Labbed up the IEWB-SP Vol2 Lab4 & Analysis
Again, had a 5 ½ hour slot with Internetworkexpert Rack rentals and had a go at Lab4.
Bridging\Switching:- straight forward section, VLAN’s [note VLAN456 not defined in workbook solutions but present in Dynamips Solutions!], VTP, Trunking, Routed Ports, slight digression with 802.1q trunk. Frame-Relay & ATM again straight forward. Additional non-required ATM configs deleted from initial configs.
IGP:- Major boo-boo here, forgot to add NET address to one router, caused a little time to sort out. Enabling level 1, and advertising networks all okay. To ensure fast convergence use isis hello-multiplier and isis hello-interval commands. OSPF – basic setup with security.
EGP:- Create two BGP AS’s as specified; advertise various networks, no issues. Configure VPNv4 peerings, do not exchange IPv4 unicast prefixes -> no bgp default ipv4-unicast. Nothing more!
MPLS: again standard fair – enable MPLS -> mpls ip, mpls label protocol ldp. Use authentication -> mpls ldp neighbor x.x.x.x password cisco. Enable label exchange without using mpls ip -> neighbor x.x.x.x send-label.
MPLS TE – Configure routers to support traffic engineering, with reservations of 5Mbps and total BW of 9Mbps -> mpls traffic-eng tunnels & ip rsvp bandwidth 9000 5000.
Configure MPLS TE Tunnels, one reserved for XMbps, other for YMbps, link redundancy added to question ->
interface Tunnel0
ip unnumbered Loopback0
tunnel source Loopback0
tunnel destination x.x.x.x
tunnel mode mpls traffic-eng
tunnel mpls traffic-eng autoroute announce
tunnel mpls traffic-eng priority 0 0
tunnel mpls traffic-eng bandwidth 5000
tunnel mpls traffic-eng path-option 1 explicit name primary
tunnel mpls traffic-eng path-option 2 explicit name secondary
!
ip explicit-path name primary enable
next-address a.a.a.a
next-address b.b.b.b
next-address c.c.c.c
!
ip explicit-path name secondary enable
next-address d.d.d.d
next-address c.c.c.c
VPN: Got caught on this – it really is beginning to bug me – I thought I had a handle on this topic – the way I do this is to put a generic configuration on notepad together so something like this ->
ip vrf VPN_A
rd 100:1
route-target import 100:1
route-target export 100:1
!
ip vrf VPN_B
rd 100:2
route-target import 100:2
route-target export 100:2
!
interface ethernet0/1
ip vrf forwarding VPN_A
ip address 10.1.68.6 255.255.255.0
Then I change the parameters for the relevant interfaces & addresses and copy and paste. Somehow I am missing the big picture – I find myself thinking locally instead of globally if you get what I mean – I also got a couple of issues configuring this section up such as…
Rack1R4(config)#ip vrf VPN_B
Rack1R4(config-vrf)# rd 100:2
Rack1R4(config-vrf)# route-target import 100:2
Rack1R4(config-vrf)# route-target export 100:2
Rack1R4(config-vrf)#!
Rack1R4(config-vrf)#interface e0/1
Rack1R4(config-if)# ip vrf forwarding VPN_B
% Interface Ethernet0/1 IP address 10.1.4.4 removed due to enabling VRF VPN_B
Rack1R4(config-if)# ip address 10.1.4.4 255.255.255.0
Rack1R4(config-if)#
%TDP-4-IDENT: cannot set VRF VPN_B TDP ident
Also this…
Rack1R7(config)#ip routing
Rack1R7(config)#ip vrf VPN_A
Rack1R7(config-vrf)#rd 100:1
Rack1R7(config-vrf)#
%L3TCAM-3-SIZE_CONFLICT: VRF requires enabling extended routing
Now this is due to ->
Error Message L3TCAM-3-SIZE_CONFLICT: [chars] requires enabling extended routing.
Explanation This message means that size of the Layer 3 unicast TCAM entry is not sufficient to implement a feature.[chars] is the feature name (either Web Cache Communication Protocol [WCCP] or multiple VPN routing/forwarding [multi-VRF]) that requires the 144-bit TCAM size.
Recommended Action Modify the Switch Database Management (SDM) template to enable the switch to support the 144-bit Layer 3 TCAM. Use the sdm prefer extended-match, sdm prefer access extended-match, or sdm prefer routing extended-match global configuration command, and then reload the switch by using the reload privileged EXEC command.
VRF-Lite & MPLS VPN’s all okay – remember where these are in the Documentation – MPLS Configuration Guide Section 4.
PE-CE Routing – again I got to work on my redistribution!!
Internet Access – 1st part was okay – but caught on the 2nd part – I do not like NAT!
Multicast – first part fine, standard PIM setup, sparse-mode, candidate-RP, Auto-RP, Stop group’s bar Auto-RP should be dense mode? ->
ip pim sparse-mode,
ip pim send-rp-announce…
ip pim send-rp-discovery…
ip pim autorp listener
Inter & Intra-AS Multicast: Configure as specified with relevant RP Information:
ip pim rp-address x.x.x.x to specify RP.
Ensure RP information doesn’t leak from 1 AS to another? ->
Deny on the 224.0.1.39 & .40 addresses and apply with the ip multicast-boundary command on the relevant interface.
When one router sends traffic to group address, then another router contacts a third, times two!
Ip msdp peer
Ip msdp default-peer
Ip igmp join-group
VPN Multicast: Ensure Multicast traffic is GRE Encapsulated. -> Use MDT as so..
ip vrf…
Mdt default x.x.x.x
That was as far as I got within the 5 ½ hours. 4 sections left.
QoS
Security
Systems Management
IP Services
I will complete these 4 sections on the Dynamips on my laptop and report time here to see if I could get it done in 8 hours but I did get a kicking today!
