BGP communities

O men, when you start to write about BGP it is probably the time then you seriously start questioning yourself where did I go with myself. That is probably the moment in which you realize that there is a network geek sitting somewhere inside you. At least that is what happened to me when I finished to write this huge post. Don’t be scared, it’s fun to know about this thing below.

Simple start

Every local network is managed by his own network administrator. If the network become big enough and there are more than few sub-segments inside that network there will probably be some kind of routing protocol running inside. That routing protocol will be IGP or interior gateway protocol more probably OSPF as it’s vendor independent.

When we want to connect our network to other networks across the world, we are trying to connect it to the internet. The Internet is the network connecting most of the networks today and in that way it became the biggest inter-networking system in the world. To be able to get that huge network to function and get our LANs to act jointly there must be a routing protocol that enables it.

BGP – Border Gateway Protocol is that one.

Every individual network has his own policies that are enabling that network to behave as the administrator want. When connection networks to the internet network all those policies need to be tied together with BGP protocol in order to influence outside communication entering the local network and communications initiated from the local network going outside somewhere on the internet. This is done using more that few different BGP attributes. Those attributes are forwarded across specific prefixes. Sometimes those attributes are not only forwarded but also modified on the way, one of which is the community attribute.


VXLAN – Virtual Extensible LAN

As the time goes by and the network with more and more virtualised servers and other devices are making that network more complicated, overlay technologies are rising to save the day for network administrators.

Virtual Extensible LAN – VXLAN is a new encapsulation technology used to run an overlay network on current Layer 3 communication network. An overlay network is considered as a practical network that is set up on the top of current layer 2 network. It also considers additional layer 3 technologies to aid flexible computer architectures. VXLAN will make sure it is very easy for network engineers to level out the right cloud computing setting while reasonably separating cloud applications and tenants. A cloud computing environment is defined as a multitenant, every tenant needs its separately configured logical network, which in return needs it’s very own network ID or identification.

What the hell that means?

What it this VXLAN doing actually. To put it simple, VXLAN can create logical network to connect your virtual machines across different networks. It is enabling us to make a layer 2 network for our VMs on top of our layer 3 network. That’s why VXLAN is a overlay technology. In “normal” network if you are connecting virtual machine to get the connection to some other virtual machine on different subnet, you need to use a layer 3 router to make a connection between networks. With VXLAN we can utilize VXLAN gateway of some sort to connect them without even exiting into physical network.

VXLAN frame

Image: VXLAN frame – taken from website

Redundant Default Gateway solutions in IPv4 networks

This article is an introduction to different default gateway solutions. Those technologies are enabling devices on IPv4 local subnets to have more than one Default gateway configured or at least some configuration that make them work half the way of ideal redundant solution. Idea behind this article is to be an introduction to a set of articles that will explain different redundancy solutions based on IPv6 technology. Some of those technologies, will be used in future and some of them already existing and suggested to be used from day one on IPv6 implementation.

Default Gateway?!

Redundant default gateway

Default gateway is the next hop address of the device that leads the packets out of the local LAN segment. If there are packets destined to an IP address that is not from local subnet PC will forward those packets usually to router device that will have the information where to forward those packets in order to get them transferred towards the destination.

ICMP – Internet Control Message Protocol

ICMP protocol is a bunch of error, queries and response messages that are helping us every day to troubleshoot and manage our networks. At least if you found yourself in a networking engineer role.

Network protocol “ICMP” is known as a control protocol because it is used for the purpose of administration and management within an IP network. Described in RFC 792 ICMP is a vital part of Internet protocol implementations, but it is not holding the application data. It carries the network status information. This protocol is being utilized to provide the details of:

  • issues during the core communications and interactions of applications within a network
  • network obstacles and congestion
  • out-of-the-way hosts accessibility

ICMP e.g. PING utility that is being utilized the Internet control message protocol in order to check out if the distant hosts is reachable and in addition it generates info about round-trip point-in-time. Moreover, TRACEROUTE is a supportive feature of ICMP. This element can spot the intermediate hops in between a specified source machine and an end machine. TRACEROUTE will also give us a way to find where in the middle of the network one hop is blocking the path of the packet being delivered.

ICMP header part organization

Every one ICMP packet will take one header of 8-byte along with a variable-sized section for data. The initial header’s 4 bytes will be unchanging and consistent. And opening byte will be reserved for the type of ICMP while second byte will be kept to store the ICMP code. Consecutively the 3rd and 4th bytes serve as the whole message checksum. But the rest of header’s 4–byte can be varied and conditional on the ICMP type plus its code. ICMP4 was introduced for the IP version 4.

