Thursday, July 29, 2010
Super Spanning-Tree
Revisiting spanning-tree stuff today. Watching a couple CoD's and reading the appropriate chapters in the CCIE R/S cert guide.
Tuesday, July 27, 2010
CCIE R/S Work
Well I have begun! Started watching my Advanced Technologies classes from INE, and reading the corresponding chapters in the CCIE R/S Certification Guide, 4th edition. I am taking detailed notes this time around, trying to create one massive document for all of my CCIE study notes. My current plan is to cruise through layer two over the next couple of weeks using the videos, cert guide, BCMSN guide, and LAN Switching book. After that, I will hash out where to go next....Covered DTP, VTP, trunking, basic ethernet, SPAN's, VLAN's, private vlans (briefly), and some others today. Review mainly, but amazing some of the minute details you forget along the way.
Thursday, July 22, 2010
Passed CCIP!
Well I passed my final CCIP exam yesterday (BGP + MPLS) with an 892. Happy about that as it begins me down the road to the CCIE. I really used this test as prep work towards the CCIE anyways, mainly because with BGP already being a big topic, and MPLS being added, I had hoped that this would give me a leg up as it would dive me a little bit deeper into the technologies than I otherwise would have gone. This was the funnest test to date, and I really enjoyed the certification as a whole. I liked the specialized training on the certain protocols, and have really embraced MPLS and BGP as my new fav's :). Well I am off to develop a training plan, hope you all follow along!
Thursday, July 15, 2010
MPLS + BGP
This test is up next week. I did take a swing at it for free at Cisco Live and unfortunately failed with a 785. I hit my weak points up, and have been doing quite a bit of reading and labbing over the last couple of weeks. I just wanted to show a bit here on allow-as in, and as-override. I used both in this scenario to enable the CE routers to receive routes from the other vpn clients. Heres the topo:
As you can see the customer vpn sites share the same autonomous-system number. This is ok from the SP's perspective, but regular bgp rules will deny updates containing their own as number in the as-path attribute.
*Mar 1 00:36:45.495: BGP(0): 155.1.1.1 send UPDATE (format) 172.16.10.0/24, next 155.1.1.0, metric 0, path Localclear ip bgp * soft in
R0#
*Mar 1 00:36:53.691: BGP(0): 155.1.1.1 rcv UPDATE w/ attr: nexthop 155.1.1.1, origin i, originator 0.0.0.0, path 100 200, community , extended community
*Mar 1 00:36:53.699: BGP(0): 155.1.1.1 rcv UPDATE about 172.16.20.0/24 -- DENIED due to: AS-PATH contains our own AS;
So what can we do to remedy this situation? Well, two things, as-override on the PE router facing the CE router in the neighbor statement like we did on R1:
...snippet
R1
router bgp 100
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback0
!
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
exit-address-family
!
address-family ipv4 vrf customer
neighbor 155.1.1.0 remote-as 200
neighbor 155.1.1.0 activate
neighbor 155.1.1.0 as-override
no synchronization
exit-address-family
Or we could do an allow-as in on the CE router facing the PE router in the neighbor statement like we did on R4:
...snippet
router bgp 200
no synchronization
bgp log-neighbor-changes
network 172.16.20.0 mask 255.255.255.0
neighbor 155.1.1.6 remote-as 100
neighbor 155.1.1.6 allowas-in 1
no auto-summary
Either way works, the only difference is that the as-override will override the customers as number in an update message with its own (see below the show ip bgp output of R0):
R0#show ip bgp
BGP table version is 7, local router ID is 172.16.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 172.16.10.0/24 0.0.0.0 0 32768 i
*> 172.16.20.0/24 155.1.1.1 0 100 100 i --overwrote the 200
Whereas allow-as in will allow it's own as number in the as-path a pre-determined number of time (1-10). See output below on R4:
R4#show ip bgp
BGP table version is 5, local router ID is 172.16.20.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 172.16.10.0/24 155.1.1.6 0 100 200 i ---allowed the bgp route in with 200 in path
*> 172.16.20.0/24 0.0.0.0 0 32768 i
As you can see the customer vpn sites share the same autonomous-system number. This is ok from the SP's perspective, but regular bgp rules will deny updates containing their own as number in the as-path attribute.
*Mar 1 00:36:45.495: BGP(0): 155.1.1.1 send UPDATE (format) 172.16.10.0/24, next 155.1.1.0, metric 0, path Localclear ip bgp * soft in
R0#
*Mar 1 00:36:53.691: BGP(0): 155.1.1.1 rcv UPDATE w/ attr: nexthop 155.1.1.1, origin i, originator 0.0.0.0, path 100 200, community , extended community
*Mar 1 00:36:53.699: BGP(0): 155.1.1.1 rcv UPDATE about 172.16.20.0/24 -- DENIED due to: AS-PATH contains our own AS;
So what can we do to remedy this situation? Well, two things, as-override on the PE router facing the CE router in the neighbor statement like we did on R1:
...snippet
R1
router bgp 100
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback0
!
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
exit-address-family
!
address-family ipv4 vrf customer
neighbor 155.1.1.0 remote-as 200
neighbor 155.1.1.0 activate
neighbor 155.1.1.0 as-override
no synchronization
exit-address-family
Or we could do an allow-as in on the CE router facing the PE router in the neighbor statement like we did on R4:
...snippet
router bgp 200
no synchronization
bgp log-neighbor-changes
network 172.16.20.0 mask 255.255.255.0
neighbor 155.1.1.6 remote-as 100
neighbor 155.1.1.6 allowas-in 1
no auto-summary
Either way works, the only difference is that the as-override will override the customers as number in an update message with its own (see below the show ip bgp output of R0):
R0#show ip bgp
BGP table version is 7, local router ID is 172.16.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 172.16.10.0/24 0.0.0.0 0 32768 i
*> 172.16.20.0/24 155.1.1.1 0 100 100 i --overwrote the 200
Whereas allow-as in will allow it's own as number in the as-path a pre-determined number of time (1-10). See output below on R4:
R4#show ip bgp
BGP table version is 5, local router ID is 172.16.20.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 172.16.10.0/24 155.1.1.6 0 100 200 i ---allowed the bgp route in with 200 in path
*> 172.16.20.0/24 0.0.0.0 0 32768 i
Lots Going On
Well I have had a chaotic few weeks. Lots going on at work with remote site deployment, Cisco Live, and a Vacation to Mexico...all over the last 4 weeks. Cisco Live was a BLAST, but very exhausting at the same time. I learned alot, and will take that experience with me into the future. Mexico was of course awesome, and the remote site deployments have been a great time with ASA's flying out of the boxes, MPLS configuration, core equipment configs, VPN's, and quite a bit of routing play.
Subscribe to:
Posts (Atom)