network rocks !: February 2006

mls qos for voice vlan

1.CoS and DSCP function at different layers.Cos functions at L2,while DSCP functions at L3.
Therefore,CoS bits only remain in a subnet but DSCP value can be forwarded cross networks.

2.An IP phone is a multiport switch,with the phone set connects to a voice vlan,the pc connects to a data vlan.Thus,the connection between an IP phone and a switch is a trunk.

3.you can override the CoS value set by the PC attached to the Cisco IP phone and use the configured port priority instead. This feature is called port-based re-classification. The "switchport priority extend cos <0-7>" interface command is issued to achieve this

Here is an excellent link re QoS Q&A
http://www.cisco.com/warp/public/473/139.html

MPLS TE tunnel

* Probably common knowledge, but be sure to put 'mpls ip' in your tunnels if the tailend is not an end-node PE and you are doing MPLS VPNs. Since I've "been there, done that", I'd suggest putting mpls ip on EVERY tunnel that might need it at the time of creation. I had
full-mesh TE amongst PE routers, with quasi-mesh among the remaining P routers for the background noise that they create. After a major meltdown with the PE full-mesh, I reverted to core full-mesh, and promptly broke VPNs and EoMPLS. (Of course, moments after fixing that,I found out I broke multicast MPLS VPNs...) Moral of the story: don'tmix IOS versions.

"Probably common knowledge, but be sure to put 'mpls ip' in your tunnels if the tailend is not an end-node PE and you are doing MPLS VPNs. "
--When the tailend of the MPLS TE tunnel is a P router,you need to put "mpls ldp discovery targeted-hello accept" on the tailend P router.
--No you don't. You only need that if the tunnel is doing 'mpls ip' AND
there isn't a corresponding tunnel in the opposite direction.

PHP in MPLS

Penultimate Hop Popping is used only for directly connected subnets or aggregate routes.

A few important side details:

1) PHP doesn't work with cell-mode MPLS (each cell needs a VPI/VCI,right?).
2) PHP will strip the TDP/LDP label on the penultimate router, leaving just the VPN label
for the PE to deal with.
3) "PHP" will strip the TE label on the penultimate router OF THE TUNNEL, leaving the
underlying label stack for remaining routers to use*
4) "PHP" will strip the FRR label on the penultimate router OF THE TUNNEL, leaving the
underlying label stack.

You can change this behavior by "mpls ldp explicit-null" command
This command will send label 0 instead of Implicit Null label

eigrp stub connected

lab scenario
R2(s0/0.203,ip@6.6.23.2/24)<-->(ip@6.6.23.3/24,s0/0.302)R3
R2 Cisco 2611xm IOS 12.3(12)
R3 Cisco 3640 IOS 12.2(27)
R3 is an eigrp stub router that wants to advertise loopback0(ip@6.6.3.3/32) to R2.

By using "eigrp stub connected" command alone,the connected network won't be adversised to neighbors.It only PERMIT the stub router to send connected routes.

To advetise the directly connected network 6.6.3.3,you have to use "redistribute connected"
under the eigrp process.

router eigrp 2006
redistribute connected
network 6.6.23.0 0.0.0.255
default-metric 1500 100 255 1 1500
no auto-summary
eigrp stub connected
_____
another option is to use network statement to send the connected route to neighbors.
______
Verify

R2#sh ip eigrp nei det
IP-EIGRP neighbors for process 2006
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 6.6.23.3 Se0/0.203 10 00:13:18 44 264 0 6
Version 12.2/1.2, Retrans: 1, Retries: 0
Stub Peer Advertising ( CONNECTED SUMMARY ) Routes
Suppressing queries
R2#
R2#sh ip eigrp top
IP-EIGRP Topology Table for AS(2006)/ID(6.6.2.2)

Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status

P 6.6.3.3/32, 1 successors, FD is 2297856
via 6.6.132.13 (2297856/128256), Serial0/0.203
P 6.6.23.0/24, 1 successors, FD is 2169856
via Connected, Serial0/0.203
R2#

the reading list for SP DSL 350-022

Design and Implementation of DSL-Based Access Solutions
(Mervana, Le)
DWDM Network Designs and Engineering Solutions
(Gumaste, Antony)
End-to-End DSL Architectures
(Vermillion, Cisco Systems)
Internetworking Technologies Handbook,
Fourth Edition (Cisco Systems)
Residential Broadband (Abe)
Planet Broadband (Yassini, Schley, Ellis, Brown)
ADSL and DSL Technologies (Walter Goralski, McGraw-Hill)

allow odd prefixes x.0/24 x<7

lab scenario
R13(AS13)-----R2(AS2)

1.requirement

R13 generates the following BGP routes.

