How to Use Cisco IOS troubleshooting tools and apply troubleshooting methodologies

Maintaining and troubleshooting the Cisco IOS networks helps the professionals and network designers to improve their knowledge and skills which is required for maintaining the networks along with resolving and diagnosing the problem efficiently and more effectively. This will in turn help the professionals in their preparations for the CCNP and other Cisco certified certifications as well. The course will be teaching professionals working in a complex environment to maintain the networks and trouble shoot the problems related to various technologies as well as organizational and the procedural aspects of the complete maintenance process.

Major objectives related to the course

Upon successful completion of the course, the professional will then be able to document and plan the commonly utilized maintenance functions for any complex enterprise network, developing a process for troubleshooting for identifying and resolving the problems in the complex network. The candidate will also be able to select the most supported tool for troubleshooting a specific type of problem and maintenance of the processes in a large enterprise network, practicing and maintenance of the procedure and resolution in secure infrastructure, routing based environment as well as switching based environment. Maintaining and troubleshooting the problems related to complex enterprise and integrated network is also among the basic features of this course.

Cisco IOS troubleshooting and MDS Family 9000 tools

If there is an error in which the server is unable to see the storage and the available information cannot be used for the host side to help in determining the main cause of the problem, some additional information can also be obtained by going through a different viewpoint and making use of the troubleshooting tools which are provided by Cisco MDS Family 9000 switches.

Command Line interfacing and troubleshooting commands

The Command Line Interfacing and troubleshooting commands helps you configure out and monitor the Cisco MDS Family 9000 switches by making use of local console or by remotely having access to Telnet and SSH sessions. This command will provide a clear picture for the command structure which is very similar to the IOS software by Cisco. It also helps in providing the context sensitive help, showing commands and multi user interface and an access control to various role based media. Show running interface is used for viewing the configuration of the interface in Cisco SAN release version 3.0(1) or advanced. The interface config as can also be seen in show - running config command will no longer get consolidated at this moment.

Debugs and the conditional debugs

The Cisco MDS Family 9000 switch supports the debugging set and an extensive feature for troubleshooting the storage network in an enterprise. By making use of CLI, one can also enable the modes for debugging the various switch features and can also analyze a real time scenario and the activity log of protocol exchanges. Each entry in the log is listed as in the chronological order and is a time stamped feature. Access to this debug feature may get limited by making use of CLI role mechanism which can also be partitioned on basis of per - role.

The debug commands helps to show the real time information, the show command can be made to list both the real time analyses and the historical performance as well. The debug messaged can be logged to a specific file log which is easier and more secure for processing rather than sending a debugged output to the console area. By making use of "?" option, one can see all the options which are available for the switch feature like FSPF. By entering each command, a log entry gets created in addition with an actual output debug which shows an activity for time stamp which takes place between the adjacent switch and the local logical switches.

This debug facility can be used to keep track in case of events, protocol errors or the internal messages taking place. However, you need to be extra cautious while using this debug command in any production environment because some of the options an prevent your access to switch be generating a large number of messages for the console or if your CPU is highly sensitive, it can heavily affect the performance of the switch.

Therefore, to avoid this confusion, what we recommend you is to open a new SSH Session or Telnet window before you enter any debug commands. If the session debug overwhelms current window for output, you may also use second session for entering the undebug all command for stopping the debugging message output.

FC Ping and FC trace route with advanced extended options

The fiber channel trace route and ping features helps to troubleshoot the problems related to the path choices and connectivity. However, these are not used for identifying or resolving the performance related issues. These two features are the most widely used tools which are used for troubleshooting a problem related to TCP/IP networking. The ping feature helps in generating a series for echo packets and sends it to the destination across the TCP/IP inter networking. When these echo packets finally arrive to their destination, they are then re-routed and sent all the way back to source. By using this ping feature, latency and connectivity issues can be verified across a selected destination to the IP network route.

The trace route feature also works in quite a similar fashion but it can also find the specific path taken by a frame to its final destination on a regular basis. These tools have been instigated to the fiber channel for use in the Cisco MDS Family 9000 issues and are commonly known as the FC ping and FC Trace route.

Applying various troubleshooting methodologies

Using the show system resource command will end up displaying the system related information on CPU and the memory statistics. The output will include load being defined as total number of the running processes. The average is being reflected in the system at intervals of one, five and 15 minutes. CPU also states CPU percentage usage in kernel and user mode as well as idle time for the last second. Memory usage indicated the used memory, free memory, total memory and the excess memory used in case of buffers and the memory used for cache in KB. Cache and buffer are also there in the memory statistics as well.

