mellowd CCIE blog A CCIE blog.

Welcome Back

A long time ago I had a pretty successful blog located at mellowd.co.uk/ccie - I used this blog at the time to document my journey towards my CCIEs and well as my JNCIE. Unfortunatley, I lost the entire blog in a botched upgrade a few years back. My intention here is to try and republish some of my better posts. I’ll be able to extract this info from the wayback machine. Note that a lot of the posts were relevent years ago and things have since moved on. But some of the fundamentals never change :) I’ll be releasing content over the coming weeks.

RELOAD IN X ? Why not just revert the config instead of reloading the router?

If you’re configuring an IOS router remotely with a chance of losing the device, most engineers might decide to do a reload in 5 before starting. If you happen to lose connection to the box after a change, the router will reload in 5 minutes erasing any unsaved changes. This works, but is less than ideal. It can take a few minutes for a box to reload. What happens if the box is looking after multiple customers as well? There is a better way. Just revert the config. Using this is pretty trivial. You do need to turn on the archive command first though.

MPLS L3VPN- Route Distinguisher vs Route Target vs VPN Label

A lot of people confuse the above 3 items. I’ll explain exactly what each of the 3 above items do, how you can see them, and how the routers use them to provide a L3VPN service. Let’s take the following topology for this post: Here we have 2 L3VPN customers running over our MPLS core. R5 is advertising 5.5.5.5/32. R8 is also advertising 5.5.5.5/32 Route Distinguisher The route distinguisher’s sole job is to keep a route unique while the PE routers advertise NLRI (Network Layer Reachability Information) to each other. If R5 and R8 both advertise 5.5.5.5/32 to R3, how will R3 advertise both of those routes to R4 while keeping them unique.

Protocol Fundamentals – dot1q

I’ve noticed that a lot of people seem to get confused with what exactly dot1q is doing most of the time. It’s actually incredibly simply. Tagging traffic, or Trunking in Cisco-talk, is a very straightforward process. I will not be discussing ISL here as not only do I not use it, but Cisco is phasing it out on their stuff anyway. The dot1q tag is simply inserted into the layer2 header when a packet leaves a switchport over a trunk. If a frame leaves a switchport that is not a trunk, there is no dot1a tag inserted into it, regardless of what vlan the frame came from or is going to.

RIB, FIB, LFIB, LIB ETC

It can be quite confusing to work out what all these terms are exactly referring to. I’ll try and put a concise answer for all of them here with an example. RIB – Routing Information Base This is the route table. i.e. When you do a show ip route, the RIB is what you see AR1#sh ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 10.

Access-lists vs Prefix-lists

The main purpose of this post is to show how prefix lists work and how to decipher them vs regular access lists. Access-lists do a great job on Cisco devices, not just for security but all kinds of route filtering, QoS, and so on. A prefix list is a bit different form an access-list, and it’s important to know the differences and when to use either. I’ve created the following simple topology to illustrate what I’m going to be doing. There are 2 routers, both running BGP. Router1 will have numerous loopbacks with IP addresses that will be advertised into the BGP process.