Wednesday, September 30, 2009

Lab 22 - Traffic Classification completed.

Nothing too heavy in this lab either.

Just a couple notes:

- "ip local policy route-map XXX" for PBR and "ip policy route-map XXX" for PBR on an interface

- you can use a Route-map, Rate-limit to mark traffic and of course you can use MQC, ie, class-maps and policy-maps to mark traffic

Lab 21 - Congestion Avoidance completed.

Just a couple things to remember...

- random-detect can be directly configured on an interface OR you can use CBWFQ to be more precise and drop traffic for specific traffic.

- the policy-map for CBWFQ can only be applied as OUTPUT on an interface.

On to the next lab!

Tuesday, September 29, 2009

Lab 20 - CAR completed.

One of the tasks asked to rate-limit traffic sourcing from a specific MAC address.

Is there a difference between:

(a) access-list rate-limit 101 xx:xx:xx:xx

and

(b) access-list 700 permit xx:xx:xx:xx

?

I looked it up on Cisco.com

(a) and (b)

Lab 19 - Carrier Supporting Carrier

Finished Lab 19 with no major hiccups. The one thing that I keep forgetting is under EIGRP, under the specific VPN, I need to designate the Autonomous System which is different from the Global EIGRP process.

The configuration of this lab went pretty well, I think I do need to read up on where this is used in the real world. My guess, when a carrier leverages another carriers MPLS footprint.

On to lab 20!

Thursday, September 24, 2009

Lab 18 - question about BGP Send-Label.



First off thanks to Zayphyoe and Vignesh for helping me with the post just below this one.

And I'm all for Zayphyoe's suggestion of teaming up to study together, that includes anyone who's studying for CCIE SP.

My issue now is, I have everything working for the most pa
rt minus using BGP Send-Label to send MPLS labels across two BGP ASes.

See Diagram Below (or click link to maximize).
- R1 and R9 are BGP route reflectors for their ASes
- R1 and R9 are ebgp peered
When I enable bgp send-label, the R1 to R9 peering breaks and goes only into an Active BGP state and then I don't get my VPNA (which is R4 to R2 connection) on R7 and vice versa.

I don't know what it is about bgp send-label that's breaking this connection in the VPNv4 table, any thoughts?

Wednesday, September 23, 2009

Lab 18... issues... twice.

I did lab 18, twice and ended up with the same problem. The first time I did it, I did it on my own. The second time, I followed the Proctor Guide.

Task 18.9 - I'm supposed to configure MP-eBGP between two ASes and then use BGP to send-labels. I configured it, just the same as the proctor guide but I can't get my the eBGP peer routers to see the VPNV4 bgp prefixes advertised in their respective ASes.

So if R2, R1 and R5 are in AS 125 and R5 eBGP peers with R6 in AS 689 (with routers R8 and R9 in AS689), and R2 is peering with a CE, receiving VPNV4 routes after redistribution and R1 is seeing it and advertising to R5, why isn't R5 able to see the VPNV4 routes in its own AS? Plus why can't I configure BGP soft-reconfiguration inbound in address-family vpnv4... I want to see what routes are being received by R5's VPNV4...


For those interested here's R5's config:

!
router ospf 1
log-adjacency-changes
network 150.50.15.5 0.0.0.0 area 0
network 200.0.0.5 0.0.0.0 area 0
!
router bgp 125
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 150.50.56.2 remote-as 689
neighbor 200.0.0.1 remote-as 125
neighbor 200.0.0.1 update-source Loopback0
!
address-family ipv4
neighbor 150.50.56.2 activate
neighbor 150.50.56.2 send-label
neighbor 200.0.0.1 activate
neighbor 200.0.0.1 next-hop-self
neighbor 200.0.0.1 send-label
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 200.0.0.1 activate
neighbor 200.0.0.1 send-community extended
exit-address-family
!


