Sonntag, 31. Juli 2011
Mittwoch, 27. Juli 2011
Training some MQC
Hm.. why do i always get Tracebacks when i apply "service-policy" ? ;) Who has the answer ?
Rack1R5(config-if)#service-policy output 1033
Rack1R5(config-if)#
*Jul 27 08:30:52.800: %SYS-2-INTSCHED: 'may_suspend' at level 4 -Process= "Exec", ipl= 4, pid= 88, -Traceback= 0x816F117z 0xA728AD3z 0x9B4482Az 0x9B3A931z 0xA06F7EEz 0xA07813Bz 0xA076320z 0xA070C64z 0xA05BE2Cz 0xA069090z 0xA17F14Az 0xA0BED8Cz 0xA0B6B58z 0xA0B6920z 0xA0B90BEz 0xA1CC6A3z
*Jul 27 08:30:52.800: %SYS-2-INTSCHED: 'may_suspend' at level 4 -Process= "Exec", ipl= 4, pid= 88, -Traceback= 0x816F117z 0xA728AD3z 0x9B4482Az 0x9B3A931z 0xA06F803z 0xA07813Bz 0xA076320z 0xA070C64z 0xA05BE2Cz 0xA069090z 0xA17F14Az 0xA0BED8Cz 0xA0B6B58z 0xA0B6920z 0xA0B90BEz 0xA1CC6A3z
Rack1R5(config-if)#
Dienstag, 26. Juli 2011
INE WB Vol1 - 10.40 MQC Class-Based Generic Traffic Shaping
FRTS by default assumes Be=0, while GTS by default assumes
Be=Bc.
Config with be = 0
policy-map 1040_67
class class-default
shape average 512000 10240 0
Rack1R6#show policy-map interface eth0/0.67
Ethernet0/0.67
Service-policy output: 1040_67
Class-map: class-default (match-any)
4 packets, 1336 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 4/1520
shape (average) cir 512000, bc 10240, be 0
target shape rate 512000
!
Config without be
policy-map 1040_67_BE
class class-default
shape average 512000 10240
Rack1R6#show policy-map interface eth0/0.146
Ethernet0/0.146
Service-policy output: 1040_67_BE
Class-map: class-default (match-any)
3 packets, 1264 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
Queueing
queue limit 64 packets
(queue depth/total drops/no-buffer drops) 0/0/0
(pkts output/bytes output) 3/570
shape (average) cir 512000, bc 10240, be 10240
target shape rate 512000
Rack1R6#
INE WB Vol1 - 10.20 Legacy Frame Relay Traffic Shaping
Be = Tc * (PIR - CIR)
256 kbit allowed, Peaks up to 384kbit/s , 10ms Tc
Be = 10ms * (384 - 256)
Be = 10ms * 128kbit
Be = 128000bit * 10/1000
Be = 1280bit/10ms
256 kbit allowed, Peaks up to 384kbit/s , 10ms Tc
Be = 10ms * (384 - 256)
Be = 10ms * 128kbit
Be = 128000bit * 10/1000
Be = 1280bit/10ms
INE WB Vol1 - 10.18 Legacy CAR Access-Lists
A really nice one...
Good that we have DocCD -> Cisco 12.4T->Configuration Guides -> QoS -> Part 1 : Classification -> Configuring Committed Access Rate
Good that we have DocCD -> Cisco 12.4T->Configuration Guides -> QoS -> Part 1 : Classification -> Configuring Committed Access Rate
INE WB Vol1 - 10.17 Legacy CAR for Rate Limiting
Cisco recommendation of (Bc = CIR * 1,5) and (Be = Bc * 2)
256000 / 8 * 1,5 = 48000 byte Bc -> 48000 Bc * 2 = 96000
If Be=Bc = Burst Excessive disabled.
