ASA Lessons: Failover


In this post I will go through an example of setting up redundancy between a pair of ASA’s using one of the two methods of accomplishing this. The 2 methods are: Failover Clustering This post is exclusively about the failover option.
Read more…

New Goal


So I have further evidence that I might be crazy: I have decided to abandon any and all CCIE DC studies. Why you might ask? Simple: I dont have access to the required equipment continually so I can practice and reinforce any knowledge.
Read more…

ASA Lessons: Static PAT


I decided a while back I would spend a bit of time learning about the Cisco ASA firewall. This is the first post surrounding some technologies I have explored during that time. For some of you it might be easy stuff, but for others, including myself, might find it interesting for reference.
Read more…

Practical OTV


Practical OTV ————- This post is all about OTV (Overlay Transport Virtualization) on the CSR1000v. I wanted to create the post because there are alot of acronyms and terminology involved. A secondary objective was to have a “real” multicast network in the middle, as the examples I have seen around the web, have used a direct P2P network for the DCI.
Read more…

VxLAN on the CSR1Kv


By now, VxLAN is becoming the standard way of tunneling in the Datacenter. Using VxLAN, i will show how to use the CSR1Kv to extend your Datacenter L2 reach between sites as well. First off, what is VxLAN? It stands for Virtual Extensible LAN.
Read more…

ISIS Authentication types (packet captures)


In this post i would like to highlight a couple of “features” of ISIS. More specifically the authentication mechanism used and how it looks in the data plane. I will do this by configuring a couple of routers and configure the 2 authentication types available.
Read more…

Progress update – 10/07-2017


Hello folks, Im currently going through the INE DC videos and learning a lot about fabrics and how they work along with a fair bit of UCS information on top of that! Im spending an average of 2.5 hours on weekdays for study and a bit more in the weekends when time permits.
Read more…

A look at Auto-Tunnel Mesh Groups


In this post I would like to give a demonstration of using the Auto-Tunnel Mesh group feature. As you may know, manual MPLS-TE tunnels are first and foremost unidirectional, meaning that if you do them between two PE nodes, you have to do a tunnel in each direction with the local PE node being the headend.
Read more…

Practical DMVPN Example


In this post, I will put together a variety of different technologies involved in a real-life DMVPN deployment. This includes things such as the correct tunnel configuration, routing-configuration using BGP as the protocol of choice, as well as NAT toward an upstream provider and front-door VRF’s in order to implement a default-route on both the Hub and the Spokes and last, but not least a newer feature, namely Per-Tunnel QoS using NHRP.
Read more…

GETVPN Example


A couple of weeks ago I had the good fortune of attending Jeremy Filliben’s CCDE Bootcamp. It was a great experience, which I will elaborate on in another post. But one of the technology areas I had a bit of difficult with, was GETVPN.
Read more…

MPLS VPN's over mGRE


This blog post outlines what “MPLS VPNs over mGRE” is all about as well as provide an example of such a configuration. So what is “MPLS VPNs over mGRE”? – Well, basically its taking regular MPLS VPN’s and using it over an IP only core network.
Read more…

Unified/Seamless MPLS


In this post I would like to highlight a relative new (to me) application of MPLS called Unified MPLS. The goal of Unified MPLS is to separate your network into individual segments of IGP’s in order to keep your core network as simple as possible while still maintaining an end-to-end LSP for regular MPLS applications such as L3 VPN’s.
Read more…

EIGRP OTP example


In this post id like to provide an example of a fairly new development to EIGRP which is called EIGRP Over The Top (OTP). In all its simplicity it establish an EIGRP multihop adjacency using LISP as the encapsulation method for transport through the WAN network.
Read more…

Trying out IPv6 Prefix Delegation


In this post i will show how and why to use a feature called IPv6 Prefix Delegation (PD). IPv6 prefix delegation is a feature that provides the capability to delegate or hand out IPv6 prefixes to other routers without the need to hardcode these prefixes into the routers.
Read more…

VRF based path selection


In this post I will be showing you how its possible to use different paths between your PE routers on a per VRF basis. This is very useful if you have customers you want to “steer” away from your normal traffic flow between PE routers.
Read more…

Using the OSPF Forwarding Address for traffic-steering


In this fairly short post, id like to address a topic that came up on IRC (#cciestudy @ freenode.net). Its about how you select a route thats being redistributed into an OSPF NSSA area and comes into the OSPF backbone area 0.
Read more…

Passed the CCIE SP Lab exam.


CCIE Service ProviderWell, a short update. I managed to pass the CCIE Service Provider lab exam on March 14th.

I am quite exhausted from the experience, but very happy 🙂

Short update


Its been a long time since my last update. I apologise for this. It wasnt my intention, it just sort of happened. In the meantime I have tried the CCIE SP lab and didnt pass it, so I am still studying for my next attempt which is comming up shortly.
Read more…

ISIS csnp-interval


The CSNP on multiaccess networks The CSNP (Complete Sequence Number PDU) on multi-access networks is being sent out on behalf of the DIS (Designated Intermediate System), which acts as the pseudonode representing the multi-access network. Its being used as ISIS’s way of making sure everybody on the multi-access network is up to date.
Read more…

isis retransmit-interval Vs. isis retransmit-throttle-interval


In this short post i want to try and shed some light on a couple of ISIS timers that had me confused at first. I think i got them down now, but please let me know if i have misunderstood them.
Read more…

Fixing multicast RPF failure with BGP


In this post i would like to explain how you can fix a multicast RPF failure using BGP. If you take a look at the topology in figure 1, we have a network running EIGRP as the IGP and where R1 advertises its loopback 0 (1.
Read more…

Another Lab lies ahead, round one.


