3 New CCNA Certifications.
New Cisco initiatives - the Cisco Learning Network and three new CCNA certifications - help accelerate the development of technical talent
The new suite of concentrations takes advantage of the foundation for careers in Cisco networking technologies, the CCNA certification:
- CCNA Security validates installation, troubleshooting and monitoring skills of network devices to maintain the integrity, confidentiality and availability of data.
- CCNA Voice validates voice application skills in voice over IP (VoIP) technologies such as IP PBX, IP telephony, handset, call control and voicemail.
- CCNA Wireless validates a candidate’s skills in the configuration, implementation and support of Cisco wireless local-area networks (WLANs).
My 1st CLNS Configuration!
I got my first CLNS network running!
Topology:
R3 s0/0/0– DLCI 307 - Frame-relay - DLCI 307— s0/0/0 R7
The config:
R3 Configuration:
!
hostname R3
!
!
!
interface Serial0/0/0
no ip address
encapsulation frame-relay
frame-relay map clns 307 broadcast
no frame-relay inverse-arp
clns enable
clns router isis
no sh
!
!
clns host R3 47.0037.3333.3333.3333.3333.00
router isis
net R3
!
!
!
!
Show clns interface output for R3
Serial0/0/0 is up, line protocol is up
Checksums enabled, MTU 1500, Encapsulation FRAME-RELAY
ERPDUs enabled, min. interval 10 msec.
RDPDUs enabled, min. interval 100 msec., Addr Mask enabled
Congestion Experienced bit set at 4 packets
CLNS fast switching enabled
CLNS SSE switching disabled
DEC compatibility mode OFF for this interface
Next ESH/ISH in 15 seconds
Routing Protocol: IS-IS
Circuit Type: level-1-2
Interface number 0×0, local circuit ID 0×1
Level-1 Metric: 10, Priority: 64, Circuit ID: R3.01
DR ID: 0000.0000.0000.00
Level-1 IPv6 Metric: 10
Number of active level-1 adjacencies: 0
Level-2 Metric: 10, Priority: 64, Circuit ID: R7.01
DR ID: R7.01
Level-2 IPv6 Metric: 10
Number of active level-2 adjacencies: 1
Next IS-IS LAN Level-1 Hello in 6 seconds
Next IS-IS LAN Level-2 Hello in 219 milliseconds
—
R7 Configuration:
hostname R7
interface Serial0/0/0
no ip address
encapsulation frame-relay
frame-relay map clns 307 broadcast
no frame-relay inverse-arp
clns enable
clns router isis
no sh
!
clns host R7 47.0037.7777.7777.7777.7777.00
router isis
net R7
!
!
!
show clns interface output for R7
Serial0/0/0 is up, line protocol is up
Checksums enabled, MTU 1500, Encapsulation FRAME-RELAY
ERPDUs enabled, min. interval 10 msec.
RDPDUs enabled, min. interval 100 msec., Addr Mask enabled
Congestion Experienced bit set at 4 packets
CLNS fast switching enabled
CLNS SSE switching disabled
DEC compatibility mode OFF for this interface
Next ESH/ISH in 25 seconds
Routing Protocol: IS-IS
Circuit Type: level-1-2
Interface number 0×0, local circuit ID 0×1
Level-1 Metric: 10, Priority: 64, Circuit ID: R7.01
DR ID: 0000.0000.0000.00
Level-1 IPv6 Metric: 10
Number of active level-1 adjacencies: 0
Level-2 Metric: 10, Priority: 64, Circuit ID: R7.01
DR ID: R7.01
Level-2 IPv6 Metric: 10
Number of active level-2 adjacencies: 1
Next IS-IS LAN Level-1 Hello in 7 seconds
Next IS-IS LAN Level-2 Hello in 1 seconds
We can see that CLNS was enabled, and with ISIS we are able to pass that route information to the other router, please check the following CLSN Route outputs:
R7#show clns route
Codes: C - connected, S - static, d - DecnetIV
I - ISO-IGRP, i - IS-IS, e - ES-IS
B - BGP, b - eBGP-neighbor
C 47.0037.7777 [2/0], Local IS-IS Area
C 47.0037.7777.7777.7777.7777.00 [1/0], Local IS-IS NET
i 47.0037.3333 [110/10]
via R3, Serial0/0/0
if we ping from
R3#ping 47.0037.7777.7777.7777.7777
Type escape sequence to abort.
