Monthly Archives: October 2013

Notas Outbound Route Filtering (ORF)

Esta feature do BGP permite ao router controlar através de um prefix-list quais os prefixos que o BGP peer deve enviar, permitindo assim reduzir o numero de prefixos processados. Sintaxe:

router bgp autonomous-system-number
 
neighbor ip-address capability orf prefix-list [send | receive | both]
 
neighbor {ip-address| peer-group-name} prefix-list prefix-list-name {in | out}

Notas:

  • Apenas é usado em eBGP
  • Não suporta multicast
  • Deve ser configurado apenas por address family

Diagrama

BGP Outbound Router Filtering (ORF)

Exemplo 1

O router R2 pretende receber apenas o prefixo 192.168.2.0/24

R1

router bgp 65100
neighbor 192.168.1.2 remote-as 65200
address-family ipv4
neighbor 192.168.1.2 capability orf prefix-list receive

R2

ip prefix-list ORFFILTER seq 5 permit 192.168.2.0/24
 
router bgp 65200
neighbor 192.168.1.1 remote-as 65100
address-family ipv4
neighbor 192.168.1.1 capability orf prefix-list send
neighbor 192.168.1.1 prefix-list ORFFILTER in

 
Verificar os prefixos a filtrar no peering com o R2, definidos pelo prefix-list em R2:

R1#show ip bgp neighbors 192.168.1.2 received prefix-filter
Address family: IPv4 Unicast ip prefix-list 192.168.1.2: 1 entries seq 5 permit 192.168.2.0/24
 
R1#show ip bgp neighbors 192.168.1.2 | beg ORF
Outbound Route Filter (ORF) type (128) Prefix-list:
Send-mode: received
Receive-mode: advertised
Outbound Route Filter (ORF): received (1 entries)

Sent Rcvd
Prefix activity: —- —-
Prefixes Current: 0 0
Prefixes Total: 0 0
Implicit Withdraw: 0 0
Explicit Withdraw: 0 0
Used as bestpath: n/a 0
Used as multipath: n/a 0

Outbound Inbound
Local Policy Denied Prefixes: ——– ——-
ORF prefix-list: 4 n/a
Total: 4 0
Number of NLRIs in the update sent: max 3, min 1

Tabela de routing do R2

R2#show ip route bgp
 
B 192.168.2.0/24 [20/0] via 192.168.1.1, 00:01:12

 

Exemplo 2

O router R2 pretende receber todos os prefixos excepto o 192.168.2.0/24

R1

router bgp 65100
neighbor 192.168.1.2 remote-as 65200
address-family ipv4
neighbor 192.168.1.2 capability orf prefix-list receive

R2

ip prefix-list ORFFILTER seq 5 deny 192.168.2.0/24
ip prefix-list ORFFILTER seq 10 permit le 0.0.0.0/0 le 32
 
router bgp 65200
neighbor 192.168.1.1 remote-as 65100
address-family ipv4
neighbor 192.168.1.1 capability orf prefix-list send
neighbor 192.168.1.1 prefix-list ORFFILTER in

Verificar os prefixos a filtrar no peering com o R2, definidos pelo prefix-list em R2:

R1#show ip bgp neighbors 192.168.1.2 received prefix-filter
Address family: IPv4 Unicast
ip prefix-list 192.168.1.2: 2 entries
seq 5 deny 192.168.2.0/24
seq 10 permit 0.0.0.0/0 le 32
 
R1#show ip bgp neighbors 192.168.1.2 | beg ORF
Outbound Route Filter (ORF) type (128) Prefix-list:
Send-mode: received
Receive-mode: advertised
Outbound Route Filter (ORF): received (2 entries)
Sent Rcvd
Prefix activity: —- —-
Prefixes Current: 3 0
Prefixes Total: 3 0
Implicit Withdraw: 0 0
Explicit Withdraw: 0 0
Used as bestpath: n/a 0
Used as multipath: n/a 0Outbound Inbound
Local Policy Denied Prefixes: ——– ——-
ORF prefix-list: 1 n/a
Total: 1 0
Number of NLRIs in the update sent: max 3, min 1

