Chainring Circus

I got a new Mac Pro workstation at work and re-wrote some scripts to work on it. This morning I couldn’t find the script under the new file lay out, it was in /Applications so I decided I had better document the script so I don’t have to rewrite it if I can’t find it.

It uses the same script, tle, that I wrote a while ago, it just fires up iTerm instead of Gnome Terminal.

The other night we were doing a hardware upgrade on a cluster and testing. We were working with the command clusvcadm to relocate a service from one host in the cluster to another but the originating server kept getting power fenced. We assumed it was the command switches we were running so I went straight to the man page, my coworker went straight to google. Just for reference there is a 10 year difference in our ages, I grew up with man pages and it is a pet peeve of mine when either no man page exists or it is a terrible placeholder. I digress, through his search he came upon a webified man page while I was reading the man page. When I needled him about it his answer was, “But mine is nicely formatted and I can search the web page.” I was surprised, I can search the man page too, right in the pager and can even change man page viewers by changing the PAGER variable.

Three weeks ago I needed to bring up an https server on Ubuntu and spent 45 minutes googling around reading old, outdated or completely wrong howtos before finally going to help.ubuntu.com and 20 minutes later it was done.

The same thing happened over the past couple of weeks working with Xen and VirtualBox. I’ve toiled away looking at poorly written documentation and even mentioned it in my last Red Hat class. The instructor worked for Red Hat and took umbrage with my statement. He was amazed that I did not think Red Hat had great documentation, I was even more shocked that he considered their documentation more than rudimentary. Have a look for your self at the Red Hat documentation.

Just this week I was helping a friend who is the server and network administrator for a small school system configure the proper etherchannel load balancing for a server and he was frustrated at the Cisco documentation. I was astonished. It seemed that he was overwhelmed. He was stuck googling around trying find the “right” documentation rather than learning the layout of the Cisco documentation website.

The point of this post is that lately it seems I waste more time trying to find good information through searching on the web than trying to find the best source of information.

Running across the Hacking Cisco blog made me remember a similar site, CCIE18473.net. I actually spent about 30 minutes looking for that site and it was Tyson Scott from IPE that me helped find it.

I have added this site to my blogroll even though it is not a blog.

I’ve been keeping track of some the mnemonics that I have come across or have figured out for myself. For instance in general, in layer 2 elections the lower priority usually wins, however, in layer 3 elections the higher priority usually wins.

Layer 2

LACP System Priority
2-bytes priority values followed by a 6-byte MAC address. Lowest system priority makes decisions about the etherchannel setup.

LACP Port Priority
LACP port priority is a 2-byte priority followed by a 2-byte port number. Lowest port priority is used to decide which ports are put in standby mode when not all ports can be put in etherchannel.

STP
Root bridge election, lowest bridge ID wins. Bridge ID consists of:
–2-byte bridge priority from 0-65,535 with a default of 32,768.
–6-byte MAC address
If the bridge priorities are equal, lowest MAC wins.

Root port, lowest root path cost.

Designated port — lowest root path cost or if equal use tie breakers:
1. Lowest root bridge ID
2. Lowest root path cost to root bridge
3. Lowest sender bridge ID
4. Lowest sender port ID

Frame Relay
DCE requires the clock rate, DCE, DTE, clock rate starts with a c and DCE is the one with a c in it.

Layer 3

HSRP
Active router election is based upon priority, highest priority wins. Default priority of 100 and a range of 0-255. Highest IP address on HSRP interface breaks ties.
Standby router is the second highest priority.

VRRP
Election of master is the router with the gateway IP address or if not a “real” IP address, the router with the highest priority. Priority ranges from 1 to 254 with 254 being highest, 100 is the default.

GLBP
Active virtual gateway (AVG) is elected by the highest priority value, tie breaker is the highest IP address in the group. Router priority is 1-255 with 255 being highest, 100 is the default.

OSPF DR/BDR Election
1. Highest priority wins.
2. Highest router ID breaks ties.
Priority range is 0-255 with 255 being highest, 1 is the default and 0 means the router will not participate in the election.

OSPF RID
1. router-id command wins.
2. If no router-id is set, the highest loopback address wins, even if it is not advertised and it is not advertised by default.
3. Highest physical address wins.

OSPF summary-address command or the range command.
The summary-address command is used on an ASBR and has an “S” in it, whereas the area range command is used on an ABR and does not have an “S” in it. Both commands are used to summarize routes.

