Real World Level 1/2 Network Engineer Interview Series - Part 1

While we are half way done with our "MPLS Layer 3 VPN Configuration & Troubleshooting" series. I am going to start one more series today on "CCNA-CCNP Interviews". 


Actually recently my current company was hiring couple of network engineers for Level-1/2/3 positions. But while taking interviews, I found even some good CCNA/NP/IE people were not having enough skills to qualify as Level 2/3 Engineers. No doubt they were good at Cisco Routing and Switching concepts for example, but were not aware of many things which though Cisco don't cover in terms of certification exams but still I would expect someone to know those at concepts  level from Level 2/3 Engineer prospective. Few examples would be - Load Balancer, WAN Acceleration, Basics of Network Security, Catalyst 6500, Supervisor Engineers and how to identify them, Catalyst 6500 Native Vs Hybrid Mode , TDR, OTDR, MDIX, OSPF Database Explanation Etc.


So in this particular series I'll not only present some of questions I asked them in terms of technology but also we will focus heavily on Other Products and Technologies which Cisco still don't cover in terms of Certification Exams but those are heavily deployed in real world and without knowing them you can't qualify as Level 2 Network Engineer. I didn't mention Level 3 here since I consider that as expert level and at that point only knowing these additional products and technologies are not sufficient enough and I expect them to have good hands on experience with those.


This series is going to be a big one for sure ;-) , And first of it's kind.


HTH...
Deepak Arora
Evil CCIE

IPexpert's Protocol Operations and Troubleshooting Series

In last couple of months, one of the most popular CCIE R&S training vendor in market - IP EXPERT released couple of books covering R&S blueprint technologies. Which I personally feel is a big effort. Since writing books not only takes time but also those should be user friendly as well. Otherwise there are always choices in terms of books. The best part about IPX books is that they not explain you technology in a very simple manner but also focus on configuration examples to make sure you really understand the concepts and also focus heavily on troubleshooting. Troubleshooting is I guess the part which most book vendors fail to cover or help you as reader to build step by step logical approach.


So far they have released four books under this series and I wish they will keep doing it for rest of important R&S technology domains.


http://www.ipexpert.com/Cisco/Troubleshooting-Series


HTH...
Deepak Arora
Evil CCIE

INE Free OER/PFR V-Lecture - By Brian Dennis

PFR is one of the topics which lately most of R&S Engineers find either hard to understand or hate it ;-)


So to help students with the preparation, INE conducted a Free V-Seminar on PFR. The seminar ran for around 8 Hrs during which Brian Dennis himself walk through the advanced PFR scenarios.


PFR or Performance Routing was initially introduced as feature called OER or Optimized Edge Routing. During 12.4 series of IOS (official R&S Lab Version), the feature was not developed fully or I should say mature enough. But since the introduction of IOS 15.x Series, Feature has grown very well and I would expect more PFR to be implemented in real world as people move or migrate their networks to IOS 15. IOS 15 has many other feature which will change the network world significantly like LISP.


During the Seminar Brian also suggested that he will be running a 3 Days PFR class soon which will be covering PFR features which can be implemented in IOS 15 and are not available in IOS version 12.4


So here is the URL of V-Seminar recording:


http://www.ine.com/all-access-pass/training/playlist/ccie-rs-pfr-vseminar/-pfr--vseminar-22200011.html

Here is the URL for Cisco's official PFR Documentation page:

www.cisco.com/go/pfr

Also INE PFR Class Expect you to have some basic PFR understanding, For that I would recommend following V-Lecture from IP Expert Instructor - Tyson Scott

https://ipexpert.adobeconnect.com/_a748906506/p97345846/?launcher=false&fcsContent=true&pbMode=normal


HTH...
Deepak Arora
Evil CCIE

OSPF DR - BDR Election (Which One Gets Elected First) - Old Chicken & Egg Problem

It's one of most popular discussions when it comes to Networks. Though most of people can answer this now stating that it's BDR which gets elected first. But not many people understand "WHY ?" behind it. 


Also more importantly there is less popular timer in OSPF world known as "WAIT TIMER" which in some way is also related to DR/BDR Election.


So I am putting different URLs together talking about all these:


https://learningnetwork.cisco.com/thread/42177?tstart=0

https://supportforums.cisco.com/thread/206322

http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094056.shtml

https://learningnetwork.cisco.com/thread/38584


HTH...
Deepak Arora
Evil CCIE

Fibre Channel over Ethernet (FCoE) - Video from live Webcast (By Triple CCIE Ozden Karakok )

https://supportforums.cisco.com/videos/2023

https://supportforums.cisco.com/docs/DOC-15882

HTH...
Deepak Arora
Evil CCIE

Building MPLS Layer 3 VPN Series Part 3 - Building The Edge

Today let's continue with the Third Part of our MPLS VPN Series. Today we will be spending some time building the Edge Of The Network.