202.202.1.0
202.202.2.0
202.202.3.0
202.202.4.0
202.202.5.0
202.202.6.0
202.202.7.0
202.202.8.0
202.202.9.0
202.202.10.0

R13 only advertises to R2 odd networks 202.202.x.0 where x<7

2.solution

using the following ACLs:

access-list 1 deny 202.202.0.0 0.0.254.255
access-list 1 deny 202.202.7.0 0.0.0.255
access-list 1 permit 202.202.1.0 0.0.7.255

apply outbound distribute list on R13
router bgp 13
neighbor R2 distribuilt-list 1 out

3.Verification

R13#sh ip bgp
BGP table version is 13, local router ID is 6.6.13.13
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 6.6.13.13/32 0.0.0.0 0 32768 ?
*> 6.6.134.0/24 0.0.0.0 0 32768 ?
*> 202.202.1.0 0.0.0.0 0 32768 ?
*> 202.202.2.0 0.0.0.0 0 32768 ?
*> 202.202.3.0 0.0.0.0 0 32768 ?
*> 202.202.4.0 0.0.0.0 0 32768 ?
*> 202.202.5.0 0.0.0.0 0 32768 ?
*> 202.202.6.0 0.0.0.0 0 32768 ?
*> 202.202.7.0 0.0.0.0 0 32768 ?
*> 202.202.8.0 0.0.0.0 0 32768 ?
*> 202.202.9.0 0.0.0.0 0 32768 ?
*> 202.202.10.0 0.0.0.0 0 32768 ?
R13#

R2#sh ip bgp
BGP table version is 6, local router ID is 6.6.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 202.202.1.0 6.6.132.13 0 0 13 ?
*> 202.202.3.0 6.6.132.13 0 0 13 ?
*> 202.202.5.0 6.6.132.13 0 0 13 ?
R2#

BGP prefix-list exercises

these exercises are from http://www.catspace.com/goodies/prefix.htm
Copyright © 2002 Alchemy, Inc. All rights reserved.

1. Construct a prefix list that permits only the 192.168.1.0/24 network.

2. Construct a prefix list that denies network 119.0.0.0, and permits all other prefixes (including all subnets of 119.0.0.0).

3. Construct a prefix list that permits only the default route.

4. Construct a prefix list the permits everything except the default route.

5. Construct a prefix list that permits network 172.16.0.0 and any of its subnets, and denies all other prefixes.

6. Construct a prefix list that permits only the following prefixes:

10.2.8.32/27
10.2.8.32/28
10.2.8.32/29
10.2.8.32/30

7. Construct a prefix list that:

Permits 197.25.94.128/25
Denies 197.25.94.192/26
Permits 197.25.94.224/27
Denies 197.25.94.240/28
Permits 197.25.94.248/29
Denies 197.25.94.252/30
Permits all other prefixes, except for 198.82.0.0/16

8. Construct a prefix list that permits any prefix matching the first 20 bits of 175.29.64.0 which has a mask of at least /26 but not exceeding /29, and denies all other prefixes.

9. Construct a prefix list that denies any prefix matching the first 19 bits of 15.26.96.0 with any mask up to and including /32, and permits any other prefix.

10. Construct a prefix list that denies the RFC 1918 private networks and any of their subnets, and permits everything else.

11. Construct a prefix list that permits any subnet of network 15.0.0.0 (but not the network), and denies everything else. Your router lies within AS 65011. Place the prefix list in service in the inbound direction with BGP neighbor 1.2.3.4.

12. Construct a prefix list that denies 162.56.0.0/16 and all of its subnets (with the exception of 162.56.209.208/29, which is permitted), and permits all other prefixes. Your router lies within AS 65012. Place the prefix list in service in the outbound direction with its BGP neighbor having address 5.6.7.8.

13. Construct a prefix list that permits the CIDR block containing the thirty-two class C networks beginning with 200.202.160.0/24, and denies everything else. Your router is within AS 65013. Place the prefix list in service in the inbound direction with BGP peer-group "Lucky_13".

14. Construct a prefix list that denies any prefix for which the most-significant four bits are "0110", and permits everything else.

15. Construct a prefix list that permits the host address of "CatSpace", and denies everything else.

--------------------------------------------------------------------------------

EXTRA CREDIT:
16. Construct a prefix list that permits only classful networks, and denies everything else.

17. Construct a prefix list that denies only supernets, and permits everything else.

18. Construct a prefix list that permits only subnets, and denies everything else.

19. Construct a prefix list that permits only CIDR blocks encompassing at least 32 class-C equivalents.

20. Construct a prefix list that permits only the RFC 1918 private networks and their subnets, and configure RIP to use this prefix list for outbound routing advertisements.

