Inter VS Intra

The Link State protocol compute the best base on Link Stat Data Base (LSDB).
For OSPF, the Intra > Inter > External,
For ISIS,
1. Level 1 intra-area routes with an internal metric
2. Level 1 external routes with an internal metric
3. Level 2 intra-area routes with an internal metric
4. Level 2 external routes with an internal metric
5. Inter-area routes (Level 1 to Level 2) with an internal metric
6. Inter-area external routes (Level 1 to Level 2) with an internal metric
7. Inter-area routes (Level 2 to Level 1) with an internal metric
8. Inter-area external routes (Level 2 to Level 1) with an internal metric
9. Level 1 external routes with an external metric
10. Level 2 external routes with an external metric
11. Inter-area external routes (Level 1 to Level 2) with an external metric
12. Inter-area external routes (Level 2 to Level 1) with an external metric

If the same prefix in LSDB locate in different Level or Area, the Intra-area always the best even you cahnge the Inter-area AD.

Here is a smiple question for you :

R2,R3 link = Level-2
R2,R1 link = Level-1
R1,R3 link = Level-1
R2 Lo0 = Level-2
R3 Lo0 = Level-2
R1 Lo0 = Level-1

1, R1,R2,R3 in the same area.
2, R1 can't using 0/0 to reach either R2/R3.
3, All router Lo0 must reach each other in best way, you can't have suboptimal routing in your network.

Can you do it ?

Multihop EBGP

The common eBGP is over single link. Sometimes may be multi links using on eBGP peering. R2 update NetA and NetB via eBGP peer to R1. If you always want to put NetA into link 1 and NetB into link2 plus redundancy @R1. If any one link down must not impact the traffic.

The redundancy is the big topic in multihop eBGP. What I mean is if F0/0.12 @R1 is down, the traffic will move to F0/0.112 to R2. This is not so hard in Junos. The Junos software can create one more routing table for certain type traffic by using FBF. But in IOS, it's not easy. So I found aonther way to accomplish this.

I will post the answer later. If you have any idea, Let me know.

CLNS

What is CLNS ? The answer is "Connectionless Network Service" It's different from IP. This is one of the issue for Juniper router. Because Juniper router doesn't support CLNS routing in M/T and static route support in J series. And In cisco IOS router you can run DUAL ISIS at the saem time.

Take a look. From JNCIP book :

"Juniper Networks M-series routers support the IS-IS protocol strictly for use in building IP routing tables. There is no support for the routing of OSI Connectionless Network Service (CLNS) network layer packets."

http://www.juniper.net/techpubs/software/jseries/junos93/jseries-config-guide-advanced/configuring-is-is-for-clns.html

This help you Configuring IS-IS for CLNS.

Morakot hit Taiwan a lot

This is a news I don't want post it on my blog, but this one hit Taiwan a lot. I will record this typhoon for the hero who help the victim.

Aug,08,2009 No one know this typhoon will raining 3 meter high water in 2 days! The worst flooding in decades.

Hope they will be fine.

Cisco official Podcast Series

We are here in 2009 and moving into 2010 next year. There are a lot ways we can learning new stuff. Now cisco new Technology Podcasts let you can learn new stuff from website and you also can download it to you Apple series Ipod, Iphone. Take a look.


http://www.cisco.com/en/US/products/products_technology_podcast_listing.html

Dual OSPF process in IOS

I try yo move some different VPN into different path for reduce link utilization reach 95% and packet lost. In my topology, I add lower links between POPs. For the IGP cost which will not have traffic on it. Another one is the next-hop is the same from the same PE. The IOS open a option for you, "bgp next-hop loopback" under vrf config mode. After I change the next-hop, I move to IGP question. In my idea I wanna try to add another IGP domain against the originate. The new lower link will in the new IGP domain and redistributing into the originate IGP. Both are using OSPF. This call "OSPF Redistribution Among Different OSPF Processes" Ref links:

OSPF Redistribution Among Different OSPF Processes
http://www.cisco.com/en/US/tech/tk365/technologies_white_paper09186a0080531fd2.shtml

Suboptimal Routing When Redistributing Between OSPF Processes
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a00801069aa.shtml

For simple topology :

R1----Fe----R2

﹨___Seri___／

R1 access R2 via 2 type interface "FastEthernet and Serial" Both R1, R2 create 2 Loopback interface. Each interface inside one OSPF domain. And two Redistribution Points(both R1,R2)

The key point is here:

OSPF does not do any OSPF route selection between processes

(for instance, OSPF metrics and route types are not taken into account,

when deciding the route of which process should be installed into the routing table).

