CCNP

Feb 11 2009

BGP – Remove Private AS

The video below shows how to remove a private AS from BGP as-path list.

Consider the topology below.

remove-private-asAS65300 peers eBGP with R1.  R1 then peers eBGP with R2.

R1 is then configured to remove all private ASs in the as-path when it advertises BGP routes to R2.

Watch the video below or download and watch it on your iPod or iPhone.

The Flash plugin is required to view this object.

The commands used in thiss video are as below:

CE1
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0
ip address 10.0.0.1 255.255.255.252
!
router bgp 65300
bgp log-neighbor-changes
network 1.1.1.1 mask 255.255.255.255
neighbor 10.0.0.2 remote-as 1
!

R1
!
interface FastEthernet1/0
ip address 10.0.0.2 255.255.255.252
!
interface FastEthernet1/1
ip address 10.0.0.5 255.255.255.252
!
router bgp 1
no synchronization
bgp log-neighbor-changes
neighbor 10.0.0.1 remote-as 65300
neighbor 10.0.0.6 remote-as 2
neighbor 10.0.0.6 remove-private-as
no auto-summary
!

R2
!
interface FastEthernet0
ip address 10.0.0.6 255.255.255.252
!
router bgp 2
bgp log-neighbor-changes
neighbor 10.0.0.5 remote-as 1
!

On R2 we can now see the bgp route 1.1.1.1/32 with the AS65300 in its as-path.
R2
!
R2#sh ip bgp
BGP table version is 2, local router ID is 10.0.0.6
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 1.1.1.1/32 10.0.0.5 0 1 i
R2#

By Zarar • BGP, CCIE SP, CCIP, CCNP, iPhone, iPod 5 • Tags: , ,

Jan 23 2009

eBGP multihop

eBGP multihop can be used to loadshare traffic across multiple links between eBGP peers.

Consider the topology below.

ebgp-multihop

By default eBGP sessions can only be established between directly connected interfaces.  If you want to connect to a non-connected interface or to a non-connected neighbor, you have to use the eBGP-multihop feature.

For this to work, you need to add a static route or routes if you want to load share so that BGP knows how to reach the non-connected interface.

To prevent the creation of loops through oscillating routes, the multihop will not be established if the only route to the multihop peer is the default route (0.0.0.0).(CCO)

The Video below shows how eBGP-multihop can be used to load-share traffic across multiple links between eBGP peers.  Only a single eBGP-multihop session is required, the underlying static routes will load share the traffic.  This can be confirmed in the FIB.

(Download and watch the video below on your iPod or iPhone).

The Flash plugin is required to view this object.

The commands used in the above scenario can be found below.

R1
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet1/0
ip address 10.0.0.1 255.255.255.252
!
interface FastEthernet1/1
ip address 10.0.0.5 255.255.255.252
!
router bgp 1
neighbor 2.2.2.2 remote-as 2
neighbor 2.2.2.2 ebgp-multihop 2
neighbor 2.2.2.2 update-source Loopback0
!
ip route 2.2.2.2 255.255.255.255 10.0.0.2
ip route 2.2.2.2 255.255.255.255 10.0.0.6

R2
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet1/0
ip address 10.0.0.2 255.255.255.252
!
interface FastEthernet1/1
ip address 10.0.0.6 255.255.255.252
!
interface Loopback1
ip address 192.168.1.1 255.255.255.0
!
router bgp 2
network 192.168.1.0
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1 ebgp-multihop 2
neighbor 1.1.1.1 update-source Loopback0
!
ip route 1.1.1.1 255.255.255.255 10.0.0.1
ip route 1.1.1.1 255.255.255.255 10.0.0.5

By Zarar • BGP, CCIE, CCIE SP, CCIP, CCNP, iPhone, iPod 9 • Tags: , , , ,

Jan 22 2009

BGP – Prefix aggregation using a static route

My previous post on BGP prefix aggregation used the bgp “aggregate-address” command.  Another way to generate an aggregate is by using a static route.

Consider the toplology below.

bgp-small2Watch the video below to see how to configure a BGP aggregate using a static route.  Alternatively down the video here and watch it on your iPod.

The Flash plugin is required to view this object.

The commands used in the above video are listed below.

R1
!
interface FastEthernet1/0
ip address 10.0.0.1 255.255.255.252
!
router bgp 1
neighbor 10.0.0.2 remote-as 2
no auto-summary

R2
!
interface Loopback0
ip address 192.168.0.1 255.255.255.0
!
interface Loopback1
ip address 192.168.1.1 255.255.255.0
!
interface Loopback2
ip address 192.168.2.1 255.255.255.0
!
interface Loopback3
ip address 192.168.3.1 255.255.255.0
!
interface FastEthernet1/0
ip address 10.0.0.2 255.255.255.252
!
router bgp 2
no synchronization
bgp log-neighbor-changes
network 192.168.0.0
network 192.168.1.0
network 192.168.2.0
network 192.168.3.0
redistribute static
neighbor 10.0.0.1 remote-as 1
no auto-summary

By Zarar • BGP, CCIE, CCIE SP, CCIP, CCNA, CCNP, iPod 0 • Tags: , , , , ,

Jan 15 2009

Frame-Relay LMI

What is LMI?

LMI stands for Local Management Interface.

LMI messages are exchanged between routers(DTE) and frame-relay(DCE) switches.  At its very basic we can say the LMI messages act as keepalives between the router and frame-relay switch.  LMI messages also contain information which allows routers to detect new PVCs dynamically.  Cisco IOS currently supports 3 types of LMI Cisco, ANSI Annex D and Q.933-A.  In order for LMI to work you must use the same LMI type on both the router and frame-relay switch.

All three LMI types listen for LMI messages on reserverd DLCIs.

ANSI and q.933 listen for messages on DLCI 0 and Cisco LMI listens for messages on DLCI 1023.

Consider the topology below.

lmi

As you can see the LMI needs to match between the local DTE and the DCE ie they need to be speaking the same language.

Cisco IOS actually supports an LMI autosense feature which allows a router(DTE) to dynamically detect the LMI type configured on the connected frame-relay switch.

Also worth noting on the diagram.  I preconfigured a PVC on the frame-relay switch with a DLCI if 102 facing R1.  From the debug information you can see that this DLCI is passed to R1.

By Zarar • CCNP, FTP, Headers, Uncategorized 1

Dec 30 2008

Prefix Lists

IP Prefix lists can be used with BGP to permit or deny specific prefixes from being advertised or learnt to or from a neighbor.

Consider the topology below.

prefix-lists

We will carry out three exercises.

  1. configure a prefix list to match 192.168.1.0/24
  2. configure a prefix list to match 192.168.1.0/24, 192.168.1.0/25, 192.168.1.0/26.
  3. configure a prefix list to match 192.168.1.0/25 and 192.168.1.0/26

Exercise 1

We configure the following prefix list and attach it to the bgp neighbor 10.0.0.2 using the commands below.

ip prefix-list slash-24-only seq 5 permit 192.168.1.0/24

router bgp 1
!
neighbor 10.0.0.2 prefix-list slash-24-only in

Exercise 2

We configure the following prefix list and attach it to the bgp neighbor 10.0.0.2 using the commands below.

ip prefix-list UP-TO-SLASH-26 seq 5 permit 192.168.1.0/24 le 26

router bgp 1
!
neighbor 10.0.0.2 prefix-list UP-TO-SLASH-26 in

Exercise 3

We configure the following prefix list and attach it to the bgp neighbor 10.0.0.2 using the commands below.

ip prefix-list GE-LE seq 5 permit 192.168.1.0/24 ge 25 le 26

router bgp 1
!
neighbor 10.0.0.2 prefix-list GE-LE in

Now let me try and explain what these 3 prefix lists are actually doing.

Prefix list 1 – slash-24-only

ip prefix-list slash-24-only seq 5 permit 192.168.1.0/24

This is pretty straight forward.  This prefix list will match on the exact prefix as configured in the prefix list ie 192.168.1.0/24.

Prefix list 2 – UP-TO-SLASH-26

ip prefix-list UP-TO-SLASH-26 seq 5 permit 192.168.1.0/24 le 26

For a prefix to be permitted by this prefix-list the first 24 bits must match the first 24 bits of 192.168.1.0.

The le 26 then adds a subnet clause which states that the subnet mask being advertised must be less than or equal to 26 bits in length.

Lets consider a bunch of prefixes and see if they would be permited by the above prefix list.

  1. 192.168.1.0/24
  2. 192.168.1.4/30
  3. 192.168.1.128/25
  4. 192.168.1.0/23
  5. 192.168.1.0/27

Prefix 1 matches both criteria ie the first 24 bits in prefix 1 match the prefix in the prefix list and the subnet mask is less than 26 bits.

Prefix 2 matches the first criteria ie the first 24 bits in prefix 1 match the prefix in the prefix list, however the subnet mask is greater than 26 bits.

Prefix 3 also matches both criteria ie the first 24 bits in prefix 1 match the prefix in the prefix list and the subnet mask is less than 26 bits.

Prefix 4 is an invalid prefix, I’ll let you work out why.

Prefix 5 matches the first criteria but fails on the subnet mask length criteria and as such the prefix is denied.

Prefix list 3 – GE-Le

ip prefix-list GE-LE seq 5 permit 192.168.1.0/24 ge 25 le 26

Now this is an interesting beast.  This prefix-list had 2 match clauses.

  1. The prefix must match the first 24 bits on the prefix in the prefix list
  2. The subnet mask must be between 25 and 26 bits in length

Lets consider a bunch of prefixes and see if they would be permited by the above prefix list.

  1. 192.168.1.0/24
  2. 192.168.1.4/30
  3. 192.168.1.128/25

Prefix 1 matches the first criteria ie the first 24 bits match, however the subnet mask is the wrong length.

Prefix 2 matches the first criteria ie the first 24 bits match, however the subnet mask is the wrong length.

Prefix 3 matches both criteria ie the first 24 bits in prefix 1 match the prefix in the prefix list and the subnet mask is greather than 25 bits buts still less than 26 bits.

I hope that makes sense.  Anyhow, here is a video showing how to put it all together or alternativley click here to download and watch it on your iPod.

The Flash plugin is required to view this object.

By zismail • BGP, CCIE, CCIE SP, CCIP, CCNP, iPod, Security 0 • Tags: , ,

Dec 28 2008

New Cisco Certifications Logo

I came across this link recently.  It suggests that Cisco Certification Logos are changing.

Follow the link to see the new logos.

By zismail • CCIE, CCIE SP, CCIP, CCNA, CCNP 0

Dec 26 2008

BGP Route Aggregation

There are times when it is required to aggregate a set of prefixes.  There are a number of reasons why you would want to do this such as, your peering transit edge may not accept certain size prefixes, you may want to reduce the size of the routing table in some part of your network etc etc.

Consider the topology below:-

bgp-aggregate

Watch how to use the aggregate command below, or alternatively download the video and watch it on your iPod.

The Flash plugin is required to view this object.

The commands used in the above setup are as below.

R1

interface FastEthernet1/0
description "Interface connected to R2"
ip address 10.0.0.1 255.255.255.252
!
router bgp 1
no synchronization
bgp log-neighbor-changes
neighbor 10.0.0.2 remote-as 2
no auto-summary

R2

interface FastEthernet1/0
description "Interface connected to R1"
ip address 10.0.0.2 255.255.255.252
!
interface Loopback0
ip address 192.168.0.1 255.255.255.0
!
interface Loopback1
ip address 192.168.1.1 255.255.255.0
!
interface Loopback2
ip address 192.168.2.1 255.255.255.0
!
interface Loopback3
ip address 192.168.3.1 255.255.255.0
!
router bgp 2
no synchronization
bgp log-neighbor-changes
network 192.168.0.0
network 192.168.1.0
network 192.168.2.0
network 192.168.3.0
aggregate-address 192.168.0.0 255.255.252.0 suppress-map SUPPRESS-2-ONLY
neighbor 10.0.0.1 remote-as 1
no auto-summary
!
access-list 1 permit 192.168.2.0 0.0.0.255
!
route-map SUPPRESS-2-ONLY permit 10
match ip address 1

By zismail • BGP, CCIE, CCIE SP, CCIP, CCNA, CCNP, iPod 0 • Tags: , , , , ,