Tuesday, 29 January 2013

Pointless CCNP Topology Part 1

Here I offer my contribution to the seemingly endless supply of pointless GNS3 topologies abounding the internet.  Not content however with merely attaining completely pointless status by default of not trying - or being too stupid - I have pushed the boat out and purposely designed the most pointless topology I could imagine.  This chaps is how I study for my CCNP exams - embroiled in futile mastery of pointless subject matter.  Behold:  Linearnet!


It took a while, and to be honest the burden of pointlessness was wearing me down, so it was a pleasing sight to finally see the traceroute working correctly.  You will note its VPN hop skipping the 13.13.13.0/24 network and the IPv6 tunnel hides 15.15.15.0/24. Here is the traceroute, and I warn you, if you get bored easily stop reading here.

OFFICE#ping 1.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 100/124/164 ms

OFFICE#traceroute 1.1.1.1

Type escape sequence to abort.

Tracing the route to 1.1.1.1

  1 14.14.14.14 16 msec 32 msec 12 msec

  2 192.168.1.2 12 msec 80 msec 28 msec

  3 11.11.11.11 72 msec 24 msec 40 msec

  4 10.10.10.10 72 msec 60 msec 36 msec

  5 9.9.9.9 104 msec 92 msec 56 msec

  6 8.8.8.8 52 msec 80 msec 92 msec

  7 7.7.7.7 68 msec 48 msec 104 msec

  8 6.6.6.6 72 msec 84 msec 60 msec

  9 5.5.5.5 96 msec 92 msec 56 msec

 10 4.4.4.4 88 msec 100 msec 112 msec

 11 3.3.3.3 112 msec 92 msec 140 msec

 12 2.2.2.2 112 msec 96 msec 148 msec

 13 1.1.1.1 100 msec *  112 msec

That this even works at all is something of a wonder to me, what with it being emulated on a dual-core, cloud-hosted linux server.  If you read my previous posts you will see I have the potential to leverage 20Ghz and 8Gb RAM, however all this nonsense is powered by a mere 2.5Ghz dual-core and 2GB RAM.  Wowser!

However, read on.  Read on and you may be alarmed to discover an increasing degree of potentially interesting facts about varied networking matters - mostly redistribution - which actually could be of some use to someone.  For example, did you know iBGP won't redistribute another IGP by default?  Did you know ISIS doesn't like to inject connected routes into itself for redistribution?  I didn't.  So, without further ado, here is the story of Linearnet...

HOME - R2


Nothing really to note here, certainly nothing of interest.  To start the ball-rolling I gave the home router a static route.  I suppose in order to not be so pointless and fulfill some of the CCNP curriculum I could've used a  dynamic routing protocol and fed this router a default route.  Or maybe you should just see the OSPF configuration NSSA Area1 for that...

R2
interface FastEthernet0/0
ip address 1.1.1.1 255.255.255
!
ip route 0.0.0.0 0.0.0.0 1.1.1.2

R2 - R3 OSPF Area 1 NSSA

This leg was designed to be a NSSA of an OSPF domain.  It would be injecting its connected interface to HOME into OSPF NSSA Area 1 whilst receiving OSPF inter-area routes and a default route injected from R3 using the default-information-originate command. It made for a wee bit of a strange routing table.

R2
interface FastEthernet0/1
 ip address 2.2.2.2 255.255.255.0
 ip ospf 1 area 1
!
router ospf 1
redistribute connected subnets
area 1 nssa
R3
interface FastEthernet0/0
 ip address 2.2.2.3 255.255.255.0
 ip ospf 1 area 1
!
interface FastEthernet0/1
 ip address 3.3.3.3 255.255.255.0
 ip ospf 1 area 0
!
router ospf 1
area 1 nssa default-information-originate

R3 - R4 OSPF Backbone


This is the OSPF backbone.  Nothing at all of interest here.  Move on, move on.  Instead of seeing the interface configuration, perhaps you would like to see the NSSA E2 route?  I thought so:

R3
R3#show ip route 1.1.1.1
Routing entry for 1.1.1.0/24
  Known via "ospf 1", distance 110, metric 20, type NSSA extern 2, forward metric 10
  Last update from 2.2.2.2 on FastEthernet0/0, 00:10:20 ago
  Routing Descriptor Blocks:
  * 2.2.2.2, from 2.2.2.2, 00:10:20 ago, via FastEthernet0/0
      Route metric is 20, traffic share count is 1

R4 -R5 OSPF Area 2 Virtual Link


The plan here was a plain-old OSPF area. It would however act as transit for area 3 via the virtual-link commands, therefore could not be stubby, neither totally or not so. You can imagine the interface config by now, I'm sure, here are the simple virtual-links R4
router ospf 1
 router-id 4.4.4.4
 area 2 virtual-link 5.5.5.5
R5
router ospf 1
 router-id 5.5.5.5
 area 2 virtual-link 4.4.4.4
And proof if it were needed: R5
R5#show ip ospf virtual-links 
Virtual Link OSPF_VL0 to router 4.4.4.4 is up
  Run as demand circuit
  DoNotAge LSA allowed.
  Transit area 2, via interface FastEthernet0/0, Cost of using 10
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:01
    Adjacency State FULL (Hello suppressed)
    Index 1/2, retransmission queue length 0, number of retransmission 0
    First 0x0(0)/0x0(0) Next 0x0(0)/0x0(0)
    Last retransmission scan length is 0, maximum is 0
    Last retransmission scan time is 0 msec, maximum is 0 msec

R5 - R6 OSPF Area 3


A simple OSPF area connected to the backbone via virtual-links.  Lets check the neighbor on R5, see that the virtual interface has been made happy with the backbone:

R5
R5#show ip ospf neighbor 

Neighbor ID     Pri   State           Dead Time   Address         Interface
4.4.4.4           0   FULL/  -           -        4.4.4.4         OSPF_VL0


R6 - R7 RIP/OSPF Redistribution


Primarily for a laugh I decided to put a RIP hop in, but also to make the project more epic and silly. Redistribution is simple.

R6
router rip
 version 2
 redistribute ospf 1 metric 1
 network 6.0.0.0

R7 - R8 EIGRP Redistribution


Yawn, more redistribution. It is a theme of this labathon. You know how to redistribute into RIP, here is from RIP into EIGRP, blindingly simple just remember to invent a metric: R7
router eigrp 1
 redistribute rip metric 100 100 255 50 1500
 network 7.7.7.7 0.0.0.0
 auto-summary

R8 - R9 ISIS


You are still with me right? Guess what - redistribution. This time into ISIS. ISIS is slightly more interesting, it throws up a tiny problem to solve in that ISIS when being redistributed into say EIGRP or OSPF doesn't offer up it's connected route from that router ISIS is enabled on. If that makes sense, sounds a bit dumb. Perhaps if you see the redistribution command on EIGRP it will make sense... R8
router eigrp 1
 redistribute connected
 redistribute isis level-2 metric 1 1 1 1 1
 network 7.7.7.8 0.0.0.0
 no auto-summary
!
router isis 
 net 49.0001.0000.0000.000a.00
 is-type level-2-only
 redistribute eigrp 1 metric 10

R9 - R10 Port Channel


Things are starting to hot up now - relatively speaking and whilst still being totally and utterly without point. Bored with daisy chaining routing protocols together I decided to throw in a tiny bit of lan stuff and use the GNS3 emulation of NM-16ESW switch module. Binding 3 Fa interfaces together under one port-channel was the order of the day, using ISIS to share routing on VLAN interfaces. Lets see the config on R9, you can then guess R10 I would think:

R9
interface Port-channel1
 switchport mode trunk
!
interface FastEthernet0/0
 ip address 8.8.8.9 255.255.255.0
 ip router isis 
 duplex auto
 speed auto
!
interface FastEthernet1/0
 switchport mode trunk
 channel-group 1 mode on
!
interface FastEthernet1/1
 switchport mode trunk
 channel-group 1 mode on
!
interface FastEthernet1/2
 switchport mode trunk
 channel-group 1 mode on
!
interface Vlan2
 ip address 9.9.9.9 255.255.255.0
 ip router isis 
!
router isis 
 net 49.0002.0000.0000.000b.00
 is-type level-2-only

R10 - R11 BGP


Actually cooking with gas now. I suppose there is a fair amount going on at this hop. We have the port-channel interfaces, we have the vlan interfaces, we have ISIS and we have BGP, with mutual redistribution between the two. You've see the port-channel config. The BGP config is actually quite - dare I say it - interesting. Useful even. iBGP has a couple of wee caveats to make it work nicely, especially in this topology. It is worth taking a deep-breath and breaking this post into two. See you in part 2 for BGP, policy-routing, IPSec tunnels, IPv4 over IPv6 (in defiance of the norm - one day all you retrograde IPv4 die-hards will be doing it) and the final end to this misery. Thank you for reading (if you got this far).

No comments:

Post a Comment

Found this pointless and feel you must comment? Really, there is no need, we are fully aware of the pointlessness of this article. But if you must...

Google+ Followers