BGP multipath does not influence the selection of the best path.
#bgp maximum-paths <iBGP , eBGP> #
BGP next-hop trigger delay <#> (5 sec default)
CDP can detect / Duplex Mismatch, Native VLAN Mismatch / VTP domain name Mismatch
To mitigate and enforce root placement:
intf#spanning-tree guard root
Switch QoS:
mls qos
intf#mls qos cos 2
intf#mls qos cos override
intf#mls qos trust device <cisco-phone | cts (cisco telepresence | ip-camera)
On Trunks:
mls qos trust cos
Saturday, December 4, 2010
Flash Cards - BGP / MPLS
Ingress LSRs — Ingress LSRs receive a packet that is not labeled yet, insert a label (stack) in front of the packet, and send it on a data link.
Egress LSRs — Egress LSRs receive labeled packets, remove the label(s), and send them on a data link. Ingress and egress LSRs are edge LSRs.
Intermediate LSRs — Intermediate LSRs receive an incoming labeled packet, perform an operation on it, switch the packet, and send the packet on the correct data link.
An LSR can do the three operations: pop, push, or swap.
An LSR that pushes labels onto a packet that was not labeled yet is called an imposing LSR.
An LSR that removes all labels from the labeled packet before switching out the packet is a disposing LSR.
A label switched path (LSP) is a sequence of LSRs that switch a labeled packet through an MPLS network or part of an MPLS network.
The ingress LSR of an LSP is not necessarily the first router to label the packet. The packet might have already been labeled by a preceding LSR. Such a case would be a nested LSP—that is, an LSP inside another LSP.
A Forwarding Equivalence Class (FEC) is a group or flow of packets that are forwarded along the same path and are treated the same with regard to the forwarding treatment. However, not all packets that have the same label belong to the same FEC, because their EXP values might differ; the forwarding treatment could be different, and they could belong to a different FEC.
__________
BGP
To choose an exit point when you have multiple.
access-list 1 per 10.1.1.0 0.0.0.255
Route-Map Oscar
match ip address 1
set ext-community cost 1 1
#neighbor x.x.x.x route-map in
#router bgp 100
distance 150 x.x.x.x (source) x.x.x.x (subnet of source) <1 _ ACL is route to change the distance on>
#router bgp 100
distance bgp <external> <internal> <local>
#router bgp 100
no bgp fast-external failover
advertisement-interval <iBGP> <eBGP>
Route-Reflector Attributes (Optional Non-Transitive)
i. Origin ID - Router ID of the router that originated the prefix.
ii. Cluster ID - RR ID & Clients
iii. Cluster List - Same as the AS_Path (Loop Avoidance), if RR see's it's own ID it will drop the packet.
BGP Neighbor ORF
This has to be done on both sides or this will not work.
#ip prefix-list <name> permit x.x.x.x/x le 32
#neighbor x.x.x.x prefix-list <name> in
#address-family ipv4 unicast
#neighbor x.x.x.x capability orf prefix-list <send | receive | both>
_______
#ip as-path access-list 1 deny ^300$
#ip as-path access-list 1 permit .*
#neighbor x.x.x.x filter-list 1 in
Using an extended ACL to advertise networks - With BGP it is different.
access-list 101 permit (network) (mask) (mask) (mask)
BGP - Part 1
* Note: Outgoing route advertisements directly affect incoming traffic.
* Note: MED is considered a metric so a lower value is better.
Path Attributes
==> 3 _ 2 _ 2 _ 3 <==
1. Origin (WKM)
2. AS_Path(WKM)
3. Next_Hop (WKM)
4. Local_pref (WKD)
5. Atomic_aggregate (WKD)
6. Aggregate (OT)
7. Community (OT)
8. Originator_ID(ONT)
9. MED (ONT)
10. Cluster_List (ONT)
Origin (WKM) -
IGP / EGP / Incomplete
IGP - NLRI was learned from a protocol internal to the AS is gets the highest preference.
EGP - NLRI was learned from the exterior gateway protocol and gets medium preference.
Incomplete - NLRI was learned from some other means which could be redistribution but there is no real way to know how it got there and gets the lowest preference.
AS_Path (WKM)-
This uses a sequence of AS paths through which the NLRI was received. Beginning with the most recent and ending with the originating AS. The BGP router will only prepend its AS if it being advertised to an EBGP neighbor and NOT an iBGP neighbor. This is considered a loop avoidance mechinism.
Next_Hop (WKM) -
Community (OT) -
Internal BGP - TTL of 255
External BGP - TTL of 1
iBGP and IGP Syncronization
BGP does NOT advertise routes that have been learned from other iBGP peers.
