Building network automation solutions

9 module online course

Start now!

Blog Posts in January 2009

Decent DNS, DHCP and HTTP server on an ISR router

Readers of my blog have probably noticed that I’m occasionally documenting the shortcomings of DNS and DHCP servers built into Cisco IOS (I will not even mention the HTTP server, this one gets constantly degraded). On the other hand, although you could centralize all these services, the centralization makes the branch offices completely dependent on the availability of WAN uplinks; without a working uplink, a branch office stops completely.

read more see 8 comments

I need to slow down :)

I’ve just opened the January Technical Services News from Cisco. Nothing in there that would really interest me. Almost no routing protocols (one OSPF article), no BGP, no MPLS VPN. Based solely on this newsletter, one could get the feeling that I’m producing more documents covering core IP routing in a month than Cisco (I am positive that’s not the case).

But maybe Cisco’s engineers are refocusing on the new Support Wiki. Not really. After I’ve filtered out sequential changes to a single document, there were only 11 significantly changed documents in the Support Wiki in the last 30 days.

So I’m left wondering … what’s going on? Has everything already been written about the core IP routing features and the productive minds have shifted to voice and wireless? Are the engineers focused on IP routing becoming the dinosaurs? What’s your perspective?

But one thing is clear: I need to slow down.

see 3 comments

Interactions between IP routing and QoS

One of my readers sent me an interesting question a while ago:

I reviewed one of your blog posts "Per-Destination or Per Packet CEF Load Sharing?" and wondered if you had investigated previously on how MQC QoS worked together with the CEF load-sharing algorithm (or does it interact at all)? For example, let's say I have two equal cost paths between two routers and the routing table (as well as CEF) sees both links as equal paths to the networks behind each router. On each link I have the same outbound service policy applied with a simple LLQ, BW, and a class-default queues. Does CEF check each IP flow and make sure both link's LLQ and BW queues are evenly used?

Unfortunately, packet forwarding and QoS are completely uncoupled in Cisco IOS. CEF performs its load balancing algorithm purely on source/destination information and does not take in account the actual utilization of outbound interfaces. If you have bad luck, most of the traffic ends on one of the links and the packets that would easily fit on the other link will be dropped by the QoS mechanisms.

You could use multilink PPP to solve the problem in low-speed environments. With MLPPP, CEF sends the traffic to a single output interface (the Multilink interface) and the queuing mechanisms evenly distribute packet fragments across the links in the bundle.

In high-speed environments, you can only hope that the number of traffic flows traversing the links will be so high that you’ll get a good statistical distribution (which is usually the case).

see 3 comments

Flash-based DHCP database

Pete sent me an interesting question a while ago:

It might be interesting to write an article about ip dhcp database flash:dhcp-db command, documenting the pros of surviving a reboot versus cons of wear on the flash device.

I’ve already written about a few problems that can be solved with the DHCP database (but obviously a longer text is warranted … already stored in my to-do list) and it took me a while to find the time to dig out the relevant information on the flash device wear.

read more see 5 comments

EBGP multipath load sharing and CEF

When I was discussing the details of the BGP troubleshooting video with one of my readers, he pointed out that I should mention the need for CEF switching in EBGP multipath scenario. My initial response was “Why would you need CEF? EBGP multipath is older than CEF” and his answer told me I should turn on my gray cells before responding to emails: “Your video as well as Cisco’s web site recommends CEF for EBGP multipath design … but interestingly, it does work without CEF”.

The real reason we need CEF in EBGP load sharing designs is the efficacy of load distribution. Without CEF, the router will send all traffic toward a single BGP prefix over one of the links (fast switching performs per-destination-prefix load sharing). With CEF, the load is distributed based on the source-destination IP address pair combinations. Even if multiple clients send the traffic toward the same server, the load is spread across available links.

Obviously, I should write about CEF and load sharing once a month to refresh my failing memory.

see 3 comments

Video: Simple BGP troubleshooting

One of the BGP aspects beginners find most frustrating is the BGP troubleshooting. The simple BGP troubleshooting video covers basic BGP troubleshooting techniques, from EBGP session troubleshooting to route origination and route propagation troubleshooting. The scenario used in the video is a two site MPLS/VPN-based network; obviously you can apply the same procedures to any BGP network.

The Wiki article contains the scenario description, the video and the router configurations, or you can watch the video served from Vimeo.

I guess the BGP beginners are not regular readers of my blog, so I would appreciate if you could spread the word.

see 7 comments

Generate HTTP(S) requests from Tcl shell

A few days ago, a reader sent me an e-mail titled “Telnet Automation from a Cisco Router” and complained that IOS Tcl does not support the expect commands (spawn, send and expect). Since Expect is a Tcl extension, not part of the core Tcl, it’s not included in Cisco IOS, which was the only answer I could give.

You might be able to port Expect to IOS as a Tcl package if it doesn’t require external libraries.

read more see 14 comments

IS-IS on partially-meshed Frame Relay subnet: sample configuration

In the IS-IS on multi-access partially-meshed Frame Relay interface article I’ve described the design rules you have to follow when implementing IS-IS over partially-meshed multi-access network. The IS-IS on partially-meshed Frame Relay subnet: sample configuration article contains step-by-step example, including initial router configuration, IS-IS configuration, verification steps and complete final configurations.

Read the article in the CT3 wiki

add comment

Video:Small site using BGP on two uplinks into an MPLS VPN network

Last week I’ve published a video describing the simplest possible BGP-in-MPLS/VPN scenario: a single-router site with one uplink. Today’s video covers a slightly more complex setup: there is still a single router on the site, but it has two links that should be used in load-sharing mode.

The Wiki article contains the scenario description, the video and the final router configurations, or you can watch the video served from Vimeo.

add comment

The most popular posts in 2008

The traffic statistics for 2008 are really interesting: the blog’s home page gets almost 20 times as many hits as the first blog post (even visitors using the search engines are seven times more likely to land on the first page than on any other page). This is clearly a side-effect of the platform I use: if you’re a regular visitor, you can read all the content on the blog’s home page (there’s no other way to do it with Blogger).

The most popular individual posts were:

The message is clear: write about easy hacks. Let’s look at some of the most commented posts:

And the winner is: Why I'm no longer an active CCIE. Another clear message: write (preferably controversial) posts about problems or easy hacks.

Don’t worry; the focus of my blog will stay unchanged. I’m more interested in having fun writing it than in attracting large crowds.

add comment

When was the ip ospf area command implemented?

One of my readers tried to implement my OSPF Best Practices and found out that ...

The ip ospf area does not work on all platforms/IOS versions. I noticed that it works on 7600s(12.2SRB4), but not on 7200(12.2(23)). Is it IOS/platform specific or a newly introduced command?

There are two reasonably accurate ways to figure out which IOS release contains the command you're interested in: the Feature Navigator and the IOS reference documentation.

It's sometimes hard to discover how the IOS marketing called the feature implementing your command, so the IOS reference manuals usually yield a faster answer. However, you still have to select the correct reference manual to open ... unless you use the Command Lookup Tool, which quickly finds the relevant part of the documentation. In my case, I easily figured out that the ip ospf area command became available in 12.0S, 12.3T (and therefore 12.4), 12.2SB and 12.2SRB.

To add icing to the cake, you can add the Command Lookup Tool to your browser’s search toolbar.

add comment

The death of VoIP?

In another great example of “investigative journalism”, Network World is asking whether the VoIP is dead (and I guess I’ll never make it to their top-20 list again). Regardless of their sensationalistic approach, take your time and read the original articles they quote (Part 1, Part 2). What the original author claims (and I don’t think you can disagree with him) is that VoIP has turned from hot technology to plumbing faster than some people would like. Whether that’s bad or not depends on the perspective … what’s yours?

see 4 comments

Extranet with overlapping addresses

The idea to write an IP Corner article describing how you can use MPLS VPN-enabled NAT to implement flexible extranets that allow participants to retain their existing (and sometimes overlapping) IP address space has been sitting in my to-do list for over a year. After I’ve finally written it (without even hinting what I’ve been working on), I got several e-mails from my readers asking the questions this article answers, so it looks like the topic has suddenly become very hot. Do you have any ideas why that would be the case?

Read the Flexible Extranet
article in IP Corner

see 6 comments

Video:Small remote site using BGP as PE-CE routing protocol

With everyone (and their cats) having videos on YouTube, the challenge to make a short BGP-related video was simply irresistible. I’ve tried to address the BGP beginners (maybe Cisco marketing would call them BGP associate candidates), as they probably benefit most from the video format (I know I would always prefer reading about a complex topic over watching a video about it). The video is focused on a scenario anyone could encounter: you want to move to an MPLS VPN service and the Service Provider is trying to persuade you to use BGP (which is a very good idea).

The Wiki article contains the scenario description, the video and the final router configurations, or you can watch the video served from Vimeo.

see 2 comments

New Year Resolution#1: Fix the blog feed

More than a year ago, I got extremely upset by the SEO spammers that copied content from my blog feed and decided to reduce the feed into article summaries. However, I didn’t want to have half-finished sentences in my feed the way Blogger or Wordpress implement their short feed format. As I have already implemented something similar to the Wordpress’ more tag in Blogger, that would be a natural cutoff point. For shorter posts, I would like to retain whole paragraphs … or, as I’ve summarized the dilemma: I would like to give you enough information to decide whether you want to read the article or not.

read more see 1 comments