Completed BGP!
Some notes to follow...
Suppress Maps and Unsuppress Maps, I'm not too clear on why they would make both when I think you can do both by just using 1 type. (I'm also not too clear on the difference between Suppress Maps and Advertise Maps, it seems to me that they do the same thing when summarizing routes in BGP, maybe someone can enlighten me?)
More notes to follow.
Thursday, July 31, 2008
Wednesday, July 30, 2008
Trying to finish up BGP...
I'm struggling. I'm trying to get through the last 30 pages of the BGP section... I hate that there aren't any breakdowns for the later labs, it's really annoying me now and I'm questioning whether or not to continue with the other sections of this workbook. What benefit is there to follow the directions but not understand what the commands do, what they're prerequisites are, and what the limitations are.
Monday, July 28, 2008
Still working thru BGP
I'm about 2/3rds of the way completed. Going over Confederations... and then probably moving on to some BGP filtering.
You know you're not in good shape when you don't how much you don't know. If I knew how much I didn't know that would at least give me a plan of attack. I'm looking forward to the next evolution, assessing where I stand.
You know you're not in good shape when you don't how much you don't know. If I knew how much I didn't know that would at least give me a plan of attack. I'm looking forward to the next evolution, assessing where I stand.
Saturday, July 26, 2008
New Pic of my Rack!
Updated "rack"! So you see that white cable running across the left? That goes to my PC!Here's my setup in my basement/office/tv room...
... I have a Linksys Wifi Router upstairs connected to my cablemodem. I put the outside interface of my 506 on the DMZ. Why? So that I can access both my PC and the Terminal Server from anywhere I want!
This is how I did it, after putting the Outside Interface of the PIX on the DMZ of my Linksys, I created 2 NATs, 1 for when I telnet to the Outside interface it redirects the telnet session to ethernet interface of my Termanl Server. The 2nd NAT, was for port 5900 (VNC) so that when I VNC to the Outside Interface I can get to my PC and continue to Lab on GNS3!
configlet:
NATs
static (inside,OUTSIDE) tcp interface telnet 172.16.1.2 telnet netmask 255.255.255.255 0 0
static (inside,OUTSIDE) tcp interface 5900 172.16.1.121 5900 netmask 255.255.255.255 0 0
ACL for Outside Interface
access-list 101 permit tcp any any eq 5900
access-list 101 permit tcp any any eq telnet
access-list 101 permit icmp any any
access-list 101 deny ip any any log
access-list 101 deny tcp any any log
There's really not much more than that!
Friday, July 25, 2008
Comments?
I opened up the Comments section to anyone and everyone... in case any one wanted to.... comment?
BGP (notes)
Two ways of transiting Non-BGP Speaking Devices... (maybe more?)
1. Redistribute. If you have a segment of your network that does not speak BGP and you need to get BGP, actually certain routes/segments (in this case from BGP), across that non-bgp router(s) you can redistribute BGP into that IGP at both ends. Remember to use Next Hop Self when not directly connected to a BGP peer.
2. Tunnel. The other option is to create a tunnel between the iBGP routers inside your network. This will allow traffic to pass through the IGP portion of our network where that portion is bookended by iBGP peers. You'll still need to remember to use Next Hop Self for the iBGP peer across the IGP "pond".
1. Redistribute. If you have a segment of your network that does not speak BGP and you need to get BGP, actually certain routes/segments (in this case from BGP), across that non-bgp router(s) you can redistribute BGP into that IGP at both ends. Remember to use Next Hop Self when not directly connected to a BGP peer.
2. Tunnel. The other option is to create a tunnel between the iBGP routers inside your network. This will allow traffic to pass through the IGP portion of our network where that portion is bookended by iBGP peers. You'll still need to remember to use Next Hop Self for the iBGP peer across the IGP "pond".
Class is cancelled....
Well, that's not good, the 2nd class is already canceled due to the instructor having to work! Not a good sign and certainly not leaving a good impression....
Plans for the weekend, review BGP! I have some material I can go through to get a better grasp of both fundamentals and advanced topics for BGP.
