Tuesday, November 26, 2013

VRF Maximum Routes

 

Maximum routes under customer vrf, if the service provider had unlimited resources he would not have needed that!
however normally resources are limited and expensive, and Service provider would like to make money from his available resources. maximum routes configured under VRF provide a mean of controlling PE local resource and abuse avoidance from the CE side.

 

I have vrf called DC_EXTRANET, you can see that I have 16 routes, I have configured
10 maximum routes under that vrf however I did not want to be aggressive so I have set the

 

warning only option.
See that immediately I get a notice that I have more routes then the maximum, however no action
is taken other then alerting and sending a syslog.
!
PE_ashdod_otherisp.n(config-vrf)# maximum routes 10 warning-only 
% The current number of routes in the routing table is equal to, or exceeds the configured warning limit
PE_ashdod_otherisp.n(config-vrf)#
*Nov 26 20:39:41.175: %IPRT-3-ROUTELIMITWARNING: IP routing table limit warning - DC_EXTRANET
PE_ashdod_otherisp.n(config-vrf)#do sh ip rou vrf DC_EXTRANET
Routing Table: DC_EXTRANET
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override
Gateway of last resort is not set
      50.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
B        50.0.0.0/30 [200/0] via 20.255.10.10, 00:09:31
B        50.0.100.0/24 [200/0] via 20.255.10.10, 00:09:31
B        50.255.255.1/32 [200/0] via 20.255.10.10, 00:09:31
      60.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
B        60.0.0.0/30 [200/0] via 7.7.7.7, 00:00:04
B        60.0.100.0/24 [200/0] via 7.7.7.7, 00:00:04
B        60.0.101.0/24 [200/0] via 7.7.7.7, 00:00:04
B        60.0.102.0/24 [200/0] via 7.7.7.7, 00:00:04
B        60.0.103.0/24 [200/0] via 7.7.7.7, 00:00:04
B        60.255.255.1/32 [200/0] via 7.7.7.7, 00:00:04
      70.0.0.0/8 is variably subnetted, 7 subnets, 3 masks
C        70.0.0.0/30 is directly connected, FastEthernet2/0
L        70.0.0.1/32 is directly connected, FastEthernet2/0
B        70.0.100.0/24 [20/0] via 70.0.0.2, 00:20:22
B        70.0.101.0/24 [20/0] via 70.0.0.2, 00:20:22
B        70.0.102.0/24 [20/0] via 70.0.0.2, 00:20:22
B        70.0.103.0/24 [20/0] via 70.0.0.2, 00:20:22
B        70.255.255.1/32 [20/0] via 70.0.0.2, 00:20:22
PE_ashdod_otherisp.n(config-vrf)#

 

 

now I would like to show you what will happen from RIB/FIB and BGP when I am activating the maximum prefix’s in aggressive mode:

 

