tag:blogger.com,1999:blog-45673825987241666252024-03-13T06:19:11.163+02:00CCIE in 3 months - Is it possible?This is a journey to passing the CCIE R&S Lab exam in a period of 3 months.<br>
The journey started on 19th of Oct 2007 and ended at 18th of Jan 2008.<br><br>
Destination reached : <b>CCIE™ #19858 (R&S)</b>
<br><br>Tassoshttp://www.blogger.com/profile/04512662084752743003noreply@blogger.comBlogger129125tag:blogger.com,1999:blog-4567382598724166625.post-67588964444389878642014-02-23T12:19:00.001+02:002014-03-11T15:54:28.189+02:00IPv6 radius accounting is still a mess
Since the beginning of putting IPv6 into production BRAS/BNG (almost 3 years ago), we were facing the following issue: radius accounting records were missing either IPv4 and/or IPv6 address information. When only IPv4 was being used, everything was easy: just wait for IPCP to complete and then send the accounting record. Now, with the addition of IPv6 and most importantly DHCPv6 into the Tassoshttp://www.blogger.com/profile/04512662084752743003noreply@blogger.com2tag:blogger.com,1999:blog-4567382598724166625.post-31526111665490812852014-02-11T00:13:00.001+02:002014-02-13T01:04:08.468+02:00minus one, plus oneminus one month, plus one CCIE...
The chronicle of my latest success...
Tassoshttp://www.blogger.com/profile/04512662084752743003noreply@blogger.com1tag:blogger.com,1999:blog-4567382598724166625.post-87987187179236659562013-10-27T20:57:00.000+02:002013-10-27T22:04:11.927+02:00How Multi is MP-BGP in IOS-XR - Part #2When two years ago i was writing the first part of "How Multi is MP-BGP in IOS-XR", i concluded with the following:
In IOS-XR you need an IPv6 NH in order to activate the IPv6 AF for an IPv4 BGP session.
If you don't have an IPv6 NH, then the IPv4 BGP session won't even come up.
The above was done to protect against misconfiguration, because otherwise you would get a misleading v4 mapped v6 Tassoshttp://www.blogger.com/profile/04512662084752743003noreply@blogger.com0tag:blogger.com,1999:blog-4567382598724166625.post-82553605395506760292012-11-10T14:37:00.002+02:002012-11-10T21:20:35.526+02:00You have to make the right balance between the convergence time and MTULately i'm getting the impression that Cisco is getting new products out without the proper internal testing.
I'm going to talk about two recent examples, ASR1001 and ASR901, devices that are an excellent value for money, but (as usual) hide limitations that you unfortunately find out only after exhaustive testing.
ASR1001 is a fine router, a worthy replacement of 7200, which can be used for Tassoshttp://www.blogger.com/profile/04512662084752743003noreply@blogger.com2tag:blogger.com,1999:blog-4567382598724166625.post-8434152447176685502011-11-12T19:14:00.001+02:002011-11-13T12:35:09.585+02:00aggregate-address ... summary-only-after-a-whileAs it seems, there is always something that you think you know, until it's proven the other way around.
Some years ago, when i was studying for the CCIE, i knew that in order to suppress more specific routes from an aggregate advertisement in BGP, you could use the "aggregate-address .... summary-only" command. And i believed it until recently.
Let's suppose you have the following config in a Tassoshttp://www.blogger.com/profile/04512662084752743003noreply@blogger.com14tag:blogger.com,1999:blog-4567382598724166625.post-78439522772822378042011-09-17T14:11:00.001+03:002011-09-17T20:02:07.337+03:00AAA and VTYs in IOS-XR : BingoContinuing on the IOS-XR saga, this is the newest bunch of things that don't "work as expected" (© Cisco). Well, as expected by me, not by Cisco.
Everything started while trying to configure a primary and backup aaa login method on an ASR9k, when i realized that...
1) having a backup aaa login method with the same tacacs servers as the ones in the primary aaa login method (which is using the Tassoshttp://www.blogger.com/profile/04512662084752743003noreply@blogger.com10tag:blogger.com,1999:blog-4567382598724166625.post-39324054094091645462011-06-03T01:52:00.026+03:002011-06-10T17:52:30.811+03:00Debugging IPv6 MTU issues in WindowsA common problem you might face soon (World IPv6 Day is 5 days away) is reachability to IPv6 sites due to MTU issues. ICMPv6 has a nice internal mechanism which is supposed to help the application overcome these issues, but like in the IPv4 world, not everything is perfect.
Let's suppose that an IPv6 subscriber is using a DSL router and is connected through PPPoE to a BRAS.
TARGET <=> Tassoshttp://www.blogger.com/profile/04512662084752743003noreply@blogger.com5tag:blogger.com,1999:blog-4567382598724166625.post-9803619039604213082011-05-23T19:06:00.009+03:002011-06-03T23:35:06.914+03:00To forward, to peer, or to tunnel?In an imaginary Cisco world every device would be able to talk with every other device in various layers. In the actual Cisco world, some devices can talk to some devices, while they can't talk to some other devices.
I'm talking specifically about L2 Control Protocols (L2CPs), when these need to be exchanged between different devices in order to support a requirement (i.e. create a spanning-treeTassoshttp://www.blogger.com/profile/04512662084752743003noreply@blogger.com2tag:blogger.com,1999:blog-4567382598724166625.post-58907313362427174312011-05-05T12:48:00.023+03:002013-10-27T19:13:51.251+02:00How Multi is MP-BGP in IOS-XR?This caught me on surprise. I had an impression that IOS-XR as an advanced operating system would support all kinds of multi-protocol transferability over BGP.
As it seems, there is an issue when transferring IPv6 prefixes over an IPv4 peering or IPv4 prefixes over an IPv6 peering. This happens for sure on ASR9k running latest 4.1.0, but i haven't verified it on the CRS yet.
IPv4 prefixes over Tassoshttp://www.blogger.com/profile/04512662084752743003noreply@blogger.com10tag:blogger.com,1999:blog-4567382598724166625.post-23376275304342381692011-05-04T01:08:00.032+03:002011-05-04T09:33:51.598+03:00BRAS/Server initiated renewal for DHCPv6-PD leases - When?One major issue when dealing with IPv6 CPEs is the currently missing capability to renew automatically the IPv6 addresses on the CPE's LAN after a disconnect/reconnect of the subscriber's dynamic session.
Although there are some tricks (#1, #2) for client (subscriber) initiated renewal, not all CPE vendors support those tricks. Also many times it is preferable to have the BRAS/BNG, or generally Tassoshttp://www.blogger.com/profile/04512662084752743003noreply@blogger.com0tag:blogger.com,1999:blog-4567382598724166625.post-6573390472451201202011-04-30T16:27:00.016+03:002011-04-30T16:58:12.903+03:00VTY IPv6 ACLs in IOS-XROne of the first things you have to do before adding IPv6 addresses in a router, is to protect its management plane. A simple way to implement a part of that is to define an ACL (Access List) under the relevant terminal lines (VTYs).
In IOS it's quite simple.
One ACL for IPv4 and one ACL for IPv6, which cannot share the same name.
! IOS
!----
ip access-list extended IPV4-VTY-ACL
permit ip Tassoshttp://www.blogger.com/profile/04512662084752743003noreply@blogger.com1tag:blogger.com,1999:blog-4567382598724166625.post-76525944835601466892011-04-30T13:05:00.018+03:002011-04-30T17:09:55.335+03:00Sample IPv6 Addressing/Dimensioning Plan for ISPsThis is a high level summary of an IPv6 addressing & dimensioning plan for mid-sized service providers. Obviously it doesn't apply to all cases, but i hope other people will find it useful too.
First you define 3 levels of PoPs (Points of Presence), depending on number of customers and address consumption:
Level-1 PoP (Large)
Level-2 PoP (Medium)
Level-3 PoP (Small)
Then you define 2 types Tassoshttp://www.blogger.com/profile/04512662084752743003noreply@blogger.com5tag:blogger.com,1999:blog-4567382598724166625.post-40022604651140402762011-04-26T18:13:00.001+03:002011-04-26T18:19:21.282+03:00IOS-XR still lacks proper help outputIs it really so hard for Cisco to put a logic in the list of available configuration commands?
This is what you get if you enter "?" under a BVI in an ASR9k running IOS-XR 4.0.1.
RP/0/RSP0/CPU0:ASR9k1(config-if)#?
address-family AFI/SAFI configuration
arp Configure Address Resolution Protocol
bandwidth Set the bandwidth of an interface
clear Clear Tassoshttp://www.blogger.com/profile/04512662084752743003noreply@blogger.com0tag:blogger.com,1999:blog-4567382598724166625.post-70759675085095952132011-04-23T11:35:00.021+03:002011-04-24T13:57:39.633+03:00How to assign IPv6 addresses to broadband CPEsDuring the last months i've been experimenting a lot with all possible IPv6 address assignment methods to a broadband subscriber. As is the case with most ISPs and IPv6, we are testing every possible scenario before we put one (or a combination) of them into production; nevertheless we still haven't decided which path to follow on every aspect. And although we have made up our minds on many of Tassoshttp://www.blogger.com/profile/04512662084752743003noreply@blogger.com1tag:blogger.com,1999:blog-4567382598724166625.post-85491242948424827612011-04-16T01:36:00.012+03:002011-04-17T14:31:30.825+03:00How to find the peer IPv6 address of a PPPoE subscriberIn the IPv4 world you could very easily do the following on a BRAS/BNG, find the subscriber's IPv4 address and ping it.
bbras#sh users | i test
Vi4 test PPPoVPDN 00:01:42 10.11.12.13
bbras#p 10.11.12.13
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.11.12.13, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/18/24 ms
Tassoshttp://www.blogger.com/profile/04512662084752743003noreply@blogger.com1tag:blogger.com,1999:blog-4567382598724166625.post-39311771352710021432011-03-13T14:14:00.044+02:002012-09-29T23:20:53.476+03:00Trying to calculate the IPv6 BGP table in 2015As you may have already noticed, during the last months there isn't anything new written here by me. This is mainly due to two reasons: 1) lack of free time due to new responsibilities in my company and 2) most of my writing happens in our internal wiki (almost 200 "docs" during the last 12 months!).
On the other hand, there are a lot of "new" things happening in the internet, one of them being Tassoshttp://www.blogger.com/profile/04512662084752743003noreply@blogger.com4tag:blogger.com,1999:blog-4567382598724166625.post-1583417717602419722010-10-09T11:49:00.009+03:002010-10-09T12:20:33.692+03:00Admin privileges in IOS, IOS-XR, NX-OSFor all of you that are using tacacs+ for AAA, if you want to assign admin privileges and permissions to your users, this is the configuration that has worked for me regarding a variety of Cisco devices:
IOS
user = username {
default service = permit
service = exec {
priv-lvl=15
}
}
IOS-XR
user = username {
default service = permit
Tassoshttp://www.blogger.com/profile/04512662084752743003noreply@blogger.com3tag:blogger.com,1999:blog-4567382598724166625.post-11294948786162099662010-09-26T21:51:00.016+03:002010-09-26T22:38:10.028+03:00How to edit text files in IOS-XR - The easy wayEveryone dealing with IOS-XR will know that you have the option of using an editor to edit your RPL (Routing Policy Language) configuration. As of 3.9.1 the available editors are the following:
nano
emacs
vim (enhanced version of vi)
So, instead of entering the configuration line by line in CLI, you can create it using an editor and a temporary file.
The same editors are also available for Tassoshttp://www.blogger.com/profile/04512662084752743003noreply@blogger.com3tag:blogger.com,1999:blog-4567382598724166625.post-60492753017945165732010-09-13T03:02:00.029+03:002010-09-13T16:17:11.433+03:00How to get full root access in IOS-XR with just a single permissionDuring the last week i'm experimenting with an ASR9000 and IOS-XR and here is something tricky i found out yesterday.
You may already know that IOS-XR uses a different concept for users' permissions. In IOS you have users and privilege levels, while in IOS-XR you have Users, User Groups, Task Groups and Task IDs. In general, the operational tasks that enable users to control, configure, and Tassoshttp://www.blogger.com/profile/04512662084752743003noreply@blogger.com3tag:blogger.com,1999:blog-4567382598724166625.post-76238163135626741682010-08-28T20:20:00.077+03:002010-08-31T16:26:48.118+03:00Decoding the RIPE BGP experimentA lot of you probably saw your BGP routers go crazy on Friday 27th of August in the morning, especially if you happened to have a CRS (or another router running IOS-XR, like a C12k or ASR9k) in your (or a near) network.RIPE and Duke University decided to experiment with Quagga's BGP and the result was to make some routers reset their BGP sessions, because they were receiving malformed BGP update Tassoshttp://www.blogger.com/profile/04512662084752743003noreply@blogger.com12tag:blogger.com,1999:blog-4567382598724166625.post-77968615276579677162010-04-18T17:25:00.035+03:002010-04-19T10:04:59.114+03:00How to find queue utilisation on 7600/ES+ cardsCisco usually provides various technical characteristics about their products, but you never get the details you need. One big mystery are the ES/ES+ cards on the 7600 platform. We've been using the ES+ cards for quite a long time and i was trying to get a comparison with the ES+T ones, which come in lower prices. The most worrying fact (regarding a specific project's needs) was a difference in Tassoshttp://www.blogger.com/profile/04512662084752743003noreply@blogger.com4tag:blogger.com,1999:blog-4567382598724166625.post-65987453671983369072010-02-13T13:32:00.013+02:002010-02-13T15:43:05.990+02:00Realtime chat between Cisco routersYou might probably know that it's possible to send messages from one vty line to another on a single Cisco router.R1#send ? * All tty lines <0-17> Send a message to a specific line aux Auxiliary line console Primary terminal line log Logging destinations qdm Send a message to QDM client vty Virtual terminal xsm Send a message to XSM clientR1#send 1Enter Tassoshttp://www.blogger.com/profile/04512662084752743003noreply@blogger.com5tag:blogger.com,1999:blog-4567382598724166625.post-66300300039822450072010-02-08T10:50:00.013+02:002010-02-08T11:55:19.682+02:00Should IPC's 127.0.0.0/8 be redistributed by OSPF?I have a tac case open for over 5 months, regarding the default redistribution of 127/8 when "service internal" is configured on a C10000 router. Keep in mind that i'm redistributing all connected routes to OSPF.Specifically:C10k-33SB7>sh ip route 127.0.0.0Routing entry for 127.0.0.0/8, 2 known subnets Attached (2 connections) Variably subnetted with 2 masks Redistributing via ospf xC Tassoshttp://www.blogger.com/profile/04512662084752743003noreply@blogger.com2tag:blogger.com,1999:blog-4567382598724166625.post-40016525896954120512010-02-01T10:16:00.038+02:002010-02-01T13:06:44.318+02:00Get your hands dirty with Linux on an ASR1000Most of you will know that ASR1000 is running IOS XE on top of a Linux kernel. Actually, more than one IOS XE packages run on top of more than one Linux kernels (all three control CPUs (RP, FECP, IOCP) run a Linux kernel).Here is how you can have some fun with it.WARNING : Everything below this line is being done at your own risk. You probably don't want to experiment on a production network and Tassoshttp://www.blogger.com/profile/04512662084752743003noreply@blogger.com6tag:blogger.com,1999:blog-4567382598724166625.post-86483133493067579132010-01-30T20:17:00.016+02:002010-02-09T10:52:47.126+02:00Networkers at Cisco Live 2010 - Barcelona1 year after, i revisited Barcelona for this year's Networkers at Cisco Live 2010. This time i focused mostly on training.Below you'll find my experience, expressed in the usual ranking model:Category Grade Comments----------------------------------------------------------------------------------Hotel B- I stayed at a non-Cisco hotel. + : it was only 3 mins walk Tassoshttp://www.blogger.com/profile/04512662084752743003noreply@blogger.com6