Category Archives: CCIE SP Study

OSPF to BGP Redistribution

router bgp 100
redistribute ospf 1
!– This redistributes only OSPF intra- and inter-area routes into BGP.

router bgp 100
redistribute ospf 1 match external 1 external 2
!— This redistributes ONLY OSPF External routes, !— but both type-1 and type-2.

router bgp 100
redistribute ospf 1 match internal external 1 external 2
!— This redistributes all OSPF routes into BGP.

https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/5242-bgp-ospf-redis.html

Sham-links

A sham-link overcomes the OSPF default behavior for selecting an intra-area backdoor route between VPN sites instead of an interarea (PE-to-PE) route. A sham-link ensures that OSPF client sites that share a backdoor link can communicate over the MPLS VPN backbone and participate in VPN services.

https://networkinferno.net/ccie-study-ospf-sham-link
https://learningnetwork.cisco.com/thread/99694

4. IS-IS Path Selection

ISIS Path Selection
– All links default to cost of 10. (Can be manually modified).

– Neighbor must agree on metric-style.

– Level 1 path preferred level 2 path. (Like OSPF Intra-Area over Inter-Area)

TLV(Type of length)
– Use to encode not only metric but use to encode IPV6 information & Extention of MPLS TE.

Note: When you form ISIS adjacencies, 99% of cases you want to set the metric style “Wide”.

Metric-style “Wide” gives a larger bit length, which can encode IPV6 and MPLS TE mean by default ISIS will not support TE & IPv6 routing.

IOS CONFIGURATION:
#ROUTER ISIS 1
#METRIC-STYLE WIDE

XRV CONFIGURATION:
#ROUTER ISIS 1
#ADDRESS-FAMILY IPV4
#METRIC-STYLE WIDE
#ADDRESS-FAMILY IPV6
#METRIC-STYLE WIDE

Verification:
IOS – SHOW CLNS PROTOCOL
XR – SHOW ISIS PROTOCOL

This configuration will exchange routes now with other devices that is using wide metric style bec. the device using narrow won’t understand the coding of the attributes.

If you have the device that doesn’t support metric-style “Wide” you can use metric-style “Transition”.

Screenshot from 2018-08-06 11-58-37

** – Means it wasn’t compute the shortest to the destination.

Multi-topology IS-IS
– ISIS supports for both IPv4 & IPv6.
– IPv6 routing can be either

Single Topology
– Share path calculation with IPv4.
– Requires 1:1 correlation of IPv4 and IPv6 interfaces.

Multi Topology
– Independent path calculation from IPv4.
– IPv4 & IPv6 configuration completely independent.

Manually changing the metric:
interface FastEthernet0/0.15
description TO_R6
encapsulation dot1Q 15
ip address 10.1.5.1 255.255.255.0
ip router isis 1
ipv6 address 2001:1:5::1/64
ipv6 router isis 1
isis metric 100 level-2
isis ipv6 metric 200 level-2

Q&A:
1. For ipv4 and ipv6 are we using different transport?
A: neither, we are using CLNS. Protocol directly encapsulated at layer 2.

2. Which would you recommend ISIS or OSPF?
A: Depends if you’re running both ipv4 and ipv6. If youre in a large network ISIS would be preferred because you can run in single topology. There’s are feature difference but in-terms of the core spf calculation they’re barely close to each other in-terms of convergence and scaling.

Reference:
https://ipcisco.com/isis-for-ipv6-configuration-example-on-cisco-ios/
http://wiki.kemot-net.com/is-is-metric
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_isis/configuration/15-sy/irs-15-sy-book/ip6-route-isis.html

Different physical interfaces with same Vlan ID

The VLAN ID specifies where 802.1Q tagged packets are sent and received on a specified subinterface. An 802.1Q VLAN subinterface must have a configured VLAN ID to send and receive traffic; without a VLAN ID, the subinterface remains in the down state. All VLAN IDs must be unique among all subinterfaces configured on the same physical interface. To change a VLAN ID, the new VLAN must not already be in use on the same physical interface. To exchange VLAN IDs, you must remove the configuration information and reconfigure the ID for each device.