Let't take a close look at the topology:

We are going to build Two VPNs here. One will be called as VPN - BLUE and other as VPN - RED. Each VPN will represent one Customer and as ISP we don't want that. So we need to ensure that VPN - BLUE routes can't be seen by VPN - RED and vice versa.


To meet this requirement, MPLS supports a feature known as VRF (Virtual Routing & Forwarding). Each VRF is just like a Virtual Instance which by default doesn't talk to other VRF. This also allows customers to use over lapping network addresses.


So let's hope on to CLI to see things in action:


So here is the initial configuration for all customer routers:

R4

===

!

en

!

conf t

!

no ip do lo

!

int lo0

 ip add 4.4.4.4 255.255.255.255

 exit

!

int f0/0

 ip add 14.14.14.4 255.255.255.0

 no shut

 exit

!

end

wr

!

####################################

R5

===

!

en

!

conf t

!

no ip do lo

!

int lo0

 ip add 5.5.5.5 255.255.255.255

 exit

!

int f0/0

 ip add 15.15.15.5 255.255.255.0

 no shut

 exit

!

int f1/0

 ip add 58.58.58.5 255.255.255.0

 no shut 

 exit

!

end

!

wr

!

####################################

R8

===

!

en

!

conf t

!

no ip do lo

!

int lo0

 ip add 8.8.8.8 255.255.255.255

 exit

!

int f0/0

 ip add 18.18.18.8 255.255.255.0

 no sh

 exit

!

int f1/0

 ip add 58.58.58.8 255.255.255.0

 no sh

 exit

!

end

!

wr

!

####################################

R6

===

!

en

!

conf t

!

no ip do lo

!

int lo0

 ip add 6.6.6.6 255.255.255.255

 exit

!

int f0/0

 ip add 36.36.36.6 255.255.255.0

 no sh

 exit

!

end

!

wr

!

####################################

R7

===

!

en

!

conf t

!

no ip do lo

!

int lo0

 ip add 7.7.7.7 255.255.255.255

 exit

!

int f0/0

 ip add 37.37.37.7 255.255.255.0

 no sh

 exit

!

end

!

wr

!

####################################

Some quick verification, Of course Never hurts ;-)

R4#sh ip int b | e una|do

Interface                  IP-Address      OK? Method Status                Protocol

FastEthernet0/0            14.14.14.4      YES manual up                    up

Loopback0                      4.4.4.4         YES manual up                    up

R5#sh ip int b | e una|do

Interface                  IP-Address      OK? Method Status                Protocol

FastEthernet0/0            15.15.15.5      YES manual up                    up

FastEthernet1/0            58.58.58.5      YES manual up                    up

Loopback0                      5.5.5.5         YES manual up                    up

R8#sh ip int b | e una|do

Interface                  IP-Address      OK? Method Status                Protocol

FastEthernet0/0            18.18.18.8      YES manual up                    up

FastEthernet1/0            58.58.58.8      YES manual up                    up

Loopback0                      8.8.8.8         YES manual up                    up

R6#sh ip int b | e una|do

Interface                  IP-Address      OK? Method Status                Protocol

FastEthernet0/0            36.36.36.6      YES manual up                    up

Loopback0                      6.6.6.6         YES manual up                    up

R7#sh ip int b | e una|do

Interface                  IP-Address      OK? Method Status                Protocol

FastEthernet0/0            37.37.37.7      YES manual up                    up

Loopback0                      7.7.7.7         YES manual up                    up

####################################

Let's roll out the connectivity from ISP side now using VRFs.

R1

===

R1(config)#ip vrf BLUE

R1(config-vrf)#rd 500:1

R1(config-vrf)#route-target both 500:1

R1(config-vrf)#exit

R1(config)#int f1/0

R1(config-if)#ip add 14.14.14.1 255.255.255.0

R1(config-if)#ip vrf forwarding BLUE

% Interface FastEthernet1/0 IP address 14.14.14.1 removed due to enabling VRF BLUE

You see, router removed the IP Address from the interface. So we need to put it back.

R1(config-if)#ip add 14.14.14.1 255.255.255.0

R1(config-if)#no sh

R1(config-if)#exit

So moral of story : Always check the IP Address before putting VRF on interface. What I always do myself is to run command " sh run int  " and than I jump on interface and configure VRF.

