BGP

1. BGP Protocol

  • RFC 4271
  • classless
  • path vector – uses attributes to identify the best path (very slow)
  • supports VLSM and Summarization
  • it’s an application(layer 7) that uses TCP port 179
  • uses AS numbers as boundaries
    • Public AS (1-64511) –  Only public autonomous system numbers should be sent to eBGP neighbors on the Internet
    • Private AS (64512-65535)
//use this command to  to remove private AS numbers from the AS-Path attribute; is available only for eBGP neighbors.
neighbor {ip-address | peer-group-name} remove-private-as [all
[replace-as]]

2. BGP Messages

After the TCP connection is established the following messages are exchanged:

Read More »

Network Path Control

1. CEF Switching

Each of the many processes of a router or switch can be assigned to one of three conceptual planes of operation:

  • Forwarding Plane – Moves packets from input to output
  • Control Plane – Determines how packets should be forwarded
  • Management Plane – Methods of configuring the control plane (CLI, SNMP, etc.)

There are 2 types of switching: circuit switching used in the telephone networks, packet switching means the message is broken into packets that can travel through different routes to the destination. Types of packet switching:

  • Process switching: This switching method is the slowest of the three methods.
    Every packet is examined by the CPU in the control plane and all forwarding decisions are made in software.
  • Fast switching: This switching method is faster than process switching. With fast
    switching, the initial packet of a traffic flow is process switched. This means that it
    is examined by the CPU and the forwarding decision is made in software. However,
    the forwarding decision is also stored in the data plane hardware fast-switching
    cache. When subsequent frames in the flow arrive, the destination is found in the
    hardware fast-switching cache and the frames are then forwarded without interrupting the CPU.
  • Cisco Express Forwarding: This switching method is the fastest switching mode
    and is less CPU-intensive than fast switching and process switching. The control
    plane CPU of a CEF-enabled router creates two hardware-based tables called the
    Forwarding Information Base (FIB) table and an adjacency table using Layer 3 and 2
    tables including the routing and Address Resolution Protocol (ARP) tables. When a
    network has converged, the FIB and adjacency tables contain all the information a
    router would have to consider when forwarding a packet.

Read More »

Route Filtering

1. Distribute List with ACL

Options in the distribute-list command allow updates to be filtered based on three factors:

  • Incoming interface
distribute-list [access-list-number | name] in [interface-type interface-number]
  • Outgoing interface
distribute-list [access-list-number | name] out [interface-type interface-number | routing process | autonomous-system-number]
  • Redistribution from another routing protocol
R(config)# ip access-list standard ROUTE-FILTER 
R(config-std-nacl)# permit 10.10.11.0 0.0.0.255 
R(config-std-nacl)# permit 10.10.12.0 0.0.0.255 
R(config-std-nacl)# exit 
R(config)# router ospf 10 
R(config-router)# redistribute eigrp 100 metric 40 subnets 
R(config-router)# distribute-list ROUTE-FILTER out eigrp 100

Read More »

DHCP Snooping prevention

To deny access to rogue DHCP servers into your network you need to configure DHCP Snooping on a Cisco switch. DHCP Snooping must be enabled on the interface to the DHCP Server.

S1(config)# ip dhcp snooping
S1(config)# interface fa0/1
S1(config-if)# ip dhcp snooping trust
S1(config-if)# ip dhcp snooping vlan 1,3,4

Reset forgotten password on Cisco device

In case you cannot remember the password for your Cisco device you need to follow the next steps to be able to get pass the user/privileged mode:

1. Reboot your device
2. Ctrl+Break in the first 60 seconds.
3. ROMMON1> confreg 0x2142
4. ROMMON2> reset
5. After the router reboots you should not be prompted for a password. #show running-config is empty.
6. #copy start run
7. After you have copied the startup-config into the running-config you need to change the passwords.
8. #copy run start
9. (config)# config-register 0x2102

MPLS configuration

In order to create a functional MPLS based network you need to make sure of 2 things:

1) Your network is routing information properly. You can use interior gateway protocols or static routes.

2)You have enabled the forwarding table (CEF).

3)Configure a loopback interface for each router.

Configuration

//Router R1
R1(config)#ip cef
R1(config)#no mpls ip
R1(config)#mpls label range 100 199     //this is not necessary
R1(config)#mpls ip
R1(config)#mpls ldp router-id loopback0 force     //you need to configure a loopback interface on each router
R1(config)#interface fa0/1
R1(config-if)#mpls ip

//Router R2
R1(config)#ip cef
R1(config)#no mpls ip
R1(config)#mpls label range 200 299
R1(config)#mpls ip
R1(config)#mpls ldp router-id loopback0 force
R1(config)#interface fa0/1
R1(config-if)#mpls ip
R1(config)#interface fa0/0
R1(config-if)#mpls ip

//Router R3
R1(config)#ip cef
R1(config)#no mpls ip
R1(config)#mpls label range 300 399
R1(config)#mpls ip
R1(config)#mpls ldp router-id loopback0 force
R1(config)#interface fa0/0
R1(config-if)#mpls ip