ANSWERS:

1. The prefix list is:

ip prefix-list test1 seq 5 permit 192.168.1.0/24

2. The prefix list is:

ip prefix-list test2 seq 5 deny 119.0.0.0/8
ip prefix-list test2 seq 10 permit 0.0.0.0/0 le 32

3. The prefix list is:

ip prefix-list test3 seq 5 permit 0.0.0.0/0

4. The prefix list is:

ip prefix-list test4 seq 5 deny 0.0.0.0/0
ip prefix-list test4 seq 10 permit 0.0.0.0/0 le 32

5. The prefix list is:

ip prefix-list test5 seq 5 permit 172.16.0.0/16 le 32

6. The prefix list is:

ip prefix-list test6 seq 5 permit 10.2.8.32/27 le 30

7. The prefix list is:

ip prefix-list test7 seq 5 deny 197.25.94.192/26
ip prefix-list test7 seq 10 deny 197.25.94.240/28
ip prefix-list test7 seq 15 deny 197.25.94.252/30
ip prefix-list test7 seq 20 deny 198.82.0.0/16
ip prefix-list test7 seq 25 permit 0.0.0.0/0 le 32

8. The prefix list is:

ip prefix-list test8 seq 5 permit 175.29.64.0/20 ge 26 le 29

9. The prefix list is:

ip prefix-list test9 seq 5 deny 15.26.96.0/19 le 32
ip prefix-list test9 seq 10 permit 0.0.0.0/0 le 32

10. The prefix list is:

ip prefix-list test10 seq 5 deny 10.0.0.0/8 le 32
ip prefix-list test10 seq 10 deny 172.16.0.0/12 le 32
ip prefix-list test10 seq 15 deny 192.168.0.0/16 le 32
ip prefix-list test10 seq 20 permit 0.0.0.0/0 le 32

11. The prefix list is:

ip prefix-list test11 seq 5 permit 15.0.0.0/8 ge 9

To place it in service:
router bgp 65011
neighbor 1.2.3.4 prefix-list test11 in

12. The prefix list is:

ip prefix-list test12 seq 5 permit 162.56.209.208/29
ip prefix-list test12 seq 10 deny 162.56.0.0/16 le 32
ip prefix-list test12 seq 15 permit 0.0.0.0/0 le 32

To place it in service:
router bgp 65012
neighbor 5.6.7.8 prefix-list test12 out

13. The prefix list is:

ip prefix-list test13 seq 5 permit 200.202.160.0/19

To place it in service:
router bgp 65013
neighbor Lucky_13 prefix-list test13 in

14. The prefix list is:

ip prefix-list test14 seq 5 deny 96.0.0.0/4 le 32
ip prefix-list test14 seq 10 permit 0.0.0.0/0 le 32

15. The "hardest" part of this problem (and it isn't very hard!) is determining the IP address of "CatSpace". The easiest way to do that is to either "ping" or "trace" to "www.catspace.com" from any Internet-connected host, and let DNS resolve the address (which turns out to be 64.82.100.67). The prefix list is therefore:

ip prefix-list test15 seq 5 permit 64.82.100.67/32

16. The prefix list is:

ip prefix-list test16 seq 5 permit 0.0.0.0/1 ge 8 le 8
ip prefix-list test16 seq 10 permit 128.0.0.0/2 ge 16 le 16
ip prefix-list test16 seq 15 permit 192.0.0.0/3 ge 24 le 24

17. A "supernet" is any block that contains more than one classful network. The prefix list is:

ip prefix-list test17 seq 5 deny 0.0.0.0/1 le 7
ip prefix-list test17 seq 10 deny 128.0.0.0/2 le 15
ip prefix-list test17 seq 15 deny 192.0.0.0/3 le 23
ip prefix-list test17 seq 20 permit 0.0.0.0/0 le 32

18. The prefix list is:

ip prefix-list test18 seq 5 permit 0.0.0.0/1 ge 9
ip prefix-list test18 seq 10 permit 128.0.0.0/2 ge 17
ip prefix-list test18 seq 15 permit 192.0.0.0/3 ge 25

19. Since a "class-C equivalent" prefix has a "/24" mask, a block of thirty-two of them would have a "/19" mask (moved five bits to the left). The default route is not considered a "CIDR block". The prefix list is:

ip prefix-list test19 seq 5 deny 0.0.0.0/0
ip prefix-list test19 seq 10 permit 0.0.0.0/0 le 19

20. The prefix list is:

ip prefix-list test20 seq 5 permit 10.0.0.0/8 le 32
ip prefix-list test20 seq 10 permit 172.16.0.0/12 le 32
ip prefix-list test20 seq 15 permit 192.168.0.0/16 le 32

To place it in effect for outbound RIP updates:
router rip
distribute-list prefix test20 out

BGP route-map exercises

these exercises are from http://www.catspace.com/goodies/routemap.htm
Copyright © 2002 Alchemy, Inc. All rights reserved.

1. Construct a route map that sets the MED to 6000 for routes that were injected by your AS, and denies all other routes.

2. Construct a route map that sets the local preference to 775 for all class "C" networks, and sets the local preference to 850 for all other networks and all subnets.

3. Construct a route map that sets the weight for all private networks (and their subnets) to 25,000, and permits all other networks (without modifying their weights).

4. Construct a route map that sets the origin code to "incomplete" for any routes that were injected by AS 1864, and permits all other routes (without modifying their origin codes).

5. Construct a route map that sets the MED to 20000 for any paths that pass through AS 5432, 902 or 7823, and denies all other routes.

6. Construct a route map that sets the BGP local preference to 200 for any paths learned directly from AS 307, sets the local pref to 400 for any paths learned directly from AS 698 that pass through AS 405, and denies all other paths.

7. Construct a route map that sets the BGP weight to 4000 and the local pref to 500 for any path whose routes were injected by AS 106, 1006, or 10006, and permits all other paths (without modifying their weight or local preference).

8. Construct a route map that:

Sets the origin code to "incomplete" and the local preference to 50 for the 10.0.0.0/8 network and any of its subnets.
Sets the weight to 10,000 and the local preference to 60 for networks in the range 172.16.0.0/16 to 172.31.0.0/16 network, and any of their subnets.
Sets the local preference to 70 for any 192.168.x.0/24 network or subnet.
Denies all other prefixes.

9. Your router lies in AS 907, and it has a BGP neighbor in AS 62 with IP address 212.54.101.9/30. Configure your router so that the only BGP paths advertised to this peer are those paths that were not injected by your AS, and so that any paths that are advertised have the MED set to 30000. Supply all commands necessary to configure the required route map, any associated access list(s), and to invoke the route map with the BGP peer.

10. Your router lies in AS 146, and it has a BGP peer in AS 29 with IP address 112.72.201.75/29. Configure your router so that your AS number is prepended three times (instead of the usual one) to all paths that it advertises to this neighbor.

11. Your router lies in AS 872, and it has a BGP neighbor in AS 5832 with IP address 172.42.11.91/30. Configure your router so that the only BGP paths it accepts from this peer are those that transits either or both AS 2984 or 5713.

12. Your router lies in AS 16, and it has a BGP neighbor in AS 195 with IP address 64.19.145.27/30. Configure your router so that no paths for which AS 692 has used a route map to prepend its AS number are advertised to this neighbor.

13. Your router lies in AS 202, and it has a BGP peer in AS 9239 with IP address 77.44.11.98/30. Configure your router so that the only BGP paths it accepts from this peer were injected by either the peer's AS or AS 2984.

14. Your router lies in AS 691, and it has an iBGP peer with IP address 169.182.84.101/30. Configure your router so that all routes learned from this peer that passed through any privately-numbered AS have their local prefs set to 50, and all other routes learned from this peer have their local prefs set to 300.

ANSWERS:
1. The route map is:

route-map test1 permit 10
match as-path 1
set metric 6000

The associated AS path ACL is:
ip as-path access-list 1 permit ^$

2. The route map is:

route-map test2 permit 10
match ip address prefix test2
set local-preference 775
route-map test2 permit 20
set local-preference 850

The associated prefix list is:
ip prefix-list test2 seq 5 permit 192.0.0.0/3 ge 24 le 24

3. The route map is:

route-map test3 permit 10
match ip address prefix test3
set weight 25000
route-map test3 permit 20

The associated prefix list is:
ip prefix-list test3 seq 5 permit 10.0.0.0/8 le 32
ip prefix-list test3 seq 10 permit 172.16.0.0/12 le 32
ip prefix-list test3 seq 15 permit 192.168.0.0/16 le 32

4. The route map is:

route-map test4 permit 10
match as-path 4
set origin incomplete
route-map test4 permit 20

The associated AS path ACL is:
ip as-path access-list 4 permit _1864$

5. The route map is:

route-map test5 permit 10
match as-path 5
set metric 20000

The associated AS path ACL is:
ip as-path access-list 5 permit 5432|902|7823

6. The route map is:

route-map test6 permit 10
match as-path 6
set local preference 200
route-map test6 permit 20
match as-path 61
set local preference 400

The associated AS path ACLs are:
ip as-path access-list 6 permit ^307_
ip as-path access-list 61 permit ^698_(.+_)*405_

7. The route map is:

route-map test7 permit 10
match as-path 7
set weight 4000
set local-preference 500
route-map test7 permit 20

