The Journey of a Network Engineer


December 7, 2011  5:47 AM

How to traffic shape Frame-Relay? – part 1

Sulaiman Syed Profile: Sulaiman Syed

Frame-Relay Traffic shaping (FRTS) is one of the fundamental topics that is required to master before going to the CCIE lab exam. Since you never know which method will be required by the exam to do. There are four different types of methods, namely:

  • Generic Traffic Shaping
  • Legacy Frame-Relay Traffic Shaping
  • MQC  Frame-Relay Traffic Shaping
  • Class Based Generic Traffic Shaping
I would explain two methods in this entry, and the other two methods in the next entry.
Generic Traffic Shaping
This command syntax was one of the first few ones that were designed for QoS. It can be applied at any interface media, Ethernet, frame-relay, etc. With this, you can configure Bc, Be, and Queue size.  The syntax for this command is as follows:
traffic-shape {group|rate} Peak-Rate Bc Be Queue-size
traffic-shape group 100 256000 2560 2560 16
In the above example, i have used group 100 (access-list) with rate of 256000bps, Bc 2560bps, Be  2560 bps and queue size of 16 packets. Of course, these numbers are just randomly chosen. We have effectively set Tc to 10ms.  This can be re-calculated by knowing the equation
Bc = Rate * Tc (in seconds), Tc = Bc/Rate = 2560/256000 = 0.01 second
To enable the interface to react to BECN we would need to enable the adaptive shaping. follow the syntax
traffic-shape adaptive CIR
traffic-shape adaptive 128000
Know that you can apply multiple commands of traffic-shape group since the first packet matching the access list will be shaped according to the respective rate configured.
One of the things to note about this type of shaping is that it will be enabled for the whole interface. So if we have multiple PVCs, the same shaping parameters will be applied to all. If one BECN sent to one of the PVCs the interface will slow down all the other PVCs which is not desirable. Using point-to-point sub-interfaces could solve this issue.
Legacy Frame-Relay Traffic Shaping
This is method uses the map-class frame-relay name syntax. It is installed under the interface configuration mode frame-relay interface-dlci number . Lets see the options that we can use within the map-class for QoS
R1(config-map-class)#frame-relay ?
adaptive-shaping   Adaptive traffic rate adjustment, Default = none
bc                 Committed burst size (Bc), Default = 7000 bits
be                 Excess burst size (Be), Default = 0 bits
cir                Committed Information Rate (CIR), Default = 56000 bps
congestion         Congestion management parameters
custom-queue-list  VC custom queueing
end-to-end         Configure frame-relay end-to-end VC parameters
fair-queue         VC fair queueing
fecn-adapt         Enable Traffic Shaping reflection of FECN as BECN
fragment           fragmentation – Requires Frame Relay traffic-shaping to be configured at the interface level
holdq              Hold queue size for VC
idle-timer         Idle timeout for a SVC, Default = 120 sec
interface-queue    PVC interface queue parameters
ip                 Assign a priority queue for RTP streams
iphc-profile       Configure IPHC profile
mincir             Minimum acceptable CIR, Default = CIR/2 bps
priority-group     VC priority queueing
tc                 Policing Measurement Interval (Tc)
traffic-rate       VC traffic rate
voice              voice options
All these variables can be changed to reflect the QoS requirements for the frame-relay network. Let’s see example of configuring frame-relay with peak rate of 256kbps, bc 2560 bps, be 0,  and cir of 128kbps will be configured as following
map-class frame-relay TEST
frame-relay cir 256000
frame-relay mincir 128000
frame-relay be 0
frame-relay bc 2560
!
interface serial 1/0
frame-relay traffic-shaping
frame-relay interface-dlci 201
class TEST
!
This method could be considered the easiest and most implemented method for Frame-relay networks.

November 29, 2011  1:29 AM

How Rendezvous Points (RP) Chosen in Auto-RP Multicast Domain?

Sulaiman Syed Profile: Sulaiman Syed

IP Multicast can work on Dense, or Sparse Mode. Dense, where all multicast traffic is flooded out of all the interfaces other than the one it came from (split horizon). It is easy to configure, and there are no planning with it. The down side is, it might create congestion in the network. Specially the WAN links, where every byte cost money. To tackle this issue, Sparse mode should be used.

Sparse mode, works by creating Shared-Tree that is rooted to the Rendezvous Point (RP). By default, all routers assume no one wants the multicast traffic, until they get a request for it.

To load balance the traffic, multiple RPs can be configured. But the question is, which RP will be responsible for which group of multicast streams?