rate-limit input 256000 48000 96000 conform-action transmit exceed-action drop
INE WB Vol1 - 10.16 Oversubscription with Legacy CAR and WFQ
Some calculations examples from my side
- guarantee 64k
- allow upto 128k
- average time interval 200ms (Tc)
rate-limit output access-group 145 64000 3200 3200 conform-action transmit exceed-action continue
rate-limit output access-group 145 128000 3200 3200 conform-action transmit exceed-action drop
Who to calculate ? 128000 bit / 8 = 16000 byte/s * (200 ms) = 16000 * (200/1000) = 3200 byte
Another excample
- guarantee 64k
- allow upto 128k
- average time interval 30ms (Tc)
rate-limit output access-group 145 64000 4800 4800 conform-action transmit exceed-action continue
rate-limit output access-group 145 128000 4800 4800 conform-action transmit exceed-action drop
Who to calculate ? 128000 bit / 8 = 16000 byte/s * (300 ms) = 16000 * (300/1000) = 4800 byte
Montag, 25. Juli 2011
INE WB Vol1 - 10.11 Payload Compression on Serial Links
Need a Frame-Relay Map for FRF.9 compression
interface Serial0/0/0
frame-relay map ip 155.1.0.2 502 broadcast IETF payload-compression
FRF9 stac one-way-negotiation
Debug this
Rack1R2#show compress
Serial1/0 - DLCI: 205
Software compression enabled
uncompressed bytes xmt/rcv 6940/16952
compressed bytes xmt/rcv 874/1599
Compressed bytes sent: 874 bytes 0 Kbits/sec ratio: 7.940
Compressed bytes recv: 1599 bytes 0 Kbits/sec ratio: 10.601
1 min avg ratio xmt/rcv 0.005/0.005
5 min avg ratio xmt/rcv 0.022/0.020
10 min avg ratio xmt/rcv 0.022/0.020
no bufs xmt 0 no bufs rcv 0
resyncs 2
Additional Stac Stats:
Transmit bytes: Uncompressed = 0 Compressed = 629
Received bytes: Compressed = 1165 Uncompressed = 0
Rack1R2#
INE WB Vol1 - 10.6 Legacy Random Early Detection
Routing updates contain IP Prec 6. As the hold-queue doesn't go up to 11 there will be no random-detect on routing updates.
random-detect precedence 6 11 12
hold-queue 10 out
INE WB Vol1 - 10.6 Legacy Custom Queueing with Prioritization
Oh yes i like it, when we do QoS on the floor....
queue-list 1 protocol ip 1 lt 65
queue-list 2 protocol ip 2 list 199
queue-list 2 protocol ip 3 list 198
queue-list 5 protocol ip 0 udp rip <--- Priority Queue (0)
queue-list 5 protocol ip 1 lt 65 <--- not a Priority Queue
queue-list 5 protocol ip 2 list 199
queue-list 5 protocol ip 3 list 198
queue-list 5 queue 1 byte-count 320
queue-list 5 queue 2 byte-count 640 limit 10
queue-list 5 queue 3 byte-count 104
To set Queue 1 as a Priority Queue, Round Robin to start at Queue 2
queue-list 5 lowest-custom 2
To set Queue 1,2 as a Priority Queue, Round Robin to start at Queue 3
queue-list 5 lowest-custom 3
INE WB Vol1 - 10.5 Legacy Custom Queueing
It took me ages to understand this shitty math excercise
30% VoIP (64 byte Packet = 4 Byte HDLC + 60 Byte VoIP)
60% HTTP (160 byte Packet = 4 byte HDLC + 156 Byte WWW)
10% ICMP (104 byte Packet = 4 byte HDLC + 100 byte ICMP)
%/Byte = Ratio > normalize Ratio = Multiplier Mu*Byte = Bytecount
30/64 = 0,46875 > 0,46875/0,096153846 = 4,875000008 = 5 * 64 = 320
60/160 = 0,375 > 0,375/0,096153846 = 3,900000006 = 4 * 160 = 640
10/104 = 0,096153846 > 0,096153846/0,0916 = 1 = 1 * 104 = 104
45% VoIP (84 byte Packet = 4 byte HDLC + 80 byte VoIP)25% HTTP (140 byte Packet = 4 byte HDLC + 136 byte WWW)
30% ICMP (104 byte Pakcet = 4 byte HDLC + 100 byte ICMP)
45/84 = 0,535714286 > 0,535714286/0,178571429 = 2,999999994 = 3 = 252 (252/(252+140+208) = 42 %
25/140 = 0,178571429 > 0,178571429/0,178517429 = 1 = 1 = 140 (140/(252+140+208) = 23 %
30/104 = 0,288461538 > 0,288461538/0,178517429 = 1,615873249 = 2 = 208 (208/(252+140+208) = 34 %
I hate Custom Queueing !!
INE WB Vol1 - 10.3 Legacy RTP Reserved Queue
Rack1R4(config-if)#max-reserved-bandwidth 75
Rack1R4(config-if)#do sh run int s0/1/0 | incl max-res
Rack1R4(config-if)#max-reserved-bandwidth 76
Rack1R4(config-if)#do sh run int s0/1/0 | incl max-res
max-reserved-bandwidth 76
Rack1R4(config-if)#max-reserved-bandwidth 75
Reservable bandwidth is being reduced.
