Sunday, August 31, 2014

CCIE Route/Switch v5 GNS3 Lab: OSPF IPv4 and IPv6 Neighbors, Network Types, and Path Selection

Hey all!

This lab covers OSPF on top of IPv4 and IPv6 to establish neighbors using different network types, tune those neighbors to converge in sub-second increments, and shows how you can use ospf interface cost to change the path OSPF selects to route packets around your network.

It's a really fun lab to build and work with, and I recommend you attempt it yourself! The solved and unsolved versions are available for download at the link below

Here's what it looks like:

You can download the lab here:

Good luck!

Thursday, August 28, 2014

CCIE Route/Switch v5 GNS3 Lab: BGP Peers, RouteReflectors, Scalability

Hey all,

This lab covers a portion of the BGP section of the CCIEv5 R/S study guide. This topology covers an OSPF topology with a BGP overlap, split into different sub-ASs inside a confederation. This allows a single route reflector to be assigned per sub-AS and relationship requirements are greatly reduced. Each sub-AS uses a different method of scalability - a method of reducing configuration lines and managing groups of neighbors at once.

Here's the topology:

Download the completed version here:


Thursday, August 21, 2014

CCIE Route/Switch v5 GNS3 Lab: EIGRP Named Instances

Hey all,

So EIGRP is a great IGP -- it's fast, flexible, and supports a ton of options to help you run your business network easily. Cisco works hard to keep that up. And in late 2012/early 2013, they introduced a mode to help make it even easier to keep EIGRP instances straight: Named Instance mode. It allows for names to be assigned which help sort purposes and keep things in order, and allows the 'old'-style of EIGRP instances to be 'nested' inside these named instances. It sounds confusing, but it's simple in practice.

I organized the lab like a problem ticket, ala the CCNP T-Shoot exam and CCIE route/switch.

The lab request: Amazon and Microsoft's Bing division need help. They are running EIGRP to connect their businesses, and need someone to configure it. One of their VPs heard about this great 'named' mode of EIGRP and wants you to do that. He has created the names for you to use, and wants your company to configure it. They don't care about leaking routes, and just want to get this working yesterday. It's your job. Go!

You can download the solved and unsolved GNS3 labs , as well as the image file for a 7200 router I used for this lab. Download that all here:

Good luck!

Wednesday, August 20, 2014

CCIE Route/Switch v5 GNS3 Lab: Routing Protocol Authentication

Hey all,

This is again a pretty straight-forward lab where I set up simple four-node IGP networks (EIGRPv4, OSPFv2, OSPFv3) and then turn on authentication between the neighbors. It's something you should definitely be doing in your own production network to obfuscate your routing updates and keep unauthorized members from joining your IGP hive-mind.

I'll do something interesting on this one (and maybe on future labs). I'll post both the completed lab, like I've been doing previously, as well as an incomplete one with basic topology setup so you can complete it yourself.

The topology follows and you can find the download links below it.

Find both the incomplete and complete download here:

Good luck!

Monday, August 18, 2014

CCIE Route/Switch v5 GNS3 Lab: Policy-Based Routing

Hey all!

This mini-lab covers PBR (Policy-Based Routing), a super-cool feature that allows different hosts or subnets to be routed to different destinations. It's a great tool when you have some hosts or services which you'd like routed out a different internet connection, or possibly through a SPAN services.

Honestly, this lab is pretty simple compared to the series I've been posting, but I find PBR so COOL I decided to make it its own post. I also stripped out my own solution, so you are free to solve this one yourself. You can find the answers by highlighting at the end of this post. Hope you enjoy!

You can download the topology here:!AliOPzHSO-GngahR8F1LsAfLZ9MTfQ

Good luck!

access-list 92 permit
access-list 95 permit
route-map PBR1 permit 10
 match ip address 92
 set ip next-hop
route-map PBR1 permit 20
 match ip address 95
 set ip next-hop

route-map PBR1 permit 30
interface FastEthernet1/0
 ip policy route-map PBR1

Sunday, August 17, 2014

CCIE Route/Switch v5 GNS3 Lab: Advanced IPv4 PIM, MSDP

This blog covers the CCIEv5 section entitled: "2.2.b Implement and troubleshoot IPv4 protocol independent multicast" as well as "2.2.c Implement and troubleshoot multicast source discovery protocol."

It covers a larger network of routers connected with the different varieties of PIM. Cisco's implementation of PIM supports the following modes:

PIM Dense Mode: This is closer to the original method of PIM, where all network locations are assumed to be part of the multicast. At a specific interval (3 minutes by default), traffic is flooded into a network segment, and the switch/router has to opt-out, and then the timer starts again. If you're watching this on a network monitor it looks like highly regular traffic spikes when multicast traffic is flooded.

