Just another Cisco blog
CCIP Practice Lab #2
This is the second practice lab for my CCIP BGP and MPLS preparation. I’ve added my configs to the first post, let me know if I’ve missed anything. This lab has a lot of overlap with the last one, but I’ve added some more BGP-specific stuff in preparation for my upcoming exam. I have italicized all the changes. Here’s the topology:
(click image for fullsize)
Requirements
Core
- P1, P2, P3 and P4 run only MPLS and OSPF, no BGP.
- PE1, PE2, PE3 and PE4 will support EIGRP, OSPF and L2 VPNs to customers C1, C2 and C3.
BGP
- PE1 and PE4 will have an iBGP relationship and will be route reflectors for PE2 and PE3. Use the fewest commands possible.
- Configure MD5 authentication between CE4 and PE1 using the password “cisco1”.
- Configure MD5 authentication between CE4 and Peer1 using the password “cisco1”.
- CE4’s link to AS6500 is much faster than its link to AS1200. Make outgoing traffic use AS6500, with AS1200 as a backup only.
- Make traffic destined for AS9300 prefer the path through AS6500, accomplish this with configuration on CE4 only.
- Filter CE4’s Lo0 (17.17.17.17) from updates to PE1 and Peer1. Only configure this on CE4. Use a different method to filter for each peer.
- Advertise a summary route from CE4 via BGP. Ensure that more specific routes are not advertised.
- PE1 and PE2 will have eBGP relationships with Peer1 and Peer2.
- Peer1 and Peer2 will inject networks from several loopbacks into BGP to simulate the internet.
- Peer1 and Peer2 will have an eBGP relationship.
- No customer AS should ever be used as a transit between ISPs, configure this on the customer and ISP sides of the BGP relationship.
Customers
- Routers CE1a and CE1b will run EIGRP with PE1 and PE3 in their own VPN.
- Routers CE2a and CE2b will run OSPF with PE2 and PE4 in their own VPN.
- Routers CE3a and CE3b will run an L2 VPN with PE2 and PE3. They will be using RIP over the VPN.
- Customers C1 and C2 will inject networks from loopback interfaces to simulate customer LANs.
- Customer C4 is a large enterprise which is dual-homed to PE1 and Peer1, C4 will inject networks from several loopbacks to simulate large enterprise IP space.
Here’s the .net file I’ve created for this one:
CCIP Practice Lab .net file
Post your thoughts!
about 1 month ago
Thank you very much for the Lab.
I didn’t finish the first lab yet. I hope that I will finish it in a few days.
And how can I accomplish this:
- No customer AS should ever be used as a transit between ISPs, configure this on the customer and ISP sides of the BGP relationship.
What BGP attribute do you use for that?
about 1 month ago
Customer side:
ip as-path access-list 10 permit ^$
!
route-map No-Transit permit 10
match as-path 10
!
router bgp 9300
neighbor 38.19.4.1 remote-as 1200
neighbor 38.19.4.1 route-map No-Transit out
SP side:
ip as-path access-list 10 permit ^9300$
!
route-map 9300-In permit 10
match as-path 10
!
router bgp 1200
neighbor 38.19.4.2 remote-as 9300
neighbor 38.19.4.2 route-map 9300-In in
So first you configure the AS-Path ACL. On the customer side you’re matching a blank AS Path (these use Regular Expressions, ^ means starts with, and $ means ends with, so this gives you a blank match), which is what is seen before the update is sent to the SP. Then you match the ACL in your route-map. Anything matching this ACL/route-map is permitted, with everything else denied. You apply the route-map to your neighbor in the outbound direction, which catches your updates.
On the SP side you’re filtering inbound updates from the customer. You use another AS-Path ACL, but this time you’re matching the customer’s AS. We make a route-map and apply it inbound to catch the customer’s updates.
Realistically, you only NEED this on the customer side, but a good SP will filter on their side too, in case of any misconfiguration from the customer. I explained this in one of my Lab Guides for the big MPLS/BGP lab I posted a few months ago. Check out this link:
http://blog.alwaysthenetwork.com/?p=285
Also, the second lab gets even better as it includes some prepending from the customer, which means the current AS-Path ACLs will need to be modified.:)
about 1 month ago
Hi,
I’ am having a lot of performance problems. After I start a few processes (OSPF, EIGRP, MPLS and BGP) on the routers the CPU is overloaded.
I have a VMWare machine (IBM Blade server) and I got around 5,3 GHz and 4 GB of RAM.
OS is Win2003 R2.
I tried a lot of IDLE CPU options.
about 1 month ago
Sounds like you need to get your IdlePC stuff straight. What have you tried?
I like to start a fresh router with no config, I let it boot then i say “no” to the auto config and let the router sit. That seems to be the best time to test out IdlePC values.
Your box should be able to handle this topology, I would think. You could try running it on Linux, that definitely helps with performance.
about 1 month ago
I started one 3660 router and then I got the IDLE PC value. The CPU usage droped to 1%.
Then I started a 7206 and again got the IDLE PC value, and the CPU usage dropped to 1%.
The performance is great until I start the routing protocols.
Right now I have to two 7206 and three 3660 Routers and the CPU usage is around 60%.
By starting one 3660 more the CPU usage jumps to 100%!
Maybe I should try Ubuntu.
about 1 month ago
Sorry for my BGP ignorance, but with the ^$ blank match, is the only route being sent from the customer to the SP the local AS route?
about 1 month ago
@Smail: I don’t think your usage should be that high with five routers? Why are you using the 3660? You can do just as much with the 3640, and I rarely use 7200s, I think the only thing I’ve needed them for is AToM support, which is lacking in the 3640 (with the IOS I’m using, at least).
@willroute: Yes, the blank AS match will limit the updates to routes only from the customer’s local AS, which is our goal here. We do not want our customer AS to become a transit for the internet.
about 1 month ago
Hey. I don’t normally leave comments, but I just wanted to say thanks for the great information. I have a blog too, though
I don’t write as good as you do. Thanks again and have a great day!
about 1 month ago
I see that you had two hypervisors configured and I think that was the problem. I recalculated the IDLE PC for both HV and the cpu usage is now 40% with all routers.
I use the 3660 IOS because I had one on my PC.
I hope that you will provide some more labs
Are you going for CCIE SP soon?
about 1 month ago
CCIE SP? Not a chance, at least not for a long time. That’s way beyond my current capabilities. I’m still trying to figure out what path to take.
about 1 month ago
Hey Colby,
What operating system are you using to run Dynamips?
Im having problems running them having hanging issues.
about 1 month ago
I’m using Ubuntu 8.10.
What’s hanging?
about 1 month ago
The routers hangs while doing configurations.
about 1 month ago
Have you configured the IdlePC values?
about 1 month ago
Yupz i did. CPU load works perfectly. I do have some hanging routers and also some “invalid” router process which doesnt allow me to console in.
Maybe i should try reformatting my pc. Feeling that my OS is corrupted. -.-”
about 1 month ago
I really don’t know, I’ve never had those issues. I would check here:
http://7200emu.hacki.at/index.php