Networking, Security & Cloud Knowledge

Showing posts with label Routing. Show all posts
Showing posts with label Routing. Show all posts

Friday, October 25, 2024

BGP (Border Gateway Protocol) Cheat Sheet

BGP (Border Gateway Protocol)

 Cheat Sheet

Basic Concepts

- BGP (Border Gateway Protocol): The protocol used to exchange routing information between different autonomous systems (AS).
- Autonomous System (AS): A collection of IP networks and routers under a single organization's control.
- BGP Peers: Routers that exchange BGP routing information.
- BGP Session: TCP connection between BGP peers (port 179).

BGP States

1. Idle
2. Connect
3. Active
4. OpenSent
5. OpenConfirm
6. Established

BGP Attributes

- AS_PATH: List of ASs a route has traversed.
- NEXT_HOP: Next hop IP address for the route.
- LOCAL_PREF: Indicates the preferred exit point from the AS.
- MED (Multi-Exit Discriminator): Suggests preferred entry point to an AS.
- COMMUNITY: A way to group routes for routing decisions.

BGP Configuration Commands (Cisco)

Basic Configuration:
router bgp 
  neighbor  remote-as 
  neighbor  description 

Example:
router bgp 65001
  neighbor 192.168.1.1 remote-as 65002
  neighbor 192.168.1.1 description "Peer Router"

Advertise a Network:
network  mask 

Example:
network 10.0.0.0 mask 255.255.255.0

Viewing BGP Information (Cisco)

- Show BGP Summary:
show ip bgp summary

- Show BGP Routes:
show ip bgp

- Show BGP Neighbor Details:
show ip bgp neighbors 

BGP Route Filtering

- Disallow Specific Routes:
neighbor  filter-list  in

- Using Route Maps:
route-map  permit 
  match 
  set 

BGP Timers

Adjust BGP Keepalive and Hold Timers:
neighbor  timers  

Example:
neighbor 192.168.1.1 timers 30 90

BGP Best Path Selection Criteria

1. Highest Weight (Cisco-specific)
2. Highest Local Preference
3. Shortest AS Path
4. Lowest Origin Type (IGP < EGP < Incomplete)
5. Lowest MED
6. EBGP over IBGP
7. Lowest IGP metric to NEXT_HOP
8. Oldest route (if all else is equal)
9. Lowest BGP router ID (if all else is equal)

Common BGP Commands for Troubleshooting

- Check BGP Neighbors:
show ip bgp neighbors

- BGP Route Information:
show ip bgp 

- Check BGP Updates:
show ip bgp updates
BGP Cheat Sheet

BGP Cheat Sheet

Basic Concepts

- BGP (Border Gateway Protocol): The protocol used to exchange routing information between different autonomous systems (AS).
- Autonomous System (AS): A collection of IP networks and routers under a single organization's control.
- BGP Peers: Routers that exchange BGP routing information.
- BGP Session: TCP connection between BGP peers (port 179).

BGP States

1. Idle
2. Connect
3. Active
4. OpenSent
5. OpenConfirm
6. Established

BGP Attributes

- AS_PATH: List of ASs a route has traversed.
- NEXT_HOP: Next hop IP address for the route.
- LOCAL_PREF: Indicates the preferred exit point from the AS.
- MED (Multi-Exit Discriminator): Suggests preferred entry point to an AS.
- COMMUNITY: A way to group routes for routing decisions.

BGP Configuration Commands (Cisco)

Basic Configuration:
router bgp 
  neighbor  remote-as 
  neighbor  description 

Example:
router bgp 65001
  neighbor 192.168.1.1 remote-as 65002
  neighbor 192.168.1.1 description "Peer Router"

Advertise a Network:
network  mask 

Example:
network 10.0.0.0 mask 255.255.255.0

Viewing BGP Information (Cisco)

- Show BGP Summary:
show ip bgp summary

- Show BGP Routes:
show ip bgp

- Show BGP Neighbor Details:
show ip bgp neighbors 

BGP Route Filtering

- Disallow Specific Routes:
neighbor  filter-list  in

- Using Route Maps:
route-map  permit 
  match 
  set 

BGP Timers

Adjust BGP Keepalive and Hold Timers:
neighbor  timers  

Example:
neighbor 192.168.1.1 timers 30 90

BGP Best Path Selection Criteria

1. Highest Weight (Cisco-specific)
2. Highest Local Preference
3. Shortest AS Path
4. Lowest Origin Type (IGP < EGP < Incomplete)
5. Lowest MED
6. EBGP over IBGP
7. Lowest IGP metric to NEXT_HOP
8. Oldest route (if all else is equal)
9. Lowest BGP router ID (if all else is equal)

Common BGP Commands for Troubleshooting

- Check BGP Neighbors:
show ip bgp neighbors

- BGP Route Information:
show ip bgp 

- Check BGP Updates:
show ip bgp updates

Saturday, May 30, 2015

Cisco Router Preview

Cisco Router:


Cisco 1720 router :

  • On board 10/100 Mbps port.
  • WIC : Two smart Serial  , Model: WIC 2T
  • WIC : ISDN BRI, Model : BRI S / T
  • WIC : Serial , Model : WIC 1T
  • WIC : Ethernet , Model : WIC 1E (Support only 10 Mbps, no 100 Mbps )
  • 1750 Series Support Voice.




























