Juniper Fast Track 100% Discount on Exams

Yesterday, I was visiting the Juniper Fast Track page to find out what happened to the voucher I got when I passed the pre-assessment exam. I found out that Juniper is making the exam free and you can use the previous voucher you had to avail the free exam.

This may be inappropriate to post in this blog which is all about Cisco, but I think this will be a good certification to get. Besides, JNCIA-ER and JNCIS-ER are the certifications I targetted to achieve this year. These certifications will not only make your list of cerfications longer :), but also boost your morale for aimed certifications like the CCIE. This will give a networking individual a higher market value than those who only has Cisco certs. I am not pro Juniper or something. I consider Scott Morris my example for multi vendor certified experts and I think he has a wider market than those CCIE's who only have Cisco certifications. It's like having a coat of many colors! My opinion though, but my proof is there are a lot of companies out there looking for Juniper Certified individuals. You can check the job sites if you want to see for yourself.

As for me, I have booked my free JNCIA-ER exam by October and will be booking my JNCIS-ER by December. I am looking forward to passing these exams but I still don't neglect my aim for the CCDA/CCDP this year and ultimately the CCIE next year. Don't miss this chance to get a good and acknowledged certification for free! This will only be available throughout the rest of 2009. You have nothing to lose! :) Check the link below for more details.

https://learningportal.juniper.net/juniper/user_fasttrack_home.aspx

Anyone Reading?

I have been pretty busy this month. Not only I was sidetracked from my studies but also I tend to relax this month because, I just turned a year older. My counter shows people have been reading this blog but I am not sure if these are just one time visitor or there are people actually reading and learning something from this. Like I said first and foremost, I created this blog for my own personal reference and for others also who likes to learn from blogs.

If there are people out there who are following my entries, please comment and let me know how much more I can improve this blog for the benefit of us all. I know this blog can't even compare to other blogs but your comments can really help improve. If you have topics you want to be covered let me know cause, my way is I am covering mini focused labs per topic and per protocol.

BGP Local Preference

Local Preference is one of the ways to alter the path taken by one AS to reach another AS. The difference between Local Preference and Weight is that Weight is just locally signifant in the router while Local Preference is what I call "Local AS significant". What I mean by that is that Local Preference is being propagated Intra AS but not outside the AS.


Local preference is to influence your own AS how to get or exit to another AS.
MED is to influence other AS how to enter your AS.
The higher the local preference, the more preferred.

In this lab, local preference will be configured and will be using route map for more flexibility. Check the diagram below for details.
R1, R2 and R3 belongs to AS 123. R4 is in AS4 and is advertising 4.4.4.4/32, 44.44.44.44/32 and 144.144.144.144/32
subnets.We need to set all routes learned from R3 to have local preference value of 300. After which, configure a
route-map that will assign a local preference of 500 in R2 for the network 144.144.144.144/32.

Here are the initial BGP configurations on the routers.


R1#
!
router bgp 123
no synchronization
bgp log-neighbor-changes
neighbor 12.12.12.2 remote-as 123
neighbor 13.13.13.3 remote-as 123
no auto-summary

R2#
!
router bgp 123
no synchronization
bgp log-neighbor-changes
neighbor 12.12.12.1 remote-as 123
neighbor 12.12.12.1 next-hop-self
neighbor 24.24.24.4 remote-as 4
no auto-summary

R3#
!
router bgp 123
no synchronization
bgp log-neighbor-changes
neighbor 13.13.13.1 remote-as 123
neighbor 13.13.13.1 next-hop-self
neighbor 34.34.34.4 remote-as 4
no auto-summary

R4#
!
router bgp 4
no synchronization
bgp log-neighbor-changes
network 4.4.4.4 mask 255.255.255.255
network 44.44.44.44 mask 255.255.255.255
network 144.144.144.144 mask 255.255.255.255
neighbor 24.24.24.2 remote-as 123
neighbor 34.34.34.3 remote-as 123
no auto-summary

Let's see what is the best path taken by R1 to reach the networks advertised by R4.


