Jump to content
certDude865c

[CCIE-RS] Actual Facts on 3rd CFG

Recommended Posts

Ok I see... I think I get it now .... It's based on the fact that both vlan networks are advertised in BGP in the preconfiguration and since OSPF AD < BGP AD , they are seen as OSPF routes instead of BGP routes and to correct that you increase OSPF intra area routes on the fly.... It's not very clean but it works....

 

I still have 2 problems with that solution....

 

1- you increased the AD of all intra area routes (all the /32 are now AD = 201)

2- like I said in another thread, since this question is about prefix suppression , I'ld rather use that same feature (under interface mode) to solve the question. It makes more sense to me.... but that's just my humble opinion...

Share this post


Link to post
Share on other sites

Ok I see... I think I get it now .... It's based on the fact that both vlan networks are advertised in BGP in the preconfiguration and since OSPF AD < BGP AD , they are seen as OSPF routes instead of BGP routes and to correct that you increase OSPF intra area routes on the fly.... It's not very clean but it works....

 

I still have 2 problems with that solution....

 

1- you increased the AD of all intra area routes (all the /32 are now AD = 201)

2- like I said in another thread, since this question is about prefix suppression , I'ld rather use that same feature (under interface mode) to solve the question. It makes more sense to me.... but that's just my humble opinion...

 

There are assumptions made for either solution.

 

This is HUGE problem with the tasks on this particular topology.

 

I think we should be ready by knowing all the possibilities so that we can formulate intelligent questions when the time comes.

 

They aren't going to tell you what to do but they might see you understand the technology and validate/invalidate the assumption which could point you to the correct solution.

 

Also we need to question our existing solution for all of the sections because so far no one has mentioned passing this topology and I doubt (at least for me) going back and doing the same thing will get a pass.

Share this post


Link to post
Share on other sites

So guys you confirm that these 2 vlans are advertised in ospf (+passive) and bgp ? is there an output to match maybe on this part ?

 

How about guys that just do prefix-suppression and match the output but not getting the points on the lab? because i think we clearly need what people do in order to find what is the solution that bring the points! if some people can share exactly what they do and if they get the points ?

Share this post


Link to post
Share on other sites

So guys you confirm that these 2 vlans are advertised in ospf (+passive) and bgp ? is there an output to match maybe on this part ?

 

How about guys that just do prefix-suppression and match the output but not getting the points on the lab? because i think we clearly need what people do in order to find what is the solution that bring the points! if some people can share exactly what they do and if they get the points ?

 

No output to match

Share this post


Link to post
Share on other sites

Careful for the variations as well guys. Failed last week.

 

I had posted here:

Hidden Content

    Give reaction to this post to see the hidden content.

 

 

Edit reason

Additional variations:

On VPN: they want to me to add connected vrf prefix on MPLS via redistribution.

(Question did not ask for it, only screenshot). Examine the screenshot careffully. I match all the screenshot and still get 0% on Section 3.

 

R5#sh ip bgp vpnv4 vrf HollyMaya

BGP table version is 185, local router ID is 100.5.5.5

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,

x best-external, a additional-path, c RIB-compressed,

Origin codes: i - IGP, e - EGP, ? - incomplete

RPKI validation codes: V valid, I invalid, N Not found

 

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 65005:5 (default for vrf HollyMaya)

*>i 0.0.0.0 100.3.3.3 0 100 0 65001 19999 i

* i 100.4.4.4 0 100 0 65002 29999 i

*>i 10.1.0.0/16 100.3.3.3 0 100 0 65001 i

*>i 10.2.0.0/16 100.4.4.4 0 100 0 65002 i

*>i 10.3.0.0/16 100.3.3.3 0 100 0 65001 65003 i

*>i 10.4.0.0/16 100.6.6.6 0 100 0 65004 65004 i

*> 10.5.0.0/16 100.50.0.2 0 0 65005 i

*>i 10.6.0.0/16 100.3.3.3 0 100 0 65001 65100 65006 i

*>i 10.7.0.0/16 100.4.4.4 0 100 0 65002 ?

