CCIE LAB practice

1)When we configure the VTP domain name on server it will automatically propagated on other trunk devices of they are part of NULL VTP domain. if there is already VTP domain has been configured then they wont receive any VTP updates.

2)switches will use the IP address of the lowest physical interface number, if that interface does not have the IP address, then loopback 0 interface will be used as source of all VTP messages, but this behaviour can be change by using the “vtp interface loopback1” global config command.

3)

1) remove all the configuration from physical interface
2) configure the interface port-channel
3)execute the “no switch” command then configure the IP address.
4)Now, configure the physical interface with “no switchport” command.
5) Assign the port-channel ID which is created in step 2 using the channel-group intercace confgirue.
5)type the shut and no shut command on physical interface.

Now u can see the L3 etherchannel is UP
To confirm:
show ethernchannel summany | B summary
The flag “RU” should be present for specific channel #.

Etherchannel

4) MST support 4096 instances, once the spanning-tree mode is changed to MST and the MST configuration mode is entered, instance 0 is created automatically and all VLANs are mapped to that instance.  By default, all the VLANs that are not statically mapped to given instance will be assigned to instance 0, instance 0 is the catch-all instance.

5)!!NOTE!! Always do “show frame-relay map” when starting a lab and after configuration is complete to verify layer2 connectivity. If there are 0.0.0.0 frame-relay mappings, save the configuration and reload. It is the only way to get rid of this.

5)

frame-relay troubleshooting
1) Check DTE and DCE is properly configured using show controller <interface> | in clock
2) check LMI has been exchanged between the routers using show fram lmi | in Num
3) check MAP status using show frame map

Frame-relay can be configured in two different ways. Multipoint and Point-and-point. There is ONLY one way to configure f-r in p-2-p manner, and that’s through a p-2-p sub-interface, whereas, a multipoint can be configured in two ways:
1)Pefrom entire configuration directly under main interface.
2)Configure a sub-interface in multipoint manner.
If the f-r entire config was peformed without the use of sub-interface, then this is mulipoint interface. In multipoint f-r config, two condition must be met before an IP address is rechabe:
A: Destination IP address must be in the routing table with valid next hop
B: There must be frame-relay mapping for that destination.

6)When configuring the f-r mapping from one spoke to another spoke, the “brodcast” keyword should not be used, if this keyword is used, the hub router will receive redudant routing traffic.

7)when F-R is configured in p-2-p manner it’s important to understand the following two behaviours:

A: There is no need to disable inrvese-arp, because inverse-arp is disabled when f-r is configured in a p-2-p manner.
B: No need for F-R mappings, because there can be only be another router on the other end of the PVC, therefore, all IP address(including local router’s IP address) are reachable as long as the destination IP address s in the routing table with a valid next hop IP address.

8)If there is requirement to configure the F-R multipoint without using the frame-relay map command.

In this case the solution is PPP, PPP is configured on the DLCIs, when PPP is configured, a host route is injected into the routing table, this host route provides NLRI to the next hop is address.
EX. frame-relay interface-dlci 101 ppp virtual-template1
interface virtual-template1
ip address <assing local interface IP>

How do these routers communicate?
When running PPP a host route is injected by IPCP; if the routing table of a router is checked, you will see that next-hop is rechable via the local router’s virtual0template interface, since the VC are configured as P2P, any packets the local router puts on the virtual-template is received by one and ONLY one router on the other sde of the DLCI.

9)Before RIP routing protocols accespt routes from a given neighbor, they want to make sure that the source IP address of the advertising router is from the same IP address space as the link that the two routers are connected to. If the routers that have to exchange routing informaton are from different IP address spaces, then, the source validation MUST be negated using “No validate-update-source” command.

10)If the offset-list reference 0 instead of access-list number, the offset value applies to all the routes received through the specified interface.

11) OSPF passive interface:This works differently to distance vector protocols like RIP, where routes will still be received, but not sent.To get the same ‘passive-interface’ effect as distance vector protocols in OSPF,(i.e. receive routes but don’t send routes) use:”ip ospf database-filter all out” under the interface.

12)

Unconditional OSPF Default Route
> This advertises a default route into the OSPF domain, regardless of whether the local router can reach areas outside the OSPF domains, or not.
> With no additional configuration options, the default route is advertised as an External Type 2 (E2) route with metric 1.
> Configured with “default-information originate always” under the OSPF process.
– Conditional OSPF Default Route
> Configured with “default-information originate” but without the ‘always’ keyword.
> This advertises a default route into the OSPF domain, but only if the advertising router has a non-OSPF default route in its routing table.
> The non-OSPF default route could be any of the following:
>> A static default route with the next-hop pointing outside the OSPF domain.
>> A static default route based on IP SLA measurements (example: http://routing-bits.com/2009/03/10/ospf-default-route-alternative/).
>> Or a BGP advertised default route.
> The “default-information originate” command without the always option is functionally equivalent to redistributing a default route into OSPF.
> With no additional configuration options, the default route is advertised as an E2 route with a metric of 1.

13) If we want to change the MD5 authentication key between the two OSPF peers without tear down the adjacencies, then create the new key and apply it on both the adjacent router. It will select the latest key for an authentication(automatic roll over to new key) without tear down the adjacencies.

14) In OSPF, whenever we create the summary route, NULL route is automatically added to avoid the forwarding LOOP in the network. In order to remove the null route we need to execute the command “no discard-route internal/external”.

15) Default cost of the injected default route in OSPF can be changed using the “area XX default-cost CC”, where CC is the new default cost.

16)

In order to filter any prefix from routing table we have to create the prefix list and apply it on distribute-list. “Distribute-list in” command will be use when filtering any type of LSA on a given router, this command ONLY filters the prefix/es from the local router’s routing table and NOT the database.
To filter any prfix on ABR, we can configure filter-list on ABR.
To filter the LSA 1 and LSA 2 on ABR router, use the command area <#> range <network> <mask> no-advertise
To filter the route, we can use the distance command to set the AD to 255.
“Distribute-list out” command MUST be configured on the ASBR or else it will not have any effect whatsoever. This command filters LSA type 5s or 7s. Alternative of this command is “summary-address <prefix> <mask> not-advertise” which should be configured on ASBR or the router that generate LSA 5
To block all the outgoing LSA on specific interface, use command “ip ospf databse-filter all out”
In point-to-multipoint network type, we can filter the LSAs for specific router using the command “neighbor <prefix> database-filter all out”.

17) In OSPF, if we wants to redirect the traffic then without using the bandwidth, ip ospf cost, PBR or distance command, on transit router(secondary path) we can execute the command “max-metric router-lsa”. This command will cause Router to originate LSAs with a miximum metric of 0Xffff. so that other router do not prefer this router as transit hop in their path to given network.

18)

There are some additional optional non-transitive attributes that can be used when RRs are configured and they are : Originator-id, cluster-id and cluster-list.
Originator-id: This attribute is created by the RR; this is the router-id of the router that originated the prfeix. it’s created to avoid routing loops, a RR will not advertise a route back to the originator of the prefix and if the originator of a prefix receives an update with its own router-id, it will ignore that prefix.
Cluster and Cluster-id:A RR/s and its clients are collectively known as cluster, each cluster must be uniquely identified, and the cluster-id is typically the router-id of the RR unless specifically configured.
Cluster-list: This attribute is analogous to AS-path attribute, and it keeps track of the cluster-ids in the same way that the AS-path attribute keeps track of the AS number. When the RR advertise a prefx to a non-client, it appends the cluster-id to that prefix cluster-list, if a RR receives an update and sees its own cluster-id in the cluster-list, it will ignore that update.

19) Legacy customer queue: Because queueing is always outbound, when custom queueing is applied to the interface, no direction can be specified. Queue 0 is like a priority queue. Traffic in this queue will always be sent first.

20) CDWFQ: Don’t forget to change the default max-reserved-bandwidth of 75% for the interface before applying the service-policy. “max-reserve-bandwidth” is only a

configuration limitation!

Few points from Danile’s and CCIETOBE blog

Scaling PEs in MPLS VPN – Route Target Constraint (RTC)

The way this feature works is that the PE will advertise to the RR which RTs it intends to import. The RR will then implement an outbound filter only sending routes matching those RTs to the PE. This is much more effecient than the default behavior. Obviously the RR still needs to receive all the routes so no filtering is done towards the RR. To enable this feature a new Sub Address Family (SAFI) is used called rtfilter.

The scenario is that PE1 is located in a large PoP where there are already plenty of customers. It currently has 255 customers. PE2 is located in a new PoP and so far only one customer is connected there. It’s unneccessary for the RR to send all routes to PE2 for all of PE1 customers because it does not need them.

In this case we have 255 routes but what if it was 1 million routes? That would be a big waste of both processing power and bandwidth, not to mention that the RR would have to format all the BGP updates. These are the benefits of enabling RTC:

  • Eliminating waste of processing power on PE and RR and waste of bandwidth
  • Less VPNv4 formatted Updates
  • BGP convergence time is reduced

Conclusion

Route Target Constraint is a powerful feature that will lessen the load on both your Route Reflectors and PE devices in an MPLS VPN enabled network. It can also help with making BGP converging faster. Support is needed on both PE and RR and the BGP session will be torn down when enabling it so it has to be done during maintenance time.

Portfast

Even if portfast is enabled under the interface it will still lose its portfast status if BPDUs are received.

STP Convergence:

What happens when the root port is shutdown? In theory when the carrier detects that the link is down it should look at alternate BPDU and start to take that port through the different port states. This should take around 30 seconds. The timing is almost perfect. The port goes through listening and learning at 15 seconds each before it goes to forwarding almost exactly 30 seconds after the port was shutdown.

What happens when there is an indirect failure? The switch has to expire the root BPDU before it believes other BPDUs with worse cost. This should take around 20 seconds. By default Maxage will be set to 20 seconds. So it took almost 20 seconds for the BPDU to expire. Then the port goes through the ordinary state changes. Roughly 48.5 seconds after the filter was applied the port went into forwarding. For passive failures when running PVST+ the maximum recovery time should be 50 seconds.

Now let’s look at PVST+ with Uplinkfast configured. The theory is that when a root port fails the Alternate port should be bypass listening and learning states and go direct to forwarding. Let’s try this out. It took only 2 seconds from realizing the port was down to putting the alternate port into forwarding. For PVST+ this is a great enhancement.

Tiebreakers with routes from different OSPF process

If router is receiving same prefix from two routers in different OSPF process then which path should router take to forward the packet to destination. Tie breaker is lowest process number.

if everything is the same then the tiebreaker is the lowest process number. For EIGRP it is the lowest AS number so maybe Cisco chose to make it comparable.

 

Redistributing between OSPF and BGP:

R3(config)#router bgp 254
R3(config-router)#redistribute ospf 3……..This redistributes only OSPF intra- and inter-area routes into BGP. We need below command to redistribute the external route into bgp ” redistribute ospf 3 match internal external 1 external 2 “………………..By default, iBGP redistribution into IGP is disabled. Issue the “bgp redistribute-internal” command in order to enable redistribution of iBGP routes into IGP. Precautions need to be taken to redistribute specific routes using route maps into IGP.