Feeds:
Posts
Comments

BGP table version

April 9, 2012 by packetlayer

This post based on my personal curiousity about BGP table version :)

There is no BGP protocols on both routers,

BGP1#sh ip bgp
% BGP not active

BGP1

After turning-up BGP, let’s take a look BGP table version on router BGP1,

BGP1#sh ip bgp summary
BGP router identifier 10.1.1.1, local AS number 1
BGP table version is 1, main routing table version 1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.1.1.2 4 2 3 3 1 0 0 00:00:35 0
BGP1#sh ip bgp

BGP1#

Let’s advertised prefix 110.1.1.0/24 and 120.1.1.0/24 from router BGP2,

BGP2#sh run | i ip route
ip route 110.1.1.0 255.255.255.0 Null0
ip route 120.1.1.0 255.255.255.0 Null0
BGP2#sh run | s router bgp
router bgp 2
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 10.1.1.1 remote-as 1
!
 address-family ipv4
  no synchronization
  network 110.1.1.0 mask 255.255.255.0
  network 120.1.1.0 mask 255.255.255.0
  neighbor 10.1.1.1 activate
  neighbor 10.1.1.1 soft-reconfiguration inbound
  no auto-summary
 exit-address-family
BGP2#

Again, pay attention to BGP table version on router BGP1,

BGP1#sh ip bgp summary
BGP router identifier 10.1.1.1, local AS number 1
BGP table version is 2, main routing table version 2
1 network entries using 120 bytes of memory
1 path entries using 52 bytes of memory
1/1 BGP path/bestpath attribute entries using 124 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 320 total bytes of memory
BGP activity 1/0 prefixes, 1/0 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.1.1.2 4 2 9 6 2 0 0 00:03:16 1
BGP1#sh ip bgp
BGP table version is 2, local router ID is 10.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
*> 110.1.1.0/24 10.1.1.2 0 0 2 i
BGP1#

We can see, BGP table version is increasing to ’2′. With prefix 110.1.1.0/24 add to this table. So we can assure, after prefix 120.1.1.0/24 being added to BGP table, than the version number will change to ’3′. Take a look at below capture,

BGP1#sh ip bgp summary
BGP router identifier 10.1.1.1, local AS number 1
BGP table version is 3, main routing table version 3
2 network entries using 240 bytes of memory
2 path entries using 104 bytes of memory
1/1 BGP path/bestpath attribute entries using 124 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 492 total bytes of memory
BGP activity 2/0 prefixes, 2/0 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.1.1.2 4 2 15 11 3 0 0 00:08:08 2
BGP1#sh ip bgp
BGP table version is 3, local router ID is 10.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
*> 110.1.1.0/24 10.1.1.2 0 0 2 i
*> 120.1.1.0/24 10.1.1.2 0 0 2 i
BGP1#

How about if we delete prefix 110.1.1.0/24 from router BGP2 advertisement, is BGP table version will decreasing ? The answer is no, it will keep increasing to ’4′.

BGP1#sh ip bgp summary
BGP router identifier 10.1.1.1, local AS number 1
BGP table version is 4, main routing table version 4
1 network entries using 120 bytes of memory
1 path entries using 52 bytes of memory
1/1 BGP path/bestpath attribute entries using 124 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 320 total bytes of memory
BGP activity 2/0 prefixes, 2/1 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.1.1.2 4 2 19 13 4 0 0 00:10:03 1
BGP1#sh ip bgp
BGP table version is 4, local router ID is 10.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
*> 120.1.1.0/24 10.1.1.2 0 0 2 i
BGP1#

As long as BGP is running, BGP table version will always incrementing as a record due to changes of prefixes which being advertised, delete from advertisement, or prefixes being influence for BGP metric customized. I hope this short lab will enhance our understanding (especially mine) regarding BGP table version :)

Posted in BGP, Cisco | 2 Comments »

route-map: Changing BGP’s Origin Path Attribute

April 9, 2012 by packetlayer

There are two ways to advertise prefix in BGP. First is using ‘network’ command. And second is through redistribution. What is the diference ? Take a look at topology below,

We will advertised prefix 100.1.1.0/24 using network command, and prefix 200.1.1.0/24 through redistribution.

BGP2#sh run | s router bgp
router bgp 2
 no bgp default ipv4-unicast
 bgp log-neighbor-changes
 neighbor 10.1.1.1 remote-as 1
!
 address-family ipv4
  no synchronization
  network 100.1.1.0 mask 255.255.255.0
  redistribute connected route-map advertised
  neighbor 10.1.1.1 activate
  neighbor 10.1.1.1 soft-reconfiguration inbound
  no auto-summary
 exit-address-family
BGP2#sh ip prefix-list
ip prefix-list advertised: 1 entries
 seq 5 permit 200.1.1.0/24
BGP2#sh route-map
route-map advertised, permit, sequence 10
Match clauses:
ip address prefix-lists: advertised
Set clauses:
Policy routing matches: 0 packets, 0 bytes
BGP2#sh ip bgp neighbor 10.1.1.1 advertised-routes
BGP table version is 3, local router ID is 200.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete

Originating default network 0.0.0.0

Network Next Hop Metric LocPrf Weight Path
*> 100.1.1.0/24 0.0.0.0 0 32768 i
*> 200.1.1.0 0.0.0.0 0 32768 ?

Total number of prefixes 2
BGP2#

Let’s see the result from router BGP1,

BGP1#sh ip bgp
BGP table version is 3, local router ID is 10.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
*> 100.1.1.0/24 10.1.1.2 0 0 2 i
*> 200.1.1.0 10.1.1.2 0 0 2 ?
BGP1#

If you notice from router BGP1,

  • prefix 100.1.1.0/24 having ‘i’ origin path, advertised by ‘network’ command.
  • prefix 200.1.1.0/24 having ‘?’ origin path, advertised by redistribution.

That’s the difference. According to holy book of BGP :) ‘i’ is more prefer than ‘?’. I’m planning to change 200.1.1.0/24 origin path from ‘?’ to ‘i’ even it was advertised by redistribution. We can do this using route-map, just add little change inside route-map at router BGP2,

BGP2#sh run | s route-map advertised permit
route-map advertised permit 10
 match ip address prefix-list advertised
 set origin igp
BGP2#

Definitely we will see in router BGP1, prefix 200.1.1.0/24 will having ‘i’ origin path,

BGP1#sh ip bgp
BGP table version is 4, local router ID is 10.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
*> 100.1.1.0/24 10.1.1.2 0 0 2 i
*> 200.1.1.0 10.1.1.2 0 0 2 i
BGP1#sh ip bgp 200.1.1.0
BGP routing table entry for 200.1.1.0/24, version 4
Paths: (1 available, best #1, table default)
Not advertised to any peer
2, (received & used)
10.1.1.2 from 10.1.1.2 (200.1.1.1)
Origin IGP, metric 0, localpref 100, valid, external, best
BGP1#

I personally always think route-map is a tiny, handy, and cool tool :) , let’s hear what you think.

Posted in BGP, Cisco, Route-Map | 2 Comments »

Inter Service Provider back to back VRF

March 18, 2012 by packetlayer

For me, it is always interesting if we learning thorough service provider’s core MPLS. What kind of things we are able to tweak, and adjust a little bit. Off course on a clean, cut-trough, and quickest time. Back to back VRF is a feature set we can use to ensure our single customer connectivity through out two different service provider (inter service provider). Take a look at below topology:

I will be concentrate more on VRF configuration and some filtering using import map inside VRF.

In PE1-SP1:

 ip vrf net
  rd 1:100
  route-target export 1:100
  route-target import 1:100
  route-target import 11:100

In PE2-SP1:

  ip vrf ext
   rd 11:100
  route-target export 11:100
  route-target import 11:100
  route-target import 1:100

  router bgp 1
   address-family ipv4 vrf ext
    neighbor 34.34.34.4 remote-as 2
    neighbor 34.34.34.4 activate
    neighbor 34.34.34.4 soft-reconfiguration inbound

In PE2-SP2:

 ip vrf ext
  rd 12:100
  route-target export 12:100
  route-target import 12:100
  route-target import 2:100

 router bgp 2
    address-family ipv4 vrf ext
    neighbor 34.34.34.3 remote-as 1
    neighbor 34.34.34.3 activate
    neighbor 34.34.34.3 soft-reconfiguration inbound

In PE1-SP2:

 ip vrf net 
  rd 2:100
  route-target export 2:100
  route-target import 2:100
  route-target import 12:100

Both CE are advertised their prefixes using BGP. Let’s take a look inside CEA1 and try ping to CEA2 prefixes:

CEA1#sh ip bgp
BGP table version is 6, local router ID is 172.16.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
*> 172.16.1.0/24 0.0.0.0 0 32768 i
*> 172.16.2.0/24 172.16.10.1 0 1 2 65002 i
*> 192.168.2.0 172.16.10.1 0 1 2 65002 i
CEA1#ping 172.16.2.1 source 172.16.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/6/12 ms
CEA1#ping 192.168.2.1 source 172.16.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms
CEA1#

If we want to filter 192.168.2.0/24 prefix being advertised onto ServiceProvider-1 core MPLS. We can achieve it using import map inside VRF. Filtering will apply on PE2-SP2:

ip prefix-list filter seq 5 permit 172.16.2.0/24
route-map filter permit 10
 match ip address prefix-list filter
ip vrf ext
 import map filter

See the result on CEA1:

CEA1#sh ip bgp
BGP table version is 7, local router ID is 172.16.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
*> 172.16.1.0/24 0.0.0.0 0 32768 i
*> 172.16.2.0/24 172.16.10.1 0 1 2 65002 i
CEA1#ping 172.16.2.1 source 172.16.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
CEA1#ping 192.168.2.1 source 172.16.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
Packet sent with a source address of 172.16.1.1
…..
Success rate is 0 percent (0/5)
CEA1#


Posted in BGP, Cisco, Import Map, MPLS, Route-Map, VRF | 7 Comments »

Automatic Teller Machine Server Failover

January 31, 2012 by packetlayer

Recently I have worked for this project. Yeap it is ‘the ATM’ box that always fill with money :) . Just like another client-server connectivity, ATM also using similar concept. All ATM machine is connecting to ATM server. And there is a big possibility that IP Address for ATM server already hardcode inside script running on ATM machine. Hundreds or maybe thousands of ATM machine are referring into one ATM server’s IP Address. To avoid down time when ATM server down, we can use backup ATM server. Means there is failover mechanism between primary ATM server and backup ATM server. This project’s goal is to make sure failover running and ATM machine still able to operate using backup ATM server using the same IP address which is primary ATM server’s IP. From topology we can see that primary ATM server using 172.16.1.10/24. If this primary ATM server is down then backup ATM server will act as a primary and also using the same IP not the original backup ATM server’s IP, got it mate :) It can be done with below steps:

  • Advertise primary ATM server’s IP (172.16.1.10) from DC-BGP router
                  router bgp 65001
                   address-family ipv4-unicast
                    network 172.16.1.10 mask 255.255.255.255
  • Also advertise 172.16.1.10 from DRC-BGP router with as-path prepended
                 ip route 172.16.1.10 255.255.255.255 null 0
                 ! 
                 router bgp 65002
                  address-family ipv4-unicast
                   network 172.16.1.10 mask 255.255.255.255
                   neighbor 10.1.1.9 route-map pathout out
                !
                ip prefix-list atmserverbackup seq 5 permit 172.16.1.10/32
                !
                route-map pathsecondout permit 10
                 match ip address prefix-list atmserverbackup
                 set as-path prepend 65002 65002
                route-map pathsecondout permit 20
                !
  • Using static NAT for mapping 172.30.1.10 with 172.16.1.10
                ip nat inside source static 172.30.1.10 172.16.1.10

 

After configuration, from HQ-BGP we can see best path to 172.16.1.10 is going to DC-BGP router,

HQ-BGP#sh ip bgp
BGP table version is 4, local router ID is 192.168.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
*> 172.16.1.10/32 10.1.1.1 0 65000 65001 i
*> 192.168.1.10/32 0.0.0.0 0 32768 i
HQ-BGP#

Ping from ATM to primary ATM server also succeeded,

ATM#ping 172.16.1.10

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/8 ms
ATM#

Shutdown interface inside DC-BGP heading to Core-BGP, to simulate primary ATM server down, let’ s see the result from HQ-BGP,

HQ-BGP#sh ip bgp
BGP table version is 5, local router ID is 192.168.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete

Network Next Hop Metric LocPrf Weight Path
*> 172.16.1.10/32 10.1.1.1 0 65000 65002 65002 65002 i
*> 192.168.1.10/32 0.0.0.0 0 32768 i
HQ-BGP#

Currently primary ATM server is down, if we are able ping 172.16.1.10 from ATM machine it means failover is succeeded,

ATM#ping 172.16.1.10

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
ATM#

We have also managed to encapsulate backup ATM server’s IP with 172.16.1.10,

DRC-BGP#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 172.16.1.10:2 172.30.1.10:2 192.168.1.10:2 192.168.1.10:2
icmp 172.16.1.10:3 172.30.1.10:3 192.168.1.10:3 192.168.1.10:3
— 172.16.1.10 172.30.1.10 — —
DRC-BGP#

I think this solution also might be use in service provider area. We can change ATM machine and server onto RNC, BSC, and SGSN :)  So what do you think ?

Posted in BGP, NAT | 10 Comments »

Redundant NAT with BGP

May 20, 2011 by packetlayer

For me it’s always not easy to create lab prototype for Network Address Translations (NAT) case. Until now I think I’m succesfuly managed one. For NAT scenarios I always concern both of traffic. It is just not reachability form inside to outside, but also require reachability from outside to inside network. Mixing it with BGP and route filtering just like having ice blended cookies and cream served on your table :)

This scenario will have several note and goals,

  • 12.12.12.0/24 will act as private IP address which is inside network
  • 100.1.1.0/24 will act as public IP address which is outside network
  • 200.1.1.1 will be global public IP address that encapsulated 12.12.12.1
  • Gateway router will prevent 12.12.12.0/24 being advertise to cloud.
  • Gateway router will advertise 200.1.1.1 with BGP origin modified.
  • Reachability from inside to outside network, able to do ping from 12.12.12.1 to 100.1.1.1
  • Reachability from outside to inside network, able to do ping from 100.1.1.1 to 200.1.1.1 (reaching 12.12.12.1)
  • Testing high availability between Nat1 and Nat2 routers
PE#sh run | be router bgp 65000
router bgp 65000
 no synchronization
 bgp log-neighbor-changes
 network 12.12.12.0 mask 255.255.255.0
 neighbor 23.23.23.3 remote-as 65001
 neighbor 24.24.24.4 remote-as 65002
 no auto-summary
!
PE#sh ip bgp
BGP table version is 10, local router ID is 12.12.12.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 12.12.12.0/24    0.0.0.0                  0         32768 i
*  100.1.1.0/24     24.24.24.4                             0 65002 100 200 i
*>                  23.23.23.3                             0 65001 100 200 i
*> 200.1.1.1/32     23.23.23.3                             0 65001 100 ?
*                   24.24.24.4                             0 65002 100 ?
PE#

Nat1#sh run | be Ethernet0/0
interface Ethernet0/0
 ip address 35.35.35.3 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 half-duplex
!
interface Ethernet0/1
 ip address 23.23.23.3 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 half-duplex
!
Nat1#sh run | in ip nat inside source
ip nat inside source static 12.12.12.1 200.1.1.1
Nat1#
Nat1#sh run | be router bgp
router bgp 65001
 no synchronization
 bgp log-neighbor-changes
 neighbor 23.23.23.2 remote-as 65000
 neighbor 35.35.35.5 remote-as 100
 no auto-summary
!
Nat1#sh ip bgp
BGP table version is 13, local router ID is 35.35.35.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 12.12.12.0/24    23.23.23.2               0             0 65000 i
*> 100.1.1.0/24     35.35.35.5                             0 100 200 i
*> 200.1.1.1/32     35.35.35.5               0             0 100 ?
Nat1#

