Blog Archives

Understating Cisco IOS v15 Licensing

IOS 15 is a single software package for the hardware platform that your are using. Now that flash is cheap and large, there doesn’t need to be a different IOS image for the different versions with the advanced features. So you get one software image that has all the features for that platform.

Prior to IOS 15 , we used to have 8 IOS images, all routers came with IPBase image and according to your needs you can choose what IOS image to install on your router as each image had different features than others as illustrated below.

wilkins_iosver_fig03 Read the rest of this entry

Use of EEM Scripting for Special Hot Backup Solutions

In this blog I would like to share some information about some special Hot backup solutions that we are forced to deal with due to customer requirements.

EEM.jpg

In the above figure, we have a customer that’s connected to the ISP through 2 Links, the Main link is a Pre-WiMax connection that’s carrying customer’s Internet and VPN traffic and configuration on the PE router is as below.

PE#show run int Fast1/0.100
Building configuration…
Current configuration : 184 bytes
!
interface FastEthernet1/0.100
description “Main Internet Link Pre-WiMax”
encapsulation dot1Q 100
ip address 190.200.200.1 255.255.255.0 secondary
ip address 172.16.1.1 255.255.255.252
end

PE#show run int Fast1/0.200
Building configuration…

Current configuration : 156 bytes
!
interface FastEthernet1/0.200
description “Main VPN Link Pre-WiMax”
encapsulation dot1Q 200
ip vrf forwarding VPN-A
ip address 172.17.1.1 255.255.255.252
end Read the rest of this entry

OSPF Domain-ID || Domain-Tag

OSPF Domain ID

When OSPF is used as the routing protocol on a provider edge to customer edge (PE-CE) link in a multiprotocol label switching (MPLS) VPN. PE routers mark OSPF routes with the domain attribute derived from the OSPF process number to indicate whether the route originated within the same OSPF domain or from outside it.

Importance of Domain-ID

In MPLS-VPN network ISP cloud is treated as a super backbone area, and PEs are considered as ABRs or ASBRs depending on the domain-id value, then routes redistributed to CEs would be OSPF inter- area routes or would be OSPF external routes.

Why would we care to have OIA or E or O routes in our OSPF database?

The answer is simply that OSPF prefers intra-area routes then inter-area routes and finally external routes to be installed in routing table. And we don’t want to come in to the case that routes are leaked from a back door in then being redistributed to the ISP cloud creating a loop in the network and disrupting traffic.

So if we had a different processes on our PEs then so we have to explicitly configure the domain-id value under the OSPF process.

OSPF loop prevention in PE-CE routing

  • DN bit

o    When a type 3 LSA is sent from a PE router to a CE router, the DN bit [OSPF-DN] in the LSA Options field MUST be set. This is used to ensure that if any CE router sends this type 3 LSA to a PE router, the PE router will not redistribute it further.

  • Domain-Tag

o   PE routers originate Type 5 LSAs reporting the extra-domain routes as AS-external routes. Each such Type 5 LSA MUST contain an OSPF route tag. This tag identifies the route as having come from a PE router. The VPN Route Tag MUST be used to ensure that a Type 5 LSA originated by a PE router is not redistributed through the OSPF area to another PE router.

Read the rest of this entry