I'll also work on setting up my lab equipment albeit it's not enough to do a full blow network but I'll at least get my 3550 switches configured with my TS through my pix... I already configured some Port Redirection on the PIX now to test it out. ( In case you're interested, since my DSL is no longer live, I have to put the Outside Interface of my PIX on my Linksys router's DMZ. Then I have some NATs configured so that if I telnet to the Outside IP, it'll redirect to my TS BUT if I VNC to my outside IP, it'll redirect to my PC (so that I can continue to lab on GNS3 from anywhere)).
I'll continue to work through the BGP section although I'm kind of missing the breakdowns, a little disappointing that there aren't any (am I just missing something?)
I'm beginning to think that relying on some one to teach me something isn't the best approach. I think I may need to face facts and accept that I'm going to have to teach myself.... everything.
Some things to ponder....
Plans for the weekend, review BGP! I have some material I can go through to get a better grasp of both fundamentals and advanced topics for BGP.
I'll also work on setting up my lab equipment albeit it's not enough to do a full blow network but I'll at least get my 3550 switches configured with my TS through my pix... I already configured some Port Redirection on the PIX now to test it out. ( In case you're interested, since my DSL is no longer live, I have to put the Outside Interface of my PIX on my Linksys router's DMZ. Then I have some NATs configured so that if I telnet to the Outside IP, it'll redirect to my TS BUT if I VNC to my outside IP, it'll redirect to my PC (so that I can continue to lab on GNS3 from anywhere)).
I'll continue to work through the BGP section although I'm kind of missing the breakdowns, a little disappointing that there aren't any (am I just missing something?)
I'm beginning to think that relying on some one to teach me something isn't the best approach. I think I may need to face facts and accept that I'm going to have to teach myself.... everything.
Some things to ponder....
Thursday, July 24, 2008
Started BGP (IEWB1)
So far so good, I'm only behind about a week. My plan was to complete IEWB1's core sections (FR, RIP, EIGRP, OSPF, and BGP) before Terry's class. I hope to get BGP done in the next couple days.
After feeling kind of overwhelmed, I decided that I should take things one step, one day at a time. Its a lot more manageable that way. :)
After feeling kind of overwhelmed, I decided that I should take things one step, one day at a time. Its a lot more manageable that way. :)
Wednesday, July 23, 2008
OSPF NSSA Stuff (notes)
OSPF Not-So-Stubby-Areas (NSSAs) allow the external routes to traverse the NSSA and reach the rest of the OSPF network. NSSAs send updates as Type-7 LSAs and when reaching the ABR they appear as N2 routes (NSSA type 2). If you have more then 1 ABR in an NSSA then the ABR with the better Router-ID (if not explicitly defined, the highest Loopback) will be doing the Type 7 to Type 5 LSA translation. The rest of the network will see the Ext. Route as a type 5 (or E2) route. The implication here is that you can choose the router that will be doing the type 7 to 5 translation by influencing the Router-ID.
The following configlet. on the ABR that will translate 7 to 5, can surpress the type 5 LSA from being propogated. (160.1.160.0/24 is the external route)
router ospf 1
summary-address 160.1.60.0 255.255.255.0 not-advertise
You can also configure NSSA ABRs to advertise a default-route as a Type 3 LSA.
router ospf 1
area 1 nssa no-summary
You can subsequently change the cost of the default route advertised by designating a default-cost.
You can configure NSSA ABR to advertise a default-route as a Type 7 LSA.
router ospf 1
area 1 nssa default-information-originate
The following configlet. on the ABR that will translate 7 to 5, can surpress the type 5 LSA from being propogated. (160.1.160.0/24 is the external route)
router ospf 1
summary-address 160.1.60.0 255.255.255.0 not-advertise
You can also configure NSSA ABRs to advertise a default-route as a Type 3 LSA.
router ospf 1
area 1 nssa no-summary
You can subsequently change the cost of the default route advertised by designating a default-cost.
You can configure NSSA ABR to advertise a default-route as a Type 7 LSA.
router ospf 1
area 1 nssa default-information-originate
Tuesday, July 22, 2008
Completed OSPF (IEWB1)
I just completed OSPF, I think the breakdowns in the beginning of the section were fantastic but they stopped doing that towards the latter half of the section, OSPF Filtering. It would have been nice to have the breakdowns, although it's arguable that the commands to perform filtering are a little self explanatory. I'll be posting some notes on OSPF filtering once I get my thoughts a bit better organized.
