Monday, January 21, 2019

INE CCIE R&S Advanced Technologies Lab on EVE-NG

This lab is fairly easy to build on EVE-NG. I am sharing the lab I created to help newbies to..
Just download the lab topology from here, upload it to your EVE machine and start configuring to match the lab which you are doing..



























It will be networked for your requirement with 802.1q tagging of sub-interfaces to form a Layer 3 topology like the following..






















Refer the following post to understand how to connect interfaces via 802.1q tagging.

Physical Topology of a Logical Diagram with Sub Interfaces

Here it is used with a switch, but in the above topology, a hub is used so switch configuration is not needed.

Interactive Way to Learn about Cisco Devices

Some of you may have used the Cisco 3D product catalog for pre-sales work. This can be a very useful resource for the people who are pursuing Cisco exams too. You can remove modules, explore features and understand how it is really there in real world. This helped me alot to learn about Nexus series of Datacenter switches so I thought to share it with others who haven't used it yet.


It has Windows PC, Android & iOS apps too to install and offline use..

Catalog Homepage

Saturday, December 22, 2018

Injecting a Default Route into BGP via Redistribution

Default routes can be injected into BGP in one of 3 ways.

1. By network command
2. By redistribute command + default-information originate command
3. By neighbor <neighbor-id> default-originate sub command

This post is about the redistribution method. There are couple of things to remember when you are doing it.

Unlike other redistribution configurations, injecting a default route through redistribution requires an additional configuration command default-information originate. The default route must exist in the IP routing table anyway in order to be redistributed..

Following is the simple configuration to redistribute a static default route into BGP. Even from other protocols it is like this with exception of static keyword.

R1(config)#router bgp 65001
R1(config-router)#neighbor 192.168.12.2 remote-as 65002
R1(config-router)#redistribute static
R1(config-router)#default-information originate

How to Check the Default Route Availability Before Advertising in BGP

Default routes can be injected into BGP in one of 3 ways.

1. By network command
2. By redistribute command + default-information originate command
3. By neighbor <neighbor-id> default-originate sub command

From all the above 3 methods, the last one does not add a default route to the local BGP table. Instead it will advertise a default route to a neighbor even without having a default route in it's IP routing table. Anyway it can be configured to check for the availability of the default route in IP routing table using a route map before advertising. Here is how to do that..

Create a prefix list to match the default route;
R(config)#ip prefix-list DEFAULT seq 5 permit 0.0.0.0/0

Create a route map with the prefix list;
R(config)#route-map CHECK-DEFAULT permit 10
R(config-route-map)#match ip address prefix-list DEFAULT

Configure neighbor with default-originate & route map
R(config)#router bgp 65001
R(config-router)#bgp log-neighbor-changes
R(config-router)#neighbor 192.168.12.2 remote-as 65002
R(config-router)#neighbor 192.168.12.2 default-originate route-map CHECK-DEFAULT

Note that if you are going to use an access-list to achieve the above result, following simple ACL can be used..

R(config)#ip access-list standard DEFAULT
R(config)#permit any

A Simple Way to Manually Sumamrize BGP Routes

First the router will be configured with a static route, typically with destination Null 0. Then prefix/length can be matched with a network command to inject the summary. Note that this will not filter any component subnets but for simple route sumarization can be achieved.

Let's see the routing table and the BGP config of the aggregating (summarizing) router..





























network 11.0.0.0 mask 255.255.0.0 is inserted into the BGP configuration.






















RIB of the aggregating router shows the summary route. But you can see the component routes are not suppressed. So You will have to remove advertising commands of component routes in R1. But to do so, you will have to make sure they are reachable from the aggregating router. In the above case, it is not a problem because the routes are originated from this router..

Route Summarization using Aggregate Address Command in BGP

BGP manual summarization with the aggregate address command can summarize based on any routes in the BGP table creating a summary of any prefix length. It does not always suppress the component subnets although it can be configured to do so.





















Let's see the routing table of R1 which I am going to take as the aggregation point.



























BGP configuration of R1;











BGP RIBs of all 3 routers;















Let's add a simple aggregate-address command to BGP configuration of R1;

aggregate-address 11.0.0.0 255.0.0.0















As you can see a new NLRI of 11.0.0.0/8 has been injected to the table along with its component subnets in R1 and it is advertised to both iBGP and eBGP neighbors.

Let's extend the command bit.

aggregate-address 11.0.0.0 255.0.0.0 summary-only












Now only the summary is advertised and in aggregation router, it shows subnets are suppressed.

Now let's configure R4 to advertise 11.40.0.0/24 subnet to BGP.. It will shown in R1 as the following..














Let's see how it is advertised to R3 (It's iBGP neighbor)











You can see the AS path is only set up to the aggregation point even though one component subnet has a different AS path. In order to change this behavior of hiding the  AS path of component subnets, let's extend the command in R1 a little bit further..

 aggregate-address 11.0.0.0 255.0.0.0 summary-only as-set











Now in R3, AS path is shown with the AS path of the component subnet which has a different AS path.

Now let's configure R2 to advertise 11.200.0.0/24 subnet to BGP.. It will shown in R1 as the following..















Let's see the output of R3 RIB now..












As you can see, it is showing ASes in a bracket with all the AS paths of component subnets because there are several different AS paths. It is really an unordered list of all ASes from all the component subnets..