TTL Bits
Author Archives: TTL Bits
- Home → Author's archive:
TTL Bits
MPLS Scenario: Manually Configuring a BGP Router ID per VRF
Today I am going to talk about the configuration part of the BGP router id per VRF. In my example we took two different VRFs name NB and ttlbits and defined that VRF configurations.
The IP addresses are used here is for the demo purposes only and has no relevance with any of the enterprise network. These configurations are the demo configurations and will help you out for the configuration on your live network.
Below are the steps to configure the BGP router id per VRF. These steps are
Below is the basic configuration of defining the VRF
Defining VRF ttlbits on the router
The IP addresses are used here is for the demo purposes only and has no relevance with any of the enterprise network. These configurations are the demo configurations and will help you out for the configuration on your live network.
Below are the steps to configure the BGP router id per VRF. These steps are
- Defining VRF_ttlbits on the router
- Defining VRF_NB on the router
- Configuring Loopback with the IP address
- Configuring Ethernet interfaces with VRF
- Configuring VPNv4 and IPv4 address family
 |
| Fig 1.1- Basic Sample MPLS network topology |
Below is the basic configuration of defining the VRF
Defining VRF ttlbits on the router
!
ip vrf vrf_ttlbits
rd 45000:1
route-target export 50000:50
route-target import 40000:1
!
Defining VRF NB on the router
!
ip vrf vrf_NB
rd 65500:1
route-target export 65500:1
route-target import 65500:1
!
Configuring Loopback with the IP address
!
interface Loopback0
ip address 10.10.10.1 255.255.255.255
!
Configuring Ethernet interfaces with the IP address
interface Ethernet0/0
ip vrf forwarding vrf_ttlbits
ip address Continue reading
Implementing VXLAN Routing- Arista Networks
Today I am talking about the VXLAN protocol routing. VXLAN routing is enabled by creating a VLAN interface (SVI) on a VLAN that is associated to a VNI. As you know that VXLAN is called as Virtual extensible LAN. VXLAN is a way to extend the Layer 2 subnets over layer 3 network. VXLAN is now one of the demanding way of extended the Layer 2 traffic.
Earlier we have so many technologies to do so like we have VPLS, MPLS and OTV( Cisco) in the Datacenter network. But VXLAN is used for the fabric network where you can have end to end tunnels within your LAN network. Now a days if you are looking the enterprise network you will find that VXLAN is used in the Datacenter and Campus networks with the Software defined.
Let's talk about the VXLAN implementation routing on Arista devices. We have two switches connected via core routers and end devices are connected to that switches. In the case of VXLAN you should aware about the three things and these things are
Earlier we have so many technologies to do so like we have VPLS, MPLS and OTV( Cisco) in the Datacenter network. But VXLAN is used for the fabric network where you can have end to end tunnels within your LAN network. Now a days if you are looking the enterprise network you will find that VXLAN is used in the Datacenter and Campus networks with the Software defined.
Let's talk about the VXLAN implementation routing on Arista devices. We have two switches connected via core routers and end devices are connected to that switches. In the case of VXLAN you should aware about the three things and these things are
- VLAN : Virtual LAN and i guess everybody knows about it
- VNI: Virtual Network Identifier, VXLAN network identified by a unique VNI is Continue reading
SD-Access ( Fabric Network, Automation and Analytics LAN ) – Campus Networks
Today I am going to talk about new generation technology which Cisco launches in the LAN Campus network. The Next generation is dedicated to the Software defined network and thats what Cisco takes this approach to the LAN network as well with orchestration. Cisco put the pillars and made a architecture around it which includes - Campus Fabric Network, Automation, Authentication and Analytics. All these features are built into the SD-Access technology and will going to replace the traditional approach of Campus Network.
I knew you have some questions around it like
How traffic flows in Campus Network?
What and how fabric works?
Is there VLAN approach works?
Do we need to have SVIs ?
Well take a look into SD-Access approach you will come to know what approach Cisco takes to make it successful in the Campus
SD-Access = Campus Fabric+ DNA Center
Campus Fabric:
Campus Fabric have these three protocols works together to make it excellent way to communicate.
I knew you have some questions around it like
How traffic flows in Campus Network?
What and how fabric works?
Is there VLAN approach works?
Do we need to have SVIs ?
Well take a look into SD-Access approach you will come to know what approach Cisco takes to make it successful in the Campus
SD-Access = Campus Fabric+ DNA Center
Campus Fabric:
Campus Fabric have these three protocols works together to make it excellent way to communicate.
