Bridging the gap between CCIE RS and SP

May 14, 2010

INE ospf traffic engineering challenge

Filed under: CCIE, Mini Labs, dynagen, dynamips — 21500 @ 11:38 pm

While browsing blogs, when I should be labbing, I came across INE’s OSPF Traffic Engineering challenge. I normally ignore these because I happen to see them when they usually already expired. Well this one somehow managed to pull me in. Petr has a very valid point, most often real network challenges are fixed with the first, quick and easy solution (or future problem). I know if this was a scenario in our network, static routes would definitely be the prime candidate.

My summarized version of the answer to Petr’s challenge is to use multiple ‘logical’ interfaces or in other words multiple subinterfaces, using only loopbacks for addressing or ip unnumbered loopback, since configuring additional ip addresses were not permitted. After the subinterfaces were configured all what was left to do is then manipulating the ospf cost on the R4-R1 link to 3 and set the maximum ospf paths. The net result: 6 paths to a subnet on R1, 3 going via R1, 2 paths via R3 and 1 path via R5:

Routing entry for 100.100.100.0/24
Known via “ospf 1″, distance 110, metric 4, type intra area
Last update from 3.3.3.3 on Serial1/0.1, 00:00:01 ago
Routing Descriptor Blocks:
* 5.5.5.5, from 1.1.1.1, 00:00:01 ago, via Serial1/3
Route metric is 4, traffic share count is 1
3.3.3.3, from 1.1.1.1, 00:00:01 ago, via Serial1/0.1
Route metric is 4, traffic share count is 1
3.3.3.3, from 1.1.1.1, 00:00:01 ago, via Serial1/0.2
Route metric is 4, traffic share count is 1
1.1.1.1, from 1.1.1.1, 00:00:01 ago, via Serial1/1.2
Route metric is 4, traffic share count is 1
1.1.1.1, from 1.1.1.1, 00:00:01 ago, via Serial1/1.1
Route metric is 4, traffic share count is 1
1.1.1.1, from 1.1.1.1, 00:00:01 ago, via Serial1/1.3
Route metric is 4, traffic share count is 1

The topology from URL above:

I fumbled a quick dynamips config together.

autostart=false

####################
# http://21500.net #
####################

[localhost:7200]

[[3725]]
image = /dyn/images/C3725-adv-ent-mz.124-23.BIN
ram = 160
mmap = true
idlepc = 0×60a8141c

[[Router R1]]
model = 3725
console = 2001
S1/0 = R2 S1/0
S1/1 = R4 S1/1
S1/2 = R5 S1/2
F0/0 = LAN 1

[[Router R2]]
model = 3725
console = 2002
S1/1 = R3 S1/1

[[Router R3]]
model = 3725
console = 2003
S1/0 = R4 S1/0

[[Router R4]]
model = 3725
console = 2004
S1/3 = R5 S1/3

[[Router R5]]
model = 3725
console = 2005

Completed config files if you want to run this minilab and perhaps find some more ways to solve the riddle.

R1.txt
R2,txt
R3.txt
R4.txt
R5.txt

Update: And what do you know, the solution gets the prize :)

May 8, 2010

Dynamips/Dynagen NET files for IPX SP workbooks

Filed under: CCIE, CCIE SP, dynagen, dynamips — 21500 @ 6:17 pm

Another item to scratch from my “to do” list. I built them before the Vol2 and Vol3 merge and not sure what changed to the topologies if any. If you are using the post-merge workbook I ‘assume’ that you will need to switch between the two .net files depending on the lab.

Here they are:
Dynamips / Dynagen NET file for IPexpert SP workbook vol1 and vol3
Dynamips / Dynagen NET file for IPexpert SP workbook vol2

Note they were built on linux, which gave me the best results, therefore to use them on MS, you’ll need to edit the file and change the directories e.g /dyn/images/ to c:\dyn\images\

Please leave a comment if you find a bug.

May 5, 2010

SP lab Switching vs Dynamips

Filed under: CCIE SP, dynagen, dynamips — 21500 @ 6:45 pm

Just a short post regarding the above, should have posted this long ago.

