area X nssa no-redistribution no-summary
The schema below is anexample of this implementation:
Thursday, December 10, 2015
OSPF - Filter redistribution in a Totally NSSA area
In some cases, we can have the ABR which can also be an ASBR. If we are working with a Totally NSSA area we have unnecessary routes. ABR announces a default route and his redistributed routes which are not necessary. In order to solve this case and only announce a default route, we can use the commande below on the ABR:
area X nssa no-redistribution no-summary
The schema below is anexample of this implementation:
area X nssa no-redistribution no-summary
The schema below is anexample of this implementation:
Thursday, November 5, 2015
BGP Route Reflector - Routing advertisements rules
In order to avoid a looping route, the route reflector follows the 3 rules below:
1/ routes learned from an eBGP peers can be announced to eBGP peers, clients and non-clients.
2/ routes learned from a client can be announced to eBGP peers, others clients and non-clients.
3/ routes learned from a non-client can be announced to eBGP peers, clients and they cannot be sent to a non-clients.
1/ routes learned from an eBGP peers can be announced to eBGP peers, clients and non-clients.
2/ routes learned from a client can be announced to eBGP peers, others clients and non-clients.
3/ routes learned from a non-client can be announced to eBGP peers, clients and they cannot be sent to a non-clients.
Wednesday, November 4, 2015
Track an IP on your Network
Who has never received the following question from a colleague:
- Hey, the network guy, could you find where is this laptop for me ? I have only his IP address.
To resolve this, you start to follow the IP address by looking in the arp and mac-address table of your switchs, routers and firewall. I have finished this boring job by using the following open source tool:
http://netdbtracking.sourceforge.net/
Developpers have alreay preconfigured a VM:
http://sourceforge.net/projects/netdbtracking/files/vmware/
After 30 minutes of the VM installation and some hours (depending of the size of your network) of configuration to enter your different equipment, you can provide a webtools reachable from everybody to track an IP.
You will find below some examples of host configuration.
hostname,devtype=procurvehpv2, arp
On this example, I skipped uplinks interfaces (45 and 47). I have also limited to 2 mac address by interface.
hostname,devtype=procurvehpv2,skip_port=45,skip_port=47,use_trunks,max_macs=2
- Hey, the network guy, could you find where is this laptop for me ? I have only his IP address.
To resolve this, you start to follow the IP address by looking in the arp and mac-address table of your switchs, routers and firewall. I have finished this boring job by using the following open source tool:
http://netdbtracking.sourceforge.net/
Developpers have alreay preconfigured a VM:
http://sourceforge.net/projects/netdbtracking/files/vmware/
After 30 minutes of the VM installation and some hours (depending of the size of your network) of configuration to enter your different equipment, you can provide a webtools reachable from everybody to track an IP.
You will find below some examples of host configuration.
- HP Procurve (Layer 3)
hostname,devtype=procurvehpv2, arp
- HP Procurve (Layer 2):
On this example, I skipped uplinks interfaces (45 and 47). I have also limited to 2 mac address by interface.
hostname,devtype=procurvehpv2,skip_port=45,skip_port=47,use_trunks,max_macs=2
Monday, July 27, 2015
Windows: find the MTU for a specific IP
The following command, give us the MTU for a specific destination:
U:\>netsh interface ipv4 show destinationcache address='IP_addresss'
U:\>netsh interface ipv4 show destinationcache address=192.168.95.216
Destination : 192.168.95.216
Next Hop Address : 192.168.211.254
Source : 192.168.211.1
Interface : Local Area Connection
Path MTU : 1500
Upper-layer MTU : 1480
RTT mean : 3000
RTT deviation : 0
Path transmit speed (Bps): 0
Path receive speed (Bps) : 0
Link transmit Speed (bps): 1000000000
Link receive Speed (bps) : 1000000000
U:\>netsh interface ipv4 show destinationcache address=192.168.95.216
Destination : 192.168.95.216
Next Hop Address : 192.168.95.216
Source : 192.168.243.197
Interface : Local Area Connection
Path MTU : 1400
Upper-layer MTU : 1380
RTT mean : 40
RTT deviation : 20
Path transmit speed (Bps): 0
Path receive speed (Bps) : 0
Link transmit Speed (bps): 2000000000
Link receive Speed (bps) : 2000000000
U:\>netsh interface ipv4 show destinationcache address='IP_addresss'
- Example on a classic LAN:
U:\>netsh interface ipv4 show destinationcache address=192.168.95.216
Destination : 192.168.95.216
Next Hop Address : 192.168.211.254
Source : 192.168.211.1
Interface : Local Area Connection
Path MTU : 1500
Upper-layer MTU : 1480
RTT mean : 3000
RTT deviation : 0
Path transmit speed (Bps): 0
Path receive speed (Bps) : 0
Link transmit Speed (bps): 1000000000
Link receive Speed (bps) : 1000000000
- Example with an IPsec Tunnel:
U:\>netsh interface ipv4 show destinationcache address=192.168.95.216
Destination : 192.168.95.216
Next Hop Address : 192.168.95.216
Source : 192.168.243.197
Interface : Local Area Connection
Path MTU : 1400
Upper-layer MTU : 1380
RTT mean : 40
RTT deviation : 20
Path transmit speed (Bps): 0
Path receive speed (Bps) : 0
Link transmit Speed (bps): 2000000000
Link receive Speed (bps) : 2000000000
Tuesday, July 7, 2015
Configure PIM-sparse mode between Cisco and HP Procurve
This post explains how to configure PIM-sparse mode between a Cisco and HP Procurve environment. In our case, we have the following components:
- Cisco2 (Rendez-vous Point)
- Cisco1 (PIM router)
- HP1 (PIM router and IGMP edge router)
ip multicast-routing
ip pim rp-address 10.10.30.1 (we can filter group here with an ACL)
!