Tabela de routing do R2

R2#show ip route bgp
B 192.168.4.0/24 [20/0] via 192.168.1.1, 00:00:36
B 192.168.5.0/24 [20/0] via 192.168.1.1, 00:00:36
B 192.168.3.0/24 [20/0] via 192.168.1.1, 00:00:36

Nota:As alterações efetuadas na prefix-list não são propagadas automaticamente, sendo necessário forçar usando:

R2#clear ip bgp 192.168.1.1 in prefix-filter

@Atualizado 19/12/2015

CLI em modo menu

Usar Menus poderá ser uma forma rápida de permitir acesso a algumas das funções dos equipamentos. Existem outras formas como CBAC, ou atribuindo diferentes privilégios aos users.
username SOC privilege 15 password 0 CISCO
!Apos autenticação o user e redirecionado para o Menu através do autocommand
username SOC autocommand menu SOC
!
menu SOC title #
Menu for Level 1 SOC users
#
menu SOC text 1. Show Running Config
menu SOC command 1. show running-config
menu SOC text 2. Show Interface Brief
menu SOC command 2. show ip interface brief
menu SOC text 3. Show clock
menu SOC command 3. show Clock
menu SOC text 4. Exit
menu SOC command 4. exit

line vty 0 903
login local

Testando o respectivo Menu criado

R3#telnet 192.168.1.1
Trying 192.168.1.1 … Open

User Access Verification

Username: SOC
Password:
Menu for Level 1 SOC users

1.         Show Running Config

2.         Show Interface Brief

3.         Show clock

4.         Exit

Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            192.168.1.1      YES NVRAM  up                    up

Menu for Level 1 SOC users

1.         Show Running Config

2.         Show Interface Brief

3.         Show clock

4.         Exit

*03:53:17.163 UTC Fri Mar 1 2002
Menu for Level 1 NOC users

1.         Show Running Config

2.         Show Interface Brief

3.         Show clock

4.         Exit

[Connection to 192.168.1.1 closed by foreign host]
R3#

Mais uma rodada de 6 Labs

A precisão começa a aumentar, o que e óptimo mas por vezes ainda tenho alguns soluços :) pois tenho dúvidas em escolher a melhor solução tendo em conta de não violar os requisitos da Task. Bem por vezes a solução do INE não coincide com a minha mas o resultado final é o mesmo. Por vezes aparecem questões muito especificas sobre determinada feature, estas ficam para analisar no fim.

CCIE entre o jogo das cadeiras

Tentei marcar o Lab para Dezembro em Londres (Mobile LAB), seria uma oportunidade excelente dado que estou a trabalhar aqui, mas quando tentei marcar alguém se antecipou e ficou-me com o lugar… :(
Bem, agora só me resta marcar para Janeiro e neste caso será em Bruxelas, mais uma semana e esta marcado depois começam os nervos, ansiedade, sensações obscuras e sabe-se lá o que mais virá….

schedule-labccie-1

 

Cisco CLI Shortcuts

Capability
Purpose

Move around the command line to make changes or corrections.

Ctrl-B or the left arrow key

Move the cursor back one character.

Ctrl-F or the right arrow key

Move the cursor forward one character.

Ctrl-A

Move the cursor to the beginning of the command line.

Ctrl-E

Move the cursor to the end of the command line.

Esc B

Move the cursor back one word.

Esc F

Move the cursor forward one word.

Ctrl-T

Transpose the character to the left of the cursor with the character located at the cursor.

Recall commands from the buffer and paste them in the command line. The wireless device provides a buffer with the last ten items that you deleted.

Ctrl-Y

Recall the most recent entry in the buffer.

Esc Y

Recall the next buffer entry.

The buffer contains only the last 10 items that you have deleted or cut. If you press Esc Y more than ten times, you cycle to the first buffer entry.

Delete entries if you make a mistake or change your mind.

Delete or Backspace

Erase the character to the left of the cursor.

Ctrl-D

Delete the character at the cursor.

Ctrl-K

Delete all characters from the cursor to the end of the command line.

Ctrl-U or Ctrl-X

Delete all characters from the cursor to the beginning of the command line.

Ctrl-W

Delete the word to the left of the cursor.

