From the blog.

Managing Digital Racket
The more I tune out, the less I miss it. But that has presented me with some complex choices for a nuanced approach to curb
Complexity – My Friend, My Enemy
Over my years of network engineering, I've learned that the fewer features you can implement while still achieving a business goal, the better. Why? Fewer

NMC DOiT Vol.2 Scenario 10 – IRB + OSPF Flood Reduction + BGP Maximum-Prefix + NTP Broadcast + VRRP

677 Words. Plan about 4 minute(s) to read this.

I did this scenario in one shot today, working on it about 8 hours, plus a break for lunch in the middle. My idea was to make it more like the actual lab. Doing the scenario in one day was a good exercise by itself. It takes a lot of mental energy to stay focused for that long.

This particular lab was a real pain in the backside for me. Reason being: IRB. I’m comfortable with the basics of integrated routing and bridging. Take an interface, throw it in a bridge-group, turn in IEEE STP and IP routing on the bridge-group, configure a BVI interface. Off and running. IRB is a lot like a layer 3 switch, where you throw a port into a VLAN, then make a VLAN SVI interface. But on a router, you can take any interface you want and throw it in a bridge-group. In this scenario, we had multipoint frame-relay and ethernet interfaces from multiple VLANs all thrown together into one nasty IRB stew. It was horrible. I had all kinds of connectivity problems, which made the rest of scenario miserable. I got through most of the problems, but in hindsight, I forgot one really important thing that would have helped me troubleshoot. In this particular IRB design, there were Cat3550 switches providing uplink service. Therefore the 3550’s were participating in the IRB spanning-tree(s). Had I remembered that, and then created a layer 2 diagram, I would have saved myself a lot of hair-pulling. I was SO frustrated. I was 2 hours into the scenario, still fumbling around with basic IP connectivity – absolutely maddening.

So, how did I “forget” that I had 3550 switches participating in the IRB spanning tree instances? Because I was staring at the layer 3 diagram provided with the scenario. The switches aren’t on that diagram, unless they are acting as routers. My brain was all wrapped up just with getting IRB working to begin with – then I got flustered when the connectivity problems came up and my brain quit working like it should have. If this had been the actual lab, I would have been dead, dead, dead. But that’s why we practice, right?

Other notable things from this scenario:

  • Configuring logical bandwidth on a router interface that participates in IRB will be used by spanning-tree as a cost calculation.
  • ip ospf flood-reduction” will “suppress the unnecessary flooding of link-state advertisements (LSAs) in stable topologies” according to cisco.com.
  • A wording trick on the labs: if you’re given a list of things you CAN’T do meet a particular requirement, that probably means there’s something left that you CAN do. So think through all the options and grab whatever they didn’t take off the table.
  • Another wording trick that I guess is obvious, but has thrown me a couple of times: when the lab says “make the console operator aware” of something-or-other, you’re being asked to configure a command that will log a message to the console port under a certain condition. I was thinking of “console operator” as some guy on the Starship Enterprise or something, making it way harder than I needed to.
  • neighbor 172.16.50.10 maximum-prefix 3 warning-only” would log a message to the console if 3 or more BGP prefixes are received from neighbor 172.16.50.10. Take a look:

    R5(config)#router bgp 1
    R5(config-router)#neighbor 172.16.50.10 maximum-prefix 3 warning-only
    R5(config-router)#exi
    R5(config)#exi
    R5#
    *May 20 02:33:30.069: %BGP-5-ADJCHANGE: neighbor 172.16.50.10 Down Maximum-Prefix restart timeout
    *May 20 02:33:56.869: %BGP-5-ADJCHANGE: neighbor 172.16.50.10 Up
    *May 20 02:33:56.869: %BGP-4-MAXPFX: No. of prefix received from 172.16.50.10 (afi 0) reaches 3, max 3
    *May 20 02:33:56.873: %BGP-3-MAXPFXEXCEED: No. of prefix received from 172.16.50.10 (afi 0): 4 exceed limit 3
    R5#

  • If you’re asked to configure NTP, but you aren’t allowed to use “peer” or “server” directives, remember that on an interface (instead of global config), you can configure “ntp broadcast” and “ntp broadcast client” to get 2 routers talking NTP.
  • The first-hop redundancy protocol that is standards-based is VRRP. It’s very similar to HSRP – the biggest difference I noticed is the keyword “vrrp” instead of “standby”, and the fact that preemption is enabled by default. (On HSRP, preemption is disabled by default.)