Posts Tagged ‘CCIE R&S’

CCIE RS Exercise - To get a Environment Course IT Certification

February 13th, 2012   by Daniel

CCIE RS exercise is meant for people remarkably potential networking experts and is a wide-ranging learning method. It will be assumed of to quicken your competency to an skilled diploma, although giving you the talents and coaching to cross this demanding exam. CCIE is considered the easiest way to obtain the Cisco internetwork Skilled Certification.  It is also the perfect amount of certification, which is furnished by Cisco Solutions. IT industry experts managing immense networks and qualified in utilising Cisco services will need to go an extensive test to get this certification.

The CCIE RS coaching is performed at CCIE coaching schools, which has tutors, lecturers, and boot camps. In the CCIE, you will find six tracks, notably, Storage Networking, Voice and Wireless, Routing & Switching, Service Provider, and Security. This examination is considered to be quite tough and excellent one to clear, providing you with technical experience and dedication. This also makes you a member of an exclusive group of pros, makes your resume look grand, and will increase your credibility.

Moving forward in career could be the ambition of most IT specialists. CCIE RS coaching will provide the platform to supply a bonus in the job market.  Once you begin in search of higher opportunities in or exterior your company, the CCIE certification will provide help to attain your objective simply on this aggressive world.

You'll have many reasons for taking CCIE RS coaching; getting excessive salary could possibly be considered one of them. Getting this certification will not be a simple work; it takes years, sometimes, to clear the exams. It takes eighteen months and a whole bunch of dollars to clear this examination, and that is why there's large marketplace for such licensed specialists. The plus side to you'll find it that, with such limited certified pros and high demand for them, the salaries presented are incredibly high.

After receiving the CCIE RS coaching, you might be assumed of to be an knowledgeable in the networking field. Subsequently, if a tough scenario arises, you might be at all times called in to settle the problem. When you will have this certification, you may be acknowledged worldwide for having high qualification within just the networking and technology industry.

It happens to be essential to understand the general means of CCIE RS coaching examination, so that you will understand the form of schooling which can be needed. This examination consists of two principal elements, the written, and the lab exam. The written half is of two hours size containing a number of-choice question. You'll be able to sit for the lab examination only if you are successful in the written exam.  The lab examination is an eight-hour one that can take a look at your capacity to put collectively networking and software equipment and your troubleshooting ability.  Three years are presented for passing the lab examination, after which you want to reappear for the written examination before continuing for the lab examination again.

A lot of the candidates showing for a CCIE RS teaching examination do not go on the first attempt. Nonetheless, there is fairly a high price of success within the second attempt. To enhance the probabilities of success in this exam, you should research the subjects that are exam specific. One essential issue to be kept in thoughts is that, after receiving this certificate, you should recertify each two years.

Consider learning concerning the expertise in every area as listed inside of the Cisco blueprint. It is usually recommended to have not less than four hundred hours of lab follow employing a simulated gear as a strategy to succeed in the CCIE security lab exam. Dedicate a part of your day in mastering every topic. You can get various study materials obtainable available in the market for better understanding of the subjects talked about within just the blueprint of Cisco. They assist you to in making ready yourself by way of the aid of structured software. You'll be able to spend money on a good training software, which lets you improve your degree of expertise.

You can go for online education packages from reputed corporations, which provide observe assessments and different helpful services to enhance your skills. CCIE safety can be utilized as a ladder in the direction of success. It will be accepted as a recognized certification software inside the networking industry worldwide. A CCIE in security will open the gateway towards a shiny career.

Post in CCIE R&S | No Comments »

Tags: ,,

Tunneling Foreign Protocols in IP

February 10th, 2012   by Daniel

One of the most important applications of tunnels is for passing foreign protocols through a network that only supports IP. A typical example of this would be IPX, although the configuration is similar for other protocols such as Appletalk:

Router1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router1(config)#ipx routing AAAA.BBBB.0001
Router1(config)#interface Tunnel1
Router1(config-if)#ipx network AAA
Router1(config-if)#tunnel source 172.25.1.5
Router1(config-if)#tunnel destination 172.25.1.7
Router1(config-if)#exit
Router1(config)#end
Router1#

Then on the other router you must create a tunnel interface with a matching source and destination, as well as a matching IPX network number:

Router5#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router2(config)#ipx routing AAAA.BBBB.0002
Router5(config)#interface Tunnel3
Router5(config-if)#ipx network AAA
Router5(config-if)#tunnel source 172.25.1.7
Router5(config-if)#tunnel destination 172.25.1.5
Router5(config-if)#exit
Router5(config)#end
Router5#

Note that of all the supported tunnel modes mentioned in Table 12.1, only the default GRE will transport IPX, although there are several AppleTalk tunnel modes.

This book does not cover IPX, so we won't go into any detail on the IPX-specific commands here. This is merely intended as an example of how to use GRE tunnels for foreign protocols. For more information on IPX, please refer to Designing Large-Scale LANs by Kevin Dooley (O'Reilly).

To enable IPX on both of these routers, first you have to make sure that you are running an IOS release that supports IPX. The various "Desktop" IOS versions support this protocol, as do the "Enterprise" versions. Please consult the Cisco IOS feature matrices for more details. Assuming, then, that your router supports IPX, you can enable it with the ipx routing command, as shown. Naturally, you need to enable IPX routing on both routers. Then the only other important detail is to configure both ends of the GRE tunnel with matching IPX network numbers, as we have done in the example.

It's important to note that you can configure a GRE tunnel to support more than one protocol by simply specifying appropriate network numbers for each protocol using the tunnel.

Router1(config)#interface Tunnel1
Router1(config-if)#ip address 192.168.35.6 255.255.255.252
Router1(config-if)#ipx network AAA
Router1(config-if)#tunnel source 172.25.1.5
Router1(config-if)#tunnel destination 172.25.1.7
Router1(config-if)#exit
Router1(config)#end
Router1#
Post in CCIE Labs | No Comments »

Tags: ,,

CCIE RS Exercise - To get a Environment Course IT Certification

February 1st, 2012   by Daniel

CCIE RS exercise is meant for people remarkably potential networking experts and is a wide-ranging learning method. It will be assumed of to quicken your competency to an skilled diploma, although giving you the talents and coaching to cross this demanding exam. CCIE RS Training is considered the easiest way to obtain the Cisco internetwork Skilled Certification.  It is also the perfect amount of certification, which is furnished by Cisco Solutions. IT industry experts managing immense networks and qualified in utilising Cisco services will need to go an extensive test to get this certification.

