Little Blog!: Networks

Showing posts with label Networks. Show all posts

Tuesday, August 18, 2015

CCIE Lab1, Section 2

Section 2: IPv4 IGP Protocols

Section 2.1: OSPF

Requirements:

■ Use a process ID of 1; all OSPF configuration where possible should not be configured under the process ID. Do not change the preconfigured interface types where applicable, The Loopback interfaces of Routers R1, R2, and R3 should be configured to be in Area 0. R4 should be in Area 34 and R5 in Area 5.

■ All Loopback networks should not be advertised as host routes.

■ Ensure that R1 does not advertise the preconfigured secondary address under interface Gigabit 1/0 of 120.100.100.1/24 to the OSPF network. Do not use any filtering techniques to achieve this.

Configuration:

Recent advances in OSPF have enabled configuration of the network area directly under the interface as opposed to within the OSPF process.

R1(config)# interface GigabitEthernet 1/0

R1(config-if)# ip ospf 1 area 100

R1(config)# interface Serial 6/0

R1(config-if)# ip ospf 1 area 0

R1(config-if)# interface Loopback 0

R1(config-if)# ip ospf 1 area 0

R2(config)# interface Loopback 0

R2(config-if)# ip ospf 1 area 0

R2(config-if)# interface Serial 6/0

R2(config-if)# ip ospf 1 area 0

R2(config-if)# interface Serial 6/1

R2(config-if)# ip ospf 1 area 5

R2(config-if)# interface FastEthernet 3/1

R2(config-if)# ip ospf 1 area 200

R3(config)# interface loopback 0

R3(config-if)# ip ospf 1 area 0

R3(config-if)# interface Serial 6/0

R3(config-if)# ip ospf 1 area 0

R3(config-if)# interface GigabitEthernet 0/0

R3(config-if)# ip ospf 1 area 34

R4(config)# interface Loopback 0

R4(config-if)# ip ospf 1 area 34

R4(config-if)# interface GigabitEthernet 0/0

R4(config-if)# ip ospf 1 area 34

R4(config-if)# interface GigabitEthernet 1/0.45

R4(config-if)# ip ospf 1 area 5

R5(config)# interface Loopback 0

R5(config-if)# ip ospf 1 area 5

R5(config-if)# interface GigabitEthernet 0/0

R5(config-if)# ip ospf 1 area 5

R5(config-if)# interface Serial 6/1

R5(config-if)# ip ospf 1 area 5.

Since Frame Relay NBMA networks won’t allow broadcasts or multicasts, an OSPF router will not attempt to dynamically discover any OSPF neighbors on the Frame Relay interface. Also, since this means that elections won’t be allowed, you’d have to statically confgure OSPF neighbors, plus the R2 router would need to be configured as a DR. Even though these are serial links, an NBMA network behaves like Ethernet and a DR is needed to exchange routing information. Only the R2 router can act as a DR because it would have the PVCs for all other routers. But the easiest way to fix this problem is to use the command ip ospf network point-to-multipoint on all router Frame Relay interfaces—not just the R2 router, but all branches too! Moreover, if the neighbor relationship is not formed, we also need to check the Hello and the Dead interval timers.

R1#show ip ospf int s6/0

Serial6/0 is up, line protocol is up

Internet Address 120.100.123.1/24, Area 0, Attached via Interface Enable

Process ID 1, Router ID 120.100.1.1, Network Type POINT_TO_MULTIPOINT, Cost: 5208

Topology-MTID Cost Disabled Shutdown Topology Name

0 5208 no no Base

Enabled by interface config, including secondary ip addresses

Transmit Delay is 1 sec, State POINT_TO_MULTIPOINT

Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5

oob-resync timeout 120

Hello due in 00:00:18

Supports Link-local Signaling (LLS)

Cisco NSF helper support enabled

IETF NSF helper support enabled

Index 2/3, flood queue length 0

Next 0x0(0)/0x0(0)

Last flood scan length is 1, maximum is 1

Last flood scan time is 0 msec, maximum is 0 msec

Neighbor Count is 1, Adjacent neighbor count is 1

Adjacent with neighbor 120.100.3.1

Suppress hello for 0 neighbor(s)

R3#show ip ospf int s6/0

Serial6/0 is up, line protocol is up

Internet Address 120.100.123.3/24, Area 0, Attached via Interface Enable

Process ID 1, Router ID 120.100.3.1, Network Type POINT_TO_MULTIPOINT, Cost: 5208

Topology-MTID Cost Disabled Shutdown Topology Name

0 5208 no no Base

Enabled by interface config, including secondary ip addresses

Transmit Delay is 1 sec, State POINT_TO_MULTIPOINT

Timer intervals configured, Hello 30, Dead 120, Wait 120, Retransmit 5

oob-resync timeout 120

Hello due in 00:00:10

Supports Link-local Signaling (LLS)

Cisco NSF helper support enabled

IETF NSF helper support enabled

Index 2/3, flood queue length 0

Next 0x0(0)/0x0(0)

Last flood scan length is 1, maximum is 1

Last flood scan time is 0 msec, maximum is 4 msec

Neighbor Count is 2, Adjacent neighbor count is 2

Adjacent with neighbor 120.100.1.1

Adjacent with neighbor 120.100.2.1

Suppress hello for 0 neighbor(s)

We can the Hello timer, if there is a mismatch timers by using the command below:

R3#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R3(config)#int 6/0

R3(config-if)#ip ospf hello-interval 30

R3(config-if)#^Z

R3#show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

120.100.2.1 0 FULL/ - 00:01:59 120.100.123.2 Serial6/0

120.100.1.1 0 FULL/ - 00:01:58 120.100.123.1 Serial6/0

120.100.4.1 1 FULL/DR 00:00:38 120.100.34.4 GigabitEthernet0/0

■ All Loopback networks should not be advertised as host routes.

Loopback interfaces within OSPF will by default be advertised as host routes. To manipulate this behavior you need to override the network type that the IOS associates with the Loopback interface. The output below shows that the host routes learned from R2. Note that 120.100.123.3/32 is actually a host route generated by OSPF for the Frame Relay connection, so this is expected behavior and acceptable in the routing table.

R2#sh ip route | inc /32
O 120.100.1.1/32 [110/10417] via 120.100.123.3, 00:24:51, Serial6/0
L 120.100.2.1/32 is directly connected, Loopback0
O 120.100.3.1/32 [110/5209] via 120.100.123.3, 00:25:06, Serial6/0
O 120.100.5.1/32 [110/5209] via 120.100.25.5, 00:25:06, Serial6/1
L 120.100.25.2/32 is directly connected, Serial6/1
O 120.100.25.5/32 [110/5208] via 120.100.25.5, 00:25:06, Serial6/1
O 120.100.123.1/32 [110/10416] via 120.100.123.3, 00:24:51, Serial6/0
L 120.100.123.2/32 is directly connected, Serial6/0
O 120.100.123.3/32 [110/5208] via 120.100.123.3, 00:25:06, Serial6/0
L 150.100.2.1/32 is directly connected, FastEthernet3/1

R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#int l0
R1(config-if)#ip ospf network point-to-point

R2#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R2(config)#int l0

R2(config-if)#ip ospf network point-to-point

R3#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R3(config)#int l0

R3(config-if)#ip ospf network point-to-point

R4#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R4(config)#int l0

R4(config-if)#ip ospf network point-to-point

R5#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R5(config)#int l0

R5(config-if)#ip ospf network point-to-point

R2#sh ip route ospf 1 | include /24

O 120.100.1.0/24 [110/10417] via 120.100.123.3, 01:31:32, Serial6/0

O 120.100.3.0/24 [110/5209] via 120.100.123.3, 01:33:36, Serial6/0

O IA 120.100.4.0/24 [110/5219] via 120.100.123.3, 00:15:18, Serial6/0

O 120.100.5.0/24 [110/5209] via 120.100.25.5, 01:31:47, Serial6/1

O IA 120.100.34.0/24 [110/5218] via 120.100.123.3, 01:33:36, Serial6/0

O 120.100.45.0/24 [110/5209] via 120.100.25.5, 01:31:47, Serial6/1

O IA 150.100.1.0/24 [110/10426] via 120.100.123.3, 01:31:32, Serial6/0

■ Ensure that R1 does not advertise the preconfigured secondary address under interface Gigabit 1/0 of 120.100.100.1/24 to the OSPF network. Do not use any filtering techniques to achieve this.

