Friday, August 29, 2014

Yet another note

1. On PE router, address families ipv4 vrf X and vpnv4 must be configured. Under vpnv4 address family neighboring PE router must be specified in order for them to start advertising vpvn4 capabilities to each other. Redistribution of customer routes occurs in ipv4 vrf X address family.

2. When redistributing route to IPv6 EIGRP and then summarizing it out of interface, route gets into EIGRP tables of neighbors as INTERNAL EIGRP route instead of external.

3. QBBP. Allows router to mark and apply QoS policies to packets based on BGP destination route.

   route-map route-map-name [permit | deny [sequence-number]]
    match community {standard-list-number | expanded-list-number | community-list-name [exact]}
    set ip precedence [number | name]
   router bgp autonomous-system
    table-map route-map-name
   ip community-list standard-list-number {permit | deny} [community-number]
   interface type number
    bgp-policy {source | destination} ip-prec-map

4. What happens when DR is not a hub in DMVPN?

5. When applying filter-list at OSPF ABR, direction can be somewhat confusing, so always remember that it has the following meaning: IN - filters LSA from this ABR TO the specified area, OUT - filters updates FROM the specified area to ALL other areas.

6. Prefix lists permit any 0.0.0.0/32 le 32 not be confused with 0.0.0.0/0, which is default only

7. "ip rip v2-broadcast" interface command to force RIPv2 to broadcast updates

8. uRPF with ACL. Cisco docs: "If Unicast RPF does not find a reverse path for the packet, Unicast RPF can drop or forward the packet, depending on whether an ACL is specified in the Unicast Reverse Path Forwarding command. If an ACL is specified in the command, then when (and only when) a packet fails the Unicast RPF check, the ACL is checked to see if the packet should be dropped (using a deny statement in the ACL) or forwarded (using a permit statement in the ACL)."

9. Controlling redistribution. For example, mutual redistribution between OSPF and RIP on two routers. The least elegant way is to deny OSPF routes to enter OSPF domain back at all. Another way to control redistribution is to lower AD only for routes that are native to RIP (in case 2 OSPF ASBR and RIP routers share the same subnet, it's possible to change AD only for routes that have RIP router as a next-hop. Check Cisco 360 TS lab02 for reference.). In this case OSPF routes learned from another ASBR are not denied on the boundary and can be used in case primary link to OSPF domain fails (RIP domain will be used as a transit for OSPF prefixes). To be continued.

10. Continue. When RIP routers share the same subnet (hub and spoke, for example) and spoke sends an update to the hub, hub will use the IP of this spoke as a NH in routing updates that it will send to the rest of the spokes. Applying this knowledge to Section 9, we can assume that if 2 spokes are OSPF ASBRs, that mutually redistribute OSPF and RIP, it is possible to lower RIP AD on ASBR's only for RIP updates that have hub as a NH and not another ASBR.

11. Routes recieved from confederation BGP peers are still considered iBGP with AD of 200.


12. NTP:

Client:
ntp authentication-key 1 md5 073B08616B 7
ntp authenticate
ntp server 135.15.26.2 key 1

Server:
ntp authentication-key 1 md5 081565632C 7
ntp authenticate
ntp trusted-key 1
ntp master