Diagnosing the root cause of various networking issues:

The generation fiber 2 channel switching module provides the facility for logging data failures for persistent storage that may be displayed and retrieved for analysis. The on - board logging failure feature stores the environmental information and also stores the failure in the non - volatile memory of the module. This information can be useful for further analysis of the failed cards. The data stored in the module includes initial time for power - on, slot number in chassis, initial temperature inside the card, serial number and firmware of the card, stack trace and CPU hog, information on memory leak, messages for software error, environmental history and logs for hardware exception, ASIC interrupt and register dumps.

Design and implement valid solutions

SNMP can be monitored and configured along with RMON and Syslog by making use of different options through the device manager menu. SNMP helps in providing a set consisting of preconfigured traps and also informs about the ones that are generated automatically and then sends to the destination. The Threshold manager for RMON helps you configure threshold for particular event which triggers the notifications or the log entries. You may also use the device manager or the fabric manager for identifying the syslog servers that will be responsible for recording different events for configuring Call Home, which will help you in alerting through a message or paging with a specific event.

SCSI Target Discovery

This feature provides an extra added insight to the connected targets of SCSI. The feature allows the user to log in the connected SCSI target device for a small period of time and also issue the series of inquiry commands for SCSI to help to find out some additional information. This additional information being sought after includes unit logical number details including the IDs and the sizes. The information is compiled and is made available to CLI commands with the help of the fabric manager or the embedded SNMP allowing the information to be retrieved by the upstream application. Using this target feature, detailed view of fabric and the devices connected to it can be studied.

Cisco View

Cisco View management graphical features provide statistics; dynamic status and comprehensive information for inter networking products from Cisco. It also aids the network management via displaying physical view for Cisco devices and device ports which allows the users to grasp the essential information. The major features of the command includes graphical displays from central location, giving mangers complete view for Cisco products without manually checking in at the remote sites, updated view of routers, switches and hubs continuously regardless of the location. Updated monitoring and tracking of information and the performance of the devices, traffic usage and other specific indicators, and the capability of modifying the information and configuration are some of the important parameters considered in this feature.

Inter network Performance Monitor

The inter Network Performance Monitor is a management and network application which enables the user to analyze the performance of the multi protocol networks. It is also helpful in measuring the availability of the IP network and the response time between the mainframe and the router in the System Network Architecture. The various tasks that can be imploded by the use of this feature includes troubleshooting the problems after making a check with the network latency, sending simple network protocol trap and alerts when the threshold is exceeded, in case of a lost connection or the re - establishment of the connection or in case of a timeout. It also includes analyzing potential problems prior to occurrence by collecting statistics and monitoring the response time through the network end points.

Verifying and monitoring the resolution

The traffic director packet filters lets you monitor all the seven layers of network trafficking. Using the switch probe and the RMON agents, you can view the enterprise network traffic. The traffic director multi layer summary provides high level assessment of networks along with the protocol distribution. Network managers can then check - in on the specific port and links and can apply for real time diagnosis and analysis to view the conversation. Traffic director monitoring also enables users in implementing a proactive environment. When the thresholds are in excess, traps are then sent to appropriate stations to notify the manager of the current problem.

The VLAN Director and switch application management

The VLAN Director and switch application management simplifies the assignment for VLAN port and offers the management capabilities for the same. The various features that are included in the VLAN Director and switch application management includes accurate representation for the physical network for configuration and design verification, capability for obtaining the configuration for VLAN or a specific link or the device, discrepancy reports, capability to identify and troubleshoot the device configurations that contains errors, quick detection of VLAN status and ports and the write protection and the user authentication security.

In many different situations, some of the third party tools for troubleshooting can prove to be more than handy in the long run over commands instigated inside the router. Enabling a processor debug command, for example, can be quite a task in itself in the high traffic level environment. However, if we are able to attach a network analyzer for the suspect network can turn out to be less costly and could in turn yield some useful information not even interfering with the operation of the router. Digital multi - meters, volt - ohm meters, cable testers etc. are some of the useful third party applications used for troubleshooting. Time and domain reflectors along with optical reflectors also help in the finding the location of the cable breakage outsource, helpful in matching the impedance and helpful in other cable planting problems as well. Network monitors also depict the accurate picture for the network activity over a wide range of time by tracking packets across the network.

Describe DMVPN (single hub) and Easy Virtual Networking (EVN)

The concept behind the VPN has been around some time now and the problem in the past years has been that the configuration of the VPN was typically the point to point and static in nature. But now, the implantation of the DMVPN provides the ability to get around both of the previous limitations. The DMVPN deployments provide the ability to configure the dynamic virtual tunnels that can be automatically created depends on the traffic needs and the certain topology. Based on the certain configuration, it is possible to have the virtual tunnels be created between the spoke sites to remove the load from a hub router. This section takes a look at the most available DMPVN and the easy virtual networking concepts in detail.

4.2 DMVPN (single hub)

The DMPVN stands for the dynamic multipoint VPN. It is the Cisco IOS software solution for building the IPsec VPN. The Cisco DMVPN uses the centralized architecture to offer easier implementation as well as management for the deployments which need granular access control for diverse the user communities such as telecommuters, extranet users and mobile workers. There are different ways to implement the DMVPN based on the specific need of a traffic being transmitted and the type of hardware being used and since there are a variety of options, just take single hub DMVPN in this section. The DMVPN configuration is very simple, if they have knowledge and worked with the GRE tunnels.

The DMVPN is the Cisco answer to an increasing demand of the enterprise companies to connect branch offices with the head offices and between each other when keeping costs low, increasing flexibility and minimizing configuration complexity. With the DMVPN, 1 central router is usually placed in a head office, undertakes a role of the hub when all other branch routers are spokes which connect to the hub router. So that the branch offices can easily access the resources of the company. The DMVPN comprises of 2 deployment designs such as DMVPN hub & spoke and DMVPN spoke - to - spoke. In both the cases, a hub router is assigned the static public IP address when the branch routers will be designated dynamic or static public IP addresses.

Operation of DMVPN

• Every spoke has the permanent IPsec tunnel to a hub, but not to other hubs within a network.
• Every spoke will registers as the client of an NHPR server. A hub router undertakes the NHPR server role.
• When the spoke requires to send the packet to a destination subnet to the other spoke, then it queries on the NHRP server for the real address of a target or destination spoke.
• Then after originating spoke learns the address of the peers of a destination spoke, it may initiate the dynamic IPsec tunnel to the destination spoke.
• A spoke to spoke tunnel is built over a mGRE (multipoint GRE) interface.
• Then spoke to spoke link may establish on demand whenever there was a traffic between a spoke. Hence the packets can able to bypass a hub and also use a spoke to spoke tunnel.
• All the data traversing a GRE tunnel is encrypted by using the IP security.

Configuring DMVPN on a single hub:

This scenario is used for the service provider providing the DMVPN connectivity to 2 unrelated customers and both the customers require connectivity among the own sites and to the internet service provider, but not able to communicate with each other. In the same way, each customer should use their own unique preshared key for the authentication. Take the example of the below:

In the above figure, the 172.16.0.0/20 space denotes the public address space and in the real world deployment, that will be effectively a random public IP addresses. The 2 internet service provider headend router connects the 4 sites, 2 per user/customer, to an ISP network. Every headend router has the 2 loopback interfaces to that the DMVPN tunnels can be terminated.

AS per Cisco design, every customer can have 4 redundant DMVPN tunnels, 1 to each headend router. It adds up to the total of 4 DMVPN networks. Remember that the lab may some muddy too sometimes.

Single ISAKMP policy and the IPsec transform set is common to all the routers in the configuration. Let us see the crypto configuration first which will lay foundation.

All routers:

Then configure the needed crypto profile on a headend routers. The ISAKMP and the keyrings are explicitly sources by the loopinterfaces. It ensures that the right preshared keys are applied to the every DMVPN spoke router depends on a destination IP address of the incoming encrypted packet.

Headend routers as follows:

The spoke router configuration is similar to the headend router, but simple, because only adding the configuration applicable to a respective user or customers. Here single wildcard mask is used to match the preshared key.

Configuration of customer A routers as follows:

Configuration of customer B routers:

DMVPN configuration:

First, create the 2 unique tunnels on the 2 headend routers, with one in either VRF of the customer.

Configuration of headend 1:

Headend 2 configuration:

The tunnel interface is sourced from a loopback interface. Then each tunnel is assigned to a unique tunnel key and the NHRP network ID. The spoke router tunnel interface is configured similarly to a headend router, along with the NHS specification. It is mainly sourced from the physical interfaces.

Configuration of customer A1:

Configuration of customer A2:

Configuration of customer B1:

Configuration of customer B2:

The benefits out of the DMVPN is very higher than the others. It lowers the operational and capital expenses, simplifies the branch communications, improves the business resiliency and reduces the deployment complexity. It prevents the disruption of the business critical application as well as services by simply incorporating the routing with the standard based IPsec technology. It offers the zero touch configuration, which dramatically decreasing the complexity of deployment in the VPN. It enables the direct branch to branch connectivity for the business applications such as voice.

4.3 Easy virtual networking (EVN)

The network virtualization is the economical way to offer traffic separation. The multiple virtualized network can be overlaid on the single physical infrastructure. The corporation can require to offer separation in between the different user groups. Several well adopted network virtualization solutions are widely available. In that the Easy virtual networking is the simplified LAN virtualization which helps to enable the network managers to offer service separation on the shared network infrastructure. The EVN is the IOS software innovation to multi VRF deployments without changing any switching protocols and existing industry standard routing protocols.

It is an IP based virtualization, which offers end to end virtualization of 2 or more layer 3 networks. The EVN builds on an existing IP based virtualization is known as the VRF-lite. The EVN is also backward compatible with the VRF lite which helps to enable the seamless network migration from the VRF lite to the EVN.

An EVN supports for the OSPFv2, EIGRP for unicast routing, static routes, IPv4, MSDP for IPv4 multicast routing and PIM. The EVN also support for the Cisco express forwarding as well as SNMP- simple network management protocol.

Before configuring the EVN you must have the functioning campus design before adding the virtualization to the network, understand the VRF instances and how to maintain the traffic separation over the network and for implementation it needs the single IP infrastructure.

The network virtualization used to secure the network and also reduce the network expenses by simply utilizing a same network infrastructure for the multiple virtual networks. The path isolation can be acquired by separating the paths by using the dedicated routers that are very expensive than the virtual networks.

EVN offers the below benefits: Increased business flexibility due to the decrease in an infrastructure needs for maintaining the traffic separation via the network core. Reduced capital expenditure by not having to keep maintain the separate physical infrastructure to maintain the traffic isolated. EVEN is very compatible with the VRF lite.

The VRF were born from the MPLS - VPN and grew into an adolescent with the VRF lite. Now EVN brings VRF into the maturity enhanced and simplified VRF lite. The ASR1k is the first platform which supports the EVN. In the LAN trunks, the sub interface inheritance and VLAN ID re-suse will take place. The IGP based shared services will take place in the route duplication. The usability and enhanced troubleshooting by using the command such as traceroute, debug condition, routing context and cisco vrf-mib.

The functional components of the path isolations are device virtualization and data path virtualization.

How it works:

Step 1:

Create the L2 VLAN and trunk it to the 1st L3 device

Step 2:

Define the VRF at the 1st L3 device and also map an L2 VLAN to the proper VRF.

Step 3;

Define the VRF on all the other L3 device in a network.

Step 4:

Configure as VNET trunk all the physical links, which connecting to the L3 devices in a network core.

Step 5:

Enable the routing protocol in the every VRF.

Step 6:

The traffic is carried to the end to end across a network which maintain the logical isolation in between the defined group.

The single trunk interface will transport the multiple VRF traffic. The trunks are pre provisioned for the new VRF.

The VNET tag # is defined for the every VRF used as the part of numbering the sub interfaces. Every sub interface will inherit the same characteristics from a main interface. Unless the VRF filters are applied, the trunk interface can transport the traffic to all the provisioned VRF. While creating the VRF sub interfaces, the vnet tag is mainly used. This tag also used with the encap dot 1q. The best practice to change the vnet tag so verf sub-int is created by removing the old vnet tag and configuring the new vnet tag.

The device which is connected to the virtual network can not understand the virtual network tags and also send & receive the untagged traffic. This device is considered as the VRF unaware. In contrast, the device which sends & receive tagged traffic and hence takes a tag value into consideration while processing, then such type of traffic is referred as the VRF aware. Each EVN runs the separate instance of the routing protocol. It allows each EVN to fine tune the routing separately and limits the fate sharing. The different virtual network can run the different routing protocol concurrently. The EVN is wire compatible with the VRF lite. The packets enter the EVN through the edge interfaces, traverse the multiple trunk interface and also exit a virtual network via another edge interface. In the ingress edge interfaces, the packets are mapped from the VLAN into the particular EVN. When the packet is mapped once to the EVN, it is then tagged with an associated virtual network tag. A virtual network tag will allow a trunk interface to specially carry the packets for the multiple EVN. That the packets remain tagged until it exit the EVN via an egress edge interface. Over the edge interface, an EVN associated with an interface is mainly used for the route lookup. Over the trunk interface, a virtual network tag is carried in a packet is used to locate corresponding EVN for routing a packet.

Hopefully, this content will enable you to have the general understanding of what possible when deploying the DMPVN and description of the DMPVN single hub. The possibilities available via the DMPVN solutions will provide the network designers lot of interesting and valuable options which enable the very scalable dynamic VPN design. The engineers and network professionals have to understand this concept truly about this technology. Deliver path isolation and traffic separation capabilities of the shared network infrastructure with the EVN. The EVN takes the advantage of the existing virtual routing and forwarding lite technology to simplify the layer 3 network virtualization, enhance, manage and troubleshoot and improve support for the shared services.

Reference: examcollection.com

How to Configure and verify eBGP (IPv4 and IPv6 address families)

The BGP uses 2 primary modes of information exchange such as external BGP and internal BGP, to communicate external and internal peers respectively. The eBGP stands for the external border gateway protocol. This protocol used to transport information to the other BGP enabled system in the different autonomous systems. This eBGP will work opposite to the iBGP. In this below sections, you will get an idea about the eBGP, byte AS number and private AS.

3.31.a eBGP

Peer ASs establishes links via an external peer BGP session. All route advertisements between an external peer take place by the eBGP mode of the information exchange. To propagate the route through an AS and advertises it to the internal peers. To advertise a route to the different peers AS, again BGP uses the eBGP.

The BGP will work in collaboration with the IBGP to transfer the data from the external internet or AS as well as vice versa. The eBGP multihop is the option which is used to peer with an external neighbor. If there are many paths between the eBGP peers you can take advantage of that. By default, the BGP allows to establish the eBGP neighbor relationship to the peers residing on the directly connected network, which is 1 by default for the eBGP peers.

Configuration:

Take the above diagram as the example for the eBGP configuration.

Take this simple topology network with 2 autonomous systems and 2 routers. Each router has the network on the loopback interface which is going to advertise in the BGP.

Rose(config)#router bgp 1

Rose(config-router)#neighbor 192.168.12.2 remote-as 2

Lilly(config)#router bgp 2

Lilly(config-router)#neighbor 192.168.12.1 remote-as 1

Here, use the command router bgp with an AS number to start the BGP. There neighbors are not at all automatically configured and you need to do with the command neighbor x.x.x.x remote-as. It is the way to configure the external BGP.

Rose# %BGP-5-ADJCHANGE: neighbor 192.168.12.2 Up

Lilly# %BGP-5-ADJCHANGE: neighbor 192.168.12.1 Up

Check whether the new BGP neighbor adjacency is received or not:

Rose(config)#router bgp 1

Rose(config-router)#neighbor 192.168.12.2 password MYPASS

Lilly(config)#router bgp 2

Lilly(config-router)#neighbor 192.168.12.1 password MYPASS

If you want to enable the MD5 authentication using the neighbor password command. Then the router can calculate the MD5 digest of the each TCP segment which is being sent.

Rose#show ip bgp summary

Lilly#show ip bgp summary

The command show ip bgp summary is the excellent one to check the BGP neighbors. It also helps to see the number of prefixes which you received from the each neighbor.

Rose(config)#router bgp 1

Rose(config-router)#network 1.1.1.0 mask 255.255.255.0

Lilly(config)#router bgp 2

Lilly(config-router)#network 2.2.2.0 mask 255.255.255.0

Then advertise a loopback interface using the command network. To advertise something with the BGP, make sure that the exact subnet mask is the command for a network.to type network 1.0.0.0 mask 255.0.0.0 on router rose cannot work, since that entry is not in a routing table.

Rose#show ip bgp

To look at the BGP database, make use of the show ip bgp. The router Rose has learned about the network 2.2.2.0/24 and a next hop IP address is the 192.168.12.2 is from the AS 2.

Lilly#show ip bgp

The router Lilly learned about the network 1.1.1.0/24 with the next hop IP address of the 192.168.12.1

Rose#show ip route bgp

Lilly#show ip route bgp

In a routing table, find an entry for the BGP with the administrative distance of 20 for an external BGP or eBGP.

The Commands used to verify the configuration as follows:

Show ip bgp summary

Show ip bgp rib failure

Show ip bgp neighbors address [received| advertised]

3.31.b 4 Byte AS number

The 4 byte ASN provide 232 or 4,294,967,296 ranging from the 0 to 4294967295. It is important to notice that the ASN include all the older 2 byte AS number through 65535. It greatly assists with the interoperability between the AS using the 2 byte AS number and those using the 4 byte AS number. The 4 byte AS number between 0 and 65535 is also called as mappable AS number, it can also be represented in simply 2 bytes. In that the first 16 bits are in each case all zeros.

The BGP autonomous system number is the 2 byte entity. The 2 bytes provide 65536 possible number of which 0, 65535, 23456, and 64512- 65534 are reserved by the IANA. The remaining 39000plus AS numbers are used already.

The 4 byte AS number can also be represented in one among the 3 ways such as:

Asdot+:

It breaks the number up in the two 16 bit values as high order and lower separated by the dot. All of the 2 byte AS number may be represented by a low order value. Ex: AS number 65535 can be 0.65535, then 65536 can be 1.0, 6.5537 can be 1.1. The last AS number 4294967296 can be 65535.65535.

Asplain:

It is the simple decimal representation of an AS number. Ex: AS number 7747 can be denoted by 7747, and 123456 can be denoted by 123456.

Asdot-:

It is the mixture of the asdot+ and asplain. Any AS number in a 2 byte range is denoted as asplain and any of the AS numbers above 2 bytes is denoted by asdot+. Ex: 65535 can be 65535 while the 65536 can be 1.0.

The BGP carries the ASN in the AS_PATH attribute, community attributes, open messages and aggregator attribute. The new BGP speaker advertise to the neighbor that it uses the 4 byte AS number using the BGP capability advertisements. If a neighbor advertises, that it uses the 4 byte AS number. The new BGP speaker uses the reserved 2 byte AS number 23456 is called the AS_TRANS. This speaker adds that ASN to an open message.

The BGP communities are mostly supported in the 4 byte ASN environment using the new extended community attribute which is called as 4 Octet AS specific BGP extended community. This recent and new community has the 4 byte AS number field and also 2 byte arbitrary number as opposed to the 2 byte ASN field in the legacy community attribute.

It is essential to keep in mind that the old BGP speaker will use the 2- byte ASN and the new BGP speaker will use the 4 byte ASN. The new BGP speaker advertises the route to the new BGP neighbors with the AS_PATH which carrying the 2 byte AS number when advertising to the old BGP neighbor while it adds an AS_TRANS AS number rather than adding the own 4 byte AS number. The AS4_PATH attributes are an optional transitive attribute that carries a real list of AS_PATH, carrying the both 4 byte as well as 2-byte ASN. Then the new BGP speaker will add the AS4_PATH attribute if there is any 4 byte AS number in a AS_PATH list.

The new BGP speaker constructs an AS_PATH attribute by simply replacing the 4 byte with the AS_TRANS. In that way, an AS_PATH shows the right number of Hops.

In the above example, R3 and R1 are using the 4 byte AS number. While R2 router is capable to use the 2 byte ASN only. The configuration for R1 and R2 routers are as follows:

When the R1 router discovers R2 router, the BGP openmessage and all capabilities, including the 4 byte AS number support. Mainly it pretends to be in the AS 23456 while an actual AS number is hidden in the capability.

Here R2 is not at all capable of understanding the 4 byte AS number and it is configured to peer with the router R1 in the AS 23456, then it will accept a BGP openmessage and also form the neighbors with R1. Then the show ip bgp neighbors command displays the capability advertised by the BGP speaker to the neighbor. When the R1 advertises the BGP UPDATE message holds the NLRI for the prefix 1.1.1.1/32, it includes the NEW AS_PATH attribute.

Then the router R2 will accept it when coming from the AS 23456. It forwards a same update message to router R3 after appending the own ASN 200 to an AS_PATH attributes. Even though, Router R3 understand the NEW AS_PATH attribute, it may reconstruct the original list of AS_PATH from that attribute.

When the Router R1 advertise the summarized route to router R2, it copies the entire information from the regular AGGREGATOR attribute and also puts in the NEW AGGREGATOR attribute, except an AS number. Then the regular attribute of the aggregator has the AS number 23456 while the new aggregator attribute has the AS number 65636. Since, router R3 may understand that new aggregator attribute, then it will reconstruct the right AS_PATH list.

The final aggregated route as follows:

3.31.c Private AS

The autonomous system is the collection of the connected IP routing prefixes under the control of one or more service providers or network operators. The multiple organizations can run the BGP using the private AS numbers to the ISP which connects all those organizations to an internet. The unique AS number is allotted to the each AS for use in the BGP routing. This AS numbers are very important because, an ASN uniquely identifies the each network on an internet. There are 2 types of AS numbers such as public ASN and private ASN.

The private ASN can be seen on the global internet. ( via eBGP). The private AS numbers are mainly used by the ISP who uses the BGP confederations or in the private networks. This private AS numbers are sometimes used to offer the AS number to the customers with multiple connections to the ISP, but who have no connection to any other ISP. It is becoming more rare. Use of the private ASN is now most frequently seen in the private networks which do not communicate directly with an internet. Most of the internet service provider utilizes the route filters to reject routes which contain the private ASN. By default, when the BGP advertises the AS path to remote systems it includes all the AS numbers including the Private AS numbers. You can also configure the software to remove the private AS numbers from the AS paths. The remote AS for that you offer connectivity is multihorned, but to the local AS only. The remote AS may not have any officially allocated AS numbers and it is not at all appropriate to make the remote AS the confederation member AS of a local AS. Most of the companies like to gain their own AS number and some companies will use private AS numbers to connect with the public AS network. The service can use the remove private command to prevent advertising the private AS numbers to the internet.

The BGP private AS number ranges from 64512 to 65535. As it is private, the number is not globally unique. The internet service provider require to ensure the strip private ASN off a BGP update to the eBGP peers while announcing the routing information over the internet. One best way to perform this is by using a command to remove private as a command.

In the below network, the user is using the private ASN 64512. Now configure the router at the internet service provider so that it will not advertise the user ASN out to the internet. It means that all the prefixes may appear as though it came directly from the internet service provider. Technically, an ISP normally own the user prefixes anyway.

To begin the configuration, check the router R3 NGP table:

Now, the output implies R3 is getting the 100.100.100.1/32 prefix from an ISP, but the users AS have been included in an AS_PATH. So just adjust it.

After the configuration, the user removed the AS.

The eBGP is normally used for the interconnection of the networks for the different organization or a global internet. These organizations can be an internet service provider, large corporations or universities which have the vast network infrastructure. It is used and also implemented at the border or edge router which gives interconnectivity for 2 or more autonomous systems. In this section, the eBGP configuration and verification are discussed clearly along with the byte AS number and private AS.

How to Configure and verify OSPF path preference, OSPF operations and OSPF for IPv6

The path preferences are used to choose which route is installed in a forwarding table when several protocols calculate the routes to a same destination. A path with the lowest preference is selected mostly. The main operation of an OSPF protocol will occur in 3 consecutive stages and also leads to the convergence of an internetwork. Those stages are compiling the LSDB, calculating the SPF tree and creating the routing table entries. On the other hand the OSPF for IPv6 are discussed in the below section.

How to Configure and verify OSPF path preference

By default, the internal OSPF routes have the preference value of 10 and the external OPSF routes have the preference value of 150. To change these settings is planning to migrate from the OSPF to the different IGP. The OSPF may use the cost as a metric to select a shortest path to the each destination, it is moreover true, but not fully right. The OSPF must first search at the path type to make the decision and also secondly search at a metric. It is the preferred path list, which OSPF uses as follows:

• Intra area
• External type
• NSSA type 1
• Inter area
• External type 2
• NSSA type 2

After a path preference, it will search at a lower cost route. To provide the pretty quick overview: when the prefix "x" is taught as the intra area path and as the inter area path, then OSPF can always select an intra area path, although an inter area path has the lowest cost.

Take above topology as an example. In that, create the loopback0 interfaces on the R2 to R7 by using a same prefix of 1.1.1.1/32 and also advertise it in the OSPF as follows:

R7: (N2) NSSA type 2

R6: (N1) NSSA type 1

R5: (E2) external type 2

R4: (E1) external type 1

R3: (OIA) inter area

R2: (o) intra area

To check the R1 to find which path that prefer, configure the OSPF at the first step:

Advertise the right area on the R1. Make the area 167 a NSSA area. Configuration for R2 as follows:

On R2 advertise the 1.1.1.1/32 as the intra area path

The R3 can advertise the 1.1.1.1/32 in the third area to make that as an inter area route.

Then R4 can redistribute the prefix 1.1.1.1/32 as the external type1 route.

The R5 can redistribute the prefix 1.1.1.1/32 as the external type2 route.

The R6 is the NSSA ABR and can advertise the 1.1.1.1/32 as the N1 route.

The R7 will redistribute the 1.1.1.1/32 so it displays the N2 route.

Though it is for the loopback interfaces with a same IP addresses on the router R2 to R7, it has the OSPF router ID. Make sure that it was unique on the each router command router id.

Verify the configuration:

On that, all the OSPf neighbor adjacencies may work. Then make a look on a routing table to check which path has decided to use:

From the above, the R1 uses the route to R2 to mainly reach 1.1.1.1/32. Fastethernet interface and loopback each have the cost of 1, hence that a total cost is mostly 2. This route has been chosen because it is the intra-area route. Let's see what will occur if the cost is increased.

Change a cost to 100, so that route is not interesting at all and routing table as follows:

Then the cost will increase to 1001, but still R1 prefers the route to R2. It is because the intra-area path is mostly preferred over all, even if a cost is higher.

With an intra-area route is mainly out of the way, the R1 prefers an inter area path to R3, eventhough if the cost increasing is stick to that path as shown below:

After increasing a cost to 901, the OSPF stick to an inter-area route will over all the other route. The OSPF puts more faith in their path selection and the path preferences is done prior the lowest cost preference. Consider what the OSPF prefer when the inter-area route is not reachable.

With an intra area as well as inter-area path is out of the way, then OSPF prefers an external type1 route.

Before looking for the lowest cost path, the OSPF will compare the different route and select the one according to a table as mentioned earlier.

How to Configure and verify OSPF operation

As the routing protocol, the main function of the OSPF is to facilitate the exchange of the routing information between the routers. Every router in the OSPF autonomous system which runs the OSPF software which is responsible for the different tasks, including setting the timers to control specific activities that has to occur on the regular basis and also the maintenance of the important data structure like link state database. Each OSPF router has to respond and generate the OSPF messages. The OSPF is the link state routing protocol. It uses the link state advertisement to update the neighbor routers regarding the interfaces and also information on that interface. Each router will maintain the identical database which describes the area topology to assist the router determine the shortest path between them and any neighboring router.

Every OSPF router sends out the hello packets and those hello packets are used to determine if a neighbor is up or not. The hello packets are small and easy to process packets. The hello packets are sent in a periodical manner, mostly in the short interval of time. Once the adjacency is accomplished, trade the information with the neighbor. The topology information is packaged in the link state announcement. These announcements are sent only once and updates only if there is any change occur.

Enable the OSPF routing:

Define the OSPF as the IP routing protocol in the first step:

Router (config)#

Router ospf process- id

Here the process id is the internally used number which identifies the OSPF routing process. The process id need not to match process ID on the other routers. It can also be any positive integer in the range from 1 to 65535.

Identify the OSPF network:

Here define the OSPF networks to advertise to the OSPF neighbors as follows;

Router (config-router)#

Network ip-address[ wildcard- mask] area area-id

In that, the ip-address parameter can be the network, the subnet or address of the directly connected interface. The wildcard mask is the inverse mask used to find out how to interpret the addresses. A mask has the wildcard bits, there 0 is the match and 1 means doesn't care. If 0.0.255.255 denotes the match in the first 2 octets. The area id parameter indicates an OSPF area to be associated with the address.

The optional method to enable the OSPF explicitly on the interface is router (config-if)#

Ip ospf process id area area-id

The commands are configured explicitly for an interface, it also takes the precedence over a network area command.

Given below is the example for single area OSPF:

How to Configure and verify OSPF for IPv6

The OSPFv3 is to IPv6 and OSPFv2 is to IPv4 and these 2 versions are not at all compatible with one another. In the OSPF for IPv6, the addressing semantics are removed from the OSPf protocol packets and main types of LSA, leaving the network - protocol- independent core. The IPv6 address is not present in the OSPF packets except LSA payload carried by the LSU packet. The network LSA and router LSA no longer contain the network address, but express the topology information. The OSPF router ID, LSA link state ID and area ID remain at the IPv4 size. It can be no longer assigned as the IPv6 addresses. The neighboring routers are always identified by the router ID. Earlier, it had been identified by the IPv4 address on the NBMA, point to point links and broadcast. In the OSPF for the IPv6, authentication is removed from an OSPF protocol. The Authentication and Autype field are removed from an OSPF packet header and all the authentication related fields are removed from an OSPF area as well as the interface data structure. The OSPF for IPv6 runs directly over the IPv6. Aside from all this, all the addressing semantics are removed from an OSPF packet headers making it network protocol independent. All of the addressing information is contained in the different types only.

The router ID is the 32 bit number which uniquely identifies the router in an autonomous system. If the router OSPF router ID is changed, then the router's OSPF software must be restarted before a new router ID takes the effect. The size of the router ID is smaller than the IPv6 address, so it cannot be set as one of the routers's IPv6 addresses. The possible router ID procedure for IPv6 includes assign the IPv6 router ID via some local administrative procedure and assign the IPv6 router ID as one of the routers IPv4 addresses.

The global IPv6 address has to be selected as the forwarding address for the NSSA- LSA, which are to be propagated by the NSSA area border router. The selection must proceed as same as the OSPFv2 NSSA support with the additional checking to ensure the IPv6 link local address are not at all selected. The OSPF for IPv6, the external LSA are originated by the AS boundary routers and also describes the destination external to an AS. The OSPF is the IP protocol of 89. This number must be inserted in the field of next header of the encapsulating IPv6 header. The OSPF runs directly over the network layer of IPv6. Hence the OSPF packets are encapsulated solely by the IPv6 and the local link headers. Some of the OSPf messages are multicast when sent over the broadcast networks. In the OSPF for IPv6. The router can have multiple interfaces to the single link associated with a same OSPF area and the instance. All the interfaces can be used for the transmission of data traffic and reception of data traffic while only the single interface sends and receives the OSPF control traffic.

Step 1:

The first step in the configuration is to enable the IPv6 unicast routing as given below:

R1(config)# ipv6 unicast routing

Step 2:

Assign the IPv6 address to the required interfaces. The IPv6 stateless address autoconfiguration will allow the interface ID portion of an address to form the EUI- 64 address automatically. Take it as an advantage by appending a eui-64 keyword to an ipv6 address command and also leaving an interface ID portion of the IPv6 address zeroed.

However, can able to address the serial interfaces in a same manner, setting an interface ID makes it very easier to define a mappings of the static frame relay manually. Also have to create the frame relay mapping for a link local addresses, so specify an interface Id address manually.

Making the IPv6 frame relay mapping is very same as the commands provided for the IPv4 addresses. The very most important detail to keep in mind that the link local interface addresses have to be mapped, as all the OSPFv3 communication across the addresses.

You can verify the each interface has the configured global unicast address and link local address.

In the same way, verify the frame relay mappings:

All the interfaces on the router has been addressed, it is better to verify the connectivity across the individual links before configuring the OSPF. Ping global unicast IPv6 address like the IPv4 address, but remember that the outing interface is prompted when pinging the link local address. It is because a router has no other way of knowing that which link you like to reach.

The OSPf features include the fast convergence, outing based on the best path preference, supports VLSM, grouping of members in the areas, efficient use of the bandwidth and also supports for the large network size. So that, every network engineer or professional has to familiarize with the path preference, operation of the OPSF and additionally OSPF for IPv6. This chapter will give you exposure on how to configure and verify the OSPF for IP version6.