Internetwork Design Guide -- Dial-on-Demand Routing

From DocWiki

Revision as of 16:13, 17 October 2012 by Pzimmerm (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Cisco's dial-on-demand routing (DDR) feature allows you to use existing telephone lines to form a wide-area network (WAN). While using existing telephone lines, you can analyze traffic patterns to determine whether the installation of leased lines is appropriate. DDR provides significant cost savings over leased lines for links that are utilized for only a few hours each day or that experience low traffic flow.

DDR over serial lines requires the use of dialing devices that support V.25bis. V.25bis is an International Telecommunication Union Telecommunication (ITU-T) Standardization Sector standard for in-band signaling to bit synchronous data communications equipment (DCE) devices. A variety of devices support V.25bis, including analog V.32 modems, ISDN terminal adapters, and inverse multiplexers. Cisco's implementation of V.25bis supports devices that use the 1984 version of V.25bis (which requires the use of odd parity), as well as devices that use the 1988 version of V.25bis (which does not use parity).


Note Note: The ITU-T carries out the functions of the former Consultative Committee for International Telegraph and Telephone (CCITT).


This case study describes the use of DDR to connect a worldwide network that consists of a central site located in San Francisco and remote sites located in Tokyo, Singapore, and Hong Kong. The following scenarios and configuration file examples are described:

Describes the central and remote site configurations for three setups: a central site with one interface per remote site, a single interface for multiple remote sites, and multiple interfaces for multiple remote sites. Includes examples of the usage of rotary groups and access lists.
Describes the central and remote site configurations for three setups: central site with one interface per remote site, a single interface for multiple remote sites, and multiple interfaces for multiple remote sites. Also describes the usage of Point-to-Point Protocol (PPP) encapsulation and the Challenge Handshake Authentication Protocol (CHAP).
A common configuration is one in which the remote sites place calls to the central site but the central site does not dial out. In a "star" topology, it is possible for all of the remote routers to have their serial interfaces on the same subnet as the central site serial interface.
Describes the use of DDR as a backup method to leased lines and provides examples of how to use floating static routes on single and shared interfaces.
Describes the use of Data Terminal Ready (DTR) dialing and V.25bis dialing with leased lines.

Figure: DDR internetwork topology shows the topology of the DDR network that is the subject of this case study.


Guide Contents
Internetworking Design Basics
Designing various internetworks
Network Enhancements
IP Routing Concepts
UDP Broadcast Flooding
Large-Scale H.323 Network Design for Service Providers
LAN Switching
Subnetting an IP Address Space
IBM Serial Link Implementation Notes
References and Recommended Reading

Contents

Figure: DDR internetwork topology

Nd201501.jpg


Note Note: All examples and descriptions in this case study refer to features available in Software Release 9.1(9) or later. Some features are available in earlier releases. Features that are available only in Software Release 9.21 are indicated as such.


Having the Central Site Dial Out

In this example, the central site calls the remote sites. The cost of initiating a call from the United States to international sites is often lower than if the remote sites initiate the call, and it is expected that remote offices need to connect to the central site network only periodically. This section provides the following configuration examples in which the central site is configured to dial out:

Configuring One Interface Per Remote Site

For the initial configuration, the San Francisco central site is configured to have one interface per remote site.

Central Site: Dial Out Only

In the following configuration, the central site places the calls with a separate interface configured for each remote site. There is no support for answering calls in this configuration.

interface serial 5 
description DDR connection to Hong Kong 
ip address 128.10.200.66 255.255.255.192 
dialer in-band 
dialer wait-for-carrier-time 60 
dialer string 0118527351625 
pulse-time 1 
dialer-group 1			 
! 
interface serial 6 
description DDR connection to Singapore 
ip address 128.10.202.66 255.255.255.192 
dialer in-band 
dialer wait-for-carrier-time 60 
dialer string 011653367085 
pulse-time 1 
dialer-group 1 
! 
interface serial 7 
description DDR connection to Tokyo 
ip address 128.10.204.66 255.255.255.192 
dialer in-band 
dialer wait-for-carrier-time 60 
dialer string 0118127351625 
pulse-time 1 
dialer-group 1 
! 
router igrp 1 
network 128.10.0.0 
redistribute static 
! route to Hong Kong 
ip route 128.10.200.0 255.255.255.192 128.10.200.65 
! route to Singapore 
ip route 128.10.202.0 255.255.255.192 128.10.202.65 
! route to Tokyo 
ip route 128.10.204.0 255.255.255.192 128.10.204.65 
access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 
dialer-list 1 list 101

Interface Configuration

The configuration of the individual interfaces and Internet Protocol (IP) addresses is straightforward. The IP address for each interface is provided. The example uses a 6-bit host portion in IP addresses. The dialer in-band command enables DDR and V.25bis dialing on the interface. V.25bis is a ITU-T standard for in-band signaling to bit synchronous DCE devices. A variety of devices support V.25bis, ranging from analog V.32 modems to ISDN terminal adapters to inverse multiplexers.

The dialer wait-for-carrier-time command is set to 60 seconds. When using V.25bis, the router does not parse any responses it receives from the DCE. Instead, the router depends on the modem's Carrier Detect (CD) signal to indicate that a call has been connected. If the modem's CD signal is not activated before the time allotted with the dialer wait-for-carrier-time command, the router assumes that the call has failed and disconnects the line. Because the calls are international, and thus take longer to connect than local calls, the wait for carrier time is set to 60 seconds. Even for local calls, analog modems can take 20 to 30 seconds to synchronize to each other, including the time to dial and answer.

The dialer string command identifies the telephone number of the targeted destination. Because the central site is calling only a single destination, this dialer string is the simplest possible configuration. The pulse-time command specifies how long Data Terminal Ready (DTR) is held inactive. When using DDR and V.25bis modems, the router disconnects calls by deactivating DTR. This command is automatically inserted into the configuration when the dialer in-band command is entered.

The dialer-group command is used to identify each interface with a dialer list set. The dialer-list command associates each interface with access lists that determine which packets are "interesting" versus "uninteresting" for an interface. For details on access lists and dialer lists, see the "Access List Configuration" section that follows.

Routing Configuration

  • The Interior Gateway Routing Protocol (IGRP) is used to route traffic on the network. The first two commands in the routing section of the configuration file are router igrp and network. These define the IGRP number and the network over which IGRP runs.
  • The redistribute command causes the static route information (defined with the ip route commands shown in the configuration example) to be sent to other routers in the same IGRP area. Without this command, other routers connected to the central site will not have routes to the remote routers. The three static routes define the subnets on the Ethernet backbone of the remote routers. DDR tends to use static routes extensively because routing updates are not received when the dial-up connection is not active.

Access List Configuration

The last section of the configuration file provides the access lists that DDR uses to classify "interesting" and "uninteresting" packets. Interesting packets are packets that pass the restrictions of the access lists. These packets either initiate a call (if one is not already in progress) or reset the idle timer if a call is in progress. Uninteresting packets are transmitted if the link is active, but dropped if the link is not active. Uninteresting packets do not initiate calls or reset the idle timer. Access list 101 provides the following filters:

  • IGRP packets that are sent to the broadcast address (255.255.255.255) do not cause dialing.
  • All other IP packets are interesting and thus may cause dialing and reset the idle timer.
Remote Sites: Dial In Only

Except for the IP address and the default route, each of the remote sites is configured identically as an answer-only site. The following example lists Hong Kong's configuration:

interface serial 1 
description interface to answer calls from San Francisco 
ip address 128.10.200.65 255.255.255.192 
dialer in-band 
! 
ip route 0.0.0.0 0.0.0.0 128.10.200.66 

The answering site will not disconnect the call. It is up to the calling site to disconnect the call when the line is idle. In this case, the answering site is using static routing. The default route points to the serial interface at the central site.

Configuring a Single Interface for Multiple Remote Sites

It is possible to use a single interface to call multiple destinations, such as a site in Hong Kong and a site in Paris, France. Because of the time differences, these sites would never need to be connected at the same time. Therefore, a single interface could be used for both sites without the possibility of contention for the interface and without the cost of dedicating a serial port and modem to each destination.

Central Site: Dial Out Only

In the following configuration, the central site places the calls. A single interface is configured to call multiple remote sites. There is no support for answering calls in this configuration.

interface serial 5 
description DDR connection to Hong Kong and Singapore 
ip address 128.10.200.66 255.255.255.192 
ip address 128.10.202.66 255.255.255.192 secondary 
dialer in-band 
dialer wait-for-carrier-time 60 
! map Hong Kong to a phone number 
dialer map ip 128.10.200.65 0118527351625 
! map Singapore to a phone number 
dialer map ip 128.10.202.65 011653367085 
pulse-time 1 
dialer-group 1			 
! 
router igrp 1 
network 128.10.0.0 
passive-interface serial 5 
redistribute static 
! route to Hong Kong 
ip route 128.10.200.0 255.255.255.192 128.10.200.65 
! route to Singapore 
ip route 128.10.202.0 255.255.255.192 128.10.202.65 
! 
access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 
dialer-list 1 list 101 

Interface Configuration

The configuration of the interface in this example is slightly more complicated than the configuration described in the "Configuring One Interface Per Remote Site" section. In addition to the original IP address, there is a secondary IP address configured for serial interface 5 because the Singapore and Hong Kong offices are on different subnets.

The dialer in-band, dialer wait-for-carrier-time, pulse-time, and dialer-group commands are used in the same manner as described previously in the "Configuring One Interface Per Remote Site" section. However, the previous dialer string command has been removed and replaced with two dialer map commands.

The first dialer map command maps the telephone number for Hong Kong to its next hop address, which is the IP address of the serial port of the router in Hong Kong. The second dialer map command maps the telephone number for the Singapore router to the next hop address for Singapore.

Routing Configuration

The IP static routes define the next hops used in the dialer map commands. When a packet is received for a host on network 128.10.200.0, it is routed to a next hop address of 128.10.200.65. This route goes out serial interface 5. DDR uses the next hop address to obtain the telephone number of the destination router.


Note Note: The use of the passive-interface command states that routing updates are not to be sent out serial interface 5. Because the remote sites are using a default route, there is no need to send routing updates over the wire.

Access List Configuration

The use of dialer map commands provides an additional level of filtering. When a packet is received for a host on network 128.10.200.0, it is routed to a next hop address of 128.10.200.65. This route goes out serial interface 5. The packet is compared to the access lists. If the packet is deemed "interesting," the packet's next hop address is compared to the dialer map commands defined for that interface. If a match is found, the interface is checked to determine whether it is connected to the telephone number for that next hop address. If the interface is not connected, a call is placed to the telephone number. If the interface is currently connected to that number, the idle timer is reset. If the interface is connected to another number (from another dialer map command), the fast-idle timer is started due to contention for the interface. If there is no match of the next hop address to any of the dialer maps and there is no dialer string defined (which matches all next hop addresses), the packet is dropped.

This additional layer of filtering for the next hop address causes problems for broadcast packets such as routing updates. Because a broadcast packet is transmitted with a next hop address of the broadcast address, the check against the dialer map commands will fail. If you want broadcast packets transmitted to telephone numbers defined by dialer map commands, additional dialer map commands must specify the broadcast address as the next hop address with the same telephone number. For example, you might add the following dialer map commands:

dialer map ip 255.255.255.255 0118527351625 
dialer map ip 255.255.255.255 011653367085 

If the interface is currently connected to one of these telephone numbers, and if it receives an IGRP broadcast packet, that packet will now be transmitted because it matches a dialer map command to an already connected telephone number. (If the connection is already established, both "interesting" and "uninteresting" packets are sent.) If a connection is not already established, adding the dialer map commands will not cause an IGRP packet sent to the broadcast address to cause dialing because the access lists determine that the IGRP packet is uninteresting.


Note Note: In the configuration example described in the "Configuring a Single Interface for Multiple Remote Sites" section, the dialer string command permits broadcast packets to be sent when the link is connected because the dialer string matches all next hop addresses that did not have a dialer map.


Remote Sites: Dial In Only

Except for the IP address and the default route, each of the remote sites is configured identically as an answer-only site. The following example illustrates the Hong Kong configuration:

interface serial 1 
description interface to answer calls from San Francisco 
ip address 128.10.200.65 255.255.255.192 
dialer in-band 
! 
ip route 0.0.0.0 0.0.0.0 128.10.200.66 

The answering site will not disconnect the call. It is up to the calling site to disconnect the call when the line is idle. A default route is defined back to the central site.

Configuring Multiple Interfaces for Multiple Remote Sites

When using a single interface with dialer maps, contention for the interface can occur. This contention starts a fast-idle timer that causes lines to remain connected for a shorter idle time than usual, allowing other destinations to use the interface. Dialer rotary groups prevent contention by creating a set of interfaces that can be used to dial out. Rather than statically assigning an interface to a destination, dialer rotary groups allow dynamic allocation of interfaces to telephone numbers. Before a call is placed, the rotary group is searched for an interface that is not in use to place the call. It is not until all of the interfaces in the rotary group are in use that the fast-idle timer is started.


Note Note: The following configurations appear as they would be entered at the command line. Due to the way dialer rotary groups function, the output from a write terminal command on the router may differ slightly from what is shown here.

Central Site: Dial Out Only

The following configuration defines dialer rotary groups on the central site router:

interface dialer 1 
description rotary group for Hong Kong, Tokyo, and Singapore 
ip address 128.10.200.66 255.255.255.192 
ip address 128.10.202.66 255.255.255.192 secondary 
ip address 128.10.204.66 255.255.255.192 secondary 
dialer in-band 
dialer wait-for-carrier-time 60 
! map Hong Kong to a phone number 
dialer map ip 128.10.200.65 0118527351625 
! map Singapore to a phone number 
dialer map ip 128.10.202.65 011653367085 
! map Tokyo to a phone number 
dialer map ip 128.10.204.65 0118127351625 
pulse-time 1 
dialer-group 1			 
! 
interface serial 5 
dialer rotary-group 1 
! 
interface serial 6 
dialer rotary-group 1			 
! 
router igrp 1 
network 128.10.0.0 
passive-interface dialer 1 
redistribute static 
! 
! route to Hong Kong 
ip route 128.10.200.0 255.255.255.192 128.10.200.65 
! route to Singapore 
ip route 128.10.202.0 255.255.255.192 128.10.202.65 
! route to Tokyo 
ip route 128.10.204.0 255.255.255.192 128.10.204.65 
! 
access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 
dialer-list 1 list 101 

Interface Configuration

Specifying a dialer interface is the first step in defining a dialer rotary group. While a dialer interface is not a physical interface, all of the configuration commands that can be specified for a physical interface can be used for a dialer interface. For example, the commands listed under the interface dialer command are identical to those used for physical serial interface 5 as described in the "Configuring a Single Interface for Multiple Remote Sites" section. Also, an additional dialer map command has been added to map the next hop address for Tokyo to the telephone number.

The dialer rotary-group command places physical serial interface 5 and serial interface 6 in the rotary group. Either of these interfaces can be used to dial any of the destinations defined by the interface dialer command.

As mentioned earlier, when you look at the configuration on the router using the write terminal command, the configuration may look slightly different from your input. For example, the pulse-time command associated with the dialer interface will appear with all of the serial interfaces that were added with the dialer rotary-group command. Certain configuration information associated with the dialer interface is propagated to all of the interfaces that are in the rotary group.

Routing Configuration

The routing section of this configuration has not changed from the example in the "Configuring a Single Interface for Multiple Remote Sites" section. But if you were to examine the routing table for one of the remote networks using the show ip route command (for example, show ip route 128.10.200.0), you would see that the output interface for packets sent to this subnet is interface dialer 1. The actual physical interface over which the packet will be transmitted is not determined until the DDR steps described in the following paragraph are performed.

Before a packet is sent out the dialer interface, DDR checks to determine whether the packet is "interesting" or "uninteresting." DDR then checks the dialer map. Next, all of the physical interfaces in the rotary group are checked to determine whether they are connected to the telephone number. If an appropriate interface is found, the packet is sent out that physical interface. If an interface is not found and the packet is deemed interesting, the rotary group is scanned for an available physical interface. The first available interface found is used to place a call to the telephone number.


Note Note: To use dynamic routing, in which two of the remote sites communicate with each other via the central site, the no ip split-horizon command is required and the passive-interface command must be removed.


Access List Configuration

This configuration uses the same access lists as the example in the "Configuring a Single Interface for Multiple Remote Sites" section. A default route is defined back to the central site.

Remote Sites: Dial In Only

Except for the IP address and the default route, each of the remote sites is configured identically as an answer-only site. The following example illustrates the Hong Kong configuration:

interface serial 1 
description interface to answer calls from San Francisco 
ip address 128.10.200.65 255.255.255.192 
dialer in-band 
! 
ip route 0.0.0.0 0.0.0.0 128.10.200.66 

The answering site will not disconnect the call. It is up to the calling site to disconnect the call when the line is idle.

