Simple CLI extensions: handling special characters

Last week I've described how you can extend the exec-mode CLI commands with almost no knowledge of Tcl. A bit more work is required if your commands include Tcl special characters (quotes, braces or backslashes).

For example, to display all routes advertised by customers of AS X, you'd use the following show command: show ip bgp regexp _X_([0-9]+)(_\1)*$ (the regular expression is explained in the AS-path based filter of customer BGP routes post). This command cannot be entered as a Tcl string with variable substitution; Tcl would interpret the [ and \ characters. You could enter the whole command in curly braces, but then there would be no variable substitution that we need to insert command line parameters. To make Tcl happy, use the following Tcl commands:
  1. set cmd {first-part-of-command} stores the command prefix into the cmd variable;
  2. append cmd $argv appends the command line arguments to the command;
  3. append cmd {rest-of-command} appends the rest of the IOS exec command;
  4. puts [exec $cmd] executes the command and prints the results.

For example, the following code will display the customers of a BGP AS specified in the command line (after being stored in a flash file and defined in an alias, of course):

set cmd {show ip bgp regexp _}
append cmd $argv
append cmd {_([0-9]+)(_\1)*$}
puts [exec $cmd]

add comment

… updated on Saturday, May 20, 2023 09:51 UTC

Multihomed EIGRP Sites in MPLS VPN Network

Deploying EIGRP as the PE-CE routing protocol in MPLS VPN networks is easy if all sites have a single PE-CE link and there are no backdoor links between the sites. Real life is never as simple as that; you have to cope with various (sometimes undocumented) network topologies. Even that would be manageable if the customer networks would have a clean addressing scheme that would allow good summarization (that happens once in a blue moon) or if the MPLS VPN core could announce the default route into the EIGRP sites (wishful thinking; the customer probably has one or more Internet exit points).

read more add comment

Why I'm no longer an active CCIE

July 1st, 2008 marks another milestone in my professional career: I became an inactive CCIE. Before going into the details of why I decided not to go for the recerfitication exam (I haven't even tried to go there), let me just say that I've been working in the networking industry for 25 years and had the CCIE status for the last 13 years. I no longer see myself craving for jobs where the activity of my CCIE status would count and the "Benefits of CCIE Membership" (including the party at Cisco Live! event) are not coming close to giving me any motivation to extend the status.

However, the real reason I decided not to extend my active status lies in the process. Years ago, Cisco organized update trainings for CCIEs. Attending one of these trainings (which really added value to your knowledge) extended your status. In my opinion, an update training combined with a post-training exam would make sense. Like many other features of the program, these trainings are long gone.

Passing a written exam every two years with more-or-less the same questions is (in my personal opinion) bogus. It does not require me to grow or acquire new knowledge, it just forces me to re-read the IP multicast and IS-IS student kits we've developed. It's simply a tick in the box and I'm no longer willing to participate in this charade. To make matters worse, the tests were not exactly accurate over the years I had to take them. When I was developing (the then only) EIGRP training for internal Cisco audiences, I lost most points on EIGRP questions simply because I knew too much about the protocol. A few years ago I was faced with purely marketing questions about a newly-promoted technology that were obviously hastily added to the pool of questions. To be honest, I was told that the current test should be better that my past experiences, but I decided I will not find out how true that is. I had enough.
see 38 comments

Simple extensions to exec-mode CLI

The various show filters available in Cisco IOS are a great tool to minimize the amount of printout you have to analyze, their only problem (from my perspective) is that you cannot make an alias out of them, as you usually have to supply one or more parameters to the show command and these parameters have to be inserted before the filter (and the alias command does not support replaceable parameters). You could solve the problem with Tcl shell, but I'm not sure many networking engineers are fluent Tcl programmers. Fortunately, the code you need is so simple anyone can create a working solution.
read more add comment

Is Internet Melting Down?

A while ago I’ve read a post about the potential Internet meltdown by Michael Morris. He provided an amazingly accurate analysis of the facts … and ended with a wrong conclusion. To understand the whole issue, please thoroughly read his text in its entirety before proceeding.

Back? OK. As I said, his analysis was great, but the conclusions were wrong. Regardless of whether we use IPv4 (and advertise smaller and smaller prefixes) or IPv6, the problem is the same: everyone wants to have chunks of non-aggregatable provider-independent public address space (so you can freely move between Service Providers) and everyone advertises these PI prefixes to multiple service providers (because multihoming is so cheap these days). Even networks that are not multihomed today use their own PI address space and private AS numbers to connect to a single ISP, so they could get multi-homed in a second if they feel like it.

The growth of the Internet routing tables thus has nothing to do with the prefix sizes and version of IP, but with the requirements of the end-customers to have immediate capability to switch service providers at will. As long as this trend persists (and I cannot see it stopping, as Internet is considered a commodity these days), the routing tables will grow, regardless of whether we use IPv4 or IPv6 or CLNS or something not invented yet.