Some existing reservations may be terminated.
Rack1R4(config-if)#do sh run int s0/1/0 | incl max-res
Rack1R4(config-if)#
Max reservable bandwidth is 75, if you need to reserve 100% for QoS you need to configure max-reserved-bandwidth 100
Rack1R4(config-if)#do sh run int s0/1/0 | incl max-res
Rack1R4(config-if)#max-reserved-bandwidth 76
Rack1R4(config-if)#do sh run int s0/1/0 | incl max-res
max-reserved-bandwidth 76
Rack1R4(config-if)#max-reserved-bandwidth 75
Reservable bandwidth is being reduced.
Some existing reservations may be terminated.
Rack1R4(config-if)#do sh run int s0/1/0 | incl max-res
Rack1R4(config-if)#
Max reservable bandwidth is 75, if you need to reserve 100% for QoS you need to configure max-reserved-bandwidth 100
INE WB Vol1 - 10.2 WFQ
Calculate MTU
128000bit per second -> /1000
128bit per milisecond -> /8
16byte per milisecond -> * 10
160byte per 10ms -> -4 (HDLC header) (PPP must be 8 byte, i think)
156byte IP MTU
128000bit per second -> /1000
128bit per milisecond -> /8
16byte per milisecond -> * 10
160byte per 10ms -> -4 (HDLC header) (PPP must be 8 byte, i think)
156byte IP MTU
Sonntag, 24. Juli 2011
INE WB Vol2 - Configuration Lab 3
1. Layer 2 Technologies
1.1) IP Bridging - 3p
1.2) Spanning-Tree Protocol - 3p
2. IPv4
2.1) OSPF - 4p
2.2) IGP Features - 4p
2.3) BGP Path Manipulation - 4p
2.4) BGP Attributes - 5p
3. IPv6
3.1) IPv6 Addressing - 3p
3.2) IPv6 Routing - 3p
4. MPLS VPN
4.1) Label Exchange - 3p
4.2) MPLS VPN - 3p
4.3) PE-CE Routing - 3p
5. Multicast
5.1) Multicast Forwarding - 2p
5.2) Multicast Filtering - i used pim accept-register/solution is a IP IGMP access-group - 0p
5.3) Multicast Filtering - 2p
6. Security
6.1) Traffic Filtering - used ACL no reflexive ones - 0p
6.2) DoS Prevention - 3p
6.3) DHCP Security - 3p
7. Network Services
7.1) IOS Management - 2p
7.2) File Management - 2p
7.3) Auto-Install - ip drected broadcast, ip helper,frame-relay map- 0p
7.4) Local Authorization - 3p
7.5) Local Authorization - 3p
7.6) Switch Management - 2p
7.7) GLBP - 4p
8. QoS
8.1) Frame Relay Traffic Shaping - 2p
8.2) Rate Limiting - 2p
8.3) Signaling - rsvp - 0p
(Full 79/Pass 64/My 68)
1.1) IP Bridging - 3p
1.2) Spanning-Tree Protocol - 3p
2. IPv4
2.1) OSPF - 4p
2.2) IGP Features - 4p
2.3) BGP Path Manipulation - 4p
2.4) BGP Attributes - 5p
3. IPv6
3.1) IPv6 Addressing - 3p
3.2) IPv6 Routing - 3p
4. MPLS VPN
4.1) Label Exchange - 3p
4.2) MPLS VPN - 3p
4.3) PE-CE Routing - 3p
5. Multicast
5.1) Multicast Forwarding - 2p
5.2) Multicast Filtering - i used pim accept-register/solution is a IP IGMP access-group - 0p
5.3) Multicast Filtering - 2p
6. Security
6.1) Traffic Filtering - used ACL no reflexive ones - 0p
6.2) DoS Prevention - 3p
6.3) DHCP Security - 3p
7. Network Services
7.1) IOS Management - 2p
7.2) File Management - 2p
7.3) Auto-Install - ip drected broadcast, ip helper,frame-relay map- 0p
7.4) Local Authorization - 3p
7.5) Local Authorization - 3p
7.6) Switch Management - 2p
7.7) GLBP - 4p
8. QoS
8.1) Frame Relay Traffic Shaping - 2p
8.2) Rate Limiting - 2p
8.3) Signaling - rsvp - 0p
(Full 79/Pass 64/My 68)
INE Vol2 - Troubleshooting Lab 3
1)wrong RT R5/R4 - 2p
2)also use peer-group on R1,update-source on R6 - 2p
3)missing auth-mode on R3 - 2p
4)acl100/101 allow udp 224.0.0.9, what about OSPF ? - 2p
5)fix frame-relay map on R1, ip ospf cost 1 - R1 and R5 - 2p
6) SoO - 0p
7) link-status - 2p
8) speed-mismatch - 2p
9) ??? mpls ldp discovery transport-address interface - 0 p
10) ??? missing d in address - 0p
--------------------------------------
solved 7 (1-5,7,8) tickets in 27 mins
(Total 21p / Pass 16p / Score 14p)
Missed by one fucking ticket .... ARGH !!!!!
