Re: [OSL | CCIE_SP] VOL2 - Section 2

[Jared Scrivener]

There was an extra task in there as you noticed Antonio, but I had to remove
it due to limitations in the IOS (EoMPLS is not supported in 12.2(18)S and
hence the lab wouldn¹t run on Proctorlabs).

Cheers,

Jared Scrivener CCIE3 #16983 (R&S, Security, SP), CISSP
Sr. Technical Instructor - IPexpert, Inc.
URL: http://www.IPexpert.com
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Mailto: jscrive...@ipexpert.com



From: Antonio Soares <amsoa...@netcabo.pt>
Date: Sun, 28 Jun 2009 02:56:20 +0100
To: 'Rin' <rint...@gmail.com>, <ccie_sp@onlinestudylist.com>
Subject: Re: [OSL | CCIE_SP] VOL2 - Section 2

I just finished this lab and i found it easier that lab 1. I hope lab 3 will
be much harder :)
 
Regarding some of your comments:
 
Task 3.4: i used Weight instead of Local-Preference in R6. You can use MED
but this must be set in R2 and/or R5.
 
Task 6.7: Yes, we need to use SoO for EIGRP. This means applying a sitemap
on the CE facing interfaces with the same SoO value.
 
Task 6.8: You don't need to use send-label because IOS automatically adds
"mpls bgp forwarding" to the interfaces in question. But it's better to use
send-label.
 
Task 8.2: this is because R9 is load-lalancing traffic between R1 and R4:
 
R9#sh ip route eigrp
     10.0.0.0/32 is subnetted, 1 subnets
D       10.10.10.10 [90/156160] via 109.10.9.10, 01:08:20,
FastEthernet0/0.910
                    [90/156160] via 14.0.109.10, 01:08:20,
FastEthernet0/0.149
D*   0.0.0.0/0 [90/30720] via 14.0.109.4, 00:09:08, FastEthernet0/0.149
               [90/30720] via 14.0.109.1, 00:09:08, FastEthernet0/0.149
R9#
 
Task 8.4: you can use PBR and send that traffic to null0.
 
I will try your solution to task 3.2 but i didn't like the idea :)
 
 
Finally, i have the impression that something is missing in this lab. I was
expecting a L2VPN task in order to establish connectivity between R3 and
BB1. R3 is connected to R7 and BB1 is connected to R8 and both R3 and BB1
have addresses in the 113.11.3.0/24 network. Is this task implicit somewhere
?
 
Regards,

Antonio Soares, CCIE #18473 (R&S)
amsoa...@netcabo.pt
 


From: ccie_sp-boun...@onlinestudylist.com
[mailto:ccie_sp-boun...@onlinestudylist.com] On Behalf Of Rin
Sent: segunda-feira, 22 de Junho de 2009 10:07
To: ccie_sp@onlinestudylist.com
Subject: [OSL | CCIE_SP] VOL2 - Section 2

Hi all, 
 
I¹ve just finished Vol 2 ­ Lab 2. Here¹s some of my comments:
Task 3.2: The task requires R5 to be the primary exit point for AS100 & R2
should use its own link to R6. The solution applying route-map inbound on
interface connected to R6 of R2 & R5. However, by doing this R2 will use R5
as the exit point as well. My solution is applying route-map outbound on
frame-relay inteface of R2 & R5. Although local-preference should be
normally applied inbound but in this case it works. Here¹s the config &
result:
R2:
router bgp 100 
 address-family ipv4
 neighbor AS100 route-map SET_LOCAL_PREF out
!
route-map SET_LOCAL_PREF permit 10
 set local-preference 25
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
R5:
router bgp 100 
 address-family ipv4
 neighbor AS100 route-map SET_LOCAL_PREF out
!
route-map SET_LOCAL_PREF permit 10
 set local-preference 50
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
R2#sho ip bgp 
BGP table version is 21, local router ID is 100.100.100.2
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
 
   Network          Next Hop            Metric LocPrf Weight Path
r>i100.100.100.1/32 100.100.100.1            0    100      0 i
*> 100.100.100.2/32 0.0.0.0                  0         32768 i
r>i100.100.100.4/32 100.100.100.4            0    100      0 i
r>i100.100.100.5/32 100.100.100.5            0     50      0 i
* i200.200.200.0    100.100.100.5            0     50      0 200 i
*>                  100.200.26.6             0             0 200 i
* i200.200.200.6/32 100.100.100.5            0     50      0 200 i
*>                  100.200.26.6             0             0 200 i
* i200.200.200.7/32 100.100.100.5            0     50      0 200 i
*>                  100.200.26.6                           0 200 i
* i200.200.200.8/32 100.100.100.5            0     50      0 200 i
*>                  100.200.26.6                           0 200 i
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
R1#sho ip bgp 
BGP table version is 13, local router ID is 100.100.100.1
Status codes: s suppressed, d damped, h history, * valid, > best, i -
internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
 
   Network          Next Hop            Metric LocPrf Weight Path
*> 100.100.100.1/32 0.0.0.0                  0         32768 i
r>i100.100.100.2/32 100.100.100.2            0     25      0 i
r>i100.100.100.5/32 100.100.100.5            0     50      0 i
* i200.200.200.0    100.100.100.2            0     25      0 200 i
*>i                 100.100.100.5            0     50      0 200 i
* i200.200.200.6/32 100.100.100.2            0     25      0 200 i
*>i                 100.100.100.5            0     50      0 200 i
* i200.200.200.7/32 100.100.100.2            0     25      0 200 i
*>i                 100.100.100.5            0     50      0 200 i
* i200.200.200.8/32 100.100.100.2            0     25      0 200 i
*>i                 100.100.100.5            0     50      0 200 i
 
Task 3.4: To make R6 prefers that path to R2, I also can change the Weight
attribute on R6 or setting MED attribute on R6. Anyone see any problem of
these 2 methods? 
 
Task 6.7: We have to use Site-of-origin to prevent EIGRP routing loop in
VPNC. The solution does not mention.
 
Task 6.8: The solution use send-label command. However, we do not need to
configure send-label under BGP. This is Inter-AS VPN Option 2a.
 
Task 8.2:  I got a weird behavior with this task: After configuring
classifying ICMP traffic on R1 & R4. Ping 5 packets from R9 to R3 but R4 can
only match 3 packets & mark with CS3. Anyone has the same problem? Here is
the config & output:
R1:
ip access-list extended ICMP
 permit icmp any any echo
!
class-map match-all ICMP
  match access-group name ICMP
!
policy-map MARK
  class ICMP
   set ip dscp cs3
!
interface FastEthernet0/0.149
  service-policy input MARK
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
R9#ping 3.3.3.3
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 184/221/272 ms
R9#
01:21:55: ICMP: echo reply rcvd, src 3.3.3.3, dst 14.0.109.9
01:21:55: ICMP: echo reply rcvd, src 3.3.3.3, dst 14.0.109.9
01:21:56: ICMP: echo reply rcvd, src 3.3.3.3, dst 14.0.109.9
01:21:56: ICMP: echo reply rcvd, src 3.3.3.3, dst 14.0.109.9
01:21:56: ICMP: echo reply rcvd, src 3.3.3.3, dst 14.0.109.9
R9#
TermServ#1
[Resuming connection 1 to r1 ... ]
 
01:24:21: MPLS turbo: Se4/0: rx: Len 108 Stack {105 3 252} - ipv4 data
01:24:21: MPLS turbo: Se4/0: rx: Len 108 Stack {105 0 252} - ipv4 data
01:24:22: MPLS turbo: Se4/0: rx: Len 108 Stack {105 3 252} - ipv4 data
01:24:22: MPLS turbo: Se4/0: rx: Len 108 Stack {105 0 252} - ipv4 data
01:24:22: MPLS turbo: Se4/0: rx: Len 108 Stack {105 3 252} - ipv4 data
 
Task 8.4: By appling ACL outbound on R6, we cannot filter traffic with
RFC1918 source that was originated from R6. Anyone has other solution?
 
Please give your comments. Thanks.
Rin