NOTE: The subinterface does not pass traffic without an assigned VLAN ID.

/!\ Configuration of multiple subinterfaces of the same main interface with the same VID (1) is not permitted.

Sample Configuration and Verification:
XR Router:
vrf custA
address-family ipv4 unicast
!
vrf custB
address-family ipv4 unicast
!
interface GigabitEthernet0/0/0/0.3320
vrf custA
ipv4 address 1.1.1.1 255.255.255.252
encapsulation dot1q 3320
!
interface GigabitEthernet0/0/0/1.3320
vrf custB
ipv4 address 2.2.2.2 255.255.255.252
encapsulation dot1q 3320

R1 Router:
interface FastEthernet0/0.1
encapsulation dot1Q 3320
ip address 1.1.1.2 255.255.255.252

R1#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/28/40 ms

R2 Router:
interface FastEthernet0/0.3320
encapsulation dot1Q 3320
ip address 2.2.2.1 255.255.255.252

R2#ping 2.2.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms

Note: VLAN IDs are only locally significant in your specific L3 interfaces, so no problem with or without vrf same encapsulation in different interface will work.

Reference: VLAN Subinterface Commandson the Cisco ASR 9000 Series Router

3. Configuring ISIS

ISISarea127122018x

Configuration:

######## R6 | AREA 01 ########

interface Loopback0
ip router isis 1
interface FastEthernet0/0.15
ip router isis 1
isis circuit-type level-2-only
!
interface FastEthernet0/0.45
ip router isis 1
!
interface FastEthernet0/0.56
ip router isis 1
isis circuit-type level-1

router isis 1
net 01.0000.0000.0006.00

######## R5 | AREA 01 ########
router isis 1
net 01.0000.0000.0006.00

R7(A01) Database:

R7#sh isis database
IS-IS Level-1 Link State Database:
LSPID LSP Seq Num LSP Checksum LSP Holdtime ATT/P/OL
R5.00-00 0x00000005 0x9F2D 1081 1/0/0
R6.00-00 0x00000005 0x3501 1089 1/0/0
R6.03-00 0x00000001 0xEC56 1082 0/0/0
R7.00-00 * 0x00000005 0x9C34 1083 0/0/0
R7.01-00 * 0x00000001 0x182C 1084 0/0/0
R7.02-00 * 0x00000001 0xF74C 346 0/0/0

Those to boarder routers have the attached bits set on the links state packets. Attachment bits means we have connection to other area or another level and you can use me as a default destination.

It’s automatically set the attached bits and router R7 now has the default route to reach any destination to outside.

R7#sh ip route isis
i*L1 0.0.0.0/0 [115/10] via 10.5.6.2, FastEthernet0/0.56
[115/10] via 10.4.6.1, FastEthernet0/0.46
1.0.0.0/32 is subnetted, 2 subnets
i L1 1.1.1.6 [115/20] via 10.5.6.2, FastEthernet0/0.56
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
i L1 10.4.5.0/24 [115/20] via 10.5.6.2, FastEthernet0/0.56
[115/20] via 10.4.6.1, FastEthernet0/0.46

We still have full reachability the difference is just we have and using a shorter view to match or find the path to destination.

CCIE SP – OSPF

OSPF – Unicast, Multicast Reachability.

Configuration:
RP/0/0/CPU0:XRV-01#sh run router ospf
Wed Jul 11 00:14:28.130 UTC
router ospf 1
area 0
interface Loopback0
!
interface GigabitEthernet0/0/0/0.12
!
interface GigabitEthernet0/0/0/0.111
!
interface GigabitEthernet0/0/0/0.211
!
RP/0/0/CPU0:XRV-01#sh run router ospfv3
Wed Jul 11 00:14:37.150 UTC
router ospfv3 1
area 0
interface Loopback0
!
interface GigabitEthernet0/0/0/0.12
!
interface GigabitEthernet0/0/0/0.111
!
interface GigabitEthernet0/0/0/0.211
!

Note: Even though we have the same ospf process for OSPFv2 & OSPFv3 with process #1, Router see it independently to each other because they’re advertising different address-family.

Verification IOS:
IPV4 #show ip int brief || IPV6 #show ipv6 interface brief
IPV4 #show ip ospf neighbor || IPV6 #show ipv6 ospf neighbor

For XR
All of the config. for routing protocols is gonna go under “Global Process”, So once we establish link connectivity on link level, then we have v4/v6 addressing configured next step is to go onto the global process and enable the protocol interface link level.

Verification XR:
#show ospf neighbors
#show ospf interface

Note: We can’t see any logging message in XR that the ospf adjacency went up because by default it’s using lower logging message. We need to set it to “debugging”.
71120818coreospfie
Once we configure all the core routers to ospf, all routers will have the same database. The difference will be just the router id.

R1#sh ip ospf database

OSPF Router with ID (1.1.1.1) (Process ID 1)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 1807 0x80000019 0x000A56 4
1.1.1.2 1.1.1.2 930 0x8000000B 0x0072C3 5
1.1.1.4 1.1.1.4 962 0x8000000B 0x008CC7 4
2.1.1.1 2.1.1.1 1163 0x80000019 0x003403 4
2.1.1.2 2.1.1.2 1014 0x80000020 0x002D5F 6
2.1.1.3 2.1.1.3 1252 0x8000000C 0x0045CC 5

Net Link States (Area 0)

Link ID ADV Router Age Seq# Checksum
10.1.2.1 1.1.1.1 1037 0x80000013 0x0011FB
10.1.11.2 1.1.1.1 1299 0x80000013 0x00A062
10.1.12.1 2.1.1.2 1014 0x80000013 0x009E61
10.2.3.2 1.1.1.4 962 0x80000008 0x0012FC
10.2.11.1 2.1.1.1 1163 0x80000016 0x009964
10.2.12.1 2.1.1.2 1265 0x80000016 0x009664
10.3.12.1 2.1.1.2 1014 0x8000000C 0x00B24F
10.3.13.1 2.1.1.3 1252 0x80000008 0x00B74B
10.11.12.1 2.1.1.1 920 0x80000013 0x0033C2
10.12.13.1 2.1.1.2 1782 0x80000008 0x0044B7

RP/0/0/CPU0:XRV-01#sh ospf database
Wed Jul 11 00:23:13.814 UTC

OSPF Router with ID (2.1.1.1) (Process ID 1)

Router Link States (Area 0)

Link ID ADV Router Age Seq# Checksum Link count
1.1.1.1 1.1.1.1 1775 0x80000019 0x000a56 4
1.1.1.2 1.1.1.2 897 0x8000000b 0x0072c3 5
1.1.1.4 1.1.1.4 929 0x8000000b 0x008cc7 4
2.1.1.1 2.1.1.1 1129 0x80000019 0x003403 4
2.1.1.2 2.1.1.2 981 0x80000020 0x002d5f 6
2.1.1.3 2.1.1.3 1219 0x8000000c 0x0045cc 5

The final end result is to check the router routing table, If router do actually know the loopbacks of the devices, Transit interface between device or do router have IP reachability between neighbors.

Ospf version 2 & 3 forming adjacencies
Before we got to any upper layer protocols we want to make sure the core connectivity is there. Both for OSPFv2 and v3 or for IS-IS.

Interms of IPv6 connectivity, Since we are not using ipv6 as the source and destination of the MLS tunnel. The only thing that ipv6 connectivity would affect is if we were doing internet connectivity for IPv6.

If we want to tunnel IPv6 over MPLS we don’t need ipv6 enabled on the core, We can run either the “6PE or 6VPE” Feature in order to tunnel IPv6 over IPv4 based label core.

For the same type of matching route, OSPFv3 is more preffered that OSPFv2.

Note: You cannot run ospfv3 with OSPFv2, Even redistribtion (Selective). XR os will not advertise v3 ipv4 address family to v2.

OSPFv3 is not backwards compatible with V2, you have to be running same version of the protocol between the two neighbors and one of the main reason is that it use separate transport.

So for IPv4 address-family advertised in OSPFv3 it uses IPv6 for transport. We need to enable ipv6 on interface in order to run OSPFv3 IPv4.

Configuration to enable ipv6: (int)ipv6 enable
This command will be use to generate link local address that is based on EUI-64 format (mac-address).

Not all version support redistribution of OSPFv3. Means if the question ask you to run OSPF to PE-CE routing protocol and If your version doesn’t support v3 redistribution, it mean you need to run OSPFv2.

Note: You can redistribute ipv4 v2 to OSPFv3 but not the other way around.

MPLS

# MPLS label protocol ldp
# mpls ldp router-id loopback0 forse
#CORE
providerI#sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.1.2.1 YES NVRAM up up
FastEthernet1/0 10.1.1.1 YES NVRAM up up
FastEthernet1/1 10.10.22.1 YES NVRAM up up
FastEthernet2/0 10.1.0.1 YES NVRAM up up
FastEthernet2/1 unassigned YES NVRAM administratively down down
Loopback0 1.1.1.1 YES NVRAM up up

router isis
mpls ldp autoconfig level-2
net 10.0001.aaaa.aaaa.00

#Enable MPLS and ISIS
interface FastEthernet0/0
ip address 10.1.2.1 255.255.255.252
ip router isis
duplex half
mpls ip

################ PE
PEX#sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.10.22.2 YES NVRAM up up
FastEthernet1/0 172.10.10.1 YES NVRAM up up
FastEthernet1/1 unassigned YES NVRAM administratively down down
FastEthernet2/0 unassigned YES NVRAM administratively down down
FastEthernet2/1 61.1.1.1 YES NVRAM up up
Loopback9 9.9.9.9 YES NVRAM up up

router isis
mpls ldp autoconfig level-2
net 10.0001.bbbb.dddd.00

# ENABLE MPLS AND ISIS
interface FastEthernet0/0
ip address 10.10.22.2 255.255.255.252
ip router isis
duplex full
mpls ip

router bgp 111
no synchronization
bgp log-neighbor-changes
neighbor 10.10.10.10 remote-as 111
neighbor 10.10.10.10 update-source Loopback9
neighbor 10.10.10.10 soft in
no auto-summary
!
address-family vpnv4
neighbor 10.10.10.10 activate
neighbor 10.10.10.10 send-community extended
exit-address-family
!
address-family ipv4 vrf c1
no synchronization
neighbor 61.1.1.2 remote-as 3939
neighbor 61.1.1.2 activate
exit-address-family

ip vrf c1
rd 3491:908290290
route-target export 3491:1002873
route-target export 111:1888
route-target import 3491:1002873
route-target import 3491:3491

############################### PE 2
PE-R2#sh run | sec ip vrf
ip vrf custx
rd 111:900902
route-target export 111:555
route-target import 111:9119
route-target import 111:3333
route-target import 1888:1001
ip vrf forwarding custx

PE-R2#sh run | sec router
ip router isis
ip router isis
router isis
mpls ldp autoconfig level-2
net 10.0001.cccc.cccc.00
router bgp 111
no synchronization
no bgp default route-target filter
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 111
neighbor 3.3.3.3 update-source Loopback0
neighbor 3.3.3.3 next-hop-self
neighbor 3.3.3.3 soft-reconfiguration inbound
neighbor 9.9.9.9 remote-as 111
neighbor 9.9.9.9 next-hop-self
neighbor 9.9.9.9 soft-reconfiguration inbound
neighbor 10.10.10.10 remote-as 111
neighbor 129.1.2.1 remote-as 1888
no auto-summary
!
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
neighbor 3.3.3.3 next-hop-self
neighbor 9.9.9.9 activate
neighbor 9.9.9.9 send-community extended
neighbor 9.9.9.9 next-hop-self
neighbor 10.10.10.10 activate
neighbor 10.10.10.10 send-community extended
neighbor 10.10.10.10 next-hop-self
neighbor 129.1.2.1 activate
neighbor 129.1.2.1 send-community extended
exit-address-family
!
address-family ipv4 vrf custx
no synchronization
neighbor 172.16.2.2 remote-as 555
neighbor 172.16.2.2 activate
exit-address-family