Sending 5, 100-byte CLNS Echos with timeout 2 seconds
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/34/36 ms
R3#
R7#ping 47.0037.3333.3333.3333.3333
Type escape sequence to abort.
Sending 5, 100-byte CLNS Echos with timeout 2 seconds
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/34/36 ms
R7#
we have reachability, just looking at those CLNP Packets going out from one router to another..
CLNS: Originating packet, size 100
from 47.0037.7777.7777.7777.7777.00
to 47.0037.3333.3333.3333.3333
via 3333.3333.3333 (Serial0/0/0 DLCI 307)
CL NS: Echo Reply PDU received on Serial0/0/0!
CLNS: Originating packet, size 100
from 47.0037.7777.7777.7777.7777.00
to 47.0037.3333.3333.3333.3333
via 3333.3333.3333 (Serial0/0/0 DLCI 307)
CLNS: Echo Reply PDU received on Serial0/0/0!
CLNS: Originating packet, size 100
from 47.0037.7777.7777.7777.7777.00
to 47.0037.3333.3333.3333.3333
via 3333.3333.3333 (Serial0/0/0 DLCI 307)
CLNS: Echo Reply PDU received on Serial0/0/0!
CLNS: Originating packet, size 100
from 47.0037.7777.7777.7777.7777.00
to 47.0037.3333.3333.3333.3333
via 3333.3333.3333 (Serial0/0/0 DLCI 307)
CLNS: Echo Reply PDU received on Serial0/0/0!
CLNS: Originating packet, size 100
from 47.0037.7777.7777.7777.7777.00
to 47.0037.3333.3333.3333.3333
via 3333.3333.3333 (Serial0/0/0 DLCI 307)
CLNS: Echo Reply PDU received on Serial0/0/0!
Now let see what is installed in the routing table when an interface comes up
R3#deb clns routing
CLNS routing events debugging is on
R3#deb clns pack
CLNS packets debugging is on
R3#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#int s0/0/0
R3(config-if)#sh
R3(config-if)#
CLNS-RT: Interface Serial0/0/0 was up, now down
CLNS-RT: adjust static routes via 7777.7777.7777 going down
CLNS-RT: adjust static routes via Serial0/0/0 going down
R3(config-if)#
%LINK-5-CHANGED: Interface Serial0/0/0, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed state to do
wn
R3(config-if)#no sh
R3(config-if)#
CLNS-RT: Interface Serial0/0/0 was down, now up
CLNS-RT: adjust static routes via Serial0/0/0 going up
R3(config-if)#do show
%LINK-3-UPDOWN: Interface Serial0/0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed state to up
R3(config-if)#do show clns route
Codes: C - connected, S - static, d - DecnetIV
I - ISO-IGRP, i - IS-IS, e - ES-IS
B - BGP, b - eBGP-neighbor
C 47.0037.3333 [2/0], Local IS-IS Area
C 47.0037.3333.3333.3333.3333.00 [1/0], Local IS-IS NET
i 47.0037.7777 [110/10]
via R7, Serial0/0/0
R3(config-if)#
Just guessing here, I think that the IDP + HO DSP (Area) (47.0037.7777) of the NSAP (CLNS Address) is what we see in the Show CLNS Route, and Level 2 Routing logic is performed, to reach each others to send traffic.
R7#show clns protocol
IS-IS Router: <Null Tag>
System Id: 7777.7777.7777.00 IS-Type: level-1-2
Manual area address(es):
47.0037.7777
Routing for area address(es):
47.0037.7777
47.0037.3333
Interfaces supported by IS-IS:
Serial0/0/0 - OSI
Redistribute:
static (on by default)
Distance for L2 CLNS routes: 110
RRR level: none
Generate narrow metrics: level-1-2
Accept narrow metrics: level-1-2
Generate wide metrics: none
Accept wide metrics: none
About the CLSN Addressing, I just wrote the following from several sources and routers output, and I just like to share with you for my/your reference, main Cisco Doc for ISIS used in this text
Another post in relation with this on my blog
R1#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#router isis
R1(config-router)# net 47.0011.0000.0001.0100.0100.0101.0101.0101.00
Each IS-IS router must also have a way to uniquely identify itself within the routing domain.
