Author Archives: leander
Author Archives: leander
Lately, I've been playing around with DHCPv6 and SLAAC on my home network.
When configuring IPv6 addresses on the network interfaces there are three ways of doing this. We can use Stateless address autoconfiguration (SLAAC), DHCPv6 (statefull) or we can configure the address manually. SLAAC is by far the easiest way to configure IPv6 addresses, simply because you don't have to configure any IPv6 address. The way it works is that the router on your network will advertise the IPv6 prefix (/64) using multicast (remember that with IPv6 there is no such thing as broadcast). The host will receive/request this prefix advertisement and will auto generate the last 64 bits to make a fully working IPv6 address. When auto generating the address the host will use it's mac address (which is 48 bits) and insert "ff:fe" in the middle of it. This is also known as EUI-64. One drawback of EUI-64 is that you're trackable on the Internet because the mac address will normally not change when using the same host (e.g. laptop, smartphone, tablet, etc..). To overcome this issue SLAAC has been extended with something called Privacy Extensions. When this is enabled the host part (last 64 Continue reading
When using a routing protocol over GRE tunnels you might end up learning the tunnel endpoint via the routing protocol. When the tunnel endpoint is preferred using the route learned from the routing protocol you end up with a flapping tunnel.
The router will detect this and generates a message:
%TUN-5-RECURDOWN: Tunnel1 temporarily disabled due to recursive routing
The easiest way to solve this is by using a static route to the tunnel endpoint.
If this is not allowed you can also use a prefix filter. This filter should block the advertisement of the tunnel endpoint prefix via the GRE tunnel. For example:
ip prefix-list FILTER_TUNNEL_ENDPOINT seq 5 deny 188.8.131.52/24 ip prefix-list FILTER_TUNNEL_ENDPOINT seq 10 permit 0.0.0.0/0 le 32
This will match the tunnel endpoint address (184.108.40.206/24), but allow the other prefixes.
Use this prefix-list to filter the outgoing advertisements on the tunnel interface.
router rip distribute-list prefix FILTER_TUNNEL_ENDPOINT out Tunnel1
ip local policy route-map <route-map>
route-map PBR_FROM_R3 permit 10 match ip address FROM_R3_TO_R4 set ip next-hop 220.127.116.11 set ip next-hop verify-availability set ip default next-hop 18.104.22.168
route-map PBR_FROM_R3 permit 20 match ip address FROM_R3_TO_R5 set ip next-hop verify-availability 22.214.171.124 1 track 1 set ip default next-hop 126.96.36.199
Create one or more access-lists that specify what traffic should use policy routing.
ip access-list extended FROM_R4 permit ip host 188.8.131.52 any ip access-list extended FROM_R6 permit ip host 184.108.40.206 any
Then create a route-map that will match the defined access-lists and specify an action.
route-map PBR permit 10 match ip address FROM_R4 set ip next-hop 220.127.116.11 route-map PBR permit 20 match ip address FROM_R6 set ip next-hop 18.104.22.168 route-map PBR permit 30 # will match any other traffic
Tie the route-map to an interface to enable policy routing.
interface FastEthernet0/0 ip policy route-map PBR
Usefull debug commands:
#debug ip policy
Create a SLA object to schedule a ping test
ip sla 1 icmp-echo <ip address> frequency <in seconds> ip sla schedule 1 life forever start-time now
Enable Enhanced Object tracking on the SLA
track 1 ip sla 1 reachability
Tie the tracked object to a static route
ip route 22.214.171.124 255.255.255.0 126.96.36.199 track 1
As soon as the ping test fails the static route will be removed from the routing table.
When there is another static route with a higher Administrative Distance this route will be injected into the routing table.
#sh track 1 Track 1 IP SLA 1 reachability Reachability is Up 3 changes, last change 00:21:42 Latest operation return code: OK Latest RTT (millisecs) 1 Tracked by: STATIC-IP-ROUTING 0 #sh ip sla statistics 1 IPSLAs Latest Operation Statistics IPSLA operation id: 1 Type of operation: icmp-echo Latest RTT: 1 milliseconds Latest operation start time: *20:39:26.283 UTC Wed Jul 13 2011 Latest operation return code: OK Number of successes: 417 Number of failures: 13 Operation time to live: Forever
#debug track #debug ip routing
For reference here is the complete list of Cisco devices, including RAM, Flash, installed modules and IOS versions that I’ve used to build my home lab.
|R7||3725||256MB||128MB||2x WIC-1T=, NM-2FE2W-V2=||c3725-adventerprisek9-mz.124-15.T14.bin|
With all the equipment in the rack it is time to connect everything together. I’ve used a total of 11 back-to-back serial, 12 router-to-switch ethernet and 18 switch-to-switch ethernet connections. All together that makes almost a spaghetti of cabling
But with some Rip-Tie strap cable I could organize the cabling in a pretty decent way. Below is the end result, without the console connections.
I finally have all the equipment I need to build the lab. I also managed to get a Skeletek C24U rack, and it looks really nice. The fun already starts with assembling the rack as it comes in a relatively small box, including 6 pieces and a whole bunch of nuts and bolts.
After 45 minutes or so the rack is fully assembled and ready to rack the first pieces of Cisco gear.
After about two hours later I also racked all the Cisco equipment I have into the rack, including two PDU’s for some power juice.
Next step will be to put all the cabling in place. And hopefully the two octal cables (cab-octal-async) I ordered will arrive shortly, so I can also connect all the console outputs to the terminal server/router.
I’ve almost acquired all equipment that I need to build my CCIE home lab. I only have to pickup a 3725 router and a 2610.
Looks pretty impressive if you ask me