Nat2#sh run | be Ethernet0/0
interface Ethernet0/0
 ip address 24.24.24.4 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 half-duplex
!
interface Ethernet0/1
 ip address 45.45.45.4 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 half-duplex
!
Nat2#sh run | in ip nat inside source
ip nat inside source static 12.12.12.1 200.1.1.1
Nat2#
Nat2#sh run | be router bgp
router bgp 65002
 no synchronization
 bgp log-neighbor-changes
 neighbor 24.24.24.2 remote-as 65000
 neighbor 45.45.45.5 remote-as 100
 no auto-summary
!
Nat2#sh ip bgp
BGP table version is 11, local router ID is 45.45.45.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*  12.12.12.0/24    45.45.45.5                             0 100 65001 65000 i
*>                  24.24.24.2               0             0 65000 i
*  100.1.1.0/24     24.24.24.2                             0 65000 65001 100 200 i
*>                  45.45.45.5                             0 100 200 i
*  200.1.1.1/32     24.24.24.2                             0 65000 65001 100 ?
*>                  45.45.45.5               0             0 100 ?
Nat2#

Gateway#sh run | be router bgp
router bgp 100
 no synchronization
 bgp log-neighbor-changes
 redistribute static
 neighbor 35.35.35.3 remote-as 65001
 neighbor 45.45.45.4 remote-as 65002
 neighbor 56.56.56.6 remote-as 200
 neighbor 56.56.56.6 route-map manunited out
 no auto-summary
!
Gateway#sh run | be ip route
ip route 200.1.1.1 255.255.255.255 35.35.35.3
ip route 200.1.1.1 255.255.255.255 45.45.45.4 2
!
Gateway#sh route-map manunited
route-map manunited, permit, sequence 10
  Match clauses:
    ip address prefix-lists: changeorigin 
  Set clauses:
    origin igp
  Policy routing matches: 0 packets, 0 bytes
route-map manunited, deny, sequence 20
  Match clauses:
    ip address prefix-lists: filterprivate 
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes
route-map manunited, permit, sequence 30
  Match clauses:
  Set clauses:
  Policy routing matches: 0 packets, 0 bytes
Gateway#
Gateway#sh ip prefix-list changeorigin
ip prefix-list changeorigin: 1 entries
   seq 5 permit 200.1.1.1/32
Gateway#sh ip prefix-list filterprivate
ip prefix-list filterprivate: 1 entries
   seq 5 permit 12.12.12.0/24
Gateway#
Gateway#sh ip bgp
BGP table version is 9, local router ID is 56.56.56.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*  12.12.12.0/24    45.45.45.4                             0 65002 65000 i
*>                  35.35.35.3                             0 65001 65000 i
*> 100.1.1.0/24     56.56.56.6               0             0 200 i
*> 200.1.1.1/32     35.35.35.3               0         32768 ?
Gateway#

Cloud#sh run int lo0
Building configuration...
Current configuration : 63 bytes
!
interface Loopback0
 ip address 100.1.1.1 255.255.255.0
end
Cloud#sh run | be router bgp
router bgp 200
 no synchronization
 bgp log-neighbor-changes
 network 100.1.1.0 mask 255.255.255.0
 neighbor 56.56.56.5 remote-as 100
 default-information originate
 no auto-summary
!
Cloud#sh ip bgp
BGP table version is 10, local router ID is 100.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 100.1.1.0/24     0.0.0.0                  0         32768 i
*> 200.1.1.1/32     56.56.56.5               0             0 100 i
Cloud#