Having the Central and Remote Sites Dial In and Dial Out

It is often more convenient to have the remote sites call the central site as its users require, instead of depending on the central site to poll the remote sites. This section provides the following configuration examples in which both the central site and the remote sites are placing calls:

Configuring One Interface Per Remote Site

In order to support dial-in and dial-out for both the central and remote sites using one interface per remote site, each remote site must call in on the specific central site interface that has the dialer string corresponding to the respective remote site telephone number.

Central Site: Dial In and Dial Out

In the following example, the central San Francisco site is configured to place and answer calls. One interface is configured per remote site.

interface serial 5 
description DDR connection to Hong Kong 
ip address 128.10.200.66 255.255.255.192 
dialer in-band 
dialer wait-for-carrier-time 60 
dialer string 0118527351625 
pulse-time 1 
dialer-group 1			 
! 
interface serial 6 
description DDR connection to Singapore 
ip address 128.10.202.66 255.255.255.192 
dialer in-band 
dialer wait-for-carrier-time 60 
dialer string 011653367085 
pulse-time 1 
dialer-group 1 
! 
interface serial 7 
description DDR connection to Tokyo 
ip address 128.10.204.66 255.255.255.192 
dialer in-band 
dialer wait-for-carrier-time 60 
dialer string 0118127351625 
pulse-time 1 
dialer-group 1 
! 
router igrp 1 
network 128.10.0.0 
redistribute static 
! 
! route to Hong Kong 
ip route 128.10.200.0 255.255.255.192 128.10.200.65 
! route to Singapore 
ip route 128.10.202.0 255.255.255.192 128.10.202.65 
! route to Tokyo 
ip route 128.10.204.0 255.255.255.192 128.10.204.65 
! 
access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 
dialer-list 1 list 101 

Remote Sites: Dial In and Dial Out

All of the remote configurations are similar. Each defines a default route back to the central site and a dialer string that contains the telephone number of the central site.

Hong Kong

In the following example, the remote Hong Kong site is configured to place and answer calls. Hong Kong's configuration file contains a dialer string of 14155551212, which should call serial interface 5 in San Francisco.

interface serial 1 
description DDR connection to San Francisco 
ip address 128.10.200.65 255.255.255.192 
dialer in-band 
dialer wait-for-carrier-time 60 
dialer string 14155551212 
pulse-time 1 
dialer-group 1			 
! 
router igrp 1 
network 128.10.0.0 
! 
ip route 128.10.0.0 255.255.0.0 128.10.200.66  
! 
access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 
dialer-list 1 list 101 
Singapore

In the following example, the remote Singapore site is configured to place and answer calls. The Singapore configuration file contains a dialer string of 14155551213, which should call serial interface 6 in San Francisco.

interface serial 1 
description DDR connection to San Francisco 
ip address 128.10.202.65 255.255.255.192 
dialer in-band 
dialer wait-for-carrier-time 60 
dialer string 14155551213 
pulse-time 1 
dialer-group 1			 
! 
router igrp 1 
network 128.10.0.0 
! 
ip route 128.10.0.0 255.255.0.0 128.10.202.66 
! 
access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 
dialer-list 1 list 101 
Tokyo

In the following example, the remote Tokyo site is configured to place and answer calls. The Tokyo configuration file contains a dialer string of 14155551214, which should call serial interface 7 in San Francisco.

interface serial 1 
description DDR connection to San Francisco 
ip address 128.10.204.65 255.255.255.192 
dialer in-band 
dialer wait-for-carrier-time 60 
dialer string 14155551214 
pulse-time 1 
dialer-group 1			 
router igrp 1 
network 128.10.0.0 
! 
ip route 128.10.0.0 255.255.0.0 128.10.204.66 
! 
access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 
dialer-list 1 list 101 

Because all incoming calls are assumed to be from the telephone number configured with the dialer string command, it is important to configure the central and remote sites correctly. For example, if the Singapore dialer string uses the telephone number that Hong Kong uses to call the central site, packets from the central site intended for Hong Kong would be sent to Singapore whenever Singapore called in because Singapore called in using the Hong Kong interface.

Configuring a Single Interface for Multiple Remote Sites

When multiple sites are calling into a central site, an authentication mechanism must be used unless that central site has one interface dedicated to each incoming call. Without the authentication mechanism, the central site router has no way of identifying the sites to which it is currently connected and cannot ensure that additional calls are not made. Point-to-Point Protocol (PPP) encapsulation with CHAP or Password Authentication Protocol (PAP) provides the mechanism to identify the calling party.


Note Note: A router with a built-in ISDN port may be able to use calling party identification. Because calling party identification is not available everywhere, PPP with CHAP provides the identification mechanism. In Software Release 9.21, PPP and Password Authentication Protocol (PAP) can be used in place of CHAP, although PAP is less secure than CHAP. The configuration of PAP would differ slightly from the configuration for CHAP illustrated in this section.


Central Site: Dial In and Dial Out

In the following example, the central San Francisco site is configured to place and answer calls. A single interface is configured for multiple remote sites.

hostname SanFrancisco 
interface serial 5 
description DDR connection to Hong Kong and Singapore 
ip address 128.10.200.66 255.255.255.192 
ip address 128.10.202.66 255.255.255.192 secondary 
encapsulation ppp 
ppp authentication chap 
dialer in-band 
dialer wait-for-carrier-time 60 
dialer map ip 128.10.200.65 name HongKong 0118527351625 
dialer map ip 128.10.202.65 name Singapore 011653367085 
pulse-time 1 
dialer-group 1			 
! 
router igrp 1 
network 128.10.0.0 
passive-interface serial 5 
redistribute static 
! 
! route to Hong Kong 
ip route 128.10.200.0 255.255.255.192 128.10.200.65 
! route to Singapore 
ip route 128.10.202.0 255.255.255.192 128.10.202.65 
access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 
dialer-list 1 list 101 
! 
username HongKong password password1 
username Singapore password password2 

The command encapsulation ppp enables PPP encapsulation. The command ppp authentication chap enables CHAP authentication. In addition, username commands are entered for each of the remote sites that place calls. The username command defines the name of the remote router and a password to be associated with that router. When ppp authentication chap is configured, authentication must be verified or else network traffic will not be transmitted.