The answer is simple, the RP will be chosen by Mapping Agent (MA) on the longest (most specific) Multicast group.

An example will clarify

R1(config)#ip access-list standard GROUP_1
R1(config)#deny 224.1.1.1 0.0.0.0
R1(config)#permit 224.0.0.0 7.255.255.255
R1(config)#permit 224.0.0.0 15.255.255.255
R1(config)#ip pim send-rp-announce loopback 1 scope 5 group-list GROUP_1
—————————————————————————-
R2(config)#ip access-list standard GROUP_2
R2(config)#deny 224.1.1.1 0.0.0.0
R2(config)#permit 232.0.0.0 7.255.255.255
R2(config)#permit 224.0.0.0 15.255.255.255
R2(config)#ip pim send-rp-announce loopback 1 scope 5 group-list GROUP_2

What will happen, that R1 will be the RP for group 224.0.0.0 to 231.255.255.255. while R2 for 232.0.0.0 to 239.255.255.255. Group 224.1.1.1 will have no RP, so the only way for that group to work is to be configured in Dense mode.


November 26, 2011  5:16 AM

How to upgrade Citrix NetScaler Firmware?

Sulaiman Syed Profile: Sulaiman Syed

We are in the middle of installing new Citrix NetScaler for load balancing purposes. We ran into some issues with the box. It was decided that we need to update the firmware. It is simple and straight forward.

First, download the firmware. It would be done from the My Citrix web page.

Second, transfer the firmware into /var/install using any SCP server, i have used WinSCP.

Third, telnet into CLI. type the following

shell
cd /var/nsinstall
tar -xvzf build_x_xx.tgz
installns

It will promot to reload, press Y. and wolla, you are done.


November 23, 2011  10:02 AM

How to configure route dampening in BGP

Sulaiman Syed Profile: Sulaiman Syed

Flapping routes are bad news in BGP. flapping routes are the routes that go up and down in very short time. they are bad news cause they require changes in routing table. routing table that consists of 100 thousand routes cause high load on router. a flapping route will: 1- change the table by being removed and added. 2- change other routes that depend on that route for transition (recursive lookup).

To minimize flapping routes, two separate features can be used. First is the route summary. Second is the route dampening.

Route dampening is to suppress a prefix based on the number of flaps. each flap will have a penalty value (cost). once the route flaps, the route will be added to “history” where it will be tracked. If the suppress limited reached BGP will will suppress the route and mark it as damped. Then every 5 seconds the penalty value will be decreased by exponentially. The decrease value depends on one single parameter which is half-life. half-life = the amount of time required to make the penalty value half of the current state. The penalty for flapped route is 1000 per flap, while penalty for attribute change is 500.

The equation for the decay is

P(t) = P(0) / 2^(t/half-life); Where p(t) = reuse limit, P(0) = suppress limit.

the command syntax to apply this in BGP is

router bgp xxxxx
bgp dampening [half-life reuse suppress max-suppress-time] [route-map map-name]

The default values are half-life = 15 mins, reuse = 750, suppress = 2000, max-suppress-time=60 mins.

The route map can be used to set these values as well. The mentioned equation is important to calculate the half-time values, cause they determine how fast a flapping route can be released from the damped stated.



November 20, 2011  3:11 AM

How to configure Path Variables for BGP aggregation route?

Sulaiman Syed Profile: Sulaiman Syed

Using route aggregation (summary) is one of the important tools with BGP. it provides a strong foundation to keep the routes from flapping, or making rapid changes within the BGP backbone cloud. but what if we want to advertise the aggregation with different AS Path variables? as it is known BGP route can take many variables, from local-preference, weight, as-path, community values, etc.

For that, we have the attribute map a route-map that can be used to set any variable we want to the aggregation. here is the syntax

aggregate-address x.x.x.x x.x.x.x summary-only attribute-map ATTRIB

route-map ATTRIB
set community 200:200
set weight 200

it is very simple and effective. hope this post was informative.


November 15, 2011  3:15 AM

How to configure BFD?

Sulaiman Syed Profile: Sulaiman Syed

Bi-directional Forwarding Detection (BFD) is the technology responsible to detect the link down in the milliseconds region. It is important to be used specially in Datacenter, where any link failure should be detected very fast so the network can converge. This of course requires a proper redundant network otherwise there would be not much of convergence going on.

