Cisco Tips & Tricks

May 31, 2006

Resetting BGP session

Filed under: bgp, IP Routing, Router — ciscotips @ 8:59 pm

There are times when route propagated in BGP doesn't exist. As we know that even in link down situation, BGP takes its own sweet time to converge. In this kind of scenario we need to clear advertised routes and in some cases we use the following command

clear ip bgp *

You can also verify the advertised routes with following command

sh ip bgp neighbors A.B.C.D advertised-routes

Even in cases when you change the inbound/outbound policy , you need to reset your BGP session.But using clear ip bgp * can impact all other links as BGP will create routing table from scratch. This is as good as rebooting the router. To minimise impact we can use following command.

clear ip bgp A.B.C.D soft out –> When you make changes in outbound policy

and use

clear ip bgp A.B.C.D soft in –> When you make changes in inbound policy .

May 29, 2006

Using BGP communities to control Upstream Anouncements

Filed under: bgp, IP Routing, Router — ciscotips @ 12:31 am

There is a way to tag a route advertisements with additional information. you can tag route using bgp communities. A community defines a property of a prefix, in such a way that a router can be configured to treat all prefixes with a certain community in a certain way, for example, to give those a higher preference. This way, one does not have to build an access list to match all the prefixes explicitly. A prefix can be tagged with multiple communities, and a community can be attached to multiple prefixes.RFC1997 gives you more details on BGP communities.

Most important communities are NO_ADVERTISE and NO_EXPORT, indicating that a prefix should not be re-advertised beyond the router or the autonomous system receiving the prefix respectively. The latter is useful if you want to announce a more-specific prefix to one of your upstreams without polluting the global routing table.

One application of communities is described in RFC 1998. This RFC describes a scenario in which two ISPs provide each other with backup connectivity. Using communities, they can tag the prefixes for which they provide backup routing. The upstream provider can then apply a lower local preference to these routes so that in the normal case traffic is not routed via the backup path. Of course, this assumes some cooperation of the upstream provider, but the level of cooperation is less than would be required if the usptream provider would have to create explicit access lists for the prefixes or ASes involved.

WARNING: Setting the no-export, no-advertise, or no-export-subconfed communities can have the (possibly unwanted) side effect that no routes are announced, even if there are other routes that would otherwise be eligible for announcement.

For instance, if we have 2 ISP's ISP A and ISP B,if you set the no-advertise community on routes announced to ISP B, other customers of ISP Bwon't see these routes because they aren't advertised. This is as intended. But routes with the same NLRI that ISP B has learned from ISP A will not be advertised either, because ISP B considers the directly received routes with the no-advertise community best, and only the best route is eligible for further announcement over BGP.

Multihoming to a Single Service provider

Filed under: bgp, IP Routing, Router — ciscotips @ 12:12 am

Lot of organizations  has a problem of using BGP for load balancing. Well, the question here is whether you require BGP or not. Some organistations with multiple links to the single service provider doesn't use BGP because of unawareness of RFC2270.

Border Gateway Protocol (BGP) is mainly used by ISP's and enterprises for connecting their autonomous systems (AS) to multiple upstream providers, peers, and customers. An organization wishing to obtain better connectivity can do so by connecting to more than one upstream provider (multi-homing) and announcing its address space using BGP.When using more than one connection to the same upstream provider, BGP is a logical choice for the routing protocol, since it supports load balancing and redundancy, and provides a clear separation between responsibilities and administrative domains of the provider and the customer, unlike an IGP would. However, the AS allocation guidelines (described in RFC 1930) preclude the use of a dedicated AS number for an organization connected in that way, since there is no need to exchange routing information with more than one party, i.e., there is no separate routing policy.RFC 2270 proposes to use a single AS number for all customers multi-homed to the same (single) provider, preferably one of the private AS numbers, 64512 to 65535. In this way, there is no unnecessary use of AS numbers by organizations who do not strictly need them. The customer can use BGP to announce its address space, which will then be announced to the rest of the world by its provider. Despite the non-unique (and possibly private) AS number, one still has the advantages of BGP such as a fine grained control over routing announcements and preferences.The RFC also describes some of the implications of using this scheme, such as the need to announce a default route to the customer AS, effects of changes in connectivity, as well as points regarding aggregation and registering routes in a registryHere is a detailed config.

May 28, 2006

Finding Anouncing AS of an IP

Filed under: bgp, IP Routing, Router — ciscotips @ 11:50 pm

If you are a network engineer working for a backbone ISP team, you would always like to know which autonomous system (AS) announces a given IP address. One way to do this is by querying the whois server of a routing registry such as RADB or RIPE, and looking for the origin attribute of a route object. However, not all networks properly register their route objects, so the information might not be available or may be outdated.

Another method is by looking at the actual BGP route table for the origin AS of a prefix. You could do this on your own BGP speaking routers or on a public route server with the "show ip bgp" command (or equivalent), or by using one of the public looking glasses on the web. However, this method is cumbersome, especially if you want to quickly look up something or if you have a large number of addresses that you want to analyze with a script.

