I was honored to be approached earlier today by Mr. Neil Anderson fellow CCIE :-) that have his very cool and highly popular site www.flackbox.com, Neil have done some grate work building a new elaborate and ready to use CCNA Lab guide that I am more then happy to share his link over my blog: http://www.flackbox.com/cisco-ccna-lab-guide
I have taken a quick look and it for the CCNA Candidate it would be a grate guide to get to know his way around the Cisco Networking Practical work, in addition Neil have made it for you all that easy by keeping it all within the Virtual environment of GNS3 so you would not have to lift your ass of the seat even (Like I did back in the days ~20y ago)
So for all the CCNA to be (and I would add to the once that are as well) highly recommended
Good Luck
Showing posts with label cisco. Show all posts
Showing posts with label cisco. Show all posts
Monday, October 30, 2017
Wednesday, August 23, 2017
Do not be scared from WCCP
I would like to try with you (my readers) explanation in a format of Q&A , hopefully that will make it easier to understand as WCCP is not that hard.
Q:What is WCCP (web cache communication protocol)?
A:To make it simple WCCP is a protocol running between a router and a network appliance for allowing safer and smarter redirection of traffic.
Q:When you say network appliance what do you mean?
A: In WCCPv1 the protocol was used only for redirection of web traffic (and only TCP port 80) so it was clearly very limited for web application (hence the name), however since WCCPv2 the usage and capability expended and WAN optimization devices (WAAS, Riverbed SteelHead etc.) Security Appliances (Cisco WSA, Bluecoat WAF etc.) are using WCCP to receive traffic for optimization or content security handling.
Q: What are the main components of WCCP?
A: That is an Excellent Question :-) , well
Q:What is WCCP (web cache communication protocol)?
A:To make it simple WCCP is a protocol running between a router and a network appliance for allowing safer and smarter redirection of traffic.
Q:When you say network appliance what do you mean?
A: In WCCPv1 the protocol was used only for redirection of web traffic (and only TCP port 80) so it was clearly very limited for web application (hence the name), however since WCCPv2 the usage and capability expended and WAN optimization devices (WAAS, Riverbed SteelHead etc.) Security Appliances (Cisco WSA, Bluecoat WAF etc.) are using WCCP to receive traffic for optimization or content security handling.
Q: What are the main components of WCCP?
A: That is an Excellent Question :-) , well
- Redirector - The Router or group of routers
- Web Cache - That is the misleading part as is called a web cache but as mention above the network appliance can be also appliance that is performing MAPI or CIFS optimization, note that also the web cache function can be a cluster of Web Cache Engines that get traffic based on assignment method (lets elaborate on that later...)
Q: What are the responsibilities of the Redirector and Web Cache?
A: It seems like we are on the same page as you have some grate questions
- Redirector Jobs
- Listen for Web Cache Registration/s
- Intercept trafic according to configuration
- Redirect to the relevant Cache Engine according to the calculated assignment (again, we will elaborate later) in case there are multiple
- There are 2 redirection methods (L2/GRE)
- Maintain state by simply exchange control messages
- Web Cache Jobs
- Register to a Redirector list (one or more)
- Maintain state by simply exchange control messages
- Receive traffic from Redirector handle and send it to its destination
A: When redirector want to redirect traffic first he need to know to who he can send the traffic and if the web cache is active and ready to receive the traffic, and from the other end the web cache want to know who is going to send him traffic and tell him what he allowed to send (if he want to limit him)
That state is maintained with messages that are exchanged
Web Cache - send HERE_I_AM
Redirector - react with I_SEE_YOU
pic1: in the following you can see and example of packet capture between Redirector to Web Cache Engine
Q: You mention also something about redirection method (GRE/L2)?
A: I see you keep tracking , so yes! there are 2 Redirection methods L2 and GRE
GRE - as it sounds the router will create a GRE tunnel it will use to send traffic over to the Web Cache, the Web Cache return traffic can be L2 or Generic GRE (WAAS implementation)
L2 - simply mean traffic that need to be redirected the router will re-write the MAC destination to the Web Cache MAC address.
Show command over the router, you can see that Service ID 61 there is 1 Web Cache 1 Router Assignment HASH and redirection is GRE:
C881-K9-IL1#sh ip wccp summary
WCCP version 2 enabled, 2 services
Service Clients Routers Assign Redirect Bypass
------- ------- ------- ------ -------- ------
Default routing table (Router Id: 172.24.190.113):
61 1 1 HASH GRE GRE
62 0 0 HASH/MASK GRE/L2 GRE/L2
C881-K9-IL1#
Q: What is HASH and MASK ?
A: The WCCP was intended to provide a scalable and robust way of redirection traffic allowing high amount of traffic to load share between multiple Cache Engines and the Algorithm used to perform load sharing is either by HASH (default in most routers) or MASK (default mostly in L3 Switches)
Q: Almost forgot , what is service ID 61 62...?
A: As you remember the WCCP started to allow only TCP port 80 redirection however as there requirement modified there was a need to make it more flexible by allowing what is called dynamic service groups, the service group can define ports and redirection assignments based on source / destination...
Q: Why do I need 2 or more groups?
A: Some of the Cache Engines like WAAS are doing what is called transparent proxy , that mean that traffic sent from Client to Origin (Web Server) will keep the IP SRC/DST, so if traffic will be redirected only when sent from Client to Origin the return traffic will not be intercepted and it will be an asymmetric TCP connection that will be eventuality terminated as although the session is transparent TCP ports and seq/ack are not and both Client and Server will see that they are not actually talking to each other both directions, so now you will ask me so why not just set the same Service to intercept both direction, that is a good question and the answer is each Service Group has an assignment that determine to which Web Cache to Send the traffic , if you set the same HASH to both sides your traffic may return to the Wrong Web Cache so in order for traffic to return to the same Cache Engine you need to have the flip side of the Assignment
Sample Configuration:
ip wccp source-interface Loopback0
ip wccp 61
ip wccp 62
!
!
interface Loopback0
ip address 20.255.255.4 255.255.255.255
!
interface GigabitEthernet1
description DIRECT_WAN
ip address 20.200.0.2 255.255.255.252
ip wccp 62 redirect in
!
interface GigabitEthernet4
description "SITE_LAN"
ip address 20.2.0.1 255.255.255.0
ip wccp 61 redirect in
!
interface GigabitEthernet6
description “WAAS Segment”
ip address 20.100.0.1 255.255.255.252
!
Note: That Cisco have a default preconfigured behavior for SID 61 and 62
61 : hash is based on source IP
62 : hash is based on destination IP
OK Folks hope that provide some clarity and understanding, WCCP is really not very scary and very useful protocol :-)
Note: there are some excellent info in Cisco and also some limitation with platforms but I wanted to make sure first that there is clarity to the fundamentals
https://www.cisco.com/c/en/us/td/docs/app_ntwk_services/waas/waas/v501/configuration/guide/cnfg/traffic.html
Tuesday, November 26, 2013
VRF Maximum Routes
Maximum routes under customer vrf, if the service provider had unlimited resources he would not have needed that!
however normally resources are limited and expensive, and Service provider would like to make money from his available resources. maximum routes configured under VRF provide a mean of controlling PE local resource and abuse avoidance from the CE side.
I have vrf called DC_EXTRANET, you can see that I have 16 routes, I have configured10 maximum routes under that vrf however I did not want to be aggressive so I have set the
warning only option.See that immediately I get a notice that I have more routes then the maximum, however no actionis taken other then alerting and sending a syslog.!PE_ashdod_otherisp.n(config-vrf)# maximum routes 10 warning-only% The current number of routes in the routing table is equal to, or exceeds the configured warning limitPE_ashdod_otherisp.n(config-vrf)#*Nov 26 20:39:41.175: %IPRT-3-ROUTELIMITWARNING: IP routing table limit warning - DC_EXTRANETPE_ashdod_otherisp.n(config-vrf)#do sh ip rou vrf DC_EXTRANETRouting Table: DC_EXTRANETCodes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISP+ - replicated route, % - next hop overrideGateway of last resort is not set50.0.0.0/8 is variably subnetted, 3 subnets, 3 masksB 50.0.0.0/30 [200/0] via 20.255.10.10, 00:09:31B 50.0.100.0/24 [200/0] via 20.255.10.10, 00:09:31B 50.255.255.1/32 [200/0] via 20.255.10.10, 00:09:3160.0.0.0/8 is variably subnetted, 6 subnets, 3 masksB 60.0.0.0/30 [200/0] via 7.7.7.7, 00:00:04B 60.0.100.0/24 [200/0] via 7.7.7.7, 00:00:04B 60.0.101.0/24 [200/0] via 7.7.7.7, 00:00:04B 60.0.102.0/24 [200/0] via 7.7.7.7, 00:00:04B 60.0.103.0/24 [200/0] via 7.7.7.7, 00:00:04B 60.255.255.1/32 [200/0] via 7.7.7.7, 00:00:0470.0.0.0/8 is variably subnetted, 7 subnets, 3 masksC 70.0.0.0/30 is directly connected, FastEthernet2/0L 70.0.0.1/32 is directly connected, FastEthernet2/0B 70.0.100.0/24 [20/0] via 70.0.0.2, 00:20:22B 70.0.101.0/24 [20/0] via 70.0.0.2, 00:20:22B 70.0.102.0/24 [20/0] via 70.0.0.2, 00:20:22B 70.0.103.0/24 [20/0] via 70.0.0.2, 00:20:22B 70.255.255.1/32 [20/0] via 70.0.0.2, 00:20:22PE_ashdod_otherisp.n(config-vrf)#
now I would like to show you what will happen from RIB/FIB and BGP when I am activating the maximum prefix’s in aggressive mode:
Prior to modifying the maximum value, on the CE you can see that I am getting BGP updates:CE_ashdod_DC_SERVICES# show ip bgpBGP table version is 160, local router ID is 70.255.255.1Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,r RIB-failure, S StaleOrigin codes: i - IGP, e - EGP, ? - incompleteNetwork Next Hop Metric LocPrf Weight Path*> 50.0.0.0/30 70.0.0.1 0 9002 33462 ?*> 50.0.100.0/24 70.0.0.1 0 9002 33462 ?*> 50.255.255.1/32 70.0.0.1 0 9002 33462 ?*> 60.0.0.0/30 70.0.0.1 0 9002 9001 33462 ?*> 60.0.100.0/24 70.0.0.1 0 9002 9001 33462 ?*> 60.0.101.0/24 70.0.0.1 0 9002 9001 33462 ?*> 60.0.102.0/24 70.0.0.1 0 9002 9001 33462 ?*> 60.0.103.0/24 70.0.0.1 0 9002 9001 33462 ?*> 60.255.255.1/32 70.0.0.1 0 9002 9001 33462 ?Now maximum routes is set to 10 and Threshold before sending warning to 100% noticeimmediately RIB and FIB will be updated accordingly however BGP is not effected meaning thatthis is locally significant and will not cause a lot of noise due to a local problem / over utilizing allowedresources.PE_ashdod_otherisp.n(config-vrf)# maximum routes 10 100% The current number of routes in the routing table is equal to, or exceeds the configured warning limit% The routing table is being reloaded to enforce (or allow) the new route limit.PE_ashdod_otherisp.n(config-vrf)#*Nov 26 20:57:08.359: %IPRT-3-ROUTELIMITWARNING: IP routing table limit warning - DC_EXTRANET*Nov 26 20:57:08.363: %IPRT-3-ROUTELIMITEXCEEDED: IP routing table limit exceeded - DC_EXTRANETPE_ashdod_otherisp.n(config-vrf)#PE_ashdod_otherisp.n(config-vrf)#PE_ashdod_otherisp.n(config-vrf)#do sh ip rou vrf DC_EXTRANETRouting Table: DC_EXTRANETCodes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISP+ - replicated route, % - next hop overrideGateway of last resort is not set50.0.0.0/8 is variably subnetted, 3 subnets, 3 masksB 50.0.0.0/30 [200/0] via 20.255.10.10, 00:00:15B 50.0.100.0/24 [200/0] via 20.255.10.10, 00:00:15B 50.255.255.1/32 [200/0] via 20.255.10.10, 00:00:1560.0.0.0/8 is variably subnetted, 5 subnets, 2 masksB 60.0.0.0/30 [200/0] via 7.7.7.7, 00:00:15B 60.0.100.0/24 [200/0] via 7.7.7.7, 00:00:15B 60.0.101.0/24 [200/0] via 7.7.7.7, 00:00:15B 60.0.102.0/24 [200/0] via 7.7.7.7, 00:00:15B 60.0.103.0/24 [200/0] via 7.7.7.7, 00:00:1570.0.0.0/8 is variably subnetted, 2 subnets, 2 masksC 70.0.0.0/30 is directly connected, FastEthernet2/0L 70.0.0.1/32 is directly connected, FastEthernet2/0PE_ashdod_otherisp.n(config-vrf)#CE_ashdod_DC_SERVICES# show ip bgpBGP table version is 184, local router ID is 70.255.255.1Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,r RIB-failure, S StaleOrigin codes: i - IGP, e - EGP, ? - incompleteNetwork Next Hop Metric LocPrf Weight Path*> 50.0.0.0/30 70.0.0.1 0 9002 33462 ?*> 50.0.100.0/24 70.0.0.1 0 9002 33462 ?*> 50.255.255.1/32 70.0.0.1 0 9002 33462 ?*> 60.0.0.0/30 70.0.0.1 0 9002 9001 33462 ?*> 60.0.100.0/24 70.0.0.1 0 9002 9001 33462 ?*> 60.0.101.0/24 70.0.0.1 0 9002 9001 33462 ?*> 60.0.102.0/24 70.0.0.1 0 9002 9001 33462 ?*> 60.0.103.0/24 70.0.0.1 0 9002 9001 33462 ?*> 60.255.255.1/32 70.0.0.1 0 9002 9001 33462 ?
Additional scenario:
maximum prefix’s are at 14
Routing Table: DC_EXTRANETCodes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISP+ - replicated route, % - next hop overrideGateway of last resort is not set50.0.0.0/8 is variably subnetted, 3 subnets, 3 masksB 50.0.0.0/30 [200/0] via 20.255.10.10, 00:01:23B 50.0.100.0/24 [200/0] via 20.255.10.10, 00:01:23B 50.255.255.1/32 [200/0] via 20.255.10.10, 00:01:2360.0.0.0/8 is variably subnetted, 6 subnets, 3 masksB 60.0.0.0/30 [200/0] via 7.7.7.7, 00:00:20B 60.0.100.0/24 [200/0] via 7.7.7.7, 00:00:20B 60.0.101.0/24 [200/0] via 7.7.7.7, 00:00:20B 60.0.102.0/24 [200/0] via 7.7.7.7, 00:00:20B 60.0.103.0/24 [200/0] via 7.7.7.7, 00:00:20B 60.255.255.1/32 [200/0] via 7.7.7.7, 00:00:2070.0.0.0/8 is variably subnetted, 5 subnets, 3 masksC 70.0.0.0/30 is directly connected, FastEthernet2/0L 70.0.0.1/32 is directly connected, FastEthernet2/0B 70.0.100.0/24 [20/0] via 70.0.0.2, 00:01:23B 70.0.101.0/24 [20/0] via 70.0.0.2, 00:01:23B 70.0.102.0/24 [20/0] via 70.0.0.2, 00:01:23
I send withdraw for 70.0.101.0/24 from the CE router, now I have one more spot (14 –1) available, however the router does not re-evaluate the table and insert the next available, think of what if it did! (the CE could have abuse the router causing him to always re-evaluate what need to be inserted/removed to/from RIB/FIB!!), re-evaluation happen when you modify maximum routes value or when you re-send (withdraw and update) the un-used routes :
PE_ashdod_otherisp.n(config)#do sh ip rou vrf DC_EXTRANETRouting Table: DC_EXTRANETCodes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2ia - IS-IS inter area, * - candidate default, U - per-user static routeo - ODR, P - periodic downloaded static route, H - NHRP, l - LISP+ - replicated route, % - next hop overrideGateway of last resort is not set50.0.0.0/8 is variably subnetted, 3 subnets, 3 masksB 50.0.0.0/30 [200/0] via 20.255.10.10, 00:01:30B 50.0.100.0/24 [200/0] via 20.255.10.10, 00:01:30B 50.255.255.1/32 [200/0] via 20.255.10.10, 00:01:3060.0.0.0/8 is variably subnetted, 6 subnets, 3 masksB 60.0.0.0/30 [200/0] via 7.7.7.7, 00:00:27B 60.0.100.0/24 [200/0] via 7.7.7.7, 00:00:27B 60.0.101.0/24 [200/0] via 7.7.7.7, 00:00:27B 60.0.102.0/24 [200/0] via 7.7.7.7, 00:00:27B 60.0.103.0/24 [200/0] via 7.7.7.7, 00:00:27B 60.255.255.1/32 [200/0] via 7.7.7.7, 00:00:2770.0.0.0/8 is variably subnetted, 4 subnets, 3 masksC 70.0.0.0/30 is directly connected, FastEthernet2/0L 70.0.0.1/32 is directly connected, FastEthernet2/0B 70.0.100.0/24 [20/0] via 70.0.0.2, 00:01:30B 70.0.102.0/24 [20/0] via 70.0.0.2, 00:01:30PE_ashdod_otherisp.n(config)#
However if you do not care about abuse from CE side you can use the below command, that will re-evaluate once crossing certain threshold, but I think that if you do not care about the abuse (do not limit the amount of prefix’s):
PE_ashdod_otherisp.n(config-vrf)# maximum routes 14 100 reinstall ?<1-100> Threshold value (%) at which to reinstall routes back to VRF
Tuesday, November 19, 2013
CCDE Written
Just recently I had to re-certify my CCIE, so I have decided to go for the CCDE written this time. I have cleared that Exam so I would like to share some of the material I have used, the written encompass high level design focusing on VPN’s from all sort and types (MPLS , DMVPN , GETVPN , IPSEC , L2 , VPLS, MLD) and adding with that Security QoS and Management even storage. so you do not need to know how to configure everything (or anything for that meter) you must need to know where and what technology to use in different given situations.
To study for that exam I had done some reading (not cover to cover)
BGP Design and Implementation
MPLS and VPN Architectures (CCIP Edition)
In Addition I have used the excellent resource called ciscolive365 video lectures:
BRKMPL-2102 Deploy MPLS Based IP VPN
BRKRST-3310 Troubleshoot OSPF
BRKRST-2042 HA WAN Design
BRKRST-2310 OSPF Large Scale
BRKSEC-4054 DMVPN
BRKIPM-2444 EIGRP
Written check list:
ISIS Database Reading
ISIS is simple to operate normally while everything is working, most common deployments are flat network based on L2, however when there is a problem and we need to start troubleshooting then people start to get lost.
So I would like to provide some tools on how to read ISIS database.
- notice to the “*” sign, that mean LSP was generated on the router you did the show command, you can see that host name from the show command match also host name on the LSPID,
- LSPID identified by hostname.xx-yy, xx is normally 00 unless that LSP is pseudo node LSP generated by DIS , yy is representing the number of fragments for that LSP 00 – FF (max 255 fragments, plenty), most cases all the important information will be in 00 unless there are many fragments.
- LSP Holdtime is the amount of time an LSP will stay in database without any refresh.
- ATT/P/OL - 0/0/0, ATT bit or attached bit is used on L1/L2 connected to L1 node, if set to 1 L1 node will generate default route to the best L1/L2 node (best metric)
- ATT/P/OL - 0/0/0, OL bit or overload bit, in the past it was used when router was over loaded to set all links on the router as unusable, preventing others from transiting, that node, today it is used mostly to wait for bgp convergence.
P_london_someisp.net#show isis databaseIS-IS Level-2 Link State Database:LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OLP_london_somei.00-00* 0x00000005 0x65C5 1177 0/0/0P_dublin_somei.00-00 0x00000004 0x8346 1176 0/0/0P_cyprus_somei.00-00 0x00000005 0x5634 1183 0/0/0P_LA_someisp.n.00-00 0x00000005 0xDE33 1175 0/0/0PE_newyork_som.00-00 0x00000003 0x2EF0 1179 0/0/0PE_telaviv_som.00-00 0x00000004 0x2877 1181 0/0/0PE_Jerusalem_s.00-00 0x00000002 0x2994 1172 0/0/0PE_Jerusalem_s.02-00 0x00000001 0x2ED2 1171 0/0/0
From the database each router build a topology using SPF (dijkstra algorithm), if I would like to understand how to get from one router to another I can look into the ISIS database detail and understand that:
For the example, I would like to see only with the database, how to get from my selfto PE_telaviv without looking into the topology or routing table (just for fun):Notice that according to my LSP I can see the neighbors I am connected to, and the net addressfor each link along with metric.P_london_someisp.net#$atabase level-2 det P_london_someisp.net.00-00IS-IS Level-2 LSP P_london_somei.00-00LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OLP_london_somei.00-00* 0x00000006 0x63C6 409 0/0/0Area Address: 49.0001NLPID: 0xCCHostname: P_london_someisp.netIP Address: 1.1.1.1Metric: 10 IS-Extended P_dublin_somei.00Metric: 10 IS-Extended P_cyprus_somei.00Metric: 10 IS-Extended P_LA_someisp.n.00Metric: 10 IS-Extended PE_newyork_som.00Metric: 10 IP 1.1.1.1/32Metric: 10 IP 10.100.1.4/30Metric: 10 IP 10.100.1.16/30Metric: 10 IP 10.100.1.20/30Metric: 10 IP 10.100.1.24/30P_london_someisp.net#
now if I take the first neighbor from my LSP P_dublin and look into his LSP:notice that one of his neighbors is PE_telaviv.So 10 to reach dublin + 10 to reach telaviv = 20 total cost from london to telavivI have taken the next neighbor cyprus and it looks like we have also 20 metric path usingcyprus, so we will have load sharing between them.notice that P_LA and PE_newyork does not have direct link to PE_telaviv, that mean we do notneed to explorer more in that direction as any route using them will have higher cost.
P_london_someisp.net#$atabase level-2 det P_dublin_someisp.net.00-00IS-IS Level-2 LSP P_dublin_somei.00-00LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OLP_dublin_somei.00-00 0x00000006 0x7F48 1077 0/0/0Area Address: 49.0001NLPID: 0xCCHostname: P_dublin_someisp.netIP Address: 2.2.2.2Metric: 10 IS-Extended P_london_somei.00Metric: 10 IS-Extended P_cyprus_somei.00Metric: 10 IS-Extended P_LA_someisp.n.00Metric: 10 IS-Extended PE_telaviv_som.00Metric: 10 IP 2.2.2.2/32Metric: 10 IP 10.100.1.0/30Metric: 10 IP 10.100.1.12/30Metric: 10 IP 10.100.1.16/30Metric: 10 IP 10.100.1.36/30P_london_someisp.net#$atabase level-2 det P_cyprus_someisp.net.00-00IS-IS Level-2 LSP P_cyprus_somei.00-00LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OLP_cyprus_somei.00-00 0x00000007 0x5236 854 0/0/0Area Address: 49.0001NLPID: 0xCCHostname: P_cyprus_someisp.netIP Address: 3.3.3.3Metric: 10 IS-Extended P_london_somei.00Metric: 10 IS-Extended P_dublin_somei.00Metric: 10 IS-Extended P_LA_someisp.n.00Metric: 10 IS-Extended PE_telaviv_som.00Metric: 10 IS-Extended PE_Jerusalem_s.02Metric: 10 IP 3.3.3.3/32Metric: 10 IP 10.100.1.0/30Metric: 10 IP 10.100.1.4/30Metric: 10 IP 10.100.1.8/30Metric: 10 IP 10.100.1.32/30Metric: 10 IP 20.0.0.0/24P_london_someisp.net#$atabase level-2 det P_LA_someisp.net.00-00IS-IS Level-2 LSP P_LA_someisp.n.00-00LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OLP_LA_someisp.n.00-00 0x00000007 0xDA35 690 0/0/0Area Address: 49.0001NLPID: 0xCCHostname: P_LA_someisp.netIP Address: 4.4.4.4Metric: 10 IS-Extended P_london_somei.00Metric: 10 IS-Extended P_dublin_somei.00Metric: 10 IS-Extended P_cyprus_somei.00Metric: 10 IS-Extended PE_newyork_som.00Metric: 10 IP 4.4.4.4/32Metric: 10 IP 10.100.1.8/30Metric: 10 IP 10.100.1.12/30Metric: 10 IP 10.100.1.20/30Metric: 10 IP 10.100.1.28/30P_london_someisp.net#show isis database level-2 det PE_newyork_someisp.net.00$IS-IS Level-2 LSP PE_newyork_som.00-00LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OLPE_newyork_som.00-00 0x00000005 0x2AF2 499 0/0/0Area Address: 49.0001NLPID: 0xCCHostname: PE_newyork_someisp.netIP Address: 5.5.5.5Metric: 10 IS P_london_somei.00Metric: 10 IS P_LA_someisp.n.00Metric: 10 IS-Extended P_london_somei.00Metric: 10 IS-Extended P_LA_someisp.n.00Metric: 10 IP 5.5.5.5/32Metric: 10 IP 10.100.1.24/30Metric: 10 IP 10.100.1.28/30Metric: 10 IP 5.5.5.5 255.255.255.255Metric: 10 IP 10.100.1.24 255.255.255.252Metric: 10 IP 10.100.1.28 255.255.255.252
To see the topology now and see if we are on the right track, notice that we are correct 20 metricone with dublin and the other trough cyprus with 20 metric doing load sharing.
P_london_someisp.net#show isis topologyIS-IS paths to level-2 routersSystem Id Metric Next-Hop Interface SNPAP_london_someisp.net --P_dublin_someisp.net 10 P_dublin_someisp.net Se1/2 *HDLC*P_cyprus_someisp.net 10 P_cyprus_someisp.net Se1/1 *HDLC*P_LA_someisp.net 10 P_LA_someisp.net Se1/0 *HDLC*PE_newyork_someisp.ne10 PE_newyork_someisp.neMu1 *PPP*PE_telaviv_someisp.ne20 P_dublin_someisp.net Se1/2 *HDLC*P_cyprus_someisp.net Se1/1 *HDLC*PE_Jerusalem_someisp.20 P_cyprus_someisp.net Se1/1 *HDLC*
Friday, January 18, 2013
Pass JNCIP-ENT
Today I completed the JNCIP-ENT test requirement, as I am working today mostly in the SP area some of the L2 subjects where a memory refreshers such as STP, QinQ (surprisingly high amount of questions in that area), easy (at least if you are in CCIE level) questions where in the Routing zone (OSPF and BGP). overall nice test I would think they should add some MPLS and reduce the L2 questions. I think that I will not pursue the JNCIE-ENT and prefer to go next with the SP track as more relevant to me.
Subscribe to:
Posts (Atom)