Archive for January, 2011
OSPFv3 – The Basics
A few hours ago, the last of the IPv4 addresses were allocated by IANA. Now's the time to learn more about IPv6! Yesterday, I posted about EIGRP for IPv6, so I think I'll continue the trend by introducing OSPFv3, which is the IPv6 implementation of OSPF. As always, I'm using Cisco routers here. Just as yesterday, this is just a guide to the absolutely basics; if you want to do some funky OSPF magic, you won't find it here – perhaps in time, though.
Configuration
As with all IPv6 routing protocols, the first thing we need to do is enable IPv6 unicast routing.
Router(config)#ipv6 unicast-routing
OSPFv3 also has the same router ID problem as EIGRP for IPv6 has, so we have to sort that out. You can set the router ID either through a loopback interface with an IPv4 address on it or you can set it manually. I'll just do it manually for now. Let's use OSPF process ID 100.
Router(config)#ipv6 router ospf 100
Router(config-rtr)#router-id 192.0.2.1
Just like in OSPFv2 and in EIGRP for IPv6, we add interfaces to the routing protocol instead of using network statements; those don't exist in OSPFv3. Let's assume you already have IPv6 addresses on interface f0/0 and you want that network in area 0.
Router(config)#interface f0/0
Router(config-if)#ipv6 ospf 100 area 0
You can see that it's really easy to add interfaces to different areas as well.
Checking Our Work
Just like we did yesterday, let's check to make sure the right interfaces are participating in the routing protocol. We can do this with the show ipv6 ospf interface brief command.
Router#show ipv6 ospf interface brief Interface PID Area Intf ID Cost State Nbrs F/C Fa0/1 100 0 5 10 BDR 1/1 Fa0/0 100 2 4 10 DR 0/0
You can see that we've got two FastEthernet interfaces in two different OSPF areas. You can even see the state and neighbor count in the output.
That looks good, so let's check to see if we have any neighbors. Of course, we already saw that we have one off of f0/1 from the output above, but just humor me and run show ipv6 ospf neighbors.
Router#sh ipv6 ospf neighbor Neighbor ID Pri State Dead Time Interface ID Interface 192.0.2.2 1 FULL/DR 00:00:31 5 FastEthernet0/1
That looks good to me. The other guy is a DR and is full adjacent with our router. Cool.
One last command shows us the routing table. Can you guess what that command is without looking at the book? Very good, class. It's show ipv6 route.
Router#sh ipv6 route
IPv6 Routing Table - 6 entries
...
C FC00:1::/64 [0/0]
via ::, FastEthernet0/1
L FC00:1::1/128 [0/0]
via ::, FastEthernet0/1
C FC00:2::/64 [0/0]
via ::, FastEthernet0/0
L FC00:2::1/128 [0/0]
via ::, FastEthernet0/0
O FC00:3::/64 [110/20]
via FE80::C001:1CFF:FED0:1, FastEthernet0/1
OI FC00:4::/64 [110/30]
via FE80::C001:1CFF:FED0:1, FastEthernet0/1
L FF00::/8 [0/0]
via ::, Null0
Isn't that fancy? We seem to have both an area router (the O route) and an inter-area route (the OI route). We are ready for the big time now!
Send any tunnel broker recommendations questions my way.
EIGRP for IPv6 – The Basics
I'm not going to go all out like Jeremy over at Packetlife.net has, but I'm going to start to discuss a few IPv6 topics. In time (like in September when APNIC runs out of IPv4 addresses), I'm sure I'll ramp up the IPv6 talk, but let's start easy and get EIGRP for IPv6 up and running.
Configuration
There are quite a few differences between EIGRP for IPv6 (yes, that's an official name) and the IPv4 version. First of all, all IPv6 routing is disabled by default on a Cisco router, so, if you're doing any routing in IPv6, you'll want to enable it or risk smashing your head into the desk trying to figure out what's going on.
Router(config)#ipv6 unicast-routing
Next, let's get to configuring EIGRP for IPv6. By default, IPv6 routing protocols (all of them?) are EIGRP for IPv6 is shut down like Ethernet interfaces, so we'll have to enable it first.
Router(config)#ipv6 router eigrp 100
Router(config-rtr)#no shutdown
There's also the issue of the router ID. In IPv4, EIGRP has an method to figure out its router ID, and EIGRP for IPv6 uses that same method. The problem is that the router ID is still a 32-bit number, but there aren't any 32-bit address on the router if you're pure IPv6. A dilemma, eh? There are two way to get around this, though. First, you can set a loopback interface with an IPv4 address so that EIGRP will have an address to use.
Router(config)#interface lo0
Router(config-if)#ip address 192.0.2.1 255.255.255.255
You can also statically assign a router ID to EIGRP for IPv6.
Router(config)#ipv6 router eigrp 100
Router(config-rtr)#router-id 192.0.2.1
Either method gets the same result. Of course, you should be careful that all routers have a unique ID.
So now we need to add some network statements, right? Actually, there are no network statements in EIGRP for IPv6. The interfaces themselves are where you configure the networks to be included in the routing protocol. It's kinda like the way you can use the interfaces to configure OSPFv2.
Router(config)#interface f0/0
Router(config-if)#ipv6 eigrp 100
Of course, we're assuming you already have an IPv6 address on f0/0.
Checking our Work
Let's check to see if everything is working the way we think it should be. First of all, let's make sure all our interfaces are participating as expected with the show ipv6 eigrp interface command.
Router#sh ipv6 eigrp interfaces
IPv6-EIGRP interfaces for process 100
Xmit Queue Mean Pacing Time Multicast Pending
Interface Peers Un/Reliable SRTT Un/Reliable Flow Timer Routes
Fa0/0 0 0/0 0 0/1 0 0
Fa0/1 1 0/0 23 0/2 50 0
This output looks a lot like the IPv6 version, and we can see both f0/0 and 0/1 are participating. That looks right, so let's check for EIGRP neighbors with the show ipv6 eigrp neighbor. I've got another router off of f0/1, so we should see a neighbor adjacency.
Router#sh ipv6 eigrp neighbors
IPv6-EIGRP neighbors for process 100
H Address Interface Hold Uptime SRTT RTO Q Seq
(sec) (ms) Cnt Num
0 Link-local address: Fa0/1 13 00:02:40 23 200 0 11
FE80::C001:14FF:FEB0:1
What the heck is FE80::C001:14FF:FEB0:1??!?!?! That's not a network we configured! That's actually the link-local address of the other router off of f0/1. Perhaps I'll discuss IPv6 addressing some day (when I have a firmer grasp on it), but, for now, I'll just say that it's a special address for hosts to talk to one another on a local network.
Finally, let's check for routes.
R1#show ipv6 route eigrp
IPv6 Routing Table - 6 entries
...
D 2002::/64 [90/307200]
via FE80::C001:14FF:FEB0:1, FastEthernet0/1
Just like in IPv4, EIGRP for IPv6 routes show up with the route code of "D". It's looks like we have one route to the 2002::/64 network. Everything seems to be working!
There are obviously a lot of more features and functions to EIGRP for IPv6, but this should get you started in your studies. I'm sure I'll expound as time and my CCIE studies progress.
Send any 6to4 tunnels questions my way.
Stubby Post – Changing the Prompt on the ASA
RichardF commented on an article I wrote last November and mentioned the prompt command in the ASA. I never set aside any time to research it, but I finally took the time today while waiting for a maintenance window.
This is one of those little things in life that make me happy. Since the active ASA always has the same hostname and IP address, I find it hard to keep track of to which firewall I'm actually connected. That "configurtions are no long in sync" message you get when you conf t on the standby firewall really irks me. With the prompt command, I can see which firewall I'm on and in what state it is.
Here are the options you can use.
firewall(config)# prompt ?
configure mode commands/options:
context Display the context in the session prompt (multimode only)
domain Display the domain in the session prompt
hostname Display the hostname in the session prompt
priority Display the priority in the session prompt
state Display the traffic passing state in the session prompt
Note that the command is similar to the service timestamps in IOS where you can stack options. I wound up setting my prompts to "hostname priority state" so I can see that information without having to do a show failover. If you run contexts, I'm sure that would be a good one to include as well. I imagine adding "domain" may make the prompt too long for use, though. Heh.
Send any candy hearts questions my way.
IIUC Notes – Inbound Dial Peer Matching
More IIUC notes. As always, feel free to correct as needed.
To match inbound calls to a dial peer, CME (and CUCM?) uses the following steps.
- Match DNIS (the dialed number) with the incoming called-address config in the dial peer
- Match the ANI (the calling number or caller ID) with the answer-address config in the dial peer
- Match the ANI with the destination-pattern config in the dial peer
- Match an incoming POTS call to the port config in the dial peer
- Match dial peer 0
Matching dial peer 0 is bad, and it took me an inquiry on Twitter and a buddy to realize why. Here are a few highlights as to why. I believe the full scope of the badness of dial peer 0 is really beyond the IIUC exam.
- It takes whatever codec is sent to it and can't be hard-coded.
- DTMF is sent in the audio stream, so, if you wind up with a G.729 or other highly-compressed codec, you may have problems getting DTMF across successfully.
- IP precedence values are stripped out of the packets, so it's just plain data now.
- RSVP is disabled.
- No application support, so you can't do IVR. [Will AA work?]
- No DID support. This means the wife can't dial your desk with your published number.
IIUC Notes – Wildcards for Destination Patterns
As always, feel free to correct anything that needs correcting or add anything that needs adding. There is a lot more to the full definition of wildcards, but these are the basics. Note to *nix guys: This isn't regex as you understand it. Yes, the use of curly braces would be nice, but we don't get that here.
T: Represents anywhere from 0 to 32 digits
destination-patter 9T <- matches a 9 followed by 0 – 32 other digits
Period : Represents a single digit
destination-pattern 3… <- matches a 4-digit number that begins with a 3
destination-pattern 91802……. <- Matches a 12-digit number starting with 91802
Plus : Matches from 1 to 32 instances of the previous digit or pattern
destination-pattern 85+ <- matches an 8 followed by 1 to 32 5s
destination-pattern 1+ <- matches 1 to 32 instances of the digit 1
Percent or question mark : Matches from 0 to 32 instances of the previous digit or pattern
destination-pattern 74% <- matches a 7 followed by 0 to 32 4s
destination-pattern 84
Brackets : Matches a range or group of digits
destination-pattern [2-4]… <- matches a 4-digit number that begins with 2, 3, or 4
destination-pattern [159]… <- matches a 4-digit number that begins with 1, 5 or 9
Parenthesis : Groups digits together to match with a +, ?, or %
destination-pattern (61)+ <- matches 61, 6161, 616161…up to 32 61s
destination-pattern(555)+ <- matches 555, 555555…up to 32 555s
Remember to think about digit stripping if you're using these on POTS dial peers. The directive no digit-strip may help you out.
Network Protocol Overhead
Here are some packet overhead numbers for a few popular protocols to help with doing bandwidth requirement calculations. This may be another add-as-we-go post, so please comment with additions or corrections.
Ethernet : 20 bytes
Frame Relay : 4 – 6 bytes
PPP : 6 bytes
MLPPP: 10 bytes
MPLS : 4 bytes
IP : 20 bytes
TCP : 20+ bytes
UDP : 8 bytes
GRE: 4 – 20+ bytesIPSec : 50 – 57 bytes
ESP : 20+ bytes
AH : 16+ bytes
L2TP : 24 bytes
RTP : 12 bytesBonus: A voice packet is always 40 bytes + data link since it will always (?) use RTP + UDP + IP.
Sources
CCNA Voice Official Exam Certification Guide (640-460 IIUC)
Encapsulating Security Payload
The Start of Another Year
How did 2010 turn out? Not as well as I would have liked. Read the rest of this entry »
Stubby Post – Null VTP Domain Scare
Remember a few weeks back when I had a bad day? I was actually at HQ that day to do some work for a project, but that got put off due to the extenuating circumstances. When we finally got back around to do the work, we wound up adding a switch in the data center to extend a VLAN over to a rack. Read the rest of this entry »