The OSPF route selection rule is that intra-area routes are preferred over inter-area routes,

which are preferred over external routes. However,

this rule should apply to routes learned via the same process. In other words,

there is no preference between external routes from one process compared to internal routes of other process.

The preference rule between a given OSPF process and any other process

After redistribution, R1 will see the Loopback interface from R2 via the ower OSPF PID. The way to fix it is "distance" under router config mode. When dual or multiple OSPF running in the same box it's like different protocol (OSPF vs EIGRP). You have to change the external AD in each IGP domain if redistribution between each other. Or the Suboptimal Routing will in your network.

resolve-vpn in Junos

In the MPLS VPN network, There are different between IOS and Junos. There we are talk about the label in each OS.

In IOS, the label can be allocate from LDP/TDP(IGP), or the BGP (ipv4 or vpnv4). This is very important for Inter-AS or CSC which will swap label at border ASBR. if the label can't match the data plane is lost end to end connection.

In the Junos, It's a little complex where in inet.0 or inet.3. First we remind what's the inet.0 and inet.3. For the inet.0, in the JNCIA ebook it's is the table used to store IPv4 unicast routes(OSPF, RIP. ISIS) For the inet.3 table it contains the egress IP address of a MPLS label switched path (LSP).

In the IOS BGP table, if the next-hop is un-reachable it will not forward to the peer, as the same as ipv4 and vpnv4. How about in the vpnv4, if the next-hop not reach via mpls label ?? Well, the answer is BGP routing is work for you but the data plane isn't work. Because the packet will drop at PE router while there is no label to reach remote PE.

For the Junos, It's more technical then IOS. The rule is "If the next-hop in bgp.l3vpn.0 can reach via inet.3. It will not forward to peer" It's simple if I can't reach the peer via a MPLS label I'll not update the BGP route to perr. No black hole in the path.

So, The resolve-vpn command help you to install BGP route update with the label into the inet.3 table. In the Inter-AS and CSC the bgp update will have a label inside the update. And Junos will put BGP label into inet.3 and the BGP update can send to peer.

That's the resolve-vpnwork for you.

Cisco 224.0.0.x flood

In general, We know 2 routers in the same segment with OSPF or EIGRP, they will bcome neighbor. But how about the Layer 2 device, How does it know which port is join the EIGRP multicast group 224.0.0.10??

There is a doc in cisco.com about how switch process the reserved, destination, multicast IP addresses. It's Source-Only Networks.

Source-Only Networks

In a source-only network, switch ports are connected to multicast source ports and multicast router ports. The switch ports are not connected to hosts that send IGMP join or leave messages.

The switch learns about IP multicast groups that alias with reserved, destination, multicast IP addresses (224.0.0.x) from the IP multicast data stream by using the source-only learning method. The switch forwards traffic that aliases with these multicast addresses only to the multicast router ports.

The default learning method for traffic that aliases with reserved, destination, multicast IP addresses is IP multicast-source-only learning.Traffic that does not alias with these multicast addresses is forwarded to both the multicast source ports and multicast router ports. You cannot disable IP multicast-source-only learning for the traffic with reserved, destination, multicast IP addresses.

By default, the switch ages out forwarding-table entries that were learned by the source-only learning method and that are not in use. If the aging time is too long or is disabled, the forwarding table is filled with unused entries that the switch learned by using source-only learning or by using the IGMP join messages. When the switch receives traffic for new IP multicast groups, it floods the packet to all ports in the same VLAN. This unnecessary flooding can impact switch performance.

If aging is disabled and you want to delete multicast addresses that the switch learned by using source-only learning, re-enable aging of the forwarding-table entries. The switch can now age out the multicast addresses that were learned by the source-only learning method and are not in use.

JNCIP part 6

The tricky JNCIP ibgp requirement :

• You must configure at least three clusters and at least two route reflectors.

• You must use physical address peering in at least one of your clusters.

• The failure of any link must not break the route reflection topology.

• The route reflection topology must not impose suboptimal routing or black holes.

• Authentication and logging settings from the previous section must remain in effect.