For more details watch ‌Upcoming Internet Challenges and Surviving the Internet Default Free Zone webinars.

see 8 comments

… updated on Monday, December 28, 2020 10:32 UTC

Using EIGRP in MPLS VPN Networks

We described EIGRP-in-VRF in MPLS and VPN Architectures, Volume II. A few details have changed in the meantime; you have to configure the following features to get EIGRP running within MPLS/VPN environment:

  • The autonomous-system command within the VRF address family is mandatory, even if the VRF AS number matches the EIGRP process number.
  • The default BGP-to-EIGRP redistribution metric has to be configured, otherwise remote EIGRP routes will not be redistributed even though they have EIGRP metric encoded in extended BGP communities.
  • Things work best if you disable auto-summary on PE-routers.
read more add comment

Static DHCP assignment for clients without client-id

A while ago I've installed Fedora Linux on one of my workstations and spent enormous amount of time trying to give it a static IP address from the Cisco IOS DHCP server. I though I was the only one dumb enough to have this problem, so I didn’t document my solution, but then one of the readers made a comment to the Assigning server IP addresses with DHCP post describing almost identical symptoms:

I have a hp2300n and I want to make a static IP assignment with DHCP. Nothing is working: hardware-address, client-identifier, no prepend, 01 prepend, 00 prepend.

In my case, the Fedora DHCP client did not send any DHCP client-ID in the DHCPREQUEST message. One would think that the IOS DHCP server would use the MAC address as the client-ID, but that's not the case. You have to configure the hardware-address parameter in the host DHCP pool to match the MAC address of the DHCP client with the pool and the static IP address:

ip dhcp pool fedi
   host 192.168.200.206 255.255.255.240
   hardware-address 000f.fe83.bca9
   dns-server 208.67.220.220 208.67.222.222

This article is part of You've asked for it series.

see 13 comments

PPP default route

One of those readers that prefer to remain anonymous has left an interesting comment to my post “Almost-dynamic routing over ADSL interfaces”:
You do not need the route "ip route 0.0.0.0 0.0.0.0 Dialer0 10 track 100" and the tracking if you configure "ppp ipcp route default" on the dialer interface. Works the same way... :-)
You might be wondering why Cisco's engineers decided to pollute IOS with yet another feature. The problem they had was the way PPP over Frame Relay is implemented: it uses virtual interfaces and although you have a very static connection, you cannot bind a static interface name to it. A dynamic interface (with potentially changing name) is cloned from the virtual template every time the PPP-over-Frame-relay session is started. Obviously you cannot configure a static default route pointing to it in advance, so you need yet another feature to do it (I'll not even try to figure out how to create non-default static routes pointing to cloned interface).
see 5 comments

Display locally originated BGP routes

Displaying the BGP routes originated in the local AS is simple: you just filter the BGP table with a regular expression matching an empty AS path. Displaying routes originated by the local router is tougher. You could use the fact that the local routes have the weight set to 32768:

PE-A#show ip bgp quote-regexp "^$" | inc Network|32768
   Network          Next Hop            Metric LocPrf Weight Path
*> 10.0.1.1/32      0.0.0.0                  0         32768 i

This would work if you don’t play with BGP weights in network statements. If you’ve changed the weights, you should filter the routes based on the BGP next-hop: locally originated routes have the next-hop 0.0.0.0 and all other routes should have a non-zero BGP next-hop. To filter BGP routes based on the next-hop you have to:

  • Define an access-list that matches desired next-hop (0.0.0.0)
  • Define a route-map that uses the access-list to match IP next hop.
  • Display BGP routes matched by a route-map.

A sample configuration and show command printout is included below:

ip access-list standard AllZeros
 permit 0.0.0.0
!
route-map NextHopSelf permit 10
 match ip next-hop AllZeros

PE-A#show ip bgp route-map NextHopSelf | begin Network
   Network          Next Hop            Metric LocPrf Weight Path
*> 10.0.1.1/32      0.0.0.0                  0         32768 i

To make this command simpler to use, define an alias: alias exec mybgp show ip bgp route-map NextHopSelf | begin Network.

see 3 comments

Control Plane Protection logging does not work on transit subinterface

When I was trying to test how the router running IOS release 12.4(15)T5 classifies inbound IP packets into various CPPr subinterfaces, I wanted to use the log action in the MQC classes I've defined. This approach worked perfectly for the host and cef-exception interface (I've even seen ARP packets logged), but the packets classified as transit generated no log messages. While this makes perfect sense (after all, all punted packets are processed by the transit service-policy), the IOS should generate a warning when you apply a policy-map with the log option as service-policy on the control-plane transit interface.
add comment

IOS auto-upgrade

I've noticed the IOS auto-upgrade functionality when the IOS software release 12.4(15)T was launched, but it was missing from the 1800 images, so I wrote a note in the "to-test" folder and forgot about it. In the meantime, the code obviously appeared in IOS images, as Joe Harris managed to get the auto-ugprade from CCO to work. However, the IOS documentation lacks "a few" details, while Joe's post has a step-by-step explanation.
see 1 comments

Display BGP routes originated in the local AS

The easiest way to display BGP routes originating in the local autonomous system is to use the regular expression ^$ (empty AS-path) in the show ip bgp regexp command, for example:

PE-A#show ip bgp regexp ^$
BGP table version is 10, local router ID is 10.0.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*> 10.0.1.1/32      0.0.0.0                  0         32768 i
r>i10.0.1.2/32      10.0.1.2                 0    100      0 i

If you want to apply a show filter to the printout of this command, you have to use the quote-regexp variant; otherwise the rest of the line is interpreted as regular expression. To skip the header explaining the BGP status code (we know them by heart by now, don’t we?), use …

PE-A#show ip bgp quote-regexp "^$" | begin Network
   Network          Next Hop            Metric LocPrf Weight Path
*> 10.0.1.1/32      0.0.0.0                  0         32768 i
r>i10.0.1.2/32      10.0.1.2                 0    100      0 i

… and end with the eye candy – define this command as an alias: alias exec localbgp show ip bgp quote-regexp "^$" | begin Network.

add comment
Page 256 of 279
Sidebar