The associated behavior with configuring OSPF directly under the interface is that it will by default advertise any secondary addresses assigned to the interface. R1 has a preconfigured secondary address on interface Gigabit 1/0 that is therefore advertised. Because you cannot filter this advertisement, you need to inform OSPF not to include the secondary addresses under the interface command.

Adding a secondary address on g1/0 interface of R1

R1(config)#int g1/0

R1(config-if)#ip address 120.100.100.1 255.255.255.0 secondary

R1(config-if)#^Z

R1#sh ip ospf int g1/0

GigabitEthernet1/0 is up, line protocol is up

Internet Address 150.100.1.1/24, Area 100, Attached via Interface Enable

Process ID 1, Router ID 120.100.1.1, Network Type BROADCAST, Cost: 10

Topology-MTID Cost Disabled Shutdown Topology Name

0 10 no no Base

Enabled by interface config, including secondary ip addresses

Transmit Delay is 1 sec, State DR, Priority 1

Designated Router (ID) 120.100.1.1, Interface address 150.100.1.1

No backup designated router on this network

Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5

oob-resync timeout 40

Hello due in 00:00:01

Supports Link-local Signaling (LLS)

Cisco NSF helper support enabled

IETF NSF helper support enabled

Index 1/2, flood queue length 0

Next 0x0(0)/0x0(0)

Last flood scan length is 0, maximum is 0

Last flood scan time is 0 msec, maximum is 0 msec

Neighbor Count is 0, Adjacent neighbor count is 0

Suppress hello for 0 neighbor(s)

Check the routing table on R2:

R2#sh ip route ospf | include /24

O 120.100.1.0/24 [110/10417] via 120.100.123.3, 01:31:32, Serial6/0

O 120.100.3.0/24 [110/5209] via 120.100.123.3, 01:33:36, Serial6/0

O IA 120.100.4.0/24 [110/5219] via 120.100.123.3, 00:15:18, Serial6/0

O 120.100.5.0/24 [110/5209] via 120.100.25.5, 01:31:47, Serial6/1

O IA 120.100.34.0/24 [110/5218] via 120.100.123.3, 01:33:36, Serial6/0

O 120.100.45.0/24 [110/5209] via 120.100.25.5, 01:31:47, Serial6/1

O IA 120.100.100.0/24 [110/10426] via 120.100.123.3, 00:01:52, Serial6/0

O IA 150.100.1.0/24 [110/10426] via 120.100.123.3, 01:31:32, Serial6/0

In order to inform OSPF not to include the secondary addresses under the interface command on R1, we can do:

R1(config)#int g1/0

R1(config-if)#ip ospf 1 area 100 secondaries none

Check the 120.100.100.0 network on R2's routing table to see whether R1 stops advertising it or not.

R2#sh ip route 120.100.100.0

% Subnet not in table

■ R5 should use the Frame Relay link within Area 5 for its primary communication to the OSPF network. If this network should fail either at Layer 1 or Layer 2, R5 should form a neighbor relationship with R4 under Area 5 to maintain connectivity. Your solution should be dynamic, ensuring that while the Area 5 Frame Relay link is operational, there is no neighbor relationship between R4 and R5; however, the Ethernet interfaces of R4 and R5 must remain up. To confirm the operational status of the Frame Relay network, you should ensure that the serial interface of R5 is reachable by configuration of R5. You are permitted to define neighbor statements between R5 and R4.
This is a complex scenario that can consume your time, but all the clues are in the question, so some lateral thinking is required. You can rule out a backup interface solution because the Ethernet needs to remain up, and the solution must cater for Layer 1 and Layer 2 rather than purely Layer 1. Similarly, a demand scenario is also out because this would involve a neighbor relationship being formed. You are also requested to confirm operational status of the Frame Relay interface on R5 with your overall solution being dynamic. This would take a great deal of effort and trial and error, but you will find that you can use the IP SLA feature to monitor the IP address of the Frame Relay interface on R5 by R5 itself. If this responds to the automatic polling with ICMP, you know the frame relay is up at Layers 1 and 2. (Layer 2 would also need to be up for a valid response because the ICMP packet would be sent over the Frame Relay network, and a local map to R5’s own IP address is required for this.) If the polling fails, you know the interface is down. IP SLA can then be used to inform the router, and a forwarding decision can be manipulated; this feature is known as Policy-Based Routing (PBR) support with multiple Tracking Options. This gives PBR access to all the objects that are available through the tracking process.
The tracking process provides the ability to track individual objects, such as ICMP ping reachability, and inform the required PBR process when an object state changes. In summary, if the object status changes, R5 can simply manipulate the way it sends traffic by policy routing. The traffic it manipulates needs to be OSPF that should be directed to R4 to form the adjacency over the Ethernet network (VLAN45), so when R5 Frame Relay is up and running, we just need to break the adjacency between R5 and R4. When the Frame Relay fails, we need to allow the adjacency between R5 and R4 to form. The first step in this solution is to configure the IP SLA object tracking on R5. Remember the additional map is needed locally, so it can ping its own serial interface;

R5(config)# interface s6/1

R5(config-if)# frame-relay map ip 120.100.25.5 512 broadcast

R5(config-if)# exit

R5(config)# ip sla 1

R5(config-ip-sla)# icmp-echo 120.100.25.5

R5(config-ip-sla-echo)# ip sla schedule 1 life forever start-time now

R5(config)#track 1 rtr 1 reachability

OSPF needs to be configured between R4 and R5 with manual neighbor statements as directed in the question, which ensures the routers unicast traffic to each other. To do this you need to change the network type to nonbroadcast. The unicast traffic between neighbors can be identified by an ACL that the PBR process can match, and then instead of allowing normal traffic flow between R5 and R4 to form the neighbor relationship, the next hop can be modified and as the OSPF TTL is set to 1 by default, the traffic will effectively be dropped by the next hop and the OSPF between R5 and R4 will never establish. Similarly, when the object tracking fails, the PBR process will be overridden and traffic can flow as normal. This will then allow R5 and R4 to form an OSPF adjacency. So by using the PBR command set ip next- hop verify-availability 120.100.25.2 10 track 1, R5 can forward normal OSPF traffic to 120.100.25.2 (R2 Frame Relay to effectively discard the traffic) if the tracked object (1) is up. If the object status changes to down, the PBR process is informed, and the OPSF traffic to 120.100.25.2 would follow the usual next hop. R5 must be configured to locally policy route traffic because normal PBR behavior is for traffic manipulation for traffic that flows through the router rather than traffic generated by the router itself. The following configuration shows the required OSPF configuration on R4 and R5, the PBR on R5, a debug of R2 sending TTL expired to R5 after the OSPF traffic is sent to R2 instead of R5, and the resulting neighbor partial adjacency that is formed between R4 and R5.

R4(config)#int g1/0.45

R4(config-subif)#ip ospf network non-broadcast

R4(config-subif)#router ospf 1

R4(config-router)#neighbor 120.100.45.5

R5(config)#int g0/0

R5(config-if)#ip ospf network non-broadcast

R5(config-if)#router ospf 1

R5(config-router)#neighbor 120.100.45.4

R5(config-router)#exit

R5(config)#access-list 100 permit ospf host 120.100.45.5 host 120.100.45.4

R5(config)#route-map TEST permit 10

R5(config-route-map)#match ip address 100

R5(config-route-map)#set ip next-hop verify-availability 120.100.25.2 10 track 1

R5(config-route-map)#int g0/0

R5(config-if)#ip policy route-map TEST

R5(config-if)#exit

R5(config)#ip local policy route-map TEST

R2#debug ip icmp

ICMP packet debugging is on

R5#sh ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

120.100.2.1 0 FULL/ - 00:01:55 120.100.25.2 Serial6/1

N/A 0 ATTEMPT/DROTHER - 120.100.45.4 GigabitEthernet0/0

The following configuration shows the OSPF adjacency formed when the Frame Relay between R2 and R5 is shut down on R5. The PBR is overridden and normal routing occurs because the next hop is not verified by the object tracking. Your routing table needs to be an exact replica as below. You must remember that when an OSPF adjacency forms between R5 and R2, you are joining Area 5 into Area 34 and a virtual-link between R3 and R4 is required to extend area 0. If you hadn’t configured a virtual-link it would have been an easy mistake that would take your points away.

