We will dive into IPv6 prefix delegation prefix.

First of all, we will make a real simple topology :

R1 acts as a DHCP server and use the prefix delegation feature. But how it works ? How it is configured ?

R1 :

ipv6 unicast-routing
ipv6 cef
ipv6 dhcp pool POOLv6
 prefix-delegation pool p lifetime 180 120
 domain-name lucas.fr.eu.org

ipv6 local pool p 2001:DB8::/40 48

interface FastEthernet0/0
 ip address 10.0.0.1 255.255.255.0
 duplex half
 ipv6 address 2A02::1/48
 ipv6 enable
 ipv6 dhcp server POOLv6

R1#   show ipv6 dhcp interface 
FastEthernet0/0 is in server mode
  Using pool: POOLv6
  Preference value: 0
  Hint from client: ignored
  Rapid-Commit: disabled
R1#

R2 :

IP SLA is a great tool to automation some treatment. You could do great things with it. We will work on IP SLA Reaction here.

What is it ? You could launch some action on some state of an IP SLA. Such as (Even if it is not a good example) : some nested ping.

 

 

 

 

 

 

 

The job here, is to check R4 - R3 and R4 - R2 if IP SLA beetween R1 - R4 is awful.

I don’t know if it will really help someone but you can download here my CCIE planner spreadsheet : CCIE_Planner

It will provide you :

• Monthly review based on CCIEv5 R&S blueprint ;
• Planner from beginning point to your deadline lab attempt : it calculates how to organize your studies based on your initial self assessment ;
• Daily organization ;
• Weekly organization ;
• Monthly organization ;
• Yearly organization ;
• Calculate your study time ;
• IpExpert vol1 lab & topics ;
• Logistics ;

It is provided as is and under GPLv2.

I think everyone now what is a RIB-Failure in BGP context. It sounds obviously as an exact same route with a lowest AD as {e|i}BGP. We have VRF-Lite on R1 here :

We have :

1#show ip bg vpnv4 vrf CUST
BGP table version is 11, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 65001:1 (default for vrf CUST)
 *>  10.1.1.1/32      12.0.0.2                 0             0 65002 ?
 *>  10.2.2.1/32      12.0.0.2                 0             0 65002 ?
 r>  10.3.3.1/32      12.0.0.2                 0             0 65002 ?
 r>  10.4.4.1/32      12.0.0.2                 0             0 65002 ?
 r>  10.5.5.1/32      12.0.0.2                 0             0 65002 ?
 r>  10.5.5.5/32      12.0.0.2                 0             0 65002 ?
 r>  10.6.6.6/32      12.0.0.2                 0             0 65002 ?
 r>  12.0.0.0/24      12.0.0.2                 0             0 65002 ?
R1#
R1#show ip route vrf CUST

Routing Table: CUST

Gateway of last resort is not set

      10.0.0.0/32 is subnetted, 2 subnets
B        10.1.1.1 [20/0] via 12.0.0.2, 00:37:49
B        10.2.2.1 [20/0] via 12.0.0.2, 00:37:49
      12.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        12.0.0.0/24 is directly connected, Ethernet0/0
L        12.0.0.1/32 is directly connected, Ethernet0/0
R1#

So the only route we can have a RIB-Failure due to lowest AD is : 12.0.0.0/24. What is the problem with others ? We can know this by using :

Today a little review :

edge12.bor03>show ip bg 37.8.8.8
BGP routing table entry for 37.8.0.0/20, version 47221703
Paths: (3 available, best #2, table Default-IP-Routing-Table)
  Advertised to update-groups:
     1
  15975, (received-only)
    17.69.240.117 from 17.69.240.117 (17.69.255.1)
      Origin IGP, metric 16, localpref 500, valid, internal
  12671 15975 15975 15975 15975, (received & used)
    46.218.1.1 from 46.218.1.1 (172.17.1.6)
      Origin IGP, localpref 100, valid, external, best
  12671 15975 15975 15975 15975, (received & used)
    46.218.1.1 from 46.218.1.1 (172.17.1.2)
      Origin IGP, localpref 100, valid, external
edge12.bor03>

Why the path through 17.69.240.117 is not used, although it is the a better path to 37.8.0.0/20 ? Why is it marked as “received-only”

Sorry, but this time it will be a french article.