OSPF ExStart
During ExStart of the OSPF packet exchange the neighbor with the highest RID will become the master and sets the DD sequence number.

DVMRP
An exception to the rule of Layer 2 lower takes priority and Layer 3 higher takes the priority. If two routers are the same distance from the source, the router with the numerically lower IP address becomes the designated forwarder for the network.

BGP best path mnemonic
We love oranges as oranges mean pure refreshment.

We — Weight (highest)
Love — LOCAL_PREF (highest)
Oranges — Originate (local)
AS — AS_PATH (shortest)
Oranges — Origin Code (IGP > EGP > Incomplete)
Mean — Med (lowest)
Pure — Paths (External > Internal)
Refreshment — RID (lowest)

Redistribution
RIP and any other protocol that has the letters R-I-P in it requires a seed metric, RIP, IGRP, EIGRP.

I couldn’t resist using all of those acronyms.
EIGRP – Enhanced Interior Gateway Routing Protocol
MPLS – Multiprotocol Label Switching
VPN – Virtual Private Networking
PE-CE – Provider Equipment – Customer Equipment
SOO – Site Of Origin

MPLS SOO
MPLS Fundamentals pp. 220-226

BGP->EIGRP and EIGRP->BGP

Advertisement of the SOO BGP extended community attribute is used to identify routes that have originated from a site so that they are not re-advertised back into the same site. Each SOO uniquely identifies the site and allows for the routes to be filtered. SOO filtering is configured at the interface level. It is commonly used when a site contains both VPN and back door links.

From the Cisco document:
The configuration of the SOO extended community allows MPLS VPN traffic to be filtered on a per-site basis. The SoO extended community is configured in an inbound BGP route map on the PE router and is applied to the interface with the ip vrf sitemap command. The SOO extended community can be applied to all exit points at the customer site for more specific filtering but must be configured on all interfaces of PE routers that provide VPN services to CE routers.

Below is the CCIE written blueprint. My plan is to slowly fill in my notes with the corresponding sections. The problem arises when Cisco is vague as to what is actually required. For instance I have been studying MPLS and LDP recently. While MPLS is listed on the blueprint, you need to understand LDP as well, however, it is not on the blueprint.

I have decided go ahead and add sections I feel are necessary but my added sections will be in italics to set them apart from the official outline. They will also break from the Cisco numbering convention. For instance below, section 4.11 Implement LDP does not follow the Cisco numbering theme of 4.10, 4.20, 4.30 but instead uses 4.11. Italics combined with the odd numbering signal my personal changes to the outline.

Source:
Cisco Learning Network

1.00 Implement Layer 2 Technologies
         1.10 Implement Spanning Tree Protocol (STP)                   
                  (a) 802.1d                   
                  (b) 802.1w                   
                  (c) 801.1s                   
                  (d) Loop guard                   
                  (e) Root guard                   
                  (f) Bridge protocol data unit (BPDU) guard
                  (g) Storm control                   
                  (h) Unicast flooding                   
                  (i) Port roles, failure propagation, and loop guard operation
         1.20 Implement VLAN and VLAN Trunking Protocol (VTP)
         1.30 Implement trunk and trunk protocols, EtherChannel, and load-balance
         1.40 Implement Ethernet technologies
                  (a) Speed and duplex
                  (b) Ethernet, Fast Ethernet, and Gigabit Ethernet
                  (c) PPP over Ethernet (PPPoE)
         1.50 Implement Switched Port Analyzer (SPAN), Remote Switched Port Analyzer (RSPAN),
          and flow control
         1.60 Implement Frame Relay
                  (a) Local Management Interface (LMI)
                  (b) Traffic shaping
                  (c) Full mesh
                  (d) Hub and spoke
                  (e) Discard eligible (DE)
         1.70 Implement High-Level Data Link Control (HDLC) and PPP

2.00 Implement IPv4
         2.10 Implement IP version 4 (IPv4) addressing, subnetting,
                    and variable-length subnet masking (VLSM)
         2.20 Implement IPv4 tunneling and Generic Routing Encapsulation (GRE)
         2.30 Implement IPv4 RIP version 2 (RIPv2)
         2.40 Implement IPv4 Open Shortest Path First (OSPF)
                  (a) Standard OSPF areas
                  (b) Stub area
                  (c) Totally stubby area
                  (d) Not-so-stubby-area (NSSA)
                  (e) Totally NSSA
                  (f) Link-state advertisement (LSA) types
                  (g) Adjacency on a point-to-point and on a multi-access network
                  (h) OSPF graceful restart
         2.50 Implement IPv4 Enhanced Interior Gateway Routing Protocol (EIGRP)
                  (a) Best path
                  (b) Loop-free paths
                  (c) EIGRP operations when alternate loop-free paths are available,
                  and when they are not available
                  (d) EIGRP queries
                  (e) Manual summarization and autosummarization
                  (f) EIGRP stubs
         2.60 Implement IPv4 Border Gateway Protocol (BGP)
                  (a) Next hop
                  (b) Peering
                  (c) Internal BorderGateway Protocol (IBGP) and
                  External Border Gateway Protocol (EBGP)
         2.70 Implement policy routing
         2.80 Implement Performance Routing (PfR) and Cisco Optimized Edge Routing (OER)
         2.90 Implement filtering, route redistribution, summarization,
         synchronization, attributes, and other advanced features

3.00 Implement IPv6
         3.10 Implement IP version 6 (IPv6) addressing and different addressing types
         3.20 Implement IPv6 neighbor discovery
         3.30 Implement basic IPv6 functionality protocols
         3.40 Implement tunneling techniques
         3.50 Implement OSPF version 3 (OSPFv3)
         3.60 Implement EIGRP version 6 (EIGRPv6)
         3.70 Implement filtering and route redistribution

4.00 Implement MPLS Layer 3 VPNs
         4.10 Implement Multiprotocol Label Switching (MPLS)
         4.11 Implement LDP
         4.20 Implement Layer 3 virtual private networks (VPNs) on provider edge (PE),
         provider (P), and customer edge (CE) routers
         4.30 Implement virtual routing and forwarding (VRF) and Multi-VRF Customer Edge (VRF-Lite)

5.00 Implement IP Multicast
         5.10 Implement Protocol Independent Multicast (PIM) sparse mode
         5.20 Implement Multicast Source Discovery Protocol (MSDP)
         5.30 Implement interdomain multicast routing
         5.40 Implement PIM Auto-Rendezvous Point (Auto-RP),
         unicast rendezvous point (RP), and bootstrap router (BSR)
         5.50 Implementmulticast tools, features, and source-specific multicast
         5.60 Implement IPv6 multicast, PIM, and related multicast protocols,
         such as Multicast Listener Discovery (MLD)

6.00 Implement Network Security
         6.01 Implement access lists
         6.02 Implement Zone Based Firewall
         6.03 Implement Unicast Reverse Path Forwarding (uRPF)
         6.04 Implement IP Source Guard
         6.05 Implement authentication, authorization, and accounting (AAA)
         (configuring the AAA server is not required, only the client-side (IOS) is configured)
         6.06 Implement Control Plane Policing (CoPP)
         6.07 Implement Cisco IOS Firewall
         6.08 Implement Cisco IOS Intrusion Prevention System (IPS)
         6.09 Implement Secure Shell (SSH)
         6.10 Implement 802.1x
         6.11 Implement NAT
         6.12 Implement routing protocol authentication
         6.13 Implement device access control
         6.14 Implement security features

7.00 Implement Network Services
         7.10 Implement Hot Standby Router Protocol (HSRP)
         7.20 Implement Gateway Load Balancing Protocol (GLBP)
         7.30 Implement Virtual Router Redundancy Protocol (VRRP)
         7.40 Implement Network Time Protocol (NTP)
         7.50 Implement DHCP
         7.60 Implement Web Cache Communication Protocol (WCCP)

8.00 Implement Quality of Service (QoS)
         8.10 Implement Modular QoS CLI (MQC)
                  (a) Network-Based Application Recognition (NBAR)
                  (b) Class-based weighted fair queuing (CBWFQ), modified deficit round robin (MDRR),
                  and low latency queuing (LLQ)
                  (c) Classification
                  (d) Policing
                  (e) Shaping
                  (f) Marking
                  (g) Weighted random early detection (WRED) and random early detection (RED)
                  (h) Compression
         8.20 Implement Layer 2 QoS: weighted round robin (WRR), shaped round robin (SRR),
                  and policies
         8.30 Implement link fragmentation and interleaving (LFI) for Frame Relay
         8.40 Implement generic traffic shaping
         8.50 Implement Resource Reservation Protocol (RSVP)
         8.60 Implement Cisco AutoQoS