R3(config)#router ospf 1

R3(config-router)#area 34 virtual-link 120.100.4.1

R4(config)#router ospf 1

R4(config-router)#area 34 virtual-link 120.100.3.1

R5#conf t

Enter configuration commands, one per line. End with CNTL/Z.

R5(config)#int s6/1

R5(config-if)#shut

R5(config-if)#

*Aug 19 20:14:46.067: %OSPF-5-ADJCHG: Process 1, Nbr 120.100.2.1 on Serial6/1 from FULL to DOWN, Neighbor Down: Interface down or detached

R5(config-if)#

*Aug 19 20:14:48.031: %LINK-5-CHANGED: Interface Serial6/1, changed state to administratively down

*Aug 19 20:14:49.031: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial6/1, changed state to down

R5(config-if)#do show ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface

N/A 0 ATTEMPT/DROTHER - 120.100.45.4 GigabitEthernet0/0

R5(config-if)#

R5#sh ip route ospf

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

120.0.0.0/8 is variably subnetted, 15 subnets, 2 masks

O IA 120.100.1.0/24 [110/10481] via 120.100.25.2, 00:00:34, Serial6/1

O IA 120.100.2.0/24 [110/65] via 120.100.25.2, 00:00:34, Serial6/1

O IA 120.100.3.0/24 [110/5273] via 120.100.25.2, 00:00:34, Serial6/1

O IA 120.100.4.0/24 [110/5283] via 120.100.25.2, 00:00:34, Serial6/1

O 120.100.25.2/32 [110/64] via 120.100.25.2, 00:00:34, Serial6/1

O IA 120.100.34.0/24 [110/5282] via 120.100.25.2, 00:00:34, Serial6/1

O IA 120.100.123.1/32 [110/10480] via 120.100.25.2, 00:00:34, Serial6/1

O IA 120.100.123.2/32 [110/64] via 120.100.25.2, 00:00:34, Serial6/1

O IA 120.100.123.3/32 [110/5272] via 120.100.25.2, 00:00:34, Serial6/1

150.100.0.0/16 is variably subnetted, 4 subnets, 2 masks

O IA 150.100.1.0/24 [110/10490] via 120.100.25.2, 00:00:34, Serial6/1

O IA 150.100.2.0/24 [110/74] via 120.100.25.2, 00:00:34, Serial6/1

Section 2.2: EIGRP

Thursday, August 13, 2015

CCIE Lab1, Section 1

Introduction:

In this lab, I will introduce you a CCIE Lab configuration including 8 sections:

- Section 1: LAN Switching and Frame Relay.
- Section 2: IPv4 IGP Protocols.
- Section 3: BGP.
- Section 4: IPv6.
- Section 5: QoS.
- Section 6: Security.
- Section 7: Multicast.
- Section 8: IP Services.

Through this lab, you will learn L2, L3 switching and routing configuration from basic to high level. Because there are lots of topics mentioned in this lab, it requires you to have a fundamental knowledge of Switch and Router.

Network Topology:

Figure 1: Lab Diagram.

Figure 2: Lab device connectivity.

R1 Lo0 120.100.1.1/24 R6 Lo0 120.100.6.1/24

R2 Lo0 120.100.2.1/24 SW1 Lo0 120.100.7.1/24

R3 Lo0 120.100.3.1/24 SW2 Lo0 120.100.8.1/24

R4 Lo0 120.100.4.1/24 SW3 Lo0 120.100.9.1/24

R5 Lo0 120.100.5.1/24 SW4 Lo0 120.100.10.1/24

Figure 3: Lab topology details.

Equipment List:

- R1, R2, R3, R4, R5, R6: Cisco routers c7200.

- Sw1, Sw2, Sw3, Sw4: Cisco routers c3745 operating as 3550, 3560 Switches.

Figure 4: VLAN Assignment.

Figure 5: Frame Relay Logical Connectivity.

Section 1: LAN Switching and Frame Relay

Requirements:

■ Configure your switches as a collapsed backbone network with Switches 1 and 2 performing core and distribution functionality and Switches 3 and 4 as access switches in your topology. Switches 3 and 4 should connect only to the core switches.

■ Switch 1 and 2 should run spanning tree in 802.1w mode; Switches 3 and 4 should operate in their default spanning-tree mode.

■ Configure Switch 1 to be the root bridge and Switch 2 the secondary root bridge for VLANs 1 and 300. Ensure that Switches 3 and 4 can never become root bridges for any VLANs for which Switch 1 and Switch 2 are root bridges by configuring only Switches 1 and 2.

■ Ensure you fully utilize the available bandwidth between switches by grouping together your interswitch links as trunks. Ensure that only dot1q and EtherChannel are supported.

■ Ensure traffic is distributed on individual Ethernet trunks between switches based on the destination MAC address of individual flows.

■ Ensure that user interfaces are shut down dynamically by all switches should they toggle excessively; if they remain stable for 35 seconds, they should be reenabled. Configure Fast Ethernet Port 3/7 on each switch so that if multicast traffic is received on this port, the port is automatically disabled.

■ Your initial Frame Relay configuration has been supplied for the R1-R2-R3 connectivity and R2-R5. Configure each device per Figure 5 to ensure each device is reachable over the Frame Relay network. Use only the indicated DLCIs.

Configuration:

This is a simple start to the exercise. The switches are fully meshed to begin with; to create a collapsed backbone topology, the core switches should be connected together, and each access switch should be dual-homed to the core switches. The only switches that should not connect directly to each other would be the access switches (Sw3 and Sw4). By shutting down the interfaces between Sw3 and Sw4, you create the required topology. Even though the resulting topology is not looped at this stage, you can verify route bridge assignment by using the show spanning tree root command.

SW3#conf t

Enter configuration commands, one per line. End with CNTL/Z.

SW3(config)#int f3/14

SW3(config-if)#shut

SW3(config-if)#int f3/15

SW3(config-if)#shut

SW4#conf t

Enter configuration commands, one per line. End with CNTL/Z.

SW4(config)#int f3/14

SW4(config-if)#shut

SW4(config-if)#int f3/15

SW4(config-if)#shut

■ Switch 1 and 2 should run spanning tree in 802.1w mode; Switches 3 and 4 should operate in their default spanning-tree mode.

802.1w is rapid spanning tree; this is backward compatible with the switches' default (PVST), so by configuring Switches 1 and 2 into rapid spanning tree mode, spanning tree can still operate effectively with Switches 3 and 4.

SW1(config)#spanning-tree mode rapid-pvst

SW2(config)#spanning-tree mode rapid-pvst

This is a straightforward question for the core switches. The root bridge prioritization root guard is configured on the ports that connect Switches 1 and 2 to Switches 3 and 4; this ensures that if a superior BPDU is received on these ports, it is ignored.

