil Bhavsar's Linkedin profile

Thursday, July 21, 2011

Route Redistribution & Metrics in EIGRP-OSPF with ASBR & ABR Routers

Here is one more topology I busted, Route Redistribution in EIGRP-OSPF with routers playing different ASBR/ABR roles. This involves 10 Router configurations. Basically, In Route redistribution we are allowing one routing process to distribute his own routes into another routing process with different metrics & parameters. This also includes Route-Mapping which I will cover in another topology. So if a router has EIGRP & OSPF procotol running, then "redistribute ospf <<process id>>" statement in EIGRP router plane will allow the OSPF routes to be distributed into respective EIGRP zone. However you have to take care of metrics & AD phenomena at the time of redistribution. Both protocols follow different type of metric sets. Auto-Summary is needed by EIGRP in this topology.



Notes - 
  • Router R3 & R10 are connecting OSPF & EIGRP protocols. Think of this like two Companies have a merger with one running EIGRP & Other OSPF in backbone.
  • R5 & R6 are in OSPF area 0 with R5 as ABR.
  • Routes are redistributed into each of the Router planes.
  • Routers in EIGRP region sees all external routes as EIGRP  External. "sh ip route" shows it as D EX flag.
  • Routers in OSPF region sees all external EIGRP routes as OSPF external 2 routes. "sh ip route" shows it as O E2 flag.
  • Routers in OSPF region sees all external OSPF routes as OSPF Inter-area. "sh ip route" shows it as O IA Flag
  • Redistributed Routes into OSPF are E2 type by default. Remember complete end to end cost is not reflected when route is detected as E2. E1 i.e. External Type 1 reflects total end to end cost of the route. This can be done using "metric-type 1" at the time of redistribution of protocols into OSPF routing process. Here Routes E2 type.
  • R10 connects EIGRP AS130 with OSPF Area 20. Redistribution of OSPF Area 20 routes into  EIGRP AS 130 follows different metrics. EIGRP protocol works with K values so at the time of redistribution of routes following metrics are required
      • Bandwidth
      • Delay in milliseconds
      • Reliability
      • Line Load
      • MTU
  • I have used standard metrics for Redistributing OSPF routes into EIGRP "56000 10 255 255 1500" in all routers except for R10 Router. Keeping same metrics while redistributing EIGRP AS120 into EIGRP AS130 & redistributing OSPF Area 20 into EIGRP AS130 causes routing black-hole. R12 finds two paths to go for the desired network with equal cost. Hence to avoid this while redistributing OSPF into EIGRP at R10 metrics used are "56000 12 255 255 1500". Notice the Delay value present 12 ms delay result in EIGRP choosing low delay 10 ms link over this route. Hence R12 chooses 61.1.1.2 interface to route to external networks. 102.1.1.2 is only chosen in case of very near networks in OSPF Area 20 region.
  • If 61.1.1.0 network goes down then 102.1.1.0 network will be used for all the routing.
  • Cloud interfaces bridged with Oracle Virtual Box Interfaces are connected to Microcore Linux to verify the network. SW2 with VLAN 4 & 2 connected to Microcore.
All the Router configurations can be downloaded from here


Happy Networking!

Thursday, July 7, 2011

First Hop Redundancy Protocols Part 3 - Object tracked GLBP Load balancing with OSPF routing

GLBP(Gateway Load Balancing Protocol) helps us to achieve load balancing with fault tolerance. In HSRP/VRRP there is only one Active/Master router. In GLBP highly flexible network can be configured with the help of AVG(Actual Virtual Gateway) & AVF(Actual Virtual Forwarder) planes.

  • In same GLBP group, there is only one AVG. 
  • Same GLBP group can have multiple AVF. Two AVF's are default.
  • Key point in working of GLBP is, only AVG replies to ARP requests of the clients. Every AVF is configured with virtual MAC address, AVG router in GLBP group sends MAC addresses to clients. Load-balancing is achieved by replying with different ARP replies.
  • AVG is elected on the basis of priority configured. Backup AVG remains in standby mode and responds if primary AVG fails. 
  • Load balancing & redundancy is achieved by AVF. Active & Backup AVG has two AVF's  independently. Every AVF has its own Virtual MAC address assigned by AVG.
  • AVF's are always in active state with respect to each other. Higher weight AVF will be in active state while other one is in Listen state. So Active AVG router can have Forwarder 1 in Listen state & Forwarder 2 in Active state, Standby AVG can have Forwarder 1 in Active state & Forwarder 2 in Listen state. Active AVG will distribute the MAC addresses to ARP queries depending upon the Load balancing algorithm configured.
  • AVF can be changed to Listen state if the weight goes below the threshold. Then this AVF will stop forwarding traffic & active AVG will not advertise these virtual MAC address.
  • In current scenario, both the GLBP groups are tracking s0/0 interfaces. If s0/0 goes down the priority decreases by value of 10. The weight set is 200 with threshold of 191. So as soon as the s0/0 interface goes down weight becomes 190, which is below configured threshold. This will overthrow the respective AVF. That AVF will go into Listen state and stops forwarding.
  • For GLBP group 20, R1 is Active AVG with priority 125.
  • For GLBP group 21. R4 is Active AVG with priority 125.
  • Cross links have more OSPF interface cost. Preferred links are R1 s0/0 - R3 s0/0 from Host 1 to Host 2 and R4 s0/0 to R2 s0/0 from Host 2 to Host 1.
  • Active AVG is aware of all AVF's states present in Active AVG as well as Standby AVG.
  • Observe the "sh glbp" output when R1 s0/0 goes down. Weight goes down by 10, i.e. 190. This causes the AVF's to go into Listen state. Both Active AVF's are in Standby AVG router R2 (192.168.56.251). 
  • Normal operation (no link or router down)
    • GLBP group 20 - 192.168.56.252
      • Active AVG - R1
      • Standby AVG - R2
      • Active AVF's - R1 Forwarder 1, R2 Forwarder 2
    • GLBP group 21 - 192.168.57.252
      • Active AVG - R4
      • Standby AVG - R3
      • Active AVF's - R4 Forwarder 1, R3 Forwarder 2
  • For example, Lets say if R1 s0/0 goes down, then
    • GLBP group 20 - 192.168.56.252
      • Active AVG - R1
      • Standby AVG - R2
      • Active AVF's - R2 Forwarder 1, R2 Forwarder 2
  • Active AVG priority is manually specified, it does not depend upon Weight. Preemption is enabled too overthrow lower priority routers.
Router Configurations - 

R1 - 
---------------------------------------------------------------------------------------------------------------------------------
track 1 interface Serial0/0 ip routing
!
!
interface Loopback1
 ip address 199.199.199.199 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.56.250 255.255.255.0
 duplex auto
 speed auto
 glbp 20 ip 192.168.56.252
 glbp 20 priority 125
 glbp 20 preempt
 glbp 20 weighting 200 lower 191
 glbp 20 authentication text ninja
 glbp 20 weighting track 1 decrement 10
!
interface Serial0/0
 ip address 11.1.1.1 255.255.255.0
 ip ospf network point-to-point
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 ip address 12.1.1.1 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 80
!
router ospf 1
 log-adjacency-changes
 network 11.1.1.0 0.0.0.255 area 0
 network 12.1.1.0 0.0.0.255 area 0
 network 192.168.56.0 0.0.0.255 area 0

R2 -
---------------------------------------------------------------------------------------------------------------------------------
track 1 interface Serial0/0 ip routing
!
!
interface Loopback1
 ip address 198.198.198.198 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.56.251 255.255.255.0
 duplex auto
 speed auto
 glbp 20 ip 192.168.56.252
 glbp 20 priority 120
 glbp 20 preempt
 glbp 20 weighting 200 lower 191
 glbp 20 authentication text ninja
 glbp 20 weighting track 1 decrement 10
!
interface Serial0/0
 ip address 14.1.1.1 255.255.255.0
 ip ospf network point-to-point
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 ip address 13.1.1.1 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 80
!
router ospf 1
 log-adjacency-changes
 network 13.1.1.0 0.0.0.255 area 0
 network 14.1.1.0 0.0.0.255 area 0
 network 192.168.56.0 0.0.0.255 area 0

