Archive

Posts Tagged ‘CCIE R&S’

Basic Multicast part 5 – PIM SSM and SSM mapping

November 28, 2012 3 comments

Continuing with Multicast topic I will talk this time about PIM SSM (Source Specific Multicast RFC 3569) and SSM mapping. In my previous posts on Multicast I demonstrated how to configure PIM DM/SM which uses IGMPv2 for host to router signaling. PIM DM and SM are known as “Any Source Multicast” or ASM. The receivers are willing to receive multicast from any source which is why a RP is needed in order to allow the receivers to discover new sources. With PIM SSM the concept is different as the receivers signal which source they want receive multicast traffic from by using IGMPv3 which means that RPs are not needed and the multicast routers in the multicast domain will only build shortest-path trees (SPT).

 For this post I will use the same topology as the other multicast posts:

Scenario: The Multicast source will send two streams, one for the multicast group 239.10.10.10 and one for the multicast group 239.20.20.20. The first group (239.10.10.10) will be running PIM SM and R4 will be the RP for this group. The second multicast group (239.20.20.20) will be running PIM SSM. The receiver will act as an IGMPv2/v3 receiver. In the second part of this post I will demonstrate how to configure SSM mapping where the receiver will not be IGMPv3 capable.

Read more…

My first lab attempt

November 22, 2012 6 comments

I failed my first lab attempt in San Jose the 19th of November. I did this attempt just after the INE R&S bootcamp. It is a hard feeling to know that you have failed but I knew that it was going to be tough. The troubleshooting section killed me. I usually enjoy the TS section when doing mock labs but in the real lab it is a ~28 routers topology instead of 6 (with INE topology). Actually I did 2 of the new TS labs from INE  and they are really well done and there are automatically graded (Presentation Video).

Read more…

Categories: Diverse Tags: , ,

Cisco Zone Based Firewall

November 5, 2012 6 comments

In this post I will talk about Cisco Zone Based Firewall (ZBF) which is a new approach to configure access control in the IOS firewall. I will first make an introduction to ZBF and then I will demonstrate how to configure it.

To illustrate the different examples in this post I will use the following topology:

IGP: EIGRP AS 10

 Platform/IOS: Cisco 2691/12.4(15)T11 Adv IP services.

 Side note: As I am using IOS 12.4(15)T I will only talk about ZBF rules for this IOS release. Some improvements and rules changes have been made in the last IOS releases (IOS 15.X).

 IP addressing: All routers in the topology are configured with loopback IP in the format X.X.X.X /32 where X is the router number.

Read more…

Basic QoS part 2 – Catalyst 3560 QoS

November 1, 2012 3 comments

In this post I will talk about Cisco Catalyst 3560 QoS. In Basic QoS part 1 I talked about policing and shaping on Cisco IOS routers.

 To illustrate the different examples in this post I will use the following topology:

IGP: EIGRP 10

 Platform/IOS: Catalyst 3560/ c3560-advipservicesk9-mz.122-44.SE6.bin

Read more…

PfR (Cisco Performance Routing)

October 15, 2012 11 comments

In this post I would like to explore PfR (Cisco Performance Routing) earlier called OER (Optimized Edge Routing). I will start with an introduction by presenting what is PfR and the goals of it and I will finally demonstrate how to configure basic PfR. To illustrate the different configuration examples I will use the following topology:

 

 Side note: As I am using IOS 12.4 (15)T, PfR is configured with OER commands. In this IOS version PfR is not mature. So if you want to use PfR in production you should use IOS 15.0 and up after. The keyword PfR has been introduced in IOS release 15.1(2)T. From simplicity I will use the term PfR instead of OER even if I am configuring PfR in version earlier than 15.1(2)T.

Platform/IOS: Cisco 2691/12.4(15)T11 Adv IP services.

IGP for Spoke site: EIGRP 10

IGP for Hub site: EIGRP 10

 Both sites use eBGP to peer with their respective ISP. R2 is running eBGP over the GRE tunnel path and iBGP with R1.

Scenario: The Hub location is hosting a Citrix server and a HTTP server. Citrix traffic should always be routed over the MPLS path via R1 while HTTP traffic should be routed over the GRE tunnel via R2. The Voice traffic between the two locations should be routed over the MPLS path via R1.

  •  If the voice traffic delay goes over 300 ms, voice traffic should be moved to the GRE tunnel path via R2
  • The HTTP traffic should only be routed through the GRE tunnel path as long as this path is up and running
  • If the MPLS link utilization goes over 50 % move only the Citrix traffic to the GRE tunnel path via R2

Read more…

Basic QoS part 1 – Traffic Policing and Shaping on Cisco IOS Router

September 19, 2012 14 comments

In this post I will talk about Cisco Router QoS and more particularly Traffic Shaping and Traffic Policing. I will describe and show how to configure Traffic Shaping and Traffic Policing using the legacy methods but also using the new methods. In this post I will neither talk about Frame Relay Traffic Shaping nor Frame Relay Traffic Policing which I will try to cover in another post. For now on I will use TS for Traffic Shaping and TP for Traffic Policing.

 To illustrate the different examples in this post I will use the following topology:

IGP: EIGRP AS 10

 Platform/IOS: Cisco 2691/12.4(15)T11 Adv IP services.

 Side note: Please note that I am using IOS version older than 12.4(20)T so I will not talk about the new QoS model of Cisco which is called Hierarchical QoS (HFQ). I will only be using CBWFQ (Class-Based Weighed Fair Queuing) which is the previous version of MQC (Modular Quality of Service Command Line Interface) used by Cisco Router up to 12.4(20)T. Note that in the current CCIE R&S LAB v4.0 Cisco is using IOS image 12.4(15)T which uses CBWFQ as QoS model. Also in IOS version from 12.4(20)T and above as IOS image is using HFQ, many features differ from CBWFQ such as the queuing mechanisms, show outputs, etc.

 Addressing: All the IP addresses are configured as shown on the diagram.

Read more…

Basic Multicast part 4 – PIM Sparse Mode – BSR and Multicast Security

September 11, 2012 4 comments

Continuing with Multicast topic I will talk this time about PIM BSR (Bootstrap Router) which is an alternative way to advertise dynamic RP information. We saw in the previous posts on Multicast that the RP information could be configured statically or dynamically with Auto-RP. Auto-RP is a legacy mechanism which is neither part of the PIMv2 standard nor used in IPv6 Multicast. The issue with Auto-RP is that it uses specific multicast groups to propagate the RP information which gives some challenge in NBMA partially meshed networks and some methods are needed in order to allow the Multicast Auto-RP control plane traffic to be propagate everywhere.

BSR (Bootstrap Router) which is part of PIMv2 standard and used in IPv6 Multicast is similar to Auto-RP but the RP information is not disseminate using Multicast group but instead this information is encapsulated in PIM packets.

 I will also talk about some Multicast security features that can be used in order to protect the Multicast domain.

 Before reading further I invite you to read my previous post on Multicast PIM Sparse Mode if you are not familiar with PIM SM.

 I will use the same network topology as I did in my previous posts on Multicast. Let´s consider the following topology:

Source: The multicast source 150.1.0.4 will be sending to multicast group 239.10.10.10 which is part of the administratively scoped addresses assigned by IANA which is for use in private multicast domains, much like the IP unicast range defined in RFC 1918.

RP: The RP is R4 with IP: 4.4.4.4

BSR: The Bootstrap router is R3 with IP 3.3.3.3

IGP: The IGP used is EIGRP

Platform/IOS: Cisco 2691/12.4(15)T11 Adv IP services

Read more…