BGP Syncronization: Before a route learned from an iBGP neighbor is entered into the routing table or is advertised to a BGP peer, the route must first be known via an IGP.
Confederations:
AS_Path contains (2) additional attributes:
i. AS_CONFED_SEQUENCE ii. AS_CONFED_SET
Route Selection is as follows inside a confederation.
1. EBGP routes are prefered over member AS then iBGP is last.
NEXT_HOP AND MED can be advertised unchanged along with the ability to send local_pref. Usually peering with an eBGP peer, local_pref means nothing.
Neighbor x.x.x.x default-originate is the same as OSPFs default-information-originate-always in that a default is advertised whether the router has a default route or not.
If only the default is to be sent, you must use a route-filter to suppress all more-specific route's.
neighbor x.x.x.x distribute-list 1 out
access-list 1 per 0.0.0.0
access-list 1 deny any
You can run an IGP to run in passive mode on external eBPG interfaces or can redistribute connected interfaces on AS border routers.
(2) Ways to create an aggregate address under BGP
i. Create a static route and advertise it with the network command.
ii. Use the aggregate-address command
ip route 192.168.192.0 255.255.248.0 null 0
Router BGP 1
network 192.168.192.0 mask 255.255.248.0
The route to null 0 is a safe guard should there not be a more specific match in the routing table.
* Note: MED is considered a metric so a lower value is better.
Path Attributes
==> 3 _ 2 _ 2 _ 3 <==
1. Origin (WKM)
2. AS_Path(WKM)
3. Next_Hop (WKM)
4. Local_pref (WKD)
5. Atomic_aggregate (WKD)
6. Aggregate (OT)
7. Community (OT)
8. Originator_ID(ONT)
9. MED (ONT)
10. Cluster_List (ONT)
Origin (WKM) -
IGP / EGP / Incomplete
IGP - NLRI was learned from a protocol internal to the AS is gets the highest preference.
EGP - NLRI was learned from the exterior gateway protocol and gets medium preference.
Incomplete - NLRI was learned from some other means which could be redistribution but there is no real way to know how it got there and gets the lowest preference.
AS_Path (WKM)-
This uses a sequence of AS paths through which the NLRI was received. Beginning with the most recent and ending with the originating AS. The BGP router will only prepend its AS if it being advertised to an EBGP neighbor and NOT an iBGP neighbor. This is considered a loop avoidance mechinism.
Next_Hop (WKM) -
- If the advertising router and receiving router are in different ASs, the next_hop is the IP address of the advertising routers interface.
- If the advertising router and the recieiving router are in the same AS and the NLRI of the update referes to a destination with the same AS, the next_hop is the IP address of the neighbor that advertised the route.
- If the advertising router and the receiving router are internal peers and the NLRI of the update refers to a destination in a different ASm the nest_hop is the IP address of the external peer from which the route was learned.
Community (OT) -
- Identifies a destination as a member of some community of destinations that share one or more common properties.
- The Community attribute is a set of (4) octet values (AA:NN)
- The first (2) are the AS number.
- The second (2) are the administratively defined identifier.
- The default is (NN:AA) which can be changed with " ip bgp-community new-format".
- INTERNET - Doe's not have a value and all routes belong to this community by default.
- NO_EXPORT - Can not be advertised to an EBGP peer or if a confederation is configured, cant be advertised outside of a confederation.
- NO_ADVERTISE - Routes received with this attribute cant be advertised at all.
- LOCAL_AS - Cant be advertised to EBGP peers including peer in other ASs within a Confederation.
Internal BGP - TTL of 255
External BGP - TTL of 1
iBGP and IGP Syncronization
BGP does NOT advertise routes that have been learned from other iBGP peers.
BGP Syncronization: Before a route learned from an iBGP neighbor is entered into the routing table or is advertised to a BGP peer, the route must first be known via an IGP.
Confederations:
AS_Path contains (2) additional attributes:
i. AS_CONFED_SEQUENCE ii. AS_CONFED_SET
Route Selection is as follows inside a confederation.
1. EBGP routes are prefered over member AS then iBGP is last.
NEXT_HOP AND MED can be advertised unchanged along with the ability to send local_pref. Usually peering with an eBGP peer, local_pref means nothing.
Neighbor x.x.x.x default-originate is the same as OSPFs default-information-originate-always in that a default is advertised whether the router has a default route or not.