- LISP- Location/Identifier Seperation Protocol- Control Plane
- VXLAN- Virtual Extensible LAN - Data Plane
- Cisco Trustsec- Segmented Tags
I will explain all these protocols one by one in later articles and then i will come up with the solution with Continue reading
Comparison: Cisco Catalyst 9500 Vs Cisco Catalyst 4500 Vs Cisco 3850 Switches
Today I am going to talk about the fixed core chassis Cisco catalyst 9500 which Cisco released a month back. Cisco 9500 is actually enhanced version of Cisco catalyst 4500 chassis and also Cisco 3850 Switch. There are lot of other best features in Cisco 9500 Chassis as some of the features are just amazing in this device.
So we have Cisco 3850, Cisco 4500 Catalyst Switches, Cisco 6500 Catalyst switches, Cisco 6800 Catalyst switches and now Cisco 9000 catalyst switches with 3 flavours ( Cisco 9300 catalyst switches, Cisco 9400 catalyst switches and Cisco 9500 Catalyst switches)
How topology and the demand changes, below is the example topology showing the changes which leads to the next generation fabric network with cloud ready solutions and automation. CLI is gone for the campus fabric, All policy is driven with the SDN controller.
If we have Cisco 4500 and Cisco 3850 fixed chassis why we required Cisco 9500 chassis ?
I knew this is one of the question which you actually thinking and for this i would like to say that you need to understand the next generation campus requirements where customer wants to be Continue reading
So we have Cisco 3850, Cisco 4500 Catalyst Switches, Cisco 6500 Catalyst switches, Cisco 6800 Catalyst switches and now Cisco 9000 catalyst switches with 3 flavours ( Cisco 9300 catalyst switches, Cisco 9400 catalyst switches and Cisco 9500 Catalyst switches)
How topology and the demand changes, below is the example topology showing the changes which leads to the next generation fabric network with cloud ready solutions and automation. CLI is gone for the campus fabric, All policy is driven with the SDN controller.
 |
| Fig 1.1- Network topology and Next Generations |
If we have Cisco 4500 and Cisco 3850 fixed chassis why we required Cisco 9500 chassis ?
I knew this is one of the question which you actually thinking and for this i would like to say that you need to understand the next generation campus requirements where customer wants to be Continue reading
Back to Basics : Access-Lists and Types
Today I am going to talk about the Access Lists and how we can use that access lists in our network. These Access lists are used in many ways. We have different ways to use it and we also have different configurations for different Access Lists.
Before we start with the various access lists, let's talk about what the Access Lists actual are and why they are used. So answer to your question is Access-List is the way to filter the IP packets entering to the network. So with the use of Access-Lists you can permit or deny the IP packets on the base of IPs, Names, protocols and so on and the routing table decide the traffic routing on the basis of the set of rules we authorised.
Below is just a Sample diagram showing using the Access-Lists and has no relevance with any of the configuration used below.
We have different kinds of Access-lists and I am taking a short note and the configuration part of these access-lists one by one. These access-lists are :
Let's Continue reading
Before we start with the various access lists, let's talk about what the Access Lists actual are and why they are used. So answer to your question is Access-List is the way to filter the IP packets entering to the network. So with the use of Access-Lists you can permit or deny the IP packets on the base of IPs, Names, protocols and so on and the routing table decide the traffic routing on the basis of the set of rules we authorised.
Below is just a Sample diagram showing using the Access-Lists and has no relevance with any of the configuration used below.
 |
| Sample Diagram showing Access-Lists |
We have different kinds of Access-lists and I am taking a short note and the configuration part of these access-lists one by one. These access-lists are :
- Standard Access-Lists
- Extended Access-Lists
- IP Named Access-Lists
- Lock and Key Access-Lists
- Reflexive access-Lists
- Context-Based Access Control
- Turbo Access-Lists
Let's Continue reading
Static Routing configuration different ways
Today I am going to talk about the Static routing and default routing. Some of you already know about the both these but some of you guys are still not aware about this stuff. This article is basically for the starters in the Networking field.
 |
| Fig 1.1- Sample Static routing configuration |
Let's talk about the IP routing first with the static routing. When using the ip route command, you can identify where packets should be routed to in two ways:
- The next-hop address
- The exit interface
Way-1 :The Next-Hop Address
Router(config)#ip route 172.16.20.0 255.255.255.0 172.16.10.2
172.16.20.0 = destination network255.255.255.0 = subnet mask
172.16.10.2 = next-hop address
172.16.10.2 = next-hop address
Way-2 :The exit interface
Router(config)#ip route 172.16.20.0 255.255.255.0 s0/0
172.16.20.0 = destination network
What does it means: To get to the destination network Continue reading
255.255.255.0 = subnet mask s0/0 = exit interface
Cisco and Juniper Routers : OSPF point to multipoint configurations
Today I am going to discuss on the OSPF configuration part, As you already know about the OSPF protocol and the network types in OSPF.