The associated AS path ACL is:
ip as-path access-list 7 permit _106$
ip as-path access-list 7 permit _1006$
ip as-path access-list 7 permit _10006$

This AS path ACL is a little more elegant:
ip as-path access-list 7 permit _1(0|00|000)6$

Since the range of ASNs is 1 to 65535, this will also work:
ip as-path access-list 7 permit _10+6$

8. The route map is:

route-map test8 permit 10
match ip address prefix test8a
set origin incomplete
set local-preference 50
route-map test8 permit 20
match ip address prefix test8b
set weight 10000
set local-preference 60
route-map test8 permit 30
match ip address prefix test8c
set local-preference 70

The associated prefix lists are:
ip prefix-list test8a seq 5 permit 10.0.0.0/8 le 32
ip prefix-list test8b seq 5 permit 172.16.0.0/12 le 32
ip prefix-list test8c seq 5 permit 192.168.0.0/16 le 32

BGP regexp exercises

these exercises are from http://www.catspace.com/goodies/regexp.htm
Copyright © 2002 Alchemy, Inc. All rights reserved.

1. Construct a regular expression that matches the AS path "48 206 1852 444". Note that AS 48 is directly connected to your AS, and that the routes were injected into BGP by AS 444.

2. Construct a regular expression that matches any path your AS learned directly from AS 777.

3. Construct a regular expression that matches any AS path for which the routes were injected into BGP by AS 888.

4. Construct one regular expression that matches all of the following AS paths (and no others):

101 202 303 400
101 202 303 401
101 202 303 402
101 202 303 403
101 202 303 404
101 202 303 405
101 202 303 406
101 202 303 407

5. Construct one regular expression that matches both of the following AS paths (and no others):

101 202 303 404
101 303 202 404

6. The command "show ip bgp" displays a Cisco router's entire BGP RIB (Routing Information Base). Give a "show" command that displays only the portion of the RIB that matches only the following conditions:

Your AS learned the path directly from AS 777, and
The routes were injected into BGP by AS 888, and
The path can transit any combination of Autonomous Systems between AS 777 and AS 888, as well as a path directly from AS 777 to AS 888.

7. Give a "show" command that displays only the portion of the BGP RIB that traverses the following AS paths:

456 111 928
456 131 928
456 151 928
456 161 928
456 171 928
456 181 928

8. Give a "show" command that displays only the portion of the BGP RIB that traverses the following AS paths:

10 21 100
43 54 100
76 87 100
91 12 100

9. Give a "show" command that displays only the portion of the BGP RIB that meets the following conditions:

Your AS learned the routes directly from AS 555, and
The routes were injected into BGP by AS 902, and
The routes passed through AS 87 somewhere along the way.

10. Give a "show" command that displays only the routes in the IP routing table that were learned by BGP.

11. Construct an AS path ACL (Access Control List) that denies any path in which the digit "6" appears in any AS number in the path, and permits all other paths.

12. Construct an AS path ACL that permits all paths for which the routes were injected into BGP by AS 303 or AS 304, and denies all other paths.

13. Construct an AS path ACL that denies all paths for which the routes were learned from AS 1, AS 20, AS 21, or AS 22, and permits all other paths.

14. Construct an AS path ACL that permits all paths for which the routes were injected by AS 6005, denies all paths for which the routes were injected by any AS in the ranges from 6001 to 6004 and 6006 to 6009, and permits all other paths.

15. Construct an AS path ACL that permits any AS paths your router learned directly from any AS whose AS number begins with the digit "5", and denies all other paths.

16. Construct an AS path ACL that:

Permits all AS paths,
Except those that originate in AS 200,
Unless the path originated in AS 200, was advertised by AS 200 directly to AS 300, passed through 400 (but did not have to pass directly from 400 to 300), and was learned directly from 500. These paths are permitted.

17. Construct an AS path ACL that:

Permits any path that originated in an even-numbered AS, and
Denies any path that originated in an odd-numbered AS, except that
Any path that originated in AS 79 or 799 is permitted.

18. Give a "show" command that displays all routes in the BGP RIB that originated in your AS.

19. Give a "show" command that displays all routes in the BGP RIB that did not originate in your AS.

20. Construct an AS path ACL that permits all AS paths that are exactly three Autonomous Systems long.

21. Construct an AS path ACL that permits all AS paths that are at least two Autonomous Systems in length.

ANSWERS:

1. The regexp is:

^48_206_1852_444$

2. The regexp is:

^777_

3. The regexp is:

_888$

4. The regexp is:

^101_202_303_40[0-7]$

5. The regexp is:

^101_(202_303|303_202)_404$

6. The command is:

show ip bgp regexp ^777_(.+_)*888$

- or -

show ip bgp regexp ^777(_.+)*_888$

Note that the following regular expression is incorrect:

^777_.*_888$

In the absence of an AS between 777 and 888, this regular expression requires two spaces between successive AS numbers (and AS paths never have more than one space between successive AS numbers).

