• Petr Lapukhov described the differences between shaping and policing, the Unidirectional Link Detection (UDLD) technology and the PPP IPCP subnet mask negotiation. Obviously he had a highly productive week :) ... or maybe the shakeups in the CCIE training market result in more high-quality content? Hat tip to Ethan; you've made me look up a word in the English dictionary; a rare, but interesting and pleasurable event.
• Jeremy Stretch documents how you can turn a Catalyst into a totally transparent switch. Fantastic solution for lab environments. He also found a way to generate IOS type 5 passwords (enable/username secrets) on a Linux workstation.

If you want to display any IPV6-related BGP objects (neighbors, routes …) you can use the familiar BGP commands, but have to prefix them with show ip bgp ipv6 unicast. For example, to display the BGP neighbors active in the IPv6 address family, you would use show ip bgp ipv6 unicast summary command. I doubt you like so much typing (I don't, just entering the IPv6 addresses is enough for me); luckily Cisco IOS has aliases - just configure alias exec bgpv6 show ip bgp ipv6 unicast and (for consistency) alias exec bgpv4 show ip bgp ipv4 unicast.

Update 2010-03-12: Cisco IOS also supports show bgp ipv6 unicast command, which (at least) makes BGP ipv4-agnostic.

If you want to understand the buzz raised recently about IP version 6, and your daily job includes more budget meetings, payroll discussions or strategy/operational planning than router configuration, Global IPv6 Strategies: From Business Analysis to Operational Planning (Cisco Press, 2008) is a mandatory book for you. The authors, Patrick Grossetete, Ciprian P. Popoviciu and Fred Wettling, are weathered veterans of the IPv6 battles, and their lengthy experience with IPv6 shines through the pages of this book.

Policing implementations in Cisco IOS are a bit confusing: IOS supports three different algorithms that are configured with very similar parameters of the police command in modular QoS CLI. There's also the older rate-limit command that uses a limited implementation of one of the three algorithms. You'll find all policing details, including the graphic representations of all three algorithms in the QoS Policing in Cisco IOS article.

I was very pleasantly surprised by the supportive comments to my CCIE-related post; I didn’t realize there are so many CCIEs out there that feel the same way I do. Will we change anything? We can only hope; the CCIE program is orders of magnitude smaller than the Cisco’s equipment sales.

A few of the comments also asked for my opinion on the value of CCIE certification and whether it’s worth pursuing. Obviously, the short answer is yes.

I wanted to figure out the exact release when Cisco IOS got EBGP load-sharing. Fighting through Feature Navigator is a pain for me, so I usually check older IOS documentation, starting from the old UniverCD URL (I was able to remember that one, the new URLs don't make any sense to me). When I've selected IOS release 11.0 configuration guides, the system redirected me to the "new style" 11.0 Router Products Configuration Guide ... and it looks like IOS did not support IP in release 11.0 :) ... or at least there are no instructions on how to configure it.

It's really sad how Cisco handles documentation these days. First they'd moved everything to new addresses and implemented redirects that didn't work (this is mostly fixed now), now they've managed to lose important parts of documentation.

Last week I've described how you can extend the exec-mode CLI commands with almost no knowledge of Tcl. A bit more work is required if your commands include Tcl special characters (quotes, braces or backslashes).

For example, to display all routes advertised by customers of AS X, you'd use the following show command: show ip bgp regexp _X_([0-9]+)(_\1)*$ (the regular expression is explained in the AS-path based filter of customer BGP routes post). This command cannot be entered as a Tcl string with variable substitution; Tcl would interpret the [ and \ characters. You could enter the whole command in curly braces, but then there would be no variable substitution that we need to insert command line parameters. To make Tcl happy, use the following Tcl commands:

1. set cmd {first-part-of-command} stores the command prefix into the cmd variable;
2. append cmd $argv appends the command line arguments to the command;
3. append cmd {rest-of-command} appends the rest of the IOS exec command;
4. puts [exec $cmd] executes the command and prints the results.

