BGP is satisfying. Almost finished BSCI prep.

I think I’m going to take my BSCI exam next thursday. I just finished my reading for BGP (Doyle Vol.2 + BSCI Cert. Guide) much faster than expected and it wasn’t as bad as I’ve been told.

Actually, I’m feeling pretty good right now. Once you understand BGP, you understand how the internet ties together, and that is pretty cool. BGP is one of those topics that you read about, that people make you feel is super-complex, but that just isn’t as bad as people say. The rules are fairly straight-forward, you just have to know them. In the real world a BGP configuration can presumably get pretty complex, but for the BSCI, I don’t think what you’re expected to know is difficult at all.  The key is probably having a solid understanding of route-maps, since they are used to manipulate BGP attributes and will probably show their face in an exam Sim question, if you get one on BGP that is.

At this point I am no BGP expert, but for the BSCI, I think I have a good enough grasp of it, and probably a bit more than I need (route reflectors and confederations seem to be outside the scope of CCNP). I’ll just have to make sure to memorize a couple tables over the next couple of weeks. Beyond that, I look forward to Reading Sam Halabi’s BGP bible, but I will save that for when I am done with the CCNP and am preparing for the CCIE written.

Tomorrow I’ll spend the day labbing BGP. I’ll also integrate IGPs and redistribution into my lab scenarios. I’ll probably make one big lab with 9 or 10 routers running different protocols in multiple AS with redistribution, route filtering, etc. This will serve as a good review for everything i’ve learned to date.

Doyle doesn’t need recommendations, but I will give him one just the same. Volume 2 of Routing TCP/IP is just as good as Volume 1. It is well-written, concise, and to the point. It’s a pleasure to read. Then again, I’m a bit of a nerd.

Finished with interior routing protocols. Finally. Also ordered more books.

Everyone needs a break now and then. I’ve been a machine since before the final exam period in my last term at university. After that I started right up on the CCNA and BSCI. The last week and a half, I must report, were complete write-offs. I got home late every night and just vegged-out to True Blood, Entourage, and a bunch of movies.

This weekend I got back on track and covered IS-IS, which I really didn’t like very much. Well, I’m almost done with it. I read the chapters on it in both Doyle and the Exam Cert Guide, so I still have the labs in the Lab Portfolio to do. I will probably cover a big chunk of Redistribution today as well, so i’m getting back to my desired pace once again.

Lastly, I think I have said this before, but while the CCNA Cxam Certification Guide by Wendell Odom provided you with everything you needed to pass, the CCNP Exam Certification Library does not. The information in it is very terse, and often unclear unless you’ve already read something that explained the subject in much more detail. Cisco recommends the authorized self-study guide, but I am using Doyle’s Routing TCP/IP for everything. Volume 1 covers the interior routing protocols and some other stuff and Volume 2 covers bgp, multicasting, nat, etc. I had initially only ordered volume 1, but I just ordered Volume 2. I’ve just gone ahead and created a listmania on amazon for those that are interested. It’s specifically designed for people that intend on doing a CCNP and going straight to the CCIE. It distinguishes between what I think is required and what is just recommended, based on my experience with the material so far.

My Book List

Filtering specific routes from a routing protocol update

I was doing the EIGRP challenge lab in the Lab Portfolio today and I came across something that had not been covered in either the BSCI Exam Cert Guide or the Lab Portfolio itself.

The requirements stated that a particular route should not be advertisted out of a particular router. At first I was thinking that I could do something with access lists and network commands, excluding the particular network from routing updates, but I got to thinking how convoluted that would be in a real network, and that there had to be a better way.

So, I went searching the cisco docs and found part of the solution. I had to use something called a distribute-list. The docs referenced using it with an access-list. I thought there had to be a better way still, so I went to my IE Workbook Volume 1 and searched for distribute-list. Sure enough, I found it used in conjuction with something called a prefix list, which wasn’t mentioned in the cisco docs as an option (but was in the inline help).

So here’s how it actually works. The prefix-list basically tells the distribute list which networks can and can’t be advertised. It uses matching in the same way that access lists do. Each entry has a sequence number, and it proceeds from 1->X in order. Once a match is made, it no longer tries to match against any other entries in your prefix list. When used in conjuction with a distribute-list, anything that isn’t matched, is denied.

Here’s the scenario: R2 receives EIGRP updates from R3. R3 has a series of loopbacks configured, and we want R2 to prevent the network on R3′s loopback 3 from being advertised out.

R2 config:

router eigrp 1
network 172.16.0.0
no auto-summary
neighbor 172.16.12.1 Serial0/0

R3 config:

interface Loopback0
ip address 172.16.3.1 255.255.255.224
!
interface Loopback1
ip address 172.16.3.33 255.255.255.224
!
interface Loopback2
ip address 172.16.3.65 255.255.255.224
!
interface Loopback3
ip address 172.16.3.97 255.255.255.224

router eigrp 1
network 172.16.0.0
no auto-summary

Now what we want to do is Filter the 172.16.3.64/27 network from being advertised out of R2. Ok, no sweat. On R2:

ip prefix-list permitOut seq 5 deny 172.16.3.64/27

ip prefix-list permitOut seq 10 permit 172.16.0.0/16

router eigrp 1

distribute-list prefix permitOut out

On R1 (which is connected to R2):

Show ip route:

Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 2 subnets
C       172.16.12.0 is directly connected, Serial0/0
C       172.16.1.0 is directly connected, Loopback0

