How to configure BGP multipath with RR

2018-10-29

The idea is to receive more than one path – i.e the best path calculate by the RR)

All routers are connected to the RR.

Extract of the configuration on the RR

router bgp 65000
bgp router-id 10.1.1.1
bgp log-neighbor-changes
bgp additional-paths select best 2
bgp additional-paths send
neighbor IBGP peer-group
neighbor IBGP remote-as 65000
neighbor IBGP update-source Loopback0
neighbor IBGP route-reflector-client
neighbor IBGP advertise additional-paths best 2
maximum-paths ibgp 2

The RR accepts two paths, and advertise additional paths on the same session.

Extract on one bgp client

router bgp 65000
bgp router-id 10.1.1.2
bgp log-neighbor-changes
neighbor 10.1.1.1 remote-as 65000
neighbor 10.1.1.1 update-source Loopback0
neighbor 10.1.1.1 next-hop-self
neighbor 10.1.1.1 additional-paths receive
maximum-paths ibgp 2

The client supports two paths and could receive more than one path from the same neighbor.

More information:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/iproute_bgp/configuration/xe-16/irg-xe-16-book/bgp-additional-paths.html

How to lookup your OSPF Router-ID

2018-04-21

By default ospf display Router-ID like IP address.

It’s possible to change this behavior and replace by a name.

Before:

R1#sh ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface
10.0.31.31 0 FULL/ - 00:00:39 10.0.99.2 Ethernet0/1
10.0.130.130 0 FULL/ - 00:00:36 10.0.10.2 Ethernet0/2

After:

ip host R3 10.0.130.130
ip host R2 10.0.31.31


ip ospf name-lookup

R1#sh ip ospf neighbor

Neighbor ID Pri State Dead Time Address Interface
R2 0 FULL/ - 00:00:38 10.0.99.2 Ethernet0/1
R3 0 FULL/ - 00:00:36 10.0.10.2 Ethernet0/2

Of course, fix the router-id.

How to configure PPPoE with CHAP

2018-04-21

Client:

interface Ethernet0/0
 no ip address
 ip virtual-reassembly in
 pppoe enable
 pppoe-client dial-pool-number 1
end

!
interface Dialer1
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 ppp chap hostname User1
 ppp chap password 0 Password1
 ppp ipcp route default     << To install default route
end

Server:

username User1 password 0 Password1
!
!
bba-group pppoe Group10
 virtual-template 10


interface Virtual-Template10
 ip unnumbered Loopback0
 ip mtu 1492
 peer default ip address pool Pool10
 ppp authentication chap

interface Ethernet0/2
 ip address 10.0.0.1 255.255.255.252
 pppoe enable group Group10


ip local pool Pool10 10.0.0.2

Verification:

client#sh ip int brief
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 unassigned YES manual up up
<..>
Ethernet1/3 unassigned YES TFTP administratively down down
Dialer1 10.0.0.2 YES IPCP up up
NVI0 unassigned NO unset up up
Virtual-Access1 unassigned YES unset up up

server# sh ppp all
Interface/ID OPEN+ Nego* Fail- Stage Peer Address Peer Name
------------ --------------------- -------- --------------- --------------------
Vi2.1 LCP+ CHAP+ IPCP+ LocalT 10.0.0.2 User1

server# sh subscriber session brief
Current Subscriber Information: Total sessions 1

Uniq ID Interface State Up-time Identifier
6 Vi2.1 authen 00:12:49 User1

How to resolve ssh issue on Cisco ASA

2018-04-04

Tested in version 9.6(1)

~# ssh admin@x.x.x.x
Unable to negotiate with x.x.x.x port 22: no matching key exchange method fouer: diffie-hellman-group1-sha1

First method:

 # ssh -oKexAlgorithms=+diffie-hellman-group1-sha1 admin@x.x.x.x
admin@x.x.x.x's password:
Type help or '?' for a list of available commands.
ASA1/act/pri>

Second method:

ASA1/act/pri(config)# ssh key-exchange group ?

configure mode commands/options:
 dh-group1-sha1 Diffie-Hellman group 2
 dh-group14-sha1 Diffie-Hellman group 14

ASA1/act/pri(config)# ssh key-exchange group dh-group14

ASA1/act/pri(config)# wr

Disconnect and reconnect:

# ssh admin@x.x.x.x
admin@x.x.x.x's password:
Type help or '?' for a list of available commands.
ASA1/act/pri> en

DMVPN Phase 3 – Multicast with source and receiver on spokes

2017-08-25

Assumption :

PIM open standard (rp-candidate + bsr-candidate), PIM SM
RP is connected behind the HUB. (10.15.15.15)
The source is connected to the Spoke 1.
The receiver is connected to the spoke 2

HUB configuration :

ip multicast-routing
!
interface Tunnel0
 bandwidth 1000
 ip address 10.0.1.1 255.255.255.248
 no ip redirects
 ip mtu 1400
 ip pim nbma-mode
 ip pim sparse-mode
 ip nhrp authentication key
 ip nhrp map multicast dynamic
 ip nhrp network-id 12345
 ip nhrp holdtime 300
 ip nhrp redirect
 ip tcp adjust-mss 1360
 delay 1000
 tunnel source Ethernet0/0
 tunnel mode gre multipoint
 tunnel protection ipsec profile PROFILE

Spoke 1 configuration :

ip multicast-routing
!
ip pim spt-threshold infinity
!
interface Tunnel0
 bandwidth 1000
 ip address 10.0.1.2 255.255.255.248
 no ip redirects
 ip mtu 1400
 ip pim sparse-mode
 ip nhrp authentication key
 ip nhrp map multicast 172.16.0.1
 ip nhrp map 10.0.1.1 172.16.0.1
 ip nhrp network-id 12345
 ip nhrp holdtime 300
 ip nhrp nhs 10.0.1.1 
 ip nhrp shortcut
 ip tcp adjust-mss 1360
 delay 1000
 tunnel source Serial1/0
 tunnel mode gre multipoint
 tunnel protection ipsec profile PROFILE

Spoke 2 configuration :

ip multicast-routing
!
ip pim spt-threshold infinity
!
interface Tunnel0
 bandwidth 1000
 ip address 10.0.1.3 255.255.255.248
 no ip redirects
 ip mtu 1400
 ip pim sparse-mode
 ip nhrp authentication key
 ip nhrp map multicast 172.16.0.1
 ip nhrp map 10.0.1.1 172.16.0.1
 ip nhrp network-id 12345
 ip nhrp holdtime 300
 ip nhrp nhs 10.0.1.1
 ip nhrp shortcut
 ip tcp adjust-mss 1380
 delay 1000
 tunnel source Serial1/0
 tunnel mode gre multipoint
 tunnel protection ipsec profile PROFILE

Tshoot

IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
 L - Local, P - Pruned, R - RP-bit set, F - Register flag,
 T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,
 X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
 U - URD, I - Received Source Specific Host Report,
 Z - Multicast Tunnel, z - MDT-data group sender,
 Y - Joined MDT-data group, y - Sending to MDT-data group,
 G - Received BGP C-Mroute, g - Sent BGP C-Mroute,
 Q - Received BGP S-A Route, q - Sent BGP S-A Route,
 V - RD & Vector, v - Vector
Outgoing interface flags: H - Hardware switched, A - Assert winner
 Timers: Uptime/Expires
 Interface state: Interface, Next-Hop or VCD, State/Mode

RP on HUB and Spokes routers

#sh ip pim rp
Group: 232.1.1.1, RP: 10.15.15.15, v2, uptime 00:13:52, expires 00:01:46

! Source multicast with real IP address 10.1.18.1

SPOKE1#sh ip mroute 232.1.1.1 

(*, 232.1.1.1), 00:02:40/stopped, RP 10.15.15.15, flags: SPF
 Incoming interface: Tunnel0, RPF nbr 10.0.1.1
 Outgoing interface list: Null

(10.1.18.1, 232.1.1.1), 00:02:40/00:03:23, flags: FT
 Incoming interface: Ethernet0/0, RPF nbr 0.0.0.0, Registering
 Outgoing interface list:
 Tunnel0, Forward/Sparse, 00:02:40/00:02:47, A

! Receiver multicast for the group 232.1.1.1

interface Ethernet0/0
 ip address 10.1.19.1 255.255.255.0
 ip pim sparse-mode
 ip igmp join-group 232.1.1.1

SPOKE2#sh ip mroute 232.1.1.1

(*, 232.1.1.1), 00:09:21/00:02:42, RP 10.15.15.15, flags: SCL
 Incoming interface: Tunnel0, RPF nbr 10.0.1.1
 Outgoing interface list:
 Ethernet0/0, Forward/Sparse, 00:09:19/00:02:42

HUB#sh ip mroute 232.1.1.1


(*, 232.1.1.1), 00:09:13/00:03:08, RP 10.15.15.15, flags: S
 Incoming interface: Ethernet0/1, RPF nbr 10.20.1.17
 Outgoing interface list:
 Tunnel0, 10.0.1.3, Forward/Sparse, 00:09:13/00:03:08

(10.1.18.1, 232.1.1.1), 00:06:17/00:01:35, flags: T
 Incoming interface: Tunnel0, RPF nbr 10.0.1.3
 Outgoing interface list:
 Tunnel0, 10.0.1.3, Forward/Sparse, 00:06:17/00:03:08

SPOKE2#mtrace 10.1.19.1 232.1.1.1
Type escape sequence to abort.
Mtrace from 10.1.19.1 to 10.1.19.1 via group 232.1.1.1
From source (?) to destination (?)
Querying full reverse path...
 0  10.1.19.1
-1  10.1.19.1 ==> 10.0.1.3 PIM  [using shared tree]       << Interface Tu0
-2 10.0.1.1 ==> 10.20.1.18 PIM  [using shared tree]       << Interface Tu0 Hub to next router 
-3 10.20.1.17 ==> 10.20.1.2 PIM  [using shared tree]      << Next router to RP router 
-4 10.20.1.1 ==> 0.0.0.0 PIM_MT Reached RP/Core [using shared tree] << RP router

Zed-Network

Network Effect

Category: Cisco