|
|
Cisco's dial-on-demand routing (DDR) feature allows you to use existing telephone lines to form a wide-area network (WAN). While using existing telephone lines, you can analyze traffic patterns to determine whether the installation of leased lines is appropriate. DDR provides significant cost savings over leased lines for links that are utilized for only a few hours each day or that experience low traffic flow.
DDR over serial lines requires the use of dialing devices that support V.25bis. V.25bis is an International Telecommunication Union Telecommunication (ITU-T) Standardization Sector standard for in-band signaling to bit synchronous data communications equipment (DCE) devices. A variety of devices support V.25bis, including analog V.32 modems, ISDN terminal adapters, and inverse multiplexers. Cisco's implementation of V.25bis supports devices that use the 1984 version of V.25bis (which requires the use of odd parity), as well as devices that use the 1988 version of V.25bis (which does not use parity).
This case study describes the use of DDR to connect a worldwide network that consists of a central site located in San Francisco and remote sites located in Tokyo, Singapore, and Hong Kong. The following scenarios and configuration file examples are described:
Figure 15-1 shows the topology of the DDR network that is the subject of this case study.
For the initial configuration, the San Francisco central site is configured to have one interface per remote site.
In the following configuration, the central site places the calls with a separate interface configured for each remote site. There is no support for answering calls in this configuration.
interface serial 5 description DDR connection to Hong Kong ip address 128.10.200.66 255.255.255.192 dialer in-band dialer wait-for-carrier-time 60 dialer string 0118527351625 pulse-time 1 dialer-group 1 ! interface serial 6 description DDR connection to Singapore ip address 128.10.202.66 255.255.255.192 dialer in-band dialer wait-for-carrier-time 60 dialer string 011653367085 pulse-time 1 dialer-group 1 ! interface serial 7 description DDR connection to Tokyo ip address 128.10.204.66 255.255.255.192 dialer in-band dialer wait-for-carrier-time 60 dialer string 0118127351625 pulse-time 1 dialer-group 1 ! router igrp 1 network 128.10.0.0 redistribute static ! route to Hong Kong ip route 128.10.200.0 255.255.255.192 128.10.200.65 ! route to Singapore ip route 128.10.202.0 255.255.255.192 128.10.202.65 ! route to Tokyo ip route 128.10.204.0 255.255.255.192 128.10.204.65 access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 dialer-list 1 list 101
The configuration of the individual interfaces and Internet Protocol (IP) addresses is straightforward. The IP address for each interface is provided. The example uses a 6-bit host portion in IP addresses. The dialer in-band command enables DDR and V.25bis dialing on the interface. V.25bis is a ITU-T standard for in-band signaling to bit synchronous DCE devices. A variety of devices support V.25bis, ranging from analog V.32 modems to ISDN terminal adapters to inverse multiplexers.
The dialer wait-for-carrier-time command is set to 60 seconds. When using V.25bis, the router does not parse any responses it receives from the DCE. Instead, the router depends on the modem's Carrier Detect (CD) signal to indicate that a call has been connected. If the modem's CD signal is not activated before the time allotted with the dialer wait-for-carrier-time command, the router assumes that the call has failed and disconnects the line. Because the calls are international, and thus take longer to connect than local calls, the wait for carrier time is set to 60 seconds. Even for local calls, analog modems can take 20 to 30 seconds to synchronize to each other, including the time to dial and answer.
The dialer string command identifies the telephone number of the targeted destination. Because the central site is calling only a single destination, this dialer string is the simplest possible configuration. The pulse-time command specifies how long Data Terminal Ready (DTR) is held inactive. When using DDR and V.25bis modems, the router disconnects calls by deactivating DTR. This command is automatically inserted into the configuration when the dialer in-band command is entered.
The dialer-group command is used to identify each interface with a dialer list set. The dialer-list command associates each interface with access lists that determine which packets are "interesting" versus "uninteresting" for an interface. For details on access lists and dialer lists, see the "Access List Configuration" section that follows.
The Interior Gateway Routing Protocol (IGRP) is used to route traffic on the network. The first two commands in the routing section of the configuration file are router igrp and network. These define the IGRP number and the network over which IGRP runs.
The redistribute command causes the static route information (defined with the ip route commands shown in the configuration example) to be sent to other routers in the same IGRP area. Without this command, other routers connected to the central site will not have routes to the remote routers. The three static routes define the subnets on the Ethernet backbone of the remote routers. DDR tends to use static routes extensively because routing updates are not received when the dial-up connection is not active.
The last section of the configuration file provides the access lists that DDR uses to classify "interesting" and "uninteresting" packets. Interesting packets are packets that pass the restrictions of the access lists. These packets either initiate a call (if one is not already in progress) or reset the idle timer if a call is in progress. Uninteresting packets are transmitted if the link is active, but dropped if the link is not active. Uninteresting packets do not initiate calls or reset the idle timer. Access list 101 provides the following filters:
Except for the IP address and the default route, each of the remote sites is configured identically as an answer-only site. The following example lists Hong Kong's configuration:
interface serial 1 description interface to answer calls from San Francisco ip address 128.10.200.65 255.255.255.192 dialer in-band ! ip route 0.0.0.0 0.0.0.0 128.10.200.66
The answering site will not disconnect the call. It is up to the calling site to disconnect the call when the line is idle. In this case, the answering site is using static routing. The default route points to the serial interface at the central site.
It is possible to use a single interface to call multiple destinations, such as a site in Hong Kong and a site in Paris, France. Because of the time differences, these sites would never need to be connected at the same time. Therefore, a single interface could be used for both sites without the possibility of contention for the interface and without the cost of dedicating a serial port and modem to each destination.
In the following configuration, the central site places the calls. A single interface is configured to call multiple remote sites. There is no support for answering calls in this configuration.
interface serial 5 description DDR connection to Hong Kong and Singapore ip address 128.10.200.66 255.255.255.192 ip address 128.10.202.66 255.255.255.192 secondary dialer in-band dialer wait-for-carrier-time 60 ! map Hong Kong to a phone number dialer map ip 128.10.200.65 0118527351625 ! map Singapore to a phone number dialer map ip 128.10.202.65 011653367085 pulse-time 1 dialer-group 1 ! router igrp 1 network 128.10.0.0 passive-interface serial 5 redistribute static ! route to Hong Kong ip route 128.10.200.0 255.255.255.192 128.10.200.65 ! route to Singapore ip route 128.10.202.0 255.255.255.192 128.10.202.65 ! access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 dialer-list 1 list 101
The configuration of the interface in this example is slightly more complicated than the configuration described in the "Configuring One Interface Per Remote Site" section. In addition to the original IP address, there is a secondary IP address configured for serial interface 5 because the Singapore and Hong Kong offices are on different subnets.
The dialer in-band, dialer wait-for-carrier-time, pulse-time, and dialer-group commands are used in the same manner as described previously in the "Configuring One Interface Per Remote Site" section. However, the previous dialer string command has been removed and replaced with two dialer map commands.
The IP static routes define the next hops used in the dialer map commands. When a packet is received for a host on network 128.10.200.0, it is routed to a next hop address of 128.10.200.65. This route goes out serial interface 5. DDR uses the next hop address to obtain the telephone number of the destination router.
The use of dialer map commands provides an additional level of filtering. When a packet is received for a host on network 128.10.200.0, it is routed to a next hop address of 128.10.200.65. This route goes out serial interface 5. The packet is compared to the access lists. If the packet is deemed "interesting," the packet's next hop address is compared to the dialer map commands defined for that interface. If a match is found, the interface is checked to determine whether it is connected to the telephone number for that next hop address. If the interface is not connected, a call is placed to the telephone number. If the interface is currently connected to that number, the idle timer is reset. If the interface is connected to another number (from another dialer map command), the fast-idle timer is started due to contention for the interface. If there is no match of the next hop address to any of the dialer maps and there is no dialer string defined (which matches all next hop addresses), the packet is dropped.
This additional layer of filtering for the next hop address causes problems for broadcast packets such as routing updates. Because a broadcast packet is transmitted with a next hop address of the broadcast address, the check against the dialer map commands will fail. If you want broadcast packets transmitted to telephone numbers defined by dialer map commands, additional dialer map commands must specify the broadcast address as the next hop address with the same telephone number. For example, you might add the following dialer map commands:
dialer map ip 255.255.255.255 0118527351625 dialer map ip 255.255.255.255 011653367085
If the interface is currently connected to one of these telephone numbers, and if it receives an IGRP broadcast packet, that packet will now be transmitted because it matches a dialer map command to an already connected telephone number. (If the connection is already established, both "interesting" and "uninteresting" packets are sent.) If a connection is not already established, adding the dialer map commands will not cause an IGRP packet sent to the broadcast address to cause dialing because the access lists determine that the IGRP packet is uninteresting.
Except for the IP address and the default route, each of the remote sites is configured identically as an answer-only site. The following example illustrates the Hong Kong configuration:
interface serial 1 description interface to answer calls from San Francisco ip address 128.10.200.65 255.255.255.192 dialer in-band ! ip route 0.0.0.0 0.0.0.0 128.10.200.66
The answering site will not disconnect the call. It is up to the calling site to disconnect the call when the line is idle. A default route is defined back to the central site.
The following configuration defines dialer rotary groups on the central site router:
interface dialer 1 description rotary group for Hong Kong, Tokyo, and Singapore ip address 128.10.200.66 255.255.255.192 ip address 128.10.202.66 255.255.255.192 secondary ip address 128.10.204.66 255.255.255.192 secondary dialer in-band dialer wait-for-carrier-time 60 ! map Hong Kong to a phone number dialer map ip 128.10.200.65 0118527351625 ! map Singapore to a phone number dialer map ip 128.10.202.65 011653367085 ! map Tokyo to a phone number dialer map ip 128.10.204.65 0118127351625 pulse-time 1 dialer-group 1 ! interface serial 5 dialer rotary-group 1 ! interface serial 6 dialer rotary-group 1 ! router igrp 1 network 128.10.0.0 passive-interface dialer 1 redistribute static ! ! route to Hong Kong ip route 128.10.200.0 255.255.255.192 128.10.200.65 ! route to Singapore ip route 128.10.202.0 255.255.255.192 128.10.202.65 ! route to Tokyo ip route 128.10.204.0 255.255.255.192 128.10.204.65 ! access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 dialer-list 1 list 101
Specifying a dialer interface is the first step in defining a dialer rotary group. While a dialer interface is not a physical interface, all of the configuration commands that can be specified for a physical interface can be used for a dialer interface. For example, the commands listed under the interface dialer command are identical to those used for physical serial interface 5 as described in the "Configuring a Single Interface for Multiple Remote Sites" section. Also, an additional dialer map command has been added to map the next hop address for Tokyo to the telephone number.
The dialer rotary-group command places physical serial interface 5 and serial interface 6 in the rotary group. Either of these interfaces can be used to dial any of the destinations defined by the interface dialer command.
As mentioned earlier, when you look at the configuration on the router using the write terminal command, the configuration may look slightly different from your input. For example, the pulse-time command associated with the dialer interface will appear with all of the serial interfaces that were added with the dialer rotary-group command. Certain configuration information associated with the dialer interface is propagated to all of the interfaces that are in the rotary group.
The routing section of this configuration has not changed from the example in the "Configuring a Single Interface for Multiple Remote Sites" section. But if you were to examine the routing table for one of the remote networks using the show ip route command (for example, show ip route 128.10.200.0), you would see that the output interface for packets sent to this subnet is interface dialer 1. The actual physical interface over which the packet will be transmitted is not determined until the DDR steps described in the following paragraph are performed.
Before a packet is sent out the dialer interface, DDR checks to determine whether the packet is "interesting" or "uninteresting." DDR then checks the dialer map. Next, all of the physical interfaces in the rotary group are checked to determine whether they are connected to the telephone number. If an appropriate interface is found, the packet is sent out that physical interface. If an interface is not found and the packet is deemed interesting, the rotary group is scanned for an available physical interface. The first available interface found is used to place a call to the telephone number.
This configuration uses the same access lists as the example in the "Configuring a Single Interface for Multiple Remote Sites" section. A default route is defined back to the central site.
Except for the IP address and the default route, each of the remote sites is configured identically as an answer-only site. The following example illustrates the Hong Kong configuration:
interface serial 1 description interface to answer calls from San Francisco ip address 128.10.200.65 255.255.255.192 dialer in-band ! ip route 0.0.0.0 0.0.0.0 128.10.200.66
The answering site will not disconnect the call. It is up to the calling site to disconnect the call when the line is idle.
It is often more convenient to have the remote sites call the central site as its users require, instead of depending on the central site to poll the remote sites. This section provides the following configuration examples in which both the central site and the remote sites are placing calls:
In order to support dial-in and dial-out for both the central and remote sites using one interface per remote site, each remote site must call in on the specific central site interface that has the dialer string corresponding to the respective remote site telephone number.
In the following example, the central San Francisco site is configured to place and answer calls. One interface is configured per remote site.
interface serial 5 description DDR connection to Hong Kong ip address 128.10.200.66 255.255.255.192 dialer in-band dialer wait-for-carrier-time 60 dialer string 0118527351625 pulse-time 1 dialer-group 1 ! interface serial 6 description DDR connection to Singapore ip address 128.10.202.66 255.255.255.192 dialer in-band dialer wait-for-carrier-time 60 dialer string 011653367085 pulse-time 1 dialer-group 1 ! interface serial 7 description DDR connection to Tokyo ip address 128.10.204.66 255.255.255.192 dialer in-band dialer wait-for-carrier-time 60 dialer string 0118127351625 pulse-time 1 dialer-group 1 ! router igrp 1 network 128.10.0.0 redistribute static ! ! route to Hong Kong ip route 128.10.200.0 255.255.255.192 128.10.200.65 ! route to Singapore ip route 128.10.202.0 255.255.255.192 128.10.202.65 ! route to Tokyo ip route 128.10.204.0 255.255.255.192 128.10.204.65 ! access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 dialer-list 1 list 101
All of the remote configurations are similar. Each defines a default route back to the central site and a dialer string that contains the telephone number of the central site.
interface serial 1 description DDR connection to San Francisco ip address 128.10.200.65 255.255.255.192 dialer in-band dialer wait-for-carrier-time 60 dialer string 14155551212 pulse-time 1 dialer-group 1 ! router igrp 1 network 128.10.0.0 ! ip route 128.10.0.0 255.255.0.0 128.10.200.66 ! access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 dialer-list 1 list 101
In the following example, the remote Singapore site is configured to place and answer calls. The Singapore configuration file contains a dialer string of 14155551213, which should call serial interface 6 in San Francisco.
interface serial 1 description DDR connection to San Francisco ip address 128.10.202.65 255.255.255.192 dialer in-band dialer wait-for-carrier-time 60 dialer string 14155551213 pulse-time 1 dialer-group 1 ! router igrp 1 network 128.10.0.0 ! ip route 128.10.0.0 255.255.0.0 128.10.202.66 ! access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 dialer-list 1 list 101
In the following example, the remote Tokyo site is configured to place and answer calls. The Tokyo configuration file contains a dialer string of 14155551214, which should call serial interface 7 in San Francisco.
interface serial 1 description DDR connection to San Francisco ip address 128.10.204.65 255.255.255.192 dialer in-band dialer wait-for-carrier-time 60 dialer string 14155551214 pulse-time 1 dialer-group 1 router igrp 1 network 128.10.0.0 ! ip route 128.10.0.0 255.255.0.0 128.10.204.66 ! access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 dialer-list 1 list 101
Because all incoming calls are assumed to be from the telephone number configured with the dialer string command, it is important to configure the central and remote sites correctly. For example, if the Singapore dialer string uses the telephone number that Hong Kong uses to call the central site, packets from the central site intended for Hong Kong would be sent to Singapore whenever Singapore called in because Singapore called in using the Hong Kong interface.
When multiple sites are calling into a central site, an authentication mechanism must be used unless that central site has one interface dedicated to each incoming call. Without the authentication mechanism, the central site router has no way of identifying the sites to which it is currently connected and cannot ensure that additional calls are not made. Point-to-Point Protocol (PPP) encapsulation with CHAP or Password Authentication Protocol (PAP) provides the mechanism to identify the calling party.
In the following example, the central San Francisco site is configured to place and answer calls. A single interface is configured for multiple remote sites.
hostname SanFrancisco interface serial 5 description DDR connection to Hong Kong and Singapore ip address 128.10.200.66 255.255.255.192 ip address 128.10.202.66 255.255.255.192 secondary encapsulation ppp ppp authentication chap dialer in-band dialer wait-for-carrier-time 60 dialer map ip 128.10.200.65 name HongKong 0118527351625 dialer map ip 128.10.202.65 name Singapore 011653367085 pulse-time 1 dialer-group 1 ! router igrp 1 network 128.10.0.0 passive-interface serial 5 redistribute static ! ! route to Hong Kong ip route 128.10.200.0 255.255.255.192 128.10.200.65 ! route to Singapore ip route 128.10.202.0 255.255.255.192 128.10.202.65 access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 dialer-list 1 list 101 ! username HongKong password password1 username Singapore password password2
The command encapsulation ppp enables PPP encapsulation. The command ppp authentication chap enables CHAP authentication. In addition, username commands are entered for each of the remote sites that place calls. The username command defines the name of the remote router and a password to be associated with that router. When ppp authentication chap is configured, authentication must be verified or else network traffic will not be transmitted.
The dialer map command contains the host name of the remote router. This associates the remote router with a next hop address and a telephone number. When a packet is received for a host on network 128.10.200.0, it is routed to a next hop address of 128.10.200.65 via serial interface 5. The packet is compared to the access lists and then the packet's next hop address is compared to the dialer map commands for serial interface 5.
If the packet is "interesting" and a connection to the number in the dialer map command is already active on the interface, the idle timer is reset. If a match is found, DDR checks the interface to determine whether it is connected to the telephone number for the next hop address. The comparison to the telephone number is useful only if the router placed the call or if the telephone number was received via calling party ID on an ISDN router. With CHAP and the name keyword included in the dialer map command, both the telephone number and the name for a given next hop address are compared to the names of the routers already connected. In this way, calls to destinations to which connections are already established can be avoided.
In the following configuration examples, the remote sites are configured to place and receive calls to or from a single interface at the central site.
The following configuration allows Hong Kong to place and receive calls to and from the central site in San Francisco:
hostname HongKong interface serial 1 description DDR connection to SanFrancisco ip address 128.10.200.65 255.255.255.192 encapsulation ppp dialer in-band dialer wait-for-carrier-time 60 dialer string 14155551212 pulse-time 1 dialer-group 1 ! router igrp 1 network 128.10.0.0 ! ip route 128.10.0.0 255.255.0.0 128.10.200.66 ! access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 dialer-list 1 list 101 ! username SanFrancisco password password1
The following configuration allows Singapore to place and receive calls to and from the central site in San Francisco:
hostname Singapore interface serial 1 description DDR connection to San Francisco ip address 128.10.202.65 255.255.255.192 encapsulation ppp dialer in-band dialer wait-for-carrier-time 60 dialer string 14155551212 pulse-time 1 dialer-group 1 ! router igrp 1 network 128.10.0.0 ip route 128.10.0.0 255.255.0.0 128.10.202.66 ! access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 dialer-list 1 list 101 ! username SanFrancisco password password2
Unlike the central site, the remote sites do not contain the ppp authentication chap command. This is because only one site, the central site, is calling in to the remote sites. If only one site is calling in, DDR assumes the call is from the number defined with the dialer string command; therefore, the command ppp authentication chap is not required.
Also, the remote sites have a username entry for the San Francisco router, and the San Francisco router contains the username passwords for Singapore and Hong Kong.
The configurations in this section are similar to the examples provided in the earlier "Configuring a Single Interface for Multiple Remote Sites" section. The encapsulation is set to PPP and CHAP authentication is required.
The following example configures the central site router to dial in and dial out on multiple interfaces to multiple remote sites:
hostname SanFrancisco interface dialer 1 description rotary group for Hong Kong, Tokyo, and Singapore ip address 128.10.200.66 255.255.255.192 ip address 128.10.202.66 255.255.255.192 secondary ip address 128.10.204.66 255.255.255.192 secondary encapsulation ppp ppp authentication chap dialer in-band dialer wait-for-carrier-time 60 dialer map ip 128.10.200.65 name HongKong 0118527351625 dialer map ip 128.10.202.65 name Singapore 011653367085 dialer map ip 128.10.204.65 name Tokyo 0118127351625 pulse-time 1 dialer-group 1 ! interface serial 5 dialer rotary-group 1 ! interface serial 6 dialer rotary-group 1 ! router igrp 1 network 128.10.0.0 passive-interface dialer 1 redistribute static ! route to Hong Kong ip route 128.10.200.0 255.255.255.192 128.10.200.65 ! route to Singapore ip route 128.10.202.0 255.255.255.192 128.10.202.65 ! route to Tokyo ip route 128.10.204.0 255.255.255.192 128.10.204.65 ! access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 dialer-list 1 list 101 ! username HongKong password password1 username Singapore password password2 username Tokyo password password3
In the following configuration examples, the remote sites are configured to place and receive calls to or from multiple interfaces at the central site. All of the remote sites dial the same telephone number. At the San Francisco site, that single telephone number will connect to either serial
interface 5 or serial interface 6. This capability is provided by the telephone service provider.
The following configuration allows Hong Kong to place and receive calls to and from the central site in San Francisco:
hostname HongKong interface serial 1 description DDR connection to SanFrancisco ip address 128.10.200.65 255.255.255.192 encapsulation ppp dialer in-band dialer wait-for-carrier-time 60 dialer string 14155551212 pulse-time 1 dialer-group 1 router igrp 1 network 128.10.0.0 ip route 128.10.0.0 255.255.0.0 128.10.200.66 ! access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 dialer-list 1 list 101 ! username SanFrancisco password password1
The following configuration allows Singapore to place and receive calls to and from the central site in San Francisco:
hostname Singapore interface serial 1 description DDR connection to San Francisco ip address 128.10.202.65 255.255.255.192 encapsulation ppp dialer in-band dialer wait-for-carrier-time 60 dialer string 14155551212 pulse-time 1 dialer-group 1 router igrp 1 network 128.10.0.0 ip route 128.10.0.0 255.255.0.0 128.10.202.66 ! access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 dialer-list 1 list 101 ! username SanFrancisco password password2
The following configuration allows Tokyo to place and receive calls to and from the central site in San Francisco:
hostname Tokyo interface serial 1 description DDR connection to San Francisco ip address 128.10.204.65 255.255.255.192 encapsulation ppp dialer in-band dialer wait-for-carrier-time 60 dialer string 14155551212 pulse-time 1 dialer-group 1 router igrp 1 network 128.10.0.0 ip route 128.10.0.0 255.255.0.0 128.10.204.66 ! access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 dialer-list 1 list 101 ! username SanFrancisco password password3
Also, each remote site has a username SanFrancisco entry containing the same password that the central San Francisco site uses to identify the remote site.
A common configuration is to have the remote sites place calls to the central site, which does not dial out.
In a "star" topology, all the remote routers can have their serial interfaces on the same subnet as the central site serial interface. (See Figure 15-2.)
The following example configures the central site router to accept dial-ins on multiple interfaces:
hostname SanFrancisco interface dialer 1 description rotary group for inbound calls ip address 128.10.200.66 255.255.255.192 encapsulation ppp ppp authentication chap dialer in-band dialer wait-for-carrier-time 60 dialer map ip 128.10.200.67 name HongKong dialer map ip 128.10.200.68 name Singapore dialer map ip 128.10.200.69 name Tokyo pulse-time 1 dialer-group 1 ! interface serial 5 dialer rotary-group 1 ! interface serial 6 dialer rotary-group 1 ! router igrp 1 network 128.10.0.0 passive-interface dialer 1 redistribute static ! route to Hong Kong ip route 128.10.201.0 255.255.255.192 128.10.200.67 ! route to Singapore ip route 128.10.202.0 255.255.255.192 128.10.200.68 ! route to Tokyo ip route 128.10.204.0 255.255.255.192 128.10.200.69 ! access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 dialer-list 1 list 101 ! username HongKong password password1 username Singapore password password2 username Tokyo password password3
In the following configurations, the remote sites are configured to place calls to multiple interfaces at the central site. The assumption here is that a single telephone number on the central site will get any one of two possible inbound serial interfaces (serial interface 5 or serial interface 6).
The following configuration allows Hong Kong to place calls to the central site in San Francisco:
hostname HongKong interface ethernet 0 ip address 128.10.201.1 255.255.255.192 interface serial 1 description DDR connection to SanFrancisco ip address 128.10.200.67 255.255.255.192 encapsulation ppp dialer in-band dialer wait-for-carrier-time 60 dialer string 14155551212 pulse-time 1 dialer-group 1 router igrp 1 network 128.10.0.0 ip route 128.10.0.0 255.255.0.0 128.10.200.66 ! access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 dialer-list 1 list 101 ! username SanFrancisco password password1
The following configuration allows Singapore to place calls to the central site in San Francisco:
hostname Singapore interface ethernet 0 ip address 128.10.202.1 255.255.255.192 interface serial 1 description DDR connection to San Francisco ip address 128.10.200.68 255.255.255.192 encapsulation ppp dialer in-band dialer wait-for-carrier-time 60 dialer string 14155551212 pulse-time 1 dialer-group 1 router igrp 1 network 128.10.0.0 ip route 128.10.0.0 255.255.0.0 128.10.200.66 ! access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 dialer-list 1 list 101 ! username SanFrancisco password password2
The following configuration allows Tokyo to place calls to the central site in San Francisco:
hostname Tokyo interface ethernet 0 ip address 128.10.204.1 255.255.255.192 interface serial 1 description DDR connection to San Francisco ip address 128.10.200.69 255.255.255.192 encapsulation ppp dialer in-band dialer wait-for-carrier-time 60 dialer string 14155551212 pulse-time 1 dialer-group 1 router igrp 1 network 128.10.0.0 ip route 128.10.0.0 255.255.0.0 128.10.200.66 ! access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 dialer-list 1 list 101 ! username SanFrancisco password password3
DDR allows you to quickly enable a WAN connection through the use of existing analog telephone lines. Also, DDR provides cost savings because the line is used on an as-needed basis, whereas a leased line is paid for when the line is not in use. However, there are times when a leased line may provide benefits.
Figure 15-3 shows that there can be a point (when a connection needs to be maintained for more than a certain number of hours per day) at which a DDR link no longer has cost savings, and a leased line may be more cost effective. Additionally, DDR links have a variable cost. It is difficult to predict what a DDR link may cost per month, given that users can initiate traffic at any time.
With leased lines, you can still continue to use dial-up lines as a backup by using either of the following methods:
The following example outlines a configuration of a central site using leased lines for primary connectivity and DDR for backup:
interface serial 1 description Leased connection to Hong Kong ip address 128.10.200.66 255.255.255.192 ! interface serial 2 description leased connection to Singapore ip address 128.10.202.66 255.255.255.192 ! interface serial 5 description backup DDR connection to Hong Kong ip address 128.10.200.130 255.255.255.192 dialer in-band dialer wait-for-carrier-time 60 dialer string 0118527351625 pulse-time 1 dialer-group 1 ! interface serial 6 description backup DDR connection to Singapore ip address 128.10.202.130 255.255.255.192 dialer in-band dialer wait-for-carrier-time 60 dialer string 011653367085 pulse-time 1 dialer-group 1 ! interface serial 7 description DDR connection to Tokyo ip address 128.10.204.66 255.255.255.192 dialer in-band dialer wait-for-carrier-time 60 dialer string 0118127351625 pulse-time 1 dialer-group 1 ! router igrp 1 network 128.10.0.0 redistribute static ! ! route to Hong Kong with administrative distance ip route 128.10.200.0 255.255.255.192 128.10.200.129 150 ! route to Singapore with administrative distance ip route 128.10.202.0 255.255.255.192 128.10.202.129 150 ! route to Tokyo ip route 128.10.204.0 255.255.255.192 128.10.204.65 ! access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 dialer-list 1 list 101
Serial interfaces 1 and 2 are used as leased lines to Hong Kong and Singapore. Serial interface 5 backs up serial interface 1; serial interface 6 backs up serial interface 2; and serial interface 7 is used for DDR to Tokyo.
Each remote sites has a leased line as a primary link and a DDR line as a backup. For example:
interface serial 0 description leased line from San Francisco ip address 128.10.200.65 255.255.255.192 ! interface serial 1 description interface to answer backup calls from San Francisco ip address 128.10.200.129 255.255.255.192 dialer in-band ! router igrp 1 network 128.10.0.0 ! route back to San Francisco with administrative distance ip route 128.10.0.0 255.255.0.0 128.10.200.130 150
The first serial interface is the leased line, whereas the second answers calls from the central site in case the central site needs to use DDR as a backup method.
The central site configuration requires a large number of serial ports because each primary port has its own backup. For true redundancy, backup is a requirement. But in many cases, an interface or a set of interfaces can be shared as backup for a set of primary lines. The following configuration shows how to set up a single interface to back up all of the primary lines:
interface serial 1 description Leased connection to Hong Kong ip address 128.10.200.66 255.255.255.192 ! interface serial 2 description leased connection to Singapore ip address 128.10.202.66 255.255.255.192 ! interface serial 5 description backup DDR connection for all destinations except Tokyo ip address 128.10.200.130 255.255.255.192 ip address 128.10.202.130 255.255.255.192 secondary dialer in-band dialer wait-for-carrier-time 60 ! map Hong Kong to a phone number dialer map ip 128.10.200.129 0118527351625 ! map Singapore to a phone number dialer map ip 128.10.202.129 011653367085 pulse-time 1 dialer-group 1 ! interface serial 7 description DDR connection to Tokyo ip address 128.10.204.66 255.255.255.192 dialer in-band dialer wait-for-carrier-time 60 dialer string 0118127351625 pulse-time 1 dialer-group 1 ! router igrp 1 network 128.10.0.0 passive-interface serial 5 redistribute static ! ! route to Hong Kong with administrative distance ip route 128.10.200.0 255.255.255.192 128.10.200.129 150 ! route to Singapore with administrative distance ip route 128.10.202.0 255.255.255.192 128.10.202.129 150 ! route to Tokyo ip route 128.10.204.0 255.255.255.192 128.10.204.65 ! access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 dialer-list 1 list 101
Serial interface 5 is the DDR backup interface for all destinations and is configured with multiple IP addresses for routing. The dialer map commands map the next hop addresses to the telephone numbers for each of the destinations. If a dynamic route is lost, the floating static route takes over. The next hop address sends the packets to serial interface 5, where the dialer map commands place the telephone call.
If two primary lines fail at the same time, there will be contention to use serial interface 5. The fast-idle timer may disconnect the calls. If serial interface 5 were in constant use, one of the primary lines would be disconnected and packets would be dropped. The fact that the backup route is unavailable is not communicated because there is no way to announce that one of the two IP addresses on the interface are unavailable. If you use a dialer rotary group, the contention problem can be avoided.
This section describes how to use the following two methods for dial backup with leased lines:
Since Software Release 8.3, a dial backup capability has been provided. Although it is somewhat more restrictive than floating static routes, dial backup can be used if V.25bis modems are not available or if protocols that do not have support for floating static routes are used.
Dial backup requires that the modems place a call when the Data Terminal Ready (DTR) signal is raised. The telephone number is configured into the modem or other DCE device. That number is called when DTR is raised. The call is disconnected when DTR is lowered. The following configuration illustrates how to take advantage of dial backup and DTR dialing:
interface serial 1 description Leased connection to Hong Kong ip address 128.10.200.66 255.255.255.192 backup interface serial 4 backup delay 0 20 ! interface serial 2 description leased connection to Singapore ip address 128.10.202.66 255.255.255.192 backup interface serial 5 backup delay 0 20 ! interface serial 4 description backup connection for Hong Kong ip address 128.10.200.67 255.255.255.192 pulse-time 10 ! interface serial 5 description backup connection for Singapore ip address 128.10.202.67 255.255.255.192 pulse-time 10 ! interface serial 7 description DDR connection to Tokyo ip address 128.10.204.66 255.255.255.192 dialer in-band dialer wait-for-carrier-time 60 dialer string 0118127351625 pulse-time 1 dialer-group 1 ! router igrp 1 network 128.10.0.0
This solution requires one serial port per primary line. Because the backup ports are placed on the same subnet as the primary serial port, no static routes are required. The backup delay command is used to specify how long to wait after the primary has failed before activating the backup line, and how long to delay before deactivating the backup line after the primary line comes back up. In this case, the primary link will be active for 20 seconds before disabling the backup line. This delay allows for flapping in the primary link when it returns to functioning.
For the remote sites, the floating static route is not needed. The IP address of the backup interface must be on the same subnet as the primary interface. The following example illustrates the Hong Kong router configuration. Serial interface 0 is the leased line, whereas serial interface 1 answers calls as a backup method:
interface serial 0 description leased line from San Francisco ip address 128.10.200.65 255.255.255.192 ! interface serial 1 description interface to answer backup calls from San Francisco ip address 128.10.200.68 255.255.255.192 ! router igrp 1 network 128.10.0.0
interface serial 1 description Leased connection to Hong Kong ip address 128.10.200.66 255.255.255.192 backup interface serial 4 backup delay 0 20 ! interface serial 2 description leased connection to Singapore ip address 128.10.202.66 255.255.255.192 backup interface serial 5 backup delay 0 20 ! interface serial 4 description backup connection for Hong Kong ip address 128.10.200.67 255.255.255.192 dialer in-band dialer wait-for-carrier-time 60 dialer map IP 128.10.200.68 0118527351625 dialer map IP 128.10.200.68 0118527351872 dialer-group 1 pulse-time 1 ! interface serial 5 description backup connection for Singapore ip address 128.10.202.67 255.255.255.192 dialer in-band dialer wait-for-carrier-time 60 dialer string 011653367085 dialer-group 1 pulse-time 1 ! interface serial 7 description DDR connection to Tokyo ip address 128.10.204.66 255.255.255.192 dialer in-band dialer wait-for-carrier-time 60 dialer string 0118127351625 pulse-time 1 dialer-group 1 ! router igrp 1 network 128.10.0.0 redistribute static ! ! route to Hong Kong ip route 128.10.200.0 255.255.255.192 128.10.200.68 ! route to Singapore ip route 128.10.202.0 255.255.255.192 128.10.202.68 ! route to Tokyo ip route 128.10.204.0 255.255.255.192 128.10.204.65 ! dialer-list 1 protocol IP PERMIT
Multiple telephone numbers are configured for serial interface 4. The two dialer map commands have the same next hop address. The software first attempts to call the telephone number specified in the first dialer map command. If this number fails—that is, if no connection is made before the wait-for-carrier timer expires—the second number is dialed. Each of the other backup interfaces uses a dialer string for the backup telephone number. When using V.25bis with dial backup, the dialer-list protocol command shown in the preceding example should be used. The dialer list states that all IP traffic is interesting and will, therefore, cause dialing. Routing updates are included. When a serial line is used as a backup, it is normally the state of the primary link, not the fast-idle timer, that determines when to disconnect the call.
As this case study indicates, there are many ways that dial-on-demand routing (DDR) can be used both for primary access and backup access. Sites can place calls, receive calls, and both place and receive calls. Additionally, using dialer rotary groups provides increased flexibility.
Posted: Wed Apr 10 10:46:06 PDT 2002
All contents are Copyright © 1992--2002 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.
