BGP route-reflector-client

BGP requires that all internal BGP speakers are fully meshed. To reduce the size of the mesh, BGP speakers can be configure as route reflectors. Route reflectors pass internal learned routes to a set of internal BGP neighbors. When route reflectors clients are configured, the route-reflector is responsible for distributing internal BGP routes to other internal BGP neighbors.
Use the neighbor route-reflector-client command to identify the

Following is an example,

Here Hub router is configured as Multipoint and having two spokes R2 & R4. Where R2 is connecting with R6 and establishing EBGP peer relationship. In order to advertise routes originated by R2 to other peer as R3, the Hub router is reflecter and R2 is configured as Route-reflector-client.

HUB#show run s bgp

router bgp 200
no synchronization
bgp cluster-id 11.11.11.11
bgp log-neighbor-changes
neighbor 172.16.13.3 remote-as 200
neighbor 172.16.13.3 route-reflector-client
neighbor 172.16.124.2 remote-as 200
neighbor 172.16.124.2 route-reflector-client
neighbor 172.16.124.4 remote-as 200
no auto-summary

BGP ttl-security

The BGP Support for TTL Security Check feature is a lightweight security mechanism to protect (eBGP) peering sessions from CPU utilization-based attacks using forged IP packets. Enabling this feature prevents attempts to hijack the eBGP peering session by a host on a network segment that is not part of either BGP network or by a host on a network segment that is not between the eBGP peers.

This feature is enabled by configuring a minimum Time To Live (TTL) value for incoming IP packets received from a specific eBGP peer. When this feature is enabled, BGP will establish and maintain the session only if the TTL value in the IP packet header is equal to or greater than the TTL value configured for the peering session. If the value is less than the configured value, the packet is silently discarded and no Internet Control Message Protocol (ICMP) message is generated.

Configuration Example:

On R1:

R1(config)#router bgp 100
R1(config-router)#neighbor 172.16.0.1 ttl-security hops 5

Now R1 wills silently drop the packet because TTL value in the incoming packet should be 250 or greater.

On the other side neighbor we can configure ebgp-multihop to 250 or to ebgp-multihop which will set the default value to 255.

If we have frame-relay hub and spoke network then we have to configure the TTL value including additional hops also as traffic will go through hub router.

MPLS Label - Header

The MPLS labels are advertised between routers so that they can build a label-to-label mapping.
These labels are attached to the IP packets, enabling the routers to forward the traffic by looking at the label and not the destination IP address. The packets are forwarded by label switching instead of by IP switching.

The MPLS label also called a shim header is 32bit (4 octets). Below is MPLS label looks like..

A MPLS label contains the following parts.

20-bit label value
3-bit experimental field
1-bit bottom-of-stack indicator
8-bit time-to-live filed

First 20 bit defines the original length of the actual label. Next 3-bit is experimental field which is used to copy QoS value from IP header like IP precedence or DSCP values. After that we have Bottom-of-stack value which defines weather the label is a last label. If it is set to 0 then its mean there are more labels and set as 1 defines that it’s a last label in a packet. Last field contains the 8-bit Time-to-live field which is same as IP Header time-to-live value and copied from IP header at PE router. We can also disable copying of TTL value from IP header to MPLS label.

KnowledgeNet MPLS Lab in GNS3

Dear Readers,

I am posting GNS3 Topology and lab config for Basic MPLS lab presented in Knowledge Net Student Guide 2.0. I am sure this will provide useful help to the poeples who are in the journery of learning MPLS and save lot of time in configuring basic IP configuration and to setup basic lab. This is full configured and fuctional lab by using IOS "c3640-jk9o3s-mz.124-16.bin"

Click the below "Show Config" link to see sample config of PE11 Router and get complete configuration with GNS3 topology file from " knowledgnet mpls lab.zip

Show Config /Hide Config

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PE11
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
!
ip vrf cust-a
rd 1:10
route-target export 1:10
route-target import 1:10
!
ip vrf cust-b
rd 1:15
route-target export 1:15
route-target import 1:15
!
!
!
interface Loopback0
ip address 192.168.1.17 255.255.255.255
!
interface Serial0/0
ip address 192.168.1.49 255.255.255.240
mpls label protocol ldp
mpls ip
serial restart-delay 0
!
interface Serial0/1
ip vrf forwarding cust-a
ip address 150.1.1.18 255.255.255.240
serial restart-delay 0
!
interface Serial0/2
ip vrf forwarding cust-b
ip address 150.1.1.34 255.255.255.240
serial restart-delay 0
!
interface Serial0/3
no ip address
shutdown
serial restart-delay 0
!
router eigrp 10
network 150.1.0.0
network 192.168.1.0
no auto-summary
!
router rip
version 2
!
address-family ipv4 vrf cust-b
redistribute bgp 65001 metric transparent
network 150.1.0.0
no auto-summary
exit-address-family
!
address-family ipv4 vrf cust-a
redistribute bgp 65001 metric transparent
network 150.1.0.0
no auto-summary
exit-address-family
!
router bgp 65001
no synchronization
bgp log-neighbor-changes
neighbor 192.168.1.33 remote-as 65001
neighbor 192.168.1.33 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 192.168.1.33 activate
neighbor 192.168.1.33 send-community both
neighbor 192.168.1.33 next-hop-self
exit-address-family
!
address-family ipv4 vrf cust-b
redistribute static
no synchronization
exit-address-family
!
address-family ipv4 vrf cust-a
redistribute rip
no synchronization
exit-address-family
!
ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login
!
!
end

CCIE R&S Certification v4.0

Effective from today:- October 19, 2009 Cisco CCIE® Routing and Switching v4.0 certification exams are now available in all VUE testing locations worldwide. I think lot of others like me were thinking about the 19 October who wish to get their CCIE # in R&S. Yes and from today our journey is specifically going to start on CCIE R&S version 4.

The competencies required for CCIE R&S v4.0 certification can be found on the Cisco Learning Network under CCIE R&S v4.0 written exam topics and CCIE R&S v4.0 lab exam topics in the CCIE R&S section of the site.

Both the written and lab exams have been refreshed with new questions covering MPLS and VPN networking. The written exam includes new scenario-based questions. The lab exam now requires hands-on troubleshooting of preconfigured networks, in addition to configuration. Exam duration and pricing will remain the same, with the two-hour written exam at USD $350.00 and the eight-hour lab at USD $1400.00

For more information regarding CCIE R&S certification 4.0 and related exams access the Cisco Learning Network at www.ciscolearningnetwork.com.

Good Luck!

GNS3 High Processor Usage

Guyes,

I was experienced an issue while doing labs in GNS3 that processor usage is going high after a certain time. Althogh it was not high in always and only at some occasion I have experienced problem.

The first thing comes in out mind to apply the best idlepc value which I already did. The idlepc values was ok with me and I am using from quite of time. I was using the following topology to run on my Dell Inspiron 640 notebook (2.0 GHz Core2Due with 2GB Ram).

The problem I found that while working on one router’s terminal session the others routers was going to logout me from their sessions and processor usage was going to high.

To resolve this I applied the following commands on the all routers.

Router(config)#line console 0
Router(config-line)#session-timeout ?
<0-35791> Session timeout interval in minutes

Router(config-line)#session-timeout 0 0
Router(config-line)#

The above allowed me to set the session to not time-out which was set for 10 minutes by default and Lab not giving the above problem any more.

Advantages of MPLS

· MPLS enables a single converged network to support both new and legacy services, creating an efficient migration path to an IP-based infrastructure. MPLS operates over both legacy (DS3, SONET) and new infrastructure (10/100/1000/10G Ethernet) and networks (IP, ATM, Frame Relay, Ethernet, and TDM).

· MPLS enables traffic engineering. Explicit traffic routing and engineering help squeeze more data into available bandwidth.

· MPLS supports the delivery of services with Quality of Service (QoS) guarantees. Packets can be marked for high quality, enabling providers to maintain a specified low end-to-end latency for voice and video.

· MPLS reduces router processing requirements, since routers simply forward packets based on fixed labels.

· MPLS provides the appropriate level of security to make IP as secure as Frame Relay in the WAN, while reducing the need for encryption on public IP networks.

· MPLS VPNs scale better than customer-based VPNs since they are provider-network-based, reducing the configuration and management requirements for the customer.