So what happened? I just wanted to block 172.16.3.64/27 from being advertised, not all EIGRP routes…

There are two things you have to understand about the behavior of distribute lists. The first is that it’s not enough to deny a particular route and expect the rest of your routes to be advertised. You need a permit statement to follow your deny that will explicitly allow all the other routes. The problem with my permit statement is that the ip prefix-list command doesn’t match in the same way that routing protocol network commands do. Matching against 172.16.0.0/16 will ONLY match against a network with the /16 prefix. Consequently, when the router checks 172.16.3.96/27 or 172.16.4.0/25 against 172.16.0.0/16, it will not find a match, and those routes won’t be advertised because there is an implicit deny at the end of the prefix-list. Instead you have to permit all other prefixes. You could do this in a couple of ways:

1. ip prefix-list permitOut seq 10 permit 172.16.0.0/16 ge 17
2. ip prefix-list permitOut seq 10 permit 0.0.0.0/0 le 32

Either of these will work for our requirements in this lab. #2 is probably better in general because it would help avoid the situation where networks that get added in the future, other than 172.16.0.0/16 wouldn’t get advertised.

Now if I do show ip route on R1 again:

Codes: C – connected, S – static, R – RIP, M – mobile, B – BGP
D – EIGRP, EX – EIGRP external, O – OSPF, IA – OSPF inter area
N1 – OSPF NSSA external type 1, N2 – OSPF NSSA external type 2
E1 – OSPF external type 1, E2 – OSPF external type 2
i – IS-IS, su – IS-IS summary, L1 – IS-IS level-1, L2 – IS-IS level-2
ia – IS-IS inter area, * – candidate default, U – per-user static route
o – ODR, P – periodic downloaded static route

Gateway of last resort is not set

172.16.0.0/16 is variably subnetted, 9 subnets, 3 masks
D       172.16.34.0/24 [90/41536000] via 172.16.12.2, 00:00:05, Serial0/0
D       172.16.3.32/27 [90/41152000] via 172.16.12.2, 00:00:05, Serial0/0
D       172.16.23.0/24 [90/41024000] via 172.16.12.2, 00:00:05, Serial0/0
C       172.16.12.0/24 is directly connected, Serial0/0
D       172.16.4.0/25 [90/41664000] via 172.16.12.2, 00:00:05, Serial0/0
C       172.16.1.0/24 is directly connected, Loopback0
D       172.16.2.0/24 [90/20640000] via 172.16.12.2, 00:00:05, Serial0/0
D       172.16.3.0/27 [90/41152000] via 172.16.12.2, 00:00:05, Serial0/0
D       172.16.3.96/27 [90/41152000] via 172.16.12.2, 00:00:05, Serial0/0

The 172.16.3.64/27 route is no longer present.

So the final config on R2 is:

ip prefix-list permitOut seq 5 deny 172.16.3.64/27
ip prefix-list permitOut seq 10 permit 0.0.0.0/0 le 32

router eigrp 1
network 172.16.0.0
distribute-list prefix permitOut out
no auto-summary
neighbor 172.16.12.1 Serial0/0

Cisco Docs Howto

There’s a very good video on the internetworkexpert site that covers how to use the cisco docs. This may sound elementary, but I’ll be honest and say that I’d never really taken the time to learn how to use it properly. In the past I’ve relied on the search feature within the cisco site, but with mixed results. It’s a very good video.

http://www.internetworkexpert.com/resources/doccd.htm

Internetwork Expert 25% off this weekend.

I don’t know how often they run these sales, but I bought the value package with Workbooks 1->3 and the Advanced Tech. Class-On-Demand. I haven’t looked at the class yet, but the workbooks look good. I recommend saving some money and getting the electronic versions. The workbooks are not the type of thing you are going to sit down and read away from the computer.

Anyway, I thought this ended yesterday, but they extended it. The workbooks+class cost me $750. I now have most of the materials I need to take me through to the end of my CCIE studies. I’m still missing a couple of books on the reading list though.

more hassles with dynamips: flapping serial interfaces

I’ve been doing labs out of the BSCI lab portfolio. I’m working on lab 2-4, an EIGRP over frame relay lab. Back when I had been studying for my CCNA, I did routing labs with 9 routers. It was total overkill for the CCNA, but it served the dual purpose of seeing what I could get away with on dynamips, as I wanted to see how suitable it would be for CCIE-level networks. Ya, you can always build a second PC to run it on, but I didn’t really want to. Anyway, the point is, I got it working in a 9 router lab, albeit with 3 instances of dynamips running at the same time. For reference, I have a Q9450 cpu and 4GB of ram.

Today I was trying to configure a 4 router lab, with 1 router acting as a frame relay switch. I set it up in one instance, but a serial interface on my Frame relay switch kept flapping. I then tried splitting the switch off into its own instance. Same problem. Then I split the devices evenly between two instances and restarted my computer… Same problem. I was starting to get a little pissed, as i’d wasted 30 minutse on this. You should know i was trying to do this with 2611XM routers and a 12.4T AdvSec ios. Well, it seems that was the problem. By changing the FR switch to use a 7200 router and a 12.4T AdvEnt Ios, it stopped flapping and all of a sudden my eigrp routes showed up like they were supposed to. FWIW I’m still using the 2611XM for R1->3. I’m just using the 7200 for the frame relay switch. An hour later I can finally get on with the lab….