R3 - 
---------------------------------------------------------------------------------------------------------------------------------
track 1 interface Serial0/0 ip routing
!
!
interface Loopback1
 ip address 195.195.195.195 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.57.250 255.255.255.0
 duplex auto
 speed auto
 glbp 21 ip 192.168.57.252
 glbp 21 priority 120
 glbp 21 preempt
 glbp 21 weighting 200 lower 191
 glbp 21 authentication text ninja
 glbp 21 weighting track 1 decrement 10
!
interface Serial0/0
 ip address 11.1.1.2 255.255.255.0
 ip ospf network point-to-point
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 ip address 13.1.1.2 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 80
!
router ospf 1
 log-adjacency-changes
 network 11.1.1.0 0.0.0.255 area 0
 network 13.1.1.0 0.0.0.255 area 0
 network 192.168.57.0 0.0.0.255 area 0

R4 -
---------------------------------------------------------------------------------------------------------------------------------
track 1 interface Serial0/0 ip routing
!
!
interface Loopback1
 ip address 191.191.191.191 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.57.251 255.255.255.0
 duplex auto
 speed auto
 glbp 21 ip 192.168.57.252
 glbp 21 priority 125
 glbp 21 preempt
 glbp 21 weighting 200 lower 191
 glbp 21 authentication text ninja
 glbp 21 weighting track 1 decrement 10
!
interface Serial0/0
 ip address 14.1.1.2 255.255.255.0
 ip ospf network point-to-point
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 ip address 12.1.1.2 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 80
!
router ospf 1
 log-adjacency-changes
 network 12.1.1.0 0.0.0.255 area 0
 network 14.1.1.0 0.0.0.255 area 0
 network 192.168.57.0 0.0.0.255 area 0

Normal Operation R1 output - 
---------------------------------------------------------------------------------------------------------------------------------
R1#sh glbp
FastEthernet0/0 - Group 20
  State is Active
    2 state changes, last state change 00:06:50
  Virtual IP address is 192.168.56.252
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 2.220 secs
  Redirect time 600 sec, forwarder time-out 14400 sec
  Preemption enabled, min delay 0 sec
  Active is local
  Standby is 192.168.56.251, priority 120 (expires in 9.276 sec)
  Priority 125 (configured)
  Weighting 200 (configured 200), thresholds: lower 191, upper 200
    Track object 1 state Up decrement 10
  Load balancing: round-robin
  There are 2 forwarders (1 active)
  Forwarder 1
    State is Active
      1 state change, last state change 00:06:40
    MAC address is 0007.b400.1401 (default)
    Owner ID is c801.1034.0000
    Redirection enabled
    Preemption enabled, min delay 30 sec
    Active is local, weighting 200
  Forwarder 2
    State is Listen
    MAC address is 0007.b400.1402 (learnt)
    Owner ID is c802.1034.0000
    Redirection enabled, 598.528 sec remaining (maximum 600 sec)
    Time to live: 14398.312 sec (maximum 14400 sec)
    Preemption enabled, min delay 30 sec
    Active is 192.168.56.251 (primary), weighting 200 (expires in 7.884 sec)

R1 output with R1 s0/0 down -
---------------------------------------------------------------------------------------------------------------------------------
R1#sh glbp
FastEthernet0/0 - Group 20
  State is Active
    2 state changes, last state change 00:08:54
  Virtual IP address is 192.168.56.252
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.368 secs
  Redirect time 600 sec, forwarder time-out 14400 sec
  Preemption enabled, min delay 0 sec
  Active is local
  Standby is 192.168.56.251, priority 120 (expires in 8.396 sec)
  Priority 125 (configured)
  Weighting 190, low (configured 200), thresholds: lower 191, upper 200
    Track object 1 state Down decrement 10
  Load balancing: round-robin
  There are 2 forwarders (0 active)
  Forwarder 1
    State is Listen
      2 state changes, last state change 00:00:10
    MAC address is 0007.b400.1401 (default)
    Owner ID is c801.1034.0000
    Redirection enabled
    Preemption enabled, min delay 30 sec
    Active is 192.168.56.251 (secondary), weighting 200 (expires in 8.396 sec)
  Forwarder 2
    State is Listen
    MAC address is 0007.b400.1402 (learnt)
    Owner ID is c802.1034.0000
    Redirection enabled, 599.108 sec remaining (maximum 600 sec)
    Time to live: 14398.904 sec (maximum 14400 sec)
    Preemption enabled, min delay 30 sec
    Active is 192.168.56.251 (primary), weighting 200 (expires in 8.448 sec)
R1#

So GLBP provides more control over the Network than HSRP/VRRP. Happy Networking.