I often get the question or see someone asking this on the forums. “How much switching is required in the SP lab?” or “Can I prepare using only dynamips?”. The short answer is you can rely 100% on dynamips for SP preparation. If you are not comfortable with just using dynamips, you can use the breakout switch method. Although this is overkill for SP it is a nice setup for RS. I ditched the real switches in favor for the dynamips switch modules due to the noise factor.

Another thing to note is that L2 switching is pretty much completely preconfigured. See page 11 of the attached Preparing-SP-lab-part1 22Dec08 d-3927.pdf on the cisco learning network page https://learningnetwork.cisco.com/docs/DOC-3927 to get further details.

June 25, 2009

IPexpert volume 3 Review 1

Filed under: CCIE SP, dynagen, dynamips — 21500 @ 9:59 pm

I started full scale labs with the IPX vol 3 labs 1 – 4. I am roughly following Ed and Zay’s recommendation, which is to do IPX vol 3 labs before INE vol 2 labs and then lastly do IPX vol 2. This is because the IPX vol3 is actually just IPX vol1 labs 26 – 30 branded as IPX vol3. Therefore they fit like a glove after completing IPX vol 1:

IPX v3 Lab 1: If you are preparing for the new version 4 RS lab, this lab will be perfect for the new RS blueprint. This is a real easy lab, so get it done early in preparation. For the SP labs it is a good warm up.

IPX v3 Lab 2 – 4: Labs get progressively harder. While lab 1 took 4 hours to complete, lab 4 took 10+ to thoroughly work through.

IPX v3 Lab 5: I skipped this lab according to the recommendation. I will do this lab somewhere at the end. Therefore I can not yet comment on this lab.

Overall labs 1 – 4 are good intermediate labs. I definitely agree with Zay and Ed that these are the labs to start with when moving over to full scale labs. Most of the sections could be done on dynamips, except for things like turning off DTP and switchport security. I have not felt a real need for real switches during these labs. Lab 4 has a qinq scenario linked to a l2tpv3 tunnel that I could not quite do but worked around the qinq limitation by configuring a trunk and l2tp tunnels for each vlan.

I hope to do all the labs at least twice before September, but on the second run I will probably skip lab 1. Not much of a review, hope to add some meaningful insights in round 2

June 16, 2009

BGP dmzlink-bw Unequal-cost load-balance

Filed under: CCIE, CCIE SP, Mini Labs, dynagen, dynamips — 21500 @ 9:37 pm

A few months back I made a post regarding the dmzlink-bw feature. Since the post is relatively simple and receive hits daily I decided to make a practical example and post the dynamips/dynagen minilab files. First things first, it is important to know what the feature does. In very brief terms it is a feature that will propagate the link bandwidth of the external links (ebgp) to the ibgp peers via an extended community. What this does is make it possible for the ibgp peers to load balance traffic out the AS in a ratio based on the external link bandwidth value. Imagine a network that reach the limit of fiber or atm links or possibly a scenario where a device run out of routing capacity. In these situations dmzlink-bw could be helpful to load balance traffic out in the ratio based on the configured bandwidth of the external links.

The configuration is straight forward:
1) Enable the feature on the devices that need to consider the bandwidth value (CE1,CE2,C):

bgp dmzlink-bw

2) Enable the feature on the external peer neighbor statements (CE1,CE2):

neighbor ebgp-peer-ip dmzlink-bw

3) Send the extended community to the ibgp peers that need to consider the bandwidth value (CE1,CE2):

neighbor ibgp-peer-ip send-community extended

4) Enable bgp multipath where necessary (CE2,C)

maximum-paths ibgp 2

dmzIn the example I used the SP terms PE,P and CE, but in all practicality it could be any two routing domains with multiple links between them.

  • The three links between the two domains are 100mb, 30mb, 120mb.
  • P, PE1, PE2 are in AS 5
  • C, CE1 and CE2 are in AS 2
  • AS 2 want to make use of unequal load balance to send traffic to AS 5
  • CE1, CE2 and C are configured for bgp dmzlink-bw
  • CE2 is configured to accept two paths.
  • C is configured to accept two paths.
  • CE1 and CE2 send extended communities to C
  • CE2 uses the link bandwidth to load balance over 120mb and 30mb pipes in the ratio 4:1
  • CE2 sends the total bandwidth of the two links to C
  • C use a ratio of 3:2 between CE1 and CE2

The dynagen .net file zipped with the configuration stored in the nvram files can be downloaded here bgp-dmz.zip. AS2 has been preconfigure to do unequal cost load balancing to AS5. The objective of this mini lab is to configure AS5 to unequal cost load balance to AS2. To keep it simple, load balance only to the loopback address on router C.

