Telecom

MPLS RD, RT, label : where is the truth ?!

Posted on by clucas

I was reading all my RSS feeds and I am subscribed to http://mellowd.co.uk/ccie/ . I have noticed this post for you : http://mellowd.co.uk/ccie/?p=2923 It talks about RD, RT and label about MPLS. I found this post really clear about this terms and concepts.

To sum-up :

  • RD = marks routes with an ‘id’. This ‘id’ is composed by two terms (IP_ASN:number)
    • IP_ASN : IP address or ASN
    • Number : which identify the VPN

I recommand to use IP in IP_ASN. I understand it is really easy to read : 3215:100 and not 81.252.160.88:100. The last one is less easy, but when you deploy a large MPLS cloud and you must supply some load-balancing or fail-over on different PE, the RR(Route Reflector) will choice the best route in the two : 3215:100:192.168.1.0 which is received). With IP1:100:192.168.1.0 and IP2:100:192.168.1.0 the two routes will be used, so you will be able to load balance trafic over two links.

  • RT = has for job to tell to PE in which VPN the route belongs to.

A route in a VPN is named a VPNv4 route. This route contains :

  • RD (see above)
  • RT : RT is a special extended community which flag the route such as ASN:300
  • Label = 2 labels (outer=per hop label ; inner label : identify the VPN)

In MPLS transit, IP packets are routed by label. No existence for P router of RD, RT. So the VPN existence is carried by inner tag. inner tag <=> 1 VPN.

A simple MPLS lab :

  • MP-iBGP between R3 and R5
  • OSPF Area 0 includes : R3, R4, R5
  • MPLS enabled on R3, R4 and R5

I think I don’t have to give the topology for a so easy topology.

To go further, you can see the pcap trace here : http://www.cloudshark.org/captures/44b14366b515

So : you exchange vpnv4 routes by means of MP-iBGP and access to nexthop by the corresponding tag and route to mpls nexthop MPLS friend (here R4).
Also, to access 10.0.0.0/8 from 2 : R5 must push tag 20 (vpnv4 route to this subnet) and push label 16 (to 3.3.3.3 loopback of R3).

Linux : Remote desktop && Hamachi

Posted on by clucas

For those of you which need to access by means of “Remote Desktop” you can use :

  • Nomachine NX
  • Teamviewer
  • VNC

And you can use both LogmeIn Hamachi and VNC. Hamachi is a software which can make network betweeen devices. Against logmein product which lot of you know, here it is at ~~Level2~~ (OSI).

 

How you create your VPN ?

For Linux users, you must install vnc4server and hamachi (supplied by LogmeIn) package (dpkg is your friend). Then you launch your vnc server :

root@plop# vncserver 
New 'plop:1 (clucas)' desktop is plop:1

Starting applications specified in /home/clucas/.vnc/xstartup
Log file is /home/clucas/.vnc/plop:1.log

Now the VNC server is reacheable by means of 5901 (5900 + 1) port.

Then you can create your VPN network by using hamachi :

root@neptune:~# hamachi -h
LogMeIn Hamachi, a zero-config virtual private networking utility, ver 2.1.0.76

  usage: hamachi [command]

  command    specifies an action. Can be one of the following -

             #  set-nick 
                login
                logon
                logout
                logoff
             #  list
                peer 
                network 
             #  create  []
                set-pass  []
                set-access  [lock|unlock] [manual|auto]
                delete 
                evict  
             #  approve  
                reject  
             #  join  []
                do-join  []
                leave 
             #  go-online 
                go-offline 
             #  attach 
                attach-net 
                cancel
             #  gw-config 
                    [dhcp|static [net    ]
                                 [domain ]
                                 [dns  []]]
                    [del  ...]
                    [add  ...]
             #  set-ip-mode ipv4 | ipv6 | both
             #  check-update
                vpn-alias  |0
  If no command is specified, hamachi displays its status including version,
  pid, client id, online status, nickname and the LogMeIn account
root@neptune~# hamachi attach clucas@altern.org
root@neptune~# hamachi join network password
root@neptune~# hamachi go-online network

You have now access to your Linux server/desktop from anywhere by means of hamachi’s device :

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

For mac users (such as me : not a really experimented user), you have a built-in VNC client in MAC from 10.5 MAC OS X.

Go in your finder window > Go > Connect to server >
Now you can access to your device by means of :
vnc://x.y.z.w:5901 (where 5900 + X display : here :1)

IPSec and packet loss

Posted on by clucas

For those of you which configuring IPSec and have packet loss in transit… Perhaps this configuration could help :

crypto ipsec client ezvpn REGISBTP
 connect auto
 group VPN-CLIENT2 key jsdfxkqwpoe
 local-address FastEthernet0
 mode network-extension
 peer 22.22.22.22
 username ipsec1@client2.vpn password jsdfxkqwpoe
 xauth userid mode local

interface FastEthernet0
 ip address 192.168.1.36 255.255.255.0
 ip mtu 1460
 no ip route-cache cef
 ip tcp adjust-mss 1420
 duplex auto
 speed auto
 crypto ipsec client ezvpn CLIENT2
!         

interface Vlan1
 ip address 10.20.0.1 255.255.255.0
 ip mtu 1460
 ip virtual-reassembly
 ip tcp adjust-mss 1420
 crypto ipsec client ezvpn CLIENT2 inside
!         
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.254

The really interesting command (which resolves packet loss) is :

no ip route-cache cef

Ok, now you use FastSwitching and use more CPU, but the service is now OK agains 50% packet loss…

You could read :

How to upgrade Brocade Ironware

Posted on by clucas

Hi guys,

If like me, you begin in Brocade world and must quickly upgrade a Brocade device such as a CER2000, you can find here some (stupid) tips.