*>i 10.100.100.100/32

100.6.6.6 0 100 0 65004 65004 ?

*>i 100.10.0.0/30 100.3.3.3 0 100 0 ?

Network Next Hop Metric LocPrf Weight Path

*>i 100.20.0.0/30 100.4.4.4 0 100 0 ?

*>i 100.40.0.0/30 100.6.6.6 0 100 0 ?

*> 100.50.0.0/30 0.0.0.0 0 32768 ?

*>i 100.100.100.100/32

100.6.6.6 0 100 0 65004 65004 ?

*>i 172.16.100.0/24 100.6.6.6 0 100 0 65004 65004 ?

*>i 172.16.200.0/24 100.6.6.6 0 100 0 65004 65004 ?

Edited by gnuga

Share this post


Link to post
Share on other sites

Guys i dont know i have mentioned this earlier or not

 

in BGP MPLS VPNV3 - they are showing R3,R4,R5 and R6's output where they want 10.4/16 and 100.100.100.100/32 should have 65004 65004 in thier as-path. that means you need to as-path prepend when they are leaving R40.

 

so you need bgp bestpath as-path multipath-relax if they are asking you to do load balanced between DC1 and Large office

 

 

Section 2.4: BGP in DC#1: Part 1

- Each peer must install 2 paths to every destination

 

So "every destination" here refers to HQ only?

because if they ask to load balance between DC1 and Large Office, then bgp bestpath as-path multipath-relax will be needed.

Share this post


Link to post
Share on other sites

Section 2.4: BGP in DC#1: Part 1

- Each peer must install 2 paths to every destination

 

So "every destination" here refers to HQ only?

because if they ask to load balance between DC1 and Large Office, then bgp bestpath as-path multipath-relax will be needed.

The actual wording of the question is a little bit different, they don't ask you to install all the paths to RIB, just to BGP table. They ask for traceroute to HSRP adress of HQ switches, that has to be loadbalanced. Since the AS pah and IGP metrics are the same on the way to HQ, no need for multipath-relax or igp-metric ignore.

Share this post


Link to post
Share on other sites

Some people just want to put that multipath relax command by any means ahahahahah

Share this post


Link to post
Share on other sites

Do we have to configure bgp router id if they didn`t ask for it in the questions?

 

No, by default bgp will search for the router-id command and if it's not configured it will check the highest ip @ on loopbacks

Share this post


Link to post
Share on other sites

I'm thinking that the solution for the 4.1 might be the following actually

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

maybe it should be combined with raguard as well

so eventually we could see something like that

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

Why are we using nd inspection here?

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

The IPv6 RA Guard feature providessupport for allowing the network administrator to block or reject unwanted or rogue RA guard messages that arrive at the network device platform. RAs are used by devices to announce themselves on the link. The IPv6 RA Guard feature analyzes these RAs and filters out RAs that are sent by unauthorized devices

Share this post


Link to post
Share on other sites

Hello.

EVE-NG is taking too much memory while turning on all the devices in H3. any suggestion. 8 GB ram full to 92%

Adding more RAM ;-) That's a lower cost than 15 years ago when CCIEs were buying a full rack to practice :-)

 

 

Why are we using nd inspection here?

You are right but I guess otoebase is trying to find an alternative since someone said in his feedback that he didn't got the points by using Raguard.

Since this feature is not working on virtual devices, nobody can confirm what Cisco is grading here... (I guess it is an output but which one ? Nobody knows...)

Share this post


Link to post
Share on other sites

Ra guard works fine with the right IOS image.... I have tested and validated it with rogue router a while ago....

 

i86bi-linux-l2-adventerprisek9-15.6.0.9s.bin

 

Dont use that IOS for anything else....

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...