7. The command is:

show ip bgp regexp ^456_1[135-8]1_928$

8. The command is:

show ip bgp regexp ^(10_21|43_54|76_87|91_12)_100$

9. The command is:

show ip bgp regexp ^555_(.+_)*87_(.+_)*902$

10. The command is:

show ip route bgp

11. The AS path ACL is:

ip as-path access-list 11 deny 6
ip as-path access-list 11 permit .*

12. The AS path ACL is:

ip as-path access-list 12 permit _30[34]$

13. The AS path ACL is:

ip as-path access-list 13 deny ^(1|2[012])_
ip as-path access-list 13 permit .*

14. The AS path ACL is:

ip as-path access-list 14 deny _600[1-4]$
ip as-path access-list 14 deny _600[6-9]$
ip as-path access-list 14 permit .*

This will also work:
ip as-path access-list 14 deny _600[1-46-9]$
ip as-path access-list 14 permit .*

15. The AS path ACL is:

ip as-path access-list 15 permit ^5

16. The AS path ACL is:

ip as-path access-list 16 permit ^500_(.+_)*400_(.+_)*300_200$
ip as-path access-list 16 deny _200$
ip as-path access-list 16 permit .*

17. The AS path ACL is:

ip as-path access-list 17 permit [02468]$
ip as-path access-list 17 permit _(799?)$

18. The AS path ACL is:

show ip bgp regexp ^$

19. A correct AS path ACL is:

show ip bgp regexp .+

20. A correct AS path ACL is:

ip as-path access-list 20 permit ^[0-9]+_[0-9]+_[0-9]+$

21. Four correct AS path ACL's are:

ip as-path access-list 21 permit [0-9]+_[0-9]+

ip as-path access-list 21 permit ._.

ip as-path access-list 21 permit . .

ip as-path access-list 21 permit ( )

--------------------------------------------------------------------------------
Try some "regexps" on a real Internet core router! route-server.ip.att.net
route-server.cerf.net
Note: These are not a web sites, you are accessing them with Telnet. If they don't respond, try again later (they don't support an infinite number of inbound VTY sessions). Also, be aware that their BGP RIBs and IP routing tables contain over 100K entries, so commands that require sorting (such as "show ip bgp regexp") may require a little time to process.

When you get in, try some "show" commands, like:
sh ver
sh ip route (the output of this is over 100K lines)
sh ip route summary
sh ip bgp summary
sh ip bgp (the output is well over 100K lines)
sh ip bgp regexp ...
sh proc cpu
sh mem

PPPoFR configuration example

lab scenario

R13(s0/0)------(s0/0)R2

1.R13 configuration

username R2 password 0 cisco
interface Serial0/0
no ip address
encapsulation frame-relay
frame-relay lmi-type cisco
!
interface Serial0/0.132 point-to-point
frame-relay interface-dlci 132 ppp Virtual-Template1
!
interface Virtual-Template1
ip address 6.6.132.13 255.255.255.0
ppp authentication chap
ppp chap hostname R13
ppp chap password 0 cisco
!

Configuration on R2 is identical ,except for the ip addresses and hostnames.

2.verification

R13# sh ip int brief
Interface IP-Address OK? Method Status Protocol
Serial0/0 unassigned YES TFTP up up
Serial0/0.132 unassigned YES manual up up
Virtual-Access1 6.6.132.13 YES TFTP up up
Virtual-Template1 6.6.132.13 YES manual down down
R13#ping 6.6.132.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.132.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 44/44/48 ms
R13#

PPPoE configuration example

Lab scenario

PPPoe Client R7(f0/0)------------(f0/0)R2 PPPoe Server

R7 learns IP address 6.6.27.7 from R2.

1.PPPoE Client configuration

vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
interface FastEthernet0/0
no ip address
pppoe enable
pppoe-client dial-pool-number 1
!
interface Dialer1
ip address negotiated
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname R7
ppp chap password cisco

!

