packetqueue.net

Musings on computer stuff, and things... and other stuff.

Cisco

Cisco

Cisco Live!

I just want­ed to drop a quick note here to let every­one know that I plan on blog­ging a lit­tle more fre­quent­ly this week, as I’ll be in Las Vegas for the annu­al North Amer­i­can Cis­co con­fer­ence: Cis­co Networkers/Live. I can’t promise I’ll be in my room slav­ing over long, elab­o­rate break­downs of technology–maybe an in depth review of whiskey selec­tions by bar–but I will try to post some pic­tures and infor­ma­tion about what I’m see­ing and hear­ing dur­ing the show. In years where I haven’t been able to attend the show, I always liked see­ing and hear­ing from folks who did. Now it’s my turn to give back some­thing, so watch this space…

Oh, and keep up with real-time infor­ma­tion on twit­ter where I hide behind the han­dle @someclown, or G+ where I can be found at: http://gplus.to/someclown.

Share

Cisco

IPv6 Half-truths

This post will be a short one, and most­ly just comes from a dis­cus­sion I had the oth­er day with anoth­er engi­neer.  It turns out that even among peo­ple who are com­fort­able with IPv6, and maybe even have expe­ri­ence deploy­ing it, a lot of mis­in­for­ma­tion still per­sists.  Hope­ful­ly I can cor­rect a cou­ple of those today.  I also tossed in a hot-pota­to at the end just to see how many folks get hopped up.  Dis­cus­sion is wel­come, and in addi­tion to com­ments here I can be found on twit­ter hid­ing behind the han­dle: @someclown.

You must turn on IPv6 by using the IPv6 uni­cast-rout­ing com­mand.

Not true.  This is one of the more per­sis­tent, yet wild­ly incor­rect, pieces of infor­ma­tion regard­ing IPv6.  I have even seen many train­ing cen­ters and instruc­tors at the CCIE lev­el get this one wrong and it falls into the cat­e­go­ry of atten­tion to detail.  What this com­mand actu­al­ly does is enable uni­cast rout­ing for IPv6, just as it says.  To actu­al­ly enable IPv6 you sim­ply need to go to any inter­face and use the ipv6 enable com­mand.  And yes, you can enable IPv6 on the inter­face with­out enabling uni­cast rout­ing.  Of course, it would be help­ful to have an address on the inter­face as well.

Yes, but if you don’t turn on uni­cast rout­ing you can’t route IPv6 traf­fic.

Not strict­ly speak­ing true.  You can still set up a default route for IPv6 traf­fic and get it off of your sys­tem.  To the extent that you want to argue whether or not this is actu­al­ly rout­ing is fine, but you can move IPv6 traf­fic off of your local device using a default route, and nev­er have enabled rout­ing for IPv6.

Using a /127 address on point-to-point links is wrong, wrong, wrong.

This is an inter­est­ing one, and usu­al­ly sparks a fair amount of debate.  Up until very recent­ly, the rec­om­men­da­tion across the board (RFC 4291) was to use /64 address­es even on point-to-point links, osten­si­bly because the IPv6 space is so big any­how, and because sev­er­al pro­to­cols will break (notably sub­net-router any­cast, spec­i­fied in RFC 3627).  While I’m not dis­put­ing that this is what the cur­rent best-prac­tices reflect, I will say that RFC 6164 which has a sta­tus of Pro­posed Stan­dard makes a fair­ly com­pelling case for using /127 on point-to-point links.  I’m sure this won’t be resolved any­time soon, stan­dards or no, but I would say that if you have a com­pelling rea­son for using /127 and know what you’re doing it for, go for it.  Just be aware that stan­dards can change, and you don’t want to leave a steam­ing pile for the poor per­son who has to fol­low you.

Share

Cisco

Home CCIE Study Lab

So, a lot of peo­ple who are work­ing towards their CCIE cer­ti­fi­ca­tions end up build­ing home labs for study­ing.  The rea­sons are many and var­ied, but mine boiled down to two pri­ma­ry ones:

 

(1) My study hours don’t always match well with what slots the online rack ven­dors have avail­able.