9.00 Troubleshoot a Network
         9.10 Troubleshoot complex Layer 2 network issues
         9.20 Troubleshoot complex Layer 3 network issues
         9.30 Troubleshoot a network in response to application problems
         9.40 Troubleshoot network services
         9.50 Troubleshoot network security

10.00 Optimize the Network
         10.01 Implement syslog and local logging
         10.02 Implement IP Service Level Agreement SLA
         10.03 Implement NetFlow
         10.04 Implement SPAN, RSPAN, and router IP traffic export (RITE)
         10.05 Implement Simple Network Management Protocol (SNMP)
         10.06 Implement Cisco IOS Embedded Event Manager (EEM)
         10.07 Implement Remote Monitoring (RMON)
         10.08 Implement FTP
         10.09 Implement TFTP
         10.10 Implement TFTP server on router
         10.11 Implement Secure Copy Protocol (SCP)
         10.12 Implement HTTP and HTTPS
         10.13 Implement Telnet

11.00 Evaluate proposed changes to a Network
         11.01 Evaluate interoperability of proposed technologies against deployed technologies
                  (a) Changes to routing protocol parameters
                  (b) Migrate parts of a network to IPv6
                  (c) Routing Protocol migration
                  (d) Adding multicast support
                  (e) Migrate spanning tree protocol
                  (f) Evaluate impact of new traffic on existing QoS design
         11.02 Determine operational impact of proposed changes to an existing network
                  (a) Downtime of network or portions of network
                  (b) Performance degradation
                  (c) Introducing security breaches
         11.03 Suggest Alternative solutions when incompatible changes
         are proposed to an existing network
                  (a) Hardware/Software upgrades
                  (b) Topology shifts
                  (c) Reconfigurations

At the Circus we have a network management server that runs all of the normal services needed to manage a small network and so I rarely need to fire up the tftp server on my laptop. Today was one of those days I needed a quick tftp server and I spent too much time figuring it out. This is my attempt to remedy that shortcoming.

What is ironic is that after I googled around I found that I had “self documented” in the /private/tftpboot directory, unfortunately I expected the tftp directory for the tftp server to be in /tftpboot. I realize I can just put a symlink from /tftpboot to /private/tfpboot but I learned when working on AIX it is better to understand the file system layout of a UNIX vendor than it is to make it like another OS. It will bite you eventually.

Here is a listing of the /private/tftboot directory, you will notice the very last file is tftp.txt. That is where I told myself how to do this in the past. It also appears most of the IOS images were for the testlab.

This is what I had listed in the tftp.txt file. It tells how to start and stop a service in Mac OSX using launchctl.

For thoroughness I am including the tftp.plist file below. If I wanted the tftp daemon to start every time I turned on my laptop I would change Disabled to EnableTransactions.

I’m sorry that all of these TestLab scripts are a recurring theme. Work purchased four 3560s and two 1841s for the lab so I have been updating all of my scripts. When I was working on the lab I kept having sessions hang so I wrote a quick script to clear all of the lines on the terminal server.

I’m actually a little embarrassed by my score. I haven’t made 100% on a test since my freshman year in college and got straight A’s.

I’m afraid to say too much because of the NDA but I will share my decision tree that I wrote out last week. Once you break down the topology it is easy to see what will be tested and where. Not to mention that after seeing the test last week I knew I would pass this time around, it was just a matter of what my score would be.

Update:
A good friend read my post and thought I should redact some of it. I removed the decision tree, sorry.
…
That decision tree is exactly how I practiced all this week and was exactly how I took the test.

Good luck.

I came across GNS3Vault by accident and thought I would pass it along. I’ve been doing these labs for fun at lunch or in the afternoon on a slow day and have been enjoying them. I’ve learned some new commands and have been turning up the debug output to see how everything interacts. It’s nice because there aren’t many routers involved so you can usually isolate the communication of whatever process you are configuring.

The only complaint I have for some of the labs is that there is so much of what I consider pre-configuration. I don’t want to have to play with adding IP addresses to interfaces. If you’re going to make me, at least give me some random subnet masks to make it interesting.

My hat is off to Rene for such a great resource.