2.PPPoE server configuration

username R7 password Cisco
!
vpdn enable
!
vpdn-group 1
accept-dialin
protocol pppoe
virtual-template 1
!
interface FastEthernet0/0
ip address 6.6.27.2 255.255.255.0
pppoe enable
!
interface Virtual-Template1
ip unnumbered FastEthernet0/0
peer default ip address pool p-1
ppp authentication chap
ppp ipcp mask 255.255.255.0
!
ip local pool p-1 6.6.27.7

3.Vevify connection between R2 and R7

R7#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES manual up up
Dialer1 6.6.27.7 YES IPCP up up
R7#
R7#ping 6.6.27.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 6.6.27.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
R7#

R2#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 6.6.27.2 YES manual up up
Virtual-Access1 unassigned YES unset up up
Virtual-Access1.1 6.6.27.2 YES TFTP up up
Virtual-Template1 6.6.27.2 YES TFTP down down

4.Monitoring VPDN Groups

R7#sh vpdn

PPPoE Tunnel and Session Information Total tunnels 1 sessions 1

PPPoE Session Information
UID SID RemMAC OIntf Intf Session
LocMAC VASt state
0 47475 000d.bc47.2600 Fa0/0 Vi1 N/A
000d.bdcd.5dc0 UP

R7#sh vpdn session packets

PPPoE Session Information Total tunnels 1 sessions 1

PPPoE Session Information
SID Pkts-In Pkts-Out Bytes-In Bytes-Out
47475 332 333 6962 6977
R7#

R2#sh vpdn

PPPoE Tunnel and Session Information Total tunnels 1 sessions 1

PPPoE Session Information
UID SID RemMAC OIntf Intf Session
LocMAC VASt state
427 47473 000d.bdcd.5dc0 Fa0/0 Vi1.1 CNCT_PTA
000d.bc47.2600 UP
R2#

R2#sh vpdn session packets

PPPoE Session Information Total tunnels 1 sessions 1

PPPoE Session Information
SID Pkts-In Pkts-Out Bytes-In Bytes-Out
47475 206 208 4664 4706
R2#

the reading list for Metro 350-027

Book:

1. Metro Ethernet by Sam Halabi
2. Layer 2 VPN Architectures by Wei Luo

CCO Document IDs:

10479,10584,11072,13709,17639,22885,29805

White Papers:

L2TPv3, Metro Ethernet WAN Services and Architectures, Understanding TCAM VMR entries

PACKET Articles:

L2TPv3 difference from L2TP, Session ID and Cookie Field in L2TPv3.

Other Topics:

show Outputs, Screen Shots, Inter-AS Multicast, QoS, VPLS, MPLS, MPLS-TE, L2TP, AToM, FRoMPLS, EoMPLS, Pseudowire Internetworking, TCI etc.

long journey to SP IE

Dear friends

I'd love to share my experience of how I become an SP IE.It's a long,sweet and sweat journey.

I passed my R&S on my third attempt on Feb 19th,2003.I did't study much until I joined Telecom New Zealand on Jan 31st,2005.
My initial goal was to pass Voice lab.SP lab was supposed to be a by-product.It turned out that I fell in love with SP/large network design as I've been working too hard on studying for it.Voice Lab? No,it's not on my schedule any more.haha.

A. how many attempts have i taken to pass SP?

oh no! I don't want to tell you. I passed SP lab on my sixth attempt !

I took the lab on Aug 26th,Sept 29th,Nov 11th,Dec 13th,Jan 13th,and finally Feb 13th.almost one attempt per month till i passed.

As I passed R&S 3 years ago,i underestimated SP.I thought it should be a piece of cake for me.I expected to spend 3 months maximum on lab practice and pass it on the second or the third attempt.
I didn't realize it is an IE lab,just like any other IE track,until i took it the third time.
when i took it at my third attempt,cisco didn't prepare it well and i waited for 3 hours to start,finished at 7:45pm.i misunderstood some questions and failed.
my fourth attempt was a nightmare.Just like R&S,forget guessing what they won't test.cisco tests whatever on the lab blueprint.if you don't know sth,you bet they will test it.
that's the reason I listed 24 books!Better read all of them,many times.

at my fifth attempt,cisco downloaded the wrong scenarios onto the rack.lots of interfaces,subinterfaces,dlci,ip addresses were preconfigured incorrectly.both the proctor and i removed some but i didn't get any extra time.i was pretty sure that i could pass as i tested everything carefully.when i got the result(FAILED),i was shocked.i didn't get any credit re backbone-related quesions.the only posibility was that the proctor corrected the misconfigurations of backbone devices but didn't save them.when they graded me,my configurations didn't work on the wrong lab scenario.
i asked for a reread.they told me the result was the same.it's no use to argue with them.don't give it a second thought.focus on your study.
once i got the reread result,i booked the next attemp immediately.
well,i still believe that i could pass on my fifth attempt.
last monday(feb 13th),i took my sixth attempt.this time,the proctor printed out the lab scenarios right before we started(yes printed out,they are not in folders as you expected).lots of mistakes on the printouts.the figures didn't show the hostnames of the routers,the dlci no.,etc.in some critical questions the site no. were wrong.you have to figure out what should be correct.
cisco really made it hard fot sp candidates.i believe it's the most difficult exam.
no matter how hard it was,i passed!i believe i passed with almost 100%.

B.the equipments and IOS I used for my lab:

Cisco2611XM x1 12.3(12) c2600-jk9o3s-mz.123-12.bin
Cisco3620 x1 12.2(27) c3620-jk9o3s-mz.122-27.bin
Cisco3640 x1 12.2(27c3640-jk9o3s-mz.122-27.bin
Cisco2621XM x2 12.3(12)c2600-jk9o3s-mz.123-12.bin
the above are used as PE/P routers.
Cisco3640 x1 12.2(15)T16 c3640-i-mz.122-15.T16.bin
Cisco2503 x1 12.0(23)c2500-ins-l.120-23.bin
the above two are used as CE routers.
Cisco WS-C3550-48 x1 12.2(25)SE c3550-i5q3l2-mz.122-25.SE.bin

Idealy you'd like to use 5 MPLS-enabled routers as you have to practise inter-AS and CsC.

C.reading list

there are 24 books on my reading list.please re my post "the reading list for SP lab".

i focused on the followings.I read them from cover to cover and read many times:

MPLS VPN architecture Vol II
MPLS Configuration on Cisco IOS Software(2005)
MPLS VPN Security(2005)
Optimal Routing Design(2005)
CCIE Routing and Switching Practice Labs
Cisco--ISIS
Cisco--Multicast

D.pay extremely attention to Multicast

below are some good books on multicast,inter AS multicast:

Routing TCP/IP Vol II(multicast,intre AS multicast)
BGP Design and Implementation( inter AS multicast)
MPLS VPN architecture Vol II(Multicast)
MPLS Configuration on Cisco IOS Software(Case study)

E.QoS study

For QoS,Cisco End-to-End Qos should be fine but i haven't read it.I read the followings:
IP Quality of Service(Cisco 2001),Practical Study Vol II
CCIE Routing and Switching Practice Labs
Cisco 3550/3750 QoS configuration guide

Well,that's pretty much of the story.

Any questions please let me know.I will be honoured if i could be of assistance.

Have fun! Happy SPing !

Jun

collisions on ethernet links

on shared ethernet,errors are often the result of collisions.two stations try to send a frame at the same time and the resulting collision damages the frames,causing CRC errors.

depending on the size of the ethernet network,many of these collisions happen in the 8-byte preamble of the frames and are not registered by troubleshooting tools.

if the collision happens past the preamble and somewhere in the first 64 bytes of the data frame,this is registered as a legal collision and the frame is called a runt frame.

a general goal for ethernet collisions is that less than 0.1% of the frames should be affected by a legal collision(not counting the collisions that happen in the preamble).

a collision should never occur on full-duplex ethernet links.if they do,there's probably a duplex mismatch.

to detect a duplex mismatch,look at the number and type of errors on either end of the link.look for CRC and runt errors on one side and collisions on the other side of the link.

the side that is set for full duplex can send whenever it wants.it doesn't need to sense carrier.

the sied that is set for half duplex senses carrier and will stop transmitting if it detects a simultaneous transmission from the other side.it will back off and retransmit,and report a collision.

the result of the half-duplex station's stopping transmission is usually a runt frame(shorter than 64 bytes) and is always a CRC-errored frame.

the full-duplex side receives runts and CRC-errored frames and reports these errors.the half-duplex side reports collisions.

notice the asymmetry of the errors when there is a duplex mismatch.if you see collisions and CRC errors on both sides of the link,the problem is probably something other than a duplex mismatch,perhaps a wiring problem or bad NIC.

the reading list for SP lab

Routing TCP/IP Vol 1( ISIS)
Routing TCP/IP Vol 2 (Muliticast,management)
Halabi (BGP bible)
Practical Study Vol 1 (LAN Switching)
Practical Study Vol 2 (LAN Switching,multicast,QoS)
Practical Study Security (LAN Switching,Security)
Cisco--ISIS
Cisco--Multicast
Advanced MPLS (MPLS,TE)
MPLS and VPN Vol 2(MPLS,multicast)
BGP Design and Implementation(multicast)
TE with MPLS
L2VPN Architect(L2TPv3)
Building MPLS-based broadcast access VPN(PPPoE)
Definitive MPLS Network Designs (2005)(MPLS,multicast)
MPLS Configuration on Cisco IOS Software(2005)(MPLS,multicast)
MPLS VPN Security(2005)(MPLS)
Optimal Routing Design(2005)(IGP,BGP)
CCIE Routing and Switching Practice Labs(QoS,Security,LAN,IGP,BGP)
Cisco---QoS
Network Security Architecture
Network Security Principles and Practice
Fault tolerant IP and MPLS networks