Wednesday, December 30, 2009

ISIS: TE

router isis
metric-style wide
mpls traffic-eng tunnel level-2
mpls traffic-eng tunnel router-id lo0

==> Side Effects
If there is a router somewhere else that you missed out configuring "metric-style wide" , ISIS adj will go down,

Ref: INE Workbook VOl2 V1.0 Lab 7 Task 5.4 ( Traffic Engineering)

############Alternative ####################################
configure the R3 router with foll
router isis
metric-style transition

Here is why

metric-style transition

To configure a router to generate and accept both old-style and new-style TLVs (TLV stands for type, length, and value object), use the metric-style transition command in router configuration mode.

metric-style transition {level-1 | level-2 | level-1-2}

Syntax Description

level-1

Enables this command on routing level 1.

level-2

Enables this command on routing level 2.

level-1-2

Enables this command on routing levels 1 and 2.


Defaults

IS-IS traffic engineering extensions include new-style TLVs with wider metric fields than old-style TLVs. By default, the MPLS traffic engineering image generates old-style TLVs only. To do MPLS traffic engineering, a router needs to generate new-style TLVs.

Posted by at No comments:
Labels: ,

allowas-in v/s as-override

# allowas-in config needs to be done on CE
ON CE
router bgp 65001
network 10.7.7.0 mask 255.255.255.0
network 10.7.77.0 mask 255.255.255.0
network 10.7.27.0 mask 255.255.255.0

neighbor 10.7.27.2 remote-as 1234
neighbor 10.7.27.2 allowas-in 2

ON PE
router bgp 1234
address-family ipv4 vrf 65001
neighbor 10.7.27.7 remote-as 65001

Rack1R7#sh ip bgp
BGP table version is 10, local router ID is 10.7.7.7
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 10.7.7.0/24 0.0.0.0 0 32768 i
*> 10.7.8.0/24 10.7.27.2 0 1234 65001 i
*> 10.7.27.0/24 0.0.0.0 0 32768 i
*> 10.7.48.0/24 10.7.27.2 0 1234 65001 i
*> 10.7.77.0/24 0.0.0.0 0 32768 i
Rack1R7#


################################################################
as-override
# as-override needs to be done on PE under the address-family ipv4 vrf
ON CE
router bgp 65001
network 10.7.7.0 mask 255.255.255.0
network 10.7.77.0 mask 255.255.255.0
network 10.7.27.0 mask 255.255.255.0

neighbor 10.7.27.2 remote-as 1234
--> Remove this --->neighbor 10.7.27.2 allowas-in 2-->Unless u have a NON MPLS backdoor

ON PE
router bgp 1234
address-family ipv4 vrf 65001
neighbor 10.7.27.7 remote-as 65001
neighbor 10.7.27.7 as-override

Rack1R7#sh ip bgp
BGP table version is 14, local router ID is 10.7.7.7
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 10.7.7.0/24 0.0.0.0 0 32768 i
*> 10.7.8.0/24 10.7.27.2 0 1234 1234 i
*> 10.7.27.0/24 0.0.0.0 0 32768 i
*> 10.7.48.0/24 10.7.27.2 0 1234 1234 i
*> 10.7.77.0/24 0.0.0.0 0 32768 i
Rack1R7#

Conclusion
as-override means PE replaces all occurrences of CE ASN with its ASN
Posted by at 1 comment:
Labels:

Tuesday, December 29, 2009

ISIS : The Pain

1) Authenticate with all interfaces in L2 ( or L1)
domain-password CISCO

2) The interface level
isis authentication mode text level-2
isis password CISCO

What do the above do ?
I read on IEOC forum that these only authenticate the Hello PDU

whereas the Authentication on the ISIS instance authenticates LSP, CSNP, and PSNP PDUs

Whatever ??? I will investigate further...

3) The new way , key-chain and stuff, like RIP

key chain ISIS_LEVEL2
key 1
key-string CISCO
!
router isis
authentication mode text level-2
authentication key-chain ISIS_LEVEL2 level-2

More information on the CCO link here


There are three types of passwords

1)

Interface x

isis password CISCO --> Used to Initialise the Link.

2)

router isis

area-password CISCO --> used to authenticate links in the given area ( 49.xxxx)

=> Caveat area-password cannot be used for L2 adj

"If directly connected routers have area-authentication configured on one side of a link, CLNS IS-IS adjacency is formed between the two routes. However, the router on which area-authentication is configured, does not accept L1 LSPs from the CLNS neighbor with no area-authentication configured. However, the neighbor with no area-authentication does continue to accept both L1 and L2 LSPs."

3)

router isis

domain-password CISCO --> Used to authenticate links in the given domain (49)

=>Caveat

"If you configure domain authentication on one router, it rejects the L2 LSPs from routers that do not have domain authentication configured. Routers that do not have authentication configured accept the LSPs from the router that does have authentication configured."




Posted by at No comments:
Labels:

The Grand ACL

Allow only LDP
permit udp host eq 646 host 224.0.0.2 eq 646
permit tcp host host eq 646
permit tcp host host eq 646
Posted by at No comments:
Labels:

address-family ipv4 multicast

AS per CCO

https://www.cisco.com/en/US/docs/ios/12_1/iproute/command/reference/1rdmbgp.pdf

TO enable Multicast BGP (MBGP)

router bgp 200
address-family ipv4 multicast
neighbor 20.6.26.2 activate
network 20.6.5.5 mask 255.255.255.255

How to verify
sh ip bgp ipv4 multicast
Posted by at No comments:
Labels: ,

MSDP

ip msdp peer connect-source lo0
ip msdp default-peer
Posted by at No comments:
Labels:

ip pim accept-rp

From CCO

http://www.cisco.com/en/US/docs/ios/12_2/ipmulti/command/reference/1rfmult2.html#wp1019380

ip pim accept-rp

To configure a router to accept join or prune messages destined for a specified rendezvous point (RP) and for a specific list of groups, use the ip pim accept-rp command in global configuration mode. To remove that check, use the no form of this command.


rp-address

RP address of the RP allowed to send join messages to groups in the range specified by the group access list.

Posted by at No comments:
Labels:

Monday, December 28, 2009

OSPF sham-link

Rules:
1) Can belong to any area including area 0
2) Sham Link end points cannot be advertised by OSPF

steps on PE:
1) Create a New Loopback and put it in vrf
2) Advertise the loopback in MPBGP
3) Create a sham-link
4) Ensure the OPSF cost on the backdoor link is high so that traffic prefers MPLS link.
Posted by at No comments:
Labels: ,

MPLS LDP password

mpls ldp router-id lo0
mpls ldp neighbor 20.6.1.1 password CISCO
Posted by at No comments:
Labels: , ,

Sunday, December 27, 2009

network x.x.x.x mask y.y.y.y backdoor

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00800c95bb.shtml#bgpbackdoor

Ref Task 3.5 in IEWB vol 2 lab6

backdoor is used when you have some IGP advertising the same network also learnt via eBGP
Since the AD of eBGP is 20 lowest compared to all other IGPs

We are left with two choices
1) lower the AD of IGP to 19
2) use the backdoor.

Referring to the link above, I found out the backdoor cmd in bgp

What this does is make the network added to that router seem like it's LOCAL
At the same time, router doesnt advertise this route to any IBGP/eBGP peers.

So it treats this route as [200/x] (x is the metric)
==>IBGP learnt route.
Now any IGP advertising this route can instill this network into the routing table by the virtue of it having the lowest AD.
Posted by at No comments:
Labels:

Ver 2: "Denied Boarding: Reason-Over Booking"

Friends sometime in 2008-Jan, I blogged about my free ticket to SA.
You can read it here

Eventually, I applied for a Business VISA to SA and also got the free ticket issued to travel to JNB sometime in Nov09.

However as destiny has it.....Despite I having everything, I didn't travel !!!!!

Why you may ask ?
Well I have the answer, but if I tell you , you will count me stupid.......So yes I let this free ticket lapse.
Suffice to say, I didn't travel due to personal reasons.

That's that about having things for free
Posted by at No comments:

IEWB Vol2 Lab5: IP Addressing: Hung Up on 10.x

IN IEWB vol2 lab 5 ( CCIE SP), they have intentionally mixed up IP addressing with 10.x and 20.x and this is causing me tremendous delays

I am spending way too much time deleting the wrong IP and applying the correct ones at L3 and in IGP.

THis is not acceptable.
I must
1) get good rest ... Havent done that over few days
2) get over this copy/paste from notepad error issue,


I have noticed, today, I tried to speed up on my skills on L2 and IP addressing, and ended up wasting way too much time fixing the copy/paste errors.

