Author Archives: ACR 2014

About ACR 2014

Network Enthusiast

WIP: OSPF FLOOD_WAR

*Mar 11 10:06:39.127: %OSPF-4-FLOOD_WAR: Process 1 re-originates LSA ID 155.1.58.2 type-2 adv-rtr 155.1.7.7 in area 0
R7#
*Mar 11 10:07:56.435: %OSPF-4-DUP_RTRID_AREA: Detected router with duplicate router ID 155.1.7.7 in area 0

LOGS:
#sh ip ospf database
OSPF Router with ID (150.1.1.1) (Process ID 1)
Router Link States (Area 0)
Link ID ADV Router Age Seq# Checksum Link count
150.1.1.1 150.1.1.1 412 0x80000004 0x00D4B4 3
150.1.2.2 150.1.2.2 376 0x80000003 0x008C56 2
150.1.3.3 150.1.3.3 191 0x80000004 0x0033A9 4
150.1.4.4 150.1.4.4 404 0x80000004 0x008AAB 3
150.1.5.5 150.1.5.5 391 0x80000004 0x00B07E 4
150.1.6.6 150.1.6.6 440 0x80000004 0x00906C 3
150.1.7.7 150.1.7.7 385 0x80000004 0x00CC66 5
150.1.8.8 150.1.8.8 393 0x80000003 0x00A3F8 4
150.1.9.9 150.1.9.9 314 0x80000003 0x003759 3
150.1.10.10 150.1.10.10 402 0x80000003 0x0084CA 3
Net Link States (Area 0)
Link ID ADV Router Age Seq# Checksum
155.1.13.2 150.1.3.3 191 0x80000002 0x008B2D
155.1.23.2 150.1.3.3 191 0x80000002 0x003874
155.1.37.2 150.1.7.7 385 0x80000002 0x00D0BB
155.1.45.2 150.1.5.5 391 0x80000002 0x008703
155.1.58.2 150.1.8.8 394 0x80000002 0x00254A
155.1.67.2 150.1.7.7 386 0x80000002 0x00D691
155.1.79.2 150.1.9.9 314 0x80000002 0x0079D8
155.1.108.2 150.1.10.10 403 0x80000002 0x005AD4
155.1.146.3 150.1.6.6 441 0x80000003 0x004C35

Continue reading

EIGRP Metric Calculator

bw = 200000
delay = 2900
K1 = 1
K3 = 1
met = 256 * (int(K1 * 10**7 / bw) + K3 * delay / 10)
print met
!
bw = raw_input(“Bandwidth: “)
dly = raw_input(“Delay: “)
met = 256 * (int(K1 * 10**7 / bw) + K3 * delay / 10)
!

Viptela Controller Configuration

Viptela Lab – Topology

1008topoloab

I . vManage Initial Configuration(CLI)

vmanage# conf t
Entering configuration mode terminal
vmanage(config)# system
vmanage(config-system)# host-name LAB-VMANAGE1
vmanage(config-system)# system-ip 1.1.255.11
vmanage(config-system)# site-id 255
vmanage(config-system)# organization-name "2019_VIPLAB"
vmanage(config-system)# ntp server 1.1.0.1 prefer vpn 0
vmanage(config-server-1.1.0.1)# exit
vmanage(config-ntp)# exit
vmanage(config-system)# clock timezone America/Los_Angeles
vmanage(config-system)# vbond 1.1.0.12

Continue reading

WIP: Building Viptela Lab on Eve-ng

Work in progress….

Some key point of Viptela SD-WAN Architecture:
Cisco Viptela have following components
1. vOchestrator
2. vBond
3. Vcontroller
4. vEdge
connect each other as a overlays using underlay media like LTE,MPLS ,4G etc. They use OMP protocol,TLOC to identify each other locations and peer.

Benefits
1. Cost Reduction
2. Zero touch provision
3. Cloud readiness
4. Control over segregated network
5. Secure VPN based services Readiness – different private cloud and SAAS can be added or integrate easily

1st Run:
CPUs: 4
Mem: 24gb
1strun

set to.. CPUs: 12 Mem: 24gb
Viptela Output
Issue on Vedge and Vmgmt…

My HP Proliant DL380 G6 (2u)

Hp

Due to the lack of resources of my Lab-station (Amd ryzen3 with 16gb) build, I have decided to build a new Lab-station for Data Center, SD-WAN, Virtualization, Net-dev & Cloud reps. Package includes 5-extra sas drive and door-to-door delivery. With this server I can get 6core/12threads per cpu, total of 24t. It has 18 ram slots(max) but I’m only using 6 slots 8gb per slot (48gb in total) and with supported raid 0, 1, 5, 10 feature.

Specs: https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c01714721

71644076_241911193413618_4127634412370132992_n
Continue reading

Network Address Translation (NAT) & Scenario

Configuration Notes:
Defining NAT Inside and Outside Interfaces
The first step to deploy NAT is to define NAT inside and outside interfaces. You may find it easiest to define your internal network as inside, and the external network as outside. However, the terms internal and external are subject to arbitration as well. This figure shows an example of this.

NAT Overloading
Also called Port Address Translation (PAT) is form of dynamic NAT where we have is just a single inside global IP address providing Internet access to all inside hosts. As a general case, NAT Overload is used in scenarios where the number of inside local addresses is greater than the number of inside global addresses.

Clearing Static NAT Entry
Clear command will just delete dynamic entries. If you don’t need a static entry anymore, delete it in the config.
It will not be possible to clear static NAT entry that’s the reason why error message is seen “Translation not dynamic”. If the static NAT entry is not useful/not doing intended purpose, why not just editing or removing it.


Continue reading

Digital Certificates/PKI for IPSec VPNs

https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/DCertPKI.html
https://books.google.com/books?id=22tmCwAAQBAJ&pg=PA58&lpg=PA58&dq=SA+is+doing+RSA+signature+authentication+using+id+type+ID_FQDN&source=bl&ots=X2ToIGxC46&sig=ACfU3U1eRgRBwvdHFHoZpdDo3tfP1hLIrA&hl=en&sa=X&ved=2ahUKEwiIpM60gOPnAhWDhOAKHYVtAlUQ6AEwB3oECAgQAQ#v=onepage&q=SA%20is%20doing%20RSA%20signature%20authentication%20using%20id%20type%20ID_FQDN&f=false