Cisco VIRL is finally out

Cisco virl logoCisco finally released long-awaited personal network simulator VIRL. VIRL is a simulator like Cisco CML – Cisco Modelling Lab released few moths ago which is made available for business network simulations and testing in engineering normal day job. With VIRL we got a personal version of CML with drastically lower price tag aimed to help students preparing for Cisco CCNP and more than that for those preparing CCIE lab exam. VIRL will surely help the engineers managing small business network to proof their configuration change before applying it to real network.

cisco_virl

This solution give us a more stable and “official” GNS3 which will save all the time spent troubleshooting lab issues that were really GNS3 issues.

INE v5 Full-Scale Practice Lab1 TS GNS3 topology

Few days ago I added an article with Config GNS3 topology for newly published INE Routing and Switching Workbook v5 Full-Scale LAB1. Here’s now the topology with starting config of TS section for LAB1.

I will not insert here any of my stories today as the same article was published before but with other topology files so if you would like more info, just go to previous post INE R&Sv5 Workbook Full-Scale Practice Lab1 made in GNS3

LAB1 TS WBv5

DOWNLOAD

When they throw a Cisco guy to do something with HP networking gear

…There’s a nice little pdf to get you through

HP is aware that most of networking engineers start their learning process in Cisco Networking Academy. Is is a normal course of events if you want to learn networking. Cisco has the very best study materials and best, carefully developed syllabus that is both high quality and most detailed in the world of networking. Not to mention the high reputation that engineers get with Cisco certificates standing by their names.

Cisco CLI

On the other hand, when you take an average mid-size business customer today you will probably see that he is mostly concerned about the price and not so much about the feature-set and robustness of IT equipment. And there you have your situation in which customer decides to go with HP rather than Cisco gear in their communication closet.

INE R&Sv5 Workbook Full-Scale Practice Lab1 made in GNS3

Yesterday INE finally added a Full-Scale LAB in their new CCIE Route and Switching blueprint 5 workbook.
I realized this morning that you maybe don’t want to spend half of your day (like me) configuring this topology in GNS3. Better to just take it from here and start your lab right away.

In my study process for the last year I made almost all my labs from INE on GNS3. In that way I was able to run the labs for more days in a row and not think about the money I would spent on rack rentals. Of course, you will still need some rack rentals particularly for troubleshooting sessions. For troubleshooting you need preconfigured rack because if you configure those topologies by yourself there is a big chance that you will see ticket answers and that will break the point of troubleshooting study process.

All my config sessions were done on GNS3 and this one in the next few days will be also done in GNS3. If you want to spare some time and get the topology ready, up and running in few minutes you can download it at the end of this article.

INEv5GNS3

Read more and download files!

What is the difference between tunnel | transport mode in IPsec

Intro

IPsec makes VPN connection possible. I enables to simulate a leased line across public Internet and thus enable us to get secure connection across unsecured environment. It enables encryption, authentication and protection of our data when sent across insecurity of the world’s biggest internetwork – Internet.

It’s the cheap way to simulate a leased line, the way to send private data across the public network without compromising privacy. The goal of IPsec is to secure services and lower the cost of data transfer. Try to compare it to pricing of data transfers across dark cables / leased lines.

There are two parts of IPsec security suite
– ESP – Encapsulating Security Payload
– AH – Authentication Header

Based on our situation we can configure two different modes of operation and here we are to make the things clear about the differences and the technology behind those modes.

IPSec Transport Mode and Tunnel Mode

/31 subnet in point-to-point links. Is that possible?

subnet /31

Ok, this is strange! At least this was my first reaction when I saw that in one of my CCIE labs that I am trying to resolve all the links between routers are addresses with a subnet /31.

Isn’t that weird that something like this you see for this first time after couple of years in networking. For me it was. It blow my mind out. I asked my more experienced networking colleagues later but for them it seemed new too. They said at first: Ok men, that’s not possible!

Well, try to type it on router interface and you will se that it is possible. It strange for sure, but it’s possible. Router OS (Cisco IOS in this case) will try to be sure that you will use this kind of subneting only for Point-to-point links. That’s why it will issue a warning message if you apply this subnet mask on an Ethernet interface. For serial it will go without the warning.

The idea behind this is of course simple if you put it this way:

BGP dampening – punishment for unstable BGP prefixes

BGP prefix flapping can be caused by different issues in network. Basically every unstable network where links are unreliably and are going up and down here and there can cause BGP prefix flapping. Every prefix flap will cause some networks to became unreachable. BGP process will then need to recalculate best-path in order to hopefully find other way to get towards unreachable network.

Impact on the network can be enormous as one network prefix missing can mean that huge number of other networks will change the path on which they are reachable. In the situation of prefix flap we have the prefix going up and down all the time. After every status change all those efforts of finding new best-path are done, and when the prefix comes back, everything is calculated again and becomes like before. We have a way to cut the impact of flapping prefixes.

By implementing BGP prefix dampening. When configured, dampening will punish those prefixes that are changing state from reachable to unreachable few time in determined time period. After every flap BGP will give to that prefix a defined penalty of 1000 by default. The penalty points will immediately start to be reduced exponentially but if the prefix flaps more times in little time period he will surely collect enough point to reach Suppress Limit and BGP will at that point mark the prefix as damped. It means that it will immediately suppress the advertisement of the prefix until the penalty points do not fall below Reuse Limit which is 1000 by default. Suppress limit is 2000 by default and yes, there will be needed for prefix to flap three times in order to be suppressed by default (you need to count that the first penalty will be 1000, next one also 1000, but the first one will fall at least by 1 to 999 before second flap occurs.)