First Hop Redundancy Protocols Part 2 - VRRP Gateway redundancy with static cost based Shortest path OSPF routing

After HSRP priority tracker implementation, here is VRRP (Virtual Router Redundancy Protocol) implementation. VRRP is Open-standard protocol. VRRP has Master & Backup routers with same overthrow capability as in HSRP. Master & Backup can be decided on basis of priority. Interface tracking can be enabled in supporting devices. I am not using Interface tracking here. VRRP is generally used for Router redundancy with High-end router as Master followed by Mid-level router as fail-over to sustain traffic for Master maintenance period.

I have implemented OSPF(Open Shortest Path First) here to demonstrate fast convergence of OSPF protocol.OSPF network configured is point-to-point network as no boundary router is present here. Complete OSPF area is backbone area i.e. Area 0. This scenario typically represents Multihoming WAN corporate networks to increase network resiliency. I am using single area OSPF configuration as in regard to achieve VRRP. I will post Multi-area OSPF configuration of Stub & Not-so-Stub area (NSSA) in upcoming articles. VRRP does not use UDP as communication protocol, it uses IP at 112 port. VRRP uses multicast address 224.0.0.18. Only one router remains in "Master" state, rest of the configured routers remain in "Backup" state. Remember HSRP & VRRP are not Load-balancing protocols, they do not distribute connections on basis of MAC addresses or IP addresses or in Round-robin. GLBP does load-balancing.


Master Routers R1 & R3 are implemented typically with high end capability to support faster processing and convergence, whereas Backup Routers R3 & R4 are mid-range routers to handle traffic only till primary comes up after maintenance. Virtualbox Microcore Linux Virtual Machines interfaces are bridged with Cloud interfaces. Different port shut & Router failure scenarios are tested to observe the behavior. OSPF is a Link-state routing protocol. I also observed that for the same architecture EIGRP protocol took more time for convergence & route propagation. EIGRP uses Distance-Vector routing Algorithm.
  • In OSPF serial link has default cost of 64. OSPF interface cost can be set to prioritize the outbound interface for packet.
  • If the Interface on which VRRP is configured goes down, then VRRP goes into "Init" state & will no longer become "Master". "Backup" router next in priority then becomes "Master".
  • Backup router will only become Master if 
    • Master router fails & goes down
    • VRRP interface on Master router goes down
  • VRRP Virtual IP will always point to Master routers interface IP, even though no outbound interface is present to reach destination network. OSPF protocol is required to take care of this preventing blackhole situation.
  • Packets will be routed through best possible low cost interfaces, so combination of Master Routers with low cost links will be computed.
  • Route selection process happens fast in OSPF providing better performance.
  • OSPF can also send traffic from Master router (say R1) to Backup router (say R2) directly if the best possible low cost path is present.
  • As there is no BDR present here, point-to-point OSPF network type is needed to be configured to share route information's.
  • Serial Interfaces only are configured in Point-to-Point configuration. 
  • VRRP facing interfaces are in broadcast mode providing BDR status 
Routing changes - 
-----------------------------------------------------------------------------------------------------------------------------------------
Shut Interfaces                                         Master Routers        Host 1 to Host 2                Host 2 to Host 1     
-----------------------------------------------------------------------------------------------------------------------------------------
R3 f0/0                                                             R1,R4            SW1-R1-R2-R4-SW2          SW2-R4-R2-SW1                
R3 f0/0, R1 s0/1                                              R1,R4            SW1-R1-R2-R4-SW2          SW2-R4-R2-SW1                      
R3 f0/0, R1 s0/1,R3 s0/1                                R1,R4            SW1-R1-R2-R4-SW2          SW2-R4-R2-SW1              
R3 f0/0, R1 s0/1,R3 s0/1, R1 s0/0                R1,R4             SW1-R1-R2-R4-SW2          SW2-R4-R2-SW1                  
R3 f0/0, R1 s0/1,R3 s0/1, R1 s0/0, R1 f0/0  R2,R4             SW1-R2-R4-SW2                SW2-R4-R2-SW1            
R1 s0/0, R2 s0/0                                             R1,R3             SW1-R1-R4-SW2                SW2-R3-R2-SW1               