R1#sh ip bgp

BGP table version is 10, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*>i4.4.4.4/32 12.12.12.2 0 100 0 4 i
* i 13.13.13.3 0 100 0 4 i
*>i44.44.44.44/32 12.12.12.2 0 100 0 4 i
* i 13.13.13.3 0 100 0 4 i
*>i144.144.144.144/32
12.12.12.2 0 100 0 4 i
* i 13.13.13.3 0 100 0 4 i

R1#sh ip route | beg Gateway


Gateway of last resort is not set

1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
4.0.0.0/32 is subnetted, 1 subnets
B 4.4.4.4 [200/0] via 12.12.12.2, 00:04:00
144.144.0.0/32 is subnetted, 1 subnets
B 144.144.144.144 [200/0] via 12.12.12.2, 00:04:00
12.0.0.0/24 is subnetted, 1 subnets
C 12.12.12.0 is directly connected, Serial1/2
13.0.0.0/24 is subnetted, 1 subnets
C 13.13.13.0 is directly connected, Serial1/3
44.0.0.0/32 is subnetted, 1 subnets
B 44.44.44.44 [200/0] via 12.12.12.2, 00:04:00

It's clear that it prefers to take R2 to reach the networks in R4. Let's configure R3 so that all routes received by R3 will have a Local preference of 300


R3#config t
R3(config)#router bgp 123
R3(config-router)#bgp default local-preference 300

R1#sh ip bgp
BGP table version is 13, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
* i4.4.4.4/32 12.12.12.2 0 100 0 4 i
*>i 13.13.13.3 0 300 0 4 i
* i44.44.44.44/32 12.12.12.2 0 100 0 4 i
*>i 13.13.13.3 0 300 0 4 i
* i144.144.144.144/32
12.12.12.2 0 100 0 4 i
*>i 13.13.13.3 0 300 0 4 i

Immediately, even without clearing the BGP process, R3 now became the more preferred path to reach R4. Remember that in Local Preference, the higher the value, the more preferred.

Let's configure in R2 a route-map so the network 144.144.144.144/32 will have a local preference of 500. This will make R2 the best path to reach the mentioned network.


R2(config)#access-list 1 permit host 144.144.144.144
R2(config)#route-map LOCALPREF500 permit 10
R2(config-route-map)#match ip address 1
R2(config-route-map)#set local-preference 500
R2#(config)# router bgp 123
R2(config-router)#neighbor 24.24.24.4 route-map LOCALPREF500 in
R2# clear ip bgp *

R1#sh ip bgp
BGP table version is 14, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*>i4.4.4.4/32 13.13.13.3 0 300 0 4 i
*>i44.44.44.44/32 13.13.13.3 0 300 0 4 i
*>i144.144.144.144/32
12.12.12.2 0 500 0 4 i
* i 13.13.13.3 0 300 0 4 i

Firstly, why is that the route-map has an "in" direction. It's because we are receiving the route from another router, R2 is not the one advertising. You can see now that path to 144.144.144.144/32 will have R2 as the next hop. If you noticed also, why is that for 4.4.4.4/32 and 44.44.44.44/32, there is no other path except through 13.13.13.3. Check the route-map above and you'll find the answer. There is no succedding line after line 10, which means, it will block out the subnets and not advertised it to R1.

Let's configure the 20th sequence of the route-map.


R2(config)#route-map LOCALPREF500 permit 20

Let's see now if there are changes.


R1#sh ip bgp
BGP table version is 16, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
* i4.4.4.4/32 12.12.12.2 0 100 0 4 i
*>i 13.13.13.3 0 300 0 4 i
* i44.44.44.44/32 12.12.12.2 0 100 0 4 i
*>i 13.13.13.3 0 300 0 4 i
*>i144.144.144.144/32
12.12.12.2 0 500 0 4 i
* i 13.13.13.3 0 300 0 4 i

That's it for local preference. Hopefully I can finish the BGP topics soon. :)

HSRP Route Tracking

I have been accustomed to tracking the WAN interface to determine the HSRP priority. However, there are more ways to use tracking in HSRP and one of those is to track a certain prefix in the routing table. This works by checking a specific route configured in "track" if it is still in the routing table. If not, it will decrease the priority according the configured decrement.


R1 and R2 are in one site. R1 is the Active HSRP route while R2 is the standby. R1 and R2 should
not be OSPF neighbors. Traffic should go to R2 once a route to 3.3.3.3/32 is lost in R1.
This is not the best way to track this scenario but just for example sake. Excuse the IP addressing scheme as well because I find it easier to know which ip is from which router just by number in the last octet. (e.g. .1 is in R1, .2 is in R2 and .3 is in R3)

The pre-configuration of the routers is found below.


R1#
interface FastEthernet0/0
ip address 10.10.20.1 255.255.255.0
duplex half
standby 1 ip 10.10.20.10
standby 1 preempt
!
interface Serial1/0
ip address 10.10.13.1 255.255.255.0
serial restart-delay 0
no fair-queue
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 1
log-adjacency-changes
passive-interface FastEthernet0/0
network 10.10.13.0 0.0.0.255 area 0
network 10.10.20.0 0.0.0.255 area 0

R2#
interface FastEthernet0/0
ip address 10.10.20.2 255.255.255.0
duplex half
standby 1 ip 10.10.20.10
standby 1 priority 91
standby 1 preempt
!
interface Serial1/0
ip address 10.10.23.2 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 1
log-adjacency-changes
passive-interface FastEthernet0/0
network 10.10.20.0 0.0.0.255 area 0
network 10.10.23.0 0.0.0.255 area 0

R3#
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface Serial1/0
ip address 10.10.13.3 255.255.255.0
serial restart-delay 0
!
interface Serial1/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial1/2
ip address 10.10.23.3 255.255.255.0
serial restart-delay 0
!
interface Serial1/3
no ip address
shutdown
serial restart-delay 0
!
router ospf 1
log-adjacency-changes
network 3.3.3.3 0.0.0.0 area 0
network 10.10.13.0 0.0.0.255 area 0
network 10.10.23.0 0.0.0.255 area 0


Let's configure tracking and apply it on the HSRP group of 1.

R1(config)#track 1 ip route 3.3.3.3 255.255.255.255 reachability
R1(config-track)#int fa0/0
R1(config-if)#standby 1 track 1 decrement 11

Ok, lets see how a "show track" output looks like.

R1#sh track 1
Track 1
IP route 3.3.3.3 255.255.255.255 reachability
Reachability is Up (OSPF)
1 change, last change 00:01:22
First-hop interface is Serial1/0
Tracked by:
HSRP FastEthernet0/0 1

Notice that tracking knows what routing protocol the route is learned from. It also shows how long its up, which interface and what HSRP group is using. Pretty neat huh? :) Let's remove the announcement of 3.3.3.3/32 in R3 to simulate lost of entry in the routing table.


R3(config-router)#no network 3.3.3.3 0.0.0.0 area 0

Let's see how R1 reacts to that.


R1#
*Sep 4 16:57:37.679: %OSPF-5-ADJCHG: Process 1, Nbr 3.3.3.3 on Serial1/0 from FULL to DOWN, Neighbor Down: Dead timer expired
*Sep 4 16:57:53.679: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Active -> Speak
*Sep 4 16:58:03.675: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Speak -> Standby
*Sep 4 16:58:08.747: %OSPF-5-ADJCHG: Process 1, Nbr 3.3.3.3 on Serial1/0 from LOADING to FULL, Loading Done
*Sep 4 16:58:23.691: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Standby -> Active
*Sep 4 16:58:38.831: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Active -> Speak
*Sep 4 16:58:48.831: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Speak -> Standby

R1#sh standby br
P indicates configured to preempt.
|
Interface Grp Prio P State Active Standby Virtual IP
Fa0/0 1 89 P Standby 10.10.20.2 local 10.10.20.10

R1#sh track 1
Track 1
IP route 3.3.3.3 255.255.255.255 reachability
Reachability is Down (no route)
4 changes, last change 00:00:56
First-hop interface is unknown
Tracked by:
HSRP FastEthernet0/0 1

Ok, as we can see, once OSPF detected that the network isn't anymore reachable, HSRP reacted as well by decrementing the priority by 11 as per configured. The priority is now 89, 11 less than the default HSRP priority of 100. "show track" also indicated that there is no more route going to 3.3.3.3. I would just like to point out here that if the command "standby 1 preempt" was not configured in R2, it would not assume the Active state and R1 will still remain the Active HSRP router. Preempt feature will make HSRP renegotiate.

Let's advertise again the route and see the changes.


R3(config)#router ospf 1

R3(config-router)#network 3.3.3.3 0.0.0.0 area 0

R1#sh standby br
P indicates configured to preempt.
|
Interface Grp Prio P State Active Standby Virtual IP
Fa0/0 1 100 P Active local 10.10.20.2 10.10.20.10

As expected R1 will reassume the HSRP Active state because the route is now found in the routing table. :)

IP SLA with HSRP

My friend recently had an implementation involving an EoSDH connection from one site to another involving 2 routers. LAN side of Site 1 requires HSRP to be running and it needs to track the EoSDH connection so the Active HSRP will shift to R2 incase of primary link failure. The problem is most EoSDH connection like his implementation has no way of detecting Layer 1 and Layer 2 failures upstream because there are switches installed in the customer premise and even within the ISP EoSDH connection. Houston we have a problem! :)

As a solution he can have a transit connection between R1 and R2 and run OSPF but configure the routes received from R2 to have a higher admin distance than the OSPF which has 110. He could also use IP SLA feature to detect failures and track it in the HSRP group so that any breaches on the configured IP SLA will make HSRP decrement priority. The diagram is shown below similar to most setups.


Cisco IOS IP SLAs is a feature included in the Cisco IOS Software that can allow administrators the ability to
Analyze IP Service Levels for IP applications and services.IP SLA's uses active traffic-monitoring technology to
monitor continuous traffic on the network. This is a reliable method in measuring over head network performance.
Cisco Routers provide IP SLA Responders that give accuracy of measured data across a network.
-Wikipedia-


In our diagram, the requirement is to run HSRP on the LAN and connect the primary router R1
and backup router, R2 to Site 2 which has R3. Connections to R1 -R3 and R2 - R3 should be in
different subnets. Imagine the network after SW1 towards R3 will be on the ISP side and could
have several switches towards R3. R1 is the Active HSRP router and R2 is the Standby.


The challenge here is how to track the EoSDH link which is like a FastEthernet/ GigabitEthernet network run across the
WAN.
Tracking the interface of R1 or R2 connected to the switch won't do any good in HSRP because, even if there is
an upstream failure,
that connection will still remain up. HSRP only decrements priority once it detects the router's interface
down.
The solution to this problem is to configure IP SLA.


Before we proceed the routers' initial configs are shown below.



R1#
interface FastEthernet0/0
ip address 10.10.20.1 255.255.255.0
duplex full
!
interface FastEthernet1/0
ip address 192.168.100.10 255.255.255.0
duplex full
speed auto
standby 12 ip 192.168.100.1
standby 12 preempt
!
router ospf 1
log-adjacency-changes
passive-interface FastEthernet1/0
network 10.10.20.0 0.0.0.255 area 0
network 192.168.100.0 0.0.0.255 area 0

R2#
!
interface FastEthernet0/0
ip address 10.10.30.2 255.255.255.0
duplex full
!
interface FastEthernet1/0
ip address 192.168.100.20 255.255.255.0
duplex full
speed auto
standby 12 ip 192.168.100.1
standby 12 priority 91
!
router ospf 1
log-adjacency-changes
passive-interface FastEthernet1/0
network 10.10.30.0 0.0.0.255 area 0
network 192.168.100.0 0.0.0.255 area 0

R3#
!
interface Loopback0
ip address 192.168.33.33 255.255.255.255
!
interface FastEthernet0/0
ip address 10.10.20.3 255.255.255.0
duplex full
!
interface FastEthernet1/0
ip address 10.10.30.3 255.255.255.0
duplex full
speed auto
!
router ospf 1
log-adjacency-changes
network 10.10.20.0 0.0.0.255 area 0
network 10.10.30.0 0.0.0.255 area 0
network 192.168.33.33 0.0.0.0 area 0
distance 254 10.10.30.2 0.0.0.0

Now, lets configure and SLA that constantly pings the Loopback address of R3 from R1. We will set the frequency of 10 , timeout and threshold of 2000.


R1(config)#ip sla monitor 1
R1(config-sla-monitor)#type echo protocol ipIcmpEcho 192.168.33.33
R1(config-sla-monitor-echo)#timeout 2000
R1(config-sla-monitor-echo)#threshold 2000
R1(config-sla-monitor-echo)#frequency 10

The frequency means it will do a ping in every 10 seconds to check if the configured netework is still reachable. The timeout and threshold values will determine if there is a "breach" in the configured SLA. Now let's start the SLA now and let it continue "forever" as long as the router is alive. You can also set other parameters like what time of the day this will start and what time it will end.


R1(config)#ip sla monitor schedule 1 start-time now life forever

Let's do a "debug ip icmp" and see if it is really doing its job now.


R1#debug ip icmp

ICMP packet debugging is on
R1#
*Sep 2 10:57:31.507: ICMP: echo reply rcvd, src 192.168.33.33, dst 10.10.20.1
*Sep 2 10:57:41.523: ICMP: echo reply rcvd, src 192.168.33.33, dst 10.10.20.1
*Sep 2 10:57:51.523: ICMP: echo reply rcvd, src 192.168.33.33, dst 10.10.20.1
*Sep 2 10:58:01.547: ICMP: echo reply rcvd, src 192.168.33.33, dst 10.10.20.1

Ok, its clear its receiving replies every 10 seconds. We are not done yet, we have to configure this to be tracked by HSRP.


R1(config)#track 1 rtr 1 reachability
R1(config-track)#int fa1/0
R1(config-if)#standby 12 track 1 decrement 11

The command "track 1 rtr 1" means that the IP SLA 1 is marked as tracked number 1. It doesn't matter what track number you use. Now, the HSRP config means that if the SLA is "breached" decrement by 11. First let's see the statistics of the configured IP SLA.


R1#sh ip sla monitor statistics 1
Round trip time (RTT) Index 1
Latest RTT: 28 ms
Latest operation start time: *11:04:01.523 UTC Wed Sep 2 2009
Latest operation return code: OK
Number of successes: 42
Number of failures: 0
Operation time to live: Forever

I will shut down the connection from R1 to R3. The threshold and timeout are set to 2000 but if there isn't a reply its also a breach. Let's check what happens to the HSRP.


R1#sh standby br
P indicates configured to preempt.
|
Interface Grp Prio P State Active Standby Virtual IP
Fa1/0 12 89 P Standby 192.168.100.20 local 192.168.100.1

When the router is able to ping again the loopback of R3. The HSRP state will become active again.

Certifications

Certifications

The Dreamer

A fun loving person who enjoys learning new things. Currently working as a Network Engineer supporting the global network of a Fortune 500 company. This blog serves as my notes for the labs I created for my CCIE journey. I can guarantee there are errors in my posts. If you spot them, please let me know.

Join my Facebook Page I WANT TO BE A CCIE

Donate to the Cause

My aim is to create materials for free and possibly a free lab. If you wish to help out, please send any amount. Thanks.

Join my Bandwagon

Blogs that I Read