Cisco 1841,
  • Two 10/100 Mbps port onboard.
  • Two smart serial WIC  ( Left )
  • BRI WIC  ( Right)


Cisco 2901


Cisco 2911

Cisco 2921


Saturday, August 25, 2012

Understanding IPv6 Address

Introduction:


RIR (Regional Internet Registries)

1. RIPE NCC

2. AfriNIC

3. APNIC

4. ARIN

5. LACNAC





Time line:

• 3rd FEB 2011 last remaining /8 pools were allocated amongest the five Regional Internet Registries

• 15th APR 2011 APNIC pool consist of the final /8 block



Why to move to IPv6

• ipv4 address pool exhausted

• NGN capabilities to defence

• Govt. mandates

• cable market address scaling

• population densities in APAC

• 4G deployments

• connects people and things not only computer



When enterprise will deploy Ipv6

• They have an application requirement to drive it

• Their presence on the Internet is compromised by lack of IPv6 access

• The price of an IPv4 address exceeds the hardware cost to route it





Ipv6 Introduction

• IPv6 addresses are 128 bits long

o Segmented into 8 groups of four HEX characters (called HEXtets) Separated by a colon (:)



• Default is 50% for network ID, 50% for interface ID

o Network portion is allocated by Internet registries 2^64 (1.8 x 1019),Still leaves us with ~ 3 billion network prefixes for each person on earth



340,282,366,920,938,463,374,607,432,768,211,456

(IPv6 Address Space - 340 Trillion Trillion Trillion)

vs

4,294,967,296

(IPv4 Address Space - 4 Billion)

• Abbreviations are possible

Only Leading zeros in contiguous block could be represented by (::)

2001:0db8:0000:130F:0000:0000:087C:140B

2001:0db8:0:130F::87C:140B

Double colon can only appear once in the address



• IPv6 uses CIDR representation

IPv4 address looks like 98.10.0.0/16

IPv6 address is represented the same way 2001:db8:12::/48

Notation must be represented in 16 bit blocks irrespective of the mask e.g. FE80::/10, or FF00::/8



• Addresses are assigned to interfaces



• An IPv6 interface is “expected” to have multiple addresses and multiple scopes



• Addresses have scope

o Link Local

o Unique Local

o Global



• Addresses have lifetime

o Valid and preferred lifetime





IPv6 Address

•Loopback address representation

0:0:0:0:0:0:0:1 == ::1 Same as 127.0.0.1 in IPv4 Identifies self



•Unspecified address representation

0:0:0:0:0:0:0:0 == ::

Used as a placeholder when no address available (Initial DHCP request, Duplicate Address Detection DAD)

NOT the default route



•Default Route representation

::/0







IPv6 Address Types

Three types of unicast address scopes

• Link-Local – Non routable exists on single layer 2 domain (FE80::/64)

o FE80:0000:0000:0000:xxxx:xxxx:xxxx:xxxx



• Unique-Local – Routable within administrative domain (FC00::/7)

o FCgg:gggg:gggg:ssss:xxxx:xxxx:xxxx:xxxx

o FDgg:gggg:gggg:ssss:xxxx:xxxx:xxxx:xxxx



• Global – Routable across the Internet (2000::/3)

o 2ggg:gggg:gggg:ssss:xxxx:xxxx:xxxx:xxxx

o 3ggg:gggg:gggg:ssss:xxxx:xxxx:xxxx:xxxx







Multicast addresses (FF00::/8)

• FFzs: xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx

o Flags (z) in 3rd nibble (4 bits) Scope (s) into 4th nibble







IPv6 Addressing Types Summary: (Represented in Binary and Hex)

Type Binary Hex

Global Unicast Address 001 2 or 3

Link Local Unicast Address 1111 1110 10 FE80::/10

Unique Local Unicast Address 1111 1100 1111 1101 FC00::/7 FC00::/8(registry) FD00::/8 (no registry)

Multicast Address 1111 1111 FF00::/16

Solicited Node Multicast FF02::1:FF00/104





Allocation Process

IANA 2000::/3

Registries 2000::/12

ISP 2000:/32

Enterprise 2000:/48



Global Unicast Address Interface ID

• Interface ID unicast address may be assigned in different ways

o Auto-configured from a 64-bit EUI-64 or expanded from a 48-bit MAC

o Auto-generated pseudo-random number (to address privacy concerns)

o Assigned via DHCP

o Manually configured



• EUI-64 format to do stateless auto-configuration

o Expands the 48 bit MAC address to 64 bits by inserting FFFE into the middle

o To ensure chosen address is from a unique Ethernet MAC address

o The universal/local ( “u” bit) is set to 1 for global scope and 0 for local scope





