Tuesday, October 27, 2009

INE Vol 1 - Lab 10 - finished - BGP SOO.

This lab was interesting in that there is a "gotcha".

The CE's in 2 different locations are using the SAME BGP AS number (AS 100) so inherently they won't exchange routes due to the loop prevention mech. That being said, using AS-OVERIDE on the neighboring CEs will replace any AS number (AS 100) that is the same with the PE AS number (AS 1), thus allowing connectivity.

The purpose of BGP SOO, which is a BGP extended community attribute, is to provide a loop prevention mechanism. A route-map applied on the PE to 2 CE neighbors "tags" the prefixes learned with a SOO. When tagging to 2 CEs off the same PE, the effect is that the PE won't advertise a learned route with the same SOO to another CE, effectively preventing a loop. An assumption is that the 2 CE's have a backdoor connection between themselves.

1 Thing to note, the solution guide config for SW1 doesn't have a bgp neigh peer statement for SW2, iBGP. But SW2 has a neighbor statement for SW1. (since one side is missing they are not iBGP peering)

On to the next one.

Monday, October 26, 2009

INE Vol 1 - Lab 9 - finished - Export Maps.

This one was pretty straight forward as well...

Use an export map to gain connectivity to ONLY certain subnet in a different VRF, similar to a Extranets and subsequently Common Services VRF but more restrictive (granular). The VRF offering the different subnets still needs to import the rt's from all the other VRFs for connectivity back. Using an Export map (route-map), you set the extended community to designate an rt associated with the matching subnet.

I THINK I'm getting a better handle on VRFs as I go through these labs, I hope I can keep it up.

On to the next one.

Thursday, October 22, 2009

INE Vol 1 - Lab 8 - finished - Extranet.

Building off the concept of Central Services, you can use an Extranet to "leak" vrf/routes between two or more VRFs.

Since you can't establish more then 1 Route Distinguisher, you can use an "artificial" rd by route-target export/import and use the "artificial rds.

On to the next one...

INE Vol 1 - Lab 7 - finished - Central Services.

Finished this lab with no issues.

Basically using importing and exporting of RD's for certain VRFs to limit communications between different sites/vrfs.

On to the next one.

Monday, October 19, 2009

INE Vol 1 - Lab 6 - finished - EBGP.

Pretty straight forward, no redistribution necessary since it's bgp.

The one thing I wanted to verify was the eBGP routes on a PE. Something like "show ip bgp ipv4 vrf ... " but there's no command to do that.

Is that right?

On to the next one.

Friday, October 16, 2009

INE Vol 1 - Lab 5 - finished - EIGRP as CE-PE IGP.

I figured I'd just remove the CE-PE IGP from the last lab instead of recreating the whole topology from scratch. This time it was EIGRP.

Things to keep in mind, EIGRP is like BGP in that it uses address-families, within the address families you need to make sure you specify and antonymous-system to match the CE instance. Redistributing EIGRP into BGP use the configure AS and the rest is pretty much the same.

Trekking along on this rainy Friday.

INE Vol 1 - lab 4 -finished

Pretty straight forward and inline with the previous labs... This is one was on OSFP as the CE-PE routing protocol.

Same gotchas, redistribute connected interfaces if you aren't souring your pings from loopbacks (that are already advertised in the CE-PE protocol)

This time around I checked for routes BEFORE I activated the PE-PE iBGP peering in vpnv4... duh, of course the routes won't get propagated.

On to the next lab.

Monday, October 12, 2009

INE Vol 1- Lab 3 - MPLS VPNs with OSPF.

So far so good, breezing through these, but to be fair not much is required for these particular labs. The CE-PE routing protocol is the only difference but the concept is the same, redistribute both ways IGP to BGP and vice versa and use address families where applicable...

Starting this one now, hope to finish it in a couple hours.

INE Vol1 - Lab 2 - MPLS VPNs with Static Routing.

The second time (and seeing how I finished IPX vol 1) is much easier. But still I mess up on little but important things...

- bgp next-hop-self, you obviously need this if the remote ibgp peer isn't reachable via an IGP. Otherwise, how is the traffic supposed to get routed to a hop that it doesn't know of.

- and when redistributing the static vrf route into BGP VPNv4 table, when you want to verify via Pings, you need to redistribute connected interface too because they are the source of your pings unless you source your pings from the loopback. Because if you don't redistribute connected interfaces, the vrf's are not aware of how to get back to the source of your pings.

Grrr... small, but vital things that slipped my mind.

Noted and on to the next lab.

Wednesday, October 7, 2009

INE Vol 1 - lab 1 - finished

Redoing this workbook after doing IPX vol1. So it should be pretty easy now, finished lab 1 which covered basic MPLS and on to Lab 2 - MPLS VPNs with static routes.

I think the way this workbook is layed out is actually only 2 Main topics, MPLS and Multicast. I wonder how they address other things for instance IGPs or security?

Friday, October 2, 2009

Lab 25 - Advanced Routing completed.

When I saw Advanced Routing, I expected things like redistribution and announcing default routes and such... but really the only parts that I had trouble with was the ISIS section. Things like specifying a DR or using a frame-relay map for CLNS. Even ISIS authentication wasn't bad.

Well, vol 1 is officially complete.

I guess I'm off to look at some CoDs and start INE Vol1 (over again). I figure IPX Vol 2 consists of FULL Mock Labs and I think I should hold off on those until I do INE Vol1 and IPX Vol1 (for a second time).

I feel one step closer.

Thursday, October 1, 2009

Sanity Check - done with Lab 24.

Looking back it took me 2 and 1/2 months to finish IPX Vol1 and for some reason, I feel like it took WAY too long to get through 1 workbook. I guess my motivation had really been what's been lacking and yeah, I had some other personal things going on as well. I hope I figure out how to manage it all and manage it better. But I think it all starts with motivation and taking those critical baby steps...

Lab 24 - Multicast VPN

Almost done... All but the last 3 tasks were to setup the environment (which is great review) but not related to Multicast, specifically Multicast VPNs.

I think the best review for Multicast, seeing as I don't ever do it in real life, is to go back and study my materials for R&S. Atleast that way, when I'm thinking in terms of SP, I can kind of get an idea of what a task is asking.

Some things I learned in this lab:

- ip multicast-r vrf VPNX

- ip vrf VPNX
- mdt default a.b.c.d
- ip pim vrf VPNX rp-add x.y.w.z

- show ip pim vrf VPNX nei
- show ip pim mdt bgp

Lab 23 - Traffic Policing completed.

Finished Lab 23 - Traffic Policing, no major issues with this one.

Moving on...