2)also use peer-group on R1,update-source on R6 - 2p
3)missing auth-mode on R3 - 2p
4)acl100/101 allow udp 224.0.0.9, what about OSPF ? - 2p
5)fix frame-relay map on R1, ip ospf cost 1 - R1 and R5 - 2p
6) SoO - 0p
7) link-status - 2p
8) speed-mismatch - 2p
9) ??? mpls ldp discovery transport-address interface - 0 p
10) ??? missing d in address - 0p
--------------------------------------
solved 7 (1-5,7,8) tickets in 27 mins
(Total 21p / Pass 16p / Score 14p)
Missed by one fucking ticket .... ARGH !!!!!
Samstag, 23. Juli 2011
DUMBASS SECTION - OSPF no adjacencie
rack1SW2#sh run int eth0/0
Building configuration...
Current configuration : 90 bytes
!
interface Ethernet0/0
description VLAN146
ip address 150.1.15.129 255.255.255.224
end
rack1SW2#
--------------------------------------------------------------------------------
rack1R2#sh run int eth0/1.146
Building configuration...
Current configuration : 97 bytes
!
interface Ethernet0/1.146
encapsulation dot1Q 146
ip address 150.1.15.130 255.255.255.240
end
rack1R2#
debug ip ospf hello
*Jul 23 13:38:13.047: OSPF: Rcv hello from 150.1.2.2 area 2 from Ethernet0/0 150.1.15.130
*Jul 23 13:38:13.047: OSPF: Mismatched hello parameters from 150.1.15.130
*Jul 23 13:38:13.047: OSPF: Dead R 40 C 40, Hello R 10 C 10 Mask R 255.255.255.240 C 255.255.255.224
Building configuration...
Current configuration : 90 bytes
!
interface Ethernet0/0
description VLAN146
ip address 150.1.15.129 255.255.255.224
end
rack1SW2#
--------------------------------------------------------------------------------
rack1R2#sh run int eth0/1.146
Building configuration...
Current configuration : 97 bytes
!
interface Ethernet0/1.146
encapsulation dot1Q 146
ip address 150.1.15.130 255.255.255.240
end
rack1R2#
debug ip ospf hello
*Jul 23 13:38:13.047: OSPF: Rcv hello from 150.1.2.2 area 2 from Ethernet0/0 150.1.15.130
*Jul 23 13:38:13.047: OSPF: Mismatched hello parameters from 150.1.15.130
*Jul 23 13:38:13.047: OSPF: Dead R 40 C 40, Hello R 10 C 10 Mask R 255.255.255.240 C 255.255.255.224
Finished INE Vol1 IPv6
- no big surprises on IPv6
- there is no documentation how to calcualte the embedded RP on the DocCD (if there is one, please tell me)
Tomorrow i will face INE Vol2 TS3 and Lab3
- there is no documentation how to calcualte the embedded RP on the DocCD (if there is one, please tell me)
Tomorrow i will face INE Vol2 TS3 and Lab3
Mittwoch, 20. Juli 2011
ipv6 prefix-list - A very nice implementation
Rack1R5(config)#ipv6 prefix-list ?
sequence-number Include/exclude sequence numbers in NVGEN
Rack1R5(config)#ipv6 prefix-list TEST ?
% Unrecognized command
Rack1R5(config)#ipv6 prefix-list TEST permit FC00:1:0:6::6/64
Rack1R5(config)#do sh run | incl prefix
ipv6 nd prefix FC00:1:0:58::/64 14400 14400 no-autoconfig
ipv6 nd prefix FC00:1:0:85::/64 14400 14400
ipv6 prefix-list TEST seq 5 permit FC00:1:0:6::/64
Rack1R5(config)#
Another nice one made by our favourite company
sequence-number Include/exclude sequence numbers in NVGEN
Rack1R5(config)#ipv6 prefix-list TEST ?