The ebook indicate the r3, r4 will in different cluster because :

But placing both r3 and r4 in the same cluster would be a mistake in this case,

because doing so will cause r3 and r4 to ignore updates that carry their common cluster ID.

This will result in missing routes on one of the reflectors should a peering interface fail on

one of the two route reflectors that serve clients r1 or r2,

which would violate the redundancy aspects of your design requirements.


I'll show you why.

If both R3 and R4 in the same cluster 1.1.1.1 and R2 to R4 interface is down.
R4 BGP peering to r2 and r1 is gone, and both r1,r2 send BGP update to r3, then r3 will update to r4. When R4 received BGP update from R3, R4 will not accept "because r3,r4 in the same cluster"


A Destination P Prf Metric 1 Metric 2 Next hop AS path
* 192.168.50.0/24 B 170 100 >10.0.2.9 I

iso.0: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

R4 will get missing route. This result will make you score 0 point.

Half point cause rain

The 2 round of the 2009 F1 GP was stop at after 32 laps, The heavy rainning made the race stop. Brawn GP's Jenson Button won the race in first and second round. A special score report by dirver is half from regular. (10-8-7-6-5-4-3-2-1) to (5-4-3.5-3-2.5-2-0.5). In the driver standing, Button leading Barrichello 5 points.

JNCIP part 5

JNCIP part 5

The JNCIP iBGP case study, we will look at each requirement:

• Redistribute the static routes shown earlier in Figure 5.7 into IBGP, and using communities, ensure that all routers prefer r2's 192.168.100/24 IBGP route. You must not alter the default local preference of this route

Both R1,R2 will adv 192.168.100/24 to bgp peer, and R2 as primary with change Local-P. First at all, how many BGP attribute we can used ?

1, No weight here, it's Junos not IOS. forget it.
2, No Local-P, The requirement said can't change Local-P.
3, as-path, The iBGP update will not change as-path.
4, Origin code, The JNCIP ebook didn't using this way, but I DO.

policy-statement ibgp-exp {
term 1 {
from protocol static;
then {
metric 111;
origin incomplete;
accept;
}
}
}

Both R3,R4 will not select R1 as best route for 192.168.100/24
R3
192.168.100.0/24 *[BGP/170] 00:00:10, localpref 100
AS path: I
> to 10.0.4.2 via fe-0/1/0.23
[BGP/170] 00:00:10, localpref 100, from 10.0.3.4
AS path: I
> to 10.0.4.2 via fe-0/1/0.23
[BGP/170] 02:59:50, MED 111, localpref 100
AS path: ?
> to 10.0.4.14 via fe-0/1/2.13

so, It work for me!

2009 Formula 1 SingTel Singapore Grand Prix Ticket

The 2009 Formula 1 SingTel Singapore Grand Prix ticket will on sale. the 3-Day Walkabout Pass cost 168 SGD only. and the early bird might save 2000 SGD most. don;t miss it this time, If you miss last year, This is your best time to hold the 2009 Singapore Grand Prix Ticket now.

http://www.singaporegp.sg/ticket/general_ticket.php

PS,
There is a little different about the Walkabout Pass from last year. They limit the zone area from the tciket. and I can say the left area (zone3+4) is accessable with the Walkabout Pass, not include zone 2, zone 1. You might watch out.

F1 2009 round 1

New F1 season in 2009, New rules for the game. Team Brawn GP F1 win the First and 2nd place in the final result. The Overtaking Working Group "OWG" and the KERS systems comes more challenge for the driver.

Junos Inactive reason: Unusable path

There is a Unusable path in Junos routing table.
State:
Inactive reason: Unusable path

The main reason is the reject statement, so any route without action will reject mark as "Hidden"

JNCIP eBook update @ page 553

A typo in JNCIP ebook page 553.

The old request :
"Do not accept any default routes or RFC 1918 routes from EBGP peers"

The update request :
"Do not accept any default routes or RFC 1918 routes from *Customer* EBGP peers"

Which route into forwarding table ?

There is a example let you know how IOS router select which route into forwarding table. The topology is here "R1----eBGP----R2----ospf----R3

Both R1,R3 adv the route 192.168.1.0/24 to R2.

Q1, R2 will select R1 as next-hop, the reasion is AD value of eBGP is 20, OSPF is 110. eBGP win.

Q2, If R2 redsibute ospf into BGP then what ?

This make a little bit confuse here. R1 or R3 is the next-hop ?