OSPF is a link state routing protocol and i wrote some of the articles on OSPF earlier as well. Please go through that articles to understand more about OSPF protocol
OSPF Basics
OSPF States
OSPF vs RIP protocols
Routing Basics : Distance Vector vs Link State Routing Protocol
Above are some of the articles on OSPF will help you more in the interview preparation.
OSPF Point to Multipoint Networks
Apart from all these today I am going to have sample configurations on OSPF point to multipoint networks.
Here in this article I am going to take a topology of OSPF point to multipoint network and let you know the Continue reading
OSPF is a link state routing protocol and i wrote some of the articles on OSPF earlier as well. Please go through that articles to understand more about OSPF protocol
OSPF Basics
OSPF States
OSPF vs RIP protocols
Routing Basics : Distance Vector vs Link State Routing Protocol
Above are some of the articles on OSPF will help you more in the interview preparation.
OSPF Point to Multipoint Networks
In the point-to-multipoint configurations, we need to emulate broadcast capability, it seeks to organise the PVCs into a collection of point-to-point networks. In the case of OSPF point to multipoint networks, the hello packets must still be replicated and transmitted individually to each neighbor, but the multipoint approach offers two distinct advantages: no DR/BDR is needed, and the emulated point-to-point links can occupy a common subnet.
Apart from all these today I am going to have sample configurations on OSPF point to multipoint networks.
Here in this article I am going to take a topology of OSPF point to multipoint network and let you know the Continue reading
Cisco Catalyst 6500 Chassis VSS Configuration ( Switch1 and Switch2 )
Today I am going to talk about VSS and tell you guys how to configure the VSS in the live environment. I am going to explain VSS first and then we will come up with the VSS configuration for both the switches which will be participate in the VSS.
Although we have three switches who can be used as VSS, It can be
- Cisco catalyst 4500 Series Switches
- Cisco Catalyst 6500 Series Switches
- Cisco Catalyst 6800 Series Switches
In this article I am taking the example of Cisco 6500 Switches in the VSS. Lets talk about VSS first now followed by the configurations:
Cisco Catalyst 6500 Series Virtual Switching System (VSS) is a technique by which we are going to merge two physical Cisco Catalyst 6500 Series switches together into a single, logically managed entity. In the case of Cisco catalyst 6500 where you can manage two chassis as a single control plane but you can have the dual data plane after enabling Cisco Virtual Switching System.
 |
| Fig 1.1-Sample Topology Cisco VSS Physical and Logical View |
It uses Cisco IOS Stateful Switchover (SSO) technology, as well as Non-Stop Forwarding (NSF) extensions to routing protocols, to provide a single, Continue reading
VPLS basic configurations in MPLS environment: Cisco Routers
Today I am going to tell you about the basic configurations of VPLS on the Cisco routers. Let's take an scenario where i can say that there is a MPLS network where we have PE1, PE2 and PE3 connected at the edges of the MPLS network and beyond that there are customer edge routers.
Let me explain little bit how Layer 2 split horizon enabled in the VPLS scenario. So on the edge of the MPLS PE routers VLAN packets received from the customer network can be forwarded to one or more local interfaces and or emulated VCs in the VPLS domain. To avoid broadcasted packets looping around in the network, no packet received from an emulated VC can be forwarded to any emulated VC of the VPLS domain on a PE router. That is, the Layer 2 split horizon should always be enabled as the default in a full-mesh network.
Below is the topology showing the VPLS connectivity across the three Service Provider Edge routers that i mentioned above. We have three PE routers and named as PE1, PE2 and PE3 routers. Below the topology we have the configurations on all these PE routers step by step. All Continue reading
Cisco Catalyst 9400 Switches – A new Launch
As in my earlier article i talked about the new launch of the Cisco catalyst 9300 and explain the features of that catalyst switch. Now I am going to talk about the other 2 series which Cisco launches. Cisco understand the requirement of the market and also competing with the other vendors for Next generation networks like SDN where open APIs can be used to stitch third party applications.
Cisco come up with the solution for the campus where they are going to deploy the fabric network on the top of traditional IP network. I will come up with another article where I can explain the architecture of the SD-Access network for the campus network designed by Cisco Systems.
With the launch of Cisco 9300, 9400 and 9500 cisco is running ahead in the field of enterprise network architecture. For Cisco catalyst 9300 please check the below mentioned link
Cisco Catalyst 9300 Switches for Campus
Now let me talk about the other two series of switches launched by Cisco Systems for campus or enterprise network named Cisco catalyst 9400 and 9500 switches.
Cisco Catalyst 9400 Switch:
With the help of Cisco catalyst 9400 switch you will achieve Advanced persistent security threats, Continue reading
Cisco come up with the solution for the campus where they are going to deploy the fabric network on the top of traditional IP network. I will come up with another article where I can explain the architecture of the SD-Access network for the campus network designed by Cisco Systems.
