Browsed by
Tag: Cisco

CCIE: EIGRP

CCIE: EIGRP

One of my favorite routing subjects to discuss. Usually, I’ll be asked what is a better IGP OSPF or EIGRP and my answer is always… it depends. There a couple compelling reasons why EIGRP is still a great IGP after so many years. Here are a few in my opinion; ease of deployment, convergence speed (without tweaks), and offset capability. Of course, there are some disadvantages; scale, ease of deployment (your not required to take a deep look at your topology like OSPF), and it’s proprietary.

The EIGRP Fundamentals:

Uses the DUAL algorithm to prevent routing loops and propagate topology information.
Split horizon/DUAL are responsible for maintaining a loop free topology. Split Horizon is disabled on frame-relay physical interfaces but, enabled on all others.
EIGRP is classless
MD5 only authentication (use “debug eigrp packet” to verify)
Constraining bandwidth and cumulative delay are the default metrics used (ToS:0, K values:10100)
EIGRP (using default K’s) Metric = 256*(Bw + Delay), EIGRP Metric = 256*((10^7 / min. Bw) + Delay)
Maximum paths is 4, the range is 1-6.

Metric Weights: Default TOS0, K1=1, K2=0, K3=1, K4=0, K5=0 (must match to form neighbor)

usec (microsecond) is the delay value on IOS routers. The EIGRP formula is 10 of usec. Delay of 100000usec is actually, 100000/10=10,000

Plug those numbers in now. 256*(1544 (t1)+12,000)
Decimals are rounded DOWN to the nearest WHOLE number.

RD: Is there neighbors metric to that interface/route.
FD:  The metric for the lowest metric path to reach subnet.
Feasibility condition: RD must be lower than FD.
Successor route: Lowest metric route.
FS: Not the successor, but can be used when the successor fails without introducing a loop.

P 155.17.146.0/24, 1 successors, FD is 2693120
        via 155.17.0.5 (FD:2693120/RD:2181120), Serial0/0/0.1

Variance: If other FS have a better metric (lower) than the product of variance multiplier * FD they are added to the RIB.

Hellos sent to 224.0.0.10 via IP protocol 88. 5 seconds on PTP/LAN and 60 seconds on multipoint links with less than 1Mbps. Dead time is 3 x the hello.

Network statement is what interface is running the EIGRP process.

“sh ip eigrp nei” “Q Count” value of 0 means no updates to be sent and the network has converged. 

Disabling split horizon on the hub can cause route replication in the topology table.

“ip default-network” can advertise default (no really but a candidate).

“ip summary-address eigrp xxx 0.0.0.0 0.0.0.0” will suppress local all other routes unless you use “leak-map”

Poison the summary (AD 255) to allow longer match without dropping via null0

 Unequal cost load balancing using Variance: 

SIA Timer: config-router> “timer active-time X” This is disabled by default, so it will continue until the end of time… Disables the timers and permits the routing wait time to remain active indefinitely.

IMPORTANCE OF EIGRP ROUTER ID: This is a new one for me. I found out that any external routes injected into EIGRP are tagged with the redistributing router’s RID. This is used for route loop prevention. You can also use this as a filter mechanism by changing a router’s ID to the originating router and preventing that prefix from entering the topology/route table. Tricky stuff!!!

CCIE: PPP Authentication

CCIE: PPP Authentication

Personally, this is an area that I struggled with during my studies. Not quite sure why, the concept is not that difficult. Perhaps, it’s one of those “boring” subjects and I just could not get excited about it no matter how hard I tried. In real world use cases, I used PPP all the time for the PE to CE encapsulation method. The thing is at the SP, there was no need to “secure” the /30 MPLS circuits so, LCP was not necessary. Now for ADSL customers, that was a totally different story. LCP and NCP were both used. Fact is, PPP is still widely deployed and I don’t see it going away anytime soon so, we better understand it.

#1 Recommendation: ALWAYS think of PPP authentication as a client (response) and server (authenticator/challenge) relationship.

The authentication does not have to be bi-directional (although it could be).

So, the PAP/CHAP SERVER would require authentication and the PAP/CHAP CLIENT must respond.

Example 1 (PAP): 

R1: SERVER
username R2PAP password CISCO

interface serial 0/1/0
encap ppp
ppp authentication pap (P1) chap (P2)
try Protocol1 first and if unsuccessful try P2

R2: CLIENT
int ser 0/1/0
encap ppp
ppp pap sent-username R2PAP password CISCO 

Example 2 (CHAP):

R1: SERVER
username R2 password CISCO

interface serial 0/1/0
encap ppp
ppp authentication pap (P1) chap (P2)
try Protocol1 first and if unsuccessful try P2

R2: CLIENT
username R1 password CISCO
int ser 0/1/0
encap ppp

CCIE: 802.1s (MST)

CCIE: 802.1s (MST)

Overview:

MSTP, which uses RSTP for rapid convergence, enables VLANs to be grouped into a spanning-tree instance, with each instance having a spanning-tree topology independent of other spanning-tree instances. This architecture provides multiple forwarding paths for data traffic, enables load balancing, and reduces the number of spanning-tree instances required to support a large number of VLANs.

All the details can be found here.

My personal field experience:

It’s funny, I always hear how great MST is (and it does have advantages) but, I only saw it in a production enterprise environment a handful of times. The primary drivers are lots of VLANs (500+) and load balancing traffic (VLAN traffic engineering) across redundant links. Service providers could use this on small metro rings that utilize STP as the ring failover mechanism (RPR may be a better option).

Configuration:

For correct operation, all switches in the MST region must agree on the same CIST regional root. Therefore, any two switches in the region only synchronize their port roles for an MST instance if they converge to a common CIST regional root.

For two or more switches to be in the same MST region, they must have the same VLAN-to-instance map, the same configuration revision number, and the same name.

SW1 (Root for Instance 2 and 3, backup root for Instance 1)

spanning-tree mst configuration

instance 1 vlan 1-100

instance 2 vlan 101-200

instance 3 vlan 201-4094

spanning-tree mst 1 priority 4096
spanning-tree mst 2 priority 0
spanning-tree mst 3 priority 0
Additional information:  
http://en.wikipedia.org/wiki/Spanning_Tree_Protocol#Multiple_Spanning_Tree_Protocol_.28MSTP.29
http://www.ieee802.org/1/pages/802.1s.html

 

CCIE: UDLD

CCIE: UDLD

UDLD is a Layer 2 protocol that enables devices connected through fiber-optic or twisted-pair Ethernet cables to monitor the physical configuration of the cables and detect when a unidirectional link exists. All connected devices must support UDLD for the protocol to successfully identify and disable unidirectional links. When UDLD detects a unidirectional link, it disables the affected port and alerts you. Unidirectional links can cause a variety of problems, including spanning-tree topology loops.

UDLD uses it’s own keepalives and not STP BPDU keepalives. Cisco propriaity.

Normal mode does not prevent STP loops and is informational only

Aggressive mode prevents STP loops by putting the port into errdisabled state.

For best protection (interface wiring and STP software) use both UDLD and LoopGuard together.

UDLD works great on fiber optic interfaces because of the separate TX and RX. On copper base-T FLP signals track interface status.

Cisco Impresses with UCS

Cisco Impresses with UCS

Cisco impresses with UCS:

If you’re tempted to think of Cisco‘s Unified Computing System (UCS) as just another blade server — don’t. In fact, if you just want a bunch of blades for your computer room, don’t call Cisco — Dell, HP, and IBM all offer simpler and more cost-effective options.

But, if you want an integrated compute farm consisting of blade servers and chassis, Ethernet and Fibre Channel interconnects, and a sophisticated management system, then UCS might be for you.

http://www.networkworld.com/reviews/2011/121911-cisco-ucs-test-253603.html