Thursday, August 2, 2018

Everything You Need to Know About OSPF

"Everything you'll ever need to know about OSPF" is a bold statement but is goes back to "Mastering the Foundations" something I've been saying for the past 25 days. If you can master these OSPF foundations the rest is icing on the cake.

PRO-TIP: Don't treat this as a long list of items to memorize but rather a checklist of topics to lab up.

Default Behavior

  • Won't start unless OSPF can determine a router-id
  • Router-id determined:
    1. Configured router-id
    2. Highest loopback IP address
    3. Highest interface IP address
  • Every router within an area must have the same OSPF database
  • Filtering/Summaries happen at the ABR
  • Default Priority = 1, highest priority becomes the DR (where applicable)
    • A Priority of "0" means router will NOT participate in DR/BDR elections.

OSPF Network Types

Broadcast

  • Default for Ethernet interfaces
  • Elects DR/BDR
  • Uses Multicast
  • Allows more than 2 routers on a link
  • Timers: Hello - 10, Dead  - 40

Non-Broadcast

  • Elects a DR/BDR
  • Uses Unicast (neighbor statements)
  • Allows more the 2 routers on a link
  • Timers: Hello - 30, Dead - 120

Point-to-Point

  • Default for Serial and Tunnel interfaces
  • Does NOT elect DR/BDR
  • Uses Multicast
  • Only 2 routers allowed on a link
  • Timers: Hello - 10, Dead - 40

Point-to-MultiPoint

  • Does NOT elect DR/BDR
  • Uses Multicast
  • Allows more than 2 routers on a link
  • Installs /32 host routes per neighbor
  • Timers: Hello - 30, Dead - 120

Point-to-MultiPoint Non-Broadcast

  • Does NOT elect DR/BDR
  • Uses Unicast (neighbor statements)
  • Allows more than 2 routers on a link
  • Installs /32 host routes per neighbor
  • Timers: Hello - 30, Dead - 120

Loopback

  • Default for Loopback interfaces
  • When included in OSPF, uses a /32
    • To advertise with mask other-than /32, manually set network type to "point-to-point"


LSA Types

LSA Type-1: Router LSA's

  • Originated from each router
  • Flooded within an area
  • Tells the area about all the links participating in OSPF and are associated with that area

LSA Type-2: Network LSA's

  • Originated by the DR
  • Only DR can originate Type-2 LSA's (If there is no DR their aren't any Type-2's)
  • This LSA tells all the routers in an area about all the routers on a shared medium like Ethernet

LSA Type-3: Summary LSA's

  • Originated by an ABR
  • Carry the destination network prefixes from one area into another
From nonbackbone > backbone
  • Connected Routes
  • Intra-Area Routes
From backbone > nonbackbone
  • Connected Routes
  • Intra-Area Routes
  • Inter-Area Routes

LSA Type-4: ASBR-Summary LSA's

  • Originated by an ABR
  • Tells all the other areas about the ASBR
  • Tells all the other areas "to get to this Router-ID(ASBR) go through Me(ABR)!"

LSA Type-5: External LSA's

  • Originated by an ASBR
  • Flooded through out the OSPF domain, except into stubby areas
  • Contains the Network prefix and subnet-mask for the external network

LSA Type-7: NSSA External LSA's

  • Originated by ASBR
  • Exist only in a Not-So-Stubby Area (NSSA)
  • Are NOT flooded outside the area they were originated

Area Types

Backbone Area

  • Area 0
  • Act's as the HUB for all other areas
  • Accepts all LSA Types

Normal Area

  • All non-stub areas
  • Allows LSA's Type: 1, 2, 3, 4, 5 & External Default

Stub Area

  • Allows LSA Types: 1, 2, 3 & Summary Default Route ( No External Type-5's )

Totally Stubby Area

  • Allows LSA Types: 1, 2 & Summary Default Route

Not-So-Stubby Area (NSSA)

  • Allows LSA Types: 1, 2, 3, 7 ( No External Type-5's )
  • NSSA's allow redistributing into an area but still maintain it's 'stub area' properties (not allowing External Type-5's)
  • Redistributed routes are converted to Type-7 LSA's and advertised throughout the area by the ASBR
  • The ABR converts Type-7 LSA's into Type-5's before advertising them into the backbone area.
  • LSA Type-7's are only flooded within the area they originate

Totally Not-So-Stubby Area (NSSA)

  • Allows LSA Types: 1, 2, 7 & Summary Default Route ( No External Type-5's )
  • NO LSA Type-3's


Route Types

  • O = Intra-area Route
  • O IA = Inter-area Route (Generated by Type-3 LSA's)
  • E1 = External Metric Type-1 (Generated by Type-5 LSA's)
  • E2 = External Metric Type-2 (Generated by Type-5 LSA's)
  • N1 = NSSA Metric Type-1
  • N2 = NSSA Metric Type-2


Saturday, July 7, 2018

#100DaysOfLabbing - Day 5

Day 5 I fought environment issues for more time than I was labbing. It was frustrating and looking back not the best way to spend my time.

A lab that worked on Wednesday, didn't work on Thursday, or on Friday but worked on another platform.

I started working on DMVPN with OSPF as the Routing protocol, and that too didn't work in one platform but did work on another.

The Video:

Day 5

Friday, July 6, 2018

#100DaysOfLabbing - Day 4

Day 4 was rough. My plan was to breeze through the same lab I did yesterday so I could really solidify it, but the universe had other plans.

I hit the ground running with IPv4 DMVPN but fell on my face for IPv6. I spent 30 minutes configuring verifying and working the different phases of IPv4 DMVPN and spent 2.5 hours trouble shooting IPv6. :face_palm: I cannot waste time like that. This was a learning experience but I'll never get that time back.

Also this blogsite was broken and I had to fix it.

I found this resource today:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_eigrp/configuration/xe-3s/ire-xe-3s-book/eigrp-route-map.html

The Video:

Day 4


Wednesday, July 4, 2018

#100DaysOfLabbing - Day 3

Dual Stack - Multi Hub - DMVPN

tl;dr - After failure, success tastes so much sweeter.

Today was all over the map. This morning I came into the labs charging like a bull. I wanted to do IPv6 DMVPN and I did! I was successful. That carried me on a little engineering high knowing I had done something I have never tried before that seemed so foreign and came out of the battle victorious.

But, I'm wise enough to know anyone can get lucky once, but very few get lucky twice.

So I wiped the routers and did it again, minimal errors and mostly from memory... success.

While I was completing my second run through the configs and topology I got an idea for a topology and a challenge: Dual Stack - Multi Hub - DMVPN

I felt comfortable enough with my understanding of the component technologies that I felt could pull it off and I shrugged "what the hell... we'll do it live". (https://www.youtube.com/watch?v=eUFY8Zw0Bag)

As I began the recording I can be quoted as saying something to the effect of "this might take about 30 minutes"... 65 minutes later I ended up at a dead end and I failed.

I got burned by a couple of items:

  • I had to pull off the tunnel protection on the IPv4 DMVPN and put it back on for it too work. I'm not sure if this is a bug or have I unknowingly fell victim of order of operations and I didn't know it?
  • Others were oversights and mis-configurations.

Have a Process:

When ever I'm writing configs they rarely look like the running-configs from a routers output or are in the same order, instead I build them in layers, like a cake.
  1. Think ahead about all the elements that you'll need to complete a task.
  2. Which configurable elements can be grouped and entered at the same time?
  3. In-between layers, what can you verify?
Following the process from above I would order the tasks as follows:

    1. Underlay (NBMA) addresses, connectivty
    2. Loopbacks
    3. Crypto
    4. Tunnel Interface for IPv4 topology
    5. Routing protocol for IPv4 topology
    6. Verify
    7. Tunnel interface for IPv6 topology
    8. Routing Protocol for IPv6 topology
    9. Verify

The Resources:

I found this group of documents extremely helpful from all aspects of this configuration. It includes specifics on IPv6 addressing which I still wasn't to keen on, but know I'm much more comfortable. It also broke down the elements we need for the IPv6 DMVPN.


The Videos:

Day 3 - Part 1 (more than 1 hour)

Day 3 - Part 2

The Configs:

R1: (IPv4 Hub, IPv6 Spoke)

hostname R1

no ip domain lookup
ip cef
ipv6 unicast-routing
ipv6 cef

crypto isakmp policy 1
 authentication pre-share
crypto isakmp key SHOWIPINTBRI address 0.0.0.0
crypto isakmp key SHOWIPINTBRI address ipv6 ::/0
!
!
crypto ipsec transform-set MYTRANS esp-aes esp-sha256-hmac
 mode tunnel
!
crypto ipsec profile DMVPN
 set transform-set MYTRANS

interface Loopback0
 ip address 1.1.1.1 255.255.255.255
!
interface Loopback6
 no ip address
 ipv6 address FC01::1/128
 ipv6 eigrp 6
!
interface Tunnel0
 ip address 10.123.234.1 255.255.255.0
 no ip redirects
 no ip split-horizon eigrp 90
 ip nhrp map multicast dynamic
 ip nhrp network-id 1234
 tunnel source 172.17.100.1
 tunnel mode gre multipoint
 tunnel protection ipsec profile DMVPN
!
interface Tunnel1
 no ip address
 ipv6 address FE80::1 link-local
 ipv6 address FC00:1234::1/64
 ipv6 eigrp 6
 ipv6 nhrp map FC00:1234::4/64 2001::4
 ipv6 nhrp map multicast 2001::4
 ipv6 nhrp network-id 10123
 ipv6 nhrp nhs FC00:1234::4
 ipv6 nhrp shortcut
 tunnel source 2001::1
 tunnel mode gre multipoint ipv6
 tunnel protection ipsec profile DMVPN
!
interface GigabitEthernet0/0
 ip address 172.17.100.1 255.255.255.0
 duplex auto
 speed auto
 media-type rj45
 ipv6 address 2001::1/48

router eigrp 90
 network 0.0.0.0
 passive-interface default
 no passive-interface Tunnel0
 no passive-interface Loopback0

router eigrp ipv6
 !
 address-family ipv6 unicast autonomous-system 6
  !
  af-interface GigabitEthernet0/0
   shutdown
  exit-af-interface
  !
  topology base
  exit-af-topology
 exit-address-family

line con 0
 logging synchronous


R2: (IPv4 Spoke, IPv6 Spoke)

hostname R2

no ip domain lookup
ip cef
ipv6 unicast-routing
ipv6 cef

crypto isakmp policy 1
 authentication pre-share
crypto isakmp key SHOWIPINTBRI address 0.0.0.0
crypto isakmp key SHOWIPINTBRI address ipv6 ::/0
!
!
crypto ipsec transform-set MYTRANS esp-aes esp-sha256-hmac
 mode tunnel
!
crypto ipsec profile DMVPN
 set transform-set MYTRANS

interface Loopback0
 ip address 2.2.2.2 255.255.255.255
!
interface Loopback6
 no ip address
 ipv6 address FC02::2/128
 ipv6 eigrp 6
!
interface Tunnel0
 ip address 10.123.234.2 255.255.255.0
 no ip redirects
 ip nhrp map multicast 172.17.100.1
 ip nhrp map 10.123.234.1 172.17.100.1
 ip nhrp network-id 1234
 ip nhrp nhs 10.123.234.1
 tunnel source 172.17.100.2
 tunnel mode gre multipoint
 tunnel protection ipsec profile DMVPN
!
interface Tunnel1
 no ip address
 ipv6 address FE80::2 link-local
 ipv6 address FC00:1234::2/64
 ipv6 eigrp 6
 ipv6 nhrp map FC00:1234::4/64 2001::4
 ipv6 nhrp map multicast 2001::4
 ipv6 nhrp network-id 10123
 ipv6 nhrp nhs FC00:1234::4
 ipv6 nhrp shortcut
 tunnel source 2001::2
 tunnel mode gre multipoint ipv6
 tunnel protection ipsec profile DMVPN
!
interface GigabitEthernet0/0
 ip address 172.17.100.2 255.255.255.0
 duplex auto
 speed auto
 media-type rj45
 ipv6 address 2001::2/48

router eigrp 90
 network 0.0.0.0
 passive-interface default
 no passive-interface Tunnel0
 no passive-interface Loopback0

router eigrp ipv6
 !
 address-family ipv6 unicast autonomous-system 6
  !
  af-interface GigabitEthernet0/0
   shutdown
  exit-af-interface
  !
  topology base
  exit-af-topology
 exit-address-family

line con 0
 logging synchronous


R3: (IPv4 Spoke, IPv6 Spoke)


hostname R3

no ip domain lookup
ip cef
ipv6 unicast-routing
ipv6 cef

crypto isakmp policy 1
 authentication pre-share
crypto isakmp key SHOWIPINTBRI address 0.0.0.0
crypto isakmp key SHOWIPINTBRI address ipv6 ::/0
!
!
crypto ipsec transform-set MYTRANS esp-aes esp-sha256-hmac
 mode tunnel
!
crypto ipsec profile DMVPN
 set transform-set MYTRANS

interface Loopback0
 ip address 3.3.3.3 255.255.255.255

interface Loopback6
 no ip address
 ipv6 address FC03::3/128
 ipv6 eigrp 6

interface Tunnel0
 ip address 10.123.234.3 255.255.255.0
 no ip redirects
 ip nhrp map multicast 172.17.100.1
 ip nhrp map 10.123.234.1 172.17.100.1
 ip nhrp network-id 1234
 ip nhrp nhs 10.123.234.1
 tunnel source 172.17.100.3
 tunnel mode gre multipoint
 tunnel protection ipsec profile DMVPN

interface Tunnel1
 no ip address
 ipv6 address FE80::3 link-local
 ipv6 address FC00:1234::3/64
 ipv6 eigrp 6
 ipv6 nhrp map FC00:1234::4/64 2001::4
 ipv6 nhrp map multicast 2001::4
 ipv6 nhrp network-id 10123
 ipv6 nhrp nhs FC00:1234::4
 ipv6 nhrp shortcut
 tunnel source 2001::3
 tunnel mode gre multipoint ipv6
 tunnel protection ipsec profile DMVPN

interface GigabitEthernet0/0
 ip address 172.17.100.3 255.255.255.0
 duplex auto
 speed auto
 media-type rj45
 ipv6 address 2001::3/48

router eigrp 90
 network 0.0.0.0
 passive-interface default
 no passive-interface Tunnel0
 no passive-interface Loopback0

router eigrp ipv6
 !
 address-family ipv6 unicast autonomous-system 6
  !
  af-interface GigabitEthernet0/0
   shutdown
  exit-af-interface
  !
  topology base
  exit-af-topology
 exit-address-family

line con 0
 logging synchronous


R4: (IPv4 Spoke, IPv6 Hub)

hostname R4

no ip domain lookup
ip cef
ipv6 unicast-routing
ipv6 cef

crypto isakmp policy 1
 authentication pre-share
crypto isakmp key SHOWIPINTBRI address 0.0.0.0
crypto isakmp key SHOWIPINTBRI address ipv6 ::/0
!
!
crypto ipsec transform-set MYTRANS esp-aes esp-sha256-hmac
 mode tunnel
!
crypto ipsec profile DMVPN
 set transform-set MYTRANS

interface Loopback0
 ip address 4.4.4.4 255.255.255.255
!
interface Loopback6
 no ip address
 ipv6 address FC04::4/128
 ipv6 eigrp 6
!
interface Tunnel0
 ip address 10.123.234.4 255.255.255.0
 no ip redirects
 ip nhrp map multicast 172.17.100.1
 ip nhrp map 10.123.234.1 172.17.100.1
 ip nhrp network-id 1234
 ip nhrp nhs 10.123.234.1
 tunnel source 172.17.100.4
 tunnel mode gre multipoint
 tunnel protection ipsec profile DMVPN
!
interface Tunnel1
 no ip address
 ipv6 address FE80::4 link-local
 ipv6 address FC00:1234::4/64
 ipv6 eigrp 6
 no ipv6 split-horizon eigrp 6
 ipv6 nhrp map multicast dynamic
 ipv6 nhrp network-id 10123
 ipv6 nhrp redirect
 tunnel source 2001::4
 tunnel mode gre multipoint ipv6
 tunnel protection ipsec profile DMVPN
!
interface GigabitEthernet0/0
 ip address 172.17.100.4 255.255.255.0
 duplex auto
 speed auto
 media-type rj45
 ipv6 address 2001::4/48

router eigrp 90
 network 0.0.0.0
 passive-interface default
 no passive-interface Tunnel0
 no passive-interface Loopback0
!
!
router eigrp ipv6
 !
 address-family ipv6 unicast autonomous-system 6
  !
  af-interface GigabitEthernet0/0
   shutdown
  exit-af-interface
  !
  af-interface Tunnel1
   no split-horizon
  exit-af-interface
  !
  topology base
  exit-af-topology
 exit-address-family

line con 0
 logging synchronous

#100DaysOfLabbing - Day 1 & 2

It's actually day 3 as I write this but I wanted to put down some documentation I've been keeping in a text document.

I learned a few things doing the configs on Day 1 and Day 2. Some of them simpler than others but worth noting.

This is the DMVPN Cisco Validated Design Guide I mentioned:

https://supportforums.cisco.com/legacyfs/online/legacy/3/9/5/26593-DMVPNbk.pdf

Day 1

Day 2

Basic DMVPN


#1 Lesson Learned


!Hub

int tun 0
ip add 10.123.234.1 255.255.255.0
tunnel source Gi0/0
tunnel mode gre multipoint
no shut

!Spoke

int tun 0
ip add 10.123.234.2 255.255.255.0
tunnel source Gi0/0
tunnel destination 10.123.234.1
no shut



! Broke
R2#sho int tun 0
Tunnel0 is up, line protocol is down
  Hardware is Tunnel
  Internet address is 10.123.234.2/24
  MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation TUNNEL, loopback not set
  Keepalive not set
  Tunnel linestate evaluation down - no output interface
  Tunnel source 172.17.100.2 (GigabitEthernet0/0), destination 10.123.234.1
   Tunnel Subblocks:
      src-track:
         Tunnel0 source tracking subblock associated with GigabitEthernet0/0
          Set of tunnels with source GigabitEthernet0/0, 1 member (includes iterators), on interface <OK>
  Tunnel protocol/transport GRE/IP
    Key disabled, sequencing disabled
    Checksumming of packets disabled
  Tunnel TTL 255, Fast tunneling enabled
  Tunnel transport MTU 1476 bytes
  Tunnel transmit bandwidth 8000 (kbps)
  Tunnel receive bandwidth 8000 (kbps)
  Last input never, output never, output hang never

Lesson Learned: I made the error of incorrectly defining the tunnel destination. I defined it as the remote tunnel interface when actually I needed to use the public NBMA address.


Fixed:

R2#sho int tun 0
Tunnel0 is up, line protocol is up
  Hardware is Tunnel
  Internet address is 10.123.234.2/24
  MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation TUNNEL, loopback not set
  Keepalive not set
  Tunnel linestate evaluation up
  Tunnel source 172.17.100.2 (GigabitEthernet0/0), destination 172.17.100.1
   Tunnel Subblocks:
      src-track:
         Tunnel0 source tracking subblock associated with GigabitEthernet0/0
          Set of tunnels with source GigabitEthernet0/0, 1 member (includes iterators), on interface <OK>
  Tunnel protocol/transport GRE/IP
    Key disabled, sequencing disabled
    Checksumming of packets disabled
  Tunnel TTL 255, Fast tunneling enabled
  Tunnel transport MTU 1476 bytes
  Tunnel transmit bandwidth 8000 (kbps)
  Tunnel receive bandwidth 8000 (kbps)
  Last input never, output never, output hang never

Explanation: The tunnel interface linestate stays down until it has a valid exit interface and route to the remote tunnel destination.


#2 Lesson Learned - Tunnel Keepalives

In the output below you can see "Keepalive not set". Tunnel keepalives are not set by default. You can configure keepalives under the tunnel interface. You can do this be specifying just the keyword "keepalive" and press enter. This will give you the default value of keepalives sent every 10 seconds and will retry 3 times before considering the tunnel down. Conversely you can specify the keepalive values( example 5 seconds) the retry values can also be set but if they are excluded will default to 3 retries.

R4#sho int tun 0
Tunnel0 is up, line protocol is up
  Hardware is Tunnel
  Internet address is 10.123.234.4/24
  MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation TUNNEL, loopback not set
  Keepalive not set
[ ... output omitted ... ]


Keepalive with default values

R3(config-if)#keepalive ?
  <0-32767>  Keepalive period (default 10 seconds)
  <cr>

R3(config-if)#keepalive
R3(config-if)#
R3(config-if)#do sho int tun 0
Tunnel0 is up, line protocol is up
  Hardware is Tunnel
  Internet address is 10.123.234.3/24
  MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation TUNNEL, loopback not set
  Keepalive set (10 sec), retries 3
[ ... output omitted ... ]

Keepalive with defined values
R4(config)#int tun 0


R4(config-if)#keepalive 5
R4(config-if)#end
R4#
R4#sho int tun 0

Tunnel0 is up, line protocol is up
Hardware is Tunnel
Internet address is 10.123.234.4/24
MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive set (5 sec), retries 3
[ ... output omitted ... ]

Wednesday, June 20, 2018

Getting the Most Out of Your Continuing Education Money


If you’re working for a company that has a continuing education budget for it’s employees and you aren’t sure where to spend your money, figure out what you really want to do, find a resource that would benefit you the most and make a case for it.

I work for a small company but we have some great benefits. This blog is about making your continuing education dollars stretch.

My company give us ~$5200/year for continuing education. Most use that money to further themselves in a collegiate path, to get their masters or finish their bachelor degrees. I use it to chase certifications and further my career that way. I have been with my company for 3 years and have used the money each year a different way.


The first year I needed to complete the last part of CCNP, the TSHOOT. I used the money to buy scenario based labs from Cisco's learning site. I don't know if they currently offer the same ones I used because I think the platform they were using at the time was experimental. They kept asking for feedback and a lot of things were broken in the interface. It cost around $600. I found the labs beneficial and I definitely recommend them before anyone takes the CCNP TSHOOT, so you can build your own troubleshooting workflow. They aren't mandatory for passing the exam but if you don't regularly build labs or currently troubleshoot networking in your daily work, it's worth it to get some labs under your belt.

Later that year I also got 10 people within my company to use their money so we can get a group rate for CBT Nuggets. For many of our team studying for CCNA and CCNP, CBT Nuggets is an amazing resource. I really enjoyed it. Sadly, it isn't the strongest resource for CCIE level topics. The 1 year pass for CBT Nuggets group rate was around $800 (IIRC).

I did pass my CCNP TSHOOT earning me a CCNP Routing & Switching certification.
Even though I didn’t used the entire ~$5200 for my first year, it is use or loose and does not roll over.
The second year, I didn’t use my money throughout the year. I was pretty busy with work and was happy to put the CCNP behind me and take a study/certification break. Near the end of the year I was convinced to started studying for CCIE. I checked available resources and chose to take a bootcamp which was focused on the Written Exam topics. I took an INE bootcamp, you can read about it here: https://showipintbri.blogspot.com/2018/03/ccie-bootcamps-ine-or-micronics.html. I purchased the bootcamp in December, just before my ~$5200 went expired for the year, and booked the bootcamp for early the following year (February, IIRC). A bootcamp costs many thousands of dollars and nearly ate-up my entire allotment for the year. The February bootcamp was canceled by INE and I was allowed to reschedule to any other time and location. I ended up getting scheduled for late August. This was a really great experience and I really learned a lot.

Since I did not use my funds throughout the year, following my bootcamp in August I purchased another bootcamp but this time from Micronics. I purchased it before my funds ran out for the year in December. This bootcamp took place in March 2018, you can read about it here: https://showipintbri.blogspot.com/2018/03/ccie-bootcamps-ine-or-micronics.html. It was a great experience. This boot camp also is many thousands of dollars completely depleting my funds for the year. Since I made the purchase for this in December, when January came I had another ~$5200 to play with. I used this for purchasing a full-conference pass to Cisco Live which was in July 2018.
Between bootcamps, I personally purchased CCIE books, labs and continue to pay for an INE All Access Pass. This does not come out of my continuing education funds. 

After talking with folks from some of the bootcamps I’ve attended and also folks from Cisco Live, I realize how fortunate I am to work for a company that really takes care of it’s employees and wants to see us all grow. It truly is an enriching experience to meet people at these events and in the community. I've really learned alot over the years and have brought that knowledge and experience back to my company.

In conclusion, if you're a reader I would recommend the OCG books. Some sections are better than others, and you won't be 100% prepared for the CCIE Written exam after reading all of them, but there is alot of good material in them and worth the read.

If you prefer Video Based Learning for the CCIE level I would recommend INE's All Access Pass. It gives you access to their entire library, which is great because there really is alot of content on there. Also, I have found some instructors deliver the material better than other so I tend to watch videos by my preferred instructors. If your studying for the CCNA or CCNP level I would recommend CBT Nuggets, its Video Based Learning and really popular.

I would not start your journey doing any bootcamps. They cost alot of money and if your aren't ready it ill be a waste of your time and effort but, if you are ready I really think the absolute best experiences have come from bootcamps. I have learned so much in those short periods of time but, that's how I learn, I don't get overwhelmed I get excited.

For gauging yourself throughout your journey especially leading up to the CCIE Written the Boson ExSim was a good litmus test. Their software is really nice compared to others and doesn't feel cheap. The answer key's give in depth explanations and links to the Cisco docs. 

No single product from above will get you to pass anything by itself. 
  • You have to put in hard work... alot of it. 
  • You have to fail... and keep going.


Ultimately, you’ll need to have a discussion with your manager. Unfortunately, there isn’t a single word answer or way to do this. It will have to be a discussion and negotiation.

Saturday, May 26, 2018

Challenge: BGP - UPDATE!

After posting my original solution to the BGP challenge ( https://www.youtube.com/watch?v=YxUgYVb-91I ) I was called out by none other than the man himself, Mr. Vinit Jain!


I went back and took another look at his video and he alludes to the answer at around 1:35 (1 hour, 35 minute) ( https://www.ciscolive.com/global/on-demand-library/?search=BRKRST%203320#/video/1519328378542002IVEW ).


The Challenge:


The Solution:



The Configs:


R1:


hostname R1

interface Loopback100
 ip address 100.1.1.1 255.255.255.255

interface FastEthernet0/0
 description "To R2"
 ip address 10.1.12.1 255.255.255.0


router bgp 100
 bgp log-neighbor-changes
 network 100.1.1.1 mask 255.255.255.255
 neighbor 10.1.12.2 remote-as 200




R2:


hostname R2

interface FastEthernet0/0
 description "To R1"
 ip vrf forwarding 200
 ip address 10.1.12.2 255.255.255.0

interface FastEthernet1/0
 description "To R3"
 ip vrf forwarding 200
 ip address 10.1.23.2 255.255.255.0


router bgp 200
 bgp log-neighbor-changes
 neighbor 10.1.12.1 remote-as 100
 neighbor 10.1.23.3 remote-as 200
 neighbor 10.1.23.3 next-hop-self



R3:


hostname R3

interface FastEthernet0/0
 description "To R4"
 ip address 10.1.34.3 255.255.255.0

interface FastEthernet1/0
 description "To R2"
 ip address 10.1.23.3 255.255.255.0


router bgp 200
 bgp log-neighbor-changes
 bgp inject-map INJECT exist-map EXIST
 neighbor 10.1.23.2 remote-as 200
 neighbor 10.1.34.4 remote-as 200
 neighbor 10.1.34.4 route-reflector-client

ip prefix-list LEARNED seq 5 permit 100.1.1.1/32
ip prefix-list NEIGHBOR seq 5 permit 10.1.23.2/32
ip prefix-list ORIGINATE seq 5 permit 100.1.1.1/32

route-map INJECT permit 10
 set ip address prefix-list ORIGINATE
 set ip next-hop 10.1.34.3

route-map EXIST permit 10
 match ip address prefix-list LEARNED
 match ip route-source prefix-list NEIGHBOR


Verify:


R3#sho ip bgp injected-paths

BGP table version is 3, local router ID is 10.1.34.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>i 100.1.1.1/32     10.1.34.3                              0 ?

R3#sho ip bgp
BGP table version is 3, local router ID is 10.1.34.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>i 100.1.1.1/32     10.1.34.3                              0 ?
 * i                  10.1.23.2                0    100      0 100 i



R4:


hostname R4

interface FastEthernet0/0
 description "To R3"
 ip address 10.1.34.4 255.255.255.0

interface FastEthernet1/0
 description "To R5"
 ip address 10.1.45.4 255.255.255.0


router bgp 200
 bgp log-neighbor-changes
 neighbor 10.1.34.3 remote-as 200
 neighbor 10.1.45.5 remote-as 300



Verify:



R4#sho ip bgp

BGP table version is 2, local router ID is 10.1.45.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>i 100.1.1.1/32     10.1.34.3                     100      0 ?




R5:


hostname R5

interface FastEthernet1/0
 description "To R4"
 ip address 10.1.45.5 255.255.255.0


router bgp 300
 bgp log-neighbor-changes
 neighbor 10.1.45.4 remote-as 200



R5 - Verify:


R5#sho ip bgp

BGP table version is 2, local router ID is 10.1.45.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  100.1.1.1/32     10.1.45.4                              0 200 ?
R5#