Esc D

Delete from the cursor to the end of the word.

Capitalize or lowercase words or capitalize a set of letters.

Esc C

Capitalize at the cursor.

Esc L

Change the word at the cursor to lowercase.

Esc U

Capitalize letters from the cursor to the end of the word.

Designate a particular keystroke as an executable command, perhaps as a shortcut.

Ctrl-V or Esc Q

Scroll down a line or screen on displays that are longer than the terminal screen can display.

Note The More prompt appears for output that has more lines than can be displayed on the terminal screen, including show command output. You can use the Return and Space bar keystrokes whenever you see the More prompt.

Return

Scroll down one line.

Space

Scroll down one screen.

Redisplay the current command line if the wireless device suddenly sends a message to your screen.

Ctrl-L or Ctrl-R

Redisplay the current command line.

Extreme Networks adquire a Enterasys Networks

As aquisições tem sido uma constante feita pelos fabricantes, com a perspetiva de entrar em novos mercados ou reforçar a sua posição no mesmo. Mais uma aquisição, desta vez foi a vez da Extreme Networks que adquiriu a Enterasys Networks. Poderás ver a noticia na integra aqui.

enterasys_logo

Voucher VMware VCA Data Center Virtualization Cloud e End User Computing

Boas noticias, a VMware esta a tentar “puxar” os fundamentos básicos através da nova certificação VCA nas áreas Data Center Virtualization, Cloud e End User Computing. Existem cursos eLearning disponiveis sem qualquer custo, pelo que basta ver os fundamentos para conseguir passar no exame.O exame requer um pré-registo no site da VMware (confirmação em 2 dias úteis) e não exige pré-requisitos, o custo é uma pechincha, isto é, GRÁTIS. Aplicar o cupon code no momento do pagamento.

Coupon Code: VCA13ICS

Exame VCA-DCV:

VMware Data Center Virtualization Fundamentals

Exam Blueprint

Cloud

VMware Cloud Fundamentals

Exam Blueprint

Exame VCA-Cloud:

End User Computing

Exame VCA-WM:

VMware Workforce Mobility Fundamentals

Exam Blueprint

Poderás ver mais detalhes em http://vmware.com/certification 

VMware VCA

Referências:

PearsonVue

My Learn VMware

Notas ICMP Router Discovery Messages (IRDP)

Um dos protocolos First Hop Redundancy Protocols (FHRP) é o ICMP Router Discovery Messages (IRDP). Os hosts escolhem o gateway dinamicamente com base nas mensagens advertidas pelos routers e na preferência escolhem o gateway.

 

Notas:

  • By default usa advertisements broadcast, em multicast utiliza o IP 224.0.0.1
  • A preferência + alta prevalece

Exemplo:

Ligações:

R4-|                |
—-|switch_L2|-R3R2-|                |

R4#
interface FastEthernet0/1
ip address 192.168.20.4 255.255.255.0
 ip irdp
 ip irdp address 192.168.20.254 400
ip irdp preference 40

R2#
interface FastEthernet0/1
ip address 192.168.20.2 255.255.255.0
 ip irdp
 ip irdp address 192.168.20.2 350
ip irdp preference 200

R2(config)#ip gdp irdp
%Cannot start GDP client; system is routing IP

R3(config)#

!O GDP (Router discovery mechanism) deve ser apenas ativado no host, activar o !multicast caso os advertisiments tambem sejam

ip gdp irdp

interface FastEthernet0/0
ip address 192.168.20.1 255.255.255.0
 ip irdp

R3#sh ip route
Gateway         Using  Interval  Priority   Interface
192.168.20.4    IRDP      824       40        FastEthernet0/0
192.168.20.254  IRDP      755     350     FastEthernet0/0
192.168.20.2    IRDP      858       200     FastEthernet0/0

Default gateway is 192.168.20.254

Notas: A decisão do router eleito como gateway, é sempre feita com base na preference atribuída caso seja configurada. Caso contrário na preference do proxy-advertise.

