BGP Route Server on ASR1000

BGP Route Server is feature designated mostly for IX (Internet Exchange) deployment. You can find many deployment around the world mostly using open software like Quagga, but it’s also available on Cisco’s ASR1000 routers. Route server is an advanced route reflector which provide customized policy support for each service provider, which means that standard path selection can be overridden by route policies set per particular provider.
Read the rest of this entry »

BGP Origin AS Validation – IOS XE 3.5S

Just yesterday IOS XE 3.5S for ASR1000 platform has been released. One of the new features introduced for ASR1000 platform is Origin AS Validation for BGP protocol. This feature helps prevent operators from inadvertently advertising routes to networks they do not control using RPKI server to authenticate that certain BGP prefixes.
Read the rest of this entry »

EURONOG 1 presentations

EURONOG is an international meeting of experts responsible for the design, maintenance and development of ICT networks. It’s first edition took place in Kraków in September. All presentations from this meeting, including mine, are available on conference page.

End of Cisco 7200 Era

It was expected since the day ASR1000 has been announced. Now it’s a fact – ASR1000 is a grown up platform so Cisco 7200 is going to finish it’s life. If you want it in your network you have less than a year to order it.
Cisco 7200 EoS/EoL

Identyfying PPPoE transient sessions

If PPP negotiations fails (ie. due to problems with authentication or lack of account on RADIUS server) session stays in transient state for some time. You can list those session

bras# show pppoe summary
    PTA  : Locally terminated sessions
    FWDED: Forwarded sessions
    TRANS: All other sessions (in transient state)

                                TOTAL     PTA   FWDED   TRANS
TOTAL                            5678    5673       0       5
GigabitEthernet1/0/0             3863    3862       0       1
GigabitEthernet1/1/0             1815    1811       0       4

It’s possible to identify MAC address for modems that couldn’t establish sessions

bras# sh pppoe ses | i LCP
   3095  28818  000e.5499.722d  Gi1/0/0.525              1  N/A        LCP
   3548  28669  001f.a45c.7a4d  Gi1/1/0.527              1  N/A        LCP
  13370  28817  0013.3319.316d  Gi1/1/0.527              1  N/A        LCP
   6372  28813  0013.3199.751e  Gi1/1/0.527              1  N/A        LCP
   6018  28812  0019.c8a3.3d66  Gi1/1/0.1598             3  N/A        LCP

PLNOG 7 and EURONOG 1

Readers attending PLNOG and EURONOG conference this week (starting tomorrow!) I’d like to invite to my two lectures:

• L2 and L3 aspects of QoS (in polish)
• Overview of Auditing and Testing Network IPv6 Readiness (in english)

Later, on conferences sites presentations, audio and video recordings will be available for free.
PLNOG
EURONOG

Interface range vlan

Interface range command is quite widely used on Cisco switches to configure many physical interfaces at the same time. On 7600 routers it can be also used to configure many SVIs at the same time but you can use it only to configure existing SVIs within range. According to documentation this command cannot be used to create SVIs in that particular range which is not totally true.
Read the rest of this entry »

Reserved VLANs on NX-OS 5.2(1)

Internal VLANs are used for services like MPLS, FCoE, Multicast over GRE, enhancement to SPAN, etc. Some Features have special requirements like which VLAN can be reserved for them. Example of such service are Multicast VLAN which can only start with VLAN id’s that is multiple of 64.

Prior to release 5.2(1) the reserved VLAN range was 3968 to 4048, and 4094, and it was not configurable. After the upgrade user-defined VLANs might fall within the new reserved range which now range from 3968 to 4095 and is configurable. If that occurs, switch fallback to old range but the features that need the additional reserved VLANs won’t work propely. What you have to do is change range of reserved VLANs using command:

switch(config)# system vlan 2000 reserve
This will delete all configs on vlans 2000-2127. Continue anyway? (y/n) [no] y
Note: After switch reload, VLANs 2000-2127 will be reserved for internal use.
      This requires copy running-config to startup-config before
      switch reload. Creating VLANs within this range is not allowed.

Now the disadvantage if this is you have to reboot whole chassis. Simple switchover between supervisors on Nexus 7000 won’t be enough. Also, if you are using vPC if one switch is using new VLAN range and other one is still configured to use old range switches will not forward those VLANs on vPC peer-link. Hence, those VLANs will get suspended on vPC port-channel. But this should not affect any other VLANs in vPC.

Deleting a subinterface that has IPv6 EIGRP running on it and crashing IOS XE

In some cases router running IOS XE might crash or produce traceback if we try to delete logical interface (like ie. port-channel) or subinterface that runs IPv6 EIGRP. This can occur mostly on XNE or older releaseses, has been fixed in new ones. Cisco have internal bug CSCtd63242 describing this problem (might be released into public).
Read the rest of this entry »

Simple line card performance testing configuration (IOS XR)

It’s easy trick but I’m going to put it here anyway so anyone can use it and for me so I can easy find code when I need it :) This is “snake” that is made traffic from generator go through all ports on line cards and between two line cards. It’s made for testing purposes in lab environment if you need to verify performance capability of ASR9K router (or any other runnin IOS XR in this case) for customer.
Read the rest of this entry »