Author: Calin

Calin is a network engineer, with more than 20 years of experience in designing, installing, troubleshooting, and maintaining large enterprise WAN and LAN networks.

[Twitter IT] Cisco Live 365 – Cornerstones of CCIE Success

Cisco Live 365 describe this as:

“Anthony Sequeira, CCIE, CCSI educates students on four key cornerstones for success in the journey to CCIE. These cornerstones include technical knowledge, study and lab strategies, proper mindset, and physical wellness.”

I can tell you it’s not essentially a technical knowledge session, and Anthony Sequeira mention this couple of times during presentation. Nevertheless this it’s damn good for your CCIE preparation and exam itself. What Anthony Sequeira does, he tries to “educate” the attendant behavior pre and during the exam so he or she won’t go crazy. If you have a Cisco Live 365 account (it’s free to subscribe) I would recommend this presentation.

Cisco vs Juniper: different eBGP behavior

Last week I had to troubleshoot a problem about eBGP peering with an external provider and I think my findings will be interesting for some of you out there.

Let me start with some background information. I have two locations, same ASN, both connected to the same provider network using eBGP as routing protocol. Due to the looping prevention mechanism, default behavior in eBGP peering between Cisco equipment, is not to accept in BGP table prefixes that have in the AS-Path the same ASN as the local BGP router. You can still accept these prefixes, if you use the “allowas-in” trick on Cisco routers:

neighbor x.x.x.x allowas-in

The above command will tell BGP protocol on Cisco routers to ignore the presence of its own ASN in the AS-Path and to accept the prefixes. If all other attributes are in good standing, the routes to those prefixes will be installed in the routing table.

As a short example, take the following tolopogy:

I have a typical eBGP peering configuration. On one of the edge Cisco routers I have a Lo0 interface with 5.5.5.5/32 IP address which I advertise into BGP. Checking the middle Cisco router (provider) I can see that the BGP table has the 5.5.5.5/32 prefix installed:

sh ip bgp 5.5.5.5
BGP routing table entry for 5.5.5.5/32, version 2
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
  Advertised to update-groups:
        1
  65082
    10.10.12.1 from 10.10.12.1 (10.10.12.1)
      Origin IGP, metric 0, localpref 100, valid, external, best

Next I check if the provider router does advertise this prefix to the next neighbor:

sh ip bgp neigh 10.10.13.1 advertised-routes | i 5.5.5.5
*> 5.5.5.5/32       10.10.12.1               0             0 65082 i

From this perspective everything is fine. On the edge Cisco router, I cannot see this prefix in the BGP table, which is normal due to the reasons I explained above:

R6#sh ip bgp 5.5.5.5
% Network not in table

As soon as I add the “allowas-in” configuration on the edge Cisco router, the BGP table will contain the prefix 5.5.5.5/32:

router bgp 65082
 no synchronization
 bgp log-neighbor-changes
 neighbor 10.10.13.2 remote-as 65086
 neighbor 10.10.13.2 allowas-in
 no auto-summary
sh ip bgp 5.5.5.5    
BGP routing table entry for 5.5.5.5/32, version 2
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
  Not advertised to any peer
  65086 65082
    10.10.13.2 from 10.10.13.2 (10.10.13.2)
      Origin IGP, localpref 100, valid, external, best

Now let take the example when the provider is using Juniper technology. The eBGP peering is now between Cisco and Juniper devices:

I have configured the eBGP in the same way and I have advertised from one Cisco router the 5.5.5.5/32 prefix. 

On Juniper the BGP configuration looks like this:

yotis@J1# run show configuration protocols        
bgp {
    local-as 65086;
    group TST {
        peer-as 65082;
        neighbor 10.10.12.1;
        neighbor 10.10.13.1;
    }
}

Checking on the Juniper device I can see the prefix in the BGP table and routing table:

yotis@J1# run show route protocol bgp receive-protocol bgp 10.10.12.1    
 
inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
  Prefix		  Nexthop	       MED     Lclpref    AS path
* 5.5.5.5/32              10.10.12.1           0                  65082 I
 
__juniper_private2__.inet.0: 1 destinations, 1 routes (0 active, 0 holddown, 1 hidden)
yotis@J1# run show route 5.5.5.5                                         
 
inet.0: 7 destinations, 7 routes (7 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
 
5.5.5.5/32         *[BGP/170] 01:19:15, MED 0, localpref 100
                      AS path: 65082 I
                    > to 10.10.12.1 via em1.0

On the second Cisco router, I did not change anything. The “allowas-in” command is still there:

router bgp 65082
 no synchronization
 bgp log-neighbor-changes
 neighbor 10.10.13.2 remote-as 65086
 neighbor 10.10.13.2 allowas-in
 no auto-summary

Still the prefix is not in the BGP table:

R6#show ip bgp 5.5.5.5
% Network not in table

Here is a big difference on the way eBGP protocol behave on Cisco vs. Juniper. On Cisco devices, the eBGP will send the prefixes, no matter of the peer ASN and it’s the task of the peer to apply the default policy when its own ASN is present in the AS-Path and deny the prefixes to be installed in the BGP table.

With Juniper, eBGP protocol will not even announce the prefixes if the ASN of its peer is already present in the AS-Path.

According to http://www.juniper.net/techpubs/software/junos/junos94/swconfig-routing/disabling-suppression-of-route-advertisements.html#id-13255463

“The JUNOS software does not advertise the routes learned from one external BGP (EBGP) peer back to the same EBGP peer. In addition, the software does not advertise those routes back to any EBGP peers that are in the same AS as the originating peer, regardless of the routing instance.”