You must upgrade this device in two parts :

  • Upgrade your ironware
  • Upgrade your PBIF (FGPA)

Yo upgrade your ironware :

In my example, I have make the choice to put the ironware on secondary flash. For thus of you which come from Cisco world, it is not seen such a disk, where you can copy what you want.

SSH@you_cer# copy tftp flash 5.5.5.5 ce05200f.bin secondary
SSH@you_cer# conf t
SSH@you_cer(conf)#
SSH@you_cer# boot system flash secondary

To upgrade your PBIF :

SSH@you_cer# copy tftp fpga-pbif 5.5.5.5 pbifmetro_05200f.bin

/!\  You will advertised by your device that you must wait.  Ok. this part can take some minutes. You must be patient. /!\

After this :

SSH@you_cer# reload

Ok, now your router is reloaded :

SSH@you_cer# sh flash 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code Flash - Type MT28F256J3, Size 64 MB
  o IronWare Image (Primary)
    Version 5.2.0T183, Size 13669945 bytes, Check Sum a4b5
    Compiled on Jun 12 2011 at 09:16:48 labeled as ce05200
  o IronWare Image (Secondary)
    Version 5.2.0fT183, Size 13756815 bytes, Check Sum e663
    Compiled on Jul 20 2012 at 17:24:00 labeled as ce05200f
  o Monitor Image
    Version 5.1.0T185, Size 445715 bytes, Check Sum 36ab
    Compiled on Aug 11 2010 at 14:08:06 labeled as ceb05100
  o Startup Configuration
    Size 11500 bytes, Check Sum 8941
    Modified on 20:54:21 GMT+01 Thu Aug 09 2012

Boot Flash - Type MX29LV040C, Size 512 KB
  o Boot Image
    Version 5.1.0T185, Size 445715 bytes, Check Sum 36ab
    Compiled on Aug 11 2010 at 14:08:06 labeled as ceb05100
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SSH@you_cer# show version
System: NetIron CER (Serial #: 1P0525G012,  Part #: 40-1000617-01)
License: RT_SCALE (LID: GrFKHKiFGH)
Boot     : Version 5.1.0T185 Copyright (c) 1996-2009 Brocade Communications Systems, Inc.
Compiled on Aug 11 2010 at 14:08:06 labeled as ceb05100
 (445715 bytes) from boot flash
Monitor  : Version 5.1.0T185 Copyright (c) 1996-2009 Brocade Communications Systems, Inc.
Compiled on Aug 11 2010 at 14:08:06 labeled as ceb05100
 (445715 bytes) from code flash
IronWare : Version 5.2.0fT183 Copyright (c) 1996-2009 Brocade Communications Systems, Inc.
Compiled on Jul 20 2012 at 17:24:00 labeled as ce05200f
 (13756815 bytes) from Secondary
CPLD Version: 0x00000010
Micro-Controller Version: 0x0000000d
Extended route scalability
PBIF Version: 0x0153800 MHz Power PC processor 8544 (version 8021/0022) 400 MHz bus
512 KB Boot Flash (MX29LV040C), 64 MB Code Flash (MT28F256J3)
2048 MB DRAM
System uptime is 13 hours 33 minutes 32 seconds
SSH@you_cer#

Have fun during your maintenance window 😉

How to build a mirror port on Brocade devices ?!

Posted on by clucas

I have had to use this feature on Brocade hardware stuff. I know how to do this on Cisco devices, but it is the first time I must do on Brocade switches to sniff trafic.

To do this :

FCX(config)# mirror-port ethernet 1/2/4
FCX(config)#interface ethernet 1/2/11
FCX(config-if-e1000-11)# monitor ethernet 1/2/4 both
Hope this tip can help 🙂

It’s not enough to say it, do it.

Posted on by clucas

Ok. If you have read my last post, you could say : “Ok, but when do you begin for real ?!”

I have beginning by working on a study plan. When the ennemy is hard as can be CCIE, you must have a plan to beat it. This is what I have now. I think I will update it during the journey toward my objective, but I think it is a right roadmap. For me, it is a TODO List and something which remind/force me to go on…

I don’t know if it is really good, but you can read it here. Hope to have your feedback…


New start in CCIE studying…

Posted on by clucas

After a long period withouy working on my CCIE study, I will now plan and work hard toward this objective. I will try to explain, write about my journey toward CCIE Routing and Switching written exam.

Be prepared to read new content about Cisco, CCIE and telco here.

Best regards,
Christophe