Cisco

as you work through various configurations (and - inevitably - troubleshooting), you may end up in situation where because of limited visibility (“hey, it’s customer device!”) you can’t really see what’s wrong on the other side. here’s one example - of (allegedly) “Multi-Protocol BGP being enabled” mp-bgp? ain’t no mp-bgp! my friend asked me for help - his Customer can’t make BGP session work and complains about “additional capabilities” we’re sending his way. before looking at friends config, I’m looking at the logs he got from complaining customer: ...

those of you working on a daily basis with configuration and reconfiguration of network devices are likely to hit various caveats and surprises. sometimes, we hit problems that take hours to troubleshoot. route? what route? we’re adding new router. it has address of 172.16.0.11 that’s defined on Loopback0. this interface and all other physical interfaces of new router are included in area 0 of OSPF. neighbors see it that way as well: ...

if you read my previous pieces about my home network, you know well my core switch is Nexus 93180YC-EX. you know… home, core switch. anycasted services at any point in time I have a number of DNS (and DHCP) servers available, all reachable via either 192.168.168.168 or 2001:470:xx:a6::168. no matter what is going on, at least one should be able to respond. currently, in the “cluster” I have two VMs and two physical Raspberry Pi 4B+. all of them run on FreeBSD 14.0-STABLE, with nsd, unbound and bird packages, last one to do the advertisement of IPv4 and IPv6 addresses. ...

quick note for those spending weekends on labbing - if you want to log info (from Syslog for example), and the management interface is in separate VRF (very good idea), you need to configure VRF in two, or even three (if you count VRF definition itself) different places. if you forget one, it won’t work. so, first of all, create management VRF definition: ! vrf definition MGMNT rd 444:444 ! optional, but just to keep the numbering across VRFs ! address-family ipv4 exit-address-family ! address-family ipv6 exit-address-family ! ..then properly assign management interface to VRF: ...

nice addition to recent IOS-XE images is the info in BGP view when the peak number of prefixes was received: rtr-edge#sh bgp ipv4 unicast summary [...] 6807 received paths for inbound soft reconfiguration BGP activity 1126906/107856 prefixes, 1337822/171863 paths, scan interval 60 secs 878960 networks peaked at 15:02:09 Jan 29 2022 CET (22:53:01.065 ago) [...] rtr-edge#sh bgp ipv6 unicast summary [...] BGP using 102467162 total bytes of memory BGP activity 1126898/107856 prefixes, 1337806/171843 paths, scan interval 60 secs 140720 networks peaked at 05:46:19 Jan 29 2022 CET (1d08h ago) [...] while logged in over CLI you may glance at this info without needing to check your monitoring systems (you have them, right?). ...

one of the very old tricks, that’s even documented is how to simulate ctrl-break on newer PCs to break into ROMMON during router/switch boot. instead of fighting with SecureCRT on MacOS, I just used it recently. basically, you: disconnect terminal from the device turn device off set terminal to 1200 (yes, you read this right), 8N1 and no flow control turn device on press SPACE for 10-15 seconds (basically, until your terminal drops out some unreadable characters) reconfig terminal to 9600 8N1 and you should be in ROMMON yes, I’m old. ...

if you’re not accustomed to reading release notes for your favorite platform (Nexus NX-OS in this case), probably you already overlooked that starting with 10.1(2) there’s 2-stage commit system, known from IOS XR. what does that mean, really? that doing changes over CLI, directly in the parser, you can edit/add/remove whole blocks of configuration before committing them to running/actual configuration. so in case when you edit interface IP addressing (always touchy moment, specially for devices you’re 300km away for example) the session could look like this: ...

my journey with expert-level Cisco certification began already quite far long time ago - 15 years. and with Cisco certification overall - even couple years earlier than that. I was finally able to get hands-on practice with Cisco Continuing Education program. apart from the fact, that trying to pass exams right now remotely during pandemic has abstract requirements I do generally believe it makes sense. one way or another - I’m recertified until April 2024. of course, as life goes on, I’ll be suprised to read this entry years from now thinking “how the hell did it go that fast?” ;) ...

after I decided to save you and myself from spying eyes of Google Analytics, I don’t really look at my blog web statistics. just glancing over logs shows you’re reading - and that’s about all if you ask me. I noticed however, that for some mysterious reason (the doc is almost two decades old!), my very old article about connecting the switches together still gets downloaded like 30-50 times a month (I’m counting only non-bot downloads), and sometimes even more often. ...

if you happen to have more than one internet connection and they have different usable bandwidths - which is no longer a rarity today - it becomes interesting element in network design. how would you use these links optimally? i have to admit, that i was provoked to sit down and write down this series of post by Marcin Ślęczek post on ccie.pl forum. Marcin is CEO of networkers.pl but by heart, he’s network engineer and sometimes fights with interesting problems. although I already had in my head something like solution to the problem I was struggling with in my home network, the inability to solve Marcin’s problem immediately provoked me to describe the problem and potential solutions from the inside out. ...