This morning I booked my first go with the CCIE Service Provider lab exam. The battle is in mid November, so I have some time to study. That also means that alot of forthcomming blog posts will be about CCIE SP material.
Read more…

MPLS VPN Per VRF Label feature


In this post i would like to explain the usage of the “MPLS VPN Per VRF Label” feature. By default, in each VRF, prefixes are assigned a VPN label, used to identify the route within the VRF itself. This label is the only label that is being looked at by the receiving PE router.
Read more…

Looking forward


“All that matters, is where you are going” is a favorite quote of mine. With that an update as well as a plan to move forward. I have now finished Narbik’s Volume 2 Service Provider workbook. It took a little while longer than I had planned.
Read more…

Done with volume 1 labs.


I have now finished the Narbik Volume 1 labs. It took about 2,5 weeks to do. Im planning on spending a bit more time on the Volume 2 labs. Maybe about 3-4 weeks. I want to make sure i got all the foundational stuff down before advancing to some more complex labs.
Read more…

Frame-Relay PVC bundle


In this short piece i would like to show how Frame-Relay PVC bundles work. A PVC bundle is exactly what the name says. Its a bundle of PVC’s, with each PVC handling a certain Precedence, MPLS EXP or DSCP. A requirement for the PVC bundle is that all IP Precedence or DSCP values will be handled by one of the PVC’s, so you need to set the “default” PVC unless
Read more…

Some IOS-XR Training


Just wanted to let you know of a good place to go for some IOS-XR training.

Head on over to FryGuy’s place:

http://www.fryguy.net/2012/11/06/ios-xr-cisco-videos-and-training/

Recertified & Plan


I have recertified by doing the SP written exam. Took me a while, but now its done. My plan is to hit the labs, starting with Narbik’s SP workbook, working my way through that one. That should keep me occupied for quite a while.
Read more…

Class Based Tunnel Selection


In this post i would like to demonstrate the Class-Based Tunnel Selection feature. In class-based tunnel selection, we will select an MPLS TE tunnel based on the incomming Precedence bit in the data. For example, IP Prec 5 goes to TE Tunnel 1, whereas IP Prec 3 goes to TE Tunnel 2.
Read more…

Node protection using MPLS-TE Fast ReRoute


In this post i would like to demonstrate the concept of a well known MPLS TE (Traffic Engineering) feature, known as Fast Reroute. Fast Reroute, as the name implies, is used to create an MPLS network, that has similar convergence properties of SONET/SDH APS of about 50 ms.
Read more…

Service Provider emulation of a frame-relay network using MPLS.


One of the cool things about MPLS is its versatility. In this post i will show how its possible for a service provider to support legacy frame-relay installations without actually having any frame-relay switches. I will establish an MPLS core and show how a customer with three sites, one hub site and two spoke sites, will never even know that the core is running MPLS and not end-to-end frame-relay.
Read more…

1st Batch of books.


I have ordered the first batch of books for the CCIE SP track. They are: Traffic Engineering with MPLS Cisco IOS-XR Fundamentals MPLS-Enabled Applications: Emerging Developments and New Technologies MPLS Configuration on Cisco IOS Software I was hoping that you could get them all as eBooks, but as it turns out, i can get some of them as eBooks through Kindle and some through Cisco Press PDF’s and others i could only get as hard copies.
Read more…

The cat is out of the bag.


The cat is out of the bag. I am going for my 2nd CCIE. This time its in the Service Provider track. For a while i have felt something missing. And what is missing is a clear cut direction on what i want to learn more about in my professional life.
Read more…

Update on INE's SP track.


There’s news on INE’s Service Provider material. Updated workbooks for the SPv3 will be arriving “soon”. Hopefully that means within a month or two. If you are interested, you can read more and even get a peak into a sample lab.
Read more…

CAR – The grand-old man in policing.


Below are my findings regarding CAR. Please be advised that this is work in progress. CAR is the ancient way of doing policing. It is not configured using any of the new and fancy MQC style configuration. It is an interface-based command set.
Read more…

Odd EIGRP behavior


Update: By most examinations, this seems to be a bug. A clever guy at the Cisco support forums might offer the reason why this happens. Thanks to everyone for clearing this up! (https://supportforums.cisco.com/message/3519430) I was trying someting out the other day concerning EIGRP when i ran into an issue i still cant explain, so i would like to put it out there for scrutiny.
Read more…

Migrating notes – my documents, not the program.


I have finally decided to clean up my Routing & Switching notes and more importantly moving them from Microsoft OneNote to Microsoft Word. I know, I know, its still Microsoft, but even though OneNote has been okay for my needs, the lack of the program for Mac OS is annoying the crap out of me.
Read more…

Spanning-tree revisited


In this post i will shed some light on some spanning-tree info that has been floating around. But also an explanation why i choose a non-obvious answer to an IPexpert question. Specifically 2 things. The first one is the selection of ports and what _exactly_ selects the root port.
Read more…

NAT shows its ugly face in the IPv6 world.


Lately theres been some fuzz in the corners about the need for NAT in the new world order of IPv6. I think its a poor design choice and ill give my reason below. One of the reasons why people seem to feel like they need NAT, is accessibility to IPv4 only content.
Read more…

Thoughts on the SSL/TLS – Beast


It seems like every day, there are some vulnerability or crack announced on the geek news-outlets. For some reason, the recent publication of an exploit of a flaw in the SSL/TLS implementation in some versions, made me extra curious and it made me think a little harder about this whole security business.
Read more…