Referências:

RFC 1256 – ICMP Router Discovery Messages

Notas BGP regex

O regex e essencialmente um parser, mas aplicado ao BGP torna-se um utilitário muito útil no parsing de rotas aprendidas pelo router. Existem alguns servidores públicos de rotas onde e possível testar o regex no BGP (consultar lista abaixo).

Exemplos:

!Rotas originadas no AS 21740

ns-route-server> sh ip bg reg _21740$
BGP table version is 934229088, local router ID is 24.137.100.8
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete

Network          Next Hop            Metric LocPrf Weight Path
*>i8.5.0.0/24       77.67.70.141           622    100      0 3257 21740 i
*>i8.5.0.0/23       77.67.70.141           622    100      0 3257 21740 i

!Rotas com origem nos neighbors do AS 3257

ns-route-server>sh ip bg reg ^3257_([0-9]+)?$
BGP table version is 934227310, local router ID is 24.137.100.8
Status codes: s suppressed, d damped, h history, * valid, > best, i – internal,
r RIB-failure, S Stale
Origin codes: i – IGP, e – EGP, ? – incomplete

Network          Next Hop            Metric LocPrf Weight Path
* i1.9.0.0/16       77.67.70.77             90    100      0 3257 4788 i
*>i1.9.52.0/24      77.67.70.77            180    100      0 3257 4788 ?
*>i1.9.53.0/24      77.67.70.141           613    100      0 3257 4788 ?

 

Tabela Caracteres no Regex:

Caracter Significado
^ Start of string
$ End of string
[] Range of characters
Used to specify range ( i.e. [0-9] )
( ) Logical grouping
. Any single character
* Zero or more instances
+ One or more instance
? Zero or one instance
_(underscore) Comma, open or close brace, open or close parentheses, start or end of string, or space
\ Matches the character following the backslash. Also matches (escapes) special characters.
| Concatenates constructs. Matches one of the characters or character patterns on either side of the vertical bar.

Lista servidores públicos de rotas:

Country City

Provider

ASN

Africa/Ghana MTN Ghana 37255
Australia/Chatswood Optus Australia 7474
Brazil/Sao Paulo PTT-Metro Sao Paulo 22548
Brazil/Sao Paulo Terremark Internet Exchange Sao Paulo 1251
Canada/Vancouver GT Group Telecom (West) 6539
Canada GT Group Telecom (East) 6539
Canada/Burnaby Telus – Eastern Canada 852
Canada Telus – Western Canada 852
Canada/Toronto Allstream – Central 15290
Canada/Montreal Allstream – East 15290
Canada/Vancouver Allstream – West 15290
Canada/Halifax Eastlink 11260
Germany/Hamburg Broadnet Mediascape Communications AG 9132
France OpenTransit 5511
Finland Eunet Finland 6667
Germany Tiscali 3257
Germany/Stuttgart BelWue 553
Japan Oregon Route Views Project 2500
Mexico Rio Grande do Sul Internet Exchange 1916
Netherlands Zebra Route Views on  Swift Global 21280
Philippines Bayan Telecom Inc. 6648
Philippines Manila Internet Exchange 9670
Romania Astral Telecom 6746
Switzerland Swisscom IP Plus 3303
South Africa South AfricanInternet Exchange – SAIX 5713
South Africa/Mauritius Internet Solutions 3741
Switzerland Sunrise Switzerland 6730
USA/Denver Time Warner Telecom 4323
USA/Ashburn Nlayer 4436
USA/Boca Raton, FL Host.net 13645
USA/Santa Clara Savvis 3561
USA/Sunnyvale Global Crossing 3549
USA/Oregon University of Oregon Route Views Project 6447
USA/Ashburn, VA Zebra Route Views on Sprint Network 1239
USA/CA Zebra Route Views on ISC.org 3557
USA/Fremont,  CA Hurricane Electric 6939
USA/New York AT&T 7018
USA/Las Vergas Switch Communications 23005
USA/SanDiego CERFnet 1838
USA/Broomfield, CO Wiltel 7911
UK Colt Internet 8220
UK Oregon Route Views with Verizon UK 5459
UK Global Crossing – Europe 3549
UK Energis / Planet Online 5388
UK PIPEX 5413
UK/London MainzKom Telekommunikation GmbH 15837