This is not acceptable.
Posted by at No comments:

Switching Fundamentals : Not Strong

R2 int f0/0.26 -> R7 int f1/1 (trunk)

R6 int e0/1 -> R8 int f1/6 (access)

R7 f1/13 --> R8 f1/13 (trunk)

One port on a R2 is a trunk to switch , other end the R6 port is access to the switch.
Yet it will work.
basic, but needed revisiting
Posted by at No comments:

Saturday, December 26, 2009

Multicast VPN Troubleshooting

sh ip rpf
sh ip rpf
sh ip mroute count --> check to see if there are any 0/0/0/0 -->rpf failure
sh ip pim vrf interface --> on tu0 interface you should see neighbors
sh ip pim vrf rp mappings

sh ip pim rp mapping

Also when it doesn't work, shut down all TE tunnels and check, if that works, then turn on the TE tunnels and work out the RPF failures.

Finally sh tech multicast o/p can also be investigated.
Posted by at No comments:

Friday, December 25, 2009

If any of these links go down R4 should abandon .....

Some Serious Interpretation of English is called for ....Else you lose points and fail lab !

INE Vol2 Lab 5
Task 4.4 Traffic Engineering

"If any of these links go down R4 should abandon the traffic engineered path in favour of any alternate dynamically learned non-traffic engineered path"

I interpreted (hastily) this to mean that last path-option should be dynamic !

But it actually meant, fall back to IGP, not dynamic path.

But hey, apart from the English.... If you notice when it does fall back to dynamic, it indeed use IGP Best Path. ... So whats the deal ?

If you know better let me know.

I dont want to fail the lab for not interpreting the stupid English
Posted by at No comments:

sh mpls ldp neighbor

Rack1R1#sh mpls ldp neighbor
Peer TDP Ident: 124.5.2.2:0; Local TDP Ident 124.5.1.1:0
TCP connection: 124.5.2.2.11000 - 124.5.1.1.711
State: Oper; PIEs sent/rcvd: 4/4; Downstream
Up time: 00:00:40
TDP discovery sources:
ATM4/0.12, Src IP addr: 124.5.12.2
Addresses bound to peer TDP Ident:
124.5.24.2 124.5.23.2 124.5.12.2 124.5.19.2
124.5.2.2
Peer LDP Ident: 124.5.3.3:0; Local LDP Ident 124.5.1.1:0
TCP connection: 124.5.3.3.44185 - 124.5.1.1.646
State: Oper; Msgs sent/rcvd: 14/12; Downstream
Up time: 00:00:27
LDP discovery sources:
Serial2/1, Src IP addr: 124.5.13.3
Addresses bound to peer LDP Ident:
124.5.34.3 124.5.13.3 124.5.23.3 124.5.3.3
Rack1R1#

Cisco IOS folks pls change this command, it shows both LDP and TDP neighbors
Also there is no IOS command to display TDP neighbors
i.e sh mpls tdp neighbors

So the above command should be changed to reflect sh mpls neighbors
Posted by at No comments:

Difference between Inter AS VPN and CsC ?

In CsC the Provider Edge Router doesn't do ipv4 BGP with Customer Edge Router.
Posted by at No comments:

ACL to Allow only Odd Subnets in the first octect ?

ip access-list standard ODDNWK
permit 1.0.0.0 254.255.255.255

when applied in a route map with local-pref modifications

Rack1R7#sh ip bgp
BGP table version is 25, local router ID is 64.5.7.7
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 28.119.16.0/24 204.12.1.254 0 150 0 54 i
*> 28.119.17.0/24 204.12.1.254 0 150 0 54 i
*> 112.0.0.0 204.12.1.254 150 0 54 50 60 i
*> 113.0.0.0 204.12.1.254 50 0 54 50 60 i
*> 114.0.0.0 204.12.1.254 150 0 54 i
*> 115.0.0.0 204.12.1.254 50 0 54 i
*> 116.0.0.0 204.12.1.254 150 0 54 i
*> 117.0.0.0 204.12.1.254 50 0 54 i
*> 118.0.0.0 204.12.1.254 150 0 54 i
*> 119.0.0.0 204.12.1.254 50 0 54 i
*>i192.10.1.0 64.5.8.8 0 100 0 ?
*>i205.90.31.0 192.10.1.254 7 100 0 ?
*>i220.20.3.0 192.10.1.254 7 100 0 ?
*>i222.22.2.0 192.10.1.254 7 100 0 ?
Rack1R7#
Posted by at No comments:
Subscribe to: Posts (Atom)