Monday, August 27, 2007

CCIE Regular Expression in BGP

I think one of the most scary configuration is when using Regular Expression (at least for me) it took me a while and I am still straggling from time to time, although I am writing to you about this I am sorry to say there is no easy way to get it. you just need to put it in your head I believe the each explanation has its own advantage as some people understand reading manual some need a trainer to lecture them. Here I will give some of my own explanation to the common regular expression: * all char, mean when you use this it can be any char ^ start here, for example ^5 mean any thing that start with 5 so it could be 5 or 500 or 54 or 5000000 $ end here, for example 5$ mean any string that end with 5 so it could be 455 or 45 or 5 or 3005 _ (underscore) start or end or space, this is a nice one as it mean you can either start a string or end a string or simple space. example _5_ can only mean 5 but _5 can mean 5 or 500 or 54 or 5000000 and 5_ can mean 455 or 45 or 5 or 3005 [] brackets, I do not know how to define it but it mean that any thing with in the brackets you use example 5[9834] mean it can be 59 or 58 or 53 or 54 basically it is like you put comma between char but you don't. you can also specify range 5[3-6] so it mean 53 or 54 or 55 or 56 ? true or false, this is nice as it is like a game you either have it or you don't when you specify 5? it mean either 5 or nothing mean he will search both scenarios. () group, here like you do arithmetic's you have logical grouping mean you can set up something like so ^50(_[1-9]43)?$ and it mean that it will bring you path that looks like that: 50 or 50 143 50 243 .... + plus sign mean that at least one char should be present example 4+ mean it can match 4 or 44 or 444 or 44444 there are a lot of combinations to the regular expression but they all just like a formula, you need to understand exactly what you want to match to form it. another useful regexp small and simple is ^$ yes this is useful and how you ask well as a client you would like to know most of the time that you are not being used, as you are paying the Service Provider and not the other way around. when you are connected to 2 SP and you get advertisements from one provider the default behavior is to publish to the other EBGP neighbors mean the 2 SP and consider the option that some time your route will be shorter then the route of the 1 SP to the 2 SP you will become a SP to the SP (hope I didn't confuse you) but to make long story short, if you publish networks that are not yours from your network you can become and will become a transit area mean that unwanted traffic of one SP will pass trough you and utilize your bandwidth and the simple way to stop it is not advertise network that are not your own!!! and how you do it you ask?! well by matching an as-path list to ^$ to permit only routes that do not have any other AS numbers on there path to be advertised meaning your own AS. simple no?!

CCIE QinQ

I must say this is one of the technology's I love and some times also love to hate as it can make you very confused on where to start and what to do to make it work, but once you do make it work you fill like Houdini.

why like Houdini because basically the technology make your middle switch go away like it never was there and sowing to the person you wanted to show like he is directly connected to a switch when he is not.

now that I made every one a little confused, i will start to explain, QinQ allow you to take a middle switch and turn it to transparent while connecting 2 other components and maid them fill like they are directly connected.





why do you need that, well the CCIE lab love it as it is confusing setup but there are more reason then that, with QinQ you can connect topology's while you migrating, you can also connect between clients that have there own topology that you do not want to encounter in your topology by transferring all of them with a single tag between there point of presents you do not need to create a trunk between the 2 branches and pass all the vlan id inside while limiting your self to 1 or 2 clients.

you can see a much more elaborate details in cisco site

here i will give you few steps to create QinQ simple scenario
you can see that R1 is connected to SW1 and SW1 connected to SW2, if you will do a show cdp nei on R1 you will see that you are connected on F0/0 to SW1 F0/1, I want you to make you see like you are connected to SW2 port F0/10, how to do that magic?!

Go into SW1
global config
! this is to allow another tag to pass the metro tag as it also
! called an additional of 4 byte
!
switch(config)#system mtu 1504
! i will create a vlan for access control between the ports


switch(config)#vlan 200
!
!now I will go under int F0/1 and F0/10 and type the same commands
switch(config-if)#sw mode dot1q-tunnel
switch(config-if)#sw acc vlan 200
switch(config-if)#l2protocol-tunnel cdp
switch(config-if)#no shut

now when you will go to R1 and do show cdp nei you will see like magic that you are directly connected to SW2 F0/10 instead of SW1 and I didn't switched the cable!!!

Read more on cisco site you will love it.

Tuesday, August 21, 2007

CCIE LAB with Dynamips

I am proude to present to you my first LAB design with Dynamips, it is a 5 router topology with the use of FRSW and ETHSW from Dynamips.

I am working today with IEWBv4 to get my number. during my study I have said to my self why not create also your own LAB topology with your own scenarios, and here we are.


you can download my .net and initial config


As for the Lab Scenarios rules:

1) Do NOT use Frame-Relay Inverse Arp
2) Do NOT use sub interface with int Frame-Relay
3) There should be connectivity trough out the network include routes advertised from BB1
4) Y represent the Router number

General
1) Set loopback interfaces on R1/R2/R3/R4 with 150.1.y.y

WAN

1) Set Connectivity on the Frame Relay cloud between R1 R2 and R3
2) set Connectivity on the Frame Relay cloud between R4 to BB1
3) Set Serial using ppp between R3 and R4
4) I am a little afraid from unwanted users so please make sure you add on MD5 authentication between R3 to R4 and to make it more efficient as most of my traffic is txt files please use compression.


IGP

OSPF


1) Router 1 , 2 , 3 should all be on Backbone area
2) Do not use DR/BDR
3) Set Timers as on Non-Brodcast Topology
4) Set Authentication MD5

Eigrp

1) Set Router 3 and 4 on AS 34
2) The Administrator have connectivity between R3 and 4 trogh the Serial and FastEthernet make sure that both path will be used.
3) Advertise loopback interfaces with out using the network command
4) please make R3 and R4 authenticate each other with "CCIEP3" password and make sure that on December 28 2008 12 AM (when I turn 30) the password will be changed to "CCIEP?" also i wont you to allow a R4 and R3 to be able to authenticate CCIEP3 until 3AM Dec 28 2008.

Redistribute

1) Simply redistribute between Eigrp and OSPF on R3


I will Continue this lab Scenario later, please review and advice if you have any suggestions or feedback I will be happy to get some.

Thank you

Risk Management - Quantitative risk assessment

The name kind of give away the type of assessment we talk about "Quantitative" according to google translate: relating to, meas...