For example, the following code will display the customers of a BGP AS specified in the command line (after being stored in a flash file and defined in an alias, of course):

set cmd {show ip bgp regexp _}
append cmd $argv
append cmd {_([0-9]+)(_\1)*$}
puts [exec $cmd]

Whenever I start digging into technical details, I learn something new. A few days ago I’ve stumbled across the term anycast, which is a very interesting way to solve scalability issues:

Deploying EIGRP as the PE-CE routing protocol in MPLS VPN networks is easy if all sites have a single PE-CE link and there are no backdoor links between the sites. Real life is never as simple as that; you have to cope with various (sometimes undocumented) network topologies. Even that would be manageable if the customer networks would have a clean addressing scheme that would allow good summarization (that happens once in a blue moon) or if the MPLS VPN core could announce the default route into the EIGRP sites (wishful thinking; the customer probably has one or more Internet exit points).

July 1st, 2008 marks another milestone in my professional career: I became an inactive CCIE. Before going into the details of why I decided not to go for the recerfitication exam (I haven't even tried to go there), let me just say that I've been working in the networking industry for 25 years and had the CCIE status for the last 13 years. I no longer see myself craving for jobs where the activity of my CCIE status would count and the "Benefits of CCIE Membership" (including the party at Cisco Live! event) are not coming close to giving me any motivation to extend the status.

However, the real reason I decided not to extend my active status lies in the process. Years ago, Cisco organized update trainings for CCIEs. Attending one of these trainings (which really added value to your knowledge) extended your status. In my opinion, an update training combined with a post-training exam would make sense. Like many other features of the program, these trainings are long gone.

Passing a written exam every two years with more-or-less the same questions is (in my personal opinion) bogus. It does not require me to grow or acquire new knowledge, it just forces me to re-read the IP multicast and IS-IS student kits we've developed. It's simply a tick in the box and I'm no longer willing to participate in this charade. To make matters worse, the tests were not exactly accurate over the years I had to take them. When I was developing (the then only) EIGRP training for internal Cisco audiences, I lost most points on EIGRP questions simply because I knew too much about the protocol. A few years ago I was faced with purely marketing questions about a newly-promoted technology that were obviously hastily added to the pool of questions. To be honest, I was told that the current test should be better that my past experiences, but I decided I will not find out how true that is. I had enough.

If you've tried to use DNS view/view-list configuration commands in EEM applets, the applets failed as the EEM did not recognize DNS-specific configuration prompts (you could work around this problem with the prompt option of the action cli command). This bug was fixed in 12.4(15)T5, now you can configure DNS views from EEM.

The various show filters available in Cisco IOS are a great tool to minimize the amount of printout you have to analyze, their only problem (from my perspective) is that you cannot make an alias out of them, as you usually have to supply one or more parameters to the show command and these parameters have to be inserted before the filter (and the alias command does not support replaceable parameters). You could solve the problem with Tcl shell, but I'm not sure many networking engineers are fluent Tcl programmers. Fortunately, the code you need is so simple anyone can create a working solution.

A while ago I’ve read a post about the potential Internet meltdown by Michael Morris. He provided an amazingly accurate analysis of the facts … and ended with a wrong conclusion. To understand the whole issue, please thoroughly read his text in its entirety before proceeding.

Back? OK. As I said, his analysis was great, but the conclusions were wrong. Regardless of whether we use IPv4 (and advertise smaller and smaller prefixes) or IPv6, the problem is the same: everyone wants to have chunks of non-aggregatable provider-independent public address space (so you can freely move between Service Providers) and everyone advertises these PI prefixes to multiple service providers (because multihoming is so cheap these days). Even networks that are not multihomed today use their own PI address space and private AS numbers to connect to a single ISP, so they could get multi-homed in a second if they feel like it.

The growth of the Internet routing tables thus has nothing to do with the prefix sizes and version of IP, but with the requirements of the end-customers to have immediate capability to switch service providers at will. As long as this trend persists (and I cannot see it stopping, as Internet is considered a commodity these days), the routing tables will grow, regardless of whether we use IPv4 or IPv6 or CLNS or something not invented yet.

For more details watch ‌Upcoming Internet Challenges and Surviving the Internet Default Free Zone webinars.

We described EIGRP-in-VRF in MPLS and VPN Architectures, Volume II. A few details have changed in the meantime; you have to configure the following features to get EIGRP running within MPLS/VPN environment:

• The autonomous-system command within the VRF address family is mandatory, even if the VRF AS number matches the EIGRP process number.
• The default BGP-to-EIGRP redistribution metric has to be configured, otherwise remote EIGRP routes will not be redistributed even though they have EIGRP metric encoded in extended BGP communities.
• Things work best if you disable auto-summary on PE-routers.