Just another Cisco blog
Posts tagged CCIE
MPLS and BGP Lab Guide, Part 2
Dec 7th
This is the second post in the series, the goal of the series is to provide a guide for the MPLS and BGP Lab I posted awhile back. The labs consists of MPLS VPNs and BGP along with some OSPF, NAT, IPSEC and GRE exposure. I will be posting the files needed for this lab at the bottom. Here’s the topology and the requirements:
(click image for fullsize)
Requirements:
Internet
* The two Internet routers should serve as transit ASes. No other routers should permit transit traffic.
* Internet sites (modeled by loopbacks) should be accessible by all lan IPs.
BGP ORF Tutorial
Dec 5th
Yesterday I learned about a really interesting BGP feature that I’d never heard of. It’s called ORF (Outbound Route Filtering). With traditional filtering we have two options, filter updated in (coming from your neighbor) or out (going to your neighbor). This method works well, but there is overhead on both sides, one neighbor sending all the updates with the other neighbor filtering some or most of them. ORF is a better way of accomplishing this. Here’s the topology:
The goal of ORF is the ability of the neighbors to tell each other what prefixes they want BEFORE they are sent. This saves bandwidth and processing. For instance, R1 can tell R2 that it only cares about the 24.95.102.0/24 and 128.27.45.0/24 networks, so R2 doesn’t bother sending the 72.89.30.0/24 network at all.
Let’s get to the config:
R1
hostname R1 ! interface Loopback1 ip address 41.58.12.1 255.255.255.0 ! interface Serial0/0 ip address 10.1.1.1 255.255.255.252 ! router bgp 6505 no synchronization bgp log-neighbor-changes network 41.58.12.0 mask 255.255.255.0 neighbor 10.1.1.2 remote-as 5680 no auto-summary |
R2
hostname R2 ! interface Loopback1 ip address 72.89.30.1 255.255.255.0 ! interface Loopback2 ip address 24.95.102.1 255.255.255.0 ! interface Loopback3 ip address 128.27.45.1 255.255.255.0 ! interface Serial0/0 ip address 10.1.1.2 255.255.255.252 ! router bgp 5680 no synchronization bgp log-neighbor-changes network 24.95.102.0 mask 255.255.255.0 network 72.89.30.0 mask 255.255.255.0 network 128.27.45.0 mask 255.255.255.0 neighbor 10.1.1.1 remote-as 6505 no auto-summary |
MPLS and BGP Lab Guide, Part 1
Dec 4th
This is the first post in the series, the goal of the series is to provide a guide for the MPLS and BGP Lab I posted awhile back. The labs consists of MPLS VPNs and BGP along with some OSPF, NAT, IPSEC and GRE exposure. I will be posting the files needed for this lab at the bottom. Here’s the topology and the requirements:
(click image for fullsize)
Requirements:
Internet
* The two Internet routers should serve as transit ASes. No other routers should permit transit traffic.
* Internet sites (modeled by loopbacks) should be accessible by all lan IPs.
Policy-Based Routing Tutorial
Nov 18th
A friend asked me how to implement Policy-Based Routing (PBR) yesterday, after explaining it to him I thought it’d be nice to write a quick tutorial on here. PBR allows you to change a packet’s path based on different criteria. In this post I will use my friend’s scenario. We have a business with two internet connections, the powers that be have decided to use ISP B for all outbound SMTP traffic. Here’s our topology:
Let’s go through the config:
R1
hostname R1 ! ip access-list ext MATCH_SMTP 10 permit tcp 192.168.1.0 0.0.0.255 any eq 25 20 deny ip any any ! route-map SMTP_ISPB permit 10 match ip address MATCH_SMTP set ip next-hop 67.92.18.1 ! interface fa0/1 ip add 192.168.1.1 255.255.255.0 ip policy route-map SMTP_ISPB |
First we create our ACL that matches outgoing SMTP traffic, then we match the ACL in a route-map. After we match the traffic, we enter our action statement, “set ip next hop”. This route-map changes the next hope of all outgoing SMTP traffic. Finally we configure it on the LAN interface.
Free Cisco Lab
Nov 14th
Strech, the owner of PacketLife is now offering lab time for free. From his site:
Lab gear is broken into multiple “device blocks” to allow for multiple users to use independent portions of the lab simultaneously. Users can reserve one, several, or all of these blocks at once (however, a user may only have one unexpired reservation at any given time).
Block A
* 1x Cisco 2811 (with 2x WIC-2T)
* 2x Cisco 1841 (with 1x WIC-2T)
* 1x Cisco Catalyst 3550-24
* 1x Cisco Catalyst 3550-24 (with Inline Power)
* 1x Cisco ASA 5505
Block B
* 1x Cisco 2811 (with 2x WIC-2T)
* 2x Cisco 1841 (with 1x WIC-2T)
* 1x Cisco Catalyst 3550-24
* 1x Cisco Catalyst 3550-24 (with Inline Power)
BGP Backdoor Lab
Nov 12th
In this article we’ll be going over the BGP Backdoor feature. This is used in cases where two systems are connected via an IGP, but also receiving routes to the same system through BGP. I stumbled across this feature while checking out one of the labs on Darren’s Blog. The only way I could think of to complete one of his criteria was changing the Administrative Distance of either BGP or the IGP. That is essentially what this feature does, but on a route-by-route basis instead of changing the AD of an entire protocol. I asked Darren if that was the only solution and he pointed me to “BGP Backdoor”. As usual, I will be including my Dynagen/GNS3 .net file at the end of this post. Here is our topology:
Let’s go through the config:
R1
hostname R1 ! interface Serial0/0 ip address 10.1.1.1 255.255.255.0 ! interface Serial0/1 ip address 10.1.3.1 255.255.255.0 ! router bgp 65000 no synchronization bgp log-neighbor-changes neighbor 10.1.1.2 remote-as 65525 neighbor 10.1.3.2 remote-as 65535 no auto-summary |
Recent Comments