Yet there is another  service which was announced by the RIPE RIS project. Their whois server can be queried using "whois -h riswhois.ripe.net", and returns results in RPSL like format (as used by the RIPE whois database itself). The data is gathered from route collector boxes in various locations. For more information about this service, see this web page

May 23, 2006

Troubleshooting dial-peers

Filed under: Router — ciscotips @ 11:15 pm

When troubleshooting dial-peers in a voice over IP (VoIP) environment, you can use the call simulate command to simulate calling to a dial-peer’s destination pattern (csim start number). This command enables you to verify that your dial-peer is configured properly, that there are no hardware problems, and that you are reaching the destination you want (provided that a ringing device is connected to the called port). For example:
Router#csim start number <number> where <number> is the destination pattern of the dial-peer you are testing

Changing enable password for a Remote Router

Filed under: Router — ciscotips @ 11:11 pm

Telnet into the router and log in to enable mode, then Telnet out to another router to Telnet back into the same router again. Change the enable password, exit to global configuration mode, and try to log in to enable mode. If this fails, you can exit from the Telnet session twice until you get back to the same router where you are still in enable mode. This allows you to change the enable password again.

Router1#telnet router2
Router2>telnet router1
Router1>en
Router1#enable secret
Router1#exit
Router1> enable
Access denied
Router1>exit
Router2>exit
Router1#

Auditing Router Interfaces

Filed under: Router, Switching — ciscotips @ 11:01 pm

I received a following tip from  Robert in california, incorporating here:- 

Maintenance Finding Router Interface Information I sometimes need to audit a listing of all interfaces on a router or Multiswitch Feature Card (MSFC) for the IP address and description. While there are ways to get either  (for example, show ip int brief and sh int desc), I have been looking for a command that enables me to display both types of information at once. To find the exact information that I need quickly, I use the following command: 

show run | include interface | ip address | description

Connecting a new switch

Filed under: Switching — ciscotips @ 10:57 pm

 When connecting a new switch to your network you can accidentally change your current VLAN database if the new switch has a higher VLAN Trunking Protocol (VTP) revision number. To avoid this, you must clear the VTP revision number on the new switch. The easiest way is to change the VTP domain name to “something_else” and back to “your_VTP_domain” on the new switch. This sets the VTP revision number to 0 and you can connect the switch to the network without any problem.

May 22, 2006

Command Editing tricks

Filed under: Router, Technology and Software — ciscotips @ 7:57 pm

If the end of a line goes too long, it will not automatically wrap to the next one. Instead the Cisco IOS command shell gives you a dollar sign $. This indicates that you are an over-achiever and have typed too much,at least too much to be shown on the screen.
Your line would now look like this:

Router#$ this is a way too long line that is full of sound and fury

Note that the $ goes after the Router Prompt. If you keep typing is will shift over as you type,hiding more of the beginning of the sentence.
Router#$long line that is full of sound and fury, signifying nothing!

You can get back to the beginning of your Novel by typing CTRL-A

Router# For Demo Purposes Only this is a long line that is full of $

If you want to you can turn off these Advance Editing Tools, Use following commandby  Terminal No Editing 

This command will not let you edit your line. You can turn editing on by following command.
Terminal Editing.  

Another thing which i want to cover in this section is command history.

Now when, you just typed in a Real Long Command (RLC) and you realize that you made a mistake in one word and want a second chance to do it right again. Well, the Cisco IOS makes this Real Easy!

The Router keeps the last 10 commands you issued in its HISTORY, which is a special memory Buffer which holds the "Command History".(note here that a "Buffer" is a memory space for storing things…)

If you are using the VT-100 Emulator we talked about before, simply do the following.
Press the UP Arrow key to go back to the previous command.

Press the DOWN Arrow key to go back to the previous command.
If you are a poor unfortunate without VT-100 you can use these instead:

CTRL-P takes you to the "Previous" command.

CTRL-N takes you to the "Next" commands.
Putting the Command show history in at the prompt gives you the list of the last 10 commands you have typed in.

Router# show history

Command One
Command Two
Command Three
Command Four
Command Five
Command Sixx – (with a mistake!)
Command Six – (fixed now)
Command Eight – "There is No Command 7!"
Command Nine
Command Ten
You can increase the size of your HISTORY buffer by using the command:

Terminal History Size

Router# Terminal History Size 99

The above command would give you 99 commands to play with!

May 20, 2006

QoS-Rate-Limiting Tip

Filed under: Access-lists, QOS, Router, Switching, Technology and Software — ciscotips @ 7:17 am

QOS feature that performs rate-limiting and packet classification is called CAR-Committed Access Rate.

Here is a quick tip that limits an Internet based traffic
(primarily http and FTP) to 512K, with a nice, fat burst.

First create the access lists.

access-list 100 permit tcp any any eq www
access-list 100 permit tcp any any eq ftp

Then apply rate limiting rules to the appropriate interface:

interface Serial1/0
bandwidth 2048
ip address 172.16.100.2 255.255.255.252
rate-limit input access-group 100 512000 1024000 2048000 conform-action transmit exceed-action drop
rate-limit output access-group 100 512000 1024000 2048000 conform-action transmit exceed-action drop

It will limit only http and ftp trafic, for other corporate web applications running on different ports, it will still get full E1 bandwidth.

Warning:-If, in a rate-limit rule, you reference an access list that does not exist, the rule will match all traffic. Usually not good.

Older Posts »

Blog at WordPress.com.