(2) I just like phys­i­cal equip­ment and the flex­i­bil­i­ty it pro­vides in both study­ing and in research.

Also, I just wan­na.

With that said, one of the next things peo­ple want to know is what gear it is that I have, and how do I have it con­fig­ured.  There­fore, with the recent post­ing fre­quen­cy here severe­ly lack­ing, writ­ing about my lab is a nice way to get some­thing fresh on the blog and hope­ful­ly it pro­vides some­thing use­ful to some­one out there.  I’m going to break this down into two gen­er­al cat­e­gories: equip­ment that I have pure­ly for my Cis­co CCIE lab, and oth­er equip­ment that I have either for my home net­work or for ran­dom rea­sons.

Ran­dom Non-Lab Spe­cif­ic Equip­ment List:

  1. WS-2950T-24 switch
  2. Two 1142N access points
  3. Wire­less Con­troller Mod­ule (NME-AIR-WLC6-K9) which is pret­ty fun, but breaks bon­jour and so is the bane of my exis­tence (see pre­vi­ous post here.)
  4. ASA 5505 with IPS mod­ule, run­ning bot-net fil­ter and some oth­er things.  This is also the main gate­way for the home net­work, con­nect­ing up to the cable modem.  It’s also the IPsec end­point for my always-on con­nec­tion to the office and seg­ments my home net­work, lab net­work, work net­work, etc.
  5. Com­cast Cable Modem, made by Motorol­la
  6. Ran­dom doohick­ey for my “Whole-Home DVR” with DirecTV
  7. Sun Sun­Fire v240 Serv­er with StorEdge 3300 stor­age array

Non-plugged in Equip­ment

  1. Sun Enter­prise 3500
  2. Two Cis­co 3550 switch­es
  3. Two PIX 501

Com­put­er stor­age:

  1. Sea­gate 750GB exter­nal dri­ve (USB)
  2. Iomega 1TB exter­nal (eSA­TA)
  3. Drobo S with 5 2TB dri­ves for 10TB raw (eSA­TA)

Cis­co Lab Equip­ment:

  1. Four 3560-X switch­es, with four-gig uplink mod­ules (might still get the 10 at some point), ful­ly licensed with IPSer­vices and run­ning 12.2(53) SE2.
  2. Eight 2801 routers, all run­ning 12.4(22)T5 Advanced Enter­prise, and all with at least one Wic-2T smart ser­i­al card which pro­vides two smart ser­i­al con­nec­tions.  Four of the 2801 have two Wic-2T cards, and a cou­ple oth­ers have a mix­ture of 1-Wic-DSU-T1 cards, FXO cards, and FXS cards (most­ly left­overs and hand-me downs, but there are some inter­est­ing pos­si­bil­i­ties.)
  3. One 2811 run­ning the same IOS as the 2801 routers, used as a back­bone router for inject­ing routes and some oth­er misc. stuff.
  4. One 2621 run­ning some­thing-or-oth­er and act­ing as anoth­er back­bone router.
  5. One 3845 run­ning the same Advanced Enter­prise as the oth­ers.  This has five Wic-2T cards and acts as the frame switch. It also has an HWIC-16A card and does reverse-tel­net to every­thing else (ter­mi­nal serv­er).  It also hous­es some ran­dom stuff includ­ing the wire­less con­troller men­tioned above.

All of this is cabled and wired almost iden­ti­cal­ly to the CCBoot­Camp lab topol­o­gy.  This is because I have all of their work­books and want­ed to be able to study with my own equip­ment.  A cou­ple of the details are dif­fer­ent, most­ly around inter­face num­bers and the specifics of the back­bone routers and such.  Also, the switch­es I have are way overkill but sat­is­fy the lab require­ments.  Giv­en the actu­al topol­o­gy from just about any main­stream train­ing provider, I can copy it with the equip­ment I have, and that’s exact­ly what I want­ed to be able to do.  As always, con­tact me here or on twit­ter with ques­tions and com­ments.

Pic­tures of the lab and sun­dries are includ­ed below.

Share

Cisco

Cisco Live 11 Schedule

Every­one has been post­ing their sched­ules for Cis­co Live to Twit­ter, Face­book and wher­ev­er else, so I thought I’d bet­ter jump in with the cool kids and pub­lish mine as well.  I can’t guar­an­tee this won’t change, but for now it stands as my best guess and cur­rent planned sched­ule.

Share

Cisco

Frame Relay Switch Setup

Editor’s Note: Google Chrome seems to dis­like my site theme and is hyphen­at­ing absolute­ly every­thing.  Apolo­gies for that, and I’ll look into it just as soon as I get done with a few items on the “hon­ey-do” list.

If you are study­ing for the CCIE Rout­ing and Switch­ing exam, one of the tech­nolo­gies that is still heav­i­ly preva­lent is Frame Relay.  It is expect­ed that you know both the tech­nol­o­gy itself, and how to con­fig­ure it, but also how it inter­acts with and affects oth­er key tech­nolo­gies like OSPF and EIGRP.  Hav­ing the abil­i­ty to study Frame Relay, then, and get plen­ty of hands-on con­fig­u­ra­tion time becomes as impor­tant as with any­thing on the R&S 4.0 Blue­print.

While many net­work engi­neers are already famil­iar with Frame Relay from a con­sumer side–in oth­er words, from the per­spec­tive of an enti­ty which buys Frame Relay ser­vices from a provider–not many of us are famil­iar with the ser­vice provider por­tion of the equa­tion.  This makes set­ting up prac­tice labs dif­fi­cult if you are try­ing to study using your own equip­ment.  For­tu­nate­ly, you can set up your own Frame Relay switch fair­ly eas­i­ly, and that is what we’re going to walk through today.

A Frame Relay switch is the DCE device that sits inside a ser­vice provider’s net­work and moves the frames along from point A to point B.  There are many of these devices all work­ing togeth­er inside of your provider’s net­work to move your infor­ma­tion along, but for­tu­nate­ly for lab can­di­dates study­ing at home, you can eas­i­ly get by with just one.  Even more for­tu­nate is that you can use a fair­ly low pow­ered router to act as a Frame Relay switch, and not miss any­thing that you’ll need for pur­pos­es of the lab.

A quick note on the lab is in order here.  It used to be a part of the lab blue­print (dont’ ask me which one, or how far back in time) that you had to know how to set up a Frame Relay switch.  Cis­co has since tak­en that require­ment away, at least from the R&S lab, and so a lot of that knowl­edge isn’t com­mu­ni­cat­ed in teach­ing texts any longer.  What you’ll find in the lab itself is an already con­fig­ured Frame Relay switch that you’ll have no direct access to, but all of the infor­ma­tion you need to make your equip­ment talk to it.

It may seem coun­ter­in­tu­itive, but for a home lab the best device to use for a Frame Switch is actu­al­ly a router.  For instance, I’m using an old­er Cis­co 2621 mod­el for my Frame Switch, and it does every­thing I need it to do.  Ser­vice providers will typ­i­cal­ly use more spe­cial­ized gear, but all we’re going for in our stud­ies is a rea­son­able fac­sim­i­le.  If you want to spend a lot of mon­ey, fol­low the advice of so many oth­ers and spend it on your lay­er-3 switch­es.

Anoth­er thing we want to briefly dis­cuss is inter­faces.  Gen­er­al­ly speak­ing, you can either fol­low the “run what’cha brung” phi­los­o­phy of just using what you have access to, or you can buy the inter­faces you want.  In my case I had a cou­ple of WIC-T1 cards that I’ve used, and then I bought a hand­ful of WIC-2T ser­i­al inter­face cards.  The key is to have a ser­i­al inter­face for each router you want to con­nect via the Frame switch.  So I have one T1 inter­face, and six ser­i­al inter­faces for a total of sev­en devices I can con­nect into the Frame “cloud”.  I find this to me more than ade­quate, though if you’re try­ing to dupli­cate a spe­cif­ic topol­o­gy you may need more or less.

The con­fig­u­ra­tion of a Frame switch is actu­al­ly very sim­ple, as you’ll see, though atten­tion to detail does mat­ter.  I’m assum­ing here, by the way, that you already know how to set up your router for basic access, clock, etc., so I won’t cov­er that here.  So, the first step in con­fig­ur­ing your router to be a Frame switch is to put it into Frame switch­ing mode using the com­mands:

ip cef
frame-relay switching

 

These com­mands turn on Cis­co Express For­ward­ing, put the router into a Frame switch­ing mode, and change quite a bit of the default behav­ior, so don’t expect to use this device as a router in any lab topol­o­gy you’re work­ing on.  This device will be just a Frame switch and noth­ing more.

The next step is to con­fig­ure the indi­vid­ual inter­faces you’ll con­nect your oth­er routers to, and you have a lot of choic­es here.  I don’t know exact­ly how the R&S lab devices are set up, so I’m just going to give you the con­fig­u­ra­tion I use.  I’ll post the con­fig­u­ra­tion below, and then go over the key comands:

interface Serial0/1
no ip address
encapsulation frame-relay
logging event subif-link-status
logging event dlci-status-change
clock rate 8000000
no frame-relay inverse-arp
frame-relay intf-type dce
frame-relay route 220 interface Serial0/2 120
frame-relay route 221 interface Serial0/0 320

 

The first few lines of the con­fig­u­ra­tion should be famil­iar to you already.  We’re set­ting our inter­face encap­su­la­tion to frame-relay, and then log­ging on a cou­ple of events.  The log­ging is com­plete­ly up to you, and not nec­es­sary one way or anoth­er.  I just find them help­ful.  Next we set the clock rate, and we tell the inter­face that we are the DCE end of the con­nec­tion.  Remem­ber, in a Frame Relay net­work the clock­ing (DCE end) comes from the line or provider side, so this is what you’ll want.  If I am work­ing with a T1 ser­i­al inter­face, I’ll also need a line for that:

service-module t1 clock source internal

 

This can change depend­ing on the type of card and how you have it con­fig­ured.

Now, the oth­er options we have here require a lit­tle more expla­na­tion.  The “no frame-relay inverse-arp” com­mand does just what it says, and you can argue for the Frame switch hav­ing this turned on, or off.  In most cas­es in the lab, you’ll be instruct­ed to not use inverse arp on the DTE devices, so I’ve just turned that func­tion­al­i­ty off on my Frame switch from the out­set.  It’s real­ly your call.

The next two lines begin­ning with frame-relay route are the ones that always seem to cause con­fu­sion.  You can read the first line as “If some traf­fic comes in from DLCI 220, with a des­ti­na­tion of DLCI 120, send it out inter­face Ser­i­al 0/2”.  Sub­sti­tute DLCI 221 and 320 on the next line, but oth­er­wise read it the same.  So if I now plug in a router to inter­face Ser­i­al 0/1, and assign DLCI 220 and 221 to two dif­fer­ent sub-inter­faces (for instance, dif­fer­ent options are pos­si­ble) the Frame switch will know what to do with that traf­fic.

So, if we have a dia­gram that looks like the fol­low­ing:

Then we have a con­fig­u­ra­tion for inter­faces that looks like so:

interface Serial0/0
no ip address
encapsulation frame-relay
logging event subif-link-status
logging event dlci-status-change
service-module t1 clock source internal
no frame-relay inverse-arp
frame-relay intf-type dce
frame-relay route 320 interface Serial0/1 221
frame-relay route 321 interface Serial0/2 121
!
interface Serial0/1
no ip address
encapsulation frame-relay
logging event subif-link-status
logging event dlci-status-change
clock rate 8000000
no frame-relay inverse-arp
frame-relay intf-type dce
frame-relay route 220 interface Serial0/2 120
frame-relay route 221 interface Serial0/0 320
!
interface Serial0/2
no ip address
encapsulation frame-relay
logging event subif-link-status
logging event dlci-status-change
clock rate 8000000
no frame-relay inverse-arp
frame-relay intf-type dce
frame-relay route 120 interface Serial0/1 220
frame-relay route 121 interface Serial0/0 321

 

I hope that helps out, and as always if you have any ques­tions or clar­i­fi­ca­tions please drop me a line here or on twit­ter where I’m known as @SomeClown.

Share