Blog Posts in July 2008
Interesting links | 2008-07-27
- Petr Lapukhov continues to write interesting stuff: recently he's covered WRR queuing parameters on Catalyst 3550, wrote an introduction to SNMPv3 and provided sample private VLAN configurations.
- Joe Harris discovered an interesting feature in IOS release 12.4(20)T: you can increase the Fast Ethernet interface MTU way beyond the 1500 bytes, making it easier to implement various MPLS solutions in switched LAN environments.
- Brian McGahan describes the IP Multicast helper-map feature.
- Arden Packeer writes about 6to4 tunnels.
Router configuration partitioning
IOS release 12.2(33)SRB has introduced a fantastic feature: router configuration partitioning. The early seeds of this idea are already present in mainstream IOS releases. For example, you can display the configuration of a single interface, all class-maps or all policy-maps. The configuration partitioning gives you the ability to display access-lists, route-maps, static routes, router configurations ...
… updated on Monday, December 28, 2020 12:44 UTC
Unequal-Bandwidth EBGP Load Balancing
EIGRP was always described as the only routing protocol that can do unequal-cost load sharing. As it turns out, BGP is another one (although it's way more limited than EIGRP). For example, if you have two links into a neighbor AS, you can load-share across them proportionally to their bandwidth.
EBGP load balancing was introduced with the BGP 4 Multipath Support feature in IOS release 11.2. Initially, EBGP supported up to six maximum paths; IOS release 12.0(S) increased that value to 8, IOS release 12.3T to 16 and 12.2S (including 12.2SRC) to 16.
Goodbye fast switching & cell-mode MPLS
After leaving us in the dark for almost a year, Cisco finally released new functionality in IOS release 12.4(20)T. Support for a number of hardware platforms has been removed (dynamips fans are left with the 7200’s, everything else is gone). They also removed two switching features: fast switching and label-controlled ATM (cell-mode MPLS-over-ATM) together with Label Switch Controller (LSC).
I have no problem living without LC-ATM or LSC; this technology was primarily a retrofit for the old boxes by the time MPLS really took off with MPLS VPN. Fast switching is a different beast. Whenever you’d encounter bugs in more creative designs involving NAT, IPSec and GRE on low-end routers, you could turn off CEF (assuming you did not run NBAR) and things would (sometimes) miraculously start to work. Without fast switching, turning off CEF would bring you straight into process switching, resulting in an order-of-magnitude (or more) performance loss. On the other hand, it's obvious it makes no sense to maintain an obsolete switching method … and more bugs will probably get reported and fixed now that the easy escape route is gone.
Interesting links | 2008-07-13
- Petr Lapukhov described the differences between shaping and policing, the Unidirectional Link Detection (UDLD) technology and the PPP IPCP subnet mask negotiation. Obviously he had a highly productive week :) ... or maybe the shakeups in the CCIE training market result in more high-quality content? Hat tip to Ethan; you've made me look up a word in the English dictionary; a rare, but interesting and pleasurable event.
- Jeremy Stretch documents how you can turn a Catalyst into a totally transparent switch. Fantastic solution for lab environments. He also found a way to generate IOS type 5 passwords (enable/username secrets) on a Linux workstation.
How obscure can it get?: BGP IPv6 printouts
If you want to display any IPV6-related BGP objects (neighbors, routes …) you can use the familiar BGP commands, but have to prefix them with show ip bgp ipv6 unicast. For example, to display the BGP neighbors active in the IPv6 address family, you would use show ip bgp ipv6 unicast summary command. I doubt you like so much typing (I don't, just entering the IPv6 addresses is enough for me); luckily Cisco IOS has aliases - just configure alias exec bgpv6 show ip bgp ipv6 unicast and (for consistency) alias exec bgpv4 show ip bgp ipv4 unicast.
Update 2010-03-12: Cisco IOS also supports show bgp ipv6 unicast command, which (at least) makes BGP ipv4-agnostic.
Global IPv6 strategies
If you want to understand the buzz raised recently about IP version 6, and your daily job includes more budget meetings, payroll discussions or strategy/operational planning than router configuration, Global IPv6 Strategies: From Business Analysis to Operational Planning (Cisco Press, 2008) is a mandatory book for you. The authors, Patrick Grossetete, Ciprian P. Popoviciu and Fred Wettling, are weathered veterans of the IPv6 battles, and their lengthy experience with IPv6 shines through the pages of this book.
QoS Policing in Cisco IOS
Policing implementations in Cisco IOS are a bit confusing: IOS supports three different algorithms that are configured with very similar parameters of the police command in modular QoS CLI. There's also the older rate-limit command that uses a limited implementation of one of the three algorithms. You'll find all policing details, including the graphic representations of all three algorithms in the QoS Policing in Cisco IOS article.
The Value of Being a CCIE
I was very pleasantly surprised by the supportive comments to my CCIE-related post; I didn’t realize there are so many CCIEs out there that feel the same way I do. Will we change anything? We can only hope; the CCIE program is orders of magnitude smaller than the Cisco’s equipment sales.
A few of the comments also asked for my opinion on the value of CCIE certification and whether it’s worth pursuing. Obviously, the short answer is yes.
Wonderful Cisco IOS documentation
It's really sad how Cisco handles documentation these days. First they'd moved everything to new addresses and implemented redirects that didn't work (this is mostly fixed now), now they've managed to lose important parts of documentation.
Simple CLI extensions: handling special characters
For example, to display all routes advertised by customers of AS X, you'd use the following show command: show ip bgp regexp _X_([0-9]+)(_\1)*$ (the regular expression is explained in the AS-path based filter of customer BGP routes post). This command cannot be entered as a Tcl string with variable substitution; Tcl would interpret the [ and \ characters. You could enter the whole command in curly braces, but then there would be no variable substitution that we need to insert command line parameters. To make Tcl happy, use the following Tcl commands:
- set cmd {first-part-of-command} stores the command prefix into the cmd variable;
- append cmd $argv appends the command line arguments to the command;
- append cmd {rest-of-command} appends the rest of the IOS exec command;
- puts [exec $cmd] executes the command and prints the results.
For example, the following code will display the customers of a BGP AS specified in the command line (after being stored in a flash file and defined in an alias, of course):
set cmd {show ip bgp regexp _}
append cmd $argv
append cmd {_([0-9]+)(_\1)*$}
puts [exec $cmd]
… updated on Wednesday, February 1, 2023 07:49 UTC
What Is Anycast?
Whenever I start digging into technical details, I learn something new. A few days ago I’ve stumbled across the term anycast, which is a very interesting way to solve scalability issues:
… updated on Saturday, May 20, 2023 09:51 UTC
Multihomed EIGRP Sites in MPLS VPN Network
Deploying EIGRP as the PE-CE routing protocol in MPLS VPN networks is easy if all sites have a single PE-CE link and there are no backdoor links between the sites. Real life is never as simple as that; you have to cope with various (sometimes undocumented) network topologies. Even that would be manageable if the customer networks would have a clean addressing scheme that would allow good summarization (that happens once in a blue moon) or if the MPLS VPN core could announce the default route into the EIGRP sites (wishful thinking; the customer probably has one or more Internet exit points).
Why I'm no longer an active CCIE
However, the real reason I decided not to extend my active status lies in the process. Years ago, Cisco organized update trainings for CCIEs. Attending one of these trainings (which really added value to your knowledge) extended your status. In my opinion, an update training combined with a post-training exam would make sense. Like many other features of the program, these trainings are long gone.
Passing a written exam every two years with more-or-less the same questions is (in my personal opinion) bogus. It does not require me to grow or acquire new knowledge, it just forces me to re-read the IP multicast and IS-IS student kits we've developed. It's simply a tick in the box and I'm no longer willing to participate in this charade. To make matters worse, the tests were not exactly accurate over the years I had to take them. When I was developing (the then only) EIGRP training for internal Cisco audiences, I lost most points on EIGRP questions simply because I knew too much about the protocol. A few years ago I was faced with purely marketing questions about a newly-promoted technology that were obviously hastily added to the pool of questions. To be honest, I was told that the current test should be better that my past experiences, but I decided I will not find out how true that is. I had enough.