With the launch of Cisco 9300, 9400 and 9500 cisco is running ahead in the field of enterprise network architecture. For Cisco catalyst 9300 please check the below mentioned link
Cisco Catalyst 9300 Switches for Campus
Now let me talk about the other two series of switches launched by Cisco Systems for campus or enterprise network named Cisco catalyst 9400 and 9500 switches.
Cisco Catalyst 9400 Switch:
With the help of Cisco catalyst 9400 switch you will achieve Advanced persistent security threats, Continue reading
Juniper Routers Sample BGP Configurations : Quick and Easy
As in my earlier post i wrote about the basic configurations on Cisco Router where i define configurations on Route Reflector, Confederation, Route-Maps, Prefix Lists, Local Preference, AS-Path, MED, Communities and Peer groups.
In this article I am just going to put Juniper router basics BGP configurations. In the later articles I will cover all the configurations like Route Reflector, Confederation, Route-Maps, Prefix Lists, Local Preference, AS-Path, MED, Communities and Peer groups on juniper and Huawei routers.
Below is the basic network topology with configuration as below
Here in the above shown topology, we have Router A, Router B, Router C, Router D and Router E. Router A, B and C are in the AS 22 while Router D is in AS 79 and Router E is in AS 17
In this article I am just going to put Juniper router basics BGP configurations. In the later articles I will cover all the configurations like Route Reflector, Confederation, Route-Maps, Prefix Lists, Local Preference, AS-Path, MED, Communities and Peer groups on juniper and Huawei routers.
Below is the basic network topology with configuration as below
 |
| Fig 1.1- Juniper Router BGP Topology |
Configure the interfaces to Peers A, B, C, and D
Router_NB# set ge-1/2/0 unit 0 description to-A
Router_NB# set ge-1/2/0 unit 0 family inet address 10.10.10.1/30
Router_NB# set ge-0/0/1 unit 5 description to-B
Router_NB# set ge-0/0/1 unit 5 family inet address 10.10.10.5/30
Router_NB# set ge-0/1/0 unit 9 description to-C
Router_NB# set ge-0/1/0 unit 9 family inet address Continue reading
Cisco Advanced Malware Protection (AMP) Threat Grid Sandboxing
Cisco AMP so called as Advance Malware Protection is a term used for Malware file detection technology. AMP will provides you threat intelligence and analytics, point-in-time detection, continuous analysis, and retrospective security of malware files
AMP- Advance Malware Protection can be used at various levels of the network. It can be used as Threat Grid, Endpoints, Network. These all products actually make up an architecture and is not just a different products in the cisco portfolio.
In my earlier post i wrote about the Cisco AMP product for endpoints only. If you want to look that article, please go through the below link
Cisco AMP for Endpoints
We have following various AMP features at Cloud, Endpoint, Networks, web and email. In this article i am only covering the AMP for Threat Grid.
AMP- Advance Malware Protection can be used at various levels of the network. It can be used as Threat Grid, Endpoints, Network. These all products actually make up an architecture and is not just a different products in the cisco portfolio.
In my earlier post i wrote about the Cisco AMP product for endpoints only. If you want to look that article, please go through the below link
Cisco AMP for Endpoints
We have following various AMP features at Cloud, Endpoint, Networks, web and email. In this article i am only covering the AMP for Threat Grid.
- AMP Threat Grid
- AMP for Endpoints
- AMP for Networks
- AMP for Web
- AMP for Email
AMP Threat Grid:
AMP threat Grid can be used for appliances or in the cloud. Huge organisations with compliance and policy restrictions can analyze malware with the help of AMP Threat Grid locally by submitting samples to the appliance. It helps you effectively defend against both targeted attacks and threats from advanced malware Continue reading
Cisco Port Security Basics and configurations
Today I am going to talk about the Switching topic and that topic is Port Security. Port security is required in the case you want to control the traffic by allowing Specific MAC address entries, which means if the invalid MAC addresses traffic comes, it will be blocked or dropped.
Lets talk about the port security and the modes of port security. So the question is why port security required, may be want to safe from the attacks as well.
Why Port Security is important ?
Well port security is generally used so that you can easily prevent the unwanted MAC address traffic from the external or the internal network.
Port security can be enabled in three different ways are defined as below:
Lets talk about the port security and the modes of port security. So the question is why port security required, may be want to safe from the attacks as well.
Why Port Security is important ?
Well port security is generally used so that you can easily prevent the unwanted MAC address traffic from the external or the internal network.
Port security can be enabled in three different ways are defined as below:
- Protect : In the protected state, switch port will drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value.
- Restrict : In the restrict state, switch port will drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value and causes the SecurityViolation counter to increment
- Shutdown : In the shutdown state, switch port will Continue reading