JNCIP part 5

JNCIP part 5

The JNCIP iBGP case study, we will look at each requirement:

• Redistribute the static routes shown earlier in Figure 5.7 into IBGP, and using communities, ensure that all routers prefer r2's 192.168.100/24 IBGP route. You must not alter the default local preference of this route

Both R1,R2 will adv 192.168.100/24 to bgp peer, and R2 as primary with change Local-P. First at all, how many BGP attribute we can used ?

1, No weight here, it's Junos not IOS. forget it.
2, No Local-P, The requirement said can't change Local-P.
3, as-path, The iBGP update will not change as-path.
4, Origin code, The JNCIP ebook didn't using this way, but I DO.

policy-statement ibgp-exp {
term 1 {
from protocol static;
then {
metric 111;
origin incomplete;
accept;
}
}
}

Both R3,R4 will not select R1 as best route for 192.168.100/24
R3
192.168.100.0/24 *[BGP/170] 00:00:10, localpref 100
AS path: I
> to 10.0.4.2 via fe-0/1/0.23
[BGP/170] 00:00:10, localpref 100, from 10.0.3.4
AS path: I
> to 10.0.4.2 via fe-0/1/0.23
[BGP/170] 02:59:50, MED 111, localpref 100
AS path: ?
> to 10.0.4.14 via fe-0/1/2.13

so, It work for me!

2009 Formula 1 SingTel Singapore Grand Prix Ticket

The 2009 Formula 1 SingTel Singapore Grand Prix ticket will on sale. the 3-Day Walkabout Pass cost 168 SGD only. and the early bird might save 2000 SGD most. don;t miss it this time, If you miss last year, This is your best time to hold the 2009 Singapore Grand Prix Ticket now.

http://www.singaporegp.sg/ticket/general_ticket.php

PS,
There is a little different about the Walkabout Pass from last year. They limit the zone area from the tciket. and I can say the left area (zone3+4) is accessable with the Walkabout Pass, not include zone 2, zone 1. You might watch out.

F1 2009 round 1

New F1 season in 2009, New rules for the game. Team Brawn GP F1 win the First and 2nd place in the final result. The Overtaking Working Group "OWG" and the KERS systems comes more challenge for the driver.

Junos Inactive reason: Unusable path

There is a Unusable path in Junos routing table.
State:
Inactive reason: Unusable path

The main reason is the reject statement, so any route without action will reject mark as "Hidden"

JNCIP eBook update @ page 553

A typo in JNCIP ebook page 553.

The old request :
"Do not accept any default routes or RFC 1918 routes from EBGP peers"

The update request :
"Do not accept any default routes or RFC 1918 routes from *Customer* EBGP peers"

Which route into forwarding table ?

There is a example let you know how IOS router select which route into forwarding table. The topology is here "R1----eBGP----R2----ospf----R3

Both R1,R3 adv the route 192.168.1.0/24 to R2.

Q1, R2 will select R1 as next-hop, the reasion is AD value of eBGP is 20, OSPF is 110. eBGP win.

Q2, If R2 redsibute ospf into BGP then what ?

This make a little bit confuse here. R1 or R3 is the next-hop ?

Answer is R3 why ?

Once again, compare AD from eBGP and OSPf ?? NO, Then OSPF into BGP this makes 2 the same routes in the BGP table, from eBGP peer and from IGP with incomplete code (?). also the local generate route in the BGP table wil have higher weight the eBGP, so the best route in BGP table is the (?) route which is learn from OSPF. so R2 will using R3 as next-hop to 192.168.1.0/24.

Inver-ARP at WAN interface

There is another different between IOS and Junos, the Inverse-ARP behavier, In the JNCIP book said, The Juniper Network router cannot generate IN-ARP request, but IOS will. So the dynamic mapping is only at IOS.

2009 WBC

The final 4 teams, Jp, Ko, USA, Ven which team is the winner ?