The configurations are very simple.

interface Ethernet0/1
ip address 155.1.146.4 255.255.255.0
bfd interval 50 min_rx 50 multiplier 3
!
router eigrp 100
bfd interface Ethernet0/1
network 0.0.0.0
no auto-summary

First, create the instance of BFD in the interface, then associate that instance within the router process with the interface.

Hope this was informative.


November 10, 2011  7:35 PM

How to add reliable default route with RIP?

Sulaiman Syed Profile: Sulaiman Syed

Adding reliable default route with RIP

The command for distributing a default route into RIP process is very straight forward.  Lets go with the syntax straight away.

router rip
default-information originate route-map RELIABLE
!
route-map RELIABLE permit 10
match ip address prefix-list DUMMY_TRACKED
set interface Serial 1/0
!
ip prefix-list DUMMY_TRACKED seq 5 permit 10.10.10.10/32
!
ip route 10.10.10.10 255.255.255.255 null0 track 1

Here we have added a route map to the default-information command. This route map will match an ip address. This IP address is the Route. That means, IF that route (10.10.10.10) is in the routing table, then distribute the default route. This can be used with real routes, or as in our case with dummy route. Second is command “set” is telling the router on which interface advertise the default route.

So we have created a dummy route, and tracking it with IP SLA. The interesting twist here, is that the SLA is for real interface.

ip sla 1
icmp-echo 200.1.2.3. source-interface s1/1
frequency 1
timeout 50
!
ip sla schedual 1 start now life forever
!
track 1 ip sla 1

So, if the real route goes down, the dummy route will be out. Once that happened, the default-information command will cease to work.


November 7, 2011  4:35 AM

How to filter routes in RIP?

Sulaiman Syed Profile: Sulaiman Syed

Filtering routes in RIP

Although rip is not the best routing protocols, the mechanism of filtering routes can be applied to other routing protocols a well. My personal advice will be to stay away as much as possible from RIP. RIP is a routing loop magnet, you never know when you created a loop by yourself.

In this entry, I would like to mention two methods that i found interesting, cause it will be helpful even in later as we go on. Lets read the syntax below

Router rip
distribute-list 100 in serial 1/0
!
access-list 100 deny ip host 10.254.0.10 host 192.168.1.0
access-list 100 permit ip any any

in the rip process i have included a distribute-list. This list has to statements. The second one to permit all route updates to be installed in the routing table that are coming from Interface Serial 1/0. The first access list deny route to network 192.168.1.0 which is advertised by 10.254.0.10

Keep in mind that distribute-list can be used with BGP and it has different meaning! so lets summarize this

access list 100 deny ip host x.x.x.x (router) host y.y.y.y (Network) ————- IN IGB
access list 100 deny ip host x.x.x.x (network) host y.y.y.y (mask) ————– IN BGP



November 3, 2011  9:06 AM

How to configure Frame-Relay Switching?

Sulaiman Syed Profile: Sulaiman Syed

For some reason i thought that i have written an entry for Frame-Relay switching. But the records show none. So here it comes.

During studies of CCIE, you might need to configure a Router to act as a frame-relay switch. The configurations are very simple and straight forward. There is the old IOS way, where configurations are done on the interface command line. The new way is by using the command connect from the global

The network diagram is shown. It is simple yet enough to demonstrate the configurations for the purpose in hand.

CCIE

To configure FR switch, use the following commands.

config t

frame-relay switching

interface Serial1/2
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 64000
frame-relay intf-type dce
exit

interface Serial1/3
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 64000
frame-relay intf-type dce
exit

connect R1_R2 serial 1/2 132 serial 231

Or alternatively, the old IOS commands can be used.

interface Serial1/2
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 64000
frame-relay intf-type dce
frame-relay route 132 interface Serial1/3 231
exit

interface Serial1/3
no ip address
encapsulation frame-relay
serial restart-delay 0
clock rate 64000
frame-relay intf-type dce
frame-relay route 231 interface Serial1/2 132
exit

While the configurations for R1 and R2 are straight and simple.

R1 will utilize the inverse ARP. R2 will disable inverse ARP and use static ARP mapping.

R1
conf t
interface Serial1/1
ip address 155.1.12.1 255.255.255.0
encapsulation frame-relay
serial restart-delay 0
end

R2
conf t
interface Serial1/1
ip address 155.1.12.2 255.255.255.0
encapsulation frame-relay
serial restart-delay 0
frame-relay map ip 155.1.12.1 231
no frame-relay inverse-arp
end

With this, the configurations are done. Simple yet important to be ready for CCIE lab exam.


October 25, 2011  1:34 AM

How to Configure PPPoE?

Sulaiman Syed Profile: Sulaiman Syed

This is one of the interesting things i have learned in past week. PPP over Ethernet (PPPoE). It is simple, yet tricky. It also has a limitation that network engineers might not know which will bring their network down.

Lets see a sample configuration of how to do it. First, configure one Router to be the client (dialer) that will ask for ip address through DHCP. We have configured Chap Authentication as well. Remember, that since we are running PPPoE, a virtual Dialer (interface) has to be configured with all the details, and lastly applied to the Ethernet interface.

R4(config)#interface Dialer1

R4(config-if)# ip address dhcp

R4(config-if)# encapsulation ppp

R4(config-if)# dialer pool 6

R4(config-if)# ppp chap hostname R4

R4(config-if)# ppp chap password 0 cisco

R4(config-if)#exit

R4(config)#interface Ethernet0/1

R4(config-if)# no ip address

R4(config-if)# pppoe enable

R4(config-if)# pppoe-client dial-pool-number 6

Second, we would configure the other Router with DCHP scope, and to be the server for PPPoE. We would also configure local username and password for chap authentication.

R6(config)#interface Virtual-Template1

R6(config-if)# ip address 155.1.146.6 255.255.255.0

R6(config-if)# peer default ip address dhcp-pool VLAN146

R6(config-if)# ppp authentication chap

R6(config-if)# exit

R6(config)#ip dhcp pool VLAN146

R6(dhcp-config)#   network 155.1.146.0 255.255.255.0

R6(dhcp-config)#exit

R6(config)#bba-group pppoe MYPPP

R6(config-bba-group)# virtual-template 1

R6(config-bba-group)#exit

R6(config)#interface Ethernet0/1

R6(config-if)# no ip address

R6(config-if)# pppoe enable group MYPPP

Lets try some pings

R6(config)#bba-group pppoe MYPPP

R6(config-bba-group)# virtual-template 1

R6(config-bba-group)#e

*Sep 22 18:30:41.911: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up

*Sep 22 18:30:42.923: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Access2, changed state to up

R6(config-bba-group)#exit

We notice that the ping command for size 1500 failed. Lets find out why.

R6#show int virtual-access 2.1

Virtual-Access2.1 is up, line protocol is up

Hardware is Virtual Access interface

Internet address is 155.1.146.6/24

MTU 1492 bytes, BW 100000 Kbit/sec, DLY 100000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation PPP, LCP Open

Open: IPCP

PPPoE vaccess, cloned from Virtual-Template1

Vaccess status 0×0

Keepalive set (10 sec)

72 packets input, 11972 bytes

70 packets output, 9604 bytes

Last clearing of “show interface” counters never

While at R4 we have.

R4#show int dialer 1

Dialer1 is up, line protocol is up (spoofing)

Hardware is Unknown

Internet address is 155.1.146.2/24

MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation PPP, LCP Closed, loopback not set

Keepalive set (10 sec)

DTR is pulsed for 1 seconds on reset

Interface is bound to Vi1

Last input never, output never, output hang never

Last clearing of “show interface” counters 00:09:56

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: weighted fair

Output queue: 0/1000/64/0 (size/max total/threshold/drops)

Conversations  0/0/16 (active/max active/max total)

Reserved Conversations 0/0 (allocated/max allocated)

Available Bandwidth 42 kilobits/sec

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

18 packets input, 8890 bytes

77 packets output, 27485 bytes

Bound to:

Virtual-Access1 is up, line protocol is up

Hardware is Virtual Access interface

MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation PPP, LCP Open

Stopped: CDPCP

Open: IPCP

PPPoE vaccess, cloned from Dialer1

Vaccess status 0×44, loopback not set

Keepalive set (10 sec)

DTR is pulsed for 5 seconds on reset

Interface is bound to Di1 (Encapsulation PPP)

Last input 00:00:08, output never, output hang never

Last clearing of “show interface” counters 00:04:29

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

76 packets input, 9688 bytes, 0 no buffer

Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

88 packets output, 27611 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

It is shown that the MTU is 1492. Lets configure the MTU size at the dialer interface.

R4(config)#interface Dialer1

R4(config-if)# ip mtu 1492

Test ping again…

4#ping 155.1.146.6 size 2000

Type escape sequence to abort.

Sending 5, 2000-byte ICMP Echos to 155.1.146.6, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 8/12/16 ms

R4#

And it is working. Well, this is how PPPoE is configured, i hope this will help you when you configuring it.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: