Posts Tagged ‘ip’

Best book recommendation: MPLS Fundamentals

Saturday, May 23rd, 2009


Are you a network operator or are you interested in getting a professional Cisco certification like CCIP?

MPLS is on the rise and something that everyone must learn today. I didn’t want to be left behind with my ‘old fashion’ routing, so I decided to do a little reading.

I actually bought this book 6 months ago but never had the time to pick it up and read it, but I realize that I should have done that a few months earlier.

The mass of knowledge contained inside was at great value, nicely and explained from the history of tag switching until today. Someone have obviously spent a lot of time editing it. Thank you, it was definitively worth buying.

Heard the word MPLS?
A lot of people are discussing it, you’ve probably heard the buzz about MPLS. Do you want to know what all the secret speech is about or do you just want to expand your knowledge on the subject of MPLS?

My experience with the book
I’ve actually spent a month reading and labbing with this book now and it covers everything you need to know to keep your position as the clever guy in the office/class. I am overly satisfied with this book, so that’s why I am writing a recommendation. It was just great!

What’s in the book?
I find that the book is very well formatted, everything that is important lights up in your face so that you will notice it.
It is amusing that someone is finally killing the argument that MPLS is here because of CPU usage.
A better argument must be that you can basically carry any protocol that you would like over MPLS, this is a pretty cool effect that extends MPLS+IP a mile or five. Learn how to MPLS enable a network and apply traffic engineering on it.

The book is divided into two parts, the first part covers the history and the technical fundament. The second part covers a bit more configuration and troubleshooting. I am not done with the last couple of chapters, but what I have read so far got my back covered a long time and I will start to write some articles about MPLS soon because of what I have already learned.

So if you’re like me, into new technology this must be right up your alley.
MPLS is soon to become everywhere, you need to learn it!

Buy it on Amazon

MPLS Fundamentals (Paperback)
by Luc De Ghein (Author) on Amazon

Best book so far this year!

HOWTO: Gathering All The Information About An IP Address

Thursday, May 21st, 2009

Would you like to know more about that attacker or who the sucker that draws all your bandwidth is? You can!

The information is stored all around the internet, I will use one of the addresses that RIPE resolves to in this example.
I am using a linux system, but here is an online whois tool that you can use.

$ host ripe.net
ripe.net has address 193.0.19.25
ripe.net has IPv6 address 2001:610:240:11::c100:1319

Now, it’s is not always like this because some of the addresses have records in ARIN (North American Region) and other registries around the world, but I will focus a bit on the RIPE database right now.

As we can see, ripe.net resolves to 193.0.19.25, to figure out a bit more you can do a whois for that IP address.

$ whois 193.0.19.25
% This is the RIPE Whois query server #3.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: This output has been filtered.
% To receive output for a database update, use the “-B” flag.

% Information related to ‘193.0.18.0 – 193.0.21.255’

inetnum: 193.0.18.0 – 193.0.21.255
netname: RIPE-NCC
descr: RIPE Network Coordination Centre
descr: Amsterdam, Netherlands
remarks: Used for RIPE NCC infrastructure.
country: NL
admin-c: AMR68-RIPE
admin-c: BRD-RIPE
tech-c: OPS4-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-MNT
mnt-lower: RIPE-NCC-MNT
source: RIPE # Filtered

role: RIPE NCC Operations
address: Singel 258
address: 1016 AB Amsterdam
address: The Netherlands
phone: +31 20 535 4444
fax-no: +31 20 535 4445
e-mail: X@ripe.net
admin-c: AMR68-RIPE
admin-c: BRD-RIPE
tech-c: GL7321-RIPE
tech-c: JA47
tech-c: MENN1-RIPE
tech-c: EMIL-RIPE
tech-c: SSIE-RIPE
tech-c: RCO-RIPE
tech-c: APZ-RIPE
tech-c: CNAG-RIPE
tech-c: SMCA-RIPE
tech-c: BOH-RIPE
nic-hdl: OPS4-RIPE
mnt-by: RIPE-NCC-MNT
source: RIPE # Filtered

… output omitted …

% Information related to ‘193.0.18.0/23AS3333’

route: 193.0.18.0/23
descr: RIPE-NCC
origin: AS3333
mnt-by: RIPE-NCC-MNT
source: RIPE # Filtered

You can see from the whois output that this address is part of the address range 193.0.18.0 – 193.0.21.255 which has been delegated to RIPE NCC. It lives in the prefix 193.0.18.0/23 which is supposedly announced by AS3333.

Check the Real World BGP
We can check if this is correct by using a looking glass, I found that AS6453 got an online looking glass.
Choose BGP and enter the IP address 193.0.19.25.
Look for: BGP routing table entry for 193.0.0.0/21. Right, it is announced as a /21 on the internet.

We can go further and perform an inverse query to check for other prefixes that AS3333 have registered to see if it’s part of a larger range.

This time I have to ask whois.ripe.net directly because the whois tool on linux automatically chooses the correct whois server for an object, and it does not understand which whois server it should send inverse queries to.

$ whois -h whois.ripe.net — -i origin AS3333
% This is the RIPE Whois query server #3.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: This output has been filtered.
% To receive output for a database update, use the “-B” flag.

% Information related to ‘193.0.0.0/21AS3333’

route: 193.0.0.0/21
descr: RIPE-NCC
origin: AS3333
mnt-by: RIPE-NCC-MNT
source: RIPE # Filtered

% Information related to ‘193.0.12.0/23AS3333’

route: 193.0.12.0/23
descr: RIPE-NCC
descr: Specific range for nameserver operations.
origin: AS3333
mnt-by: RIPE-NCC-MNT
source: RIPE # Filtered

% Information related to ‘193.0.18.0/23AS3333’

route: 193.0.18.0/23
descr: RIPE-NCC
origin: AS3333
mnt-by: RIPE-NCC-MNT
source: RIPE # Filtered

% Information related to ‘193.0.20.0/23AS3333’

route: 193.0.20.0/23
descr: RIPE-NCC
origin: AS3333
mnt-by: RIPE-NCC-MNT
source: RIPE # Filtered

There we go 193.0.0.0/21 is registered there as well, now this is actually part of a (seems like) special /18 which parts of is handed out to network operators. According to remarks, RIPE itself has taken 193.0.0.0/19 for their own network. (And this is just a little of what information I gathered in three minutes.)

A whois of the AS Number:

$ whois AS3333
[… output omitted ….]
% Information related to ‘AS3333’

aut-num: AS3333
as-name: RIPE-NCC-AS
descr: RIPE Network Coordination Centre
[… output omitted …]

Usually you can find references to an org, to check a prefix just use the command whois PREFIX | grep ^org, or use egrep to also get type of address space; you will then often get a result like this:

$ whois 193.0.0.0/18 | egrep \(^org\|^status\)
org: ORG-NCC1-RIPE
status: ALLOCATED UNSPECIFIED
organisation: ORG-NCC1-RIPE
org-name: RIPE NCC
org-type: RIR

The org-name is the name of the organisation, the type can be for example:

  1. RIR – Regional Internet Registry (king of the hill [or continent])
  2. LIR – Local Internet Registry (basically an ISP)
  3. OTHER – Other type, for example users of PI address space

The status is the type of address space, it can be for example:

  1. ALLOCATED UNSPECIFIED – This is often legacy address space which was not handed out under current conditions.
  2. ALLOCATED PA – Provider Aggregatable, which is a larger address space handed out to LIRs for sub delegations.
  3. ALLOCATED PI – Provider Independent, handed out to smaller organisations (registered as OTHER) which are NOT members of the RIPE NCC (LIRs), this kind of address space makes it possible for a company to multihome and change providers without changing IP addresses. (Rather than getting assignments from a larger PA address space)

I guess you figured out that you can also whois the org name, ‘ORG-NCC1-RIPE’.

Let me know if I also should write a tutorial on how to update and perform changes to the RIPE whois database!

3 Tips On How to Solve The Need for Network Redundancy

Saturday, October 4th, 2008

Take a look at these tips for solving redundancy in a Cisco based network!

HSRP is the Hot Standby Router Protocol.

Most client hosts do not run any dynamic routing, and is seemingly prone to a single point of failure in the event of a router failure.

With HSRP running on two routers, the actual gateway IP address is bound to a virtual MAC address. The active HSRP router will respond to frames destined for the virtual MAC address, and redundancy is provided.

