From the blog.

Managing Digital Racket
The more I tune out, the less I miss it. But that has presented me with some complex choices for a nuanced approach to curb
Complexity – My Friend, My Enemy
Over my years of network engineering, I've learned that the fewer features you can implement while still achieving a business goal, the better. Why? Fewer

NMC DOiT Vol.2 Scenario 20 – ip ospf lls disable + max-lsa + redistribute maximum-prefix + Native IPv6 Tunneling + variance + set community no-advertise + ip mobile + Use Sane Bandwidth Statements

932 Words. Plan about 6 minute(s) to read this.

I am beat right now – dog tired. There’s a week’s worth of mail sitting next to me. And I’m not even talking about e-mail. I have far more of that. I haven’t looked at my checking accounts in at least 2 weeks. Presumably there’s money in them. We’ve gotten over 2 feet of snow in about a week, giving my shovel, back, and snowblower a workout. We had so much snow last night, I got my car stuck in my own driveway. I’ve been sick, lost my voice, sleeping lousy, attending holiday events, and all the rest of it that makes December an endurance event.

I made it through about 80% of this lab today. The IGP components were a bear, and the redistribution was also painful. Add to that last minute Christmas shopping I had to get done today and being sick about a week now, and the other 20% of the lab will have to wait for another time. I read through the 20% I didn’t do in the answer key, but I really need to sit and do it at some point. It’s just the IPv6 and multicast. Anyway, I have scenario 21 on the calendar for tomorrow, so I want to get at least a few thoughts down from NetMasterClass.com DOiT Vol. 2 scenario 20. I don’t think I’ll have the cycles to dive as deep as I might have liked, but there’s some good stuff here.

  • Reading the entire lab through ahead of time was compulsory in this scenario. OSPF required a tunnel for one of the areas. The endpoints of the tunnel were not known to the 2 routers, however. So, to get the tunnel established, you had to configure RIP, and then redistribute the RIP routes into OSPF, so that the OSPF routers would therefore know how to find each other’s tunnel endpoints to bring the tunnel up.
  • Use interface command “ip ospf lls disable” to turn off OSPF link-local signalling.
  • Use OSPF paragraph command “max-lsa” to tweak the maximum number of LSA the OSPF router will allow in. You can configure to only warn if you want.
  • Say you have a requirement to filter a specific route, but you aren’t allowed to filter based by matching against an access or prefix list. The key is to think about what other things you could match on. Matching based on a tag you set previously is a often a good fit.
  • Control the number of prefixes redistributed into OSPF with the “redistribute maximum-prefix” command.
  • If you have to tunnel IPv4 packets, but the tunnel packets aren’t allowed to have GRE or IPv4 headers, you can tunnel the IPv4 inside of IPv6. IPv6 native tunneling is supported as of 12.3(7)T using “tunnel mode ipv6“.
  • The EIGRP “variance” command will allow you to share traffic across links with unequal metrics. The load-balancing will be weighted in accordance with the metric. In this example, we use variance to tell EIGRP that routes with metrics as much as 3 times larger than the successor route are allowed to be in the routing table. Note that traffic headed for 10.1.1.0/24 will route via Vlan11 3 times, and Vlan111 1 time, resulting in a 75%/25% traffic split.

    CAT2#show run | b router eigrp
    router eigrp 10
    variance 3
    network 112.10.3.0 0.0.0.255
    network 112.10.4.0 0.0.0.255
    network 112.10.112.0 0.0.0.255
    no auto-summary
    !
    interface Vlan11
    bandwidth 750
    ip address 112.10.3.10 255.255.255.0
    end
    !
    interface Vlan111
    bandwidth 250
    ip address 112.10.4.10 255.255.255.0
    end

    CAT2#sho ip route 10.1.1.0
    Routing entry for 10.1.1.0/24
    Known via “eigrp 10”, distance 170, metric 3416064, type external
    Redistributing via eigrp 10
    Last update from 112.10.3.1 on Vlan11, 01:33:38 ago
    Routing Descriptor Blocks:
    * 112.10.4.6, from 112.10.4.6, 01:33:38 ago, via Vlan111
    Route metric is 10242816, traffic share count is 1
    Total delay is 110 microseconds, minimum bandwidth is 250 Kbit
    Reliability 255/255, minimum MTU 1500 bytes
    Loading 1/255, Hops 1
    112.10.3.1, from 112.10.3.1, 01:33:38 ago, via Vlan11
    Route metric is 3416064, traffic share count is 3
    Total delay is 110 microseconds, minimum bandwidth is 750 Kbit
    Reliability 255/255, minimum MTU 1500 bytes
    Loading 1/255, Hops 1

  • In BGP, doing a “set community no-advertise” instructs the BGP peer not to advertise that prefix to any other BGP peers. Don’t forget to “send community” to that neighbor.
  • Using “spanning-tree portfast” on a Catalyst switch interface can help when end stations are not able to get a DHCP lease after first booting up. The issue is that the port isn’t in forwarding state before the station gives up trying to get a lease. Portfast puts the port into forwarding state almost immediately, with the risk that a topology loop may form if someone were to do something silly. You can mitigate the risk that portfast introduces by enabling “bpduguard“, which disables a portfast port if any BPDUs are detected.
  • “ip mobile” is a strangle little tool. It allows an end node to use a router as a gateway, when that router is not on a common network as the end node. The idea is to allow a node with a fixed IP to float to various VLANs and have network service.

    access-list 90 permit 112.10.105.100
    !
    interface FastEthernet0/0
    ip address 10.2.2.1 255.255.255.0
    ip mobile arp access-group 90
    !
    router mobile
    distance 80
    !
    R4#show ip route mobile
    112.0.0.0/8 is variably subnetted, 19 subnets, 4 masks
    M 112.10.105.100/32 [80/1] via 112.10.105.100, 01:57:36, FastEthernet0/0
    R4#

  • One other strange little thing I ran into today.  You know how when you build a tunnel interface, you have to be careful about recursive routing?  Today, I threw a “bandwidth 1” on the tunnel interfaces to avoid recursive routing through the tunnel.  Worked fine, no problem.  However, I couldn’t get an OSPF virtual link up via that tunnel.  Why?  The OSPF cost was too high to bring the virtual-link up, as revealed by a “show ip ospf virtual-link”.  When I changed the bandwidth to something sane like “bandwidth 100”, the virtual-link came right up.  I burned a LOT of time trying to figure that one out, though.