The CCIE RS coaching is performed at CCIE coaching schools, which has tutors, lecturers, and boot camps. In the CCIE, you will find six tracks, notably, Storage Networking, Voice and Wireless, Routing & Switching, Service Provider, and Security. This examination is considered to be quite tough and excellent one to clear, providing you with technical experience and dedication. This also makes you a member of an exclusive group of pros, makes your resume look grand, and will increase your credibility.

Moving forward in career could be the ambition of most IT specialists. CCIE RS coaching will provide the platform to supply a bonus in the job market.  Once you begin in search of higher opportunities in or exterior your company, the CCIE certification will provide help to attain your objective simply on this aggressive world.

You'll have many reasons for taking CCIE RS coaching; getting excessive salary could possibly be considered one of them. Getting this certification will not be a simple work; it takes years, sometimes, to clear the exams. It takes eighteen months and a whole bunch of dollars to clear this examination, and that is why there's large marketplace for such licensed specialists. The plus side to you'll find it that, with such limited certified pros and high demand for them, the salaries presented are incredibly high.

After receiving the CCIE RS coaching, you might be assumed of to be an knowledgeable in the networking field. Subsequently, if a tough scenario arises, you might be at all times called in to settle the problem. When you will have this certification, you may be acknowledged worldwide for having high qualification within just the networking and technology industry.

It happens to be essential to understand the general means of CCIE RS coaching examination, so that you will understand the form of schooling which can be needed. This examination consists of two principal elements, the written, and the lab exam. The written half is of two hours size containing a number of-choice question. You'll be able to sit for the lab examination only if you are successful in the written exam.  The lab examination is an eight-hour one that can take a look at your capacity to put collectively networking and software equipment and your troubleshooting ability.  Three years are presented for passing the lab examination, after which you want to reappear for the written examination before continuing for the lab examination again.

A lot of the candidates showing for a CCIE RS teaching examination do not go on the first attempt. Nonetheless, there is fairly a high price of success within the second attempt. To enhance the probabilities of success in this exam, you should research the subjects that are exam specific. One essential issue to be kept in thoughts is that, after receiving this certificate, you should recertify each two years.

Consider learning concerning the expertise in every area as listed inside of the Cisco blueprint. It is usually recommended to have not less than four hundred hours of lab follow employing a simulated gear as a strategy to succeed in the CCIE security lab exam. Dedicate a part of your day in mastering every topic. You can get various study materials obtainable available in the market for better understanding of the subjects talked about within just the blueprint of Cisco. They assist you to in making ready yourself by way of the aid of structured software. You'll be able to spend money on a good training software, which lets you improve your degree of expertise.

You can go for online education packages from reputed corporations, which provide observe assessments and different helpful services to enhance your skills. CCIE safety can be utilized as a ladder in the direction of success. It will be accepted as a recognized certification software inside the networking industry worldwide. A CCIE in security will open the gateway towards a shiny career.

Post in CCIE R&S | Comments Closed

Tags: ,,

CCIE RS Exercise - To get a Environment Course IT Certification

January 11th, 2012   by Daniel

CCIE RS exercise is meant for people remarkably potential networking experts and is a wide-ranging learning method. It will be assumed of to quicken your competency to an skilled diploma, although giving you the talents and coaching to cross this demanding exam. CCIE RS Training is considered the easiest way to obtain the Cisco internetwork Skilled Certification. It is also the perfect amount of certification, which is furnished by Cisco Solutions. IT industry experts managing immense networks and qualified in utilising Cisco services will need to go an extensive test to get this certification.

The CCIE RS coaching is performed at CCIE coaching schools, which has tutors, lecturers, and boot camps. In the CCIE, you will find six tracks, notably, Storage Networking, Voice and Wireless, Routing & Switching, Service Provider, and Security. This examination is considered to be quite tough and excellent one to clear, providing you with technical experience and dedication. This also makes you a member of an exclusive group of pros, makes your resume look grand, and will increase your credibility.

Moving forward in career could be the ambition of most IT specialists. CCIE RS coaching will provide the platform to supply a bonus in the job market. Once you begin in search of higher opportunities in or exterior your company, the CCIE certification will provide help to attain your objective simply on this aggressive world.

You'll have many reasons for taking CCIE RS coaching; getting excessive salary could possibly be considered one of them. Getting this certification will not be a simple work; it takes years, sometimes, to clear the exams. It takes eighteen months and a whole bunch of dollars to clear this examination, and that is why there's large marketplace for such licensed specialists. The plus side to you'll find it that, with such limited certified pros and high demand for them, the salaries presented are incredibly high.

After receiving the CCIE RS coaching, you might be assumed of to be an knowledgeable in the networking field. Subsequently, if a tough scenario arises, you might be at all times called in to settle the problem. When you will have this certification, you may be acknowledged worldwide for having high qualification within just the networking and technology industry.

It happens to be essential to understand the general means of CCIE RS coaching examination, so that you will understand the form of schooling which can be needed. This examination consists of two principal elements, the written, and the lab exam. The written half is of two hours size containing a number of-choice question. You'll be able to sit for the lab examination only if you are successful in the written exam. The lab examination is an eight-hour one that can take a look at your capacity to put collectively networking and software equipment and your troubleshooting ability. Three years are presented for passing the lab examination, after which you want to reappear for the written examination before continuing for the lab examination again.

A lot of the candidates showing for a CCIE RS teaching examination do not go on the first attempt. Nonetheless, there is fairly a high price of success within the second attempt. To enhance the probabilities of success in this exam, you should research the subjects that are exam specific. One essential issue to be kept in thoughts is that, after receiving this certificate, you should recertify each two years.

Consider learning concerning the expertise in every area as listed inside of the Cisco blueprint. It is usually recommended to have not less than four hundred hours of lab follow employing a simulated gear as a strategy to succeed in the CCIE security lab exam. Dedicate a part of your day in mastering every topic. You can get various study materials obtainable available in the market for better understanding of the subjects talked about within just the blueprint of Cisco. They assist you to in making ready yourself by way of the aid of structured software. You'll be able to spend money on a good training software, which lets you improve your degree of expertise.