The dialer map command contains the host name of the remote router. This associates the remote router with a next hop address and a telephone number. When a packet is received for a host on network 128.10.200.0, it is routed to a next hop address of 128.10.200.65 via serial interface 5. The packet is compared to the access lists and then the packet's next hop address is compared to the dialer map commands for serial interface 5.

If the packet is "interesting" and a connection to the number in the dialer map command is already active on the interface, the idle timer is reset. If a match is found, DDR checks the interface to determine whether it is connected to the telephone number for the next hop address. The comparison to the telephone number is useful only if the router placed the call or if the telephone number was received via calling party ID on an ISDN router. With CHAP and the name keyword included in the dialer map command, both the telephone number and the name for a given next hop address are compared to the names of the routers already connected. In this way, calls to destinations to which connections are already established can be avoided.

Remote Sites: Dial In and Dial Out

In the following configuration examples, the remote sites are configured to place and receive calls to or from a single interface at the central site.

Hong Kong

The following configuration allows Hong Kong to place and receive calls to and from the central site in San Francisco:

hostname HongKong 
interface serial 1 
description DDR connection to SanFrancisco 
ip address 128.10.200.65 255.255.255.192 
encapsulation ppp 
dialer in-band 
dialer wait-for-carrier-time 60 
dialer string 14155551212 
pulse-time 1 
dialer-group 1			 
! 
router igrp 1 
network 128.10.0.0 
! 
ip route 128.10.0.0 255.255.0.0 128.10.200.66  
! 
access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 
dialer-list 1 list 101			 
! 
username SanFrancisco password password1 
Singapore

The following configuration allows Singapore to place and receive calls to and from the central site in San Francisco:

hostname Singapore 
interface serial 1 
description DDR connection to San Francisco 
ip address 128.10.202.65 255.255.255.192 
encapsulation ppp 
dialer in-band 
dialer wait-for-carrier-time 60 
dialer string 14155551212 
pulse-time 1 
dialer-group 1			 
! 
router igrp 1 
network 128.10.0.0 
ip route 128.10.0.0 255.255.0.0 128.10.202.66 
! 
access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 
dialer-list 1 list 101 
! 
username SanFrancisco password password2 

Unlike the central site, the remote sites do not contain the ppp authentication chap command. This is because only one site, the central site, is calling in to the remote sites. If only one site is calling in, DDR assumes the call is from the number defined with the dialer string command; therefore, the command ppp authentication chap is not required.


Note Note: If the remote sites use dialer map commands instead of dialer string, the ppp authentication chap command is required, and the dialer map commands require the name keyword. This is because the assumption is made that if the dialer map command is used, multiple sites either can be called or can call in.


Also, the remote sites have a username entry for the San Francisco router, and the San Francisco router contains the username passwords for Singapore and Hong Kong.

Configuring Multiple Interfaces for Multiple Remote Sites

The configurations in this section are similar to the examples provided in the earlier "Configuring a Single Interface for Multiple Remote Sites" section. The encapsulation is set to PPP and CHAP authentication is required.

Central Site: Dial In and Dial Out

The following example configures the central site router to dial in and dial out on multiple interfaces to multiple remote sites:

hostname SanFrancisco 
interface dialer 1 
description rotary group for Hong Kong, Tokyo, and Singapore 
ip address 128.10.200.66 255.255.255.192 
ip address 128.10.202.66 255.255.255.192 secondary 
ip address 128.10.204.66 255.255.255.192 secondary 
encapsulation ppp 
ppp authentication chap 
dialer in-band 
dialer wait-for-carrier-time 60 
dialer map ip 128.10.200.65 name HongKong 0118527351625 
dialer map ip 128.10.202.65 name Singapore 011653367085 
dialer map ip 128.10.204.65 name Tokyo 0118127351625 
pulse-time 1 
dialer-group 1			 
! 
interface serial 5 
dialer rotary-group 1 
! 
interface serial 6 
dialer rotary-group 1			 
! 
router igrp 1 
network 128.10.0.0 
passive-interface dialer 1 
redistribute static 
! route to Hong Kong 
ip route 128.10.200.0 255.255.255.192 128.10.200.65 
! route to Singapore 
ip route 128.10.202.0 255.255.255.192 128.10.202.65 
! route to Tokyo 
ip route 128.10.204.0 255.255.255.192 128.10.204.65 
! 
access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 
dialer-list 1 list 101 
! 
username HongKong password password1 
username Singapore password password2 
username Tokyo password password3 

Remote Sites: Dial In and Dial Out

In the following configuration examples, the remote sites are configured to place and receive calls to or from multiple interfaces at the central site. All of the remote sites dial the same telephone number. At the San Francisco site, that single telephone number will connect to either serial interface 5 or serial interface 6. This capability is provided by the telephone service provider.

Hong Kong

The following configuration allows Hong Kong to place and receive calls to and from the central site in San Francisco:

hostname HongKong 
interface serial 1 
description DDR connection to SanFrancisco 
ip address 128.10.200.65 255.255.255.192 
encapsulation ppp 
dialer in-band 
dialer wait-for-carrier-time 60 
dialer string 14155551212 
pulse-time 1 
dialer-group 1			 
router igrp 1 
network 128.10.0.0 
ip route 128.10.0.0 255.255.0.0 128.10.200.66  
! 
access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 
dialer-list 1 list 101			 
! 
username SanFrancisco password password1 
Singapore

The following configuration allows Singapore to place and receive calls to and from the central site in San Francisco:

hostname Singapore 
interface serial 1 
description DDR connection to San Francisco 
ip address 128.10.202.65 255.255.255.192 
encapsulation ppp 
dialer in-band 
dialer wait-for-carrier-time 60 
dialer string 14155551212 
pulse-time 1 
dialer-group 1			 
router igrp 1 
network 128.10.0.0 
ip route 128.10.0.0 255.255.0.0 128.10.202.66 
! 
access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 
dialer-list 1 list 101 
! 
username SanFrancisco password password2 
Tokyo

The following configuration allows Tokyo to place and receive calls to and from the central site in San Francisco:

hostname Tokyo 
interface serial 1 
description DDR connection to San Francisco 
ip address 128.10.204.65 255.255.255.192 
encapsulation ppp 
dialer in-band 
dialer wait-for-carrier-time 60 
dialer string 14155551212 
pulse-time 1 
dialer-group 1			 
router igrp 1 
network 128.10.0.0 
ip route 128.10.0.0 255.255.0.0 128.10.204.66 
! 
access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 
dialer-list 1 list 101 
! 
username SanFrancisco password password3 

The remote sites do not use the ppp authentication chap. This is because only one site, the central site, is calling in to the remote sites. If only one site is calling in, DDR assumes the call is from the number defined with the dialer string command; therefore, the command ppp authentication chap is not required. However, if the remote sites use dialer map commands instead of dialer string, the ppp authentication chap command is required, and the dialer map commands require the name keyword.

Also, each remote site has a username SanFrancisco entry containing the same password that the central San Francisco site uses to identify the remote site.

Having Remote Sites Dial Out

A common configuration is to have the remote sites place calls to the central site, which does not dial out.

Configuring Multiple Interfaces for Multiple Remote Sites

In a "star" topology, all the remote routers can have their serial interfaces on the same subnet as the central site serial interface. (See Figure: Remote sites dial out (star topology).)

Figure: Remote sites dial out (star topology)

Nd201502.jpg

Central Site: Dial In Only

The following example configures the central site router to accept dial-ins on multiple interfaces:

hostname SanFrancisco 
interface dialer 1 
description rotary group for inbound calls 
ip address 128.10.200.66 255.255.255.192 
encapsulation ppp 
ppp authentication chap 
dialer in-band 
dialer wait-for-carrier-time 60 
dialer map ip 128.10.200.67 name HongKong 
dialer map ip 128.10.200.68 name Singapore 
dialer map ip 128.10.200.69 name Tokyo 
pulse-time 1 
dialer-group 1			 
! 
interface serial 5 
dialer rotary-group 1 
! 
interface serial 6 
dialer rotary-group 1			 
! 
router igrp 1 
network 128.10.0.0 
passive-interface dialer 1 
redistribute static 
! route to Hong Kong 
ip route 128.10.201.0 255.255.255.192 128.10.200.67 
! route to Singapore 
ip route 128.10.202.0 255.255.255.192 128.10.200.68 
! route to Tokyo 
ip route 128.10.204.0 255.255.255.192 128.10.200.69 
! 
access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 
dialer-list 1 list 101 
! 
username HongKong password password1 
username Singapore password password2 
username Tokyo password password3 

Remote Sites: Dial Out Only

In the following configurations, the remote sites are configured to place calls to multiple interfaces at the central site. The assumption here is that a single telephone number on the central site will get any one of two possible inbound serial interfaces (serial interface 5 or serial interface 6).

Hong Kong

The following configuration allows Hong Kong to place calls to the central site in San Francisco:

hostname HongKong 
interface ethernet 0 
ip address 128.10.201.1 255.255.255.192 
interface serial 1 
description DDR connection to SanFrancisco 
ip address 128.10.200.67 255.255.255.192 
encapsulation ppp 
dialer in-band 
dialer wait-for-carrier-time 60 
dialer string 14155551212 
pulse-time 1 
dialer-group 1			 
router igrp 1 
network 128.10.0.0 
ip route 128.10.0.0 255.255.0.0 128.10.200.66  
! 
access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 
dialer-list 1 list 101			 
! 
username SanFrancisco password password1 
Singapore

The following configuration allows Singapore to place calls to the central site in San Francisco:

hostname Singapore 
interface ethernet 0 
ip address 128.10.202.1 255.255.255.192 
interface serial 1 
description DDR connection to San Francisco 
ip address 128.10.200.68 255.255.255.192 
encapsulation ppp 
dialer in-band 
dialer wait-for-carrier-time 60 
dialer string 14155551212 
pulse-time 1 
dialer-group 1			 
router igrp 1 
network 128.10.0.0 
ip route 128.10.0.0 255.255.0.0 128.10.200.66 
! 
access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 
dialer-list 1 list 101 
! 
username SanFrancisco password password2
Tokyo

The following configuration allows Tokyo to place calls to the central site in San Francisco:

hostname Tokyo 
interface ethernet 0 
ip address 128.10.204.1 255.255.255.192 
interface serial 1 
description DDR connection to San Francisco 
ip address 128.10.200.69 255.255.255.192 
encapsulation ppp 
dialer in-band 
dialer wait-for-carrier-time 60 
dialer string 14155551212 
pulse-time 1 
dialer-group 1			 
router igrp 1 
network 128.10.0.0 
ip route 128.10.0.0 255.255.0.0 128.10.200.66 
! 
access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 
dialer-list 1 list 101 
! 
username SanFrancisco password password3 

Using DDR as a Backup to Leased Lines

DDR allows you to quickly enable a WAN connection through the use of existing analog telephone lines. Also, DDR provides cost savings because the line is used on an as-needed basis, whereas a leased line is paid for when the line is not in use. However, there are times when a leased line may provide benefits.