If only the default is to be sent, you must use a route-filter to suppress all more-specific route's.
neighbor x.x.x.x distribute-list 1 out
access-list 1 per 0.0.0.0
access-list 1 deny any
You can run an IGP to run in passive mode on external eBPG interfaces or can redistribute connected interfaces on AS border routers.
(2) Ways to create an aggregate address under BGP
i. Create a static route and advertise it with the network command.
ii. Use the aggregate-address command
ip route 192.168.192.0 255.255.248.0 null 0
Router BGP 1
network 192.168.192.0 mask 255.255.248.0
The route to null 0 is a safe guard should there not be a more specific match in the routing table.
Multicast - Flash Cards
My flashcards over time have become quite worn and out of order so I will be just adding them with no regards as to what came first, the chicken or the egg.
AutoRP -
ip pim send-rp-announce (Rendezvous Point)
ip pim send-rp-discover (Mapping agent)
#ip pim send-rp-announce loopback 0 scope 2 group-list 1
224.0.1.39 / 40 will only be used with Auto-RP and / or auto-rp listener.
If you have multiple RPs for a group, the HIGHEST IP wins.
If you want to deny a host from joining group:
#access-list 1 deny 224.0.1.40
#intf fastethernet0/0 #ip multicast boundary 1 <1 is the access-list>
BSR -
ip pim rp-canidate (Rendezvous Point)
ip pim bsr-canidate (Mapping agent)
DENSE MODE
Hellos are generated every 30 seconds and sent to 224.0.0.13 with a TTL (1)
(NOTE: The 224 address can be considered Link-Local, thus the TTL of 1)'
Neighbor Interface Uptime/Expires Ver DR
Address Prio/Mode
10.1.13.1 Serial0/2/0 00:16:37/00:01:21 v2 1 / S P
Uptime - How long have they been neighbors.
Expires - 3 1/2 x's the HELLO interval. (The timer starts at 1 Min 45 Sec and decrements to 1:15 )
Ver - Specifies neighbors PIM version
DR Prio - Has no meaning in dense mode unless PIMv1 is being used.
If the priority is identical, the router with the highest IP address is elected the DR.
The letter "S" indicates that this router is state refresh capable with allows it to remain in a "(P)RUNED" state.
These messages are sent every 60 seconds to the ALL PIM Multicast address of 224.0.0.13 TTL 1
Show Command # show ip pim interface fa 0/0 detail
R1(config-if)#do sh ip igmp group
IGMP Connected Group Membership
Group Address Interface Uptime Expires Last Reporter Group Accounted
224.1.1.1 Loopback0 00:00:31 00:02:28 1.1.1.1
224.0.1.40 FastEthernet0/0 02:15:39 00:02:02 10.1.12.1
R1#sh ip pim inter count | B Address
Address Interface FS Mpackets In/Out
10.1.12.1 FastEthernet0/0 * 24/0
1.1.1.1 Loopback0 * 0/0
10.1.13.1 Serial0/1/1 * 0/12
R1#
____________
access-list 1 permit 224.0.0.0 15.255.255.255
#ip igmp immediate-leave group-list 1 <1 is referencing the ACL>
#ip pim send-rp-announce group-list 1 <1 is referencing the ACL>
____________
Announce RP for all groups but will never be RP.
access-list 1 permit host 1.1.1.1
access-list 2 deny any
#ip pim rp-announce-filter rp-list 1 group-list 2 (This needs to be on the mapping agent)
#ip pim spt-threshold 20 group-list 1
(Amount of time it waits before switching over to the Shortest Path Tree, Default is almost immediate.)
____________
RPF- With multicast, the router will check the static mroute table first.
i. TS, ping the interface on the router that is the source of the MC traffic and then compare it to your mroute table and add any routes needed to pass the RPF.
___________
show pim df Shows bidirectional PIM designated forwarder (DF) information
show pim group-map Displays PIM group-to-protocol mapping information
show pim interface Displays PIM interface information
show pim join-prune statistic Shows PIM join/prune information
show pim neighbor Displays PIM neighbor information
show pim range-list Shows PIM range-list information
show pim topology Displays the PIM topology table information
show pim traffic Displays PIM traffic counters
show pim tunnel Lists information about the PIM tunnel interfaces
show igmp groups Displays group membership information
show igmp interface Provides interface IGMP information
show igmp traffic Displays traffic counters
show mroute Displays the contents of the multicast routing table:
_____________________________
debug pim Enables debugging for PIM events
debug pim neighbor Enables debugging of PIM neighbor events
debug pim group group Enables PIM protocol activity debugging for only the matching group
debug pim interface interface Enables debugging of PIM protocol activity for only the specified interface.
debug pim df-election Enables debugging of PIM DF election exchange messages.
debug mrib route [group] Enables debugging of MRIB routing activity
debug mrib client Enables debugging of MRIB client management activity
debug mrib io Enables debugging of MRIB I/O events
debug mrib table Enables debugging of MRIB table management activity
AutoRP -
ip pim send-rp-announce (Rendezvous Point)
ip pim send-rp-discover (Mapping agent)
#ip pim send-rp-announce loopback 0 scope 2 group-list 1
224.0.1.39 / 40 will only be used with Auto-RP and / or auto-rp listener.
