joomla template

Earlier this week I published the topology for CCNP TSHOOT built in GNS3 but for some reason the attachments didn't work so I had to move the article, you can find it right here.

It's a good idea to spend some time looking at this topology and its configuration. See why things are working and the way they were designed. I'll be uploading different labs with troubleshooting tickets later for you.

I have plenty labs on MPLS on GNS3Vault that will help you learn but to help you a little more i'll let you know in which order you should do them. Before you start learning MPLS make sure you have a strong knowledge on BGP. MPLS relies heavily on BGP so upgrade your knowledge if you have to. There are plenty of BGP labs for you here.

Having said that...time for MPLS!

If you are new to MPLS start with the VRF Lite lab which will teach you the fundamentals. A VRF is for routing what a VLAN is for switching.

Once you understand VRFs you can check out the MPLS LDP lab which introduces you to tag switching.

Next stop will be to simulate an ISP MPLS Backbone with customers connected to it using different routing protocols:

- Basic MPLS VPN (EIGRP)
- MPLS VPN PE CE using RIP lab
- MPLS VPN PE CE using OSPF & Sham Link lab

Once you finish those labs you can try my MPLS VPN Advanced lab which teaches you how to configure an ISP MPLS Backbone with multiple customers running different routing protocols and offering them services like central servers and Internet. The VIDEO is 2 hours and 50 minutes so it's quite a large lab!

Those labs will teach you all the skills you need to get going with MPLS.

Let me know what you think by leaving a comment!

If you are studying for your CCNP after getting your CCNA you'll probably see BGP for the first time. In this article i'll explain to you why we use BGP. If you are unsure what BGP is or how it works i'd suggest to read my BGP for Beginners article first.

You probably have an idea of how BGP works, how to configure it but you are unsure why you should use it. We'll walk through a number of scenarios and look at the advantages.

Look at the picture above, there's a customer network at AS 100 and the ISP is in AS 200. There is only a single connection to the ISP so in this scenario it makes no sense using BGP, just advertise a default route in your IGP and you are good to go. There's only 1 exit path...

In this scenario we have 2 links to a single ISP. Is it any good to run BGP here? Let's take a look at the options that we have:

• Advertise a default route in your IGP for a single link, traffic will only be sent down this link.
• Advertise a default route in your IGP for both links with an equal metric. Both links will be used and you'll have 50/50 load balancing.
• Run BGP and be able to load balance in any proportion you like.

Everything behind the ISP network was a "blind spot" for us, we had no idea what networks were out there since we were only using a default route. With BGP we will receive all the different prefixes out there and you will also see in which AS they are. Path manipulation is easy with BGP since we have a rich list of "Attributes" to play with. By using BGP you have more control over your load balancing. Traffic heading for network "LargeCompany" could be sent down the first link and traffic towards "HugeCompany" down the other link. There's no way to manipulate on this level using an IGP since you have no idea what is behind the ISP network, with BGP we do!

When you are "dual-homed" to 2 ISPs BGP will make even more sense. Our customer is connected to 2 different internet service providers. Because we use BGP we get to see all the AS'es systems out there and the different prefixes within the AS'es. If our customer router would send traffic meant for the LargeCompany AS towards ISP2 than ISP2 will have to forward it to ISP1 since there's no direct link between ISP2 and LargeCompany. With BGP we can see this so maybe it's better to use ISP1 to get there.

I hope this gives you some insight why to use BGP. Basically it all boils down to this:

"The more you know, the better off you are"

Well this doesn't always apply in life but for BGP it does! If you have more complete routing information you can make better routing decisions.

I'm looking forward to hear your thoughts or questions, please leave a comment below if you want to share something.

I'm writing this article for everyone that is new to BGP. Perhaps you have passed your CCNA and have learned about all the IGP's like OSPF, RIP and EIGRP but you still don't know anything about BGP. Before we start talking about BGP, there's something you need to keep in mind...

Forget everything you know about OSPF (link-state) or EIGRP/RIP (distance vector) routing protocols because BGP is totally different and called a “path vector” routing protocol. Now don't feel frustrated ;) We'll have a look and see what BGP is all about! You are probably familiar using EIGRP or OSPF since these are IGP (Interior gateway protocols) and you are using them on your own network.

You should be familiar with the term AS (autonomous system), your own network is an example of an autonomous system. All the interior gateway protocols have one thing in common, they all want to find the “shortest” path to their destination network. They have a different view on what the shortest path is though:

• OSPF: Cost
• EIGRP: Bandwidth, Delay, Load and Reliability (also called the K-values)
• RIP: Hop count

BGP is not an interior gateway protocol but an EGP (exterior gateway protocol) and used to connect all the different autonomous systems. Now think big.....BIG! On an Internet scale we have a LOT of autonomous systems. With BGP we can see all the different networks, to which autonomous system they belong and which autonomous systems we have to cross to get there. BGP is what we use for routing on the Internet.