R1(config-router)#net 49.0001.0000.0000.1111.00
%CLNS: System ID (0100.0101.0101.0101) must not change when defining additional area addresses
This identification is the function of the System ID, which is analogous to the OSPF Router ID
A router can have up to three area addresses
2nd Area Address
R1(config-router)#net 49.0100.0101.0101.0101.00
3er Area address
R1(config-router)#net 50.0100.0101.0101.0101.00
And is could happen if you have more than 3
R1(config-router)#net 51.0100.0101.0101.0101.00
%The maximum allowed addresses already configured
R1(config-router)#do show run | b ^router isis
router isis
net 47.0011.0000.0001.0100.0100.0101.0101.0101.00
net 49.0001.0102.0304.0506.00
net net 49.0100.0101.0101.0101.00
!
the Network Entity Titles here is defined by rfc163, the use of a .00 of NSel within the NSAP identifies the network layer itself. OSI network layer addressing is implemented with NSAP addresses
R3(config-router)#net ?
XX.XXXX. … .XXX.XX Network entity title (NET)
There are 3 NSAP formats:
A simple eight-octet Area ID/System ID format: AREA|SysID|SEL
Area: The Area field is used to route between areas using Level 2 routing.
System ID: The ID field is used to route to a host or router within the area using Level 1 routing.
SEL: The SEL field is used to route to an entity with the host or ES.
A OSI NSAP format: |Area|Area|Area|ID|SEL
and the GOSIP NSAP format
for examples of the different formats check out this Cisco Link
The NET (Network Entity Title) address is the address of the host, where the value in the SEL field is set to 0×00. Refers to the device itself (equivalent to the Layer 3 OSI address of the device)
The NSAP (Network Service Access Point) The SEL field at the end of the ISO address specifies the upper-layer protocol. Similar to the Protocol field of the IP header.
Anyways
R3(config-router)#net 00.0000.0000.3333.01
%IS-IS: Invalid NET, N-selector must be zero
and the last note is to remember about having the correct mappings in Non Broadcast Multiaccess Interfaces.
Example:
R3#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#int Serial0/0/0.322
R3(config-subif)# frame-relay map ip 1.2.23.2 322 broadcas
R3(config-subif)#no frame-relay map clns 322 broadcast
R3(config-subif)#do deb frame-relay pac
Frame Relay packet debugging is on
Serial0/0/0.322:encaps failed on broadcast for link 25(CLNS)
Yes, more information to come
Have a good one
Victor.-
Time Range Example.
In this example I want to restrict UDP traffic, but only during a specific time range.
We are going to configure our time range. and the requeriment is to match a time period from 9AM to 1PM.
We will configure our time range as periodic daily, and specify the time period of 9:00 to 12:59. (Note: Because of the way the router handles the time range, the ending time of 12:59 will cover through 12:59:59.)
R2(config)#time-range NOUDP R2(config-time-range)#periodic daily 9:00 to 12:59 |
Now that we have our time-range configured, we can apply it in our access list. We will block UDP traffic during the time range we have created.
R2(config)#access-list 199 deny udp any any time-range NOUDP R2(config)#access-list 199 permit ip any any |
Then Apply the ACL to the interface, do not forget to do this =)
R2(config)#int f0/1 R2(config-if)#ip access-group 199 in |
Verfication:
| R2#show time-range time-range entry: NOUDP (inactive) periodic daily 9:00 to 12:59 used in: IP ACL entry R2#show access-list Extended IP access list 199 10 deny udp any any time-range NOUDP (inactive) 20 permit ip any any (24 matches) |
So let set the clock
R2#clock set 9:01:00 1 Jun 2008 R2#*Jun 1 09:01:00.000: %SYS-6-CLOCKUPDATE: System clock has been updated from 03:32:45 UTC Mon Jun 15 2008 to 09:01:00 UTC Sat Jun 1 2008, configured from console by console. |
We can determine how that the ACL is active, bloquing UDP Traffic, in the time period specified
R2#show ip access-list
Extended IP access list 199
10 deny udp any any time-range NOUDP (active)
20 permit ip any any (57 matches)
|
Best of the luck!
Victor Cappuccio
Change Management
Always wanted to know what users are doing in your routers?
You do not have an Cisco ACS or another way to log the user configuration accounting??
then this is for you ! Cisco Link
or as simple as this:
Router#show run | b archive
archive
log config
logging enable
!
!
!
Now we can see if any user (like cisco in this case) made any configuration in owr routers
Router#show archive log config all
idx sess user@line Logged command
1 1 console@console | logging enable
2 0 cisco@vty0 |!exec: enable
3 2 cisco@vty0 |interface Loopback2
4 2 cisco@vty0 | no shutdown
5 2 cisco@vty0 | exit
6 2 cisco@vty0 |router ospf 1
7 2 cisco@vty0 | network 0.0.0.0 255.255.255.0 area
8 2 cisco@vty0 | exit
This says that this User had turn down a loopback (2) interface, and had configured ospf 1 for all interfaces.
Enjoy
Victor Cappuccio.-
Wait… do not hit enter yet
Creating nonexisten class within the policy-map!
R3#show ver | in IOS
Cisco IOS Software, 7200 Software (C7200-IS-M), Version 12.4(13b), RELEAS
ARE (fc3)
No class map configured
R3#show run class-map
Building configuration…
Current configuration : 6 bytes
end
No policy-map configured
R3#show run policy-map
Building configuration…
Current configuration : 6 bytes
end
R3#conf ter
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#policy-map MYPM
R3(config-pmap)#class match ?
<cr>
ok seems that we need to hit enter here, he is expeting class named match =)
But…
R3(config-pmap)#class match access-gr 102
We have now a class-map configured automagically
R3(config-pmap-c)#do show run class-map
Building configuration…
Current configuration : 60 bytes
!
class-map match-any match
match access-group 102
!
end
R3(config-pmap-c)#
Now here the running configuration will show the configuration using the match-any strategy in the class-map
Have fun!
Victor.-
FREE!! Tabbed terminal emulator for Windows.
Against common terminal emulators such as Putty or TeraTerm, Poderosa has following features.
- Tabbed style GUI
- It is convenient to open multiple connections at the same time. Moreover, you can split the window into panes and allocate each connection. :Many different ways to connect| In addition to Telnet and SSH1/2, local cygwin shell and serial ports are supported.
- Fulfilling options and tools
- A lot of terminal functions are available. Examples are: SSH2 port forwarding, SSH Key generation wizard, and SOCKS connections.
- Plugin architecture
- You can extend the feature of Poderosa by plug-ins, like Eclipse does. Connections via serial ports and X/ZModem-support are provided as additional plug-ins. A manual for plug-in developers is included the installation package.
Enjoy
Victor Cappuccio.-
PD: Copyright © 2006 Poderosa Project. All rights reserved.
for CLI lovers
This google-interface that behaves similar to a unix-shell,http://goosh.org/
MPLS IP, Interface Autoconfiguration
Interfaces running OSPF.
R6(config-router)#do show ip ospf inter br Interface PID Area IP Address/Mask Cost State Nbrs F/C Se0/0/0.68 1 1 192.168.68.6/24 1000 P2P 1/1 Se0/0/0.56 1 1 192.168.56.6/24 10000 P2P 1/1 Lo0 1 1 6.6.6.6/32 1 LOOP 0/0 |
And this is the output of show mpls interfaces
R6(config-router)#do show mpls inter Interface IP Tunnel Operational Serial0/0/0.36 No Yes No Serial0/0/0.56 No Yes Yes Serial0/0/0.68 No Yes Yes |
In the OSPF Process, we type:
R6(config-router)#mpls ldp autoconfig area 1 |
NOW we get!!!
| R6(config-router)#do show mpls inter Interface IP Tunnel Operational Serial0/0/0.36 No Yes No Serial0/0/0.56 Yes (ldp) Yes Yes Serial0/0/0.68 Yes (ldp) Yes Yes |
How, cool!! Also you could disable the LDP Autoconfiguration from an interface
R6(config)#int s0/0/0.56 R6(config-subif)#no mpls ldp igp autoconfig |
Output of show mpsl inter
R6(config-router)#do show mpls inter Interface IP Tunnel Operational Serial0/0/0.36 No Yes No Serial0/0/0.56 No Yes Yes Serial0/0/0.68 Yes (ldp) Yes Yes |
This could save a lot time while doing labs with OSPF... Enjoy! Victor .-
IPv6 On MPLS
Each Cisco 6PE router (Router R5 and Router R6) are running IPV4 routing and CEF the 2 customer edge routers (R1 and R2) have been assigned an IPV6 address os 2001:0:1:15::/64 and 2001:0:1:36::/64 the CE router are connected to the Cisco 6PE router as shown in the figure
The following is the configuration of the P routers (R7,R8,R9) tht aare using the 192.168.XX.0/24 inside the core, with ISIS as the IGP with ISIS Wide Metric, also they are running LDP Protocol for label exchange bindings.