Router Configurations - 
R1 - 
-----------------------------------------------------------------------------------------------------------------------------------------
interface Loopback1
ip address 199.199.199.199 255.255.255.255
!
interface FastEthernet0/0
ip address 192.168.56.250 255.255.255.0
duplex auto
speed auto
vrrp 20 ip 192.168.56.252
vrrp 20 timers advertise 5
vrrp 20 priority 125
vrrp 20 authentication text ninja
!
interface Serial0/0
ip address 11.1.1.1 255.255.255.0
ip ospf network point-to-point
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
ip address 12.1.1.1 255.255.255.0
ip ospf network point-to-point
ip ospf cost 80
!
router ospf 1
log-adjacency-changes
network 11.1.1.0 0.0.0.255 area 0
network 12.1.1.0 0.0.0.255 area 0
network 192.168.56.0 0.0.0.255 area 0

R2 - 
-----------------------------------------------------------------------------------------------------------------------------------------
interface Loopback1                                               
 ip address 198.198.198.198 255.255.255.255                       
!                                                                  
interface FastEthernet0/0                                          
 ip address 192.168.56.251 255.255.255.0                             
 duplex auto                                                         
 speed auto                                                        
 vrrp 20 ip 192.168.56.252                                           
 vrrp 20 timers learn                                              
 vrrp 20 priority 120                                              
 vrrp 20 authentication text ninja                                   
!                                                                  
interface Serial0/0                                                
 ip address 14.1.1.1 255.255.255.0                                   
 ip ospf network point-to-point                                    
!                                                                  
interface FastEthernet0/1                                          
 no ip address                                                          
 shutdown                                                          
 duplex auto                                                          
 speed auto                                                        
!                                                                  
interface Serial0/1                                                
 ip address 13.1.1.1 255.255.255.0                                   
 ip ospf network point-to-point                                    
 ip ospf cost 80                                                   
!                                                                  
router ospf 1                                                      
 log-adjacency-changes                                                
 network 13.1.1.0 0.0.0.255 area 0                                                  
 network 14.1.1.0 0.0.0.255 area 0                                   
 network 192.168.56.0 0.0.0.255 area 0                               

R3 - 
-----------------------------------------------------------------------------------------------------------------------------------------
interface Loopback1                                                
 ip address 195.195.195.195 255.255.255.255                        
!                                                                  
interface FastEthernet0/0                                          
 ip address 192.168.57.250 255.255.255.0                            
 duplex auto                                                         
 speed auto                                                       
 vrrp 21 ip 192.168.57.252                                        
 vrrp 21 timers advertise 5                                        
 vrrp 21 priority 125                                              
 vrrp 21 authentication text ninja                                   
!                                                                  
interface Serial0/0                                                
 ip address 11.1.1.2 255.255.255.0                                    
 ip ospf network point-to-point                                    
!                                                                  
interface FastEthernet0/1                                          
 no ip address                                                        
 shutdown                                                          
 duplex auto                                                        
 speed auto                                                        
!                                                                  
interface Serial0/1                                                
 ip address 13.1.1.2 255.255.255.0                                    
 ip ospf network point-to-point                                    
 ip ospf cost 80                                                        
!                                                                 
router ospf 1                                                     
 log-adjacency-changes                                               
 network 11.1.1.0 0.0.0.255 area 0                                 
 network 13.1.1.0 0.0.0.255 area 0                                   
 network 192.168.57.0 0.0.0.255 area 0                             


R4 -
-----------------------------------------------------------------------------------------------------------------------------------------
interface Loopback1                                               
 ip address 191.191.191.191 255.255.255.255
!
interface FastEthernet0/0
 ip address 192.168.57.251 255.255.255.0
 duplex auto
 speed auto
 vrrp 21 ip 192.168.57.252
 vrrp 21 timers learn
 vrrp 21 priority 120
 vrrp 21 authentication text ninja
!
interface Serial0/0
 ip address 14.1.1.2 255.255.255.0
 ip ospf network point-to-point
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/1
 ip address 12.1.1.2 255.255.255.0
 ip ospf network point-to-point
 ip ospf cost 80
!
router ospf 1
 log-adjacency-changes
 network 12.1.1.0 0.0.0.255 area 0
 network 14.1.1.0 0.0.0.255 area 0
 network 192.168.57.0 0.0.0.255 area 0

OSPF Interface output on R1 - 
-----------------------------------------------------------------------------------------------------------------------------------------
R1#sh ip ospf int
FastEthernet0/0 is up, line protocol is up
  Internet Address 192.168.56.250/24, Area 0
  Process ID 1, Router ID 199.199.199.199, Network Type BROADCAST, Cost: 1
  Transmit Delay is 1 sec, State DR, Priority 1
  Designated Router (ID) 199.199.199.199, Interface address 192.168.56.250
  Backup Designated router (ID) 198.198.198.198, Interface address 192.168.56.251
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40
    Hello due in 00:00:07
  Index 3/3, flood queue length 0
  Next 0x0(0)/0x0(0)
  Last flood scan length is 1, maximum is 1
  Last flood scan time is 4 msec, maximum is 4 msec
  Neighbor Count is 1, Adjacent neighbor count is 1
    Adjacent with neighbor 198.198.198.198  (Backup Designated Router)
  Suppress hello for 0 neighbor(s)
Serial0/1 is up, line protocol is up
  Internet Address 12.1.1.1/24, Area 0
  Process ID 1, Router ID 199.199.199.199, Network Type POINT_TO_POINT, Cost: 80
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    oob-resync timeout 40                                            
    Hello due in 00:00:00                                            
  Index 2/2, flood queue length 0                                    
  Next 0x0(0)/0x0(0)                                                               
  Last flood scan length is 1, maximum is 1                          
  Last flood scan time is 0 msec, maximum is 4 msec                  
  Neighbor Count is 1, Adjacent neighbor count is 1                  
    Adjacent with neighbor 191.191.191.191                                     
  Suppress hello for 0 neighbor(s)                                               
Serial0/0 is up, line protocol is up                                           
  Internet Address 11.1.1.1/24, Area 0                                            
  Process ID 1, Router ID 199.199.199.199, Network Type                           POINT_TO_POINT, Cost: 64                                                        
  Transmit Delay is 1 sec, State POINT_TO_POINT,                                
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5                                                                    
    oob-resync timeout 40                                            
    Hello due in 00:00:02                                            
  Index 1/1, flood queue length 0                                    
  Next 0x0(0)/0x0(0)                                                           
  Last flood scan length is 1, maximum is 1                          
  Last flood scan time is 4 msec, maximum is 4 msec                  
  Neighbor Count is 1, Adjacent neighbor count is 1                  
    Adjacent with neighbor 195.195.195.195                                  
  Suppress hello for 0 neighbor(s)                                            
R1#                                                               


OSPF Neighbor information for R1 - 
-----------------------------------------------------------------------------------------------------------------------------------------
R1#sh ip ospf neighbor                                                                
Neighbor ID    Pri State   Dead Time Address         Interface                 
198.198.198.198 1  FULL/BDR 00:00:38 192.168.56.251  FastEthernet0/0 
191.191.191.191 0  FULL/  - 00:00:30 12.1.1.2        Serial0/1                   
195.195.195.195 0  FULL/  - 00:00:34 11.1.1.2        Serial0/0                    
R1#                                                                  

BDR - Backup designated Router, this is due to the Broadcast Network type for the R1 f0/0 interface present. From the First line in neighbor information, R2 f0/0 interface will become Designated router if current designated router has problem or fails. R2 f0/0 has IP address 192.168.56.251 which is backup VRRP IP address present in VRRP group 20. Rest of the Serial links are Point-to-Point.
That's it guys, Njoy Networking.