dubes
Author Archives: dubes
- Home → Author's archive:
dubes
Failover Mechanism Part-1
Redundancy is must for ISP in Core and also its equally important for Enterprise
to have network up always thus resulting in zero business impact due to network outage.
There are different scenarios of failover mechanism depending upon the requirement.
First of its kind is Dual POP Dual last mile Dual CE (DPDLDC). It provides redundancy both for WAN connectivity as well as LAN connectivity.
DUAL POP—customer primary and secondary link terminated on different PE router.
DUAL LAST MILE—last mile connectivity between PE and CE is different for primary and secondary
DUAL CE -Primary and secondary terminated on different CPE device.
I would be sharing Multiple Scenarios of Fail over Mechanism in coming posts.
ISP is very much transparent in this scenario, traffic control is being done from CPE end.
Considering the below topology
Failover Mechanism —
1. Outgoing Traffic from CPE wan is controlled using HSRP + IP SLA
2. Incoming traffic to CPE is controlled using AS Path Prepend attribute of BGP at secondary( lower as path count , better path)
Normal Scenerio
1)Primary WAN link is up .HSRP running towards LAN is active state. Secondary link is having AS-Prepend so primary link is preferred with having less number Continue reading
Access-list Vs Prefix-list
General Query about access-list and prefix list ?
ACCESS-LIST
Access-list is sequential series of filters
Action :Either deny or permit
Matching Criteria can be source address in case of standard access-list or may be source address ,destination address,protocol,port or socket in case of extended access-list.
Its Implicit Deny means that no match occur through all filter in access-list ,it will tend to automatically dropped.
Its sequential,means that filter is checked from top to bottom.If the first match is encountered,the rest of the access -list is ignored.
**Always try to put filtering line in right sequence to avoid access-list mulfunctioning.
Standard Access-list
access-list 1 permit 10.10.10.1 0.0.0.0
access-list 1 permit 10.10.10.20 0.0.0.0
OR
ip access-list standard 1
10 permit 10.10.10.1 0.0.0.0
20 permit 10.10.10.20 0.0.0.0
Extended Access-list
access-list 100 permit ip 10.10.10.10 0.0.0.0 172.16.10.0 0.0.0.255
access-list 111 permit port access-list 111 permit tcp 10.0.0.0 0.255.255.255 172.1.141.0 0.0.0.255 eq 23
access-list 112 permit udp Continue reading
CCIE SP — Experience
I have passed the CCIE SP Lab . I will share my experience here. I will only share things pertaining to the SP lab.
>Dont forget to take the config backup before starting the LAB
>Notepad is your best friend in lab. Many configurations are repetitive. You will save time and reduce the chance of making a mistake by using it.
>Read the LAB end to end carefully before starting.
>Speed and Accuracy is imp ingrediant to pass the LAB.
>Proctator wont help you much after providing intial instruction.You need to listen carefully to protector.
>I lost access to all the device while labbing.I asked protector to help but he advised to check myself.I cleared power cycle and got the access back.
>IMP : Don’t forget to create the BGP_PASS RPL to allow eBGP routes to pass.
Questions are welcome.I would try my best to help you .
Smiles
Crazyrouter
BASICS- ICMP REDIRECTS
Redirect, ICMP type 5, is used by routers to notify hosts of another router on the data link that should be used for a particular destination.
TOPOLOGY
——————–
———- ROUTER R3——|
| Internet | / |——PC2 10.10.10.1
——— /
| /
ROUTER R1 ROUTER R2
172.16.10.40| | 172.16.10.5
| |
—————-LAN——————————–
|
|
PC1
172.16.10.1
Gateway 172.16.10.40
—————————————-
Consider above topology,where PC1 has default gatway config as 172.16.10.40 .PC1 send packet to router R1 to reach remote destination 10.10.10.1.Router R1 checks its routing table and find that next-hop to reach 10.10.10.1 is Router R2.SO now the ROuter R1 has to fwd packet througth the same interface on which it was received.Router R1 fwd packet to Router R2 and also send ICMP redirect message to PC1.This informs about the best path to reach destination 10.10.10.1 is through Continue reading
BASICS – PROXY ARP
Its very important for routing and is enabled default in IOS.
Its method by which router made himself available to the host.How ?
|——-ROuter——|
| |
PC1 PC2
IP 10.10.20.1/24 10.10.40.1/24
Consider that HostA(10.10.20.1/24) want to send traffic to HostB of diff subnet (10.10.40.1/24).
Host A neither have any default gateway configured nor it knows how to reach router.It will send arp request for 10.10.40.1,local router
when receives the request and also know how to reach subnet 10.10.40.0,will reply arp with its own hardware address.
Host A will see this reply, cache it, and send future IP packets for host B to the gateway. The gateway will forward such packets to
host B by the usual IP routing mechanisms. The gateway is acting as an agent for host B, which is why this technique is called “Proxy ARP”; we will refer to this as a transparent subnet gateway or ARP subnet gateway.
ARP cache entries generally shows multiple ip address are mapped to single hardware addresss ,It that case proxy arp is used and single hardware addresss is of router interface and multiple ip address is of hosts.
BASICS – ARP
How the ARP works ? Basic question but very imp to know it.
ARP is address resolution protocol,used to resolve logical IP address to physical hardware address.
ROUTER
|
|
———LAN——-
| |
| |
PC1 PC2
10.10.10.1 10.10.10.14
Consider that PC1 want to communicate with PC2.What is the actual process to communicate b/w them ?
PC want to sent traffic to PC2 ,it has got layer 3 address for source(10.10.10.1) and also destination (10.10.10.14).
It will move from upper layer down to lower layer 2 i.e data link layer.Layer 2 need to have source and destination MAC
address information to process further.PC1 has layer 3 information for source and destination but no layer 2 information for destination .
Here comes the saviour known as ARP .PC1 will send broadcast into the LAN asking that whoever owns IP 10.10.10.14 respond with its mac address.
The broadcast packet will have following info.
Source Ip : 10.10.10.1
Destination IP : 10.10.10.14
Source MAC : MAC Continue reading
After CCIE SP >>>>Python
After certifying CCIE SP #44298 , I am using my time now to explore Python and seriously enjoying it…
BGP Synchronization
The Basic Question >>Why an IGP is necessary to support IBGP and why SYNC is necessary b/w IGP and IBGP .
Lets take rule of SYNCHRONIZATION
A BGP router with synchronization enabled will not advertise its iBGP learned routes to its eBGP peers unless it has learned or verified this route on its routing table through an IGP.
In above Topology ,
R1 R2 R3 R4 are running OSPF as IGP
R1 and R2 are IBGP Peer
R1 R5 and R2 R6 are Ebgp peer respectively.
Lets Have the config of each router
======================================================================
CONFIGURATION
=====================R1=====================
int fas1/0
no sh
ip add 9.9.15.1 255.255.255.0
!
int fas0/0
no sh
ip add 9.9.14.1 255.255.255.0
!
int lo0
ip add 9.9.0.1 255.255.255.255
!
router ospf 9
router-id 9.9.0.1
network 9.9.14.1 0.0.0.0 area 0
network 9.9.0.1 0.0.0.0 area 0
=====================R2=====================
int fas1/0
no sh
ip add 9.9.26.2 255.255.255.0
!
int fas0/1
ip add 9.9.23.2 255.255.255.0
no sh
!
int lo0
ip Continue reading
MPLS , ATOM AND VPLS
I would love to share article by Mbong Ekwoge explaining different Flavors of MPLS ,that can help you to clear any confusion about MPLS ,ATOM and VPLS….
MPLS is the enabler of all these fancy services and applications we hear about today, such as MPLS VPNs, AToM (Any Transport over MPLS), MPLS TE (Traffic Engineering), etc.
In order to clearly understand what VPLS is, you need to understand what led to the “birth” of VPLS (Virtual Private LAN Service). It all began with MPLS VPNs. The client had to form a peer-to-peer relationship with the Provider’s PE routers. What this means is that the provider is intricately involved with routing and forwarding the customer’s traffic and some customers did not like this idea. Also, providers had invested heavily into Layer 2 VPN techniques such as ATM, Frame Relay, etc and completely eliminating these overlay VPN techniques didn’t feel right with their financial people. Some engineers did not like the idea of having to let go of their beloved ATMs, Frame Relay PVCs for some new chap coming in.
This led Cisco and IETF to develop a solution which would let you run MPLS in the core but users Continue reading
Q-in-Q
Q-in-Q
——-
Consider a situation where service providers want to offer transparent LAN services that preserve a customers VLAN tags across your Layer-2 network.This can be done by the Q-in-Q IEEE 802.1q standard which allows us to use a single VLAN to transport multiple VLANS across the MAN or WAN. In doing so, we stack on an extra 802.1q tag to the customer’s traffic at the provider’s edge (PE). The original 802.1Q specificationallows a single VLAN header to be inserted into an Ethernet frame.A port configured to support 802.1Q tunneling is called a tunnel port. When you configure tunneling, you assign a tunnel port to a VLAN that is dedicated to tunneling. Each customer requires a separate VLAN, but that VLAN supports all of the customer’s VLANs.
How It works
——————-
Referece pic: Cisco Site
Customer Edge1——(802.1Q Trunk port having cutomer Vlan Ids)
V
V
V
Service Provider edge switch1 —-(Packets entering the tunnel port on the service-provider edge switch, which are already 802.1Q-tagged with the appropriate VLAN IDs, are encapsulated with another layer of an 802.1Q tag that contains a VLAN ID unique to the customer).
Uplink Fast
Uplink Fast
___________
Cisco enhanced the original 802.1D specification with features such as Uplink Fast to speed up the convergence time of a bridged network.
The drawback is that these mechanisms are proprietary and need additional configuration. The UplinkFast feature is a Cisco proprietary technique that reduces the recovery time further down to the order f 1 sec
Normal Scenerio without Uplink fast
————————————
Assume SW1 = Root Bridge
SW3 = access switch with one of its uplinks in blocking mode
Uplink from SW3 to SW2 via port A is primary and SW3 to SW2 via port B is redundant uplink
SW1——————- SW2
– -
– -
– -
– -
-SW3-
suppose uplink SW3 to SW1 fails,port A goes down immediatly.SW3 consider now link to SW2 as its still receiving BPDUs from root,but to get the link to forwrding state ,it will take 30 sec(learning and listening stage) Port B reaches forwarding state after 30 sec qnd network connectivity is established.
Scenerio with Uplink fast
—————————
Note: 1) The switch has only two uplinks.
2) The switch has more than two uplinks, but the STP parameters are set in such way, that Continue reading
2012 in review
The WordPress.com stats helper monkeys prepared a 2012 annual report for this blog.
Here’s an excerpt:
The new Boeing 787 Dreamliner can carry about 250 passengers. This blog was viewed about 1,100 times in 2012. If it were a Dreamliner, it would take about 4 trips to carry that many people.
Click here to see the complete report.