interface Gi1/0/1
description *** TO Cisco1 ***
ip address 10.10.20.2 255.255.255.0
ip pim sparse-mode
!
interface Vlan100
description *** VLAN Source ***
ip address 10.10.30.1 255.255.255.0
ip pim sparse-mode
ip multicast-routing
ip pim rp-address 10.10.30.1
!
description *** TO HP1 ***
ip address 10.10.10.1 255.255.255.0
ip pim sparse-mode
HP1# sho ip igmp groups
IGMP Group Address Information
VLAN ID Group Address Expires UpTime Last Reporter | Type
------- --------------- ------------- ------------- --------------- + ------
200 239.1.1.1 0h 3m 27s 0h 2m 4s 10.10.40.2 | Filter
- Cisco2 (Rendez-vous Point)
- Cisco1 (PIM router)
- HP1 (PIM router and IGMP edge router)
- Configuration
- Cisco2 (RP):
ip multicast-routing
ip pim rp-address 10.10.30.1 (we can filter group here with an ACL)
!
interface Gi1/0/1
description *** TO Cisco1 ***
ip address 10.10.20.2 255.255.255.0
ip pim sparse-mode
!
interface Vlan100
description *** VLAN Source ***
ip address 10.10.30.1 255.255.255.0
ip pim sparse-mode
- Cisco1:
ip pim rp-address 10.10.30.1
!
interface Gi1/0/1
description *** TO Cisco2 ***
ip address 10.10.20.1 255.255.255.0
ip pim sparse-mode
!
interface Gi1/0/1description *** TO Cisco2 ***
ip address 10.10.20.1 255.255.255.0
ip pim sparse-mode
!
description *** TO HP1 ***
ip address 10.10.10.1 255.255.255.0
ip pim sparse-mode
- HP1:
ip multicast-routing
!
router pim
enable
rp-address 10.10.30.1 224.0.0.0 240.0.0.0 (we can filter group here)
exit
!
vlan 316
name "To Cisco1"
untagged A1
ip address 10.10.10.2 255.255.255.0
ip pim-sparse
ip-addr any
exit
!
vlan 200
name "200-RECEIVER"
untagged A1
tagged A13-A15,B20,Trk1
ip address 10.10.40.1 255.255.255.0
ip igmp
ip pim-sparse
ip-addr any
exit
- Validation
Check PIM neighbors adjacency on HP:
HP1# sho ip pim neighbor
PIM Neighbors
IP Address VLAN Up Time (sec) Expire Time (sec)
--------------- ---- ------------------ ------------------
10.10.10.1 316 2305990 103
The receiver is requesting traffic from the source (IGMP membership report):
HP1# sho ip igmp vlan 200
IGMP Service Protocol Info
Total VLANs with IGMP enabled : 7
Current count of multicast groups joined : 1
IGMP Filter Unknown Multicast: Disabled
IGMP Filter Unknown Multicast Status: Disabled
VLAN ID : 200
VLAN Name : 200-RECEIVER
IGMP version : 2
Querier Address [this switch] : 10.10.40.1
Querier Port :
Querier UpTime : 129d 3h 48m 43s
Querier Expiration Time : 0h 0m 58s
Active Group Addresses Type Expires Ports Reports Queries
---------------------- ---------- --------------- ---------- ------- -------
239.1.1.1 Filter 0h 4m 19s A1 3 0
HP1# sho ip pim neighbor
PIM Neighbors
IP Address VLAN Up Time (sec) Expire Time (sec)
--------------- ---- ------------------ ------------------
10.10.10.1 316 2305990 103
HP1# sho ip igmp vlan 200
IGMP Service Protocol Info
Total VLANs with IGMP enabled : 7
Current count of multicast groups joined : 1
IGMP Filter Unknown Multicast: Disabled
IGMP Filter Unknown Multicast Status: Disabled
VLAN ID : 200
VLAN Name : 200-RECEIVER
IGMP version : 2
Querier Address [this switch] : 10.10.40.1
Querier Port :
Querier UpTime : 129d 3h 48m 43s
Querier Expiration Time : 0h 0m 58s
Active Group Addresses Type Expires Ports Reports Queries
---------------------- ---------- --------------- ---------- ------- -------
239.1.1.1 Filter 0h 4m 19s A1 3 0
HP1# sho ip igmp groups
IGMP Group Address Information
VLAN ID Group Address Expires UpTime Last Reporter | Type
------- --------------- ------------- ------------- --------------- + ------
200 239.1.1.1 0h 3m 27s 0h 2m 4s 10.10.40.2 | Filter
Check mroute on HP and Cisco:
HP1# sho ip pim mroute
IP Multicast Route Entries
Total number of entries : 1
Group Address Source Address Neighbor VLAN
--------------- --------------- --------------- ----
239.1.1.1 10.10.30.2 10.10.10.1 316
Cisco2#show ip mroute
IP Multicast Routing Table
...