Figure: DDR-to-Leased Line Cutover shows that there can be a point (when a connection needs to be maintained for more than a certain number of hours per day) at which a DDR link no longer has cost savings, and a leased line may be more cost effective. Additionally, DDR links have a variable cost. It is difficult to predict what a DDR link may cost per month, given that users can initiate traffic at any time.

Figure: DDR-to-Leased Line Cutover

Nd201503.jpg

With leased lines, you can still continue to use dial-up lines as a backup by using either of the following methods:

  • Floating static routes (single and shared interfaces) and DDR
  • DTR dialing or V.25bis dialing

Floating Static Routes

Floating static routes are static routes that have an administrative distance greater than the administrative distance of dynamic routes. Administrative distances can be configured on a static route so that the static route is less desirable than a dynamic route. In this manner, the static route is not used when the dynamic route is available. However, if the dynamic route is lost, the static route can take over, and traffic can be sent through this alternative route. If this alternative route is provided by a DDR interface, DDR can be used as a backup mechanism.

Central Site

The following example outlines a configuration of a central site using leased lines for primary connectivity and DDR for backup:

interface serial 1 
description Leased connection to Hong Kong 
ip address 128.10.200.66 255.255.255.192 
! 
interface serial 2 
description leased connection to Singapore 
ip address 128.10.202.66 255.255.255.192 
! 
interface serial 5 
description backup DDR connection to Hong Kong 
ip address 128.10.200.130 255.255.255.192 
dialer in-band 
dialer wait-for-carrier-time 60 
dialer string 0118527351625 
pulse-time 1 
dialer-group 1			 
! 
interface serial 6 
description backup DDR connection to Singapore 
ip address 128.10.202.130 255.255.255.192 
dialer in-band 
dialer wait-for-carrier-time 60 
dialer string 011653367085 
pulse-time 1 
dialer-group 1 
! 
interface serial 7 
description DDR connection to Tokyo 
ip address 128.10.204.66 255.255.255.192 
dialer in-band 
dialer wait-for-carrier-time 60 
dialer string 0118127351625 
pulse-time 1 
dialer-group 1 
! 
router igrp 1 
network 128.10.0.0 
redistribute static 
! 
! route to Hong Kong with administrative distance 
ip route 128.10.200.0 255.255.255.192 128.10.200.129 150 
! route to Singapore with administrative distance 
ip route 128.10.202.0 255.255.255.192 128.10.202.129 150 
! route to Tokyo 
ip route 128.10.204.0 255.255.255.192 128.10.204.65 
! 
access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 
dialer-list 1 list 101 

Serial interfaces 1 and 2 are used as leased lines to Hong Kong and Singapore. Serial interface 5 backs up serial interface 1; serial interface 6 backs up serial interface 2; and serial interface 7 is used for DDR to Tokyo.

Remote Sites

Each remote sites has a leased line as a primary link and a DDR line as a backup. For example:

interface serial 0 
description leased line from San Francisco 
ip address 128.10.200.65 255.255.255.192 
! 
interface serial 1 
description interface to answer backup calls from San Francisco 
ip address 128.10.200.129 255.255.255.192 
dialer in-band 
! 
router igrp 1 
network 128.10.0.0 
! route back to San Francisco with administrative distance 
ip route 128.10.0.0 255.255.0.0 128.10.200.130 150 

The first serial interface is the leased line, whereas the second answers calls from the central site in case the central site needs to use DDR as a backup method.

Floating Static Routes on Shared Interfaces

The central site configuration requires a large number of serial ports because each primary port has its own backup. For true redundancy, backup is a requirement. But in many cases, an interface or a set of interfaces can be shared as backup for a set of primary lines. The following configuration shows how to set up a single interface to back up all of the primary lines:

interface serial 1 
description Leased connection to Hong Kong 
ip address 128.10.200.66 255.255.255.192 
! 
interface serial 2 
description leased connection to Singapore 
ip address 128.10.202.66 255.255.255.192 
! 
interface serial 5 
description backup DDR connection for all destinations except Tokyo 
ip address 128.10.200.130 255.255.255.192 
ip address 128.10.202.130 255.255.255.192 secondary 
dialer in-band 
dialer wait-for-carrier-time 60 
! map Hong Kong to a phone number 
dialer map ip 128.10.200.129 0118527351625 
! map Singapore to a phone number 
dialer map ip 128.10.202.129 011653367085 
pulse-time 1 
dialer-group 1			 
! 
interface serial 7 
description DDR connection to Tokyo 
ip address 128.10.204.66 255.255.255.192 
dialer in-band 
dialer wait-for-carrier-time 60 
dialer string 0118127351625 
pulse-time 1 
dialer-group 1 
! 
router igrp 1 
network 128.10.0.0 
passive-interface serial 5 
redistribute static 
! 
! route to Hong Kong with administrative distance 
ip route 128.10.200.0 255.255.255.192 128.10.200.129 150 
! route to Singapore with administrative distance 
ip route 128.10.202.0 255.255.255.192 128.10.202.129 150 
! route to Tokyo 
ip route 128.10.204.0 255.255.255.192 128.10.204.65 
! 
access-list 101 deny igrp 0.0.0.0 255.255.255.255 255.255.255.255 0.0.0.0 
access-list 101 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 
dialer-list 1 list 101 

Serial interface 5 is the DDR backup interface for all destinations and is configured with multiple IP addresses for routing. The dialer map commands map the next hop addresses to the telephone numbers for each of the destinations. If a dynamic route is lost, the floating static route takes over. The next hop address sends the packets to serial interface 5, where the dialer map commands place the telephone call.

