D8TA
December 4th, 2004, 11:53 PM
200.200.200.10 200.200.200.20
| |
-------------------------------------------------------- 200.200.200.x
|
200.200.200.254
Router2
200.200.150.253
|
---------------------------------------------------------200.200.150.y
| |
200.200.150.254 Packet Capturing device
Router1
200.200.100.254
|
---------------------------------------------------------200.200.100.z
|
200.200.100.1
I was unable to attach the actually network scheme so I did the best here in hopes it turns out alright. I can send it to you if anyone needs it. This scenerio really has me a bit baffled and the more I attempt to figure it out the more confused I get. I thought I would present it here in hopes someone could assist me in answering these questions and troubleshoot this network. Here goes:
The situation:
You have just been hired by Titanic Cruise Lines Inc. as a network engineer. Titanic's network has been having a problem. You are in for an interesting first week on the job:
Titanic's networks are connected together by using two routers (see the Network Map file named netmap.gif). Both routers are running RIP.
For some reason, machine 200.200.100.1 cannot contact any system on the 200.200.200.x network, but Router 1 can.
Your new boss has assigned you to troubleshoot the problem!
To help diagnose the problem I decided to do some tests:
1. You decide to run a variety of common network utilities from the 200.200.100.1 machine and from Router 1. (See the file named simplifiedscreen.txt for output from the tests that were ran.)
2. You also decide to capture traffic (see capture named 150traffic.rtf) from a machine on the 200.200.150.x network (client with IP address 200.200.150.15).
Using your tests and protocol analysis knowledge write a report explaining:
1) The cause(s) of the problem.
2) Possible remedy(ies).
3) The reason why the network acted in this manner (eg. why machine 200.200.100.1 can't PING but Router 1 can, etc).
--------------------------------------------------------------------------
Here is my routing tables that I've came up with:
Router 1
200.200.150.0; 255.255.255.0; 200.200.150.254; 200.200.150.254; metric 1
200.200.100.0; 255.255.255.0; 200.200.100.254; 200.200.100.254; metric 1
200.200.150.254; 255.255.255.255; 127.0.0.1; 127.0.0.1; metric 1
200.200.100.254; 255.255.255.255; 127.0.0.1; 127.0.0.1; metric 1
200.200.200.0; 255.255.255.0; 200.200.150.254; 200.200.150.254; metric 16
Router 2
200.200.200.0; 255.255.255.0; 200.200.200.254; 200.200.200.254; metric 1
200.200.150.0; 255.255.255.0; 200.200.150.253; 200.200.150.253; metric 1
200.200.200.254; 255.255.255.255; 127.0.0.1; 127.0.0.1; metric 1
200.200.150.253; 255.255.255.255; 127.0.0.1; 127.0.0.1; metric 1
200.200.100.0; 255.255.255.0; 200.200.150.254; 200.200.150.254; metric 3 (?)
I believe that the route to the 200.200.200.x network is poisoned. As a result the traffic is not getting routed from router 1 to router 2. I'm foggy on why this is happening as it seems when looking at the packet capture that Router 2 is sending the information on the 200.200.200.x network. I guess what confuses me is that the first packet (Rip2 from Router 1) is advertising the poisoned route (200.200.200.0 Metric 16) in the first place. Shouldn't the split horizon rule prevent that?
The formating on the network example didn't turn out quite right. There are 2 workstation on the top 200.200.200.10 and 200.200.200.220. Also here is the packet that the packet capture provided.
Capture from the 200.200.150.15 Client system
Packet summary:
1 IP-200.200.150.254 IP-200.200.150.255 90 10:21:22.688831 UDP RIP
2 IP-200.200.150.253 IP-200.200.150.255 70 10:21:24.687585 UDP RIP
3 IP-200.200.150.254 IP-200.200.150.255 90 10:21:52.999137 UDP RIP
4 IP-200.200.150.253 IP-200.200.150.255 70 10:21:54.687585 UDP RIP
Packets decoded:
Packet #1
Flags: 0x00
Status: 0x00
Packet Length:90
Timestamp: 10:21:22.688831 11/07/2003
Ethernet Header
Destination: FF:FF:FF:FF:FF:FF Ethernet Broadcast
Source: 00:C0:F0:54:F7:D1
Protocol Type:0x0800 IP
IP Header - Internet Protocol Datagram
Version: 4
Header Length: 5 (20 bytes)
Type of Service: %00000000
Precedence: Routine, Normal Delay, Normal Throughput, Normal Reliability
Total Length: 72
Identifier: 3872
Fragmentation Flags: %000 May Fragment Last Fragment
Fragment Offset: 0 (0 bytes)
Time To Live: 128
Protocol: 17 UDP
Header Checksum: 0x6BF6
Source IP Address: 200.200.150.254
Dest. IP Address: 200.200.150.255
No IP Options
UDP - User Datagram Protocol
Source Port: 520 RIP/extended file name server
Destination Port: 520
Length: 52
Checksum: 0x1E74
RIP - Routing Information Protocol
Command: 2 Response containing network distance pairs
Version: 2
Routing Domain: 0
Info on Net # 1
Network Number: 2
Route Tag: 0
Net Address: 200.200.100.0
Subnet Mask: 255.255.255.0
Next Hop: 0.0.0.0
Distance: 2
Info on Net # 2
Network Number: 2
Route Tag: 0
Net Address: 200.200.200.0
Subnet Mask: 255.255.255.0
Next Hop: 200.200.150.253
Distance: 16
Frame Check Sequence: 0x00000000
Packet #2
Flags: 0x00
Status: 0x00
Packet Length:70
Timestamp: 10:21:24.687585 11/07/2003
Ethernet Header
Destination: FF:FF:FF:FF:FF:FF Ethernet Broadcast
Source: 00:C0:F0:55:6E:09
Protocol Type:0x0800 IP
IP Header - Internet Protocol Datagram
Version: 4
Header Length: 5 (20 bytes)
Type of Service: %00000000
Precedence: Routine, Normal Delay, Normal Throughput, Normal Reliability
Total Length: 52
Identifier: 31757
Fragmentation Flags: %000 May Fragment Last Fragment
Fragment Offset: 0 (0 bytes)
Time To Live: 128
Protocol: 17 UDP
Header Checksum: 0xFF1D
Source IP Address: 200.200.150.253
Dest. IP Address: 200.200.150.255
No IP Options
UDP - User Datagram Protocol
Source Port: 520 RIP/extended file name server
Destination Port: 520
Length: 32
Checksum: 0xA941
RIP - Routing Information Protocol
Command: 2 Response containing network distance pairs
Version: 1
Zero: 0x0000
Info on Net # 1
Addr Family Id: 2
Zero: 0x0000
Net Address: 200.200.200.0
Zero: 0x0000000000000000
Distance: 2
Frame Check Sequence: 0x00000000
Packet #3
Flags: 0x00
Status: 0x00
Packet Length:90
Timestamp: 10:21:52.999137 11/07/2003
Ethernet Header
Destination: FF:FF:FF:FF:FF:FF Ethernet Broadcast
Source: 00:C0:F0:54:F7:D1
Protocol Type:0x0800 IP
IP Header - Internet Protocol Datagram
Version: 4
Header Length: 5 (20 bytes)
Type of Service: %00000000
Precedence: Routine, Normal Delay, Normal Throughput, Normal Reliability
Total Length: 72
Identifier: 3872
Fragmentation Flags: %000 May Fragment Last Fragment
Fragment Offset: 0 (0 bytes)
Time To Live: 128
Protocol: 17 UDP
Header Checksum: 0x6BF6
Source IP Address: 200.200.150.254
Dest. IP Address: 200.200.150.255
No IP Options
UDP - User Datagram Protocol
Source Port: 520 RIP/extended file name server
Destination Port: 520
Length: 52
Checksum: 0x1E74
RIP - Routing Information Protocol
Command: 2 Response containing network distance pairs
Version: 2
Routing Domain: 0
Info on Net # 1
Network Number: 2
Route Tag: 0
Net Address: 200.200.100.0
Subnet Mask: 255.255.255.0
Next Hop: 0.0.0.0
Distance: 2
Info on Net # 2
Network Number: 2
Route Tag: 0
Net Address: 200.200.200.0
Subnet Mask: 255.255.255.0
Next Hop: 200.200.150.253
Distance: 16
Frame Check Sequence: 0x00000000
Packet #4
Flags: 0x00
Status: 0x00
Packet Length:70
Timestamp: 10:21:54.687585 11/07/2003
Ethernet Header
Destination: FF:FF:FF:FF:FF:FF Ethernet Broadcast
Source: 00:C0:F0:55:6E:09
Protocol Type:0x0800 IP
IP Header - Internet Protocol Datagram
Version: 4
Header Length: 5 (20 bytes)
Type of Service: %00000000
Precedence: Routine, Normal Delay, Normal Throughput, Normal Reliability
Total Length: 52
Identifier: 31757
Fragmentation Flags: %000 May Fragment Last Fragment
Fragment Offset: 0 (0 bytes)
Time To Live: 128
Protocol: 17 UDP
Header Checksum: 0xFF1D
Source IP Address: 200.200.150.253
Dest. IP Address: 200.200.150.255
No IP Options
UDP - User Datagram Protocol
Source Port: 520 RIP/extended file name server
Destination Port: 520
Length: 32
Checksum: 0xA941
RIP - Routing Information Protocol
Command: 2 Response containing network distance pairs
Version: 1
Zero: 0x0000
Info on Net # 1
Addr Family Id: 2
Zero: 0x0000
Net Address: 200.200.200.0
Zero: 0x0000000000000000
Distance: 2
Frame Check Sequence: 0x00000000
| |
-------------------------------------------------------- 200.200.200.x
|
200.200.200.254
Router2
200.200.150.253
|
---------------------------------------------------------200.200.150.y
| |
200.200.150.254 Packet Capturing device
Router1
200.200.100.254
|
---------------------------------------------------------200.200.100.z
|
200.200.100.1
I was unable to attach the actually network scheme so I did the best here in hopes it turns out alright. I can send it to you if anyone needs it. This scenerio really has me a bit baffled and the more I attempt to figure it out the more confused I get. I thought I would present it here in hopes someone could assist me in answering these questions and troubleshoot this network. Here goes:
The situation:
You have just been hired by Titanic Cruise Lines Inc. as a network engineer. Titanic's network has been having a problem. You are in for an interesting first week on the job:
Titanic's networks are connected together by using two routers (see the Network Map file named netmap.gif). Both routers are running RIP.
For some reason, machine 200.200.100.1 cannot contact any system on the 200.200.200.x network, but Router 1 can.
Your new boss has assigned you to troubleshoot the problem!
To help diagnose the problem I decided to do some tests:
1. You decide to run a variety of common network utilities from the 200.200.100.1 machine and from Router 1. (See the file named simplifiedscreen.txt for output from the tests that were ran.)
2. You also decide to capture traffic (see capture named 150traffic.rtf) from a machine on the 200.200.150.x network (client with IP address 200.200.150.15).
Using your tests and protocol analysis knowledge write a report explaining:
1) The cause(s) of the problem.
2) Possible remedy(ies).
3) The reason why the network acted in this manner (eg. why machine 200.200.100.1 can't PING but Router 1 can, etc).
--------------------------------------------------------------------------
Here is my routing tables that I've came up with:
Router 1
200.200.150.0; 255.255.255.0; 200.200.150.254; 200.200.150.254; metric 1
200.200.100.0; 255.255.255.0; 200.200.100.254; 200.200.100.254; metric 1
200.200.150.254; 255.255.255.255; 127.0.0.1; 127.0.0.1; metric 1
200.200.100.254; 255.255.255.255; 127.0.0.1; 127.0.0.1; metric 1
200.200.200.0; 255.255.255.0; 200.200.150.254; 200.200.150.254; metric 16
Router 2
200.200.200.0; 255.255.255.0; 200.200.200.254; 200.200.200.254; metric 1
200.200.150.0; 255.255.255.0; 200.200.150.253; 200.200.150.253; metric 1
200.200.200.254; 255.255.255.255; 127.0.0.1; 127.0.0.1; metric 1
200.200.150.253; 255.255.255.255; 127.0.0.1; 127.0.0.1; metric 1
200.200.100.0; 255.255.255.0; 200.200.150.254; 200.200.150.254; metric 3 (?)
I believe that the route to the 200.200.200.x network is poisoned. As a result the traffic is not getting routed from router 1 to router 2. I'm foggy on why this is happening as it seems when looking at the packet capture that Router 2 is sending the information on the 200.200.200.x network. I guess what confuses me is that the first packet (Rip2 from Router 1) is advertising the poisoned route (200.200.200.0 Metric 16) in the first place. Shouldn't the split horizon rule prevent that?
The formating on the network example didn't turn out quite right. There are 2 workstation on the top 200.200.200.10 and 200.200.200.220. Also here is the packet that the packet capture provided.
Capture from the 200.200.150.15 Client system
Packet summary:
1 IP-200.200.150.254 IP-200.200.150.255 90 10:21:22.688831 UDP RIP
2 IP-200.200.150.253 IP-200.200.150.255 70 10:21:24.687585 UDP RIP
3 IP-200.200.150.254 IP-200.200.150.255 90 10:21:52.999137 UDP RIP
4 IP-200.200.150.253 IP-200.200.150.255 70 10:21:54.687585 UDP RIP
Packets decoded:
Packet #1
Flags: 0x00
Status: 0x00
Packet Length:90
Timestamp: 10:21:22.688831 11/07/2003
Ethernet Header
Destination: FF:FF:FF:FF:FF:FF Ethernet Broadcast
Source: 00:C0:F0:54:F7:D1
Protocol Type:0x0800 IP
IP Header - Internet Protocol Datagram
Version: 4
Header Length: 5 (20 bytes)
Type of Service: %00000000
Precedence: Routine, Normal Delay, Normal Throughput, Normal Reliability
Total Length: 72
Identifier: 3872
Fragmentation Flags: %000 May Fragment Last Fragment
Fragment Offset: 0 (0 bytes)
Time To Live: 128
Protocol: 17 UDP
Header Checksum: 0x6BF6
Source IP Address: 200.200.150.254
Dest. IP Address: 200.200.150.255
No IP Options
UDP - User Datagram Protocol
Source Port: 520 RIP/extended file name server
Destination Port: 520
Length: 52
Checksum: 0x1E74
RIP - Routing Information Protocol
Command: 2 Response containing network distance pairs
Version: 2
Routing Domain: 0
Info on Net # 1
Network Number: 2
Route Tag: 0
Net Address: 200.200.100.0
Subnet Mask: 255.255.255.0
Next Hop: 0.0.0.0
Distance: 2
Info on Net # 2
Network Number: 2
Route Tag: 0
Net Address: 200.200.200.0
Subnet Mask: 255.255.255.0
Next Hop: 200.200.150.253
Distance: 16
Frame Check Sequence: 0x00000000
Packet #2
Flags: 0x00
Status: 0x00
Packet Length:70
Timestamp: 10:21:24.687585 11/07/2003
Ethernet Header
Destination: FF:FF:FF:FF:FF:FF Ethernet Broadcast
Source: 00:C0:F0:55:6E:09
Protocol Type:0x0800 IP
IP Header - Internet Protocol Datagram
Version: 4
Header Length: 5 (20 bytes)
Type of Service: %00000000
Precedence: Routine, Normal Delay, Normal Throughput, Normal Reliability
Total Length: 52
Identifier: 31757
Fragmentation Flags: %000 May Fragment Last Fragment
Fragment Offset: 0 (0 bytes)
Time To Live: 128
Protocol: 17 UDP
Header Checksum: 0xFF1D
Source IP Address: 200.200.150.253
Dest. IP Address: 200.200.150.255
No IP Options
UDP - User Datagram Protocol
Source Port: 520 RIP/extended file name server
Destination Port: 520
Length: 32
Checksum: 0xA941
RIP - Routing Information Protocol
Command: 2 Response containing network distance pairs
Version: 1
Zero: 0x0000
Info on Net # 1
Addr Family Id: 2
Zero: 0x0000
Net Address: 200.200.200.0
Zero: 0x0000000000000000
Distance: 2
Frame Check Sequence: 0x00000000
Packet #3
Flags: 0x00
Status: 0x00
Packet Length:90
Timestamp: 10:21:52.999137 11/07/2003
Ethernet Header
Destination: FF:FF:FF:FF:FF:FF Ethernet Broadcast
Source: 00:C0:F0:54:F7:D1
Protocol Type:0x0800 IP
IP Header - Internet Protocol Datagram
Version: 4
Header Length: 5 (20 bytes)
Type of Service: %00000000
Precedence: Routine, Normal Delay, Normal Throughput, Normal Reliability
Total Length: 72
Identifier: 3872
Fragmentation Flags: %000 May Fragment Last Fragment
Fragment Offset: 0 (0 bytes)
Time To Live: 128
Protocol: 17 UDP
Header Checksum: 0x6BF6
Source IP Address: 200.200.150.254
Dest. IP Address: 200.200.150.255
No IP Options
UDP - User Datagram Protocol
Source Port: 520 RIP/extended file name server
Destination Port: 520
Length: 52
Checksum: 0x1E74
RIP - Routing Information Protocol
Command: 2 Response containing network distance pairs
Version: 2
Routing Domain: 0
Info on Net # 1
Network Number: 2
Route Tag: 0
Net Address: 200.200.100.0
Subnet Mask: 255.255.255.0
Next Hop: 0.0.0.0
Distance: 2
Info on Net # 2
Network Number: 2
Route Tag: 0
Net Address: 200.200.200.0
Subnet Mask: 255.255.255.0
Next Hop: 200.200.150.253
Distance: 16
Frame Check Sequence: 0x00000000
Packet #4
Flags: 0x00
Status: 0x00
Packet Length:70
Timestamp: 10:21:54.687585 11/07/2003
Ethernet Header
Destination: FF:FF:FF:FF:FF:FF Ethernet Broadcast
Source: 00:C0:F0:55:6E:09
Protocol Type:0x0800 IP
IP Header - Internet Protocol Datagram
Version: 4
Header Length: 5 (20 bytes)
Type of Service: %00000000
Precedence: Routine, Normal Delay, Normal Throughput, Normal Reliability
Total Length: 52
Identifier: 31757
Fragmentation Flags: %000 May Fragment Last Fragment
Fragment Offset: 0 (0 bytes)
Time To Live: 128
Protocol: 17 UDP
Header Checksum: 0xFF1D
Source IP Address: 200.200.150.253
Dest. IP Address: 200.200.150.255
No IP Options
UDP - User Datagram Protocol
Source Port: 520 RIP/extended file name server
Destination Port: 520
Length: 32
Checksum: 0xA941
RIP - Routing Information Protocol
Command: 2 Response containing network distance pairs
Version: 1
Zero: 0x0000
Info on Net # 1
Addr Family Id: 2
Zero: 0x0000
Net Address: 200.200.200.0
Zero: 0x0000000000000000
Distance: 2
Frame Check Sequence: 0x00000000