Password Recovery (Catalyst switch)

If you cann't upload IOS via Ethernet interface what you can do ?? Transfer file by AUX or Console ?? In the case I upload the IOS via console. but the default speed of the console is 9600, it's very slow speed for me and against time. One useful command save my time :


switch: set BAUD 115200

switch: copy xmodem: flash:c2955-i6q4l2-mz.121-13.EA1.bin

It takes 8MB around 34 mins in 115200 rate.
http://www.cisco.com/en/US/products/hw/switches/ps628/products_tech_note09186a0080169696.shtml

Tkae a look.

Password Recovery in Junos

Juniper M, T, J, EX those type of the router are in FreeBSD style. If you see the router restart from the console, you will see the same message as FreeBSD. And the account managment is the same as FreeBSD.

How to Recovery in Junos ?

When prompted to enter Loader mode hit the bar and you will be sitting at the "loader>" prompt. Enter the following command:
loader> boot -s

1, fsck -y
2, mount -a
3, rm /config/juniper*
4, exit

200 EUD

http://www.cisco.com/web/europe/cisco-networkers/2009/cisco/index.html

for the 2009 Cisco Networker, cisco offer 200 EUD to access it until January 2010.

default route in BGP

I want to send a default route to the BGP neighbor, what would you do in IOS and Junos ?

In IOS
router bgp 10

neighbor 1.2.3.4 default-originate

In Junos
no,
By default Junos will announceBGP only, anything else will using policy-statement to accomplish. so, you need to create a static route in routing-option. and export the 0/0 route to the neighbor.

That's another different between IOS, Junos

P2MP

I got a question from a europe friend, the question is about multicast in junos "P2MP". The main topology is 4 PE adn running L3 vpn in it. and customer running multicast, so the SP needs to carrier the 2xx.x.x.x data to the remote PE, and forward to the CE. the question is, "whean 2 PE are announcing the same's source groups, if i stop one PE, all rsvp tunnel still up when i stop one source. if disconnect one mulitcast source in Lan client...all tunnels fail's"

It's diferent in IOS & Junos for MDT. The first version of the MDT is PE LSR will encap one ipv4 header with multicast address. the multicast address in ipv4 header is MDT group for the VRF. It's unlike the ipv4 unicast label switch. Years later, Juniper launch the P2MP, RSVP-TE function in Junos. And Cisco also announce the mLDP.

interface broadcasts counter on Cisco Serail

One of my friend ask me, what is the interface broadcasts mean on the output from show interface wilt encap fr ??

First at all, I only know it's a broadcastscounter for WAN interface. and Why will it increase ?

R8(config-if)#do sh int s1/0
Serial1/0 is up, line protocol is up
Hardware is M4T
Internet address is 1.1.88.8/24
MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation FRAME-RELAY, crc 16, loopback not set
Keepalive set (10 sec)
Restart-Delay is 0 secs
LMI enq sent 45, LMI stat recvd 46, LMI upd recvd 0, DTE LMI up
LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0
LMI DLCI 1023 LMI type is CISCO frame relay DTE
Broadcast queue 0/64, broadcasts sent/dropped 0/0, interface broadcasts 0
Last input 00:00:02, output 00:00:02, output hang never
Last clearing of "show interface" counters 2w2d
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
46 packets input, 742 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

R8(config-if)#

1, I clear all counter on the interface

R8(config-if)#do clear count s1/0

2, then I repeat ping 1000 times with des ip = 1.1.88.255 (boardcast ip address)

R8(config-if)#do pi 1.1.88.255 re 1000 t 0

Type escape sequence to abort.
Sending 1000, 100-byte ICMP Echos to 1.1.88.255, timeout is 0 seconds:
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
....................
R8(config-if)#do sh int s1/0
Serial1/0 is up, line protocol is up
Hardware is M4T
Internet address is 1.1.88.8/24
MTU 1500 bytes, BW 128 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation FRAME-RELAY, crc 16, loopback not set
Keepalive set (10 sec)
Restart-Delay is 0 secs
LMI enq sent 2, LMI stat recvd 2, LMI upd recvd 0, DTE LMI up
LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0
LMI DLCI 1023 LMI type is CISCO frame relay DTE
Broadcast queue 0/64, broadcasts sent/dropped 0/0, interface broadcasts 1000
Last input 00:00:03, output 00:00:03, output hang never
Last clearing of "show interface" counters 00:00:18
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
2 packets input, 26 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

R8(config-if)#

that's why the interface broadcast is.