% Unrecognized command
Rack1R5(config)#ipv6 prefix-list TEST permit FC00:1:0:6::6/64
Rack1R5(config)#do sh run | incl prefix
ipv6 nd prefix FC00:1:0:58::/64 14400 14400 no-autoconfig
ipv6 nd prefix FC00:1:0:85::/64 14400 14400
ipv6 prefix-list TEST seq 5 permit FC00:1:0:6::/64
Rack1R5(config)#
Another nice one made by our favourite company
Montag, 18. Juli 2011
INE Vol2 - Configuration Lab 2 - Crazy Redistribution
http://blog.ine.com/2008/07/19/advanced-route-redistribution-scenario-iewb-rs-v41-vol-ii-lab-2-task-411/ <----- REVIEW
INE WB Vol2 - Configuration Lab 2
After a hard weekend with lots of alcohol ->
1. Layer 2 Technologies
1.1) Link Aggregation - missing lacp system-priority 1 - 0p
1.2) 802.1x Authentication - 3p
1.3) Performance Optimaization - sdm prefer routing - 0p
2. IPv4
2.1) OSPF - missing area auth - 0p
2.2) EIGRP - 3p
2.3) RIP Filtering - 2p
2.4) IGP Redistribution - missing external ospf AD - 0p
2.5) BGP Peering - missing no prepend on local-as - 0p
2.6) BGP Filtering - 2p
2.7) BGP Summarization - missing deny to IGP neighbors - 0p
2.8) BGP Tuning - bgp nexthop trigger delay 15 - 0p
3. IPv6
3.1) IPv6 Deployment - 3p
4. MPLS VPN
4.1) L2 VPN - missing native config on R4 - interface-types must match - 0p
5. Multicast
5.1) Multicast Testing - 2p
5.2) Multicast Traffic Control - missing nbma - 0p
6. Security
6.1) Router Hardening - 2p
6.2) Zone-Based Firewall - 4p
6.3) Traffic Logging - permit instead of deny any - 0p
6.4) ICMP Filtering - 0p
7. Network Services
7.1) RMON - 3p
7.2) Remote Access - 0p
7.3) Remote Access Security - 0p
7.4) Syslog - 0p
7.5) System Management - no setup express...aha - 0p
8. QoS
8.1) Congestion Management - 0p
8.2) Policy Routing - missing ftp-data - 0p
8.3) Congestion Management - 0p
8.4) Frame Relay Traffic Shaping - 0p
(Full 79/Pass 64/My 21)
1. Layer 2 Technologies
1.1) Link Aggregation - missing lacp system-priority 1 - 0p
1.2) 802.1x Authentication - 3p
1.3) Performance Optimaization - sdm prefer routing - 0p
2. IPv4
2.1) OSPF - missing area auth - 0p
2.2) EIGRP - 3p
2.3) RIP Filtering - 2p
2.4) IGP Redistribution - missing external ospf AD - 0p
2.5) BGP Peering - missing no prepend on local-as - 0p
2.6) BGP Filtering - 2p
2.7) BGP Summarization - missing deny to IGP neighbors - 0p
2.8) BGP Tuning - bgp nexthop trigger delay 15 - 0p
3. IPv6
3.1) IPv6 Deployment - 3p
4. MPLS VPN
4.1) L2 VPN - missing native config on R4 - interface-types must match - 0p
5. Multicast
5.1) Multicast Testing - 2p
5.2) Multicast Traffic Control - missing nbma - 0p
6. Security
6.1) Router Hardening - 2p
6.2) Zone-Based Firewall - 4p
6.3) Traffic Logging - permit instead of deny any - 0p
6.4) ICMP Filtering - 0p
7. Network Services
7.1) RMON - 3p
7.2) Remote Access - 0p
7.3) Remote Access Security - 0p
7.4) Syslog - 0p
7.5) System Management - no setup express...aha - 0p
8. QoS
8.1) Congestion Management - 0p
8.2) Policy Routing - missing ftp-data - 0p
8.3) Congestion Management - 0p
8.4) Frame Relay Traffic Shaping - 0p
(Full 79/Pass 64/My 21)
Donnerstag, 14. Juli 2011
IPv6 on 3550 - Yeah ! It's possible
Rack1SW1#show version | incl 35
Cisco IOS Software, C3550 Software (C3550-IPSERVICESK9-M), Version 12.2(44)SE6, RELEASE SOFTWARE (fc1)
ROM: Bootstrap program is C3550 boot loader
System image file is "flash:/c3550-ipservicesk9-mz.122-44.SE6.bin"
Cisco WS-C3550-24 (PowerPC) processor (revision G0) with 65526K/8192K bytes of memory.
Model number: WS-C3550-24-SMI
Rack1SW1#sh run | incl ipv6
ipv6 unicast-routing
ipv6 address FC00:1:0:37::7/64
ipv6 rip TEST enable
ipv6 enable
Rack1SW1#sh run int tun0
Building configuration...
Current configuration : 127 bytes
!
interface Tunnel0
no ip address
ipv6 address FC00:1:0:37::7/64
ipv6 rip TEST enable
tunnel source Loopback0
tunnel destination 150.1.3.3
end
Rack1SW1#ping fc00:1:0:37::3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to FC00:1:0:37::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/3/4 ms
Rack1SW1#show ipv6 neigh
Rack1SW1#show ipv6 route
IPv6 Routing Table - Default - 4 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
R - RIP, D - EIGRP, EX - EIGRP external
R 2002::/64 [120/2]
via FE80::20E:D7FF:FE10:4700, Tunnel0
C FC00:1:0:37::/64 [0/0]
via Tunnel0, directly connected
L FC00:1:0:37::7/128 [0/0]
via Tunnel0, receive
L FF00::/8 [0/0]
via Null0, receive
Rack1SW1#
Rack1SW1#ping 2002::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2002::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/2/4 ms
Rack1SW1#
Cisco IOS Software, C3550 Software (C3550-IPSERVICESK9-M), Version 12.2(44)SE6, RELEASE SOFTWARE (fc1)
ROM: Bootstrap program is C3550 boot loader
System image file is "flash:/c3550-ipservicesk9-mz.122-44.SE6.bin"
Cisco WS-C3550-24 (PowerPC) processor (revision G0) with 65526K/8192K bytes of memory.
Model number: WS-C3550-24-SMI
Rack1SW1#sh run | incl ipv6
ipv6 unicast-routing
ipv6 address FC00:1:0:37::7/64
ipv6 rip TEST enable
ipv6 enable
Rack1SW1#sh run int tun0
Building configuration...
Current configuration : 127 bytes
!
interface Tunnel0
no ip address
ipv6 address FC00:1:0:37::7/64
ipv6 rip TEST enable
tunnel source Loopback0
tunnel destination 150.1.3.3
end
Rack1SW1#ping fc00:1:0:37::3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to FC00:1:0:37::3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/3/4 ms
Rack1SW1#show ipv6 neigh
Rack1SW1#show ipv6 route
IPv6 Routing Table - Default - 4 entries
Codes: C - Connected, L - Local, S - Static, U - Per-user Static route
R - RIP, D - EIGRP, EX - EIGRP external
R 2002::/64 [120/2]
via FE80::20E:D7FF:FE10:4700, Tunnel0
C FC00:1:0:37::/64 [0/0]
via Tunnel0, directly connected
L FC00:1:0:37::7/128 [0/0]
via Tunnel0, receive
L FF00::/8 [0/0]
via Null0, receive
Rack1SW1#
Rack1SW1#ping 2002::2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2002::2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/2/4 ms
Rack1SW1#
Mittwoch, 13. Juli 2011
Dienstag, 12. Juli 2011
INE WB Vol1 - 8.31 Anycast RP
Lab it up again on a small scenario
msdp originator-id should be set to unique peering loopbacks not the Anycast RP Loopback !
msdp originator-id should be set to unique peering loopbacks not the Anycast RP Loopback !
Montag, 11. Juli 2011
Sonntag, 10. Juli 2011
INE WB Vol2 - Configuration Lab 1
1. Layer 2
1.1 Layer 2 Features - 0 Points
- missed VLAN on removal
- PrivateVLANs not possible on 3550
2. IGP
2.1 OSPF - 0 Points
- missed virtual link
- missed hello multiplier (speed convergence)
- missed non-broadcast neighborship for security
2.2 IGP Features - 3 Points
2.3 BGP Bestpath Selection - 4 Points
3. IPv6
3.1 IPv6 Addressing - 4 Points
3.2. IPv6 Multicast Basics - 0 Points
- R4/R5 RP/BSR mixed-up (DAMN!)