Answer is R3 why ?

Once again, compare AD from eBGP and OSPf ?? NO, Then OSPF into BGP this makes 2 the same routes in the BGP table, from eBGP peer and from IGP with incomplete code (?). also the local generate route in the BGP table wil have higher weight the eBGP, so the best route in BGP table is the (?) route which is learn from OSPF. so R2 will using R3 as next-hop to 192.168.1.0/24.

Inver-ARP at WAN interface

There is another different between IOS and Junos, the Inverse-ARP behavier, In the JNCIP book said, The Juniper Network router cannot generate IN-ARP request, but IOS will. So the dynamic mapping is only at IOS.

2009 WBC

The final 4 teams, Jp, Ko, USA, Ven which team is the winner ?

Password Recovery (Catalyst switch)

If you cann't upload IOS via Ethernet interface what you can do ?? Transfer file by AUX or Console ?? In the case I upload the IOS via console. but the default speed of the console is 9600, it's very slow speed for me and against time. One useful command save my time :


switch: set BAUD 115200

switch: copy xmodem: flash:c2955-i6q4l2-mz.121-13.EA1.bin

It takes 8MB around 34 mins in 115200 rate.
http://www.cisco.com/en/US/products/hw/switches/ps628/products_tech_note09186a0080169696.shtml

Tkae a look.

Password Recovery in Junos

Juniper M, T, J, EX those type of the router are in FreeBSD style. If you see the router restart from the console, you will see the same message as FreeBSD. And the account managment is the same as FreeBSD.

How to Recovery in Junos ?

When prompted to enter Loader mode hit the bar and you will be sitting at the "loader>" prompt. Enter the following command:
loader> boot -s

1, fsck -y
2, mount -a
3, rm /config/juniper*
4, exit

200 EUD

http://www.cisco.com/web/europe/cisco-networkers/2009/cisco/index.html

for the 2009 Cisco Networker, cisco offer 200 EUD to access it until January 2010.

default route in BGP

I want to send a default route to the BGP neighbor, what would you do in IOS and Junos ?

In IOS
router bgp 10

neighbor 1.2.3.4 default-originate

In Junos
no,
By default Junos will announceBGP only, anything else will using policy-statement to accomplish. so, you need to create a static route in routing-option. and export the 0/0 route to the neighbor.

That's another different between IOS, Junos

P2MP

I got a question from a europe friend, the question is about multicast in junos "P2MP". The main topology is 4 PE adn running L3 vpn in it. and customer running multicast, so the SP needs to carrier the 2xx.x.x.x data to the remote PE, and forward to the CE. the question is, "whean 2 PE are announcing the same's source groups, if i stop one PE, all rsvp tunnel still up when i stop one source. if disconnect one mulitcast source in Lan client...all tunnels fail's"

It's diferent in IOS & Junos for MDT. The first version of the MDT is PE LSR will encap one ipv4 header with multicast address. the multicast address in ipv4 header is MDT group for the VRF. It's unlike the ipv4 unicast label switch. Years later, Juniper launch the P2MP, RSVP-TE function in Junos. And Cisco also announce the mLDP.

interface broadcasts counter on Cisco Serail

One of my friend ask me, what is the interface broadcasts mean on the output from show interface wilt encap fr ??

First at all, I only know it's a broadcastscounter for WAN interface. and Why will it increase ?

R8(config-if)#do sh int s1/0
Serial1/0 is up, line protocol is up
Hardware is M4T
Internet address is 1.1.88.8/24
MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation FRAME-RELAY, crc 16, loopback not set
Keepalive set (10 sec)
Restart-Delay is 0 secs
LMI enq sent 45, LMI stat recvd 46, LMI upd recvd 0, DTE LMI up
LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0
LMI DLCI 1023 LMI type is CISCO frame relay DTE
Broadcast queue 0/64, broadcasts sent/dropped 0/0, interface broadcasts 0
Last input 00:00:02, output 00:00:02, output hang never
Last clearing of "show interface" counters 2w2d
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
46 packets input, 742 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

R8(config-if)#

1, I clear all counter on the interface

R8(config-if)#do clear count s1/0

2, then I repeat ping 1000 times with des ip = 1.1.88.255 (boardcast ip address)