If you have multiple RPs for a group, the HIGHEST IP wins.
If you want to deny a host from joining group:
#access-list 1 deny 224.0.1.40
#intf fastethernet0/0 #ip multicast boundary 1 <1 is the access-list>
BSR -
ip pim rp-canidate (Rendezvous Point)
ip pim bsr-canidate (Mapping agent)
DENSE MODE
Hellos are generated every 30 seconds and sent to 224.0.0.13 with a TTL (1)
(NOTE: The 224 address can be considered Link-Local, thus the TTL of 1)'
Neighbor Interface Uptime/Expires Ver DR
Address Prio/Mode
10.1.13.1 Serial0/2/0 00:16:37/00:01:21 v2 1 / S P
Uptime - How long have they been neighbors.
Expires - 3 1/2 x's the HELLO interval. (The timer starts at 1 Min 45 Sec and decrements to 1:15 )
Ver - Specifies neighbors PIM version
DR Prio - Has no meaning in dense mode unless PIMv1 is being used.
If the priority is identical, the router with the highest IP address is elected the DR.
The letter "S" indicates that this router is state refresh capable with allows it to remain in a "(P)RUNED" state.
These messages are sent every 60 seconds to the ALL PIM Multicast address of 224.0.0.13 TTL 1
Show Command # show ip pim interface fa 0/0 detail
R1(config-if)#do sh ip igmp group
IGMP Connected Group Membership
Group Address Interface Uptime Expires Last Reporter Group Accounted
224.1.1.1 Loopback0 00:00:31 00:02:28 1.1.1.1
224.0.1.40 FastEthernet0/0 02:15:39 00:02:02 10.1.12.1
R1#sh ip pim inter count | B Address
Address Interface FS Mpackets In/Out
10.1.12.1 FastEthernet0/0 * 24/0
1.1.1.1 Loopback0 * 0/0
10.1.13.1 Serial0/1/1 * 0/12
R1#
____________
access-list 1 permit 224.0.0.0 15.255.255.255
#ip igmp immediate-leave group-list 1 <1 is referencing the ACL>
#ip pim send-rp-announce group-list 1 <1 is referencing the ACL>
____________
Announce RP for all groups but will never be RP.
access-list 1 permit host 1.1.1.1
access-list 2 deny any
#ip pim rp-announce-filter rp-list 1 group-list 2 (This needs to be on the mapping agent)
#ip pim spt-threshold 20 group-list 1
(Amount of time it waits before switching over to the Shortest Path Tree, Default is almost immediate.)
____________
RPF- With multicast, the router will check the static mroute table first.
i. TS, ping the interface on the router that is the source of the MC traffic and then compare it to your mroute table and add any routes needed to pass the RPF.
___________
show pim df Shows bidirectional PIM designated forwarder (DF) information
show pim group-map Displays PIM group-to-protocol mapping information
show pim interface Displays PIM interface information
show pim join-prune statistic Shows PIM join/prune information
show pim neighbor Displays PIM neighbor information
show pim range-list Shows PIM range-list information
show pim topology Displays the PIM topology table information
show pim traffic Displays PIM traffic counters
show pim tunnel Lists information about the PIM tunnel interfaces
show igmp groups Displays group membership information
show igmp interface Provides interface IGMP information
show igmp traffic Displays traffic counters
show mroute Displays the contents of the multicast routing table:
_____________________________
debug pim Enables debugging for PIM events
debug pim neighbor Enables debugging of PIM neighbor events
debug pim group group Enables PIM protocol activity debugging for only the matching group
debug pim interface interface Enables debugging of PIM protocol activity for only the specified interface.
debug pim df-election Enables debugging of PIM DF election exchange messages.
debug mrib route [group] Enables debugging of MRIB routing activity
debug mrib client Enables debugging of MRIB client management activity
debug mrib io Enables debugging of MRIB I/O events
debug mrib table Enables debugging of MRIB table management activity
Subscribe to:
Posts (Atom)