Prior to modifying the maximum value, on the CE you can see that I am getting BGP updates:
CE_ashdod_DC_SERVICES#  show ip bgp     
BGP table version is 160, local router ID is 70.255.255.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
*> 50.0.0.0/30      70.0.0.1                               0 9002 33462 ?
*> 50.0.100.0/24    70.0.0.1                               0 9002 33462 ?
*> 50.255.255.1/32  70.0.0.1                               0 9002 33462 ?
*> 60.0.0.0/30      70.0.0.1                               0 9002 9001 33462 ?
*> 60.0.100.0/24    70.0.0.1                               0 9002 9001 33462 ?
*> 60.0.101.0/24    70.0.0.1                               0 9002 9001 33462 ?
*> 60.0.102.0/24    70.0.0.1                               0 9002 9001 33462 ?
*> 60.0.103.0/24    70.0.0.1                               0 9002 9001 33462 ?
*> 60.255.255.1/32  70.0.0.1                               0 9002 9001 33462 ?
Now maximum routes is set to 10 and Threshold before sending warning to 100% notice
immediately RIB and FIB will be updated accordingly however BGP is not effected meaning that
this is locally significant and will not cause a lot of noise due to a local problem / over utilizing allowed
resources.
PE_ashdod_otherisp.n(config-vrf)# maximum routes 10 100 
% The current number of routes in the routing table is equal to, or exceeds the configured warning limit
% The routing table is being reloaded to enforce (or allow) the new route limit.
PE_ashdod_otherisp.n(config-vrf)#
*Nov 26 20:57:08.359: %IPRT-3-ROUTELIMITWARNING: IP routing table limit warning - DC_EXTRANET
*Nov 26 20:57:08.363: %IPRT-3-ROUTELIMITEXCEEDED: IP routing table limit exceeded - DC_EXTRANET
PE_ashdod_otherisp.n(config-vrf)#
PE_ashdod_otherisp.n(config-vrf)#
PE_ashdod_otherisp.n(config-vrf)#do sh ip rou vrf DC_EXTRANET       
Routing Table: DC_EXTRANET
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override
Gateway of last resort is not set
      50.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
B        50.0.0.0/30 [200/0] via 20.255.10.10, 00:00:15
B        50.0.100.0/24 [200/0] via 20.255.10.10, 00:00:15
B        50.255.255.1/32 [200/0] via 20.255.10.10, 00:00:15
      60.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
B        60.0.0.0/30 [200/0] via 7.7.7.7, 00:00:15
B        60.0.100.0/24 [200/0] via 7.7.7.7, 00:00:15
B        60.0.101.0/24 [200/0] via 7.7.7.7, 00:00:15
B        60.0.102.0/24 [200/0] via 7.7.7.7, 00:00:15
B        60.0.103.0/24 [200/0] via 7.7.7.7, 00:00:15
      70.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        70.0.0.0/30 is directly connected, FastEthernet2/0
L        70.0.0.1/32 is directly connected, FastEthernet2/0
PE_ashdod_otherisp.n(config-vrf)#
CE_ashdod_DC_SERVICES#  show ip bgp 
BGP table version is 184, local router ID is 70.255.255.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
   Network          Next Hop            Metric LocPrf Weight Path
*> 50.0.0.0/30      70.0.0.1                               0 9002 33462 ?
*> 50.0.100.0/24    70.0.0.1                               0 9002 33462 ?
*> 50.255.255.1/32  70.0.0.1                               0 9002 33462 ?
*> 60.0.0.0/30      70.0.0.1                               0 9002 9001 33462 ?
*> 60.0.100.0/24    70.0.0.1                               0 9002 9001 33462 ?
*> 60.0.101.0/24    70.0.0.1                               0 9002 9001 33462 ?
*> 60.0.102.0/24    70.0.0.1                               0 9002 9001 33462 ?
*> 60.0.103.0/24    70.0.0.1                               0 9002 9001 33462 ?
*> 60.255.255.1/32  70.0.0.1                               0 9002 9001 33462 ?

Additional scenario:

maximum prefix’s are at 14

 

Routing Table: DC_EXTRANET
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override
Gateway of last resort is not set
      50.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
B        50.0.0.0/30 [200/0] via 20.255.10.10, 00:01:23
B        50.0.100.0/24 [200/0] via 20.255.10.10, 00:01:23
B        50.255.255.1/32 [200/0] via 20.255.10.10, 00:01:23
      60.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
B        60.0.0.0/30 [200/0] via 7.7.7.7, 00:00:20
B        60.0.100.0/24 [200/0] via 7.7.7.7, 00:00:20
B        60.0.101.0/24 [200/0] via 7.7.7.7, 00:00:20
B        60.0.102.0/24 [200/0] via 7.7.7.7, 00:00:20
B        60.0.103.0/24 [200/0] via 7.7.7.7, 00:00:20
B        60.255.255.1/32 [200/0] via 7.7.7.7, 00:00:20
      70.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
C        70.0.0.0/30 is directly connected, FastEthernet2/0
L        70.0.0.1/32 is directly connected, FastEthernet2/0
B        70.0.100.0/24 [20/0] via 70.0.0.2, 00:01:23
B        70.0.101.0/24 [20/0] via 70.0.0.2, 00:01:23
B        70.0.102.0/24 [20/0] via 70.0.0.2, 00:01:23

 

I send withdraw  for 70.0.101.0/24 from the CE router, now I have one more spot (14 –1) available, however the router does not re-evaluate the table and insert the next available, think of what if it did! (the CE could have abuse the router causing him to always re-evaluate what need to be inserted/removed to/from RIB/FIB!!), re-evaluation happen when you modify maximum routes value or when you re-send (withdraw and update) the un-used  routes  :