You can go for online education packages from reputed corporations, which provide observe assessments and different helpful services to enhance your skills. CCIE safety can be utilized as a ladder in the direction of success. It will be accepted as a recognized certification software inside the networking industry worldwide. A CCIE in Security will open the gateway towards a shiny career.

Post in CCIE R&S | Comments Closed

Tags: ,,

Setting Up Frame Relay with Point-to-Point Subinterfaces

January 4th, 2012   by Daniel

Probably the cleanest way to set up a Frame Relay network is to use point-to-point subinterfaces. If you have a host site that connects to two or more branches through a Frame Relay WAN, you could configure the central host router like this: CCIE Bootcamps

Central#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Central(config)#interface Serial0
Central(config-if)#description Frame-Relay host circuit
Central(config-if)#no ip address
Central(config-if)#encapsulation frame-relay
Central(config-if)#exit
Central(config)#interface Serial0.1 point-to-point
Central(config-subif)#description PVC to first branch - DLCI 101
Central(config-subif)#ip address 192.168.1.5 255.255.255.252
Central(config-subif)#frame-relay interface-dlci 101
Central(config-fr-dlci)#exit
Central(config-subif)#exit
Central(config)#interface Serial0.2 point-to-point
Central(config-subif)#description PVC to second branch - DLCI 102
Central(config-subif)#ip address 192.168.1.9 255.255.255.252
Central(config-subif)#frame-relay interface-dlci 102
Central(config-fr-dlci)#exit
Central(config-subif)#exit
Central(config)#end
Central#
And all of the branches would follow the same basic configuration, but with different IP addresses and DLCI numbers:
Branch1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Branch1(config)#interface Serial0
Branch1(config-if)#description Frame-Relay circuit
Branch1(config-if)#no ip address
Branch1(config-if)#encapsulation frame-relay
Branch1(config-if)#exit
Branch1(config)#interface Serial0.1 point-to-point
Branch1(config-subif)#description PVC to Central host - DLCI 50
Branch1(config-subif)#ip address 192.168.1.6 255.255.255.252
Branch1(config-subif)#frame-relay interface-dlci 50
Branch1(config-fr-dlci)#exit
Branch1(config-if)#exit
Branch1(config)#end
Branch1#
In this example, we have assumed that all of the Frame Relay circuits connect to serial interfaces on the routers. This is normally the case, but there are other options. Frame Relay is usually delivered on low speed 56 or 64 Kbps circuits, or fractional or full T1 or E1 circuits. However, there are useful Frame Relay implementations all the way up to T3 speeds. The most common way to deliver Frame Relay service faster than T1 or E1 speeds is on either a coax T3 or a High Speed Serial Interface (HSSI) connection.
In all cases, the router is the Data Terminal Equipment (DTE) device, and the Frame Relay switch in the carrier's network is the Data Communications Equipment (DCE). Make sure that you have the right DTE type cable.

As an aside, while many carriers currently offer T3 Frame Relay service, very few Frame Relay switches are able to reliably switch packets along a single PVC much faster than T1 or E1 speeds. This means that a T3 or HSSI circuit makes an excellent aggregation point for a large number of branches with T1, E1, or slower circuits. However, you should talk it over very thoroughly with your WAN provider before attempting to build a Frame Relay network that requires CIR rates greater than a T1 or E1.

By default, the router will dynamically determine the encapsulation format for the data payload of each packet. If you have to connect to non-Cisco equipment, you may prefer to manually specify the open standard encapsulation format described in RFC 1490 instead. You can configure this either for each subinterface separately, or globally for the entire interface. To configure one subinterface to use RFC 1490 encapsulation, use the ietf keyword:

Central(config)#interface Serial0.1 point-to-point
Central(config-subif)#frame-relay interface-dlci 101 ietf
Central(config-fr-dlci)#end
You can make RFC 1490 encapsulation the default for all subinterfaces on an interface as follows:
Central(config)#interface Serial0
Central(config-if)#encapsulation frame-relay ietf
Central(config-if)#end
When you do this, you do not need to specify the ietf keyword on each subinterface. The other option for payload encapsulation is a Cisco proprietary standard. If you want to use to the Cisco encapsulation format on a particular PVC, you can do so with the cisco keyword:
Central(config)#interface Serial0.1 point-to-point
Central(config-subif)#frame-relay interface-dlci 101 cisco
Central(config-fr-dlci)#end
It is extremely important to specify the point-to-point keyword here. The problem is that you can't change a subinterface type. If you specify the wrong type of subinterface, you must delete the incorrect one, and then reboot the router before you can recreate it with the correct type. This was particularly serious in earlier IOS releases because the default was multipoint, rather than point-to-point. In Version 12.0 and higher, there is no default, and you must explicitly specify either point-to-point or multipoint.
The show frame-relay pvc command shows the status and several useful statistics for each PVC:
Central#show frame-relay pvc
PVC Statistics for interface Serial0 (Frame Relay DTE)
DLCI = 101, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0.1
input pkts 4092 output pkts 1331 in bytes 573274
out bytes 364868 dropped pkts 0 in FECN pkts 0
in BECN pkts 0 out FECN pkts 0 out BECN pkts 0
in DE pkts 0 out DE pkts 0
out bcast pkts 1277 out bcast bytes 361391
pvc create time 21:16:46, last time pvc status changed 21:16:46
DLCI = 102, DLCI USAGE = LOCAL, PVC STATUS = DELETED, INTERFACE = Serial0.2
input pkts 0 output pkts 2 in bytes 0
out bytes 566 dropped pkts 0 in FECN pkts 0
in BECN pkts 0 out FECN pkts 0 out BECN pkts 0
in DE pkts 0 out DE pkts 0
out bcast pkts 2 out bcast bytes 566
pvc create time 00:02:08, last time pvc status changed 00:01:15
Central#
In this case, two DLCIs are configured on the router. Only one of these is in an active state; the other shows as DELETED, which means that it is not configured on the switch. This command also shows you if there are other PVCs configured in the Frame Relay switch but not on the router. These DLCIs are easy to spot because the DLCI USAGE field is listed as UNUSED:
Central#show frame-relay pvc
PVC Statistics for interface Serial1 (Frame Relay DTE)
DLCI = 101, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0.1
input pkts 11 output pkts 14 in bytes 2218
out bytes 1825 dropped pkts 3 in FECN pkts 0
in BECN pkts 0 out FECN pkts 0 out BECN pkts 0
in DE pkts 0 out DE pkts 0
out bcast pkts 9 out bcast bytes 1305
pvc create time 00:02:45, last time pvc status changed 00:02:24
DLCI = 102, DLCI USAGE = LOCAL, PVC STATUS = DELETED, INTERFACE = Serial0.2
input pkts 0 output pkts 2 in bytes 0
out bytes 566 dropped pkts 0 in FECN pkts 0
in BECN pkts 0 out FECN pkts 0 out BECN pkts 0
in DE pkts 0 out DE pkts 0
out bcast pkts 2 out bcast bytes 566
pvc create time 00:02:08, last time pvc status changed 00:01:15
DLCI = 103, DLCI USAGE = UNUSED, PVC STATUS = INACTIVE, INTERFACE = Serial0
input pkts 0 output pkts 0 in bytes 0
out bytes 0 dropped pkts 0 in FECN pkts 0
in BECN pkts 0 out FECN pkts 0 out BECN pkts 0
in DE pkts 0 out DE pkts 0
out bcast pkts 0 out bcast bytes 0 Num Pkts Switched 0
pvc create time 00:00:08, last time pvc status changed 00:00:08
Central#
In this case, you can see that a new PVC with DLCI 103 was created on the switch eight seconds ago on the circuit that connects to the router's Serial0 interface. This new PVC is not associated with a subinterface, and it is not passing any traffic.
The show interface command gives other useful information, particularly about the Local Management Interface (LMI) protocol:
Router#show interface Serial0
Serial0 is up, line protocol is up
Hardware is HD64570
Description: Frame-Relay circuit
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load 1/255
Encapsulation FRAME-RELAY, loopback not set, keepalive set (10 sec)
LMI enq sent 7932, LMI stat recvd 7932, LMI upd recvd 0, DTE LMI up
LMI enq recvd 0, LMI stat sent 0, LMI upd sent 0
LMI DLCI 1023 LMI type is CISCO frame relay DTE
Broadcast queue 0/64, broadcasts sent/dropped 1320/0, interface broadcasts 2
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 22:01:52
Input queue: 0/75/0 (size/max/drops); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
12481 packets input, 720402 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
9579 packets output, 500221 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up
Branch1#
LMI provides many of Frame Relay's useful features, such as keepalives, that can tell a router when one or more PVCs become unavailable. This example shows CISCO type LMI, which uses DLCI number 1023. If we had specified the CCITT or ANSI LMI standards, the router would use DLCI number 0 for LMI.
When you enable Frame Relay on an interface, the router automatically activates the Inverse ARP protocol, which is described in RFC 1293. The router uses Inverse ARP to make a dynamic mapping between a Frame Relay DLCI number and a Layer 3 address. This Layer 3 address could be for any supported protocol such as IP, Appletalk, IPX, and so forth.

In this recipe, we built a static mapping between the DLCI number and the IP address, so we don't actually need Inverse ARP. Each subinterface always associates a particular DLCI number with a particular Layer 3 address. This means that we can safely disable Inverse ARP. You can do this for an individual protocol as follows:

Central(config)#interface Serial0
Central(config-if)#no frame-relay inverse-arp ip
Or you can disable Inverse ARP globally for all protocols:
Central(config)#interface Serial0
Central(config-if)#no frame-relay inverse-arp
In this case, if you want to reenable Inverse ARP just for a particular protocol you can do so like this:
Central(config)#interface Serial0
Central(config-if)#frame-relay inverse-arp ipx 100
This tells the router that it should use Inverse ARP to discover the IPX address of the device on the other end of the virtual circuit with DLCI number 100. If you don't need Inverse ARP, we generally recommend disabling it. CCIE Labs

Post in Uncategorized | Comments Closed

Tags: ,,

Filtering BGP Routes Based on AS Paths

January 3rd, 2012   by Daniel

You can use AS Path filters, either inbound or outbound, to filter either the routes you send or the routes you receive, respectively. You must apply these filters to each peer separately:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ip as-path access-list 15 permit ^65501$
Router1(config)#ip as-path access-list 25 permit _65530_
Router1(config)#ip as-path access-list 25 deny _65531$
Router1(config)#ip as-path access-list 25 permit .*
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65510
Router1(config-router)#neighbor 192.168.1.5 filter-list 15 in
Router1(config-router)#neighbor 192.168.2.5 remote-as 65520
Router1(config-router)#neighbor 192.168.2.5 filter-list 25 out
Router1(config-router)#exit
Router1(config)#end
Router1#
One of the most common reasons for filtering routes based on the AS Path is to prevent AS transit, as we showed in Recipes 9.4 and 9.5. However, there are some other useful applications for AS Path filters. The example shown above contains two distinct filters, one of which applies to routes received inbound from one neighbor, and the other works on outbound routes sent to a second neighbor.
AS Path filters are constructed by using a subset of UNIX regular expressions. Regular expressions provide an extremely powerful and general pattern matching syntax. Many scripting languages, such as Perl, Java, awk, sed, PHP, and Python, use regular expressions for string manipulation. A detailed description of the syntax is out of the scope of this book, but fortunately, BGP path filters don't require all of the magic of the regular expression syntax. This is because all AS Paths consist of simply numbers separated by whitespace. There are no other characters to worry about, and every AS Path has a similar construction. Only the specific ASNs and the number of whitespaces ever change. For more information on regular expressions in general, please refer to Mastering Regular Expressions by Jeffrey Friedl (O'Reilly).
So the pattern ^$simply means that the field is empty because the start is immediately followed by the end. In the case of a BGP AS Path, that means that this route must originate inside this AS.
Looking at the example above, then, it should be clear that access-list number 15 looks for paths that contain only one ASN, which must be 65501:
Router1(config)#ip as-path access-list 15 permit ^65501$
Because there is both a ^ and a $ in the pattern, this filter will match routes whose AS Path consists of just a single ASN, which must have a value of 65501. This filter will remove any downstream routes that AS 65501 is merely passing along. Also, as with normal access lists, AS Path filters end with an implicit deny all clause. So the router will suppress any other routes that don't match this pattern.
The second AS Path filter in the example is somewhat more complicated:
Router1(config)#ip as-path access-list 25 permit _65530_
Router1(config)#ip as-path access-list 25 deny _65531$
Router1(config)#ip as-path access-list 25 permit .*
This shows that you can have filters that span multiple lines, although the example itself is a little bit artificial. The first line in this filter permits any routes that pass through AS 65530. The ASN in this line is surrounded by _ characters. The _ character stands for whitespace, although it is a little bit confusing because, for example, _65530_ seems to imply that it will match the ASN 65530 only if it appears in the middle of an AS Path. But, in fact, _65530_ will match any path containing the ASN, 65530, even if it is at the beginning or the end of the path. Conversely, _65531$ will only match AS Paths that end with AS 65531, meaning those routes that originate in AS 65531.
This little _ delimiter character is extremely important because AS Path filters use a literal text pattern matching. For example, consider the following filter, which doesn't include this character:
Router1(config)#ip as-path access-list 26 permit 55
This AS Path filter will match not only paths containing AS 55, but any other ASN that happens to contain the digits 55, such as 65530, 7553, or 255. But it is unlikely that you actually want to match on substrings within an ASN like this. So you should always remember to include these delimiter characters.
We included the following line in the recipe example because we needed to counteract the implicit deny all at the end of any AS Path access list:
Router1(config)#ip as-path access-list 25 permit .*
This statement explicitly permits all other AS Paths that have not matched any of the earlier lines in the filter rule. The character "." in this filter matches any character, while the * indicates that there can be any number of characters. In fact, * literally means zero or more matches. In many cases, you actually need to match one or more times, for which you can use the + character.
There are many interesting uses for AS Path filters. For example, you might want to allow routes from an ISP and its immediate customers, but not from anything further away. This is easily accomplished with the following filter:
Router1(config)#ip as-path access-list 27 permit ^[0-9]+$
Router1(config)#ip as-path access-list 27 permit ^[0-9]+_[0-9]+$
This filter uses a couple of little tricks. The first trick is to specify a range, as in [0-9]. This means that the rule will match any character that falls in the range from 0 to 9, inclusive. Following this with the + character means that the rule matches one or more of these patterns. So the first line in this filter matches all paths that contain one and only one ASN, although it doesn't matter what this ASN actually is. The second line similarly matches all paths that contain exactly two ASNs. The net effect is to allow only routes from the directly attached ISP AS, and from any other AS that is directly connected to the ISP.
Another way to write the same thing is to match on the delimiters in the AS Path, instead of the actual ASN values. To do this, you might use a pattern like this:
Router1(config)#ip as-path access-list 28 deny _.+_.+_.+_
Router1(config)#ip as-path access-list 28 permit .*
In the first line of this access list, the "." character matches anything, including delimiters as well as digits. So this pattern will match an AS Path that includes at least four AS Path delimiters, with something in between them. Since the first and last delimiters could be the beginning and end of the AS Path, rather than actual whitespace, this access list causes the router to suppress any AS Path that includes three or more ASNs. It's slightly confusing because you have to think in terms of matching on delimiters rather than ASNs, but the net effect of AS Path access list number 28 is identical to 27 above. And, if you wanted to increase the maximum number of ASN values in the path from two to, say, five, this syntax is much more flexible:
Router1(config)#ip as-path access-list 29 deny _.+_.+_.+_.+_.+_.+_
Router1(config)#ip as-path access-list 29 permit .*
It's useful to remember that you can affect not only the routes you receive, but also the routes that you send using AS Path filters.
Router1(config)#ip as-path access-list 15 permit ^$
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65520
Router1(config-router)#neighbor 192.168.1.5 filter-list 15 out
In this case, the filter permits only routes that have an empty AS Path, meaning that the routes must have originated locally within this AS. This filter suppresses any external routing information when forwarding its routing table. So the external networks don't know about any downstream networks that can be reached through this router.
You could use a slightly more complicated outbound filter if you wanted. This example allows only directly connected networks to use your AS for transit:
Router1(config)#ip as-path access-list 16 deny _.+_.+_
Router1(config)#ip as-path access-list 16 permit .*
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.5 remote-as 65520
Router1(config-router)#neighbor 192.168.1.5 filter-list 16 out
The router applies this filter before it adds itself to the AS Path. So when we deny the pattern _.+_.+_, this suppresses all AS Paths with two or more ASNs, leaving only AS Paths that have a single ASN. Any path with one ASN must originate in a directly connected AS.
This AS Path filter might seem a little bit confusing because it denies paths that we don't want rather than permitting the ones we do. If you prefer, you could create a filter that has the identical effect by explicitly permitting only the paths that we want and implicity denying the ones we don't want:
Router1(config)#ip as-path access-list 17 permit ^[0-9]+$
Router1(config)#ip as-path access-list 17 permit ^$
Both of these filters allow the router to forward routing information that originates in this AS, and in any networks that are directly connected to us. Bear in mind that this doesn't prevent a device that is fifteen hops away from reaching one of our neighbors through our network. But it does prevent them from reaching anything more distant than one of our direct neighbors through our AS.CCIE Voice

Post in CCIE Voice | Comments Closed

Tags: ,,

CCIE Voice, Configuring BGP

December 31st, 2011   by Daniel

In its simplest configuration, BGP exchanges routes between a router in one AS and another router in a different AS. The first router is in AS 65500:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface Serial0
Router1(config-if)#ip address 192.168.55.6 255.255.255.252
Router1(config-if)#exit
Router1(config)#router bgp 65500
Router1(config-router)#network 192.168.1.0
Router1(config-router)#neighbor 192.168.55.5 remote-as 65501
Router1(config-router)#no synchronization
Router1(config-router)#exit
Router1(config)#end
Router1#
The second router is in AS 65501:
Router2#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router2(config)#interface Serial0
Router2(config-if)#ip address 192.168.55.5 255.255.255.252
Router2(config-if)#exit
Router2(config)#router bgp 65501
Router2(config-router)#network 172.25.17.0 mask 255.255.255.0
Router2(config-router)#neighbor 192.168.55.6 remote-as 65500
Router2(config-router)#no synchronization
Router2(config-router)#exit
Router2(config)#end
Router2#
This example shows two routers in different Autonomous Systems. Router1 is in AS 65500, and is configured to share routing information only for a single network using the command network 192.168.1.0. Because this is a classful network, we don't need to include a mask. However, you will notice that the syntax of the network command on Router2 is different:
Router2(config-router)#network 172.25.17.0 mask 255.255.255.0
This is because the routing information we want to share only includes 172.25.17.0/24, and not the entire classful network, 172.25.0.0/16.
The first thing you should do after configuring two routers for BGP is to ensure that they are able to establish a BGP connection. You can verify this with the command show ip bgp summary:
Router1#show ip bgp summary
BGP router identifier 192.168.99.5, local AS number 65500
BGP table version is 7, main routing table version 7
4 network entries and 4 paths using 484 bytes of memory
2 BGP path attribute entries using 196 bytes of memory
BGP activity 11/7 prefixes, 11/7 paths

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.55.5 4 65501 17 18 7 0 0 00:12:38 2
Router1#
Here you can see that Router1 has a BGP neighbor, 192.168.55.5, in AS 65501. The most critical detail here is the last column, State/PfxRcd. In this column, you will see either a word, indicating the state of the peer connection, or a number, indicating the number of routing prefixes (that is, the number of distinct subnets in the routing table) that have been received from this peer.
In this case, the router had a valid BGP session with the neighbor device, 192.168.55.5 for just over 12 minutes. If this session is broken for any reason, you will most likely see either the word "Active" or "Idle" in this field. The following output shows another peer device, 172.25.2.2, which is down:
Router1#show ip bgp summary
BGP router identifier 192.168.99.5, local AS number 65500
BGP table version is 7, main routing table version 7
4 network entries and 4 paths using 484 bytes of memory
2 BGP path attribute entries using 196 bytes of memory
BGP activity 11/7 prefixes, 11/7 paths

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.55.5 4 65501 17 18 7 0 0 00:12:38 2
172.25.2.2 4 65531 527 526 0 0 0 21:05:23 Active
Router1#
More than one engineer has seen the word "Active" (or "Connect") here and thought that the session was active. But, in fact it means that this peer relationship is currently down. The BGP connection is only up if you see a number in the last column. Note also that the word "Idle" in this column indicates that the router doesn't believe that a session is even possible with this peer device, or that it has not yet attempted to connect (the router will wait several seconds before attempting a connection). If the Idle condition persists, this usually indicates that the remote peer is unreachable. A persistent "Active" state, on the other hand, most likely indicates a configuration problem.

It often takes almost a minute to establish a BGP peer connection, so be patient if you don't see the peers immediately connect. If after this time they still have failed to connect, you should double check your "neighbor" configuration statements. Make sure that you have the right remote IP address and AS number, in particular. If these are correct, and you can ping the remote peer's IP address. Then you should make sure that the routers are using the interfaces that you think they are to reach the destination.
The example in the Solutions section of this recipe shows an eBGP peer relationship because we have configured different ASNs on the two routers: CCIE Workbook

Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.55.5 remote-as 65501
This shows that Router1 is in AS 65500, while Router2 is in AS 65501. You configure iBGP peers the same way, but the neighbor statement specifies the same ASN value as the router bgp statement. We can add a iBGP peer in AS 65500 as follows:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface Ethernet0
Router1(config-if)#ip address 192.168.1.5 255.255.255.0
Router1(config-if)#exit
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 192.168.1.6 remote-as 65500
Router1(config-router)#exit
Router1(config)#end
Router1#
And we would configure the other iBGP peer router like this:
Router3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router3(config)#interface Ethernet0
Router3(config-if)#ip address 192.168.1.6 255.255.255.0
Router3(config-if)#exit
Router3(config)#router bgp 65500
Router3(config-router)#neighbor 192.168.1.5 remote-as 65500
Router3(config-router)#exit
Router3(config)#end
Router3#
There is no need to establish a peer relationship between this new router and the eBGP peer, Router2. Router3 may connect to one or more other, completely different ASs, though. And there is nothing to prevent you from having an iBGP peer that doesn't connect to any eBGP peers. However, it is important to create a full mesh of iBGP relationships among all of the BGP routers inside any given AS.
BGP uses a permanent TCP connection between pairs of peer routers, and every peer relationship must be configured manually. This is actually one of the biggest strengths of BGP because it allows you to configure unique properties, such as unique filtering for each peer. With the various IGPs that we have already discussed, the routing peers generally discover one another dynamically by default.
However, the above examples only specify the destination IP address, not the source address. In this particular case, there is only one way to reach the destination, so there is no need to specify the source address, as the routers will simply use the IP address of the nearest interface. There are some cases where you do need to specify the source address, though.
For example, you might have two iBGP routers in your network, with several different possible paths between them. In this case, it would be better to configure the two routers to use their loopback addresses for the peer configuration, rather than the physical interfaces, which could go down. If you have redundant paths, you may as well use them. You could configure the router to use its loopback address for BGP as follows:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#interface Ethernet0
Router1(config-if)#ip address 192.168.55.6 255.255.255.0
Router1(config-if)#exit
Router1(config)#interface Ethernet1
Router1(config-if)#ip address 192.168.56.10 255.255.255.0
Router1(config-if)#exit
Router1(config)#interface Loopback0
Router1(config-if)#ip address 172.21.19.1 255.255.255.255
Router1(config-if)#exit
Router1(config)#ip route 172.20.1.2 255.255.255.255 192.168.55.1
Router1(config)#ip route 172.20.1.2 255.255.255.255 192.168.56.1
Router1(config)#router bgp 65500
Router1(config-router)#neighbor 172.20.1.2 remote-as 65500
Router1(config-router)#neighbor 172.20.1.2 update-source Loopback0
Router1(config-router)#exit
Router1(config)#end
Router1#

Then, on the other router, you would have:
Router3#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router3(config)#interface Ethernet0
Router3(config-if)#ip address 192.168.55.1 255.255.255.0
Router3(config-if)#exit
Router3(config)#interface Ethernet1
Router3(config-if)#ip address 192.168.56.1 255.255.255.0
Router3(config-if)#exit
Router3(config)#interface Loopback0
Router3(config-if)#ip address 172.20.1.2 255.255.255.255
Router3(config-if)#exit
Router3(config)#ip route 172.21.19.1 255.255.255.255 192.168.55.6
Router3(config)#ip route 172.21.19.1 255.255.255.255 192.168.56.10
Router3(config)#router bgp 65500
Router3(config-router)#neighbor 172.21.19.1 remote-as 65500
Router3(config-router)#neighbor 172.21.19.1 update-source Loopback0
Router3(config-router)#exit
Router3(config)#end
Router3#
Each of these routers uses the other's loopback IP address for its BGP neighbor statement. But to create a TCP session, you need the source address from one end to match the destination address of the other. So we have included commands to force each router to use their loopback interfaces for these source addresses:
Router1(config-router)#neighbor 172.20.1.2 update-source Loopback0
We strongly recommend using the update-source option, specifying a loopback interface on both routers, whenever you have redundant paths between iBGP peers.
So far, everything that we have discussed has to do with establishing the iBGP and eBGP peer relationships. We haven't exchanged any actual routing information yet. This brings us to the network commands in the example configuration files. On the first router, we used the classful version of the command to advertise an entire Class C network, 192.168.1.0/24:
Router1(config)#router bgp 65500
Router1(config-router)#network 192.168.1.0
The second router, however, uses the more general classless version of the network command:
Router2(config)#router bgp 65501
Router2(config-router)#network 172.25.17.0 mask 255.255.255.0
These commands allow the router to pick up routes out of its routing table and pass them along using BGP. BGP will not advertise anything that it doesn't have in its routing table. The first command will advertise the prefix 192.168.1.0/24 if it is in the routing table, while the second one will advertise 172.25.17.0/24. It is important to realize that these are literally the prefixes that BGP will advertise. If you have a route for 192. 168.1.4/32, then the first network statement we mentioned will not cover it. Instead, you would have to explicitly include a network command for this prefix:
Router1(config)#router bgp 65500
Router1(config-router)#network 192.168.1.4 mask 255.255.255.255
You can also use redistribution to inject routes into BGP from either static routes or foreign routing protocols. We strongly recommend against redistribution to introduce routes into BGP if it can be avoided.
Note that because BGP will only advertise a prefix if it is in the routing table, an unstable IGP route could introduce instability into BGP. You can ensure the route is always available, though, by using a floating static route pointing to the null interface:
Router1(config)#ip route 192.168.1.0 255.255.255.0 null0 250
Here we have specified an Administrative Distance of 250 for this route. This value is deliberately very high to ensure that it is worse than any IGP, as well as iBGP. Now when the dynamic route drops out of the IGP routing table, the router replaces it with this floating static route, and BGP continues to advertise the prefix. This is not always desirable, of course. You may want this BGP router to stop advertising routes that it cannot reach. But in most cases, stability is more important. Looking back at the example in the Solutions section of this recipe, you will see that we disabled synchronization on both routers:
Router1(config)#router bgp 65500
Router1(config-router)#no synchronization
Synchronization is enabled by default. This feature is intended for situations in which your AS acts as a transit for packets from one AS to another, but where some of the routers in your AS do not run BGP. In this case, the routers that only run the IGP need to have the same routing table as the BGP routers, or the AS could become a black hole for the unsynchronized routes. If synchronization is enabled in this situation, BGP will only advertise routes that are present in both the IGP and BGP route tables. CCIE SP Lab

In this example, we had no intention of carrying the BGP routing table through the IGP. We generally recommend disabling synchronization, unless you are running an IGP and redistributing routes between BGP and the IGP.

Take a close look at the examples in this recipe because they show how Cisco's BGP configuration syntax works. When you want to change the parameters for a particular peer, you must first define the neighbor and the AS that this peer resides in. Then you can start to define any nondefault behavior for this peer with further neighbor commands that specify the

Post in CCIE R&S | Comments Closed

Tags: ,,

CCIE lab exam, CCIE certification

December 29th, 2011   by Daniel

The CCIE lab exams are part of the certification programs carried out by Cisco to evaluate candidates based on the difficulty capturing and configuration abilities. This CCIE certification is awarded after profitable clearance of the written and the lab exam. It's thought of as one of the highest diploma of certifications in the world.

The CCIE lab exam is part of the Cisco Licensed Internetwork Skilled (CCIE) certification program. It is thought-about to qualify the best level of technical expertise within the industry. Using CCIE, professionals have an opportunity to determine themselves within the subject of networking. Only some thousand persons are believed to clear the CCIE exam. CCIE labs are thought of to impart high level of training surroundings, which acts as a major profit for candidates.

CCIE examination is conducted in 5 completely different tracks. They're routing and switching, safety, service supplier, storage networking and voice. CCIE examination involves two checks, that are a CCIE written take a look at and a CCIE lab exam. In order to attempt the lab exam, you should clear the written exam. If you're not in a position to clear the written exam the first time, you should anticipate a hundred and eighty days for retaking it. After clearing the written take a look at, it is best to make an try for the CCIE lab exam within 18 months. It you might be unable to clear the lab exam, then you could re-attempt inside 12 months as a way to keep the written examination consequence valid.

The written examination is computed based mostly, which entails one hundred multiple-selection questions. It has a time restrict of two hours and is conducted in varied check centers across the world. The subjects coated within the written exam rely upon the specialization or observe you choose. For service supplier, you may select from classes like Cable, DSL, IP Telephony, Dial, Content material Networking, Optical, WAN switching, and Metro Ethernet. Every written exam is made accessible in the beta type at a value of $50 USD.

It you are able to clear the written exam in in any respect track chosen, you can be called for the CCIE lab exam. The CCIE lab exam is exclusive in nature, as it is an eight-hour examination, which checks the flexibility of the candidate to configure and troubleshoot networking equipment. Cisco has excessive stage of kit in its CCIE labs for use within the lab exams. The blue print of the lab examination is on the market on its website. The lab exam shouldn't be available at all Pearson VUE or Prometric testing centers.

A typical CCIE R&S lab examination features a two-hour hassle-taking pictures part through which you're presented a collection of tickets for preconfigured networks in the CCIE labs. It is best to be able to establish and resolve the faults. You can proceed in the direction of the configuration section after you end the troubleshooting part.

A legitimate passing rating is critical to aim a CCIE lab exam. Cisco makes use of the help of proctors to judge the candidates in the preliminary rounds in its CCIE labs situated worldwide. Factors are awarded when a criterion is met and grading is performed utilizing some computerized tools. The results of a lab exam are mirrored within forty eight hours. A go/fail is projected within the end result and in case of a fail, the areas the place you're lacking behind are mentioned so to prepare well before a re-try.

Cisco stands out in the subject of networking by providing a CCIE certification for you to pursue your training as well as get acknowledged by a reputed organization. The CCIE lab examination can be used as a platform to challenge your means in numerous tracks supplied by Cisco. Attempting a lab examination requires rigorous training and high sense of understanding. The CCIE labs type the first step to your excessive potential career.

Post in CCIE R&S | Comments Closed

Tags: ,,

CCIE RS Training, good performance start form here

December 27th, 2011   by Daniel

CCIE RS coaching is very necessary to get the needed knowledge to successfully go the Cisco licensed Internetwork Professional exam. This is thought-about to be the most prestigious certification owned by IT professionals.

CCIE RS coaching is meant for these highly potential networking professionals and is a wide-ranging studying program. It's thought-about to quicken your competency to an knowledgeable level, while providing you the skills and coaching to move this rigorous exam. CCIE is one of the best ways to get the Cisco internetwork Professional Certification. It is usually the very best stage of certification, which is supplied by Cisco Systems. IT professionals managing big networks and expert in utilizing Cisco merchandise must cross an in depth exam to get this certification.

The CCIE RS coaching is performed at CCIE Bootcamps schools, which has tutors, lecturers, and boot camps. Within the CCIE, there are six tracks, particularly, Storage Networking, Voice and Wireless, Routing & Switching, Service Supplier, and Security. This examination is taken into account to be very troublesome and excellent one to clear, offering you with technical expertise and dedication. This additionally makes you a member of an unique group of execs, makes your resume look grand, and increases your credibility.

Shifting forward in profession is the ambition of most IT professionals. CCIE RS training will provide the platform to offer an advantage within the job market. Whenever you start on the lookout for better opportunities in or outside your company, the CCIE certification will enable you to attain your aim simply in this aggressive world.

You will have many reasons for taking CCIE RS training; getting excessive wage could be certainly one of them. Getting this certification will not be a simple work; it takes years, generally, to clear the exams. It takes eighteen months and a whole lot of dollars to clear this examination, which is why there is enormous market for such licensed professionals. The plus aspect to it's that, with such limited licensed professionals and excessive demand for them, the salaries supplied are very high.

After receiving the CCIE RS Training, you're thought of to be an professional in the networking field. Subsequently, if a difficult state of affairs arises, you are always called in to settle the problem. When you will have this certification, you'll be acknowledged worldwide for having high qualification in the networking and expertise industry.

It is important to grasp the overall technique of CCIE RS coaching exam, in order that you will understand the form of training which will be needed. This exam consists of two principal parts, the written, and the lab exam. The written part is of two hours length containing a number of-alternative question. You'll be able to sit for the lab exam only in case you are successful within the written exam. The lab exam is an eight-hour one that may check your capacity to place collectively networking and software program tools and your troubleshooting ability. Three years are supplied for passing the lab examination, after which you have to reappear for the written examination before proceeding for the lab examination again.

A lot of the candidates appearing for a CCIE RS training exam don't cross on the first attempt. However, there may be quite a high rate of success in the second attempt. To improve the probabilities of success on this examination, it's best to examine the subjects which can be examination specific. One necessary factor to be kept in mind is that, after receiving this certificates, you must recertify each two years.

Post in CCIE R&S | Comments Closed

Tags: ,,

Creating a Default Route in OSPF

December 26th, 2011   by Daniel

To propagate a default route with OSPF, use the default-information originate configuration command:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ip route 0.0.0.0 0.0.0.0 172.25.1.1
Router1(config)#router ospf 55
Router1(config-router)#default-information originate metric 30 metric-type 1
Router1(config-router)#exit
Router1(config)#end
Router1#

Unlike RIP and EIGRP, you cannot create a default route in OSPF by simply redistributing a static route. Even if there is a default route in the routing table, by default Cisco's OSPF implementation will not forward it to the rest of the network. This is because OSPF uses a link state algorithm that keeps track of links rather than routes. So summary routes are very special elements in OSPF, and it's important to be careful when distributing them. The default route, 0.0.0.0/0, is the ultimate summary of summaries, and it has the potential to cause serious confusion if it isn't handled properly.
So Cisco forces you to be sure that you really want to source a default route into OSPF by requiring you to specifically enable it with the default-information originate command. This command also allows you to specify precisely the metric of this default route and, since a default route is implicitly external to the AS, the type of external route. This has the added advantage of giving finer granularity of control over default route propagation.
You can look at the external routes in the OSPF database with the following command:
Router1#show ip ospf database external
OSPF Router with ID (172.25.25.1) (Process ID 55)
Type-5 AS External Link States
LS age: 163
Options: (No TOS-capability, DC)
LS Type: AS External Link
Link State ID: 0.0.0.0 (External Network Number )
Advertising Router: 172.25.25.1
LS Seq Number: 80000002
Checksum: 0x18E6
Length: 36
Network Mask: /0
Metric Type: 1 (Comparable directly to link state metric)
TOS: 0
Metric: 30
Forward Address: 0.0.0.0
External Route Tag: 55
Router1#
In this example, you can see that the default route is advertised by the router 172.25.25.1 with a metric of 30 and a metric type of 1. The metric type in this case refers to whether this route is considered by OSPF to be a Type 1 or Type 2 external route. It is a Type 1 route because we configured it this way in the default-information command:
Router1(config-router)#default-information originate metric 30 metric-type 1
As we mentioned in the Introduction to this chapter, the cost of a Type 1 external route is the cost shown by the external metric, which is 30 in this case, plus the internal cost to reach the router that advertises the external route (the ASBR).
Then, on another router in the same area, you can see that the default route's cost is 40, because the cost to reach the ASBR is 10. All of the internal routers can see that this is a Type 1 external route, as well as other important attributes, such as the administrative distance and the ASBR that originated this route:
Router5#show ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
Known via "ospf 87", distance 110, metric 40, candidate default path
Tag 55, type extern 1
Redistributing via ospf 87
Last update from 172.25.1.5 on Ethernet0, 00:01:24 ago
Routing Descriptor Blocks:
* 172.25.1.5, from 172.25.25.1, 00:01:24 ago, via Ethernet0
Route metric is 40, traffic share count is 1
Router5#
With default routes in particular, you sometimes want to ensure that that ASBR continues to advertise the external route, even if it disappears from its routing table. You can do this by adding the keyword always to the default-information command as follows:
Router1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router1(config)#ip route 0.0.0.0 0.0.0.0 172.25.1.1
Router1(config)#router ospf 55
Router1(config-router)#default-information always metric-type 1
Router1(config-router)#exit
Router1(config)#end
Router1#
You can also create a default route using a stub area. In this case, you can configure your ABR routers to advertise only a simple default route into the area. CCIE Workbook

Post in CCIE Security | Comments Closed

Tags: ,,