Ce qu’il faut que la France reste :

• Amour ;
• Diversité culturelle ;
• Fête ;
• Liberté !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! ;
• Laïcité ;
• Passions et liberté de les exprimer par toutes les manières que se soit dans le respect des autres ;

J'ai les méninges nomades 
J'ai le miroir maussade 
Tantôt mobile 
Tantôt tranquille
Je moissonne sans bousculade

Je dis Aime
Et je le sème
Sur ma planète
Je dis M
Comme un emblème
La haine je la jette

Je dis AIME, AIME, AIME

Du Sphinx dans mon rimeur
Paris au fil du cœur
Du Nil dans mes veines
Dans mes artères coule la Seine

Je dis Aime
Et je le sème
Sur ma planète
Je dis M
Comme un emblème
La haine je la jette

Je dis AIME, AIME, AIME

Pour le dehors le dedans
Pour l'après pour l'avant

Je dis Aime
Et je le sème
Sur ma planète
Je dis M
Comme un emblème
La haine je la jette

Je dis AIME, AIME, AIME

For those of you who are working with Redback equipments, this command can be useful :

[local]Redback# washoutthewash

Then you will have access to all commands the CLI hide you such as : ‘show sub ip’ or ‘show qos meter’ …

[CUSTOMER_1194]Redback# show sub act
CUST_8HL2@isp.vpn
        Session state Up
        Circuit   14/1:1 vpi-vci 1 928
        Internal Circuit   14/1:1:63/1/2/1407
        Interface bound  pppoe
        Current port-limit 1
        ppp mtu 1508 (applied)
        context-name CUSTOMER_1194 (applied)
        ip route 198.18.50.202 255.255.255.255 172.31.64.7  (applied)
        ip route 192.1.48.0 255.255.255.0 172.31.64.7  (applied)
        ip route 172.26.48.0 255.255.255.0 172.31.64.7  (applied)
        ip address 172.31.64.7 (applied)
        port-limit 1 (applied from sub_default)
[CUSTOMER_1194]Redback#show sub ?
  access-line       Show DSL line attributes of active subscribers
  active            Display active subscribers
  address           Display subscriber IP-Addresses
  agent-circuit-id  Show subscriber by agent circuit id
  agent-remote-id   Show subscriber by agent remote id
  all               Display all subscribers
  log               Display AAAd log
  session           Display subscriber by circuit
  summary           Display subscriber summary
  username          Display subscriber by username
  |                 Output Modifiers
  
[CUSTOMER_1194]Redback#washoutthewash
[CUSTOMER_1194]Redback#show sub ?
  access-line       Show DSL line attributes of active subscribers
  active            Display active subscribers
  address           Display subscriber IP-Addresses
  agent-circuit-id  Show subscriber by agent circuit id
  agent-remote-id   Show subscriber by agent remote id
  all               Display all subscribers
  debug             Display debug counters
  handle            Show subscriber by internal circuit handle
  ip-addr           Display subscriber by IP address
  log               Display AAAd log
  profile           Display subscriber profile info
  session           Display subscriber by circuit
  summary           Display subscriber summary
  username          Display subscriber by username
  |                 Output Modifiers
  
[CUSTOMER_1194]Redback#show sub ip 172.31.64.7
TYPE    CIRCUIT                    SUBSCRIBER         CONTEXT   START TIME    
--------------------------------------------------------------------------------
ppp     14/1:1 vpi-vci 1 928       CUST_8HL2@is CUSTOMER Aug 27 14:20:51
--------------------------------------------------------------------------------
Total=1
 
Type            Authenticating          Active          Disconnecting
PPP                          0               1                      0
PPPoE                        0               0                      0
DOT1Q                        0               0                      0
CLIPs                        0               0                      0
ATM-B1483                    0               0                      0
ATM-R1483                    0               0                      0
Mobile-IP                    0               0                      0
[CUSTOMER_1194]Redback#

	Here it comes. We will use the same topology as the last two blog posts. This time we will play with GETVPN. GETVPN is a Cisco technology. One of the advantage of GETVPN is that we are able to build somespoke-to-spoke IPSEC tunnel without Tunnel interface and it is highly scalable.

We could say to me : ok, man ! but you could do this by means of static tunnels. Yes you can, BUT with GETVPN you can maintain easily full mesh networks by means of Key Server and the GETVPN technology.

IPSEC VTI stands for IPSEC Virtual Tunnel Interface.

Besides traditionnal IPSEC configuration with cyrpto map, VTI allows to use an interface. It is useful to apply some policies as we can do as other : service-policy, …

For this example, I will use the previous topology with four routers (R1, R2, R3, R4) : see the blog post below for a diagram.

I will implement a IPSEC VTI tunnel between R2 and R4.

How can DMVPN can make some QOS per spoke ?

It is what we will configure today :

Here is the network :

 

 

 

 

I will not explain how NHRP works in detail here.

R1, R2, R3, R4 use IS-IS (for fun) as IGP.

router isis
net 49.MAC_ADD.00

interface etc x/y
ip router isis

Now, here it comes DMVPN configurations :

R4#show run int tun 0
Building configuration...

Current configuration : 351 bytes
!
interface Tunnel0
 bandwidth 1000
 ip address 77.0.0.4 255.255.255.0
 no ip redirects
 ip nhrp authentication 1111
 ip nhrp map multicast dynamic
 ip nhrp map group toto service-policy output pm
 ip nhrp network-id 1111
 ip nhrp redirect
 load-interval 30
 qos pre-classify
 tunnel source Loopback0
 tunnel mode gre multipoint
 tunnel key 1111
end

R4#

And for R3 :