Configuration of HSRP in Cisco IOS

Enter interface configuration

Router(config)# interface fastethernet 0/0

Set an IP address

Router(config-if)# ip address 10.0.0.3 255.255.255.0

The router will still need an IP address to communicate on, for example when not elected as active.

Activate HSRP for this interface

Router(config-if)# standby 1 ip 10.0.0.1

The IP address 10.0.0.1 is the redundant virtual IP address.
This is the command that enables the HSRP process on the interface.

Tweaking the priority

Router(config-if)# standby 1 priority 100
Router(config-if)# standby 1 preemt

The router with the higher priority will become the active HSRP router when the preemt command is enabled.

Verifying HSRP configuration

Router#sh standby
FastEthernet0/0 – Group 1
State is Active
2 state changes, last state change 00:00:59
Virtual IP address is 10.0.0.1
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.576 secs
Preemption enabled
Active router is local
Standby router is unknown

Priority 100 (default 100)
IP redundancy name is “hsrp-Fa0/0-1” (default)

As you can see from this output, we are the active HSRP Router for HSRP standby group 1 – and the Standby router is unknown, this means the other side has not been configured.

There has been 2 state changes, because it will first automatically be in mode Speak, then it will eventually go through Standby to Active.

BGP
Using BGP is a must when it comes to redundancy, it will let you multihome with different upstream providers. I have written an article with an introduction and a Basic example BGP configuration in Cisco IOS.

If you need IPv4 addresses for your organization, you may qualify for a PI Network (Provider Independent). This will enable you to take part in the global routing and pick and choose among several upstream providers.

Rapid Spanning Tree Protocol
STP is a layer 2 protocol that detects and blocks layer 2 loops, with a very fast convergence time on link state changes. To configure spanning-tree you can use the following commands.

Enable spanning-tree

Switch(config)# spanning-tree mode rapid-pvst

This command enables the per vlan rapid spanning tree, this means one STP instance per vlan.
Be aware, there is a limit in at least Cisco 3560 and Cisco 3750 that limits it to 128 simultaneous spanning tree processes.

How STP Detects Loops and BPDU filters
The switch will flood BPDU’s (Bridge Protocol Data Units) out on all interfaces per default, and if it can see its own MAC address in an incoming BPDU it will know when a link have looped.

Switch(config)#interface GigabitEthernet 1/0/1
Switch(config-if)#spanning-tree bpdufilter enable

This will stop sending and receiving of BPDUs on the interface GigabitEthernet 1/0/1.

Switch(config-if)#spanning-tree bpduguard enable

This command will make the switch ignore BPDU’s received on the configured interface.

Change spanning tree priority

Switch(config)#interface GigabitEthernet 1/0/1
Switch(config-if)#spanning-tree vlan 100 cost 200

This will apply a cost of 200 to vlan 100 traversing over GigabitEthernet 1/0/1

Verify Spanning Tree

Switch#show spanning-tree vlan 2000

VLAN2000
Spanning tree enabled protocol rstp
Root ID Priority 27223
Address 0012.5555.0000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 27223 (priority 24576 sys-id-ext 2000)
Address 0012.55555.0000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Gi1/0/2 Desg FWD 4 128.2 P2p Peer(STP)
Gi1/0/3 Desg FWD 4 128.3 P2p Peer(STP)
Gi1/0/5 Desg FWD 4 128.5 P2p
Gi1/0/15 Desg FWD 4 128.15 P2p

This is output from the root bridge, all ports the vlan exists on are in Forwarding mode.
The protocol output in the top verifies that we are running rapid STP.

Output from Neighbor STP Switch

Switch2#show spanning-tree vlan 2000

VLAN100
Spanning tree enabled protocol rstp
Root ID Priority 27223
Address 0012.55555.0000
Cost 4
Port 1 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 35415 (priority 32768 sys-id-ext 2000)
Address 0012.0007.dddd
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface Role Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Gi0/1 Root FWD 4 128.1 P2p
Gi0/4 Desg FWD 4 128.4 P2p
Gi0/8 Desg FWD 4 128.8 P2p Peer(STP)

We are not the root bridge, the output shows that ‘Switch’ is the root bridge for this spanning tree.