P-R7 configuration:
R7#conf te Enter configuration commands, one per line. End with CNTL/Z. R7(config)#router isis R7(config-router)#net 49.0000.0000.0007.00 R7(config-router)#metric-st w R7(config-router)#is-type level-2-on R7(config-router)#do show mpls inter Interface IP Tunnel Operational Serial0/0/0.57 Yes (ldp) Yes Yes Serial0/0/0.78 Yes (ldp) Yes Yes Serial0/0/0.79 Yes (ldp) Yes Yes R7(config-router)#int s0/0/0.57 R7(config-subif)#ip router isis R7(config-subif)#int s0/0/0.78 R7(config-subif)#ip router isis R7(config-subif)#int s0/0/0.79 R7(config-subif)#ip router isis |
P-R8 configuration:
R8#conf te Enter configuration commands, one per line. End with CNTL/Z. R8(config)#router isis R8(config-router)#net 49.0000.0000.0008.00 R8(config-router)#metric-st w R8(config-router)#is-type level-2-on R8(config-router)#do show mpls inter Interface IP Tunnel Operational Serial0/0/0.68 Yes (ldp) Yes Yes Serial0/0/0.78 Yes (ldp) Yes Yes Serial0/0/0.89 Yes (ldp) Yes Yes R8(config-router)#int s0/0/0 R8(config-if)#int s0/0/0.68 R8(config-subif)#ip router isis R8(config-subif)#int s0/0/0.78 R8(config-subif)#ip router isis R8(config-subif)#int s0/0/0.89 R8(config-subif)#ip router isis R8(config-subif)#int lo0 R8(config-if)#ip router isis |
P-R9 configuration:
R9#show mpls inter Interface IP Tunnel Operational Serial0/0/0.79 Yes (ldp) Yes Yes Serial0/0/0.89 Yes (ldp) Yes Yes Serial0/0/0.179 Yes (ldp) Yes Yes Serial0/0/0.189 Yes (ldp) Yes Yes R9#conf te Enter configuration commands, one per line. End with CNTL/Z. R9(config)#router isis R9(config-router)#net 49.0000.0000.0009.00 R9(config-router)#metric-st w R9(config-router)#is-type level-2-on R9(config-router)#int s0/0/0.79 R9(config-subif)#ip router isis R9(config-subif)#int s0/0/0.89 R9(config-subif)#ip router isis R9(config-subif)#exit R9(config)#int lo0 R9(config-if)#ip router isis R9(config-if)#^Z |
The Cisco 6PE Router are prepared by enabling IPV4 and IPV6 CEF, enabling IPv6 and specifying the interfaces from which locally generated packets takes theier source IPv6, Router R5 exchanges IPv6 routing information with router 6 using IBGP established over an IPv4 The 6PE routers (5 and 6) are configured for both IPv4 and IPv6,
Configuration for 6PE Router R5
R5#conf ter Enter configuration commands, one per line. End with CNTL/Z. R5(config)#ip cef R5(config)#ipv6 unicast-routing R5(config)#ipv6 cef R5(config)#ip vrf IPV6:13 R5(config-vrf)#rd 56.56.56.56:13 R5(config-vrf)#route-t 56.56.56.56:13 R5(config-vrf)#exit R5(config)#mpls ipv6 source-inter lo0 R5(config)#mpls ldp router-id lo0 R5(config)#int lo0 R5(config-if)#ip add 5.5.5.5 255.255.255.255 R5(config-if)#ip router isis R5(config-if)#ipv6 address 2001::5/64 R5(config-if)#router isis R5(config-router)#net 49.0000.0000.0005.00 R5(config-router)#metric-s w R5(config-router)#is-ty level-2-on R5(config-router)#exit R5(config)#int lo0 R5(config-if)#ip router isis R5(config-if)#int s0/0/0.57 R5(config-subif)#ip router isis R5(config-subif)#exit R5(config)#int s0/0/0.15 R5(config-subif)#no ip add R5(config-subif)#ip vrf forw IPV6:13 R5(config-subif)#description TO CE ROUTER#1 