 

PE_ashdod_otherisp.n(config)#do sh ip rou vrf DC_EXTRANET
Routing Table: DC_EXTRANET
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override
Gateway of last resort is not set
      50.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
B        50.0.0.0/30 [200/0] via 20.255.10.10, 00:01:30
B        50.0.100.0/24 [200/0] via 20.255.10.10, 00:01:30
B        50.255.255.1/32 [200/0] via 20.255.10.10, 00:01:30
      60.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
B        60.0.0.0/30 [200/0] via 7.7.7.7, 00:00:27
B        60.0.100.0/24 [200/0] via 7.7.7.7, 00:00:27
B        60.0.101.0/24 [200/0] via 7.7.7.7, 00:00:27
B        60.0.102.0/24 [200/0] via 7.7.7.7, 00:00:27
B        60.0.103.0/24 [200/0] via 7.7.7.7, 00:00:27
B        60.255.255.1/32 [200/0] via 7.7.7.7, 00:00:27
      70.0.0.0/8 is variably subnetted, 4 subnets, 3 masks
C        70.0.0.0/30 is directly connected, FastEthernet2/0
L        70.0.0.1/32 is directly connected, FastEthernet2/0
B        70.0.100.0/24 [20/0] via 70.0.0.2, 00:01:30
B        70.0.102.0/24 [20/0] via 70.0.0.2, 00:01:30
PE_ashdod_otherisp.n(config)#

 

However if you do not care about abuse from CE side you can use the below command, that will re-evaluate once crossing certain threshold, but I think that if you do not care about the abuse (do not limit the amount of prefix’s):

PE_ashdod_otherisp.n(config-vrf)# maximum routes 14 100 reinstall ?  
  <1-100>  Threshold value (%) at which to reinstall routes back to VRF

Tuesday, November 19, 2013

CCDE Written

 

Just recently I had to re-certify my CCIE, so I have decided to go for the CCDE written this time. I have cleared that Exam so I would like to share some of the material I have used, the written encompass high level design focusing on VPN’s from all sort and types (MPLS , DMVPN , GETVPN , IPSEC , L2 , VPLS, MLD) and adding with that Security QoS and Management even storage. so you do not need to know how to configure everything (or anything for that meter) you must need to know where and what technology to use in different given situations.

To study for that exam I had done some reading (not cover to cover)

BGP Design and Implementation

MPLS and VPN Architectures (CCIP Edition)

In Addition I have used the excellent resource called ciscolive365 video lectures:

BRKMPL-2102 Deploy MPLS Based IP VPN

BRKRST-3310 Troubleshoot OSPF

BRKRST-2042 HA WAN Design

BRKRST-2310 OSPF Large Scale

BRKSEC-4054 DMVPN

BRKIPM-2444 EIGRP

Written check list:

https://learningnetwork.cisco.com/docs/DOC-13054

ISIS Database Reading

 

ISIS is simple to operate normally while everything is working, most common deployments are flat network based on L2, however when there is a problem and we need to start troubleshooting then people start to get lost.

So I would like to provide some tools on how to read ISIS database.

 

  • notice to the “*” sign, that mean LSP was generated on the router you did the show command, you can see that host name from the show command match also host name on the LSPID,
  • LSPID identified by hostname.xx-yy,  xx is normally 00 unless that LSP is pseudo node LSP generated by DIS , yy is representing the number of fragments for that LSP 00 – FF (max 255 fragments, plenty), most cases all the important information will be in 00 unless there are many fragments.
  • LSP Holdtime is the amount of time an LSP will stay in database without any refresh.
  • ATT/P/OL - 0/0/0, ATT bit or attached bit is used on L1/L2 connected to L1 node, if set to 1 L1 node will generate default route to the best L1/L2 node (best metric)
  • ATT/P/OL - 0/0/0, OL bit or overload bit, in the past it was used when router was over loaded to set all links on the router as unusable, preventing others from transiting, that node, today it is used mostly to wait for bgp convergence.