In the picture above we see multiple autonomous systems. These could be large networks from service providers who are connected to each other. Within each autonomous system we are running an Interior gateway protocol. AS100 might be running OSPF, perhaps AS200 is running EIGRP and AS300 and AS400 something else.

The routers that are connecting the different autonomous systems to each other are running BGP. Because we are setting up BGP between 2 different autonomous systems this is what we call “External BGP”. Now if you want to see what a real BGP router looks like, you can use one of the many looking glass servers that are found on the internet, try the following one by telnetting to this address:

route-views.optus.net.au

So just type in “telnet route-views.optus.net.au” in your command line and you'll have access to a Cisco router.

Type in “show ip bgp” to see an example of a BGP routing table:

BGP table version is 134443079, local router ID is 203.202.125.6 

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 

r RIB-failure, S Stale 

Origin codes: i - IGP, e - EGP, ? - incomplete 


Network Next Hop Metric LocPrf Weight Path 

* 1.0.4.0/22 202.139.124.145 10 0 7474 7545 56203 i 

If you look at the right side you see “Path” with the values 7474, 7545, 56203. These values are the autonomous systems that you have to go through in order to reach network 1.0.4.0/22. Pretty neat huh? Metric, LocPrf (Local Preference) and Weight are the attributes that BGP uses to influence routing decisions, you can forget about those for now but I will write another article on them in the future.

We just learned what external BGP is, this is when you run BGP on routers between different autonomous systems. But there's also internal BGP so let's see what it is and why we need it.

Take a look at the following picture:

Let me explain you what we have here: There are 3 different autonomous systems, AS100, AS200 and AS300. As you can see AS200 is running OSPF inside it's autonomous system. We don't care about what AS100 or AS300 is running inside it's autonomous system for this scenario. We are using the following ip addressing scheme within the autonomous system:

AS100: 10.0.0.0/8

AS200: 20.0.0.0/8

AS300: 30.0.0.0/8

BGP has been configured between the 3 autonomous systems, and since it's between autonomous systems this is EBGP (external BGP). We have advertised the networks in BGP and life is good. However in this scenario there is a problem.

AS100 will advertise 10.0.0.0/8 towards the BGP router in AS200 on the left side.

How does the router on the right side in AS200 know about this information? We are only running OSPF within AS200 and we are not redistributing BGP information into OSPF. (An Internet routing table consists of roughly 350.000+ entries...no way you can have this many networks in OSPF).

The answer is simple...let's configure BGP between the left and right router within AS200. Since they are in the same autonomous system this is called IBGP (internal BGP). Excellent so now both routers are running IBGP and they can exchange routing information.

So are we done? Is this going to work? Unfortunately....Nope!

Let's imagine the following situation: AS100 sends a packet meant for 30.0.0.0/8 towards AS200. AS200 has learned about the 30.0.0.0/8 by BGP and knows where to send it. The router on the left side in AS200 will send it towards the router on the right side by using the router on the top or bottom in AS200.

What do you think these routers will do? Does OSPF know about the 30.0.0.0/8 network?

No they don't....they have no clue where this network is so they will drop the packet and send it to IP packet heaven. The solution is that you need to configure BGP on ALL routers within AS200.

So do you always have to configure IBGP? You only have to do this when your autonomous system is a transit AS. A transit AS means that your autonomous system can be used to pass traffic to another autonomous system. In this case AS100 needs to pass AS200 in order to reach AS300.

Ok I think that's enough BGP for now and to be honest I've been writing a bit more about BGP than I intended when I started this article. In the upcoming articles I will be writing about BGP attributes, this will show you how BGP will choose a certain path and how we can influence routing decisions.

So what do you think? Does this make sense to you? I'd like to hear what you think so leave a comment if you feel like!

Maybe you are new to taking networking exams or perhaps you have done plenty but never did a Cisco exam before. Nevertheless in this post i'd like to tell a little bit about the CCNA exam so you know what to expect. Cisco exams, and the CCNA exam is no exception are very 'hands-on' minded. This means if you have studied all your theory but never touched a router or switch before you are likely to fail.

There are questions where they will show you the output of show or debug commands and the only way to answer these questions are to get hands-on experience (that means you have to lab!). Having said that, what type of questions can we expect on the exam?