A quick video to briefly run through the configuration and verification:

May 19, 2009

Initial thoughts on AMSoares scenarios

Filed under: CCIE SP, Mini Labs, dynagen, dynamips — 21500 @ 2:43 pm

I have started with the scenarios, so far so good. I would rather call them practical configuration examples and the best way to use them is probably debatable. Currently I load the configuration example, read the documentation, break it, fix it and then try alternative options.

Word of advice: The net files are setup for Windows, it will take a while to convert them to linux unless you don’t use something like perl or sed to run through and change the strings. Try to get the net files ready early in prep. I used the source of the mini scenario page to get a list of all the .zip files to download. Below is a script that might be useful in changing the .net files. Once the strings are changed, its a matter of point and shoot

#!/bin/bash

### Change directory to where you downloaded the net files
cd /dyn/ams/
### Create a list of net files
list=`find | grep .net | grep -v netflow`
for dir in $list
do
### Change the windows directory structure to linux
sed ’s/g:\\_CCIE\\Emulator\\Dynamips\\images\\c7200-p\.120-32\.S9\.bin/\/dyn\/images\/C7200-p-mz\.120-33\.S3\.bin/g’ < $dir > tmp.file

### Change an idlepc value
# sed ’s/0×60a600a8/0×623bbedc/g’ < $dir > tmp.file

### Move the temp file to the original
mv tmp.file $dir
done

May 12, 2009

Ipexpert SP Volume 1 Review

Filed under: CCIE SP, dynagen, dynamips — 21500 @ 2:37 pm

I managed to complete volume 1 of the Ipexpert SP series. The workbook consists of 25 sections of which I were able to do 24 on dynamips. The other section I could not do due to my dynamips labs still running the 16 port module at that point. It is a minor as it was basically some vlans, spanning tree and port channels.

My first impression was that the book will be full of mistakes and generally rough around the edges. After the first few labs it was not all that bad. To be honest the labs are quite good. What I like about these Volume 1 scenarios is that the ip addressing is the same throughout the workbook. This make it easier to get to the meat of the section without wasting too much time learning the topology. The proctor guide is really good as well. Some more verification and explanation wont hurt.

On the negative side the dynamips files supplied by IPexpert dont work for this workbook. A lot of time was spent creating a working dynagen .net file. There are also no initial configs for the dynamips topology meaning before every lab you have to create initial configs. This chews away at your quantity:quality ratio. I will explain: This workbook took 50hours to complete. Had the initial configs been available it would have taken 40hours.

To summarize: after the first two or three labs I had very low expectations, but later on the quality really improved and I plan to do this workbook again before starting full labs.

May 7, 2009

Dynamips to real switches with QinQ support

Filed under: CCIE, CCIE SP, dynagen, dynamips — Tags: , , — 21500 @ 3:41 pm

There is an unbelievable amount of junk on the net that can send one in all the wrong directions. When it comes to dynamips it is no different and it seems everyone has a different opinion on what works and what does not. It probably depends on the OS dynamips runs on and the alignment of the moon and the stars. For me the best solution thus far was to run Dynamips on Ubuntu Linux server edition. The reasons for this is due to the 100Mb memory Ubuntu server consumes to run the OS as well as the stability and responsiveness of Dynamips on linux. It has worked well.

To break out to real switches I started with the multiple USB adapter approach. Basically you map each USB to Ethernet adapter to a router ethernet port in the dynagen net file. Sounds simple, and while it is, the USB approach for me turned out to be unreliable. It would work, then it would not. This plus the hassle with using USB adapters from different vendors and drivers just becomes messy.

After more research I tried the “switch in the middle” method. This is by far the easiest, quickest, cleanest and most reliable route:

Overview:
So you are probably already using dynamips to run the routers. To break out the first thing is to create a trunk between your linux server and a breakout switch. Then create a bunch of vlans on the linux server. One for every port that will connect to real switches e.g. if R2 needs to connect to the real switches with Fa0/0 and Fa0/1, create two vlans for this router. In the dynagen net file map each ethernet port to the vlan ’sub interfaces’ which were created when the vlans were created. Create the same vlans on the breakout switch that were created on the server. Assign each access port that will link to the real switches into a different vlan. Each access port on the breakout switch now represents a router port e.g. fa0/6 in vlan 106 on the breakout switch represents router R6 fa0/0 interface which connects to Sw2 fa0/6.

Requirements:
1) A second network card
2) The vconfig utility.

apt-get install vlan

3) Kernel that will support Dot1q

modprobe 8021q

4) A breakout switch. Try to stick with a Cisco switch.
5) If you want to support QinQ / dot1q-tunnel, the breakout switch needs to support QinQ tunneling

Steps:
1) Create a trunk between your linux server and another switch that will become the switch in the middle or breakout switch.
2) Create the required vlans on the server. Or use the following script to do steps 1 and 2.

#!/bin/bash
#############
# vlansetup.sh
# http://21500.net
#############

#### Enable Dot1q support
modprobe 8021q

#### Set the ethernet MTU
ifconfig eth1 mtu 1536

#### Create the Vlans
vconfig add eth1 101
vconfig add eth1 102
vconfig add eth1 103
vconfig add eth1 104
vconfig add eth1 105
vconfig add eth1 106
vconfig add eth1 107
vconfig add eth1 108
vconfig add eth1 109
vconfig add eth1 110
vconfig add eth1 111
vconfig add eth1 112
vconfig add eth1 113
vconfig add eth1 114
vconfig add eth1 115
vconfig add eth1 116
vconfig add eth1 117
vconfig add eth1 118
vconfig add eth1 119
vconfig add eth1 120
vconfig add eth1 121
vconfig add eth1 122
vconfig add eth1 123

#### Bounce the interface
ifconfig eth1 down
ifconfig eth1 up

3) Configure the trunk on the breakout switch

interface fastethernet 0/24
switchport trunk encapsulation dot1q
switchport mode trunk

4) Assign the Access ports their vlans

!
interface fastethernet 0/1
switchport access vlan 101
switchport mode access
!
interface fastethernet 0/2
switchport access vlan 102
switchport mode access
!
interface fastethernet 0/3
switchport access vlan 103
switchport mode access
!
interface fastethernet 0/4
switchport access vlan 104
switchport mode access
! …
! …
! …
interface fastethernet 0/23
switchport access vlan 123
switchport mode access
!

5) If you want to support QinQ and CDP between the virtual routers and the real switchs, your breakout switch needs to support QinQ. Enable a dot1q tunnel on each interface.

interface range fastethernet 0/1 – 23
switchport mode dot1q-tunnel
l2protocol-tunnel cdp

6) Map the ports in the dynagen .net file

[[ROUTER R1]]
f0/0 = NIO_linux_eth:eth1.101
f0/1 = NIO_linux_eth:eth1.103
[[ROUTER R2]]
f1/0 = NIO_linux_eth:eth1.102

7) Connect the switches to the breakout switch with crossover cables. In this example Port fa0/1 on the breakout switch represents Fa0/0 on R1 and connects to Sw1 Fa0/1.

R1 Fa0/0 -> BSw Fa0/1 -> SW1 Fa0/1
R2 Fa1/0 -> BSw Fa0/2 -> SW1 Fa0/2
R1 Fa0/1 -> BSw Fa0/3 -> SW2 Fa0/1

Once I got this working I found that someone already did the hard work. Wish I saw this much earlier. The only difference between the two methods is that I used one breakout switch while MrPaul’s method uses the Dynamips switches and the breakout switch.