IPv6 Anycast Address type

IPv6 Anycast Address


As the name says it’s an address that can exist more than once anywhere in the network. It is maybe better to say that it can exist in multiple places all over the Internet. This kind of address is basically enabling us to have servers and services physically closer to us as they would be if the unicast address was used. It this way we are able to have, for example, a server with one anycast IP address somewhere in US and other server with same service somewhere is Europe. If I am in Europe, closes server on that IP address will handle my request, so my service will be closer to me and it will probably also improve service security and speed. All that can be done in different way but giving two servers same “anycast” address is basically the simplest method possible to enable this kind of “geo” localization of selected service.

How anycast works?

As said before anycast addresses are called anycast because one address can be assigned to multiple interfaces on different devices on the network. Packets that are going to anycast IP destination address will be caught by nearest device. Today’s anycast IP addresses are used on some special routers and the most important thing, they are used on some DNS root servers. You can see why on root DNS servers that would be the best thing to do? You can then have one copy of the same DNS root server for example on each continent in order to save some delay time and bandwidth usage.

IPv6 had from the development phase the intention to support anycast just like described from RFC 1546. (RFC 1546 mentioned below in history section). IPv6 anycast has no special prefix and IPv6 anycast addresses are basically normal global unicast addresses. Each IPv6 configured interface on some device needs to be configured with one anycast address.

There is a big chance that anycast interfaces have no defined region, in that case every anycast entry would need to be propagated throughout the whole Internet. That would probably not scale well so support for that kind of global anycast addresses will be more or less impossible to handle.

If there are regions defined, inside the region devices with same anycast address will only need a separate entry in the routing table.

If there are more routers that are connected to some network subnet we can configure them with the same anycast address. Let’s say that is a default gateway of a LAN subnet. If we have more routers which we can use to get out of the local network and go on the Internet for example. We can then configure all those routers with same anycast IP address. Our devices inside LAN can have one default gateway address configured. That anycast address from all routers. All devices will be able to go to the internet and they will use first available router.

Troubleshooting EIGRP Neighbor Relationships

EIGRP internals and getting hands dirty in debugging routing adjacency and solving EIGRP neighboring issues.

What is sequence TLV and Conditional Receive CR-mode and CR flag

Couple of days ago I got a strange network behavior in my CCIE lab. Something was wrong between a router and L3 switch connection and there was EIGRP neighbor relationship reset every few minutes. It was happening all the time so I decided to debug a little.

It was looking something like this and I was very confused about it:

*Mar 1 01:00:32.135: EIGRP: Received Sequence TLV from
*Mar 1 01:00:32.135:
*Mar 1 01:00:32.139: address matched
*Mar 1 01:00:32.139: clearing CR-mode
*Mar 1 01:00:32.139: EIGRP: Received CR sequence TLV from, sequence 5
*Mar 1 01:00:32.139: EIGRP: Received UPDATE on FastEthernet0/0 nbr
*Mar 1 01:00:32.139: AS 1, Flags 0xA, Seq 5/0 idbQ 0/0 iidbQ un/rely 0/0 peerQ un/rely 0/1, not in CR-mode, packet discarded
*Mar 1 01:10:00.123: EIGRP: FastEthernet0/0 multicast flow blocking cleared

The thing that was happening here is basically just some EIGRP internals doing their job. To be precise this was reliable routing information delivery over both multicast and unicast doing his reliable update delivery.

Normal EIGRP synchronization is done using multicast.

If we have two EIGRP routers that are trying to make initial sync and become neighbors they will intentionally see each other as “laggard” in the beginning. The term laggard is important here as it symbolize a neighbor to witch we are sending EIGRP updates in separate unicast communication.


If one EIGRP router is sending updates to, let’s say, 5 other neighbors. It will send that update to address and it will include the update sequence number inside. Let’s say Seq=25.

When it sends the update Seq=25 to the network segment it will get ready to send next update with Seq=26 and wait for the acknowledgement of sequence 25 update. The problem is that the router will put newly prepared update Seq=26 onto the transmission lists for all 5 neighbors and it will not send it out to anybody until he acknowledges sequence 25 update from all 5 neighbors. That means that if one of 5 routers does not send back the acknowledgement for Seq=25 update our router will not continue sending multicast update Seq=26 to anybody and he will lose the neighbors after hold timer expires.

Packet capture in Cisco IOS

Packet capture on IOSThis will be a brief article but a good one. It will save you some walking time to server room. I have the need to capture traffic on the switch or on the router several times every week. That action needed from me to be physically near the switch and to configure SPAN port so that I can connect to the switch with my machine and capture some packets with wireshark. Okay, I could use RSPAN to get captured packets to the closest switch but this altogether is not good enough. It’s too time consuming for short packets captures in troubleshooting sessions.

Recently in my CCIE study I came across the info that Cisco IOS is able to capture packets on the device itself and on more interfaces in once. You can later export that capture to your PC and analyze it with wireshark.

You can do it like this

Read more

Go to top
How does Internet work - contents page