On a side note, I'm getting to the point where I'm starting feel a bit overwhelmed, like I'm trying to take sip of water from a Fire Hose. I feel like I'm doing the labs but not sure how much of the information I'm retaining, I guess when you try and learn a lot of different things, your brain can only take so much before it stops processing new things. I really hope I'm not at that point yet because I still have a lot more to learn.
On a side note, I'm getting to the point where I'm starting feel a bit overwhelmed, like I'm trying to take sip of water from a Fire Hose. I feel like I'm doing the labs but not sure how much of the information I'm retaining, I guess when you try and learn a lot of different things, your brain can only take so much before it stops processing new things. I really hope I'm not at that point yet because I still have a lot more to learn.
Monday, July 21, 2008
OSPF Filtering (notes)
Inter-Area Filtering can be done by (1) area X filter-list prefix Y out/in under the OSPF Process. It calls an IP prefix list and only a prefix list can be used, no acls and no route-maps. This is done on ABR and it filters out routes coming in or exiting an area.
Example config:
R4#sh run | b router
router ospf 1
log-adjacency-changes
area 1 filter-list prefix A1_FILTER_IN in
area 1 filter-list prefix A1_FILTER_OUT out
network 150.1.0.0 0.0.255.255 area 1
network 155.1.0.0 0.0.0.255 area 0
network 155.1.146.0 0.0.0.255 area 1
!
!
ip prefix-list A1_FILTER_IN seq 5 deny 150.1.5.5/32
ip prefix-list A1_FILTER_IN seq 10 permit 0.0.0.0/0 le 32
!
ip prefix-list A1_FILTER_OUT seq 2 deny 150.1.6.6/32
ip prefix-list A1_FILTER_OUT seq 10 permit 0.0.0.0/0 le 32
For some reason my first instinct was to use a distribute list (which is used to allow/deny routes coming into aka redistributed into OSPF). Sometimes, I really get confused. eek.
Inter-Area Filtering can be done by (2) summarizing networks via area X range a.b.c.d 255.255.255.0 not-advertise. This method essentially summarizes at an ABR and instructs the routing process to not advertise the summary.
Example config:
R4#sh run | b router
router ospf 1
log-adjacency-changes
area 0 range 150.1.5.0 255.255.255.0 not-advertise
area 1 range 150.1.6.0 255.255.255.0 not-advertise
network 150.1.0.0 0.0.255.255 area 1
network 155.1.0.0 0.0.0.255 area 0
network 155.1.146.0 0.0.0.255 area 1
Ingress Filtering, preventing routes from entering the local IP routing table, can be accomplished by using distribute-lists in the routing process. (self explanatory)
Filtering External routes from entering a local IP routing table can be done by using a distribute list that calls a route-map that matches the external route.
Filtering Summary and External routes can also be done by changing the Administrative Distance of those routes. Using the Distance command, specifying the advertising router, and an ACL that matches the specific route.
Example config:
R4#sh run | b router
router ospf 1
log-adjacency-changes
area 1 filter-list prefix A1_FILTER_IN in
area 1 filter-list prefix A1_FILTER_OUT out
network 150.1.0.0 0.0.255.255 area 1
network 155.1.0.0 0.0.0.255 area 0
network 155.1.146.0 0.0.0.255 area 1
!
!
ip prefix-list A1_FILTER_IN seq 5 deny 150.1.5.5/32
ip prefix-list A1_FILTER_IN seq 10 permit 0.0.0.0/0 le 32
!
ip prefix-list A1_FILTER_OUT seq 2 deny 150.1.6.6/32
ip prefix-list A1_FILTER_OUT seq 10 permit 0.0.0.0/0 le 32
For some reason my first instinct was to use a distribute list (which is used to allow/deny routes coming into aka redistributed into OSPF). Sometimes, I really get confused. eek.
Inter-Area Filtering can be done by (2) summarizing networks via area X range a.b.c.d 255.255.255.0 not-advertise. This method essentially summarizes at an ABR and instructs the routing process to not advertise the summary.
Example config:
R4#sh run | b router
router ospf 1
log-adjacency-changes
area 0 range 150.1.5.0 255.255.255.0 not-advertise
area 1 range 150.1.6.0 255.255.255.0 not-advertise
network 150.1.0.0 0.0.255.255 area 1
network 155.1.0.0 0.0.0.255 area 0
network 155.1.146.0 0.0.0.255 area 1
Ingress Filtering, preventing routes from entering the local IP routing table, can be accomplished by using distribute-lists in the routing process. (self explanatory)
Filtering External routes from entering a local IP routing table can be done by using a distribute list that calls a route-map that matches the external route.
Filtering Summary and External routes can also be done by changing the Administrative Distance of those routes. Using the Distance command, specifying the advertising router, and an ACL that matches the specific route.
Sunday, July 20, 2008
Terry's CCIE class (1st impression)
I attended Terry's CCIE class yesterday and these are my first impressions. But before I delve in, here's a little bit about Terry. He is a double CCIE, R&S and Security. He first got his R&S number back in the 90s, he has over 15 years of experience with the last five teaching this class and consulting. He states that he has over 50 students that have passed the lab. He's Chinese and does have a noticeable accent.
So my impressions of the first class:
- 8 Hour Sessions focused strictly on completing labs. The first lab was a pretty basic OSPF/Frame Relay lab that he states should be completed in 2 hours. It took a bit longer since we share Racks and not everyone is at the same level.
- He lets you access the Racks (3 of them identically configured) at any time during the 10 week session and even afterwards upon request. The right IOS is on the routers, 12.4, and the switches, 12.2.
- There isn't much "teaching" per se, he sometimes vnc's to your machine while you are configuring the routers and picks on what you aren't doing "right". And by "right", I mean he picks on your technique. "Don't do a Show Run!, do a sh run | b router! Save your time!" So he's nit-picking on your methods and essentially ensuring you conform to his way (of course there are more ways then 1 to do something but he enforces that you do it his way which he says will get you to pass the test. After all that's the purpose of the class, to past the test by learning the tech, the technology and the technique.
- He'll teach strategy. I think this is important because there's gotta be a methodology to how to successfully take this lab. Something that comes with experience of taking the lab.
- There isn't much official materials. NO standardized workbook, although he does have some labs prepared its not in the format of a workbook/answer guide.
- Overall, I think I like it. At the least, I'll learn strategy and technique. I hope to learn the technology on my own.
I also plan on doing the lab we did in class once more during the week.
So my impressions of the first class:
- 8 Hour Sessions focused strictly on completing labs. The first lab was a pretty basic OSPF/Frame Relay lab that he states should be completed in 2 hours. It took a bit longer since we share Racks and not everyone is at the same level.
- He lets you access the Racks (3 of them identically configured) at any time during the 10 week session and even afterwards upon request. The right IOS is on the routers, 12.4, and the switches, 12.2.
- There isn't much "teaching" per se, he sometimes vnc's to your machine while you are configuring the routers and picks on what you aren't doing "right". And by "right", I mean he picks on your technique. "Don't do a Show Run!, do a sh run | b router! Save your time!" So he's nit-picking on your methods and essentially ensuring you conform to his way (of course there are more ways then 1 to do something but he enforces that you do it his way which he says will get you to pass the test. After all that's the purpose of the class, to past the test by learning the tech, the technology and the technique.
- He'll teach strategy. I think this is important because there's gotta be a methodology to how to successfully take this lab. Something that comes with experience of taking the lab.
- There isn't much official materials. NO standardized workbook, although he does have some labs prepared its not in the format of a workbook/answer guide.
- Overall, I think I like it. At the least, I'll learn strategy and technique. I hope to learn the technology on my own.
I also plan on doing the lab we did in class once more during the week.
Friday, July 18, 2008
OSPF Network Types. (notes)
There are 4 OSPF network types:
1. Broadcast - This is the default ospf network type for ospf routers on an ethernet segment. This type uses DR/BDRs and subsequently holds elections for those positions. These elections are based on Priority and Router-Id. The default priority of an interface is 1, the higher the priority the better and 0 designates not participating in the election.
2. NBMA aka Nonbroadcast - This is the default network type for multipoint Frame Relay. This network type transmits ospf update packets via unicast. This implies you need to statically configure an OSPF neighbor and when configuring the L3 to L2 mappings, you won't need to designate Broadcast. This network type also implies that the network is a Hub and Spoke network where the HUB should be the DR thus ensure that the spokes have an ospf priority of 0. This further implies that a DR/BDR election does take place. Also when looking at the routing table, you should see that the next-hop value from a spoke to spoke perspective, isn't modified to reflect the HUB ip address, instead the next should reflect the other spoke. You will also need L3 to L2 mappings for all spoke to spoke traffic.
As an alternative to statically configuring a neighbor, you can change the network type of the serial (frame relay) interface to Broadcast. Just remember to enable broadcast support when configuring the L3 to L2 mappings.
3. Point to Multipoint - A significant point to remember is that for this network type there are no DR/BDRs. Similar to Broadcast and Point-to-Point network types, this type uses multicast to transmit updates. Another significant point is the next-hop behavior. The next-hop value is changed to reflect the Hub when attempting to communicate from spoke to spoke in the routing table. In general, the next hop is altered to reflect its directly connected neighbor. This implies that for L3 to L2 mappings, only the directly connected neighbor is required and not for spoke to spoke. When looking at this network type, I try to keep in mind that this is really a collection of Point to Point links.
A variation to this network type is the use of Non-Broadcast. The only only difference being that updates are sent via unicast which will require the use of statically configured neighbors.
4. Point to Point - This is the default network type for Point to Point NBMA media types like point to point sub-interfaces and ISDN lines. Like Broadcast and Point to Multipoint network types, this type uses multicast to send updates. This network type is used to form adjacency's between exactly 2 OSPF neighbors.
Some commands to keep in mind when troubleshooting:
Sh ip ospf neighbor
Sh ip ospf interface
I'll talk about Loopback interfaces in a little bit!
[update]
Network type Loopback is special case reserved for loopback interfaces. They are reflected in the routing table as hosts regardless of the subnet mask of the interface. To disable this behavior, you can change the network type to Point to Point and the correct subnet mask will be reflected in the routing table.
1. Broadcast - This is the default ospf network type for ospf routers on an ethernet segment. This type uses DR/BDRs and subsequently holds elections for those positions. These elections are based on Priority and Router-Id. The default priority of an interface is 1, the higher the priority the better and 0 designates not participating in the election.
2. NBMA aka Nonbroadcast - This is the default network type for multipoint Frame Relay. This network type transmits ospf update packets via unicast. This implies you need to statically configure an OSPF neighbor and when configuring the L3 to L2 mappings, you won't need to designate Broadcast. This network type also implies that the network is a Hub and Spoke network where the HUB should be the DR thus ensure that the spokes have an ospf priority of 0. This further implies that a DR/BDR election does take place. Also when looking at the routing table, you should see that the next-hop value from a spoke to spoke perspective, isn't modified to reflect the HUB ip address, instead the next should reflect the other spoke. You will also need L3 to L2 mappings for all spoke to spoke traffic.
As an alternative to statically configuring a neighbor, you can change the network type of the serial (frame relay) interface to Broadcast. Just remember to enable broadcast support when configuring the L3 to L2 mappings.
3. Point to Multipoint - A significant point to remember is that for this network type there are no DR/BDRs. Similar to Broadcast and Point-to-Point network types, this type uses multicast to transmit updates. Another significant point is the next-hop behavior. The next-hop value is changed to reflect the Hub when attempting to communicate from spoke to spoke in the routing table. In general, the next hop is altered to reflect its directly connected neighbor. This implies that for L3 to L2 mappings, only the directly connected neighbor is required and not for spoke to spoke. When looking at this network type, I try to keep in mind that this is really a collection of Point to Point links.
A variation to this network type is the use of Non-Broadcast. The only only difference being that updates are sent via unicast which will require the use of statically configured neighbors.
4. Point to Point - This is the default network type for Point to Point NBMA media types like point to point sub-interfaces and ISDN lines. Like Broadcast and Point to Multipoint network types, this type uses multicast to send updates. This network type is used to form adjacency's between exactly 2 OSPF neighbors.
Some commands to keep in mind when troubleshooting:
Sh ip ospf neighbor
Sh ip ospf interface
I'll talk about Loopback interfaces in a little bit!
[update]
Network type Loopback is special case reserved for loopback interfaces. They are reflected in the routing table as hosts regardless of the subnet mask of the interface. To disable this behavior, you can change the network type to Point to Point and the correct subnet mask will be reflected in the routing table.
Thursday, July 17, 2008
Started OSPF (IEWB1)...
So far, I'm liking the structure of the material. They've put back the breakdowns and it's much easier to comprehend. I'm still in the first portion of the section so the material is relatively easy, things I already know and such. I'm probably not going to get through OSPF and BGP before Saturday so I'll have to make it up somewhere down the line. I'm getting to the point of recognizing multiple ways of solving a problem, it's starting to click. I hope I can develop this further and much deeper during Terry's class.
I'll most likely do a review Terry's class as well... so stay tuned!
I'll most likely do a review Terry's class as well... so stay tuned!
Wednesday, July 16, 2008
Finished EIGRP (IEWB1).
I finished the EIGRP section. There were not any breakdowns at the end of each task which annoyed me. I found that odd because the FR section had breakdowns and quickly skimming the book, BGP had breakdowns as well, so I assumed all sections had that.
Learned a few new things. One to note, changing the Adminsitrative distance of routes from an incoming point of view, meaning you change the AD of routes from the neighbors that advertise those routes (so its local to the router). I would have thought that you would advertise a route with a new AD.
Moving on to OSPF...
Learned a few new things. One to note, changing the Adminsitrative distance of routes from an incoming point of view, meaning you change the AD of routes from the neighbors that advertise those routes (so its local to the router). I would have thought that you would advertise a route with a new AD.
Moving on to OSPF...
Tuesday, July 15, 2008
PROGRESS UPDATE 1.
I think from time to time, I'll post my progress. It'll keep me on track, see how far I've come and how far I have left to go.
So my process is broken up in to 2 phases, learning and practicing.
Learning is just what it means, I'm going to take in everything from the beginning. I'll do the technology oriented workbooks, take CCIE classes, and review notes, books, and Cisco's website. I plan in being in this phase for about 7 months in total.
Practicing will solely be doing 8 hour mock labs and then reviewing what I did wrong. During the review, I shouldn't really be learning things I didn't know but more or less figuring out why I thought to complete a task 1 way when there's a "better" way of completing the task. I plan on being in this phase for at least 3 months.
Of course these things are subject to change with how quickly I can assimilate the information.
Timeline:
May 5th, 2008 - passed written
July 5th, 2008 - completed the GAP book (twice)
July 15th (today) 2008 - in the beginning of IEWB1
July 19th - Terry's 10 week Saturday Sessions begin.
November - Narbik's class tentative
December - Starts the Practicing Phase.
This puts on track for the end of February 2009 for my 1st LAB attempt.
So my process is broken up in to 2 phases, learning and practicing.
Learning is just what it means, I'm going to take in everything from the beginning. I'll do the technology oriented workbooks, take CCIE classes, and review notes, books, and Cisco's website. I plan in being in this phase for about 7 months in total.
Practicing will solely be doing 8 hour mock labs and then reviewing what I did wrong. During the review, I shouldn't really be learning things I didn't know but more or less figuring out why I thought to complete a task 1 way when there's a "better" way of completing the task. I plan on being in this phase for at least 3 months.
Of course these things are subject to change with how quickly I can assimilate the information.
Timeline:
May 5th, 2008 - passed written
July 5th, 2008 - completed the GAP book (twice)
July 15th (today) 2008 - in the beginning of IEWB1
July 19th - Terry's 10 week Saturday Sessions begin.
November - Narbik's class tentative
December - Starts the Practicing Phase.
This puts on track for the end of February 2009 for my 1st LAB attempt.
Monday, July 14, 2008
I planned on starting EIGRP (IEWB1) Today but...
... but I can't VNC to my machine at home. Argghhh.... I bet my ISP released my WAN IP addresses and was issued a new one. I should be using something like LogMeIn, it would solve this problem. So I'm stuck today at work without access to my lab, I guess today will be a "reading" day. That means one less day to lab the core stuff before Terry's class starts (which is this Saturday).
I'm going to focus on reading up on the Core stuff.
I'm going to focus on reading up on the Core stuff.
Sunday, July 13, 2008
Finished RIP (IEWB1)!
Finished the RIP section, some thoughts...
When a task asks you to ONLY advertise a default route in RIP and you're using a prefix list to match 0.0.0.0/0... it would behoove you to remember while using the "distribute-list PREFIX prefix_list_name ..." to remember to use the key word prefix, otherwise, it'll "call" a standard named ACL (which seems to be auto created if it's not present).
On to EIGRP...
When a task asks you to ONLY advertise a default route in RIP and you're using a prefix list to match 0.0.0.0/0... it would behoove you to remember while using the "distribute-list PREFIX prefix_list_name ..." to remember to use the key word prefix, otherwise, it'll "call" a standard named ACL (which seems to be auto created if it's not present).
On to EIGRP...
Almost done with RIP (IEWB1)
I'm almost done with RIP, things to remember, disable split-horizon on the hub router's multipoint interface or else you won't receive routes learned from the spokes (this is kind of a basic thing to remember but just in case). Also, I tend to do route filtering in the most difficult way possible for some reason, for instance, if the tasks says "Only advertise 10.0.0.0/8 from this router" I tend to do in bound route filtering on all the interfaces of the router to allow the specific network in but specify all the other networks with a deny acl. Obviously, the right way to do something like that is to do outbound filtering with 1 acl entry permiting 10.0.0.0/8. Or better yet a pre-fix list.
Sheesh, talk about making something harder than it has to be.
Sheesh, talk about making something harder than it has to be.
Saturday, July 12, 2008
Off Topic... surf on over to www.cciecandidate.com..
Off topic.
I added Ethan's blog to my blog roll! I'm sure if you're reading my blog then you've atleast have had to hear of Ethan. He recently got his numbers and he continues to have guest posters update his blog! It's a great read and lots of excellent information, so surf on over... (check my blog roll for the link)
I added Ethan's blog to my blog roll! I'm sure if you're reading my blog then you've atleast have had to hear of Ethan. He recently got his numbers and he continues to have guest posters update his blog! It's a great read and lots of excellent information, so surf on over... (check my blog roll for the link)
Friday, July 11, 2008
Frame Relay - Done!
Completed the Frame Relay lab this morning. Some things I got clarification on, Frame relay assigns DLCIs to the main interface, to move them you use the frame-relay interface-dlci command to the sub-interface. Frame-relay maps are used for layer 3 to layer 2 mappings. And you can also disable inverse-arp on a per DLCI basis.
Something I found odd, I'm using Dynamips to do these tech labs and some of the outcomes don't match up with what should be expected. For instance, some tasks say that since an IP is configured that the frame-relay in-arp should do the dynamic mapping, layer 3 to layer 2, and for the most part they do but it seems like its a mapping for 0.0.0.0 and not for the specific IP. I was still able to understand the point of the task but the outcome didn't match up sometimes.
On to RIP...
Something I found odd, I'm using Dynamips to do these tech labs and some of the outcomes don't match up with what should be expected. For instance, some tasks say that since an IP is configured that the frame-relay in-arp should do the dynamic mapping, layer 3 to layer 2, and for the most part they do but it seems like its a mapping for 0.0.0.0 and not for the specific IP. I was still able to understand the point of the task but the outcome didn't match up sometimes.
On to RIP...
Thursday, July 10, 2008
Started IE WB1
I started IE WB1 today and I find it pretty good. I started off with Frame Relay and it assumes you basically know nothing. It takes you through many different scenarios, drilling in the fundamentals of what you can do with what commands. I'm breezing through it for 2 reasons, 1 I completed Narbik's GAP book which is a similar type workbook, technology oriented. And 2, I think my class is starting in a week. I need to get to level where I can take full advantage of the class and I'm thinking after getting these 2 workbooks under my belt, I should be ready to take in some advance concepts that I may not have seen yet.
As far as the work book is concerned I like the "breakdown" sections! They're ggggrrrreeeeattt!
As far as the work book is concerned I like the "breakdown" sections! They're ggggrrrreeeeattt!
Wednesday, July 9, 2008
Completed IPv6, subsequently completed GAP!
Just finished IPv6, which wraps up the GAP workbook!
Some thing to keep in mind, (don't know if I mentioned this already) for multi-point FR, the link-local address needs to be mapped via a frame-relay map to a dlci or else traffic won't pass.
So what's next? I'll probably review IPv6 one more time before skimming through labs, trying to remember pertinent information. Then I'll be doing IEWB1 which should follow a similar structure, technology oriented labs.
Another thing to remember, when configuring link-local addresses, you don't designate the subnet.. no /64 etc.
Some thing to keep in mind, (don't know if I mentioned this already) for multi-point FR, the link-local address needs to be mapped via a frame-relay map to a dlci or else traffic won't pass.
So what's next? I'll probably review IPv6 one more time before skimming through labs, trying to remember pertinent information. Then I'll be doing IEWB1 which should follow a similar structure, technology oriented labs.
Another thing to remember, when configuring link-local addresses, you don't designate the subnet.. no /64 etc.
Tuesday, July 8, 2008
OSPFv3
OSPFv3 is interesting. Basically the same as OSPF for IPv4 but it's funny that you can use an IPv4 address for the router-id. I guess it makes sense though, the IPv4 Router-id address doesn't have to exist on any particular interface, it just identifies the neighbor.
Same issues with loopback addresses, if you want to advertise the correct mask you'll still need to issue #ipv6 ospf network point-to-point. What's funny is the easiest way for me to get IPv6 is to think about IPv4 and that after any command that needs to be issued that uses IP in it, I just add a "v". So far it's working for me!
Same issues with loopback addresses, if you want to advertise the correct mask you'll still need to issue #ipv6 ospf network point-to-point. What's funny is the easiest way for me to get IPv6 is to think about IPv4 and that after any command that needs to be issued that uses IP in it, I just add a "v". So far it's working for me!
RIPng
RIPng almost done! Similar to plain old RIP... I like the use of naming your RIP process, the option to advertise a default route only, and the fact that you enable it on a per interface basis! Just to be clear the RIPng Process is only local to the router. 2 or more routers don't necessarily need to have the same process name, although it would keep things clear and consistent if they were the same.
Update: using ACLs and Route-map is pretty much the same, classify what you want to advertise and apply the route map after the redistribute command.
Update: using ACLs and Route-map is pretty much the same, classify what you want to advertise and apply the route map after the redistribute command.
Monday, July 7, 2008
Basic things to remember about IPv6
Aside from having to enable ipv6 unicast-routing, for mulitpoint frame-relay you need to create a static IPv6 mapping to DLCI for the link local address that the routing protocol takes to get to the subnet.
And as far as eui-64 addressing goes, remember to invert the 7th most significant bit and then drop in FFFE right in the middle of the MAC address.
... more notes to come...
And as far as eui-64 addressing goes, remember to invert the 7th most significant bit and then drop in FFFE right in the middle of the MAC address.
... more notes to come...
Started IPv6
Just started IPv6, I wish the GAP book would go in to more of the WHY of the configurations. I guess the assumption is that you've already read the basics regarding IPv6, maybe I should do that first before diving into the configs. I'll pause and review the OECG chapter on IPv6...
Sunday, July 6, 2008
Narbik's GAP from CCNP to CCIE workbook.
So I'm almost done with Narbik's GAP workbook and I don't think it was too difficult. It took about a month to finish and I tried to do each section twice. I'm left with IPv6 to complete and that's it. What do I notice is that there isn't a section on Multicast. I wonder why he'd leave that out? I'm planning on attending his boot camp in November along with a close buddy of mine but before hand I'm actually taking a class local to me. 10 Saturdays for 8 hour sessions from a double CCIE... let's hope it's enough!
To see my previous blog... jank as it is.. go to www.netengineer.org/blog
To see my previous blog... jank as it is.. go to www.netengineer.org/blog
First Post... sort of.
This is my first post using blogger, I've been jank blogging from my own domain but decided to move the sub-dom here...
www.netengineer.org/blog
www.netengineer.org/blog
Subscribe to:
Posts (Atom)