R5(config-subif)#ipv6 add 2001:0:1:15::/64 eui R5(config-subif)#ipv6 ospf 1 area 0 R5(config-subif)#do show ipv6 int brief FastEthernet0/0 [administratively down/down] FastEthernet0/1 [administratively down/down] Serial0/0/0 [up/up] Serial0/0/0.15 [up/up] FE80::213:C4FF:FEE5:E1D0 2001:0:1:15:213:C4FF:FEE5:E1D0 Serial0/0/0.25 [up/up] Serial0/0/0.56 [down/down] Serial0/0/0.57 [up/up] Serial0/0/1 [administratively down/down] Loopback0 [up/up] FE80::213:C4FF:FEE5:E1D0 2001::5 |
Configuration for 6PE Router R6
R6#conf ter Enter configuration commands, one per line. End with CNTL/Z. R6(config)#ipv6 unicast-routing R6(config)#ipv6 cef R6(config)#mpls ipv6 sou lo0 R6(config)#ip cef R6(config)#ipv6 unicast-routing R6(config)#ipv6 cef R6(config)#ip vrf IPV6:13 R6(config-vrf)#rd 56.56.56.56:13 R6(config-vrf)#route-t 56.56.56.56:13 R6(config-vrf)#exit R6(config)#int lo0 R6(config-if)#ip add 6.6.6.6 255.255.255.255 R6(config-if)#ip router isis R6(config-if)#ipv6 add 2001::6/64 R6(config-if)#router isis R6(config-router)#net 49.0000.0000.0006.00 R6(config-router)#metric-s w R6(config-router)#is-type level-2-on R6(config-router)#int s0/0/0.36 R6(config-subif)#no ip add R6(config-subif)#ip vrf for IPV6:13 R6(config-subif)#Description TO CE ROUTER 3 R6(config-subif)#ipv6 add 2001:0:1:36::/64 eu R6(config-subif)#ipv6 ospf 1 area 0 R6(config-subif)#no sh R6(config-subif)#exit R6(config)#int s0/0/0.68 R6(config-subif)#ip router isis R6(config-subif)#do show ipv6 int brief FastEthernet0/0 [administratively down/down] FastEthernet0/1 [administratively down/down] Serial0/0/0 [up/up] Serial0/0/0.26 [up/up] Serial0/0/0.36 [up/up] FE80::213:C4FF:FEE5:B1E0 2001:0:1:36:213:C4FF:FEE5:B1E0 Serial0/0/0.46 [up/up] Serial0/0/0.56 [down/down] Serial0/0/0.68 [up/up] Serial0/0/1 [administratively down/down] Loopback0 [up/up] FE80::213:C4FF:FEE5:B1E0 2001::6 Tunnel0 [up/down] |
IPv6 and CEFv6 are enable are enabled the 6PE neighbor is activated, and aggregate label binding and advertisments is enabled for IPv6 using the neighbor send-label.
MP-BGP and OSPFv6 Configurations for 6PE Router R5
R5(config-subif)#router bgp 56 R5(config-router)#neigh 6.6.6.6 remote-as 56 R5(config-router)#neigh 6.6.6.6 up lo0 R5(config-router)#address-family ipv6 unicast R5(config-router-af)#neigh 6.6.6.6 activate R5(config-router-af)#neigh 6.6.6.6 send-label R5(config-router-af)#redistribute ospf 1 include-connected R5(config-router-af)#exit R5(config-router)#exit R5(config)#ipv6 router ospf 1 R5(config-rtr)#redistribute bgp 56 include-connected |
MP-BGP and OSPFv6 Configurations for 6PE Router R6
R6(config-subif)#router bgp 56 R6(config-router)#neigh 5.5.5.5 remote-as 56 R6(config-router)#neigh 5.5.5.5 up lo0 R6(config-router)#add ipv6 R6(config-router-af)#neigh 5.5.5.5 activate R6(config-router-af)#neigh 5.5.5.5 send-label R6(config-router-af)#redistribute ospf 1 include-connected R6(config-router-af)#exit R6(config-router)#exit R6(config)#ipv6 router ospf 1 R6(config-rtr)#redistribute bgp 56 include-connected |
When the neighbor relationship comes on, lets see the BIG output from the show bgp ipv6 neigh.. just for history grins..
R6#show bgp ipv6 unicast neighbors BGP neighbor is 5.5.5.5, remote AS 56, internal link BGP version 4, remote router ID 5.5.5.5 BGP state = Established, up for 01:42:36 Last read 00:00:35, last write 00:00:35, hold time is 180, keepalive interval is 60 seconds Neighbor capabilities: Route refresh: advertised and received(old & new) Address family IPv4 Unicast: advertised and received Address family IPv6 Unicast: advertised and received ipv6 MPLS Label capability: advertised and received Message statistics: InQ depth is 0 OutQ depth is 0 Sent Rcvd Opens: 2 2 Notifications: 0 0 Updates: 6 6 Keepalives: 138 138 Route Refresh: 0 0 Total: 146 146 Default minimum time between advertisement runs is 0 seconds For address family: IPv4 Unicast BGP table version 1, neighbor version 1/0 Output queue size: 0 Index 1, Offset 0, Mask 0x2 1 update-group member Sent Rcvd Prefix activity: ---- ---- Prefixes Current: 0 0 Prefixes Total: 0 0 Implicit Withdraw: 0 0 Explicit Withdraw: 0 0 Used as bestpath: n/a 0 Used as multipath: n/a 0 Outbound Inbound Local Policy Denied Prefixes: -------- ------- Total: 0 0 Number of NLRIs in the update sent: max 0, min 0 For address family: IPv6 Unicast BGP table version 9, neighbor version 9/0 Output queue size: 0 Index 1, Offset 0, Mask 0x2 1 update-group member NEXT_HOP is always this router Sending Prefix & Label Sent Rcvd Prefix activity: ---- ---- Prefixes Current: 2 2 (Consumes 152 bytes) Prefixes Total: 2 2 Implicit Withdraw: 0 0 Explicit Withdraw: 0 0 Used as bestpath: n/a 2 Used as multipath: n/a 0 Outbound Inbound Local Policy Denied Prefixes: -------- ------- Bestpath from this peer: 2 n/a Total: 2 0 Number of NLRIs in the update sent: max 1, min 1 Connections established 2; dropped 1 Last reset 01:42:38, due to Peer closed the session Connection state is ESTAB, I/O status: 1, unread input bytes: 0 Connection is ECN Disabled, Mininum incoming TTL 0, Outgoing TTL 255 Local host: 6.6.6.6, Local port: 179 Foreign host: 5.5.5.5, Foreign port: 14079 Connection tableid (VRF): 0 Enqueued packets for retransmit: 0, input: 0 mis-ordered: 0 (0 bytes) Event Timers (current time is 0x2D28498): Timer Starts Wakeups Next Retrans 106 0 0x0 TimeWait 0 0 0x0 AckHold 106 100 0x0 SendWnd 0 0 0x0 KeepAlive 0 0 0x0 GiveUp 0 0 0x0 PmtuAger 0 0 0x0 DeadWait 0 0 0x0 Linger 0 0 0x0 ProcessQ 0 0 0x0 iss: 75068442 snduna: 75070667 sndnxt: 75070667 sndwnd: 16365 irs: 3898122610 rcvnxt: 3898124835 rcvwnd: 16365 delrcvwnd: 19 SRTT: 300 ms, RTTO: 303 ms, RTV: 3 ms, KRTT: 0 ms minRTT: 44 ms, maxRTT: 316 ms, ACK hold: 200 ms Status Flags: passive open, gen tcbs Option Flags: nagle IP Precedence value : 6 Datagrams (max data segment is 536 bytes): Rcvd: 121 (out of order: 0), with data: 106, total data bytes: 2224 Sent: 218 (retransmit: 0, fastretransmit: 0, partialack: 0, Second Congestion: 0), with data: 105, total data bytes: 2224 Packets received in fast path: 0, fast processed: 0, slow path: 0 fast lock acquisition failures: 0, slow path: 0 |
Now is the turn to configure the CE routers (R1 and R3), with IPv6 to the 6PE Router R5 and R6
R1#conf te Enter configuration commands, one per line. End with CNTL/Z. R1(config)#ipv6 unicast-routing R1(config)#int s0/0/0.15 R1(config-subif)#ipv6 add 2001:0:1:15::/64 eui R1(config-subif)#ipv6 ospf 1 area 0 R1(config-subif)#int lo0 R1(config-if)#ipv6 add 2001::1/128 R1(config-if)#ipv6 ospf 1 area 0 R1(config-subif)#do show ipv6 ospf neigh Neighbor ID Pri State Dead Time Interface ID Interface 5.5.5.5 1 FULL/ - 00:00:34 16 Serial0/0/0.15 R3#conf ter Enter configuration commands, one per line. End with CNTL/Z. R3(config)#ipv6 unicast R3(config)#int s0/0/0.36 R3(config-subif)#ipv6 add 2001:0:1:36::/64 eu R3(config-subif)#ipv6 ospf 1 area 0 R3(config-subif)#int lo0 R3(config-if)#ipv6 add 2001::3/128 R3(config-if)#ipv6 ospf 1 area 0 |
We can see now that R5 is receiving IPv6 routes from R1
R5(config-subif)#do show ipv6 route IPv6 Routing Table - 6 entries Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP U - Per-user Static route, M - MIPv6 I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2 ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2 D - EIGRP, EX - EIGRP external C 2001::/64 [0/0] via ::, Loopback0 O 2001::1/128 [110/64] via FE80::216:46FF:FE99:6328, Serial0/0/0.15 L 2001::5/128 [0/0] via ::, Loopback0 C 2001:0:1:15::/64 [0/0] via ::, Serial0/0/0.15 L 2001:0:1:15:213:C4FF:FEE5:E1D0/128 [0/0] via ::, Serial0/0/0.15 L FF00::/8 [0/0] via ::, Null0 R5#show bgp ipv6 unicast BGP table version is 5, local router ID is 5.5.5.5 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *> 2001::1/128 :: 64 32768 ? *> 2001:0:1:15::/64 :: 0 32768 ? |
On R6
R6#show ipv6 route IPv6 Routing Table - 6 entries Codes: C - Connected, L - Local, S - Static, R - RIP, B - BGP U - Per-user Static route, M - MIPv6 I1 - ISIS L1, I2 - ISIS L2, IA - ISIS interarea, IS - ISIS summary O - OSPF intra, OI - OSPF inter, OE1 - OSPF ext 1, OE2 - OSPF ext 2 ON1 - OSPF NSSA ext 1, ON2 - OSPF NSSA ext 2 D - EIGRP, EX - EIGRP external C 2001::/64 [0/0] via ::, Loopback0 O 2001::3/128 [110/64] via FE80::215:FAFF:FED8:51B0, Serial0/0/0.36 L 2001::6/128 [0/0] via ::, Loopback0 C 2001:0:1:36::/64 [0/0] via ::, Serial0/0/0.36 L 2001:0:1:36:213:C4FF:FEE5:B1E0/128 [0/0] via ::, Serial0/0/0.36 L FF00::/8 [0/0] We can reach R3 lo0 from R6 R6#ping 2001::3 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 2001::3, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/28/32 ms R6# |
lets see the labels that MP - BGP is advertising
Information from R5
R5#show bgp ipv6 unicast
BGP table version is 5, local router ID is 5.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 2001::1/128 :: 64 32768 ?
*>i2001::3/128 ::FFFF:6.6.6.6 64 100 0 ?
*> 2001:0:1:15::/64 :: 0 32768 ?
*>i2001:0:1:36::/64 ::FFFF:6.6.6.6 0 100 0 ?
R5#show bgp ipv6 label Network Next Hop In label/Out label 2001::1/128 :: 26/nolabel 2001::3/128 ::FFFF:6.6.6.6 nolabel/24 2001:0:1:15::/64 :: 27/nolabel 2001:0:1:36::/64 ::FFFF:6.6.6.6 nolabel/25 |
Information from R6
R6#show bgp ipv6 uni BGP table version is 5, local router ID is 6.6.6.6 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path *>i2001::1/128 ::FFFF:5.5.5.5 64 100 0 ? *> 2001::3/128 :: 64 32768 ? *>i2001:0:1:15::/64 ::FFFF:5.5.5.5 0 100 0 ? *> 2001:0:1:36::/64 :: 0 32768 ? R6#show bgp ipv6 uni lab Network Next Hop In label/Out label 2001::1/128 ::FFFF:5.5.5.5 nolabel/24 2001::3/128 :: 24/nolabel 2001:0:1:15::/64 ::FFFF:5.5.5.5 nolabel/25 2001:0:1:36::/64 :: 25/nolabel |
So we can try now a ping from R1 to R3
R1#ping 2001::3 rep 10000 Type escape sequence to abort. Sending 10000, 100-byte ICMP Echos to 2001::3, timeout is 2 seconds: !!!!!!!!!!!!!!!!!!!! |
The P router in the core of the network are not aware that they are switching IPv6 Packets, Core routers in this configuration are using only LDP and ISIS, you can use TDP or RSVP for binding Ipv4 labels.
R7#deb mpls pac MPLS packet debugging is on R7# MPLS: Se0/0/0.57: recvd: CoS=0, TTL=63, Label(s)=18/24 MPLS: Se0/0/0.78: xmit: CoS=0, TTL=62, Label(s)=18/24 |
Within this network, IPv6 traffic is forwarded using label 24 assigned by R6 to reach R3 loopback , which makes the IPv6 traffic transparent to the core of the MPLS network.
MPLS is a very COOL Technology!!!
Have fun!
Victor Cappuccio.-
— preparing for SP Track… Written comming soon