HOWTO Connect Real Switches Using One NIC & QinQ

This is the image MrPaul made:

Breakout Switch

April 21, 2009

The beast that is dynamips

Filed under: CCIE SP, dynagen, dynamips — 21500 @ 10:30 am

Oh my word this application is so frustrating. A week into prep and I am still stuffing around with the emulator, begging it to do what I want it to do. The thought of actually giving up on SP due to the issues have crossed my mind. The gns3 files provided by Ipexpert is just not on par and riddled with mistakes. If you are planning on using dynamips for Ipexpert studies, keep an eye on the blog as I will post my dynagen files when im confident everything works.  The more sections I complete the more mistakes are ironed out of the dynagen files, therefore soon I will have a working setup. Still awaiting delivery of more 3550’s switches. I want to try the alternative method of bridging out dynamips to real switches. I will attempt to trunk between dynamips and 2950’s and then patch the access ports from the 2950’s into the 3550’s. The multiple usb ethernet adapters have been a bit of a mess, so lets see where this takes me. Worse case will be q-in-q tunneling will not work, but Im not really concerned about loosing this functionality. At the moment Im more concerned with getting a functional and stable dynamips setup.

Update: A year later… well I got used the beast and we became friends. I rebuilt the configs and posted them on http://21500.net/?p=958 about a year to late.

January 26, 2009

Dynamips vs Rack Rental vs Home lab

Filed under: CCIE, CCIE SP, dynagen, dynamips — Tags: , — 21500 @ 7:15 pm

When I set up my initial rack for RS with real switches and routers, I spent over 40 hours cabling, rack mounting and installing IOS’s on the devices. Configuring remote access and troubleshooting the odd anomaly took a few more hours. This might not sound like much but in real terms this took me a whole month. While the home rack is the ultimate tool to use for ccie lab prep it does take up time setting up. My main motivation for going for the live rack was my lack of faith in the other options. The fact that the live rack is always available is what makes the home/live rack the ultimate choice. If you have a $10000 budget for lab equipment, this is the option. Even if you sell at a 10% loss, it is still a good deal.

Personally I think rack rental is the fastest and easiest way to prepare for the lab. Obviously if you use many hours on the rack it can become an expensive exercise. 600 hours on rack rental could set you back as much as $3000. The pros of using rack rental is that your setup time is almost zero and if you run into any hardware issues, it is not your problem. The cons are that you can not use it when you want to and have to use it when dont want to.

Dynamips on the other hand, is flexible like a home rack. The major drawback, is that it takes many hours to get the hang of. To give an example, I burnt two days setting up the Ipexpert SP topologies. If you have very limited time to prepare for the lab and have not worked extensively with dynamips, I would say give it a pass. Not that this option should not be explored, it is definitely a fantastic tool, but it does have its cons. If you have ample time to first learn the app and maybe an operating system then it is a winner.

Some comments from a ccie candidate starting to prepare for his lab date due in less than three months time:

Jay says (11:49 AM):
battling with this frame relay switch grrr
Antonie – Work says (11:55 AM):
hehe, the dynamips built in frame switch?
Jay says (11:56 AM):
yes

Almost three hours later

Jay says (02:39 PM):
ok i got dynagen going but I have 2 questsions!
Antonie – Work says (02:39 PM):
shoot, will try to help if i can
Jay says (02:39 PM):
first..i watched the IE vid on it..and they use the extracted IOS but i cant seem to get the extracted version to work only the IOS in its downloaded form boots
Jay says (02:40 PM):
i tried two diff IOS’s same thing
Antonie – Work says (02:41 PM):
i’ve used winrar and on linux unzip
Antonie – Work says (02:41 PM):
ok, so it takes long to boot :)
Jay says (02:42 PM):
I guess that cant be help ;/
Antonie – Work says (02:48 PM):
are u running MS or linux?
Jay says (02:49 PM):
this is on ms at the mo..should be getting another copy of linux on the weekend to try give that an install
Jay says (02:50 PM):
hope it wont take to long to get used to it
Jay says (03:42 PM):
such a nightmare of a program .downloaded IOS from cisco they dont want to load zipped or unzipped..can only seem to get one ios to work..and for some reason when i have a terminal window open i cant type in dynagen so I cant calculate the idle pc…about to throw my pc against the wall lol
Antonie – Work says (03:44 PM):
lol
Jay says (03:50 PM):
its tough so many issues spend more time on the trouble shooting forums then anything today

Powered by WordPress