Carrier MPLS ASN in BGP as-path

If you have PE-CE routing as OSPF, you might take a look the as-path in your BGP table.

The topology is

ce1----ospf----pe1-----mp-bgp------pe2----ospf---ce2----eBGP----R3

Any type 5 LSA in ce1 learn from pe1 will be still as external in ce2, No doubt about it. When pe2 redistrbute type 5 LAS from MP-BGP routing table, pe2 will do something extra. The pe2 router add tag in the type 5 LSA, by default the tag is equal to MPLS VPN BGP ASN(RFC 1745) . The cisco.com doc indicate,
"The default value is calculated based on the BGP autonomous system number of the MPLS VPN backbone.
The four highest bits are set to 1101 according to RFC 1745.
The lowest 16 bits map the BGP autonomous system number of the MPLS VPN backbone. "

So, if you see the tag in type 5 LSA, if will apend into BGP as-path. This is because the route was

originated by some other means or IGP. The BGP process in ce2 router will watch the Tag value,
if it's start with 1101 in binary format, it will be copy to the BGP as-path.
If it's not start from 1101 it will not copy into BGP as-path. The format of the Tag is sub-fields as:

First bit as has been generated automatically by an ASBR or not.
Second 2 bits,

the combination are "1000" "1001" "1010" "1011" , The RFC 1745 indicate

OSPF routes with this tag setting SHOULD be exported with the BGP/IDRP attributes,
 ORIGIN=, PATH=.

So next time if your MPLS backbone ASN is in the as-path, Watch this out.

Island shangri-la 50F

This view is from shangri-la 50F. It's great view.

JNCIP part 1

After SP lab, I will move to JNCIP, the different from SP to JNCIP is the multicast. There is no Multicast in JNCIP, and a little bit QoS in it.

The best book for JNCIP exam of course, The sybex JNCIP study guide.

6 chapters in it. We start from Ch1, the inital config. Since I doesn't know the test netwrok for the exam, But one thing is correct, the Console server. Juniper doesn't have any product function like cisco 2509,2511. So, the ternimal server is connect to the router console port. Make sure you can clear the line and how to exit from the line.

Then OoB is different from cisco also. The cisco 25,26,3600 series routers isn't support OoB interface. And fxp0 acts as OoB for the juniper router. No-readvertise command will not adv this route into any routing protocol.

Accounts, If you dont' want centralise control the account, the local user accoount will control what you can do in the junos. Root just like Freebsd root user. for the first boot router, you need to change password of the root then you can move to next. There is also ops for op dail check. and monitor.

SNMP/NTP, In the modern NOC, The snmp is need as default. Some inetrface usage, link down trap will send by SNMP. Add what clinet can query this router, which cann't.

Lose

Chinese Taipei lose to China agagin 2 times within 8 months. It's not a surprise for me. There are not top player in it un like Korea, Japan. There are young but no experience. I't s abad news for us. I don't think there will no more good sport news in our county.

Pass CCIE SP

After 3 years since RS lab , I did it again. I passed the Cisco CCIE SP lab exam. It's tough, and a lot troubleshooting during the exam. The proctor wants to test your skill. He turns off the ip cef, and I saw debug ip packet with encap failed at Fe interface. even Ping is reachable but tcp doesn't. wowo, I deserved. 180 days preparation, day and night. The IEWB video is good to start, but doesn't covery all VPN tech in it. Now I'm moving to next JNCIP exam. If you are also on the way to JNCIP. unicast me for more discuss.