4. MPLS VPN
4.1 LDP - 3 points
4.2 VPN - 3 points
5. IP Multicast
5.1 RP Assignment - 2 Points
5.2 Multicast Testing - 3 Points
5.3 Multicast Filtering - 0 Points
- used ip multicast boundary 1 instead of ip igmp access-group 1
6. Security
6.1 Denial of Service Tracking - 3 Points
6.2 Spoof Prevention - 2 Points
6.3 Information leaking - 0 Points
- used only unreachables not mask-reply
6.4 Control Plane Protection - 0 Points
- used a control plane policy :( instead of simple ACLs
7. Network Services
7.1 RMON - 3 Points
7.2 NTP - 2 Points
7.3 NTP Authentication 3 Points
7.4 Traffic Accounting - 3 Points
7.5 Gateway Redundancy - 3 Points
7.6 Network Address Translation - 3 Points
7.7 Embedded Event Management - 0 Points
- had absolutely no clue
8. QoS
8.1 Frame Relay Traffic Shaping - 0 Points
- had no real clue
8.2 Rate Limiting - 0 Points
- made it with rate-limit not with a policy-map
8.3 CBWFQ - 0 Points
- service-policy on physical interface not on DLCIs
8.4. Catalyst QoS - 0 Points
- no clue
(Full 79/Pass 64/My 44)
1.1 Layer 2 Features - 0 Points
- missed VLAN on removal
- PrivateVLANs not possible on 3550
2. IGP
2.1 OSPF - 0 Points
- missed virtual link
- missed hello multiplier (speed convergence)
- missed non-broadcast neighborship for security
2.2 IGP Features - 3 Points
2.3 BGP Bestpath Selection - 4 Points
3. IPv6
3.1 IPv6 Addressing - 4 Points
3.2. IPv6 Multicast Basics - 0 Points
- R4/R5 RP/BSR mixed-up (DAMN!)
4. MPLS VPN
4.1 LDP - 3 points
4.2 VPN - 3 points
5. IP Multicast
5.1 RP Assignment - 2 Points
5.2 Multicast Testing - 3 Points
5.3 Multicast Filtering - 0 Points
- used ip multicast boundary 1 instead of ip igmp access-group 1
6. Security
6.1 Denial of Service Tracking - 3 Points
6.2 Spoof Prevention - 2 Points
6.3 Information leaking - 0 Points
- used only unreachables not mask-reply
6.4 Control Plane Protection - 0 Points
- used a control plane policy :( instead of simple ACLs
7. Network Services
7.1 RMON - 3 Points
7.2 NTP - 2 Points
7.3 NTP Authentication 3 Points
7.4 Traffic Accounting - 3 Points
7.5 Gateway Redundancy - 3 Points
7.6 Network Address Translation - 3 Points
7.7 Embedded Event Management - 0 Points
- had absolutely no clue
8. QoS
8.1 Frame Relay Traffic Shaping - 0 Points
- had no real clue
8.2 Rate Limiting - 0 Points
- made it with rate-limit not with a policy-map
8.3 CBWFQ - 0 Points
- service-policy on physical interface not on DLCIs
8.4. Catalyst QoS - 0 Points
- no clue
(Full 79/Pass 64/My 44)
INE WB Vol2 - Troubleshooting Lab 1
TS1.1) 2p nni->dce
TS1.2) 2p next-hopf-self
TS1.3) 3p wrong static def.global
TS1.4) - RIP
TS1.5) 2p ospf-dead-interval
TS1.6) - WCCP
TS1.7) 2p ip rip send version 1 -> 2
TS1.8) 2p database-filter
TS1.9) - http authentication local
TS1.10) 2p drop / control-plane
----------------------------------
15 - FAIL (Passing grade 16) - but i used only 1 h and did not verify
TS1.2) 2p next-hopf-self
TS1.3) 3p wrong static def.global
TS1.4) - RIP
TS1.5) 2p ospf-dead-interval
TS1.6) - WCCP
TS1.7) 2p ip rip send version 1 -> 2
TS1.8) 2p database-filter
TS1.9) - http authentication local
TS1.10) 2p drop / control-plane
----------------------------------
15 - FAIL (Passing grade 16) - but i used only 1 h and did not verify
Donnerstag, 7. Juli 2011
[OT] TFTPD Error code 1: File not found
l33th4x0r@os390:~$ tftp 1.1.1.1
tftp> put i-hate-tftpd.txt
Error code 1: File not found
tftp>
...
my-fucking-tftpd:~# cat /etc/default/tftpd-hpa
#Defaults for tftpd-hpa
RUN_DAEMON="yes"
OPTIONS="-l -c -s /var/lib/tftpboot/"
#change to "-c" for creating files
my-fucking-tftpd:~#
my-fucking-tftpd:~# chown nobody -R /var/lib/tftpboot/
my-fucking-tftpd:~# chmod -R 777 /var/lib/tftpboot/
...
l33th4x0r@os390:~$ tftp 1.1.1.1
tftp> put i-hate-tftpd.txt
Sent 856063 bytes in 1.2 seconds
tftp>
Wow....
