Skip to main content


Showing posts from 2013

VRF Maximum Routes

Maximum routes under customer vrf, if the service provider had unlimited resources he would not have needed that!
however normally resources are limited and expensive, and Service provider would like to make money from his available resources. maximum routes configured under VRF provide a mean of controlling PE local resource and abuse avoidance from the CE side.I have vrf called DC_EXTRANET, you can see that I have 16 routes, I have configured 10 maximum routes under that vrf however I did not want to be aggressive so I have set the warning only option. See that immediately I get a notice that I have more routes then the maximum, however no action is taken other then alerting and sending a syslog. ! PE_ashdod_otherisp.n(config-vrf)# maximum routes 10 warning-only % The current number of routes in the routing table is equal to, or exceeds the configured warning limit PE_ashdod_otherisp.n(config-vrf)# *Nov 26 20:39:41.175: %IPRT-3-ROUTELIMITWARNING: IP routing table limit warning - DC_…

CCDE Written

Just recently I had to re-certify my CCIE, so I have decided to go for the CCDE written this time. I have cleared that Exam so I would like to share some of the material I have used, the written encompass high level design focusing on VPN’s from all sort and types (MPLS , DMVPN , GETVPN , IPSEC , L2 , VPLS, MLD) and adding with that Security QoS and Management even storage. so you do not need to know how to configure everything (or anything for that meter) you must need to know where and what technology to use in different given situations.To study for that exam I had done some reading (not cover to cover)BGP Design and ImplementationMPLS and VPN Architectures (CCIP Edition)In Addition I have used the excellent resource called ciscolive365 video lectures:BRKMPL-2102 Deploy MPLS Based IP VPNBRKRST-3310 Troubleshoot OSPFBRKRST-2042 HA WAN DesignBRKRST-2310 OSPF Large Scale BRKSEC-4054 DMVPNBRKIPM-2444 EIGRPWritten check list:

ISIS Database Reading

ISIS is simple to operate normally while everything is working, most common deployments are flat network based on L2, however when there is a problem and we need to start troubleshooting then people start to get lost.So I would like to provide some tools on how to read ISIS database.notice to the “*” sign, that mean LSP was generated on the router you did the show command, you can see that host name from the show command match also host name on the LSPID,LSPID identified by hostname.xx-yy,  xx is normally 00 unless that LSP is pseudo node LSP generated by DIS , yy is representing the number of fragments for that LSP 00 – FF (max 255 fragments, plenty), most cases all the important information will be in 00 unless there are many fragments.LSP Holdtime is the amount of time an LSP will stay in database without any refresh.ATT/P/OL - 0/0/0, ATT bit or attached bit is used on L1/L2 connected to L1 node, if set to 1 L1 node will generate default route to the best L1/L2 node (best metric)AT…

OSPFv3 Forwarding Address under NSSA vs Regular External

I am sharing something I researched recently at work, and still do not have the final answer, however it is interesting so I decided to write about it, some of the development group asked us why and if it is really important to use the Forwarding address in OSPFv3 implementation.I have used the above model (and another that may be I will share later).External NSSAExternal without NSSAI am advertising from R6 and R5 net 2001:11:145:56::On the External database of R1 there is only a single selected although under R3 both options (from R5 and R6) are there, so it looks like it is being filtered.R1#sh ipv ospf database external             OSPFv3 Router with ID ( (Process ID 1)                Type-5 AS External Link States  …  Routing Bit Set on this LSA  LS age: 143  LS Type: AS External Link  Link State ID: 1  Advertising Router:  LS Seq Number: 80000002  Checksum: 0xEC3F  Length: 56  Prefix Address: 2001:11:145:56::  Prefix Length: 64, Options: None  Metric Type: 2 …


Today I completed the JNCIP-ENT test requirement, as I am working today mostly in the SP area some of the L2 subjects where a memory refreshers such as STP, QinQ (surprisingly high amount of questions in that area), easy (at least if you are in CCIE level) questions where in the Routing zone (OSPF and BGP). overall nice test I would think they should add some MPLS and reduce the L2 questions. I think that I will not pursue the JNCIE-ENT and prefer to go next with the SP track as more relevant to me.