Articles

Client/Server Python (works with VIRL)

Small Python Client/Server Application Client #!/usr/bin/env python import socket TCP_IP = '10.0.0.10' TCP_PORT = 21 BUFFER_SIZE = 1024 MESSAGE = "Hello, World!" s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((TCP_IP, TCP_PORT)) s.send(MESSAGE) data = s.recv(BUFFER_SIZE) s.close() print "received data:", data Server #!/usr/bin/env python import socket TCP_IP = '10.0.0.14' TCP_PORT = 21 BUFFER_SIZE = 20  # Normally 1024, but we want fast response s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.bind((TCP_IP, TCP_PORT)) s.listen(1) conn, addr = s.accept() print 'Connection address:', addr while 1:     data = conn.recv(BUFFER_SIZE)     if not data: break     print "received data:", data     conn.send(data)  # echo conn.close() Start Server cisco@server-2:~$ sudo python server.py Start Client Side cisco@server-1:~$ sudo

BGP & Tunneling

Image
R1 is in AS1, R5 in AS5. R2, R3 and R4 are in AS234. R1 has an eBGP session with R2. R5 has an eBGP session with R4. EIGRP is configured inside AS234. To allow R1 Loopback0 to reach R5 Loopback0, we must establish an iBGP session between R2 ans R4. We will use a GRE Tunnel between R2 and R4: R1: ! hostname r1 ! interface Loopback0  ip address 1.1.1.1 255.255.255.255 ! interface Serial1/0  ip address 10.150.12.1 255.255.255.0 ! router bgp 1  no synchronization  bgp router-id 1.1.1.1  bgp log-neighbor-changes  network 1.1.1.1 mask 255.255.255.255  neighbor 10.150.12.2 remote-as 234  no auto-summary ! ip route 0.0.0.0 0.0.0.0 10.150.12.2 ! On R5: ! hostname r5 ! interface Loopback0  ip address 5.5.5.5 255.255.255.255 ! interface Serial1/0  ip address 10.150.45.5 255.255.255.0 ! router bgp 5  no synchronization  bgp router-id 5.5.5.5  bgp log-neighbor-changes  network 5.5.5.5 mask 255.255.255.255  neighbor 10.150.45.4 remote-as 2

BGP - Synchronization

Image
Synchronization Before the discussion of synchronization, look at this scenario. RTC in AS300 sends updates about 170.10.0.0. RTA and RTB run iBGP, so RTB gets the update and is able to reach 170.10.0.0 via next hop 2.2.2.1. Remember that the next hop is carried via iBGP. In order to reach the next hop, RTB must send the traffic to RTE. Assume that RTA has not redistributed network 170.10.0.0 into IGP. At this point, RTE has no idea that 170.10.0.0 even exists. If RTB starts to advertise to AS400 that RTB can reach 170.10.0.0, traffic that comes from RTD to RTB with destination 170.10.0.0 flows in and drops at RTE. Synchronization states that, if your AS passes traffic from another AS to a third AS, BGP should not advertise a route before all the routers in your AS have learned about the route via IGP. BGP waits until IGP has propagated the route within the AS. Then, BGP advertises the route to external peers. In the example in this section, RTB waits to hear about 170.10.0

IPv6 - Frame-Relay #1

There is no Frame-Relay inarp mechanism for IPv6 in IOS. We must use static l3 to l2 mapping: ! hostname r1 ! interface Serial1/0  no ip address  encapsulation frame-relay  ipv6 address 2001:CC1E::/64 eui-64  ipv6 enable  serial restart-delay 0 ! Gives us the IPv6 address: r1#sh ipv6 interface brief s1/0 Serial1/0                  [up/up]     FE80::C800:32FF:FE45:0     2001:CC1E::C800:32FF:FE45:0 ! On r2: ! hostname r2 ! interface Serial1/0  no ip address  encapsulation frame-relay  ipv6 address 2001:CC1E::/64 eui-64  ipv6 enable  serial restart-delay 0 ! Gives us the IPv6 address: r2#sh ipv6 interface brief s1/0 Serial1/0                  [up/up]     FE80::C801:32FF:FE45:0     2001:CC1E::C801:32FF:FE45:0 ! Now, we can configure the mapping: On r1: ! interface Serial1/0  frame-relay map ipv6 2001:CC1E::C801:32FF:FE45:0 102 ! r1#show frame-relay map Serial1/0 (up): ipv6 2001:CC1E::C801:32FF:FE4

Policy Routing w/ Tracking objects

Image
Reliable Policy Routing R5 has two loopbacks, 5.5.5.5/32 and 55.55.55.55/32 Configure policy routing on r2 so that:  - to reach 5.5.5.5/32 packets from r1 must go to r3.  - to reach 55.55.55.55/32 packets from r1 must go to r4.  - do not use static routing on r2 (excepted to reach r1). Use reliable routing to do this:  - if r3 is not reachable, packets to 5.5.5.5/32 must go through r4.  - if r4 is not reachable, packets to 55.55.55.55/32 must go through r3. Verify using traceroute. r1 configuration: ! hostname r1 ! interface Loopback0  ip address 1.1.1.1 255.255.255.255 ! interface Serial1/0  ip address 192.168.12.1 255.255.255.0 ! ip route 0.0.0.0 0.0.0.0 192.168.12.2 ! r2 configuration: ! hostname r2 ! track 5 ip sla 10 ! track 55 ip sla 15 ! interface Serial1/0  ip address 192.168.12.2 255.255.255.0  ip policy route-map PBR ! interface Serial1/1  ip address 192.168.23.2 255.255.255.0  serial resta

Backup using Backup Interfaces

R1 is connected to R2 via 2 links, one of the two links will be active if the first on goes down: ! hostname r1 ! interface Loopback0  ip address 1.1.1.1 255.255.255.255 ! interface FastEthernet1/0  ip address 192.168.12.1 255.255.255.0 ! interface FastEthernet2/0  backup delay 3 60  backup interface FastEthernet1/0  ip address 192.168.112.1 255.255.255.0 ! ip route 2.2.2.2 255.255.255.255 192.168.12.2 ip route 2.2.2.2 255.255.255.255 192.168.112.2 ! ! hostname r2 ! interface Loopback0  ip address 2.2.2.2 255.255.255.255 ! interface FastEthernet1/0  ip address 192.168.12.2 255.255.255.0 ! interface FastEthernet2/0  ip address 192.168.112.2 255.255.255.0 ! ip route 1.1.1.1 255.255.255.255 192.168.12.1 ip route 1.1.1.1 255.255.255.255 192.168.112.1 ! FastEthernet2/0:   Backup interface FastEthernet1/0, failure delay 3 sec, secondary disable delay 60 sec, r1(config-if)#backup ?         active     Configur

Static Routing Backup with Tracking

Use ip sla + tracking object to check the next-hop availability. If the next hop is not reachable, the static route disappears from the routing table, useful if there is a switch between the routers: ! interface FastEthernet1/0.102  encapsulation dot1Q 102  ip address 192.168.12.2 255.255.255.0 ! track 5 ip sla 1 reachability  default-state up ! ip sla 1  icmp-echo 192.168.12.1 source-ip 192.168.12.2  timeout 900  threshold 2  frequency 3 ip sla schedule 1 life forever start-time now ! ip route 1.1.1.1 255.255.255.255 192.168.12.1 name Bob track 5 !