(*, 239.1.1.1), 00:02:43/00:02:46, RP 10.10.30.1, flags: S
Incoming interface: GigaEthernet1/0/2, RPF nbr 10.10.20.2
Outgoing interface list:
GigaEthernet1/0/1, Forward/Sparse, 00:02:43/00:02:46
(10.10.30.1, 239.1.1.1), 00:02:43/00:00:16, flags: T
Incoming interface: GigaEthernet1/0/2, RPF nbr 10.10.20.2
Outgoing interface list:
Port-channel3, Forward/Sparse, 00:02:43/00:02:46
Monday, July 6, 2015
Configure Distributed Trunking on HP Procurve and MEC on Cisco VSS
Distributed Trunking is the 'equivalent' of the vPC on the Cisco Nexus Series. It's a link aggregation technique which can be used even if the host is connected on 2 differents switchs. The following design has been built between 2 HP 5400 and 2 Cisco 4500 in VSS mode.
interface Port-channel20
description TO-HP-DT
switchport
switchport mode trunk
switch-interconnect trk10
vlan xxx
tagged trk10
vlan xxx
tagged trk10
...
name "Keep-Alive"
exit
switch-interconnect trk10
vlan xxx
tagged trk10
vlan xxx
tagged trk10
...
name "Keep-Alive"
exit
Some remarks:
- ISC is only supported in MST mode
- Configuration on the Cisco Switch:
interface Port-channel20
description TO-HP-DT
switchport
switchport mode trunk
!
interface TenGigabitEthernet1/5/4
description TO-HP-DT-1
switchport mode trunk
channel-group 20 mode active
!
interface TenGigabitEthernet2/5/4
description TO-HP-DT-2
switchport mode trunk
channel-group 20 mode active
- Configuration of the HP 1:
- Configure ISC
trunk B7,E8 trk10 lacp
vlan xxx
tagged trk10
vlan xxx
tagged trk10
...
- Configure the keepalive
name "Keep-Alive"
exit
vlan 900
name "VLAN900"
untagged D20
ip address 192.168.100.1 255.255.255.0
exit
distributed-trunking peer-keepalive vlan 900
distributed-trunking peer-keepalive destination 192.168.100.2
- Configure the dt-lacp between the VSS and the HP:
trunk A1,B1 trk1 dt-lacp
- Configuration of the HP 2:
- Configure ISC
trunk B7,E8 trk10 lacp
vlan xxx
tagged trk10
vlan xxx
tagged trk10
...
- Configure the keepalive
name "Keep-Alive"
exit
vlan 900
name "VLAN900"
untagged D20
ip address 192.168.100.2 255.255.255.0
exit
distributed-trunking peer-keepalive vlan 900
distributed-trunking peer-keepalive destination 192.168.100.1
- Configure the dt-lacp between the VSS and the HP:
trunk A1,B1 trk1 dt-lacp
- Validation:
HP-1# show switch-interconnect
Port : Trk10
Status : Up
Active VLANs : 1,100,200,300
HP-1# show distributed-trunking statistics peer-keepalive
DT peer-keepalive Status : Up
HP-1# show distributed-trunking consistency-parameters trunk trk1
Allowed VLANs on Local : 1,100,200,300
Allowed VLANs on Peer : 1,100,200,300
HP-1# show lacp distributed
Distributed LACP
Local Port Status:
LACP Trunk Port LACP Admin Oper
Port Enabled Group Status Partner Status Key Key
---- ------- ------- ------- ------- ------- ------ ------
A1 Active Trk1 Up Yes Success 0 290
Remote Port Status:
LACP Trunk Port LACP Oper
Port Enabled Group Status Partner Status Key
---- ------- ------- ------- ------- ------- ------
A1 Active Trk1 Up Yes Success 20
C4510-VSS-Core#show lacp 20 neighbor
Partner's information:
LACP port Admin Oper Port Port
Port Flags Priority Dev ID Age key Key Number State
Te1/5/4 SA 0 40a8.f07b.a400 2s 0x0 0x0 0x271F 0x3D
Te2/5/4 SA 0 40a8.f07b.a400 4s 0x0 0x0 0x271A 0x3D
- ISC is only supported in MST mode
Subscribe to:
Posts (Atom)