• IPv6 Interface Identifier (EUI-64 format)

o Cisco uses the EUI-64 format to do stateless auto-configuration

o This format expands the 48 bit MAC address to 64 bits by inserting FFFE into the middle 16 bits

o To make sure that the chosen address is from a unique Ethernet MAC address, the universal/local (“u” bit) is set to 1 for global scope and 0 for local scope

o Cisco devices ‘bit-flip’ the 7th bit







• Link-Local Address

1111 1110 10

FE80::/10

o Mandatory for communication between two IPv6 devices

o Automatically assigned by device using EUI-64

o Also used for next-hop calculation in routing protocols

o Only link specific scope

o Remaining 54 bits could be zero or any manually configured





• Unique Local Address (RFC 4193)

o 1111 110L

o FC00::/7

o ULA are “like” RFC 1918 – not routable on Internet

o ULA uses include

 Local communications

 Inter-site VPNs (Mergers and Acquisitions)

o FC00::/8 is Registry Assigned (L bit = 0), FD00::/8 is self generated (L bit = 1)

 Registries not yet assigning ULA space, http://www.sixxs.net/tools/grh/ula/

o Global ID can be generated using an algorithm

 Low order 40 bits result of SHA-1 Digest {EUI-64 && Time}





• IPv6 Multicast Address (RFC 4291)

o An IPv6 multicast address has the prefix FF00::/8 (1111 1111)







Well Known Multicast Addresses





Address Scope Meaning

FF01::1 Node-Local All Nodes

FF01::2 Node-Local All Routers

FF02::1 Link-Local All Nodes

FF02::2 Link-Local All Routers

FF02::5 Link-Local OSPFv3 Routers

FF02::6 Link-Local OSPFv3 DR Routers

FF02::1:FFXX:XXXX Link-Local Solicited-Node





• Solicited-Node Multicast Address

o For each Unicast and Anycast address configured there is a corresponding solicited-node multicast (Layer 3 address)

o Used in neighbor solicitation (NS) messages

o Multicast address with a link-local scope

o Solicited-node multicast consists of

o FF02::1:FF & {lower 24 bits from IPv6 Unicast interface ID}



IPv6 Interface example





Header comparison



IPv6 unique local address


Site-Local Addresses

• First stab at having a private address space range for our internal organizations

• Similar to RFC 1918 for IPv4.

• This address space was defined in RFC 3513

• Being in the range FEC0::/10.

• Basically what this means is that the first 12 bits of the address had to look something like this:

o 1111 1110 11xx

o [ F ] [ E ] [C-F]

The site-local address was the first attempt at letting network admins assign their own private addressing for their “sites.” The issues with it were that the term “site” was somewhat ambiguous. Nobody could really agree on what a “site” was. Secondly, there was no guarantee that no two sites within the same organization would not end up using overlapping site addressing due to carelessness or whatever else. Site-Local addresses went to sleep permanently when deprecated officially in RFC 3879.

Unique-Local Addresses (Replaces Site local address)

• Unique-Local addresses have officially replaced site-local addresses.

• There are really two different “flavors.” Unique-Local Addresses (ULA) are defined in RFC 4193

• They are given the range FC00::/7.

• Basically your first 8 bits will look like this:

o 1111 110x

o [F ] [C-D]

• Overall, your unique-local address will look something like this:

o F[C-D]xx:xxxx:xxxx:yyyy:zzzz:zzzz:zzzz:zzzz

 It starts with either FC or FD in hexadecimal.

 The string of ‘x’s there represents what we call our “global-id” which would describe your company and is 40 bits long.

 The string of ‘y’s represent what we call the “subnet-id” which describes the sites within your company and is 16 bits long.

 The string of ‘z’s is the remaining 64 bits that represent a host.

 So essentially you have a 40-bit value that represents your company and 16 bits to play with for subnetting (which gives you up to 65,535 /64 subnets).

We have this FC00::/7 range. Basically some people thought the 40-bit global-id should be something centrally assigned by a registrar of sorts (similar to ARIN). The addresses would still not be routable on the public internet, but would be controlled by a trusted third party registrar. The reasoning was so that it was guaranteed that no two sites within an organization would ever get overlapping ranges.

On the other hand, other people didn’t like the idea of having private addresses allocated to them. Therefore, what they did was a compromise.

They took this massive FC00::/7 range and broke it up into two individual /8’s – FC00::/8 and FD00::/8 and each one works a bit differently.

Unique-Local Locally-Assigned Addresses (FD00::/8)

The people that do not want their private addresses assigned to them by a third party get this range. The kicker is that in the RFC the way that 40-bit global-id get’s picked is still not really Supposed to be up to you. It is a randomly generated number (at least “pseudo-random”). So, with FD00::/8 you get something like this

FDxx:xxxx:xxxx:yyyy:zzzz:zzzz:zzzz:zzzz

Where string of ‘x’s is still the global-id and is 40-bits long…it is just randomly generated, or at least SHOULD be. The rest is the same…we still have 16 bits for subnetting and a /64 host address

Unique-Local Centrally-Assigned Addresses (FD00::/8)

The people that were for the private addresses being centrally assigned by some sort of registrar get the FC00::/8 range. Now, as of right now this organization that is supposed to hand out the addresses really doesn’t exist yet, the concept is similar except now you have something like this:

FCxx:xxxx:xxxx:yyyy:zzzz:zzzz:zzzz:zzzz

Where string of ‘x’s is still the global-id and is 40-bits long. The rest is the same…we still have 16 bits for subnetting and a /64 host address





IPv6 Lab in GNS3

IPv6 test lab on GNS to Demontrate following
  1. Dual Stack
  2. MP BGP to enabel IPv6 routing
  3. HSRPv2
  4. IPv6 Autoconfiguration


IOS used: c3745-advipservicesk9-mz.124-15.T7



Setup description:

IP address / subnet details

• IPv4

o 192.168.1.0 /24 R1-R2-R3 LAN

o 192.168.3.0/24 between R1 & R4

o 192.168.5.0/24 between R2 & R4

o 192.168.4.0/24 R4 loopback

o R1 & R2 running hsrp group 2 with virtual ip 192.168.1.1



• IPv6

o 2001::/64 R1-R2-R3 LAN

o 2003::/64 between R1 & R4

o 2005::/64 between R2 & R4

o 2004::/64 R4 loopback

o R1 & R2 running hsrp v2 group 1 with auto-configured virtual ip





• BGP detail

o R1 & R2 running ibgp within AS 10

o R4 is AS 40 is running eBGP with R1 & R2 in AS 10 respectively

o R3 is used like end host with default route.



-----------------------------------------------------------------------------------------------------------


R3 Configuration

Hostname R1

!

ipv6 unicast-routing

!

interface FastEthernet0/0

ip address 192.168.1.3 255.255.255.0

duplex auto

speed auto

ipv6 address autoconfig default

end

!

ip route 0.0.0.0 0.0.0.0 192.168.1.1

!

-----------------------------------------------------------------------------------------------------------

R1 configuration

Hostname R2

!

ipv6 unicast-routing



!

interface FastEthernet0/0

ip address 192.168.1.2 255.255.255.0

duplex auto

speed auto

ipv6 address 2001::1/64

standby version 2

standby 1 ipv6 autoconfig

standby 1 priority 110

standby 1 preempt

standby 1 track FastEthernet0/1 20

standby 2 ip 192.168.1.1

standby 2 priority 110

standby 2 preempt

standby 2 track FastEthernet0/1 20

end

!



interface FastEthernet0/1

ip address 192.168.3.2 255.255.255.0

duplex auto

speed auto

ipv6 address 2003::2/64

end



!

router bgp 10

no synchronization

bgp router-id 1.1.1.1

bgp log-neighbor-changes

network 192.168.1.0

neighbor 2001::2 remote-as 10

neighbor 2003::1 remote-as 40

neighbor 192.168.1.3 remote-as 10

neighbor 192.168.3.1 remote-as 40

no auto-summary



!

address-family ipv6

neighbor 2001::2 activate

neighbor 2003::1 activate

network 2001::/64

exit-address-family

!

------------------------------------------------------------------------------------------------------------

R2 Configuration



Hostname R2

!

ipv6 unicast-routing

!

interface FastEthernet0/0

ip address 192.168.1.3 255.255.255.0

duplex auto

speed auto

ipv6 address 2001::2/64

standby version 2

standby 1 ipv6 autoconfig

standby 1 preempt

standby 2 ip 192.168.1.1

standby 2 preempt

!

interface FastEthernet0/1

ip address 192.168.5.2 255.255.255.0

duplex auto

speed auto

ipv6 address 2005::2/64

!

router bgp 10

no synchronization

bgp router-id 2.2.2.2

bgp log-neighbor-changes

network 192.168.1.0

neighbor 2001::1 remote-as 10

neighbor 2005::1 remote-as 40

neighbor 192.168.1.2 remote-as 10

neighbor 192.168.5.1 remote-as 40

no auto-summary

!

address-family ipv6

neighbor 2001::1 activate

neighbor 2005::1 activate

exit-address-family

!

------------------------------------------------------------------------------------------------------------

R4 configuration

!

Hostname R4

!

ipv6 unicast-routing

!

interface Loopback0

ip address 192.168.4.1 255.255.255.0

ipv6 address 2004::1/64

!

interface FastEthernet0/0

ip address 192.168.3.1 255.255.255.0

duplex auto

speed auto

ipv6 address 2003::1/64

!

interface FastEthernet0/1

ip address 192.168.5.1 255.255.255.0

duplex auto

speed auto

ipv6 address 2005::1/64

!

router bgp 40

no synchronization

bgp router-id 4.4.4.4

bgp log-neighbor-changes

network 192.168.3.0

network 192.168.4.0

network 192.168.5.0

neighbor 2003::2 remote-as 10

neighbor 2005::2 remote-as 10

neighbor 192.168.3.2 remote-as 10

neighbor 192.168.5.2 remote-as 10

neighbor 192.168.5.2 route-map PREPEND out

no auto-summary

!

address-family ipv6

neighbor 2003::2 activate

neighbor 2005::2 activate

neighbor 2005::2 route-map PREPEND out

network 2003::/64

network 2004::/64

network 2005::/64

exit-address-family

!

route-map PREPEND permit 10

set as-path prepend 40 40 40

------------------------------------------------------------------------------------------------------------


Show commands:



R1 output







R2 output


R4 output


------------------------------------------------------------------------------------------------------------

Commands:

1 To clear ipv6 bgp neighbor

clear bgp ipv6 unicast x:x:x:x::x



Saturday, February 18, 2012

027-BGP - Border Gateway Protocol




Introduction to BGP: 

  • Path Vector protocol
  • Administrative Distance: eBGP = 20 , iBGP = 200
  • Protocol: IP , TCP port 179
  • Authentication : MD5

BGP Attributes Categories
  • Well-known mandatory (WM) - attributes must be supported and included in routing updates
  • Well-known discretionary (WD) - attributes must be supported but may not be included routing updates
  • Optional transitive (OT) - attributes don't have to be supported, but Marked as partial & passed onto peers
  • Optional nontransitive (ON) - attributes don't have to be supported, and can be ignored.


BGP Attributes
    1. Weight (O)- Cisco proprietary, a 16-bit value used only by local router.
    2. Origin (WM) - The source of the route (IGP > EGP > unknown)
    3. AS Path (WM) - An ordered list of the ASs the route has traversed
    4. Next Hop (WM) - Specifies the next-hop address for the route
    5. Local Preference (WD) - Communicated between iBGP peers to favor a route out of the AS
    6. Multi Exit Discriminator (ON) - Advertised to eBGP peers to indicate a preferred entrance into the local AS
    7. Atomic Aggregate (WD) - Notes that route summarization has been performed
    8. Aggregator (OT) - Identifies the router and AS where summarization was performed
    9. Community (OT) - Provides route tagging capability
    10. Originator ID (ON) - Identifies a route reflector
    11. Cluster List (ON) - Records the route reflector clusters the route has traversed
 NOTE:
An AS Path can be one of two types as distinguished by its type code:
  • AS Sequence - An ordered list
  • AS Set - An unordered list
An AS Set is used to record AS numbers lost when aggregation is performed. The Atomic Aggregate
attribute does not have to be included to indicate aggregation has been performed if an AS Set is
included.




BGP Path Selection Process:







Tuesday, June 28, 2011

021- IP SLA boolean


---------------------------------------------------------------------------------------------------------
hostname R1
!
interface FastEthernet0/0
 ip address 10.10.10.1 255.255.255.0
----------------------------------------------------------

hostname R2
!
interface FastEthernet0/0
 ip address 20.20.20.1 255.255.255.0
 ---------------------------------------------------------


hostname R3
!
interface FastEthernet0/0
 ip address 10.10.10.2 255.255.255.0
!
interface FastEthernet0/1
 ip address 20.20.20.2 255.255.255.0
!
!
ip sla 1
 icmp-echo 10.10.10.1
 frequency 10
ip sla schedule 1 life forever start-time now
!
ip sla 2
 icmp-echo 20.20.20.1
 frequency 10
ip sla schedule 2 life forever start-time now
!
track 1 rtr 1 reachability
!
track 2 rtr 2 reachability
!
track 3 list boolean and
 object 1
 object 2
!
------------------------------------------------------------------------------------------
R3#sh ip sla statistics

Round Trip Time (RTT) for       Index 1
        Latest RTT: 144 milliseconds
Latest operation start time: *00:18:35.835 UTC Fri Mar 1 2002
Latest operation return code: OK
Number of successes: 30
Number of failures: 50
Operation time to live: Forever



Round Trip Time (RTT) for       Index 2
        Latest RTT: 100 milliseconds
Latest operation start time: *00:18:30.851 UTC Fri Mar 1 2002
Latest operation return code: OK
Number of successes: 75
Number of failures: 1
Operation time to live: Forever
-----------------------------------------------------------------------------------------------
R3#sh track 1
Track 1
  Response Time Reporter 1 reachability
  Reachability is Up
    3 changes, last change 00:00:26
  Latest operation return code: OK
  Latest RTT (millisecs) 144
  Tracked by:
     Track-list 3
----------------------------------------------------------------------------
R3#sh trac 2
Track 2
  Response Time Reporter 2 reachability
  Reachability is Up
    1 change, last change 00:10:12
  Latest operation return code: OK
  Latest RTT (millisecs) 108
  Tracked by:
    Track-list 3
----------------------------------------------------------------------
R3#sh trac 3
Track 3
  List boolean and
  Boolean AND is Up
    4 changes, last change 00:00:42
    object 1 Up
    object 2 Up

Sunday, June 26, 2011

020 IP SLA Tracking

IP SLA based tracking.

Router(config) # ip sla 1
Router(config-ip-sla) # icmp-echo Y.Y.Y.Y
Router(config-ip-sla-echo) # frequency 10
Router(config-ip-sla-echo) # timeout 7000
Router(config-ip-sla-echo) # threshold 5000

Router(config) # ip sla schedule 1 life forever start-time now

Router(config) # track 2 rtr 1

Router(config) # interface GigabitEthernet0/0
Router(config-if) #  standby 1 ip x.x.x.x
Router(config-if) #  standby 1 priority 125
Router(config-if) #  standby 1 preempt
Router(config-if) #  standby 1 track 2 decrement 50





Note:
  • IP SLA probes simulate specific types of traffic & send it to a receiver, called as a responder.
  • Y.Y.Y.Y = ip address of responder
  • Timers
1.      Frequency: (Unit: Sec)
2.      Timeout: maximum time required for SLA operation to complete. (Unit: mSec)
3.      Threshold: Time to activate a response to IP SLA violation (Unit: mSec)

Frequency > Timeout > Threshold.



Commands for troubleshooting

Router# sh ip sla configuration
IP SLAs Infrastructure Engine-II
Entry number: 1
Owner:
Tag:
Type of operation to perform: icmp-echo
Target address/Source address: Y.Y.Y.Y/0.0.0.0
Operation timeout (milliseconds): 7000
Type Of Service parameters: 0x0
Vrf Name:
Request size (ARR data portion): 28
Verify data: No
Schedule:
   Operation frequency (seconds): 10  (not considered if randomly scheduled)
   Next Scheduled Start Time: Start Time already passed
   Group Scheduled : FALSE
   Randomly Scheduled : FALSE
   Life (seconds): Forever
   Entry Ageout (seconds): never
   Recurring (Starting Everyday): FALSE
   Status of entry (SNMP RowStatus): Active
Threshold (milliseconds): 5000
Distribution Statistics:
   Number of statistic hours kept: 2
   Number of statistic distribution buckets kept: 1
   Statistic distribution interval (milliseconds): 4294967295
History Statistics:
   Number of history Lives kept: 0
   Number of history Buckets kept: 15
   History Filter Type: None
Enhanced History:
----------------------------------------------------------------------------------------------------------------------

Router # sh track 2
Track 2
  Response Time Reporter 1 state
  State is Up
    91 changes, last change 3d00h
  Latest operation return code: OK
  Latest RTT (millisecs) 36
  Tracked by:
    HSRP GigabitEthernet0/0 1
------------------------------------------------------------------------------------------------------------------------

Router #sh ip sla statistics

Round Trip Time (RTT) for       Index 1
        Latest RTT: 44 milliseconds
Latest operation start time: 09:27:30.566 gmt Thu May 12 2011
Latest operation return code: OK
Number of successes: 159
Number of failures: 0
Operation time to live: Forever

018- IP SLA based Tracking for HSRP

Device detail:

R3 = Primary ISP R4 = Secondary ISP
R1 = Primary WAN router R2 = Secondary WAN router
R5 = Host

• R3 and R4 advertises subnet 200.200.200.200/32 and 100.100.0.0/16 (summary for 100.100.10.1, 100.100.20.1, 100.100.30.1) to R1 and R2 respectively.
• AS path prepanding is configured on R2 for advertised route from R4, so that R3 is preferred over R4 for all outgoing traffic.

Objective:
Configure PBR on R1 so that traffic destined to only 100.100.20.1 subnet is sent to R4 via R2 only if R4 is reachable.


Configuration on R1
!
ip route 20.20.20.2 255.255.255.255 192.168.1.3
!
ip sla 1
icmp-echo 20.20.20.2 << ip address of R4 (backup isp)
threshold 200
frequency 5
!
ip sla schedule 1 life forever start-time now
!
track 3 rtr 1 << track 3 mapped to ipsla 1
!
route-map test permit 10
match ip address 101
set ip next-hop verify-availability 192.168.1.3 1 track 3 << conditional set command


Configuration on R2
!
ip route 100.100.20.0 255.255.255.0 20.20.20.2

017 MPLS configuration on Cisco ios

router(config)# ip vrp


================================================
router(config-vrf)# rd

RD format ASN:nn 16 bit: 32 bit
ip:nn 32 bit: 16 bit
--------------------------------------------------

router(config-vrf)# route-target export
router(config-vrf)# route-target import
router(config-vrf)# route-target both

Note:in case where the export and import RTs are same

RT is in same format as RDs
==================================================
ip cef

interface fa0/0
ip vrf forwarding

Note: existing ip is removed once we configure vrf interface config command. so it has to be added again.
--------------------------------------
PE router
for internet routing

router bgp


for vpnv4
address-family vpnv4


for CE-PE
address-family ipv4 vrp < vrf-name>
---------------------------------------

for MP-BGP PE-PE router

router bgp
neighbor remote-as
neighbor update-source

address-family vpn4
neighbor activate

neighbor send-community [extened both]

no bgp default ipv4 unicast > to stop ipv4 bgp

014 BGP soft-reconfiguaration


BGP soft reconfiguration inbound
    Whenever we do some changes in the BGP policy, the BGP session has to be cleared for the new policy to take effect. Clearing a BGP session causes cache invalidation and results in a tremendous impact on the operation of networks.
     Soft reconfiguration allows policies to be configured and activated without clearing the BGP session. Soft reconfiguration can be done on a per-neighbor basis.
    There are two types of soft reconfiguration
  1. inbound soft reconfiguration
  2. outbound soft reconfiguration
Inbound soft reconfiguration:
  • Soft reconfiguration can be used to generate inbound updates from a neighbor.
  • Performing inbound reconfiguration enables the new inbound policy to take effect.
  • In order to generate new inbound updates without resetting the BGP session, the local BGP speaker should store all the received updates without modification, regardless of whether it is accepted or denied by the current inbound policy. This is memory intensive.
  • To allow inbound reconfiguration, BGP should be configured to store all received updates.
Outbound soft reconfiguration:
  • Soft reconfiguration can be used to send a new set of updates to a neighbor.
  • Performing outbound reconfiguration causes the new local outbound policy take effect without resetting the BGP session. As a new set of updates is sent during outbound policy reconfiguration, a new inbound policy of the neighbor can also take effect.
  • Outbound soft reconfiguration does not have any memory overhead. One could trigger an outbound reconfiguration in the other side of the BGP session to make the new inbound policy take effect. Outbound reconfiguration does not require pre-configuration.
     


If you specify a BGP peer group by using the peer-group-name argument, all members of the peer group will inherit the characteristic configured with this command.

BGP Peer – Soft Reconfiguration
Router(config-router)# neighbor X.X.X.X soft-reconfiguration inbound
  • Use to configure BGP soft configuration.
  • Use this command in router configuration mode.
  • The X.X.X.X stands for ip-address.
Verification
show ip bgp neighbor X.X.X.X received-routes
  • Use to display all received routes (both accepted and rejected) from the specified neighbor.
  • Displays information only about IPv4 address-family sessions unless the all keyword is entered.
  • Prefix activity is displayed based on the number of prefixes that are advertised and withdrawn.
  • Policy denials display the number of routes that were advertised but then ignored based the function or

Sunday, December 26, 2010

013 DMVPN

DMVPN between Router 1 with public static ip and Router 2 with DSL line with dynamic ip

Router 1 - fa0 - Public internet connection ( 20.20.20.2/30) - { internet cloud} - ADSL -(192.168.1.2/24) fa1 - Router 2

Router 1

conf t
crypto isakmp policy 25
encr 3des
hash md5
authentication pre-share
crypto isakmp key r1-r2dmvpn address 0.0.0.0 0.0.0.0
crypto ipsec transform-set ESP-AES-SHA esp-aes esp-sha-hmac
mode transport
crypto ipsec profile DMVPN
set security-association lifetime seconds 28800
set transform-set ESP-AES-SHA
interface Tunnel0
ip address 10.10.10.1 255.255.255.0
ip mtu 1400
ip nhrp authentication VPNkey
ip nhrp map multicast dynamic
ip nhrp network-id 123456
ip nhrp holdtime 360
ip virtual-reassembly
ip tcp adjust-mss 1360
load-interval 60
delay 1000
qos pre-classify
tunnel source FastEthernet0
tunnel mode gre multipoint
tunnel key 100001
tunnel protection ipsec profile DMVPN shared

end
Configuration on Router 2
conf t
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 5
crypto isakmp key r1-r2dmvpn address 20.20.20.2
crypto ipsec security-association replay window-size 1024
crypto ipsec transform-set ESP-AES-SHA esp-aes esp-sha-hmac
mode transport
crypto ipsec profile DMVP
set security-association lifetime seconds 28800
set transform-set ESP-AES-SHA
interface Tunnel1
ip address 10.10.10.2 255.255.255.0
ip mtu 1400
ip nhrp authentication VPNkey
ip nhrp map 10.10.10.1 20.20.20.2
ip nhrp network-id 123456
ip nhrp holdtime 360
ip nhrp nhs 10.10.10.1
ip nhrp registration no-unique
ip tcp adjust-mss 1360
delay 1000
qos pre-classify
tunnel source FasteEthernet 1
tunnel mode gre multipoint
tunnel key 100001
tunnel protection ipsec profile DMVPN shared
end

Sunday, November 14, 2010

010 - BGP

  1. BGP is path vector protocol
  2. BGP message types:
    Open - Used to form peer relationships
    Keepalive - Periodic maintenance of relationships
    Update - Communicates routing information Notification - Communicates an error
  3. BGP neighbor states:
    Idle
    Connect - A TCP connection is being attempted
    Active - A TCP connection has failed; the router is waiting to be contacted by its peer
    OpenSent - TCP session established, open message sent
    OpenConfirm - Waiting for a keepalive from the peer Established
  4. Path Attributes
    Attribute classes:
    Well-known mandatory attributes must be supported and included
    Well-known discretionary attributes must be supported but may not be included
    Optional transitive attributes don't have to be supported, but must be passed onto peer Optional nontransitive attributes don't have to be supported, and can be ignored
  5. BGP Attributes are as follows:
    [1] Weight (16-bit value) - Highest weight is preferred
    [2] Local Preference - Highest preferred
    [3] Router originated from local router - next hop 0.0.0.0
    [4] Shortest AS path
    [5] Lowest origin code ( IGP EGP ?)
    [6] Lowest MED ( Multi Exit Discriminator)
    [7] Choose EBGP route over IBGP route
    [8] Choose router through the nearest IGP neighbor as determined by the lowest IGP metric
    [9] Choose the Oldest route
    [10] Choose a path through the neighbor with the lowest router ID
    [11] Choose a path through the neighbor with the lowest IP address

Saturday, November 13, 2010

007.1 - GATEWAY REDUNDANCY-HSRP

Hot Standby Router Protocol (HSRP)

  • HSRP is Cisco proprietary, but defined in RFC 2281.
  • HSRP routers multicast to the all-routers address 224.0.0.2 on UDP port 1985.
  • HSRP group numbers (0 – 255) are only significant to an interface.
  • HSRP virtual MAC in the range 0000.0c07.acXX where the last 8 bits represent the standby group.
  • HSRP priority ranges from 0 to 255; default is 100.
  • The default hello timer is 3 seconds; holddown timer is 10 seconds.
  • preempt is not enabled by default
  • HSRP interface states: Disabled Init Listen Speak Standby Active
  • Cisco devices by default use the plaintext string "cisco" for authentication.
  • Plaintext or MD5 authentication can be used
  • Active router election :The highest priority wins; highest IP wins a tie.
  • The router’s priority will be decremented by the associated value (default 10) if the tracked interface fails.





HSRP group configuration:
standby 1 ip [virtual_ip]

Timers can be adjusted:
standby 1 timers [hello] [dead]

By default a router with higher priority cannot preempt the current active router; this can be allowed:
standby 1 priority [priority]
standby 1 preempt

Minimum defines the time the router must wait after it becomes HSRP-capable for the interface. Reload defines the time it must wait after reloading.


Conceding the Election
A router can be configured to withdraw from active status if one or more of its other interfaces fail:
standby 1 track [interface][value]

The router’s priority will be decremented by the associated value (default 10) if the tracked interface fails.
If another router now has a higher priority and has been configured to preempt, it will take over as the active router for the group.
Enabling Authentication
standby 1 authentication md5 key-string [password]
Verification
show standby [brief] [interface]
**************************************************************************


007.2 - GATEWAY REDUNDANCY-GLBP

Gateway Load Balancing Protocol (GLBP)

  • GLBP is Cisco proprietary, and acts like HSRP/VRRP with true load-balancing capability: all routers in a group forward traffic simultaneously.
  • GLBP group numbers range from 0 to 1023. Priorities range from 0 to 255 (default is 100).
  • GLBP advertisements are multicast to 224.0.0.102
  • hello/hold timers (default 3/10 seconds)
  • Timers only need to be configured on the AVG; other routers will learn from it.
  • Active Virtual Gateway (AVG)
    The AVG has the highest priority in the GLBP group (or the highest IP address in the event of a tie); it answers all ARP requests for the group’svirtual IP address.
  • Active Virtual Forwarder (AVF)
    All routers sharing load in GLBP are AVFs.
    If an AVF fails, the AVG reassigns its virtual MAC to another router.
  • Two timers are used to age out the virtual MAC of a failed AVF:
    Redirect timer (default 600 seconds) – Determines when the AVG will stop responding to ARP requests with the MAC of the failed AVF
    Timeout timer (default 4 hours) – Determines when the failed AVF is no longer expected to return, and its virtual MAC will be flushed from the GLBP group
  • AVFs are assigned a maximum weight (1-254; default is 100).




IP address(es), router preemption, and hello/hold timers (default 3/10 seconds) can be configured like for HSRP:
glbp 1 ip [virtual_ip]
glbp 1 priority [priority]
glbp 1 preempt
glbp 1 forwarder preempt
Configuring the timers:
glbp 1 timer [hello] [dead]
glbp 1 timer redirect [redirect] [time-out]
Interfaces can be tracked and the AVF’s weight adjusted when interfaces go down
glbp 1 weighting [weight] lower [lower] upper [upper]
glbp 1 weighting track [object] decrement [value]
When the upper or lower threshold is reached, the AVF enters or leaves the group, respectively.
Load Balancing
Up to four virtual MACs can be assigned by the AVG.
Traffic can be distributed among AVFs using one of the following methods:
Round robin (default) – Each new ARP request is answered with the next MAC address available; traffic is distributed evenly among AVFs
Weighted – AVFs are assigned load in proportion to their weight
Host-dependent – Statically maps a requesting client to a single AVF MAC
Configuring load balancing:
glbp 1 load-balacing [method]
Verification
show glbp [brief]



[<< INDEX PAGE ][007.3][ GATEWAY REDUNDANCY- VRRP]

Virtual Router Redundancy Protocol (VRRP)

  • Standards-based alternative to HSRP, defined in RFC 2338.
  • VRRP refers to the active router as the master router; all others are in the backup state.
  • VRRP virtual MAC from the range 0000.5e00.01XX where the last eight bits represent the group number.
  • VRRP advertisements are multicast to 224.0.0.18, using IP protocol 112.
  • VRRP advertisements are sent in 1-second intervals by default; backup routers can optionally learn the interval from the master router.
  • VRRP routers will preempt the master by default if they have a higher priority.
  • VRRP is unable to track interfaces and concede an election.
VRRP Configuration
VRRP configuration is very similar to HSRP configuration:
vrrp 1 ip [virtual_ip]
vrrp 1 timers {advertise [hello]learn}
vrrp 1 priority [priority]
vrrp 1 preempt
vrrp 1 authentication md5 key-string [password]
vrrp 1 track [object]
decrement
Verification
show vrrp [brief]