It is finally out !
The v5.0 of the CCIE exam is here. There are lot of exciting new features to learn It will be great. In a first lecture, you can see these new things :
- EPC (Embedded Packet Capture)
- difference between IOS and IOS XE
The things which are removed :
The Lab is now in three parts :
- TS : as always troubleshooting on virtual equipments (1h30 through 2h (30 minutes shared with CONF))
- DIAG : closed-ended troubleshooting questions (30 minutes)
- CONF : configure the lab (5h30 through 6h (30 minutes shared with TS))
More to read about CCIE RS v5.0 :
Let’s go ! Written is planned to july/august 2014 and Lab in november 2015. Ok. It is said. My plan is on the internet. You are now aware of it and I must follow it !
décembre 4th, 2013 in
If you search why your rules are applied by PPTP VPN sessions are not albe to established with an error 619 (on windows plateform) :
ASA# conf t
ASA(config)# policy-map global_policy
ASA(config)# (config-pmap)# class inspection_default
ASA(config)# inspect pptp
ASA(config)# access-list outbound extended permit gre any any
ASA(config)# access-list outbound extended permit tcp any any eq pptp
ASA(config)# access-group outbound in interface inside
novembre 27th, 2013 in
For those of us like me who are working towards CCIE, you are certainly aware of the fact that CCIE v4 will be raised to v5. For INE.com, it seems that Frame-Relay (replaced by DMVPN), and some other features will be replaced.
I am studying really for fun now : I am studying Frame-Relay now
novembre 4th, 2013 in
This a question which I ask for a long time : is this e Cisco CEF equivalent on Redback router ?
A friend gives me the answer :
[VRF_FOOBAR]75TOTO-SE400-01#sh ip route 172.16.116.98
Longest match Routing entry for 172.16.116.98/32 is 172.16.116.98/32 , version 20
Route Uptime 38w6d
Paths: total 1, best path count 1
Route has been downloaded to following slots
Path information :
Active path :
Known via adjacency, type-hidden route, distance 254, metric 0,
Tag 0, Next-hop 172.16.116.98, NH-ID 0x3450014E, Adj ID: 0x160, Interface 1/5.13717
You can see there that the packet will live the router by port 1/5. You can confirm this by :
[VRF_FOOBAR]75TOTO-SE400-01#show card all fib 172.16.116.98
Prefix Next Hop Interface Next Hop Grid
172.16.116.98/32 172.16.116.98 1/5.13717 0x3450014e
Now, you can see as « sh ip cef … adjacency » :
[VRF_FOOBAR]75TOTO-SE400-01#sh card 1 adjacency | begin 0x3450014e
Encap type dot1q, function ether_dot1q_adj_ip_resolved
e05fb9a6 693c0030 88147df0 81000e85 encap_len 18
05fb9a6 693c : destination MAC address
0030 88147df0 : source MAC address
8100 : ethernet encapsulation
0e85 : vlan ID : here 3717
18 : length
For VLAN ID here :
1/5 vlan-id 3717 Up dot1q interface 1/5.13717@VRF_FOOBAR
To make a point :
./configure && make
septembre 30th, 2013 in
This is for me a new concept I don’t have any see anymore. I only imagine inter-vlan routing by L3 switch or router on a stick.
But you can make this kind of architecture :
In this case : as the request is originated from S1 (who has RA as gateway) to S2.
- RA acts as router : MAC src = RA ; MAC dsst = S2 in vlan 2
- S2 sends to his gateway which this time is RB
- RB sends packet tthrough SB which has not MAC address of S1 in his CAM for vlan 1
- So it acts in normal way : IT FLOODS !
You can have other ways where you can see unicast flooding :
- Spanning-Tree TCN changes
- Forwarding CAM table overflow
You can protect your LAN by using ‘Unicast Flooding protection’
From 12.1(14)E version it is implemented : ‘unicast flood protection‘
To check : ‘sh mac-address-table unicast-flood‘.
septembre 30th, 2013 in
Finally a good explanation of what DF bit does
Thanks to ipspace, it makes me smile
septembre 9th, 2013 in
How to make the path through R2 to 188.8.131.52 prefered over throught R3 ???
septembre 4th, 2013 in
I have already make tiny lab with xconnect, but my curiosity has been recently exacerbated so that I can see exactly how it works…
What occurs behind the scene when you press ENTER (the reflexive command has already been pushed on R4) ?
R6(config-if)# xconnect 184.108.40.206 1111 encapsulation mpls
You can see on R4 :
R4#debug mpls ldp targeted-neighbors
LDP Directed Adjacency changes debugging is on
R4#debug mpls ldp transport connections
LDP transport connection events debugging is on
R4#debug mpls ldp transport events
LDP transport events debugging is on
*Aug 17 22:22:17.663: ldp: Peer LDP Id set to 220.127.116.11:0 for trgt 18.104.22.168, lcl addr = 22.214.171.124
*Aug 17 22:22:17.667: ldp: Rcvd ldp dir hello to 126.96.36.199 from 188.8.131.52 (184.108.40.206:0); FastEthernet0/1; opt 0xF
*Aug 17 22:22:17.671: ldp: ldp Hello from 220.127.116.11 (18.104.22.168:0) to 22.214.171.124, opt 0xF
*Aug 17 22:22:17.671: ldp: New directed adjacency 0x67A32E68 to 126.96.36.199 from 188.8.131.52 (184.108.40.206:0)
*Aug 17 22:22:17.675: ldp: Immediately request dhcb send hello back from 220.127.116.11 to 18.104.22.168
*Aug 17 22:22:17.675: ldp: local idb = targeted, holdtime = 90000, peer 22.214.171.124 holdtime = 90000
*Aug 17 22:22:17.675: ldp: dhcb intvl mbr cnt = 1, intvl = 10000, target = 126.96.36.199
*Aug 17 22:22:17.679: ldp: Opening listen port 646 for 188.8.131.52, 184.108.40.206
*Aug 17 22:22:17.683: ldp: No MD5 password protection for peer 220.127.116.11:0
*Aug 17 22:22:17.683: ldp: Registered TCB with LDP TCB database tcb 0x66BB49A0 [key
R4# 1779], total 2
*Aug 17 22:22:17.683: ldp: Open LDP listen TCB 0x66BB49A0; lport = 646; fhost = 18.104.22.168; with normal priority
*Aug 17 22:22:17.683: ldp: Add listen TCB to list; tcb 0x66BB49A0 [key 1779]; addr 22.214.171.124
*Aug 17 22:22:17.683: ldp: Send ldp dir hello; no idb, src/dst 126.96.36.199/188.8.131.52, inst_id 0
*Aug 17 22:22:18.027: ldp: Rcvd ldp dir hello to 184.108.40.206 from 220.127.116.11 (18.104.22.168:0); FastEthernet0/1; opt 0xF
*Aug 17 22:22:18.027: ldp: ldp Hello from 22.214.171.124 (126.96.36.199:0) to 188.8.131.52, opt 0xF
*Aug 17 22:22:18.027: ldp: local idb = targeted, holdtime = 90000, peer 184.108.40.206 holdtime = 90000
*Aug 17 22:22:18.027: ldp: dhcb intvl mbr cnt = 1, intvl = 10000, target = 220.127.116.11
*Aug 17 22:22:18.043: ldp: Registered TCB with LDP TCB database tcb 0x66BB4FDC [key 1780], total 3
*Aug 17 22:22:18.047: ldp: Incoming ldp conn 18.104.22.168:646 22.214.171.124:38742; with normal priority
*Aug 17 22:22:18.051: ldp: Found adj 0x67A32E68 for 126.96.36.199 (Hello xport addr opt)
*Aug 17 22:22:18.051: ldp: New t
R4#emporary adj 0x66BB5618 from 188.8.131.52
*Aug 17 22:22:18.055: ldp: Real adj 0x67A32E68 bound to 184.108.40.206:0, replacing temp adj 0x66BB5618
*Aug 17 22:22:18.059: ldp: Adj 0x66BB5618; state set to closed
*Aug 17 22:22:18.183: ldp: Data received!
*Aug 17 22:22:18.187: ldp: : peer 220.127.116.11:0 down reason reset to None
*Aug 17 22:22:18.187: %LDP-5-NBRCHG: LDP Neighbor 18.104.22.168:0 (2) is UP
*Aug 17 22:22:18.191: ldp-trgtnbr: 22.214.171.124 Received address addition notif start; flags 0x13
*Aug 17 22:22:18.195: ldp-trgtnbr: 126.96.36.199 Set peer start; flags 0x13
*Aug 17 22:22:18.195: ldp-trgtnbr: 188.8.131.52 Set peer finished; flags 0x1F
*Aug 17 22:22:18.195: ldp-trgtnbr: 184.108.40.206 Received address addition notif finish; flags 0x1
One LDP targeted session is build to establish the xconnect session. This targeted session is possible thanks to IGP (here OSPF).
You could read the pcap beetween R6 and R3 I have recorded. Really interesting.
You can see the double MPLS tag, one for the xconnect P2P link established with R4 for the VC-ID 1111 and one to route the label through the MPLS cloud.
I hope this can help someone. For my part, I have had fun to do this tiny lab.