SW1(config)# spanning-tree vlan 1 root primary

SW1(config)# spanning-tree vlan 300 root primary

SW1(config-if)# interface Fastethernet 3/10

SW1(config-if)# spanning-tree guard root

SW1(config-if)# interface Fastethernet 3/11

SW1(config-if)# spanning-tree guard root

SW1(config-if)# interface Fastethernet 3/12

SW1(config-if)# spanning-tree guard root

SW1(config-if)# interface Fastethernet 3/13

SW1(config-if)# spanning-tree guard root

SW2(config)# spanning-tree vlan 1 root secondary

SW2(config)# spanning-tree vlan 300 root secondary

SW2(config-if)# interface Fastethernet 3/10

SW2(config-if)# spanning-tree guard root

SW2(config-if)# interface Fastethernet 3/11

SW2(config-if)# spanning-tree guard root

SW2(config-if)# interface Fastethernet 3/12

SW2(config-if)# spanning-tree guard root

SW2(config-if)# interface Fastethernet 3/13

SW2(config-if)# spanning-tree guard root

■ Ensure you fully utilize the available bandwidth between switches by grouping together your interswitch links as trunks. Ensure that only dot1q and EtherChannel are supported.

This is another straightforward question for all switches to create EtherChannels between devices. Using the command channel-group n mode on under the physical interfaces ensures that only EtherChannel is supported, as opposed to pagp or lacp, and dot1q is the trunking protocol. For Layer 2 EtherChannels, you don’t have to create a port-channel interface first by using the interface port-channel configuration command before assigning a physical port to a channel group. You can use the channel-group interface configuration command that automatically creates the port-channel interface, although a manual port channel configuration has been shown here for clarity. Remember that now that you have Ether- Channels between switches, you will need to configure root guard on these interfaces to ensure that Switches 3 and 4 cannot become root bridges. This is over and above the previous physical interface configuration completed previously.

SW1(config)# interface Port-channel1

SW1(config-if)# switchport trunk encapsulation dot1q

SW1(config-if)# switchport mode trunk

SW1(config-if)# spanning-tree guard root

SW1(config-if)# interface Port-channel2

SW1(config-if)# switchport trunk encapsulation dot1q

SW1(config-if)# switchport mode trunk

SW1(config-if)# spanning-tree guard root

SW1(config-if)# interface Port-channel3

SW1(config-if)# switchport trunk encapsulation dot1q

SW1(config-if)# switchport mode trunk

SW1(config-if)# interface range FastEthernet3/10-11

SW1(config-if)# channel-group 1 mode on

SW1(config-if)# interface range FastEthernet3/12-13

SW1(config-if)# channel-group 2 mode on

SW1(config-if)# interface range FastEthernet3/14-15

SW1(config-if)# channel-group 3 mode on

SW2(config)# interface Port-channel1

SW2(config-if)# switchport trunk encapsulation dot1q

SW2(config-if)# switchport mode trunk

SW2(config-if)# interface Port-channel2

SW2(config-if)# switchport trunk encapsulation dot1q

SW2(config-if)# switchport mode trunk

SW2(config-if)# interface Port-channel3

SW2(config-if)# switchport trunk encapsulation dot1q

SW2(config-if)# switchport mode trunk

SW2(config-if)# interface range FastEthernet3/10-11

SW2(config-if)# channel-group 1 mode on

SW2(config-if)# interface range FastEthernet3/12-13

SW2(config-if)# channel-group 2 mode on

SW2(config-if)# interface range FastEthernet3/14-15

SW2(config-if)# channel-group 3 mode on

SW3(config)# interface Port-channel1

SW3(config-if)# switchport trunk encapsulation dot1q

SW3(config-if)# switchport mode trunk

SW3(config-if)# interface Port-channel2

SW3(config-if)# switchport trunk encapsulation dot1q

SW3(config-if)# switchport mode trunk

SW3(config-if)# interface range FastEthernet3/10-11

SW3(config-if)# channel-group 1 mode on

SW3(config-if)# interface range FastEthernet3/12-13

SW3(config-if)# channel-group 2 mode on

SW4(config)# interface Port-channel1

SW4(config-if)# switchport trunk encapsulation dot1q

SW4(config-if)# switchport mode trunk

SW4(config-if)# interface Port-channel2

SW4(config-if)# switchport trunk encapsulation dot1q

SW4(config-if)# switchport mode trunk

SW4(config-if)# interface range FastEthernet3/10-11

SW4(config-if)# channel-group 1 mode on

SW4(config-if)# interface range FastEthernet3/12-13

SW4(config-if)# channel-group 2 mode on

SW1#show etherchannel summary

Flags: D - down P - in port-channel

I - stand-alone s - suspended

R - Layer3 S - Layer2

U - in use

Group Port-channel Ports

-----+------------+-----------------------------------------------------------

1 Po1(SU) Fa3/10(P) Fa3/11(P)

2 Po2(SU) Fa3/12(P) Fa3/13(P)

3 Po3(SU) Fa3/14(P) Fa3/15(P)

SW2#show etherchannel summary

Flags: D - down P - in port-channel

I - stand-alone s - suspended

R - Layer3 S - Layer2

U - in use

Group Port-channel Ports

-----+------------+-----------------------------------------------------------

1 Po1(SU) Fa3/10(P) Fa3/11(P)

2 Po2(SU) Fa3/12(P) Fa3/13(P)

3 Po3(SU) Fa3/14(P) Fa3/15(P)

SW3#show etherchannel summary

Flags: D - down P - in port-channel

I - stand-alone s - suspended

R - Layer3 S - Layer2

U - in use

Group Port-channel Ports

-----+------------+-----------------------------------------------------------

1 Po1(SU) Fa3/10(P) Fa3/11(P)

2 Po2(SU) Fa3/12(P) Fa3/13(P)

SW4#show etherchannel summary

Flags: D - down P - in port-channel

I - stand-alone s - suspended

R - Layer3 S - Layer2

U - in use

Group Port-channel Ports

-----+------------+-----------------------------------------------------------

1 Po1(SU) Fa3/10(P) Fa3/11(P)

2 Po2(SU) Fa3/12(P) Fa3/13(P)

■ Ensure traffic is distributed on individual Ethernet trunks between switches based on the destination MAC address of individual flows.

A common problem with EtherChannels is traffic not being distributed equally among the physical interfaces. Configuring channel load balancing based on the destination MAC address of an individual flow is just one method available to distribute traffic.

SW1(config)# port-channel load-balance dst-mac
SW2(config)# port-channel load-balance dst-mac
SW3(config)# port-channel load-balance dst-mac
SW4(config)# port-channel load-balance dst-mac

SW1#sh etherchannel load-balance
Po1 ---> Destination MAC address
Po2 ---> Destination MAC address
Po3 ---> Destination MAC address

Interfaces that flap can cause problems in a network. Toggling would usually indicate a problem such as a faulty connecting NIC or faulty cable; placing the ports into error disable is a method of stabilizing the environment. To disable a port when multicast traffic is present, you need to configure storm control with the multicast option set to 0.

SW1(config)# errdisable recovery cause link-flap

SW1(config)# errdisable recovery interval 35

SW1(config)# interface FastEthernet 3/7

SW1(config-if)# storm-control multicast level 0

SW1(config-if)# storm-control action shutdown

SW2(config)# errdisable recovery cause link-flap

SW2(config)# errdisable recovery interval 35

SW2(config)# interface FastEthernet 3/7

SW2(config-if)# storm-control multicast level 0

SW2(config-if)# storm-control action shutdown

SW3(config)# errdisable recovery cause link-flap

SW3(config)# errdisable recovery interval 35

SW3(config)# interface FastEthernet 3/7

SW3(config-if)# storm-control multicast level 0

SW3(config-if)# storm-control action shutdown

SW4(config)# errdisable recovery cause link-flap

SW4(config)# errdisable recovery interval 35

SW4(config)# interface FastEthernet 3/7

SW4(config-if)# storm-control multicast level 0

SW4(config-if)# storm-control action shutdown

■ Fast Ethernet Ports 3/8 will be used for future connectivity on each switch. Configure these ports as access ports for VLAN300, which should begin forwarding traffic immediately on connection. Devices connected to these ports will dynamically receive IP addresses from a DHCP server due to be connected to Port 3/9 on sw1. For security purposes, this is the only port on the network from which DHCP addresses should be allocated. Ensure the switches intercept the DHCP requests and add the ingress port and VLAN and switch MAC address prior to sending onward to the DHCP server. Limit DHCP requests to 600 packets per minute per user port.

This is a DHCP Snooping question. This is a useful security feature that protects the network from rogue DHCP servers. When the DHCP option-82 feature is enabled on the switch with the command ip dhcp snooping information option, a subscriber is identified by the switch port through which it connects to the network and by its MAC address. DHCP snooping also facilitates a rate limiting feature for DHCP requests to prevent a DHCP denial of service by excessive false requests from a host, which would have the "gobbler effect" of requesting numerous leases from the same port. The question includes a couple of points that could easily be overlooked if you are suffering from exam pressure, namely the ports are required to be configured with switchport host (or by configuring portfast) to set the port mode to access and to

forward immediately. The rate limiting is configured in packets per second not per minute as implied, so you would need to pay attention to detail.

SW1(config)# ip dhcp snooping

SW1(config)# ip dhcp snooping vlan 300

SW1(config)# ip dhcp snooping information option

SW1(config)# int fastEthernet 3/9

SW1(config-if)# ip dhcp snooping trust

SW1(config)# interface fastEthernet 3/8

SW1(config-if)# ip dhcp snooping limit rate 10

SW1(config)# interface range fastEthernet 3/8-9

SW1(config-if-range)# switchport host

SW1(config-if-range)# switchport access vlan 300

SW2(config)# ip dhcp snooping

SW2(config)# ip dhcp snooping vlan 300

SW2(config)# ip dhcp snooping information option

SW2(config)# interface fastEthernet 3/8

SW2(config-if)# ip dhcp snooping limit rate 10

SW2(config-if)# switchport host

SW2(config-if)# switchport access vlan 300

SW3(config)# ip dhcp snooping

SW3(config)# ip dhcp snooping vlan 300

SW3(config)# ip dhcp snooping information option

SW3(config)# interface fastEthernet 3/8

SW3(config-if)# ip dhcp snooping limit rate 10

SW3(config-if)# switchport host

SW3(config-if)# switchport access vlan 300

SW4(config)# ip dhcp snooping

SW4(config)# ip dhcp snooping vlan 300

SW4(config)# ip dhcp snooping information option

SW4(config)# interface fastEthernet 3/8

SW4(config-if)# ip dhcp snooping limit rate 10

SW4(config-if)# switchport host

SW4(config-if)# switchport access vlan 300

■ For additional security ensure the user ports on Switches 1–4 and 8 can communicate only with the network with IP addresses gained from the DHCP feature configured previously. Use a dynamic feature to ensure the only information forwarded upon connection is DHCP request packets, then any traffic that matches the DHCP IP information received from the DHCP binding for additional security.

A complementary feature to DHCP Snooping is IP Source Guard. This feature binds the information received from the DHCP address offered and effectively builds a dynamic VACL on a per port basis to enable only source traffic matched from the DHCP offer to ingress the switch port for additional security.

SW1(config)# int f3/8

SW1(config-if)# ip verify source

SW2(config)# int f3/8

SW2(config-if)# ip verify source

SW3(config)# int f3/8

SW3(config-if)# ip verify source

SW4(config)# int f3/8

SW4(config-if)# ip verify source

■ R5 and R6 have been preconfigured with IP addresses on their Ethernet interfaces. Configure R4 and its associated switch port accordingly without using secondary addressing to communicate with R5 and R6. Configure R4 with an IP address of 120.100.45.4/24 to communicate with R5, and configure R4 with an IP address of 120.100.46.4/24 to communicate with R6. Configure R4 g1/0 and Switch 2 f3/4 only.

This is just a simple trunking question on Switch2 to R4 to enable R4 to connect to VLAN45 and VLAN46. One point to remember is that Switch2 does not have VLAN45 and VLAN46 configured locally within the default configuration, so you will need to create the VLANs locally prior to configuring the trunk.

R4(config)# interface GigabitEthernet1/0.45

R4(config-if)# encapsulation dot1Q 45

R4(config-if)# ip address 120.100.45.4 255.255.255.0

R4(config-if)# interface GigabitEthernet1/0.46

R4(config-if)# encapsulation dot1Q 46

R4(config-if)# ip address 120.100.46.4 255.255.255.0

SW2#vlan database

SW2(vlan)# vlan 45

SW2(vlan)# vlan 46

SW2(vlan)#exit

APPLY completed.

Exiting....

SW2#conf t

Enter configuration commands, one per line. End with CNTL/Z.

SW2(config)# interface FastEthernet3/4

SW2(config-if)# switchport trunk encapsulation dot1q

SW2(config-if)# switchport trunk allowed vlan 45,46

SW2(config-if)# switchport mode trunk

Make sure the interface IP address has been set for R1, R2, R3 and R5. All you need to add is maps on R1, R2 and R3 as well as R2 and R5 spokes to enable them to communicate with each other. Depend on the question, R1 and R2 also need to communicate each other.

R1# conf t
R1(config)# int s6/0
R1(config-if)#encapsulation frame-relay ietf
R1(config-if)# frame-relay map ip 120.100.123.2 103 broadcast
R1(config-if)# frame-relay map ip 120.100.123.3 103 broadcast

R2# conf t
R2(config)# int s6/0
R2(config-if)#encapsulation frame-relay ietf
R2(config-if)# frame-relay map ip 120.100.123.1 203 broadcast
R2(config-if)# frame-relay map ip 120.100.123.3 203 broadcast
R2(config-if)#exit
R2(config)# int s6/1
R2(config-if)#encapsulation frame-relay ietf
R2(config-if)# frame-relay map ip 120.100.25.5 215 broadcast

R3# conf t
R3(config)# int s6/0
R3(config-if)#encapsulation frame-relay ietf
R3(config-if)# frame-relay map ip 120.100.123.1 301 broadcast
R3(config-if)# frame-relay map ip 120.100.123.2 302 broadcast

R5# conf t
R5(config)# int s6/1
R5(config-if)#encapsulation frame-relay ietf
R5(config-if)# frame-relay map ip 120.100.25.2 315 broadcast

R1#ping 120.100.123.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 120.100.123.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 780/940/1088 ms
R1#ping 120.100.123.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 120.100.123.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 232/456/580 ms

R2#ping 120.100.25.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 120.100.25.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 384/568/800 ms

Wednesday, August 12, 2015

MPLS VPNs and OSPF

Introduction:

This lab discusses OSPF as the dynamic routing protocol used between CE and PE routers. OSPF is a well-established protocol that is used by both service providers and enterprises. Moreover, there are a lot of routing protocols implemented in this lab. Not only will you learn RIPv2, MP-BGP but also you will learn Multi-Areas OSPF routing protocol and how it is implemented in the MPLS VPN network.

Overview:

- This lab requires you to have a solid understanding of L3 routing protocols: RIPv2, OSPF, MP-BGP, route distinguish, route target and virtual routing and forwarding (VRF). It's more beneficial if you have already read the MPLS VPNs and RIP before reading this lab.

- OSPF Router Type:

Backbone router: In OSPF, Area 0 is the backbone area. Any router that has an interface configured for Area 0 is called a backbone router.

Internal router: Any router that has all its interfaces configured for a single area is said to be an internal router.

Area border router (ABR): is a router that has interfaces configured for two or more areas. For example, a router with Serial 0/0 in Area 0 and Serial 0/1 in Area 1 is an ABR.

Autonomous system boundary router (ASBR): is a router that has at least one interface in the OSPF domain and one interface connecting to an external network. An example of an external network might be a connection to another AS running RIP.

R1: Backbone router/ASBR.

R2, R3: Internal router/Backbone router.

R4, R5: Backbone router/ABR.

R5, R6, R7, R8, R9: Internal router.

- Link State Advertisements (LSAs):

LSA is used to exchange routing information between other OSPF-enabled routers. There are 5 main types:

- OSPF and standard BGP interaction:

An OSPF network is separated by the service provider’s standard BGP backbone. LSA Type 1 or Type 2 routes from Site 1 are redistributed into BGP by a service provider router (PE1) that appears as an ASBR. PE2, an ASBR, redistributes the route from Site 1 back into OSPF and advertises

it to Site 2 as an LSA Type 5.

- OSPF and OSPF super backbone interaction:

In the OSPF hierarchy, all areas had to connect directly to the backbone area (Area 0). The MP-IBGP backbone, functioning as the super-backbone, replaces the Area 0 requirement, meaning that all areas connect to the super backbone instead of to the Area 0 backbone. Without the super-backbone, PE routers appear as ASBRs. Now, with the super-backbone, PE routers appear as ABRs. Remember that ASBRs advertise LSA Type 5 routes and ABRs advertise LSA Type 3 routes

- Why is OSPF super backbone important?

Site 1 and Site 2 are connected to the service provider. In addition, they have an alternate connection through Frame Relay just in case the service provider network is unavailable. The key is that internal (O) routes are always preferred over external (O E2) routes. Let me explain. Site 1 generates an OSPF route for the network 10.1.0.0/16. The OSPF route is redistributed into BGP and arrives at Site 2 as an external route (O E2). In addition, Site 2 learns of the route through OSPF across the alternate Frame Relay connection, resulting in an internal route (O) in the routing table. Since the primary connection is through the service provider and the alternate connection is there just in case, it’s safe to assume that the service provider connection is the fastest. Which way do you want the traffic to travel? Through the fastest connection, which is the service provider network. However, the traffic always traverses through alternate Frame Relay connection in this case. Now, OSPF super backbone is implemented. From Site 1, network 10.1.0.0/16 is advertised to PE1 and Site 2 through the alternate connection. The route, received by PE1, will be received by Site 2 as an inter-area route (O IA). The route received from Site 1 across the alternate connection is an internal route (O).

Now, with OSPF super backbone concepts in mind, can you identify the router types and LSA types in our lab?

- How does service provider handle the routes?

To prevent routing loops, the down bit is set when routes are redistributed from MP-BGP into OSPF. The down bit prevents routing loops because when a PE router sees the down bit set, it does not redistribute the route back into MP-BGP. If the down bit is removed as it travels through the customer’s network, the tag field, containing the originating BGP AS number, is used to prevent loops. To ensure proper routing, a learned route with the down bit results in the routing bit (only on the PE router) being set. With the routing bit set, the PE router does not use the route, even if it is the best path as dictated by OSPF.

Requirements:

1. Customer sites:

A1, B1, A2, B2 (Non-MPLS-enabled routers): OSPF 1: s0/0-area 0 and L0-area 1.
H/W: A1, B1, A2, B2 are Cisco Routers c3745.

2. Service Provider sites:

PE1, PE2 (Edge-LSRs): RIPv2; OSPF 101: vrf vpn_a , OSPF 102: vrf vpn_b; BGP AS 65000, MPLS: s0/0 and s0/3.
P1, P2, P3, P4 (LSRs): RIPv2, MPLS: s0/0 and s0/1.
H/W: PE1, P1, P2, P3, P4, PE2 are Cisco Routers c3745.

Configuration

1. Customer sites:

- Customer A and B are overlapping address spaces.
- Customer A: A1 and A2 network are connected each other via service provider network.
- Customer B: B1 and B2 network are connected each other via service provider network.

- On A1 router:

A1#show running-config

Building configuration...

Current configuration : 2442 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname A1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$7LnD$0qutJY934WdeVsL.wl9q90
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
no ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface Loopback0
ip address 10.1.0.1 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
description ***Link to PE1 router***
ip address 10.2.0.2 255.255.255.252
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
interface Serial0/2
no ip address
shutdown
clock rate 2000000
!
interface Serial0/3
no ip address
shutdown
clock rate 2000000
!
interface Serial0/4
no ip address
shutdown
clock rate 2000000
!
interface Serial0/5
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial2/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet3/0
!
interface FastEthernet3/1
!
interface FastEthernet3/2
!
interface FastEthernet3/3
!
interface FastEthernet3/4
!
interface FastEthernet3/5
!
interface FastEthernet3/6
!
interface FastEthernet3/7
!
interface FastEthernet3/8
!
interface FastEthernet3/9
!
interface FastEthernet3/10
!
interface FastEthernet3/11
!
interface FastEthernet3/12
!
interface FastEthernet3/13
!
interface FastEthernet3/14
!
interface FastEthernet3/15
!
interface Vlan1
no ip address
!
router ospf 1
log-adjacency-changes
no auto-cost
network 10.1.0.1 0.0.0.0 area 1
network 10.2.0.0 0.0.0.3 area 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
password console
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
password telnet
login
!
!
end

- B1, A2, B2 routers are configured similarly.

2. Service provider sites:

a. Network edge (PE1, PE2):

- On PE1 router:

PE1#show running-config

Building configuration...

Current configuration : 3694 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$PrDN$pHsT2IKCMZjFBIyF8mAbW1
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
ip vrf vpn_a
rd 65000:1
route-target export 65000:1
route-target import 65000:1
!
ip vrf vpn_b
rd 65000:2
route-target export 65000:2
route-target import 65000:2
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface Loopback0
ip address 192.168.1.1 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
description ***Link to P1 router***
ip address 192.168.1.10 255.255.255.252
mpls ip
no fair-queue
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
description ***Link to customer A1 router***
ip vrf forwarding vpn_a
ip address 10.2.0.1 255.255.255.252
clock rate 2000000
!
interface Serial0/2
description ***Link to customer B2 router***
ip vrf forwarding vpn_b
ip address 10.2.0.1 255.255.255.252
clock rate 2000000
!
interface Serial0/3
description ***Link to P3 router***
ip address 192.168.1.21 255.255.255.252
mpls ip
clock rate 2000000
!
interface Serial0/4
no ip address
shutdown
clock rate 2000000
!
interface Serial0/5
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial2/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet3/0
!
interface FastEthernet3/1
!
interface FastEthernet3/2
!
interface FastEthernet3/3
!
interface FastEthernet3/4
!
interface FastEthernet3/5
!
interface FastEthernet3/6
!
interface FastEthernet3/7
!
interface FastEthernet3/8
!
interface FastEthernet3/9
!
interface FastEthernet3/10
!
interface FastEthernet3/11
!
interface FastEthernet3/12
!
interface FastEthernet3/13
!
interface FastEthernet3/14
!
interface FastEthernet3/15
!
interface Vlan1
no ip address
!
router ospf 101 vrf vpn_a
router-id 10.99.1.1
log-adjacency-changes
redistribute bgp 65000 metric 10 subnets
network 10.2.0.0 0.0.0.3 area 0
!
router ospf 102 vrf vpn_b
router-id 10.99.1.2
log-adjacency-changes
redistribute bgp 65000 metric 10 subnets
network 10.2.0.0 0.0.0.3 area 0
!
router rip
version 2
network 192.168.1.0
no auto-summary
!
router bgp 65000
bgp log-neighbor-changes
neighbor 192.168.1.4 remote-as 65000
neighbor 192.168.1.4 update-source Loopback0
!
address-family ipv4
no neighbor 192.168.1.4 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 192.168.1.4 activate
neighbor 192.168.1.4 send-community both
exit-address-family
!
address-family ipv4 vrf vpn_b
redistribute ospf 102 vrf vpn_b
no synchronization
exit-address-family
!
address-family ipv4 vrf vpn_a
redistribute ospf 101 vrf vpn_a
no synchronization
exit-address-family
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
password console
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
password telnet
login
!
!
end

- PE2 router is configured similarly.

b. Core Network (P1, P2, P3, P4):

- On P1 router:

P1#show running-config

Building configuration...

Current configuration : 2489 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname P1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$uj6I$Z5BD8vg85xjuAnv4noYA//
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
!
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
!
interface Loopback0
ip address 192.168.1.2 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
description ***Link to PE1 router***
ip address 192.168.1.9 255.255.255.252
mpls ip
no fair-queue
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
description ***Link to P2 router***
ip address 192.168.1.14 255.255.255.252
mpls ip
no fair-queue
clock rate 2000000
!
interface Serial0/2
no ip address
shutdown
clock rate 2000000
!
interface Serial0/3
no ip address
shutdown
clock rate 2000000
!
interface Serial0/4
no ip address
shutdown
clock rate 2000000
!
interface Serial0/5
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial2/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
!
interface FastEthernet3/0
!
interface FastEthernet3/1
!
interface FastEthernet3/2
!
interface FastEthernet3/3
!
interface FastEthernet3/4
!
interface FastEthernet3/5
!
interface FastEthernet3/6
!
interface FastEthernet3/7
!
interface FastEthernet3/8
!
interface FastEthernet3/9
!
interface FastEthernet3/10
!
interface FastEthernet3/11
!
interface FastEthernet3/12
!
interface FastEthernet3/13
!
interface FastEthernet3/14
!
interface FastEthernet3/15
!
interface Vlan1
no ip address
!
router rip
version 2
network 192.168.1.0
no auto-summary
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
password console
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
password telnet
login
!
!
end

- P2, P3, P4 routers are configured similarly.

Verification:

a. Connectivity:

- On Customer A:

Check the connection between A1 router and A2 router.

A1#ping 10.4.0.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.4.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/11/40 ms

A1#telnet 10.4.0.1

Trying 10.4.0.1 ... Open

User Access Verification

Password:
A2>

A2#ping 10.1.0.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/12/44 ms

A2#telnet 10.1.0.1

Trying 10.1.0.1 ... Open

User Access Verification

Password:
A1>

- On Customer B:

Check the connection between B1 router and B2 router.

B1#ping 10.4.0.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.4.0.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/18/72 ms

B1#telnet 10.4.0.1

Trying 10.4.0.1 ... Open

User Access Verification

Password:

B2>

B2#ping 10.1.0.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.0.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/14/52 ms

B2#telnet 10.1.0.1

Trying 10.1.0.1 ... Open

User Access Verification

Password:

B1>

b. Routing table:

b1. On Customer Network:

- They are isolated from the service provider network. The client routers do not know any of the details of the service provider network. Notice in the following device output that no service provider routes are in the global routing tables for A1, B1, A2 and B2 router. The global routing table for A1 is as follows:

A1#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.2.0.0/30 is directly connected, Serial0/0
O IA 10.3.0.0/30 [110/1572] via 10.2.0.1, 00:38:35, Serial0/0
C 10.1.0.1/32 is directly connected, Loopback0
O IA 10.4.0.1/32 [110/1572] via 10.2.0.1, 00:38:35, Serial0/0

b2. On Service Provider Network:

- The VRF routing table is well isolated from the global routing table on a PE router. Therefore, on the PE1 and PE2 POP routers, no customer (A1, B1, A2 and B2) routes show up in the global routing table. The global routing table of the PE1 POP router is as follows:

PE1#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

192.168.1.0/24 is variably subnetted, 12 subnets, 2 masks
C 192.168.1.8/30 is directly connected, Serial0/0
R 192.168.1.12/30 [120/1] via 192.168.1.9, 00:00:40, Serial0/0
C 192.168.1.1/32 is directly connected, Loopback0
R 192.168.1.3/32 [120/2] via 192.168.1.9, 00:00:40, Serial0/0
R 192.168.1.2/32 [120/1] via 192.168.1.9, 00:00:40, Serial0/0
R 192.168.1.5/32 [120/1] via 192.168.1.22, 00:00:15, Serial0/3
R 192.168.1.4/32 [120/3] via 192.168.1.22, 00:00:15, Serial0/3
[120/3] via 192.168.1.9, 00:00:41, Serial0/0
R 192.168.1.6/32 [120/2] via 192.168.1.22, 00:00:16, Serial0/3
R 192.168.1.24/30 [120/1] via 192.168.1.22, 00:00:16, Serial0/3
R 192.168.1.28/30 [120/2] via 192.168.1.22, 00:00:16, Serial0/3
R 192.168.1.16/30 [120/2] via 192.168.1.9, 00:00:41, Serial0/0
C 192.168.1.20/30 is directly connected, Serial0/3

- In addition, none of the customer (A1, B1, A2 and B2) routes show up on the Core routers (P1, P2, P3 and P4). The Core routers are only running the IGP (RIPv2) and know nothing about any of the customer subnets. The global routing table of the P1 router is as follows:

P1#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

192.168.1.0/24 is variably subnetted, 12 subnets, 2 masks

C 192.168.1.8/30 is directly connected, Serial0/0

C 192.168.1.12/30 is directly connected, Serial0/1

R 192.168.1.1/32 [120/1] via 192.168.1.10, 00:00:06, Serial0/0

R 192.168.1.3/32 [120/1] via 192.168.1.13, 00:00:04, Serial0/1

C 192.168.1.2/32 is directly connected, Loopback0

R 192.168.1.5/32 [120/2] via 192.168.1.10, 00:00:06, Serial0/0

R 192.168.1.4/32 [120/2] via 192.168.1.13, 00:00:04, Serial0/1

R 192.168.1.6/32 [120/3] via 192.168.1.13, 00:00:07, Serial0/1

[120/3] via 192.168.1.10, 00:00:09, Serial0/0

R 192.168.1.24/30 [120/2] via 192.168.1.10, 00:00:09, Serial0/0

R 192.168.1.28/30 [120/2] via 192.168.1.13, 00:00:07, Serial0/1

R 192.168.1.16/30 [120/1] via 192.168.1.13, 00:00:07, Serial0/1

R 192.168.1.20/30 [120/1] via 192.168.1.10, 00:00:11, Serial0/0

- VRF routing table:

PE1#sh ip route vrf vpn_a

Routing Table: vpn_a
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.2.0.0/30 is directly connected, Serial0/1
B 10.3.0.0/30 [200/0] via 192.168.1.4, 00:45:18
O IA 10.1.0.1/32 [110/65] via 10.2.0.2, 00:46:18, Serial0/1
B 10.4.0.1/32 [200/65] via 192.168.1.4, 00:45:18

PE1#sh ip route vrf vpn_b

Routing Table: vpn_b

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks

C 10.2.0.0/30 is directly connected, Serial0/2

B 10.3.0.0/30 [200/0] via 192.168.1.4, 00:47:05

O IA 10.1.0.1/32 [110/65] via 10.2.0.2, 00:48:06, Serial0/2

B 10.4.0.1/32 [200/65] via 192.168.1.4, 00:47:05

In the routing table for vpn_a on the PE1 POP router, there are two BGP routes (B) and one OSPF inter-area route (O IA). The OSPF route in the output was learned from A1 and is the loopback of A1. The B routes are from the PE2 POP router (A2 OSPF routes redistributed into MP-BGP and carried across the service provider backbone).

- Ping and Telnet from PE routers:

The quickest way to verify that the VRF is up and working is to do a ping from one customer router to another. However, It is not practical to assume that the service provider will always have access to customer routers. Therefore, extensions have been made to the standard ping and telnet commands.

PE1#ping 10.1.0.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.0.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

PE1#ping vrf vpn_a 10.1.0.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/7/16 ms

PE1#telnet 10.1.0.1

Trying 10.1.0.1 ...
% Destination unreachable; gateway or host down

PE1#telnet 10.1.0.1 /vrf vpn_a

Trying 10.1.0.1 ... Open

User Access Verification

Password:
A1>

Why can't PE1 router ping A1 router directly?

Well, because PE1 maintains the routing tables for the customers separately with the global routing table.

Troubleshooting:

- From A1 to A2:

A1#trace 10.4.0.1

Type escape sequence to abort.
Tracing the route to 10.4.0.1

1 10.2.0.1 4 msec 24 msec 4 msec
2 192.168.1.9 [MPLS: Labels 24/26 Exp 0] 84 msec 4 msec 56 msec
3 192.168.1.13 [MPLS: Labels 18/26 Exp 0] 16 msec 8 msec 4 msec
4 10.3.0.1 [MPLS: Label 26 Exp 0] 20 msec 0 msec 4 msec
5 10.3.0.2 52 msec 32 msec 8 msec

- There are 5 hops for a packet traversing from A1 to A2 router. The path from A1 to A2 router is as follows:

1 10.2.0.1 4 msec 24 msec 4 msec --> This is the first hop which is PE1 router. This router is directly connected to A1 via its s0/1. PE1 router also creates VPN label 26 for a packet from customer A1 to distinguish the traffic from A1 with others. This value won't change when the packet traverses through service provider routers. Moreover, PE1 router also creates MPLS label 24 used to switch the packet to P1 router via s0/0 interface. Indeed, let's take a look on PE1's VRF routing table and forwarding table.

PE1#sh ip route vrf vpn_a

Routing Table: vpn_a
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.2.0.0/30 is directly connected, Serial0/1
B 10.3.0.0/30 [200/0] via 192.168.1.4, 00:45:18
O IA 10.1.0.1/32 [110/65] via 10.2.0.2, 00:46:18, Serial0/1
B 10.4.0.1/32 [200/65] via 192.168.1.4, 00:45:18

Obviously, the packet destined from A1 to A2 arrives at the PE1 POP router. Does the PE1 POP router have a path to get to the lookback interface of A2 (10.4.0.1)? Yes. There’s a BGP route to 10.4.0.1 network with a next hop address of 192.168.1.4 (PE2).

How does the PE1 router get the packet to the PE2 POP router?

It sends it as a labeled packet, or a tagged packet. Indeed, let's take a look on the PE1's forwarding table:

PE1#sh mpls forwarding-table

Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 192.168.1.2/32 0 Se0/0 point2point
17 16 192.168.1.3/32 0 Se0/0 point2point
18 Pop tag 192.168.1.12/30 0 Se0/0 point2point
19 17 192.168.1.16/30 0 Se0/0 point2point
20 Pop tag 192.168.1.5/32 0 Se0/3 point2point
21 16 192.168.1.6/32 0 Se0/3 point2point
22 Pop tag 192.168.1.24/30 0 Se0/3 point2point
23 17 192.168.1.28/30 0 Se0/3 point2point
24 24 192.168.1.4/32 0 Se0/3 point2point
24 192.168.1.4/32 0 Se0/0 point2point
25 Untagged 10.1.0.1/32[V] 0 Se0/1 point2point
26 Aggregate 10.2.0.0/30[V] 1752
27 Untagged 10.1.0.1/32[V] 0 Se0/2 point2point
28 Aggregate 10.2.0.0/30[V] 0

From PE1 router standpoint, it takes untagged or unlabeled traffic coming from its s0/1 interface which is A1 router, then tagged this packet with VPN label 26. Moreover, PE1 router also switches this packet out its s0/0 interface with outbound label 24.

2 192.168.1.9 [MPLS: Labels 24/26 Exp 0] 84 msec 4 msec 56 msec --> A labeled packet is switched from PE1 to P1 with MPLS label 24 and VPN label 26. What will happen at P1 router, let's check the P1's forwarding table.

P1#show mpls forwarding-table

Local Outgoing Prefix Bytes tag Outgoing Next Hop

tag tag or VC or Tunnel Id switched interface

16 Pop tag 192.168.1.3/32 0 Se0/1 point2point

17 Pop tag 192.168.1.16/30 0 Se0/1 point2point

18 Pop tag 192.168.1.1/32 9570 Se0/0 point2point

19 20 192.168.1.5/32 0 Se0/0 point2point

20 20 192.168.1.6/32 0 Se0/1 point2point

21 192.168.1.6/32 0 Se0/0 point2point

21 Pop tag 192.168.1.20/30 0 Se0/0 point2point

22 22 192.168.1.24/30 0 Se0/0 point2point

23 23 192.168.1.28/30 0 Se0/1 point2point

24 18 192.168.1.4/32 5970 Se0/1 point2point

A packet labeled 24 from PE1 router to P1 router will be switched out P1's s0/1 interface with outbound label 18.

3 192.168.1.13 [MPLS: Labels 18/26 Exp 0] 16 msec 8 msec 4 msec -> A labeled packet is switched from P1 to P2 with MPLS label 18 and VPN label 26. What will happen at P2 router, let's check the P2's forwarding table.

P2#show mpls forwarding-table

Local Outgoing Prefix Bytes tag Outgoing Next Hop

tag tag or VC or Tunnel Id switched interface

16 Pop tag 192.168.1.2/32 0 Se0/0 point2point

17 Pop tag 192.168.1.8/30 0 Se0/0 point2point

18 Pop tag 192.168.1.4/32 5739 Se0/1 point2point

19 20 192.168.1.5/32 0 Se0/1 point2point

19 192.168.1.5/32 0 Se0/0 point2point

20 21 192.168.1.6/32 0 Se0/1 point2point

21 21 192.168.1.20/30 0 Se0/0 point2point

22 23 192.168.1.24/30 0 Se0/1 point2point

23 Pop tag 192.168.1.28/30 0 Se0/1 point2point

24 18 192.168.1.1/32 10499 Se0/0 point2point

What happens to the packet? Well, from the P1 router, the packet is sent with a tag of 18. By observing the output of the show mpls forwarding-table command on the P2 router, you can see that an inbound labeled packet of 18 arriving at the P2 router has its label popped and is forwarded as unlabeled IP out interface Serial 0/1. So here at the P2 router, there is no routing, only switching of labeled, or tagged packets. You can think of Pop tag as meaning, "The next hop router needs to do a L3 lookup on the packet, so don't send this traffic as labeled, but instead send it as unlabeled IP traffic". Note that that when I said unlabeled IP packet in this case, it means it's an IP packet with VPN label.

4 10.3.0.1 [MPLS: Label 26 Exp 0] 20 msec 0 msec 4 msec --> A packet handed from P2 router to PE2. Based on VPN label 26, egress PE2 router can understand this packet belonging to customer A1. Because this is an IP packet, let's check the PE2's VRF routing table.

PE2#sh ip route vrf vpn_a

Routing Table: vpn_a

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks

B 10.2.0.0/30 [200/0] via 192.168.1.1, 01:20:28

C 10.3.0.0/30 is directly connected, Serial0/1

B 10.1.0.1/32 [200/65] via 192.168.1.1, 01:20:28

O IA 10.4.0.1/32 [110/65] via 10.3.0.2, 01:21:14, Serial0/1

Obviously, there is an OSPF route to get from PE2 to A1 router via 10.3.0.2 (A1's s0/0).

5 10.3.0.2 52 msec 32 msec 8 msec --> 10.3.0.2 is the IP address of A2's s0/0 and this is also the last hop.

Now, your homework is to analyze the traffic from B1 router to B2 router with the traceroute as below:

B1#trace 10.3.0.2

Type escape sequence to abort.
Tracing the route to 10.3.0.2

1 10.2.0.1 4 msec 4 msec 28 msec
2 192.168.1.22 [MPLS: Labels 24/27 Exp 0] 32 msec 0 msec 4 msec
3 192.168.1.26 [MPLS: Labels 20/27 Exp 0] 24 msec 0 msec 0 msec
4 10.3.0.1 [MPLS: Label 27 Exp 0] 0 msec 40 msec 4 msec
5 10.3.0.2 20 msec 28 msec 0 msec

Conclusions

In this lab, you have learned OSPF router types, LSA types, the importance of OSPF super backbone for a surviable network and how the service provider manipulate the routes. You also learned how to implement Multi-Area OSPF in MPLS VPNs including configuration, verification and troubleshooting.

Little Blog!

Menu

Tuesday, August 18, 2015

CCIE Lab1, Section 2

Section 2: IPv4 IGP Protocols

Thursday, August 13, 2015

CCIE Lab1, Section 1

Section 1: LAN Switching and Frame Relay

Wednesday, August 12, 2015

MPLS VPNs and OSPF

Archive

Total Pageviews

Weather