If two primary lines fail at the same time, there will be contention to use serial interface 5. The fast-idle timer may disconnect the calls. If serial interface 5 were in constant use, one of the primary lines would be disconnected and packets would be dropped. The fact that the backup route is unavailable is not communicated because there is no way to announce that one of the two IP addresses on the interface are unavailable. If you use a dialer rotary group, the contention problem can be avoided.

Using Leased Lines and Dial Backup

This section describes how to use the following two methods for dial backup with leased lines:

DTR Dialing

Since Software Release 8.3, a dial backup capability has been provided. Although it is somewhat more restrictive than floating static routes, dial backup can be used if V.25bis modems are not available or if protocols that do not have support for floating static routes are used.

Central Site

Dial backup requires that the modems place a call when the Data Terminal Ready (DTR) signal is raised. The telephone number is configured into the modem or other DCE device. That number is called when DTR is raised. The call is disconnected when DTR is lowered. The following configuration illustrates how to take advantage of dial backup and DTR dialing:

interface serial 1 
description Leased connection to Hong Kong 
ip address 128.10.200.66 255.255.255.192 
backup interface serial 4 
ackup delay 0 20 
! 
interface serial 2 
description leased connection to Singapore 
ip address 128.10.202.66 255.255.255.192 
backup interface serial 5 
backup delay 0 20 
! 
interface serial 4 
description backup connection for Hong Kong 
ip address 128.10.200.67 255.255.255.192 
pulse-time 10 
! 
interface serial 5 
description backup connection for Singapore 
ip address 128.10.202.67 255.255.255.192 
pulse-time 10 
! 
interface serial 7 
description DDR connection to Tokyo 
ip address 128.10.204.66 255.255.255.192 
dialer in-band 
dialer wait-for-carrier-time 60 
dialer string 0118127351625 
pulse-time 1 
dialer-group 1 
! 
router igrp 1 
network 128.10.0.0 

This solution requires one serial port per primary line. Because the backup ports are placed on the same subnet as the primary serial port, no static routes are required. The backup delay command is used to specify how long to wait after the primary has failed before activating the backup line, and how long to delay before deactivating the backup line after the primary line comes back up. In this case, the primary link will be active for 20 seconds before disabling the backup line. This delay allows for flapping in the primary link when it returns to functioning.

Remote Sites

For the remote sites, the floating static route is not needed. The IP address of the backup interface must be on the same subnet as the primary interface. The following example illustrates the Hong Kong router configuration. Serial interface 0 is the leased line, whereas serial interface 1 answers calls as a backup method:

interface serial 0 
description leased line from San Francisco 
ip address 128.10.200.65 255.255.255.192 
! 
interface serial 1 
description interface to answer backup calls from San Francisco 
ip address 128.10.200.68 255.255.255.192 
! 
router igrp 1 
network 128.10.0.0

V.25bis Dialing

V.25bis dialing capability can be preferable to DTR dialing when multiple telephone numbers are required. Using DTR dialing, most devices will call only a single number. With V.25bis, the router can attempt to call several numbers if the first number does not answer. The following configuration illustrates V.25bis dialing:

interface serial 1 
description Leased connection to Hong Kong 
ip address 128.10.200.66 255.255.255.192 
backup interface serial 4 
backup delay 0 20 
! 
interface serial 2 
description leased connection to Singapore 
ip address 128.10.202.66 255.255.255.192 
backup interface serial 5 
backup delay 0 20 
! 
interface serial 4 
description backup connection for Hong Kong 
ip address 128.10.200.67 255.255.255.192 
dialer in-band 
dialer wait-for-carrier-time 60 
dialer map IP 128.10.200.68 0118527351625 
dialer map IP 128.10.200.68 0118527351872 
dialer-group 1 
pulse-time 1 
! 
interface serial 5 
description backup connection for Singapore 
ip address 128.10.202.67 255.255.255.192 
dialer in-band 
dialer wait-for-carrier-time 60 
dialer string 011653367085 
dialer-group 1 
pulse-time 1 
! 
interface serial 7 
description DDR connection to Tokyo 
ip address 128.10.204.66 255.255.255.192 
dialer in-band 
dialer wait-for-carrier-time 60 
dialer string 0118127351625 
pulse-time 1 
dialer-group 1 
! 
router igrp 1 
network 128.10.0.0 
redistribute static 
! 
! route to Hong Kong 
ip route 128.10.200.0 255.255.255.192 128.10.200.68 
! route to Singapore 
ip route 128.10.202.0 255.255.255.192 128.10.202.68 
! route to Tokyo 
ip route 128.10.204.0 255.255.255.192 128.10.204.65 
! 
dialer-list 1 protocol IP PERMIT

Multiple telephone numbers are configured for serial interface 4. The two dialer map commands have the same next hop address. The software first attempts to call the telephone number specified in the first dialer map command. If this number fails-that is, if no connection is made before the wait-for-carrier timer expires-the second number is dialed. Each of the other backup interfaces uses a dialer string for the backup telephone number. When using V.25bis with dial backup, the dialer-list protocol command shown in the preceding example should be used. The dialer list states that all IP traffic is interesting and will, therefore, cause dialing. Routing updates are included. When a serial line is used as a backup, it is normally the state of the primary link, not the fast-idle timer, that determines when to disconnect the call.

Summary

As this case study indicates, there are many ways that dial-on-demand routing (DDR) can be used both for primary access and backup access. Sites can place calls, receive calls, and both place and receive calls. Additionally, using dialer rotary groups provides increased flexibility.

Rating: 3.7/5 (3 votes cast)

Personal tools