Let's ping R4 now :

R1#ping 14.14.14.4

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 14.14.14.4, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

Oops...We still don't have connectivity. Really ? ;-)

Actually since now VRF is configured on interface now, we need to run VRF aware ping now:

R1#ping vrf BLUE 14.14.14.4

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 14.14.14.4, timeout is 2 seconds:

.!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 12/31/64 ms

Now what is RD & RT:

RD - http://en.wikipedia.org/wiki/Route_distinguisher

RT - http://www.ciscopress.com/articles/article.asp?p=28259&seqNum=5

Let's configure VRF - RED now:

R1(config)#ip vrf RED

R1(config-vrf)#rd 500:2

R1(config-vrf)#route-target both 500:2

R1(config-vrf)#exit

R1(config)#int f2/0

R1(config-if)#ip vrf forwarding RED

R1(config-if)#ip add 15.15.15.1 255.255.255.0

R1(config-if)#no sh

R1(config-if)#exit

R1(config)#int f3/0

R1(config-if)#ip vrf forwarding RED

R1(config-if)#ip add 18.18.18.1 255.255.255.0

R1(config-if)#no sh

R1(config-if)#exit

Let's verify the connectivity:

R1#ping vrf RED 15.15.15.5

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 15.15.15.5, timeout is 2 seconds:

.!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 20/31/56 ms

R1#ping vrf RED 18.18.18.8

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 18.18.18.8, timeout is 2 seconds:

.!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 28/42/52 ms

Let's setup rest of VRFs quickly:

R3(config)#ip vrf RED

R3(config-vrf)#rd 500:2

R3(config-vrf)#route-target both 500:2

R3(config-vrf)#exit

R3(config)#int f1/0

R3(config-if)#ip vrf forwarding RED

R3(config-if)#ip add 36.36.36.3 255.255.255.0

R3(config-if)#no sh

R3(config-if)#end

R3#ping vrf RED 36.36.36.6

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 36.36.36.6, timeout is 2 seconds:

.!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 16/38/64 ms

R3(config)#ip vrf BLUE

R3(config-vrf)#rd 500:1

R3(config-vrf)#route-target both 500:1

R3(config-vrf)#exit

R3(config)#int f2/0

R3(config-if)#ip vrf forwarding BLUE

R3(config-if)#ip add 37.37.37.3 255.255.255.0

R3(config-if)#no sh

R3(config-if)#end

R3#ping vrf BLUE 37.37.37.7

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 37.37.37.7, timeout is 2 seconds:

.!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 16/41/80 ms

So far so good. We will setup VRF aware IGP routing for VPN BLUE in next Post along with BGP, MPBGP & Redistribution.

Stay Tuned....

HTH...

Deepak Arora

Evil CCIE

Building MPLS Layer 3 VPN Series Part 2 - Building SP Core

So let's continue with Second Post of the series. In today's post we will be building SP Core. Which will include following:


1. Establishing the basic IP Connectivity in the SP Core.
2. Enabling CEF
3. Enabling Label Distribution Protocol
4. Enabling MPLS in the SP Core


So let's bring the topology quickly:

So let's first quickly setup the IP Connectivity between R1-R2-R3 (SP Core Devices)


%%%%%%%%%%%%%%%%%%%%%%%%%%

R1

###

!

en

!

conf t

!

ho R1

!

no ip domain-lookup

!

int f0/0

 ip add 12.12.12.1 255.255.255.0

 no sh

 exit

!

int lo0

 ip add 1.1.1.1 255.255.255.255

 exit

!

router ospf 500

 network 12.12.12.1 0.0.0.0 area 500

 network 1.1.1.1 0.0.0.0 area 500

 exit

!

end

!

wr

!

*********************************

R2

###

!

en

!

conf t

!

ho R2

!

no ip domain-lookup

!

int lo0

 ip add 2.2.2.2 255.255.255.255

 exit

!

int f0/0

 ip add 12.12.12.2 255.255.255.0

 no sh

 exit

!

int f1/0

 ip add 23.23.23.2 255.255.255.0

 no sh

 exit

!

router ospf 500

 net 12.12.12.2 0.0.0.0 area 500

 net 23.23.23.2 0.0.0.0 area 500

 net 2.2.2.2 0.0.0.0 area 500

 exit

!

end

!

wr

!

*********************************

R3

###

!

en

!

conf t

!

ho R3

!

no ip do lo

!

int lo0

 ip add 3.3.3.3 255.255.255.255

 exit

!

int f0/0

 ip add 23.23.23.3 255.255.255.0

 no sh

 exit

!

router ospf 500

 net 3.3.3.3 0.0.0.0 area 500

 net 23.23.23.3 0.0.0.0 area 500 

 exit

!

end

!

wr

!

%%%%%%%%%%%%%%%%%%%%%%%%%%

Next let's quickly verify the connectivity:

R1#ping 3.3.3.3 source loopback0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:

Packet sent with a source address of 1.1.1.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 28/62/116 ms

R3#ping 1.1.1.1 so lo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:

Packet sent with a source address of 3.3.3.3

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 20/52/80 ms

So far so good ? ...... ;-)

Let's proceed with enabling the MPLS in SP Core Network:

Step 1 > Will be to enable CEF globally on the router. Though CEF is by default  enabled on Cisco Routers these days. But it never hurts to type one small command which can save your whole day. Specially it will be something stupid when you find that everything in MPLS VPN was setup correctly and in last you find that it was only CEF which was disabled. Which caused MPLS VPN to fail.

R1(config)#ip cef

Step 2 > Is to Enable Label distribution protocol. There are technically 4 protocols which can help with this named as  - TDP (Tag Distribution Protocol - Cisco Proprietary), LDP (Label Distribution Protocol), BGP & RSVP. TDP is Cisco baby so most likely not going to appear in R&S Lab. LDP on the other hand is industry standard which most likely you gonna find on exam. Using BGP/RSVP for label distribution is out of scope from R&S Lab prospective.

R1(config)#mpls label protocol ?

  ldp  Use LDP (default)

  tdp  Use TDP

R1(config)#mpls label protocol ldp

Next we fix Router ID that LDP will be using:

R1(config)#mpls ldp router-id loopback 0

Step 3 > Enable MPLS on SP Core Interfaces:

R1(config)#int f0/0

R1(config-if)#mpls ip

R1(config-if)#exit

Lets follow the same steps on R2/R3 :

R2(config)#ip cef

R2(config)#mpls label protocol ldp

R2(config)#mpls ldp router-id loopback0

R2(config)#int f0/0

R2(config-if)#mpls ip

R2(config-if)#exit

R2(config)#int f1/0

R2(config-if)#mpls ip

R2(config-if)#exit

R3(config)#ip cef

R3(config)#mpls label protocol ldp

R3(config)#mpls ldp router-id loopback0

R3(config)#int f0/0

R3(config-if)#mpls ip

R3(config-if)#exit

Let's quickly verify the LDP sessions and other basic MPLS configuration:

R1#sh mpls interfaces

Interface                   IP            Tunnel   Operational

FastEthernet0/0        Yes (ldp)     No       Yes

R1#sh mpls ldp neighbor

    Peer LDP Ident: 2.2.2.2:0; Local LDP Ident 1.1.1.1:0

        TCP connection: 2.2.2.2.46225 - 1.1.1.1.646

        State: Oper; Msgs sent/rcvd: 15/15; Downstream

        Up time: 00:06:23

        LDP discovery sources:

          FastEthernet0/0, Src IP addr: 12.12.12.2

        Addresses bound to peer LDP Ident:

          12.12.12.2      23.23.23.2      2.2.2.2

R2#sh mpls interfaces

Interface              IP            Tunnel   Operational

FastEthernet0/0        Yes (ldp)     No       Yes

FastEthernet1/0        Yes (ldp)     No       Yes

R2#sh mpls ldp neighbor

    Peer LDP Ident: 1.1.1.1:0; Local LDP Ident 2.2.2.2:0

        TCP connection: 1.1.1.1.646 - 2.2.2.2.46225

        State: Oper; Msgs sent/rcvd: 16/16; Downstream

        Up time: 00:07:01

        LDP discovery sources:

          FastEthernet0/0, Src IP addr: 12.12.12.1

        Addresses bound to peer LDP Ident:

          12.12.12.1      1.1.1.1

    Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 2.2.2.2:0

        TCP connection: 3.3.3.3.64294 - 2.2.2.2.646

        State: Oper; Msgs sent/rcvd: 14/14; Downstream

        Up time: 00:05:19

        LDP discovery sources:

          FastEthernet1/0, Src IP addr: 23.23.23.3

        Addresses bound to peer LDP Ident:

          23.23.23.3      3.3.3.3

R3#sh mpls interfaces

Interface              IP            Tunnel   Operational

FastEthernet0/0        Yes (ldp)     No       Yes

R3#sh mpls ldp neighbor

    Peer LDP Ident: 2.2.2.2:0; Local LDP Ident 3.3.3.3:0

        TCP connection: 2.2.2.2.646 - 3.3.3.3.64294

        State: Oper; Msgs sent/rcvd: 15/15; Downstream

        Up time: 00:06:04

        LDP discovery sources:

          FastEthernet0/0, Src IP addr: 23.23.23.2

        Addresses bound to peer LDP Ident:

          12.12.12.2      23.23.23.2      2.2.2.2

So last step for today - Let's quickly verify MPLS Label operation using traceroute command:

R1#traceroute 3.3.3.3 source loopback 0

Type escape sequence to abort.

Tracing the route to 3.3.3.3

  1 12.12.12.2 [MPLS: Label 17 Exp 0] 140 msec 132 msec 128 msec

  2 23.23.23.3 152 msec *  144 msec

R3#traceroute 1.1.1.1 source loopback 0

Type escape sequence to abort.

Tracing the route to 1.1.1.1

  1 23.23.23.2 [MPLS: Label 16 Exp 0] 212 msec 228 msec 144 msec

  2 12.12.12.1 64 msec *  132 msec

So far so cool.

In Next Post we will be setting up Normal BGP Session and VRF Sessions.

Stay Tuned.........

HTH...

Deepak Arora

Evil CCIE

Building MPLS Layer 3 VPN Series Part 1 (Overview) - Let's begin with baby steps

It's been quite a while since CCIE R&S Ver 4 blueprint came out. But still almost two years later I see lots of people still have issues not only with MPLS VPN Troubleshooting but also with MPLS VPN configuration. So I thought to start a series on basic MPLS Layer 3 VPNs configuration and troubleshooting. Initially I'll start with some very basic scenario and will configure all CCIE R&S PE-CE Protocols such RIP, EIGRP, OSPF & BGP. Later we will introduce some more complex topology to get some CCIE R&S Lab TS Section feeling. Along the way we will be doing some troubleshooting labs and most importantly will try to develop troubleshooting strategy as well.




So lets first talk about problem with building MPLS Layer 3 VPNs. Basically the problem people usually encounter with MPLS VPNs is that it's basically collection of many many technologies working together which makes it look alike complex technology. But no matter how much complex something looks alike, it's just collection of different technologies/pieces working together. And as long as you can break complex things into pieces, it makes it easy.


So lets try to list down different technologies you need to master in prior in order to make MPLS Layer 3 VPN work:


> Layer 2 Technologies ( Ethernet, Switching & Bridging, PPP, Frame-Relay)
> IGPs (RIP, EIGRP, OSPF)
> EGP (BGP)
> REDISTRIBUTION
> Cisco Express Forwarding (CEF)
> MPLS
> MPLS Label Distribution Protocols (TDP, LDP, BGP, RSVP)
> Multi Protocol BGP (MPBGP)
> Basics of Virtualization (Concept)


So you see there are many technologies working together.  And most importantly you need to master all this stuff before you start working on MPLS layer 3 VPNs.  


On the flip side, if you really know and understand all technologies mentioned above, The MPLS Layer 3 VPNs is nothing but making all these technologies work together.


In next post I'll start with Building the Service Provider Core network to get it ready for running MPLS VPNn. Below is the topology we will be using. Stay tuned.....

Backup Interfaces - Important Facts

Every once in a while I have seen people working on cisco certification talking about backup interfaces configuration not working. Although configurations are usually good and should have worked just fine. But the problem usually I see is the way they test things.


Let's take a look at topology given above. Say S0/0 link is the primary interface and S0/1 is the backup interface.


The way usually try people to test backup interface configuration on R1 is  - they try to shut S0/0 interface and expect S0/1 interface to trigger up. Though it should have worked ideally. But our very own IOS is intelligent enough to recognize that Administrator has manually shut down interface and S0/0 didn't went down by its own. And decides to not to trigger backup interface S0/1. So below are the different methods or right methods I should say to test your backup interface configurations.

* Change the encapsulation of the interface

* Change the assigned DLCI for a subinterface

* Physically unplug the cable

* Apply the shutdown command to the opposite end of the link (other router)

Further Readings:

http://www.cisco.com/en/US/tech/tk801/tk133/technologies_tech_note09186a008009457d.shtml

http://ardenpackeer.com/tutorials/routeswitch/tutorial-how-to-set-up-backup-interfaces/

HTH...
Deepak Arora
Evil CCIE