If you encounter problems with the tftpd-hpa package on Debian systems... here's the solution
tftp> put i-hate-tftpd.txt
Error code 1: File not found
tftp>
...
my-fucking-tftpd:~# cat /etc/default/tftpd-hpa
#Defaults for tftpd-hpa
RUN_DAEMON="yes"
OPTIONS="-l -c -s /var/lib/tftpboot/"
#change to "-c" for creating files
my-fucking-tftpd:~#
my-fucking-tftpd:~# chown nobody -R /var/lib/tftpboot/
my-fucking-tftpd:~# chmod -R 777 /var/lib/tftpboot/
...
l33th4x0r@os390:~$ tftp 1.1.1.1
tftp> put i-hate-tftpd.txt
Sent 856063 bytes in 1.2 seconds
tftp>
Wow....
If you encounter problems with the tftpd-hpa package on Debian systems... here's the solution
Samstag, 2. Juli 2011
DUMBASS SECTION - BGP communities
route-map COM, permit, sequence 10
Match clauses:
community (community-list filter): 200:200
Set clauses:
local-preference 200
Policy routing matches: 0 packets, 0 bytes
route-map COM, permit, sequence 20
Match clauses:
Set clauses:
Policy routing matches: 0 packets, 0 bytes
Rack1R3#
Match clauses:
community (community-list filter): 200:200
Set clauses:
local-preference 200
Policy routing matches: 0 packets, 0 bytes
route-map COM, permit, sequence 20
Match clauses:
Set clauses:
Policy routing matches: 0 packets, 0 bytes
Rack1R3#
Rack1R3#show ip bgp 112.0.0.0
BGP routing table entry for 112.0.0.0/8, version 9
Paths: (3 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
1 2 3
100 54 50 60
155.1.13.1 from 155.1.13.1 (150.1.1.1)
Origin IGP, localpref 100, valid, external, best
Community: 200:200
300 100 54 50 60
155.1.37.7 from 155.1.37.7 (150.1.7.7)
Origin IGP, localpref 100, valid, external
100 54 50 60
155.1.45.4 (metric 27262976) from 155.1.0.5 (150.1.5.5)
Origin IGP, metric 0, localpref 100, valid, internal
Rack1R3#
BGP routing table entry for 112.0.0.0/8, version 9
Paths: (3 available, best #1, table Default-IP-Routing-Table)
Advertised to update-groups:
1 2 3
100 54 50 60
155.1.13.1 from 155.1.13.1 (150.1.1.1)
Origin IGP, localpref 100, valid, external, best
Community: 200:200
300 100 54 50 60
155.1.37.7 from 155.1.37.7 (150.1.7.7)
Origin IGP, localpref 100, valid, external
100 54 50 60
155.1.45.4 (metric 27262976) from 155.1.0.5 (150.1.5.5)
Origin IGP, metric 0, localpref 100, valid, internal
Rack1R3#
...
Hm.. community arrives at R3 but the route-map doesn't care. Still localpref 100 not 200.
Minutes passing by....
....
AHH not the community itself, sure... i need a community-list
....
Rack1R3(config)#ip community-list standard 200:200 permit 200:200 ?
Rack1R3#show ip bgp regexp _60$
BGP table version is 25, local router ID is 150.1.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 112.0.0.0 155.1.13.1 200 0 100 54 50 60 i
* 155.1.37.7 0 300 100 54 50 60 i
*> 113.0.0.0 155.1.13.1 200 0 100 54 50 60 i
* 155.1.37.7 0 300 100 54 50 60 i
Rack1R3#s
Rack1R3(config)#ip community-list standard 200:200 permit 200:200 ?
Rack1R3#show ip bgp regexp _60$
BGP table version is 25, local router ID is 150.1.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 112.0.0.0 155.1.13.1 200 0 100 54 50 60 i
* 155.1.37.7 0 300 100 54 50 60 i
*> 113.0.0.0 155.1.13.1 200 0 100 54 50 60 i
* 155.1.37.7 0 300 100 54 50 60 i
Rack1R3#s
Abonnieren
Posts (Atom)