Host#ping 100.1.1.1 rep 100
Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 100.1.1.1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 8/53/1080 ms
Host#
Cloud#ping 200.1.1.1 source 100.1.1.1 rep 100
Type escape sequence to abort.
Sending 100, 100-byte ICMP Echos to 200.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 100.1.1.1 
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Success rate is 100 percent (100/100), round-trip min/avg/max = 16/54/116 ms
Cloud#
Nat1#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
icmp 200.1.1.1:1       12.12.12.1:1       100.1.1.1:1        100.1.1.1:1
icmp 200.1.1.1:2       12.12.12.1:2       100.1.1.1:2        100.1.1.1:2
--- 200.1.1.1          12.12.12.1         ---                ---
Nat1#

PE#sh int description | in Et0/0
Et0/0                          admin down     down     
PE#
Host#ping 100.1.1.1 rep 500
Type escape sequence to abort.
Sending 500, 100-byte ICMP Echos to 100.1.1.1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!..........
......................................................................
.!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!
Success rate is 83 percent (419/500), round-trip min/avg/max = 8/75/196 ms
Host#
Cloud#ping 200.1.1.1 source 100.1.1.1 rep 500
Type escape sequence to abort.
Sending 500, 100-byte ICMP Echos to 200.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 100.1.1.1 
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!...............................
..................................................!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!
Success rate is 83 percent (419/500), round-trip min/avg/max = 16/75/180 ms
Cloud#
Nat2#sh ip nat translations 
Pro Inside global      Inside local       Outside local      Outside global
icmp 200.1.1.1:3       12.12.12.1:3       100.1.1.1:3        100.1.1.1:3
icmp 200.1.1.1:4       12.12.12.1:4       100.1.1.1:4        100.1.1.1:4
--- 200.1.1.1          12.12.12.1         ---                ---
Nat2#

PE#sh int description | in Et0/0
Et0/0                          up             up       
PE#
Host#traceroute 
Protocol [ip]: 
Target IP address: 100.1.1.1
Source address: 12.12.12.1
Numeric display [n]: y
Timeout in seconds [3]: 
Probe count [3]: 
Minimum Time to Live [1]: 
Maximum Time to Live [30]: 
Port Number [33434]: 
Loose, Strict, Record, Timestamp, Verbose[none]: 
Type escape sequence to abort.
Tracing the route to 100.1.1.1

  1 12.12.12.2 80 msec 36 msec 28 msec
  2 24.24.24.4 28 msec 80 msec 32 msec
  3 45.45.45.5 48 msec 36 msec 68 msec
  4 56.56.56.6 100 msec *  104 msec
Host#
Cloud#traceroute 
Protocol [ip]: 
Target IP address: 200.1.1.1
Source address: 100.1.1.1
Numeric display [n]: y
Timeout in seconds [3]: 
Probe count [3]: 
Minimum Time to Live [1]: 
Maximum Time to Live [30]: 
Port Number [33434]: 
Loose, Strict, Record, Timestamp, Verbose[none]: 
Type escape sequence to abort.
Tracing the route to 200.1.1.1

  1 56.56.56.5 16 msec 36 msec 12 msec
  2 35.35.35.3 16 msec 44 msec 32 msec
  3 23.23.23.2 68 msec 32 msec 32 msec
  4 200.1.1.1 [AS 100] 28 msec *  24 msec
Cloud#

Posted in BGP, Cisco, NAT | 2 Comments »

Combining PVST+ with MSTP…Could it be ?

April 29, 2011 by packetlayer

Yes, that’s the answer. I’ve tried it and works.

Recommended ? I don’t think so :)

Started on a ridiculous project, demanding this two different protocols talking each other on a live network production. After searching for some documentations, finally I found it from cisco. Actually this kind of merge is not recommended. On a switched networks it should be all just using PVST+ or just using MSTP. But in that documentation I found that . The idea is quite simple, MSTP only seeing PVST+ as one big instance not divided into per vlan. To make sure PVST+ has continuity to its vlan member on a full circle layer 2 redundancy links I made only one MSTP instance containing same vlans which PVST+ have. And there it goes, blocked ports was established on above switched networks.

 
C6506-1#sh run | be spann
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 24576

C6506-2#sh run | be spann
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 28672

ZXR10-5928-1#sh run | be spann
spanning-tree enable
spanning-tree mst configuration
  name migrate
  revision 1
  instance 1 vlan 100,101,102
!
spanning-tree mst instance 1 priority 40960

ZXR10-5928-2#sh run | be spann
spanning-tree enable
spanning-tree mst configuration
  name migrate
  revision 1
  instance 1 vlan 100,101,102
!
spanning-tree mst instance 1 priority 57344


C6506-2#sh spanning-tree blockedports | in VLAN0100|VLAN0101|VLAN0102

Name                 Blocked Interfaces List
-------------------- ------------------------------------
VLAN0100             Gi1/13, Gi3/15
VLAN0101             Gi1/13, Gi3/15
VLAN0102             Gi1/13, Gi3/15

Posted in Cisco, Layer 2 Redundancy, MSTP, PVST+, Spanning Tree Protocol, ZTE | 2 Comments »

Link Aggregation between Cisco & Huawei

April 20, 2011 by packetlayer

I’m posting this because I found it interesting. I was tested link aggregation between two different equipments. It was Cisco Router 7609-S with Huawei Quidway S9303. There are two gig bundling ports each optical based. It was succesfully implemented Link Aggregation Control Protocol (LACP 802.3ad). Hint: Cisco using ‘active’ LACP mode and Huawei using ‘LACP static’ mode. See below for topology and results.

Cisco7609S#sh run int port-channel 1
Building configuration...

Current configuration : 200 bytes
!
interface Port-channel1
 description Etherchannel to Huawei
 switchport
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 100,200
 switchport mode trunk
 speed nonegotiate
end

Cicso7609S#sh run int g2/13
Building configuration...

Current configuration : 200 bytes
!
interface GigabitEthernet2/13
 description Etherchannel to Huawei
 switchport
 switchport trunk allowed vlan 100,200
 switchport mode trunk
 speed nonegotiate
 channel-group 1 mode active
end

Cisco7609S#sh run int g2/14
Building configuration...

Current configuration : 200 bytes
!
interface GigabitEthernet2/14
 description Etherchannel to Huawei
 switchport
 switchport trunk allowed vlan 100,200
 switchport mode trunk
 speed nonegotiate
 channel-group 1 mode active
end

Cisco7609S#sh int port-channel 1
Port-channel1 is up, line protocol is up (connected)
  Hardware is EtherChannel, address is 8843.e12d.44ac (bia 8843.e12d.44ac)
  Description: Etherchannel to Huawei
  MTU 1500 bytes, BW 2000000 Kbit, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 1000Mb/s
  input flow-control is off, output flow-control is on
  Members in this channel: Gi2/13 Gi2/14 

[QuidwayS9303]display current interface eth-trunk 1
#
interface Eth-Trunk1
 port link-type trunk
 port trunk allow-pass vlan 100 200
 mode lacp-static
#
return
[QuidwayS9303]display current interface g1/0/2
#
interface GigabitEthernet1/0/2
 eth-trunk 1
 undo negotiation auto
#
return
[QuidwayS9303]display current interface g1/0/3
#
interface GigabitEthernet1/0/3
 eth-trunk 1
 undo negotiation auto
#
return
[QuidwayS9303]display interface eth-trunk 1
Eth-Trunk1 current state : UP
Description:HUAWEI, Quidway Series, Eth-Trunk1 Interface
Switch Port,PVID :    1,Hash arithmetic : According to SIP-XOR-DIP,The Maximum Frame Length is 9216
Internet protocol processing : disabled
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 781d-baa5-209a

-----------------------------------------------------
PortName                Status              Weight
-----------------------------------------------------
GigabitEthernet1/0/2    UP                  1
GigabitEthernet1/0/3    UP                  1
-----------------------------------------------------
The Number of Ports in Trunk : 2
The Number of UP Ports in Trunk : 2

Posted in Cisco, Etherchannel, Huawei, LACP, Link Aggregation, Quidway | 5 Comments »

Older Posts »

Follow

Get every new post delivered to your Inbox.