There is a solution to overcome this behavior and it’s pretty simple. You can set this configuration on global basis or per group in Junos BGP configuration:

[edit protocols bgp group TST]
yotis@J1# set advertise-peer-as

Now the BGP configuration looks like this:

yotis@J1# run show configuration protocols        
bgp {
    local-as 65086;
    group TST {
        advertise-peer-as;
        peer-as 65082;
        neighbor 10.10.12.1;
        neighbor 10.10.13.1;
    }
}

If I check now the Cisco BGP table, the 5.5.5.5/32 prefix will be there:

show ip bgp 5.5.5.5
BGP routing table entry for 5.5.5.5/32, version 4
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Flag: 0x820
  Not advertised to any peer
  65086 65082
    10.10.13.2 from 10.10.13.2 (10.10.12.2)
      Origin IGP, localpref 100, valid, external, best

Don’t forget to check my Juniper, first steps after power-on the device if you are new with Juniper products. You may be interested also in my older posts Cisco: BGP path selection for outgoing traffic and Cisco: BGP path selection for inbound traffic if you just start to work with external providers.


[Solution] Speed / Duplex auto-negotiation fails between Cisco and Tandberg

In the last weeks I was working closely with a Cisco Telepresence team to identify a issue regarding poor performance of the video systems. We did find pretty quickly the issue as being the failure of auto-negotiation of Speed and Duplex on the connection between Cisco switch port and Tandberg endpoint devices.

This was the easy part. We though it will be fixed in minutes, but after a few days we did recognized that there is something we do not understand. We did change the settings everywhere to have auto-negotiation on, but we still had problems. For example with Cisco and Tandberg ports set on auto-negotiation on both sides, I’ve seen the most uncommon results:
– Cisco 1000Mbps – Tandberg 1000Mbps = negotiation 1000Mbps / Full
– Cisco 1000Mbps – Tandberg 100Mbps = negotiation 1000Mbps / Full on Cisco + 100Mbps / Full on Tandberg
– Cisco 100Mbps – Tandberg 100Mbps = negotiation 100Mbps / Half on Cisco + 100Mbps / Full on Tandberg

These are just a few of the strange results that we got. Myself as part of the network team I turn my attention to search bugs in IOS, configuration issues, faulty hardware. The Telepresence team was doing their job to search on their systems. Nothing was working.

We turn our attention to TAC engineers. They did try to simulate in a lab environment our problems, but failed. Their system were not having this kind of issue. Internet, search engines and boards could not help as well. I was about to think that we are somewhere in the Bermuda triangle and we are the only one with this kind of problem.

Then the solution came from a Cisco engineer when we least expect it. I quote from his e-mail in which he gave us some suggestion to try:

Are you aware that Tandberg endpoints running newer versions of software 
need to be rebooted before changes to speed settings take effect? 
This can sometimes cause confusion.

We stopped for a second and ask “Did we reload any Tandberg device during troubleshooting sessions?” The answer was “No”. After reload all devices, one by one, everything was working expect a few devices.

We discovered that these Tandberg devices didn’t want to auto-negotiate because of lack of a Cat6 cabling. It seems that all 8 wires need to be there and connected. So, if you have a cable that is patched to transport data and telephony for example to spare some wires, then you may be in trouble.

Why did I add this thing here? For sure it will bring some ironic smile on some faces, but I like to learn from my mistakes or from not paying close attention to some small line in the documentation. OK, if I made you laugh it’s fine, but the reason of this article is different. When I did search Internet for possible solution, I could not find anywhere a line with “reload the damn Tandberg device after you modify Speed / Duplex” settings.


[Cisco Live] SDN controller interview

The original name of this video is “SDN controller DEMO”. I think the “demo” word there is a bit inappropriate used, as actually is more like a Cisco marketing video than demo. Don’t be so surprised, you know how Cisco promote their products.

Just my 2 cents about the SDN/OpenFlow trend that is coming up these days. I don’t mind innovation, I’m glad if and when I can get in contact with new technologies, but what disturb me is that in a lot of presentations that I’ve seen until now, SDN is presented like the magic wand that does everything with point and click.
No knowledge needed, no network understanding, no effort to see where or how the packets travel through network, you just have to point and click, slice the network however you want, plug the toy and you’re ready to go. If this is all true, then someone please explain to me with I’m busting my…head to learn and really understand what’s actually going on in the network. I really hope this kind of presentations implies that this is a new product that needs to be promoted and if they make it sound too complex, nobody will buy it.

Disclaimer: This video is not mine and I don’t claim any rights on it. My thanks go to Jimmy Ray Purse, TechWiseTV, Networking 101 Show, Cisco and last but not least to YouTube for hosting it and let us embed this video.

[Friday Tech Fun]: Light painting WIFI

For most of us, network engineers, the IT world means anything but art. Still, it seems that out there somebody think Wifi can be use to generate art. And they did a pretty good job.

Timo Arnall, Jørn Knutsen and Einar Sneve Martinussen had this idea to explore the invisible terrain of WiFi networks in urban spaces by light painting signal strength in long-exposure photographs. A four-metre tall measuring rod with 80 points of light reveals cross-sections through WiFi networks using a photographic technique called light-painting.

What they achieve, you can see below:

Immaterials: Light painting WiFi from Timo on Vimeo.

You can find more about this project here:

http://yourban.no/2011/02/22/immaterials-light-painting-wifi/