• Multiple-choice single answer

This is where you have to choose the best answer out of (mostly 4) possible answers. There's only 1 best answer which means if you are doubting you just pick the "best" answer (or close your eyes and have faith).

• Multiple-choice multiple answer

These are the "click all that apply" kind of questions. Normally you'll get 6 possible answers and you'll have to pick 2 or 3 of them.

• Drag-and-drop

These questions will ask you to drag a block and put it on the correct position on a network topology.

• Fill-in-the-blank

Here you will see a sentence with some empty words / values, you need to fill in the blanks by selecting the correct answer.

• Testlet

This is where they show you a scenario, you need to take some time to read it and then answer 4 or 5 questions about this particular scenario.

• Simlet

The simlet shows you a picture of a network topology, you can click on some of the devices and do some show commands or a 'show running-configuration'. You don't have to change the configuration, just answer some questions.

• Simulations

This is where you actually configure a router or switch. Normally the simulation will tell you what to achieve to successfully complete the simulation. This will be something like "if you can ping router X then your task is completed".

If you have no idea what i'm talking about and want a more visual presentation i'd suggest to check out the Cisco site since they have a tutorial. Type in "cisco certification exam tutorial site:cisco.com" at Google and you'll find it immediately.

Let me give you some other tips that might help you pass your CCNA exam:

• Relax, take it easy: Some people are very nervous about taking exams, especially if they feel that they NEED to pass since the boss is paying, your colleague already passed or whatever reasons you have...take it easy. Make sure you arrive 15 minutes before taking the CCNA exam so you can relax or read some quick notes.

• Check out the Cisco exam tutorial interface: Searching in Google as I specified above, make sure you are familiar with the interface.

• Free time: Once you start your exam you will have 10-15 minutes of time for the tutorial. This time is not withdrawn from your exam time! During the tutorial you can check out the tutorial or spend your valuable time writing down everything that could help you. Write down those binary numbers, all subnets from /16 to /30 with the number of hosts left in each subnet, the full subnet mask like 255.255.255.0 , 255.255.255.128 etc, the matching wildcards and perhaps the OSI model. Now you can spend your valuable time at answering questions and looking up subnetting questions on your sheet.

• No previous button: When i started doing Cisco exams I messed up because my Microsoft exam technique was to answer all questions, then return to question 1 and start over, checking all the questions. If you do a Cisco exam there's no previous button....DOH!

• Hands-on experience: I can't say this one enough, if you don't practice on routers or switches you'll fail at beating the exam, it's as simple as that. The CCNA exam is 'hands-on' oriented so make sure you practice...and don't tell me you couldn't find any labs ;)

And the last tip, I really hope you don't need it but in case you fail...don't sweat it, it's too bad but it's still just an exam. You now have real life experience taking Cisco exams and believe it or not, this will help you for the next time! Make sure you write down or make a mental note of all the stuff you didn't understand. Do this because you will forget in a day or two. Write it down and get back to studying, do some more labs and test your stuff.

I hope this was helpful for you!

Do you think there is anything I should have added? Please share your opinion by leaving a comment...and if you pass your CCNA feel free to tell us about it in the forum or the community!

Rene

Every now and then I get questions from students (from real life courses) or people here on gns3vault which labs they should work on when they are studying for their CCNA. Maybe you are studying for CCNA yourself and are not sure where to start on this site. To help you and others I decided to compile a small list with the labs you should definitely do if you want to pas your CCNA.

Don't forget if you want to do get your CCNA you can do the 'combined' exam which consists of ICND1 and ICND2 or you can take both exams seperately. If you do the combined exam you'll need a higher passing score and of course there's more stuff for you to remember...you'll have to know everything. If you want to do both exams seperately this is what you can expect more or less:

ICND1

Kick off with the Static Routing Beginners lab and make sure you understand static routes. This is a great starter before you get into routing.

Once you feel familiar with static routes, the routing table it's time to try a routing protocol. RIP (Routing Information Protocol) seems simple but is a great way to start understanding Distance Vector routing protocols. Start off with the RIP Beginner lab and if you like it just try to do the RIP Advanced lab. This one might be a bit too steep for ICND1 or CCNA but I think you'll enjoy it and you should be able to work your way through.

If you've seen enough routing it's time to check out some WAN protocols. We'll start with the PPP Authentication lab where you configure PAP and/or CHAP authentication. Don't forget to run a "debug" to see how the link is built, this'll help you understand the theory of PPP better as well.

The last one to tackle is the Frame-Relay Basics lab, keep in mind you DON'T have to configure a frame-relay switch for your CCNA or understand how it works, but if you ever want to configure it on real life routers it might be fun to try. Otherwise just get the configuration from the final configs and stick it on the frame relay switch.Concentrate on the routers, there's enough to learn so the stuff you don't "have" to is nice.

The final CCNA ICND1 lab to work on is the ICND1 Assesment Lab. I have built this lab so you'll encounter most of the ICND1 commands, if you can beat this lab easily you'll have much of the 'practical' part under control.

Last word of advice, CCNA tests you on plenty of subnetting questions so make sure you practice plenty of those. You don't have enough time during your exam to take 5-10 minutes to solve a single subnetting question...make sure you can hammer at those and get going with the other questions. I don't have a lab for subnetting but I did write a very nice book which explains you how to do subnetting off the top of your head without touching any paper. I also describe how you can create your own "cheat sheet" which will help during your exam (don't worry I'm not talking about scrambled paper and smuggling it into the test center). If you have trouble with subnetting please check this out.

ICND2

ICND2 is where you get the good CCNA labs, protocols like OSPF, EIGRP and Spanning-Tree are more exciting than subnetting and the OSI model. Let's start off with some routing to warm up the muscles and have a look at the OSPF Single Area lab. Beat this lab and then get going with the OSPF Intermediate lab which will test your OSPF knowledge even further, you can't beat your CCNA without OSPF knowledge.

Let's do some more routing and there's no better way than checking out EIGRP. Start with the EIGRP Beginner lab and fight your way through the EIGRP Intermediate lab. Make sure you know how to configure a key-chain by checking out the EIGRP MD5 Authentication lab. Did you already forget about RIP and Split Horizon? EIGRP has split horizon as well so try the EIGRP Split Horizon lab to juice up your knowledge.

Not sure if EIGRP uses unicast, multicast or broadcast to send packets? Check out the EIGRP Unicast lab and find out! While you are at it make sure you do a 'debug' for EIGRP packets to find the answer...this is something to try for OSPF and RIP as well.

He/she that is studying networking does not have Google but Debug as his/her best friend...(and then Google for the output if you have no idea what it means)

~Rene Molenaar

Ok typing it like a quote is more like a joke and it looks kinda cool putting my name under it ;) But i'm serious about the message!...all the answers are in your router or switch just use the appropiate show and debug commands.

Last one for EIGRP...promise! Try the EIGRP Maximum Path and Variance lab which will help you understand successors, feasible successors and load-balancing for EIGRP a bit more.

Enough with the routing, let's play with Network Address Translation (NAT) and Port Address Translation (PAT). At the moment I only have the NAT Static Lab. Just configure NAT Static, then try Dynamic NAT and finally PAT. I'll see if I can put up some standalone labs for those as well.

The last one is awesome, go ahead and work on the NAT Dynamic Troubleshooting lab. If you truly understand this one and are able to finish it you'll understand a good deal about NAT and routing as well. Besides I believe it's a fun lab to work on.

If you made it this far you can be proud of yourself since there's plenty of protocols you have seen by now. The grande finale is the ICND2 Assessment Lab which will mix OSPF, EIGRP and RIP and some other things into a single lab.

For now these are all the CCNA labs I have for you on CCNA level. I'm still missing some security labs where you can play around with access-lists, i'd suggest to lab something yourself for the moment.

Last but not least...what about the switches? You'll need to understand protocols like VTP and Spanning-Tree to beat your CCNA. VTP can be done on GNS3 routers but spanning-tree is a bit shady...commands are different and not as extensive as using a real Cisco switch. My recommendation would be to buy 2x Cisco Catalyst 2950 switches on Ebay. They go for around 50 US dollars / Euros which is cheap. You'll be able to practice all the CCNA commands you'll need working on the "real thing". If you plan to study for CCNP after your CCNA make sure you buy 3550 switches (those are layer 3) instead of the 2950 (which is only layer 2).

So what do you think? I'd love to hear your opinion! If there's any lab you'd like to see please let me know by leaving a comment below.

Rene

GNS3Vault

Hello all!

I'm kinda busy studying CCIE R&S (doing full labs all day long...) but this is something I wanted to share ;)

Rene

Last week I've been messing around with my CCIE Home lab and since a picture says more than a thousand words let me show you this:

After my frame-relay router died I decided to do something about it so i replaced all my routers with GNS3 and connected them to my real switches (3550's and 3560) by using a breakout switch.

This works perfectly! I'm not using any physical router anymore Next week i'll show you what it looks like now and what you need to do to connect your GNS3 routers to your switches.

To be continued...

Hi Folks,

I've been busy studying/upgrading my QoS knowledge to get to the CCIE R&S level. I've been playing around finding a way to generate traffic through my routers to create bottlenecks and to have packets to classify / mark and such.

There are a couple of options you have if you want to play with GNS3 / Dynamips:

• Connect your routers to your physical interface (eg internet) and have another one connect to a virtual machine. Download some stuff from your virtual machine through your GNS3 network and you have plenty of traffic to play with.
   
• Use a traffic generator which you connect to your GNS3 routers.
   
• Use Cisco IP Sla to generate traffic.

I didn't like option 1 and 2 much since it's too much work and I prefer having a "router-only" solution. That's why I've been playing with IP SLA. The result is the following configuration that i created which will generate ICMP, DNS, HTTP, HTTPS, Telnet, SSH and RTP (G711 and G729) traffic on a router.

! ICMP Echo
ip sla monitor 1
type echo protocol ipIcmpEcho 192.168.23.3
timeout 0
frequency 9
ip sla monitor schedule 1 start-time now life forever

! DNS Request
ip sla monitor 2
type dns target-addr www.gns3vault.com name-server 192.168.23.3
timeout 0
frequency 9
ip sla monitor schedule 2 start-time now life forever

! G711 conversation
ip sla monitor 3
type jitter dest-ipaddr 192.168.23.3 dest-port 16384 codec g711ulaw codec-numpackets 50 codec-size 160 codec-interval 20
timeout 0
frequency 1
ip sla monitor schedule 3 start-time now life forever

! G729 conversation
ip sla monitor 4
type jitter dest-ipaddr 192.168.23.2 dest-port 16385 codec g729a codec-numpackets 50 codec-size 20 codec-interval 20
timeout 0
frequency 1
ip sla monitor schedule 4 start-time now life forever

! HTTP GET Traffic
ip sla monitor 5
type http operation get url http://192.168.23.3
frequency 60
ip sla monitor schedule 5 start-time now life forever

! TCPConnect to Telnet
ip sla monitor 6
type tcpConnect dest-ipaddr 192.168.23.3 dest-port 23 control disable
timeout 1000
frequency 2
ip sla monitor schedule 6 life forever start-time now

! TCPConnect to HTTPS
ip sla monitor 7
type tcpConnect dest-ipaddr 192.168.23.3 dest-port 443 control disable
timeout 1000
frequency 3
ip sla monitor schedule 7 life forever start-time now

! TCPConnect to FTP
ip sla monitor 8
type tcpConnect dest-ipaddr 192.168.23.3 dest-port 21 control disable
timeout 1000
frequency 1
ip sla monitor schedule 8 life forever start-time now

! TCPConnect to SSH
ip sla monitor 9
type tcpConnect dest-ipaddr 192.168.23.3 dest-port 22 control disable
timeout 1000
frequency 2
ip sla monitor schedule 9 life forever start-time now

IP SLA will also allow you to monitor jitter/delay for voice traffic, if you want you need to enable "ip sla responder" on your destination router.

If you enable NBAR on a router in your network you can see traffic is actually flowing through the interface:

Router#show ip nbar protocol-discovery

FastEthernet0/0
Input                    Output                 
-----                    ------                 
Protocol                 Packet Count             Packet Count           
Byte Count               Byte Count             
5min Bit Rate (bps)      5min Bit Rate (bps)    
5min Max Bit Rate (bps)  5min Max Bit Rate (bps)
------------------------ ------------------------ ------------------------
telnet                   70                       28                     
4200                     1974                   
1000                     0                      
1000                     0                      
ssh                      64                       24                     
3840                     1440                   
1000                     0                      
1000                     0                      
secure-http              40                       15                     
2400                     900                    
1000                     0                      
1000                     0                      
icmp                     14                       18                     
1452                     1716                   
0                        0                      
0                        0                      
ftp                      30                       15                     
1800                     900

This configuration is what i'll be using on my upcoming QOS labs, hopefully you find it usefull!

If you like this config, please let me know by leaving a comment.

Hello all!

Just a short message from me...I just returned from Australia and am already in Belgium, one more day of teaching and then I can have a week off in The Netherlands.

Yesterday I upgraded the site which will hopefully speed things up for some of you non-europeans. I use Amazon S3 Cloudfront so that the site is loaded from US and Asian servers as well (instead of just my Amsterdam server).

The other clouds that are back in my life are the ones in the sky....dark and grey instead of none (or a few with a nice blue background)...

Oh and before I forget, i created 2 redistribution labs...one "troubleshooting" lab which you will find in the troubleshooting section and one you'll find in the "Redistribution" category that i just added.

Have fun!

Rene