[OSL | CCIE_SP] VOL2 - Section 2

Rin Mon, 22 Jun 2009 02:07:27 -0700

Hi all,


I've just finished Vol 2 - Lab 2. Here's some of my comments:  

Task 3.2: The task requires R5 to be the primary exit point for AS100 & R2
should use its own link to R6. The solution applying route-map inbound on
interface connected to R6 of R2 & R5. However, by doing this R2 will use R5
as the exit point as well. My solution is applying route-map outbound on
frame-relay inteface of R2 & R5. Although local-preference should be
normally applied inbound but in this case it works. Here's the config &
result:

R2:

router bgp 100 

 address-family ipv4

 neighbor AS100 route-map SET_LOCAL_PREF out 

!

route-map SET_LOCAL_PREF permit 10

 set local-preference 25

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

R5:

router bgp 100 

 address-family ipv4

 neighbor AS100 route-map SET_LOCAL_PREF out 

!

route-map SET_LOCAL_PREF permit 10

 set local-preference 50

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

R2#sho ip bgp 

BGP table version is 21, local router ID is 100.100.100.2

Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

   Network          Next Hop            Metric LocPrf Weight Path

r>i100.100.100.1/32 100.100.100.1            0    100      0 i

*> 100.100.100.2/32 0.0.0.0                  0         32768 i

r>i100.100.100.4/32 100.100.100.4            0    100      0 i

r>i100.100.100.5/32 100.100.100.5            0     50      0 i

* i200.200.200.0    100.100.100.5            0     50      0 200 i

*>                  100.200.26.6             0             0 200 i

* i200.200.200.6/32 100.100.100.5            0     50      0 200 i

*>                  100.200.26.6             0             0 200 i

* i200.200.200.7/32 100.100.100.5            0     50      0 200 i

*>                  100.200.26.6                           0 200 i

* i200.200.200.8/32 100.100.100.5            0     50      0 200 i

*>                  100.200.26.6                           0 200 i

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

R1#sho ip bgp 

BGP table version is 13, local router ID is 100.100.100.1

Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

 

   Network          Next Hop            Metric LocPrf Weight Path

*> 100.100.100.1/32 0.0.0.0                  0         32768 i

r>i100.100.100.2/32 100.100.100.2            0     25      0 i

r>i100.100.100.5/32 100.100.100.5            0     50      0 i

* i200.200.200.0    100.100.100.2            0     25      0 200 i

*>i                 100.100.100.5            0     50      0 200 i

* i200.200.200.6/32 100.100.100.2            0     25      0 200 i

*>i                 100.100.100.5            0     50      0 200 i

* i200.200.200.7/32 100.100.100.2            0     25      0 200 i

*>i                 100.100.100.5            0     50      0 200 i

* i200.200.200.8/32 100.100.100.2            0     25      0 200 i

*>i                 100.100.100.5            0     50      0 200 i

 

Task 3.4: To make R6 prefers that path to R2, I also can change the Weight
attribute on R6 or setting MED attribute on R6. Anyone see any problem of
these 2 methods? 

 

Task 6.7: We have to use Site-of-origin to prevent EIGRP routing loop in
VPNC. The solution does not mention. 

 

Task 6.8: The solution use send-label command. However, we do not need to
configure send-label under BGP. This is Inter-AS VPN Option 2a. 

 

Task 8.2:  I got a weird behavior with this task: After configuring
classifying ICMP traffic on R1 & R4. Ping 5 packets from R9 to R3 but R4 can
only match 3 packets & mark with CS3. Anyone has the same problem? Here is
the config & output:

R1:

ip access-list extended ICMP

 permit icmp any any echo

!

class-map match-all ICMP

  match access-group name ICMP

!

policy-map MARK

  class ICMP

   set ip dscp cs3

!

interface FastEthernet0/0.149

  service-policy input MARK

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

R9#ping 3.3.3.3

 

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 184/221/272 ms

R9#

01:21:55: ICMP: echo reply rcvd, src 3.3.3.3, dst 14.0.109.9

01:21:55: ICMP: echo reply rcvd, src 3.3.3.3, dst 14.0.109.9

01:21:56: ICMP: echo reply rcvd, src 3.3.3.3, dst 14.0.109.9

01:21:56: ICMP: echo reply rcvd, src 3.3.3.3, dst 14.0.109.9

01:21:56: ICMP: echo reply rcvd, src 3.3.3.3, dst 14.0.109.9

R9#

TermServ#1

[Resuming connection 1 to r1 ... ]

 

01:24:21: MPLS turbo: Se4/0: rx: Len 108 Stack {105 3 252} - ipv4 data

01:24:21: MPLS turbo: Se4/0: rx: Len 108 Stack {105 0 252} - ipv4 data

01:24:22: MPLS turbo: Se4/0: rx: Len 108 Stack {105 3 252} - ipv4 data

01:24:22: MPLS turbo: Se4/0: rx: Len 108 Stack {105 0 252} - ipv4 data

01:24:22: MPLS turbo: Se4/0: rx: Len 108 Stack {105 3 252} - ipv4 data

 

Task 8.4: By appling ACL outbound on R6, we cannot filter traffic with
RFC1918 source that was originated from R6. Anyone has other solution? 

 

Please give your comments. Thanks. 

Rin

[OSL | CCIE_SP] VOL2 - Section 2

Reply via email to