PIM Sparse Mode: This version of PIM supports SSM (Source Specific Multicast) by default, and automatically routes traffic down the least costly path, directly from source to destination, instead of routing everything through the RP. It also assumes that hosts don't want to receive traffic, and clients must continually update their membership in the multicast group, or they are excluded.

PIM Sparse-Dense Mode: A mode that originated from migration scenarios from sparse to dense mode. Supports both, and upgrades to sparse mode when an RP is configured or located with auto-RP.

PIM Bidirectional Mode: This version of PIM is a mixture of sparse and dense mode oriented towards a large number of sources and destinations. It's targeted towards organizations that see great numbers of both, so many that the stability of their routers might be affected if using vanilla sparse mode.

RPs are elected automatically via Cisco's proprietary Auto-RP. This is supported on most Cisco routers, but if you're working with other types of routers or a mixed group, you can use the open source variety called BSR.

Auto RP allows PIM members to dynamically discover candidate RP nodes, instead of having them be statically configured. It allows for a more flexible network in the event of a failure or change, though not nearly as fast as an IGP - default 3 minutes failover time. Basically, there are two roles: RP Candidates, which are usually near the network or traffic flow core, and mapping nodes, which listen for RP candidates and communicate to PIM member nodes which ones to use. This allows for a distribution of tasks and processing, although both consume relatively low processing power.

BSR (Boot Strap Router): Very similar to AutoRP, except easier to configure and supported on most types of routers as an open standard. Maybe not quite as feature-riffic, but fits most use cases.

Here's my topology:

You can download it here:

Good luck!

Saturday, August 16, 2014

CCIE Route/Switch v5 GNS3 Lab: IPv6 Addressing, Subnetting, and IPv6 Multicast

This is a rather simple topology focused on different IPv6 addressing methods. There's a surprising amount of them:

EUI-64 Addressing: An addressing method for IPv6 where an engineer configures the subnet, and then tells the router to figure out its own host ID based on the local MAC address. Because of the large subnets supported by IPv6, this method of addressing is both possible, simple, and scaleable.

IPv6 Stateless AutoConfig/SLAAC: Hosts (or other router devices, if required) listen for RAs from an available router and copy the network/subnet address and add their own client address to the end (which they base on their MAC address if they can).

IPv6 Global Prefix: A shortcut on Cisco routers which allows a 'global' or 'organization' subnet to be set, which allows all local interfaces on that same router to be addresses with short-hand, instead of typing the entire address.

IPv6 Multicast Routing: Along with a new subnet range, PIM has been optimized for IPv6. It's also assumed to be on, and runs by default in sparse mode. There's very little config to set it up. Unfortunately there's no support yet for auto-rp, so route-points need to be set up manually, and each network device will need to be touched if there's ever a change. There is redundancy, though, by configuring multiple on each device - a manual but effective process.

Manual Addressing: That's not to say you can't just manually specify each octet (?) of your devices. A related thread: The groups are no longer 8 (oct-et) bit groups. Since IPv6 is based on hex, each grouping is worth 16 bits. So I guess they're.. hexakaidec-tet. But that's a really long name, so I'll continue calling it an 'octet,' unspecific as that is.

You can download the configuration here, with tasks labeled:

Good luck!

Monday, August 4, 2014

CCIE Route/Switch v5 GNS3 Lab: Multiple Default Routes

I recently discovered a secondary internet connection at our DR site. We have a private line between our sites, as well as another MPLS connection at our DR site.

I decided to built an automatic failover in case our internet or even the an entire site goes down, which is a wickedly complex problem. There is two-way redistribution between MPLS (which connects both sites) and our private link which runs EIGRP (obviously connecting both sites).

My solutions involves:
* Each gateway router running EIGRP has a default route based on a tracker. The trackers on each are a ping-check every 3 seconds to a public IP, which is forced (with a /32 static route) down a specific interface.
* Each gateway injects their default route when available into EIGRP with a route-map to set the default-route to a different value. The DR site's default-route adds 1,000,000 to the metric so no routers will use it. That number will vary based on the complexity of your company's topologies.
* Each BGP gateway router injects EIGRP routes into BGP with a route-map. That default route at our main site is set at metric 50 (remember, BGP's metric winner is lowest). The DR site prepends the local AS-number a few times to make sure it is a less desirable option than the primary MPLS site, and will only be used if the primary is down.

An internet connection failure can be simulated by shutting the loopback that's IP'd on either ISP router.

The topology requires many of the elements in our production network, so it's more complex than usual - 19 routers.

Download the files and GNS3 topology here: