Telecom

OSPF : Outbound filtering

Posted on by clucas

If you read/see videos about OSPF, it will be said that you can only filter on INBOUND or 1/0 on OUTBOUND (via ip ospf database-filter all out / neighbor x.x.x.x database-filter all out).
You will say to me, no problem I can filter by means of “area range xxxxx not-advertise” (LSA Type 3) or “summary-address xxxx no-advertise” (LSA Type 5).
Ok, now let’s say, I want with distribute-list and ACL, you filter out some routes ?

You could do this as :

R1(config-router)#distribute-list 10 out connected
R1(config-router)#do sh run | sec router
router ospf 1
 router-id 1.1.1.1
 no capability transit
 area 14 nssa
 summary-address 10.1.4.4 255.255.255.255 not-advertise
 summary-address 10.22.4.4 255.255.255.255 not-advertise
 network 10.1.1.1 0.0.0.0 area 0
 network 10.1.14.0 0.0.0.255 area 14
 network 11.1.1.0 0.0.0.255 area 0
 neighbor 11.1.1.2 database-filter all out
 distribute-list 10 out connected
 distance 255 9.9.9.9 0.0.0.0 41
R1(config-router)#

And you could do more : 

R1(config-router)#distribute-list 10 out ?
  Async              Async interface
  Auto-Template      Auto-Template interface
  BVI                Bridge-Group Virtual Interface
  CDMA-Ix            CDMA Ix interface
  CTunnel            CTunnel interface
  Dialer             Dialer interface
  Ethernet           IEEE 802.3
  GMPLS              MPLS interface
  LongReachEthernet  Long-Reach Ethernet interface
  Loopback           Loopback interface
  Lspvif             LSP virtual interface
  MFR                Multilink Frame Relay bundle interface
  Multilink          Multilink-group interface
  Null               Null interface
  Tunnel             Tunnel interface
  Vif                PGM Multicast Host interface
  Virtual-PPP        Virtual PPP interface
  Virtual-Template   Virtual Template interface
  Virtual-TokenRing  Virtual TokenRing
  bgp                Border Gateway Protocol (BGP)
  connected          Connected
  eigrp              Enhanced Interior Gateway Routing Protocol (EIGRP)
  isis               ISO IS-IS
  lisp               Locator ID Separation Protocol (LISP)
  ospf               Open Shortest Path First (OSPF)
  ospfv3             OSPFv3
  rip                Routing Information Protocol (RIP)
  static             Static routes
  vmi                Virtual Multipoint Interface

Have lot of fun to lab all these great OSPF features.

Some fun on this off-day.

Posted on by clucas

I have found again this networking game. The first time I play with it was in 2009. It was fun to take some hours to play with it.
It is not hosted by Cisco, so if you want to retrieve the archive you can download it here for those of you that were not in this industry or not know this cisco networking game.

OSPFv3 address-family

Posted on by clucas

This is possible to run the two address-families under the same OSPF process since Cisco IOS Software Release 15.1(3)S.

Capture d’écran 2015-05-13 à 22.24.28

You can do this as :
R9(config)# ipv6 unicast-routing
R9(config)# ipv6 cef

Then :

R9(config)# router ospfv3 1
R9(config-router)#address-family ipv4 unicast
R9(config-router-af)#router-id 10.1.9.9
R9(config-router-af)#redistribute connected
R9(config-router-af)#exit-a

And then configure the OSPF link by means of configuration on the interface :
R9(config-router-af)#int ser 3/0
R9(config-if)#ospfv3 1 ipv4 area 236
*May 13 20:31:14.956: %OSPFv3-5-ADJCHG: Process 1, IPv4, Nbr 10.1.6.6 on Serial3/0 from LOADING to FULL, Loading Done
R9(config-if)#ospfv3 1 ipv6 area 236
R9(config-if)#

This is where I think it is really powerful.
I recommend you to check IPv6 and OSPF only with the keyword “ospfv3” such as :

R9#show ospfv3 neighbor

          OSPFv3 1 address-family ipv4 (router-id 10.1.9.9)

Neighbor ID     Pri   State           Dead Time   Interface ID    Interface
10.1.6.6          0   FULL/  -        00:00:33    15              Serial3/0

          OSPFv3 1 address-family ipv6 (router-id 20.1.9.9)

Neighbor ID     Pri   State           Dead Time   Interface ID    Interface
10.1.6.6          0   FULL/  -        00:00:31    15              Serial3/0
R9#

On R6 we can see now :

6#show ip route ospf?
Hostname or A.B.C.D  ospf  ospfv3

R6#show ip route ospfv3
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 11 subnets, 2 masks
O E2     10.1.9.9/32 [110/20] via 10.1.69.9, 00:04:16, Serial3/0
      20.0.0.0/32 is subnetted, 2 subnets
O E2     20.1.9.9 [110/20] via 10.1.69.9, 00:04:16, Serial3/0
R6#

After WEB-IOU : UNetLab. An amazing project …

Posted on by clucas

For those of you who know the excellent web-iou, you will not be surprised that this new project from Andrea is really exciting and amazing.

Please see all the platform you can simulate with :

  • A10 vThunder
  • Aruba ClearPass
  • Alcatel 7750 SR
  • Arista vEOS
  • Brocade vADX
  • CheckPoint Security Gateway VE
  • Cisco ASA (porting)
  • Cisco ASAv
  • Cisco CSR 1000V
  • Cisco IPS (porting)
  • Cisco IOS 1710 (dynamips, ethernet only)
  • Cisco IOS 3725 (dynamips, ethernet only)
  • Cisco IOS 7206VXR (dynamips, ethernet only)
  • Cisco IOL (for Cisco internal use only)
  • Cisco Titanium (for VIRL customers only)
  • Cisco vIOS (for VIRL customers only)
  • Cisco vIOS L2 (for VIRL customers only)
  • Cisco Virtual Wireless Lan Controller (vWLC)
  • Cisco Web Security Appliance (IronPort)
  • Cisco XRv
  • Citrix NetScaler
  • ExtremeXOS
  • F5 BIG-IP LTM VE
  • Fortinet FortiGate (new)
  • HP VSR1000
  • Juniper Olive (porting)
  • Juniper vMX
  • Juniper vSRX
  • Palo Alto VM-100 Firewall
  • VMware ESXi
  • VyOS
  • Windows host


Please visit :

The project is under heavy developpment. Thank you Andrea for your work 🙂

Tips about ASR9K interfaces

Posted on by clucas

I don’t know if it can be useful for someone, but I share :

To know about optic budget :

RP/0/RSP0/CPU0:ASR9K-01#show controllers tenGigE 0/0/0/2 phy
Tue Dec  9 18:10:41.280 CET

SFP EEPROM  port: 2
        Xcvr Type: SFP
        Xcvr Code: SFP-10G-ER
        Encoding: 64B66B
        Bit Rate: 10300 Mbps
        Link Reach 9u fiber (Km): 40000 meter
        Link Reach 9u fiber (100m): 25500 meter
        Link Reach 9u fiber (100m): 25500 meter
        Vendor Name: CISCO-FINISAR  
        Vendor OUI: 00.90.65
        Vendor Part Number: FTLX1671D3BCL-C4 (rev.: A   )
        Laser wavelength: 1550 nm (fraction: 0.00 nm)
        Optional SFP Signal: Rate Sel, LOS
        Vendor Serial Number: FNS181206PL    
        Date Code (yy/mm/dd): 14/03/17  lot code:  
        Diagnostic Monitoring: DOM, Int. Cal.,
        Enhanced Options: SW RX LOS Mon., SW TX Fault Mon, SW TX Disable, Alarm/Warning Flags
[...]
        Thresholds:                    Alarm High         Warning High          Warning Low            Alarm Low
              Temperature:            +75.000 C             +70.000 C              +0.000 C              -5.000 C
                  Voltage:           3.630 Volt            3.465 Volt            3.135 Volt            2.970 Volt
                     Bias:        100.000 mAmps          95.000 mAmps          55.000 mAmps          50.000 mAmps
           Transmit Power:  5.012 mW (7.00 dBm)   2.512 mW (4.00 dBm)   0.339 mW (-4.70 dBm)   0.135 mW (-8.70 dBm)
           Receive Power:  1.585 mW (2.00 dBm)   0.794 mW (-1.00 dBm)   0.026 mW (-15.80 dBm)   0.011 mW (-19.79 dBm)
        Temperature: 41.539
        Voltage: 3.319 Volt
        Tx Bias: 81.050 mAmps
        Tx Power:  1.693 mW (2.29 dBm)
        Rx Power:  0.008 mW (-21.02 dBm)
        Oper. Status/Control: Rx Rate Select,

More to see on the right…

Stats and more specifics errors :

RP/0/RSP0/CPU0:ASR9K-01#show controllers tenGigE 0/0/0/2 ? 
  all       Show all the information
  bert      Show BERT status
  control   Show configuration and control information(cisco-support)
  internal  Show internal information
  mac       Show mac information
  phy       Show phy information
  regs      Show registers information
  stats     Show stats information
  xgxs      Show xgxs information
  |         Output Modifiers
       
RP/0/RSP0/CPU0:ASR9K-01#show controllers tenGigE 0/0/0/2 stats
Tue Dec  9 18:10:54.905 CET
Statistics for interface TenGigE0/0/0/2 (cached values):

Ingress:
    Input total bytes           = 583691
    Input good bytes            = 583691

    Input total packets         = 4563
    Input 802.1Q frames         = 0
    Input pause frames          = 0
    Input pkts 64 bytes         = 0
    Input pkts 65-127 bytes     = 4108
    Input pkts 128-255 bytes    = 71
    Input pkts 256-511 bytes    = 269
    Input pkts 512-1023 bytes   = 61
    Input pkts 1024-1518 bytes  = 52
    Input pkts 1519-Max bytes   = 2 

    Input good pkts             = 4548
    Input unicast pkts          = 157
    Input multicast pkts        = 4347
    Input broadcast pkts        = 59

    Input drop overrun          = 0
    Input drop abort            = 0
    Input drop invalid VLAN     = 0
    Input drop invalid DMAC     = 0
    Input drop invalid encap    = 0
    Input drop other            = 0

    Input error giant           = 0
    Input error runt            = 0
    Input error jabbers         = 0
    Input error fragments       = 0
    Input error CRC             = 12
    Input error collisions      = 0
    Input error symbol          = 232214
    Input error other           = 3

    Input MIB giant             = 2
    Input MIB jabber            = 0
    Input MIB CRC               = 12

 
Egress:

    Output total bytes          = 757008
    Output good bytes           = 757008

    Output total packets        = 5682
    Output 802.1Q frames        = 0
    Output pause frames         = 0
    Output pkts 64 bytes        = 59
    Output pkts 65-127 bytes    = 5239
    Output pkts 128-255 bytes   = 93
    Output pkts 256-511 bytes   = 162
    Output pkts 512-1023 bytes  = 71
    Output pkts 1024-1518 bytes = 58
    Output pkts 1519-Max bytes  = 0

    Output good pkts            = 5682
    Output unicast pkts         = 332
    Output multicast pkts       = 5350
    Output broadcast pkts       = 0

    Output drop underrun        = 0
    Output drop abort           = 0
    Output drop other           = 0

    Output error other          = 0

If you read it carefully you must have seen that my link have some problems… Which ones ?

I will probably write another article to talk only about NP, FIA, …

Etherate : the beginning of an Open Aurora Tango test (L2 tester)…

Posted on by clucas

For those of you which perform some Aurora Tango tests (BERT, RFC 2544) you may know that a couple of these testers are really expensive ! The principle of these test is to place a tester in loopback and another is test mode. By means of this, you are able to qualify an Ethernet link (direct, Q-in-Q, VPLS, Xconnect).

During my readings of mailing-lists such as cisco-nsp or others, someone posts an URL to a really awesome Linux program : etherate. With modern CPU platform you are able to supply a throughput until 1G, and this program give you the possibility to test your L2 circuits.

You can do some tests by using it such as :

 

root@Loop_Host# etherate -r

And :

root@Tx_Host# etherate

To give some features :

root@pluton:~/COMPILE/Etherate-master# ./etherate -h
Usage info; [Mode] [Destination] [Source] [Options] [Other]
[Mode] By default run in transmit mode, not receive
    -r    Change to receive (listening) mode.
[Destination]
    -d    Without this we default to 00:00:5E:00:00:02
        as the TX host and :01 as the RX host.
        Specify a custom desctination MAC address, 
        -d 11:22:33:44:55:66
[Source]
        Specify a custom source MAC address, -s 11:22:33:44:55:66
    -i    Set interface by name. Without this option we guess which
        interface to use.
    -I    Set interface by index. Without this option we guess which
        interface to use.
    -l    List interface indexes (then quit) for use with -i option.
    -s    Without this we default to 00:00:5E:00:00:01
        as the TX host and :02 as the RX host.
[Options]
    -a    Ack mode, have the receiver ack each frame during the test
        (This will significantly reduce the speed of the test).
    -b    Number of bytes to send, default is 0, default behaviour
        is to wait for duration.
        Only one of -t, -c or -b can be used, both override -t,
        -b overrides -c.
    -c    Number of frames to send, default is 0, default behaviour
        is to wait for duration.
    -e    Set a custom ethertype value the default is 0x0800 (IPv4).
    -f    Frame payload size in bytes, default is 1500
        (1514 bytes is the expected size on the wire with headers).
    -m    Max bytes per/second to send, -m 125000 (1Mbps).
    -t    Transmition duration, integer in seconds, default is 30.
[Other]
    -v    Add an 802.1q VLAN tag. By default none is in the header.
        If using a PCP value with -p a default VLAN of 0 is added.
    -p    Add an 802.1p PCP value from 1 to 7 using options -p 1 to
        -p 7. If more than one value is given, the highest is used.
        Default is 0 if none specified.
        (If no 802.1q tag is set the VLAN 0 will be used).
    -q    Add an outter Q-in-Q tag. If used without -v, 1 is used
        for the inner VLAN ID.
        #NOT IMPLEMENTED YET#
    -o    Add an 802.1p PCP value to the outer Q-in-Q VLAN tag.
        If no PCP value is specified and a Q-in-Q VLAN ID is,
        0 will be used. If no outer Q-in-Q VLAN ID is supplied this
        option is ignored. -o 1 to -o 7 like the -p option above.
        #NOT IMPLEMENTED YET#
    -x    Display examples.
        #NOT IMPLEMENTED YET#
    -V|--version Display version
    -h|--help Display this help text
root@pluton:~/COMPILE/Etherate-master#

I really hope and try to help so that this project goes to his end. It could be really great to have L2 tests as this one as we have with bwping and iperf on L3/L4 layer of OSI model.