R5#sh ip bgp vpnv4 all s
BGP router identifier 200.0.0.5, local AS number 125
BGP table version is 1, main routing table version 1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
200.0.0.1 4 125 261 224 1 0 0 00:39:35 0
R5#


******************R1*****************************
R1#sh ip bgp vpnv4 all neighbors 200.0.0.5 advertised-routes
BGP table version is 29, local router ID is 200.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 125:100
*>i150.50.24.0/30 200.0.0.2 0 100 0 ?
*>i200.0.0.4/32 200.0.0.2 1 100 0 ?

Total number of prefixes 2

R1#sh ip bgp vpnv4 all s
BGP router identifier 200.0.0.1, local AS number 125
BGP table version is 29, main routing table version 29
2 network entries using 312 bytes of memory
2 path entries using 136 bytes of memory
6/2 BGP path/bestpath attribute entries using 888 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
1 BGP extended community entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
Bitfield cache entries: current 1 (at peak 4) using 32 bytes of memory
BGP using 1416 total bytes of memory
BGP activity 12/6 prefixes, 26/20 paths, scan interval 15 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
200.0.0.2 4 125 233 257 29 0 0 00:53:21 2
200.0.0.5 4 125 229 266 29 0 0 00:44:51 0
200.0.0.9 4 689 17 17 0 0 0 00:50:58 Active
R1#

**********************************************************
R1 showing it received VPNV4 routes from R2 and advertising it to R5 (R1 is a RR).


Tuesday, September 22, 2009

Lab 17 - MPLS VPN done... on to the next one.

Lab 17 - quick and easy, down and dirty. Pretty straight forward and re-emphasizing the basics of configuring VRFs and route-targets, one little tricky thing was the use of the same AS number for BGP CE to PE peering. The solution accomplished it one way on the CE but I was also looking to do it on the PE as well... ie use as-override... wonder why they didn't use AS-OVERRIDE on the PE?

On to the next lab, Lab 18 - Inter-AS MPLS VPN

Monday, September 21, 2009

Lab 16 - MPBGP done.

Lab 16 is done. Wasn't really that difficult but was a really good refresher to keeping BGP address families straight. IPv4 vs VPNv4 and using vrf export maps to change route-targets. It helped refresh my memory on how the MPLS VPNs work :) The other big plus was using some vrf specific verification commands like ping vrf XXX a.b.c.d source w.x.y.z and sh ip bgp...

On to Lab 17!

Wednesday, September 16, 2009

Finished lab 14 - HSRP/VRRP, Skip 15, onto 16 - MP-BGP

Finished Lab 14 - HSRP/VRRP, pretty basic and easy, nothing challenging.

I have to skip 15 which is L2 VPN which requires some switch configurations and I don't have my rack up and running...

Moving on to Lab 16 - MP-BGP :)


I feel like I'm picking up some pace and now that the WB is half over or so, I feel a bit more motivated to finish it up.

Tuesday, September 15, 2009

Finished lab 13 - QoS

Finished the QoS lab and thought it was great refresher to R&S QoS. There's nothing that tied it in with MPLS so it really was a refresher.

So other then QoS, Security, and some Services like HSRP/VRRP, (and the obvious IGPs) what else is a freebie for those who studied R&S...


Chapter 9 IPv6 and Lab 12 Security

Re-reading chapter 9 - IPv6 and it's a good review of what I learned from studying R&S. Lab 12 Security obviously doesn't correlate to IPv6 :)

I think now that summer's ending, I'm going to be more motivated to study... hopefully :)

Thursday, September 3, 2009

Finished lab 11 and chapter 8

I beginning to like my new method of reading the pertinent chapter first and then doing the lab, for me it's really working well to reinforce my understanding. Chapter 8 is a long one and covers a lot of ground but is imperative to understanding TE. Lab 11 is good and could have been better I think if the explanations were more thorough and the lab itself covered more ground.

On to lab 12 - security... now to find the corresponding chapter :)