 

P_london_someisp.net#show isis database 
IS-IS Level-2 Link State Database:
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
P_london_somei.00-00* 0x00000005   0x65C5        1177              0/0/0
P_dublin_somei.00-00  0x00000004   0x8346        1176              0/0/0
P_cyprus_somei.00-00  0x00000005   0x5634        1183              0/0/0
P_LA_someisp.n.00-00  0x00000005   0xDE33        1175              0/0/0
PE_newyork_som.00-00  0x00000003   0x2EF0        1179              0/0/0
PE_telaviv_som.00-00  0x00000004   0x2877        1181              0/0/0
PE_Jerusalem_s.00-00  0x00000002   0x2994        1172              0/0/0
PE_Jerusalem_s.02-00  0x00000001   0x2ED2        1171              0/0/0

From the database each router build a topology using SPF (dijkstra algorithm), if I would like to understand how to get from one router to another I can look into the ISIS database detail and understand that:

For the example, I would like to see only with the database, how to get from my self
to PE_telaviv without looking into the topology or routing table (just for fun): 
Notice that according to my LSP I can see the neighbors I am connected to, and the net address
for each link along with metric.
P_london_someisp.net#$atabase  level-2 det P_london_someisp.net.00-00   
IS-IS Level-2 LSP P_london_somei.00-00
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
P_london_somei.00-00* 0x00000006   0x63C6        409               0/0/0
  Area Address: 49.0001
  NLPID:        0xCC 
  Hostname: P_london_someisp.net
  IP Address:   1.1.1.1
  Metric: 10         IS-Extended P_dublin_somei.00
  Metric: 10         IS-Extended P_cyprus_somei.00
  Metric: 10         IS-Extended P_LA_someisp.n.00
  Metric: 10         IS-Extended PE_newyork_som.00
  Metric: 10         IP 1.1.1.1/32
  Metric: 10         IP 10.100.1.4/30
  Metric: 10         IP 10.100.1.16/30
  Metric: 10         IP 10.100.1.20/30
  Metric: 10         IP 10.100.1.24/30
P_london_someisp.net#

 

 

now if I take the first neighbor from my LSP P_dublin and look into his LSP:
notice that one of his neighbors is PE_telaviv.
So 10 to reach dublin + 10 to reach telaviv = 20 total cost from london to telaviv 
I have taken the next neighbor cyprus and it looks like we have also 20 metric path using 
cyprus, so we will have load sharing between them.
notice that P_LA and PE_newyork does not have direct link to PE_telaviv, that mean we do not
need to explorer more in that direction as any route using them will have higher cost.

 

 

P_london_someisp.net#$atabase  level-2 det P_dublin_someisp.net.00-00
IS-IS Level-2 LSP P_dublin_somei.00-00
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
P_dublin_somei.00-00  0x00000006   0x7F48        1077              0/0/0
  Area Address: 49.0001
  NLPID:        0xCC 
  Hostname: P_dublin_someisp.net
  IP Address:   2.2.2.2
  Metric: 10         IS-Extended P_london_somei.00
  Metric: 10         IS-Extended P_cyprus_somei.00
  Metric: 10         IS-Extended P_LA_someisp.n.00
  Metric: 10         IS-Extended PE_telaviv_som.00
  Metric: 10         IP 2.2.2.2/32
  Metric: 10         IP 10.100.1.0/30
  Metric: 10         IP 10.100.1.12/30
  Metric: 10         IP 10.100.1.16/30
  Metric: 10         IP 10.100.1.36/30
P_london_someisp.net#$atabase  level-2 det P_cyprus_someisp.net.00-00
IS-IS Level-2 LSP P_cyprus_somei.00-00
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
P_cyprus_somei.00-00  0x00000007   0x5236        854               0/0/0
  Area Address: 49.0001
  NLPID:        0xCC 
  Hostname: P_cyprus_someisp.net
  IP Address:   3.3.3.3
  Metric: 10         IS-Extended P_london_somei.00
  Metric: 10         IS-Extended P_dublin_somei.00
  Metric: 10         IS-Extended P_LA_someisp.n.00
  Metric: 10         IS-Extended PE_telaviv_som.00
  Metric: 10         IS-Extended PE_Jerusalem_s.02
  Metric: 10         IP 3.3.3.3/32
  Metric: 10         IP 10.100.1.0/30
  Metric: 10         IP 10.100.1.4/30
  Metric: 10         IP 10.100.1.8/30
  Metric: 10         IP 10.100.1.32/30
  Metric: 10         IP 20.0.0.0/24
P_london_someisp.net#$atabase  level-2 det P_LA_someisp.net.00-00    
IS-IS Level-2 LSP P_LA_someisp.n.00-00
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
P_LA_someisp.n.00-00  0x00000007   0xDA35        690               0/0/0
  Area Address: 49.0001
  NLPID:        0xCC 
  Hostname: P_LA_someisp.net
  IP Address:   4.4.4.4
  Metric: 10         IS-Extended P_london_somei.00
  Metric: 10         IS-Extended P_dublin_somei.00
  Metric: 10         IS-Extended P_cyprus_somei.00
  Metric: 10         IS-Extended PE_newyork_som.00
  Metric: 10         IP 4.4.4.4/32
  Metric: 10         IP 10.100.1.8/30
  Metric: 10         IP 10.100.1.12/30
  Metric: 10         IP 10.100.1.20/30
  Metric: 10         IP 10.100.1.28/30
P_london_someisp.net#show isis database  level-2 det PE_newyork_someisp.net.00$
IS-IS Level-2 LSP PE_newyork_som.00-00
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
PE_newyork_som.00-00  0x00000005   0x2AF2        499               0/0/0
  Area Address: 49.0001
  NLPID:        0xCC 
  Hostname: PE_newyork_someisp.net
  IP Address:   5.5.5.5
  Metric: 10         IS P_london_somei.00
  Metric: 10         IS P_LA_someisp.n.00
  Metric: 10         IS-Extended P_london_somei.00
  Metric: 10         IS-Extended P_LA_someisp.n.00
  Metric: 10         IP 5.5.5.5/32
  Metric: 10         IP 10.100.1.24/30
  Metric: 10         IP 10.100.1.28/30
  Metric: 10         IP 5.5.5.5 255.255.255.255
  Metric: 10         IP 10.100.1.24 255.255.255.252
  Metric: 10         IP 10.100.1.28 255.255.255.252

 

 

To see the topology now and see if we are on the right track, notice that we are correct 20 metric
one with dublin and the other trough cyprus with 20 metric doing load sharing.

 

 

P_london_someisp.net#show isis topology 
IS-IS paths to level-2 routers
System Id            Metric     Next-Hop             Interface   SNPA
P_london_someisp.net --
P_dublin_someisp.net 10         P_dublin_someisp.net Se1/2       *HDLC*         
P_cyprus_someisp.net 10         P_cyprus_someisp.net Se1/1       *HDLC*         
P_LA_someisp.net     10         P_LA_someisp.net     Se1/0       *HDLC*         
PE_newyork_someisp.ne10         PE_newyork_someisp.neMu1         *PPP*          
PE_telaviv_someisp.ne20         P_dublin_someisp.net Se1/2       *HDLC*         
                                P_cyprus_someisp.net Se1/1       *HDLC*         
PE_Jerusalem_someisp.20         P_cyprus_someisp.net Se1/1       *HDLC*         

Wednesday, February 06, 2013

OSPFv3 Forwarding Address under NSSA vs Regular External

ospfv3_simple

I am sharing something I researched recently at work, and still do not have the final answer, however it is interesting so I decided to write about it, some of the development group asked us why and if it is really important to use the Forwarding address in OSPFv3 implementation.

I have used the above model (and another that may be I will share later).

External NSSA

External without NSSA

  • I am advertising from R6 and R5 net 2001:11:145:56::
  • On the External database of R1 there is only a single selected although under R3 both options (from R5 and R6) are there, so it looks like it is being filtered.

R1#sh ipv ospf database external

            OSPFv3 Router with ID (150.1.1.1) (Process ID 1)

                Type-5 AS External Link States

  …

  Routing Bit Set on this LSA

  LS age: 143

  LS Type: AS External Link

  Link State ID: 1

  Advertising Router: 150.3.3.3

  LS Seq Number: 80000002

  Checksum: 0xEC3F

  Length: 56

  Prefix Address: 2001:11:145:56::

  Prefix Length: 64, Options: None

  Metric Type: 2 (Larger than any link state path)

  Metric: 20

Forward Address: 2001:11:143:36::2

  External Route Tag: 600

  • R3 is the ABR and as such it translate the LSA-7 to 5
  • To reach Advertising router we must use link local

R1#sh ipv ospf database link

            OSPFv3 Router with ID (150.1.1.1) (Process ID 1)

                Link (Type-8) Link States (Area 0)

  LS age: 1175

  Options: (V6-Bit, E-Bit, R-bit, DC-Bit)

  LS Type: Link-LSA (Interface: FastEthernet1/1)

  Link State ID: 4 (Interface ID)

  Advertising Router: 150.1.1.1

  LS Seq Number: 80000001

  Checksum: 0x8CFC

  Length: 56

  Router Priority: 1

  Link Local Address: FE80::C800:19FF:FE9C:1D

  Number of Prefixes: 1

  Prefix Address: 2001:11:141:13::

  Prefix Length: 64, Options: None

  LS age: 1131

  Options: (V6-Bit, E-Bit, R-bit, DC-Bit)

  LS Type: Link-LSA (Interface: FastEthernet1/1)

  Link State ID: 5 (Interface ID)

Advertising Router: 150.3.3.3

  LS Seq Number: 80000001

  Checksum: 0xCC98

  Length: 56

  Router Priority: 1

Link Local Address: FE80::C802:19FF:FE9C:38

  Number of Prefixes: 1

  Prefix Address: 2001:11:141:13::

  Prefix Length: 64, Options: None

R1#

R1#show ipv route 2001:11:145:56::

Routing entry for 2001:11:145:56::/64

  Known via "ospf 1", distance 110, metric 20

  Tag 600, type extern 2

  Route count is 1/1, share count 0

  Routing paths:

FE80::C802:19FF:FE9C:38, FastEthernet1/1

      Last updated 00:16:00 ago

R1#

  • The FWD address used is the selected default gateway to reach the External prefix as it can have 2 paths (one from R5 and the other from R6)
  • However it looks like the FWD address is ignored as R3 install both paths and use both of them

R1#traceroute 2001:11:145:56::1

Type escape sequence to abort.

Tracing the route to 2001:11:145:56::1

  1  *

    2001:11:141:13::2 8 msec 4 msec

  2 2001:11:143:36::2 16 msec

    2001:11:143:35::2 16 msec

    2001:11:143:36::2 12 msec

R1#traceroute 2001:11:145:56::2

Type escape sequence to abort.

Tracing the route to 2001:11:145:56::2

  1 2001:11:141:13::2 4 msec 4 msec 8 msec

  2 2001:11:143:36::2 20 msec

    2001:11:143:35::2 8 msec

    2001:11:143:36::2 16 msec

R1#

  • On that case we both LSA to the External route

R1#show ipv os database external

            OSPFv3 Router with ID (150.1.1.1) (Process ID 1)

                Type-5 AS External Link States

  …

  Routing Bit Set on this LSA

  LS age: 54

  LS Type: AS External Link

  Link State ID: 7

  Advertising Router: 150.5.5.5

  LS Seq Number: 80000001

  Checksum: 0x442

  Length: 40

  Prefix Address: 2001:11:145:56::

  Prefix Length: 64, Options: None

  Metric Type: 2 (Larger than any link state path)

  Metric: 20

  External Route Tag: 500

Routing Bit Set on this LSA

  LS age: 28

  LS Type: AS External Link

  Link State ID: 4

  Advertising Router: 150.6.6.6

  LS Seq Number: 80000001

  Checksum: 0xAC35

  Length: 40

  Prefix Address: 2001:11:145:56::

  Prefix Length: 64, Options: None

  Metric Type: 2 (Larger than any link state path)

  Metric: 20

  External Route Tag: 600

  • To reach them R3 the ABR is advertising an Inter area router (similar to LSA 4)

R1#show ipv os database inter-area router

            OSPFv3 Router with ID (150.1.1.1) (Process ID 1)

                Inter Area Router Link States (Area 0)

  Routing Bit Set on this LSA

  LS age: 143

  Options: (V6-Bit, E-Bit, R-bit, DC-Bit)

  LS Type: Inter Area Router Links

  Link State ID: 2516911365

  Advertising Router: 150.3.3.3

  LS Seq Number: 80000001

  Checksum: 0x45D5

  Length: 32

  Metric: 1

  Destination Router ID: 150.5.5.5

  Routing Bit Set on this LSA

  LS age: 116

  Options: (V6-Bit, E-Bit, R-bit, DC-Bit)

  LS Type: Inter Area Router Links

  Link State ID: 2516977158

  Advertising Router: 150.3.3.3

  LS Seq Number: 80000001

  Checksum: 0x4BC9

  Length: 32

  Metric: 1

  Destination Router ID: 150.6.6.6

R1#

  • And again we need link local to reach ABR

R1#show ipv os database link

            OSPFv3 Router with ID (150.1.1.1) (Process ID 1)

                Link (Type-8) Link States (Area 0)

  LS age: 1959

  Options: (V6-Bit, E-Bit, R-bit, DC-Bit)

  LS Type: Link-LSA (Interface: FastEthernet1/1)

  Link State ID: 4 (Interface ID)

  Advertising Router: 150.1.1.1

  LS Seq Number: 80000001

  Checksum: 0x8CFC

  Length: 56

  Router Priority: 1

  Link Local Address: FE80::C800:19FF:FE9C:1D

  Number of Prefixes: 1

  Prefix Address: 2001:11:141:13::

  Prefix Length: 64, Options: None

  LS age: 34

  Options: (V6-Bit, E-Bit, R-bit, DC-Bit)

  LS Type: Link-LSA (Interface: FastEthernet1/1)

  Link State ID: 5 (Interface ID)

  Advertising Router: 150.3.3.3

  LS Seq Number: 80000002

  Checksum: 0xCA99

  Length: 56

  Router Priority: 1

Link Local Address: FE80::C802:19FF:FE9C:38

  Number of Prefixes: 1

  Prefix Address: 2001:11:141:13::

  Prefix Length: 64, Options: None

R1#

· Forwarding is correctly.

R1#traceroute 2001:11:145:56::1

Type escape sequence to abort.

Tracing the route to 2001:11:145:56::1

  1 2001:11:141:13::2 4 msec 8 msec 4 msec

  2 2001:11:143:35::2 8 msec

    2001:11:143:36::2 32 msec

    2001:11:143:35::2 12 msec

R1#traceroute 2001:11:145:56::2

Type escape sequence to abort.

Tracing the route to 2001:11:145:56::2

  1 2001:11:141:13::2 4 msec 4 msec 8 msec

  2 2001:11:143:35::2 8 msec

    2001:11:143:36::2 20 msec

    2001:11:143:35::2 16 msec

R1#

I have to say that the following implementation was based on Cisco IOS 15.2, older versions, do not use the Forwarding address at all although from the results above technically I do not see how it is used here as well forwarding wise.

As for the RFC’s the reference is https://tools.ietf.org/html/rfc5340

  • The forwarding address is present in the AS-external-LSA if and only if the AS-external-LSA's bit F is set.
  • case the F bit is marked:
  • It MUST NOT be set to the IPv6 Unspecified Address (0:0:0:0:0:0:0:0) or an IPv6 Link-Local Address (Prefix FE80/10)
  • forwarding address MUST advertise a global IPv6 address
  • Section A.4.8.  NSSA-LSAs

"The selection should proceed the same as OSPFv2 NSSA support [NSSA]with additional checking to ensure IPv6 link-local address are not selected."

  • that is referencing to NSSA RFC 3031 where it clearly indicate under section 2.3  Type-7 LSAs

          "6. Those Type-7 LSAs that are to be translated into Type-5 LSAs must have their forwarding address set."

What do you think?

Friday, January 18, 2013

Pass JNCIP-ENT

 

Today I completed the JNCIP-ENT test requirement, as I am working today mostly in the SP area some of the L2 subjects where a memory refreshers such as STP, QinQ (surprisingly high amount of questions in that area), easy (at least if you are in CCIE level) questions where in the Routing zone (OSPF and BGP). overall nice test I would think they should add some MPLS and reduce the L2 questions. I think that I will not pursue the JNCIE-ENT and prefer to go next with the SP track as more relevant to me.

 

 

jn_certified_professional_rgb

Wednesday, November 14, 2012

ISIS - Intermediate System to Intermediate System Intro

 

There is much information about ISIS history and present state, when I want to study something new I am looking for the small bullets that make subject easier to understand, once I got the basics I am taking each point and digging into it, here I would like to give the key elements for understanding ISIS and I would have to say  from the start that every point can be elaborated into at least an article if not a book (exaggerating) by itself:

  • ISIS link state protocol (most important key to start with and easiest to remember)
  • ISO protocol working based on CLNP (Connection Less Network Protocol)
  • Support IP Routing
  • Router (Node or IS) Addressing use 8 – 20 byte hex format address ( AREA + SYS-ID + NSEL )
  • ISIS have 2 hierarchy called Level 1 and Level 2
  • IS can be either Level 1 or Level 2 or Level 1 + 2
  • Level 1 may only have neighbor relations within the same area and only with L1 or L1 + L2 IS
  • Level 2 may establish neighbors relation with other areas, Level 2 also refer to as backbone (some time compared to OSPF area 0)
  • In case level-1-2 is used and the neighbor IS is also level-1-2 and both systems are in the same area, the IS will form 2 neighbors 1 for Level 1 and another for Level 2.
  • DIS – Designated IS very similar to DR function in OSPF to reduce the size of the database and allowing efficient scalability, one exist in every broadcast domain and level
  • DIS is preemptive eligible meaning that is a IS will come up with stronger parameters it will take the DIS role
  • Only 2 types of interfaces, broadcast and point to point
  • Authentication can be done separately on Hello messages or link state updates
  • Support extensions using different TLV’s (Type length value) like Graceful restart, TE…

 

image

What you see from below is that R3 is the the DIS, according to the pseudonode see at the bottom of the output generated by the DIS LSP with metric 0 to each of the routers on the LAN.

 

R1#show isis database detail
IS-IS Level-1 Link State Database:
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
R1.00-00            * 0x00000006   0x1919        1114              0/0/0
  Area Address: 49.0001
  NLPID:        0xCC
  Hostname: R1
  IP Address:   10.123.0.1
  Metric: 10         IP 10.123.0.0 255.255.255.0
  Metric: 10         IS R3.01
R2.00-00              0x00000004   0x0CBF        1165              0/0/0
  Area Address: 49.0001
  NLPID:        0xCC
  Hostname: R2
  IP Address:   10.123.0.2
  Metric: 10         IP 10.123.0.0 255.255.255.0
  Metric: 10         IS R3.01
R3.00-00              0x00000004   0xFA68        960               0/0/0
  Area Address: 49.0001
  NLPID:        0xCC
  Hostname: R3
  IP Address:   10.123.0.3
  Metric: 10         IP 10.123.0.0 255.255.255.0
  Metric: 10         IS R3.01
R3.01-00              0x00000004   0x3195        1101              0/0/0
  Metric: 0          IS R3.00
  Metric: 0          IS R1.00
  Metric: 0          IS R2.00
IS-IS Level-2 Link State Database:
LSPID                 LSP Seq Num  LSP Checksum  LSP Holdtime      ATT/P/OL
R1.00-00            * 0x00000007   0x0E23        1004              0/0/0
  Area Address: 49.0001
  NLPID:        0xCC
  Hostname: R1
  IP Address:   10.123.0.1
  Metric: 10         IS R3.01
  Metric: 10         IP 10.123.0.0 255.255.255.0
R2.00-00              0x00000003   0x05C7        354               0/0/0
  Area Address: 49.0001
  NLPID:        0xCC
  Hostname: R2
  IP Address:   10.123.0.2
  Metric: 10         IS R3.01
  Metric: 10         IP 10.123.0.0 255.255.255.0
R3.00-00              0x00000004   0xF171        1120              0/0/0
  Area Address: 49.0001
  NLPID:        0xCC
  Hostname: R3
  IP Address:   10.123.0.3
  Metric: 10         IS R3.01
  Metric: 10         IP 10.123.0.0 255.255.255.0
R3.01-00              0x00000004   0xE26C        1180              0/0/0
  Metric: 0          IS R3.00
  Metric: 0          IS R1.00
  Metric: 0          IS R2.00
R1#