Imagine that you have remote branch with IOS router connected to DSL service provider. The subnet between your router and service provider router is 192.168.0.0/30. Your router has .1 on the last octet, default route is set to .2.
One day you answered that call from your service provider company. They have told you that you are required to re-address this network because they need to change the subnet for whatever reason they have. New addressing scheme is 192.168.2.0/30, upper ip address on sp side. Everything is prepared on their side, you have a week for reconfiguration.
Okay, since this is our only management interface and we do not have any backup/backdoor link, we we have a problem.
Changing IP address on that interface will break connectivity because of default routing pointing out to old gateway.
Changing default route on the other way, would unfortunately have same result.
So, what are the options?
- take your console cable and drive 300km to do your job on-site
- use remote hands (but unfortunately you don't have any)
- create new config, upload it on the router as startup-config, reboot and start praying... then eventually go back to the first option if sth goes wrong, additionally forget about quarter bonus for having long-hours branch downtime
- use secondary address to quickly do the job without even moving from the desk :)
At startup, interesting part of configuration of remote router is as follows:
interface GigabitEthernet1/0
ip address 192.168.0.1 255.255.255.252
end
ip route 0.0.0.0 0.0.0.0 192.168.0.2
We start with configuring additional ip address on Gi1/0 interface and testing connectivity to service provider.
R1#conf term
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int gi1/0
R1(config-if)#ip addr 192.168.2.1 255.255.255.252 secondary
R1(config-if)#^Z
R1#ping 192.168.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 20/27/40 ms
Okay, looks like it works and we have local subnet connectivity. Now it's time to get rid of old default routing and old ip address. By the way, don't worry about first icmp echo reply, it's just an effect of arp resolution.
In order to remove old ip address we need to establish another session to the router using new ip address, so we need to set up routing through the new gateway. You cannot change your default route just like that. If you just enter the command:
ip route 0.0.0.0 0.0.0.0 192.168.2.2
The router will load-balance between old and new gateway. Not necessary a good thing. What if service provider just messed his configuration?
There is another possibility, use delayed reload feature. It's simple, but powerful. It allows you to reload router at specified time (or after specified amount of time). If you fail and lost connectivity, just wait. Your router will reload with old configuration. Syntax is really simple:
R1#reload in 5
System configuration has been modified. Save? [yes/no]: no
Reload scheduled in 5 minutes by console
Reload reason: Reload Command
Proceed with reload? [confirm]
R1#
***
*** --- SHUTDOWN in 0:05:00 ---
***
R1#
R1#
R1#s
*Jan 24 11:39:42.347: %SYS-5-SCHEDULED_RELOAD: Reload requested for 11:44:38 UTC Thu Jan 24 2013 at 11:39:38 UTC Thu Jan 24 2013 by console. Reload Reason: Reload Command.
R1#show reload
Reload scheduled in 4 minutes and 57 seconds by console
Reload reason: Reload Command
The router just have been instructed to reload in 5 minutes. Good, we have 5 minutes to finish our risky job and cancel reload:
R1#reload cancel
R1#
***
*** --- SHUTDOWN ABORTED ---
***
R1#
R1#
*Jan 24 11:39:49.079: %SYS-5-SCHEDULED_RELOAD_CANCELLED: Scheduled reload cancelled at 11:39:49 UTC Thu Jan 24 2013
R1#
R1#show reload
No reload is scheduled.
Quite useful, isn't it?
But wait, our goal is to do it without any risk and minimum service outage. Let's do it proper way.
First, create some more-specific route to your own ip address using your new gateway. It will preempt default route and allow us to establish configuration session using already new addressing scheme. The best way is to use /32 netmask:
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ip route 172.16.1.2 255.255.255.255 192.168.2.2
R1(config)#^Z
R1#
*Jan 24 11:45:01.047: %SYS-5-CONFIG_I: Configured from console by console
R1#ping 172.16.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/57/132 ms
Okay, the connectivity is set up to use new ip addressing, now we just need to connect to the router via its new ip address. If something went wrong, you can always connect to the router using old address and another source station (default routing still points to old gateway) and revert the changes (remember to check your firewall policy before that :)).
Now, if our connectivity via new interface and new routing works good, and we are logged on to the router using it, we can safely remove old routing information and replace it with new one. You can also remove temporary host route. Remember, that "reload in" command is extremally useful, just in case (don't forget to cancel! :)). There is also another advantage, we just confirmed that our service provider did his job properly and we can safely (more or less) switch to new addressing.
! remove old route (routing still provided by /32 entry)
R1(config)#no ip route 0.0.0.0 0.0.0.0 192.168.0.2
! add new default
R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.2.2
! remove temporary /32 entry
R1(config)#no ip route 172.16.1.2 255.255.255.255 192.168.2.2
R1(config)#^Z
R1#
R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.2.2 to network 0.0.0.0
192.168.0.0/30 is subnetted, 1 subnets
C 192.168.0.0 is directly connected, GigabitEthernet1/0
192.168.2.0/30 is subnetted, 1 subnets
C 192.168.2.0 is directly connected, GigabitEthernet1/0
S* 0.0.0.0/0 [1/0] via 192.168.2.2
R1#
Great, now we route all traffic via our new gateway!
Last thing required here is to remove old ip from the interface and make secondary address primary.
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int gi1/0
R1(config-if)#no ip address 192.168.0.1 255.255.255.252
Must delete secondary before deleting primary
Ooops! Cannot delete primary address without removing secondary first! Looks like we have another problem, because right now our secondary address is used as transport, we cannot establish connectivity to the router using primary address... We even cannot ...
Solution is simple, just pretend that you want to configure brand new ip address on your interface and use your secondary ip:
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int gi1/0
R1(config-if)#do sh run int gi1/0
Building configuration...
Current configuration : 144 bytes
!
interface GigabitEthernet1/0
ip address 192.168.2.1 255.255.255.252 secondary
ip address 192.168.0.1 255.255.255.252
negotiation auto
end
R1(config-if)#ip address 192.168.2.1 255.255.255.252
R1(config-if)#
Wait, looks good! And connectivity is still intact! Let's check interface config:
R1(config-if)#do sh run int gi1/0
Building configuration...
Current configuration : 94 bytes
!
interface GigabitEthernet1/0
ip address 192.168.2.1 255.255.255.252
negotiation auto
end
Our router just replaced primary interface address with secondary. Amazing, isn't it?
This comment has been removed by a blog administrator.
ReplyDelete