R8(config-if)#do pi 1.1.88.255 re 1000 t 0

Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 1.1.88.255, timeout is 0 seconds:
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
....................
R8(config-if)#do sh int s1/0
Serial1/0 is up, line protocol is up
Hardware is M4T
Internet address is 1.1.88.8/24
MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation FRAME-RELAY, crc 16, loopback not set
Keepalive set (10 sec)
Restart-Delay is 0 secs
LMI enq sent 2, LMI stat recvd 2, LMI upd recvd 0, DTE LMI up
LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0
LMI DLCI 1023 LMI type is CISCO frame relay DTE
Broadcast queue 0/64, broadcasts sent/dropped 0/0, interface broadcasts 1000
Last input 00:00:03, output 00:00:03, output hang never
Last clearing of "show interface" counters 00:00:18
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
2 packets input, 26 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

R8(config-if)#

that's why the interface broadcast is.

Carrier MPLS ASN in BGP as-path

If you have PE-CE routing as OSPF, you might take a look the as-path in your BGP table.

The topology is

ce1----ospf----pe1-----mp-bgp------pe2----ospf---ce2----eBGP----R3

Any type 5 LSA in ce1 learn from pe1 will be still as external in ce2, No doubt about it. When pe2 redistrbute type 5 LAS from MP-BGP routing table, pe2 will do something extra. The pe2 router add tag in the type 5 LSA, by default the tag is equal to MPLS VPN BGP ASN(RFC 1745) . The cisco.com doc indicate,
"The default value is calculated based on the BGP autonomous system number of the MPLS VPN backbone.
The four highest bits are set to 1101 according to RFC 1745.
The lowest 16 bits map the BGP autonomous system number of the MPLS VPN backbone. "

So, if you see the tag in type 5 LSA, if will apend into BGP as-path. This is because the route was

originated by some other means or IGP. The BGP process in ce2 router will watch the Tag value,
if it's start with 1101 in binary format, it will be copy to the BGP as-path.
If it's not start from 1101 it will not copy into BGP as-path. The format of the Tag is sub-fields as:

First bit as has been generated automatically by an ASBR or not.
Second 2 bits,

the combination are "1000" "1001" "1010" "1011" , The RFC 1745 indicate

OSPF routes with this tag setting SHOULD be exported with the BGP/IDRP attributes,
 ORIGIN=, PATH=.

So next time if your MPLS backbone ASN is in the as-path, Watch this out.

Island shangri-la 50F

This view is from shangri-la 50F. It's great view.

JNCIP part 1

After SP lab, I will move to JNCIP, the different from SP to JNCIP is the multicast. There is no Multicast in JNCIP, and a little bit QoS in it.

The best book for JNCIP exam of course, The sybex JNCIP study guide.

6 chapters in it. We start from Ch1, the inital config. Since I doesn't know the test netwrok for the exam, But one thing is correct, the Console server. Juniper doesn't have any product function like cisco 2509,2511. So, the ternimal server is connect to the router console port. Make sure you can clear the line and how to exit from the line.

Then OoB is different from cisco also. The cisco 25,26,3600 series routers isn't support OoB interface. And fxp0 acts as OoB for the juniper router. No-readvertise command will not adv this route into any routing protocol.

Accounts, If you dont' want centralise control the account, the local user accoount will control what you can do in the junos. Root just like Freebsd root user. for the first boot router, you need to change password of the root then you can move to next. There is also ops for op dail check. and monitor.

SNMP/NTP, In the modern NOC, The snmp is need as default. Some inetrface usage, link down trap will send by SNMP. Add what clinet can query this router, which cann't.

Lose

Chinese Taipei lose to China agagin 2 times within 8 months. It's not a surprise for me. There are not top player in it un like Korea, Japan. There are young but no experience. I't s abad news for us. I don't think there will no more good sport news in our county.

Pass CCIE SP

After 3 years since RS lab , I did it again. I passed the Cisco CCIE SP lab exam. It's tough, and a lot troubleshooting during the exam. The proctor wants to test your skill. He turns off the ip cef, and I saw debug ip packet with encap failed at Fe interface. even Ping is reachable but tcp doesn't. wowo, I deserved. 180 days preparation, day and night. The IEWB video is good to start, but doesn't covery all VPN tech in it. Now I'm moving to next JNCIP exam. If you are also on the way to JNCIP. unicast me for more discuss.

Super Bowl XLIII.

Super Bowl XLIII, PIT win the title 2 times in 4 years. What a catch.