On: CCIE, BGP, QoS

In the previous post I showed how bgp table-map can be used for the selective route download. Here we will take a look at another use of this command, that is, associating IP Precedence values with selected BGP prefixes. By applying QoS policy to inbound prefixes we can easily mark traffic coming from a given AS, or going to a particular client. We can set IP Precedence value using route-map, and prefix list, ACLs, or communities to classify match prefixes of interest. Topology for the examples to follow is shown below. We have an ISP router in the middle and...

Continue reading »

On: BGP, CCIE, Cisco

BGP table-map is a feature that allows us to filter, or set properties of, the BGP routes marked for installation into the RIB. One scenario where we could use table-map is a dedicated IPv4 RR that doesn't need to have all of the routes it receives in the RIB, but it still needs to propagate them to its clients. We will test BGP Selective route download using the below simple topology. RRC1 advertises 4 prefixes to RR. These prefixes are 110.0.[0-3].0/24 . RRC2 also advertises 4 prefixes to RR. These prefixes are 120.0.[0-3].0/24...

Continue reading »

On: python, programming

Have you ever had a need to iterate over two lists at the same time? I did recently and it turns out that Python has a built-in function called zip() that can be used for this. This function takes iterables as arguments, such as lists or strings, and returns a list of tuples containing elements from each of the arguments. When using it in our code we can mix types of arguments, they don't have to be the same. In the examples below we will use lists of characters, digits, and tuples. For good measure, we will throw in a...

Continue reading »

On: CCIE, AAA, Cisco

Role based access control for CLI allows us to set up a very granular permissions for user accounts. We can have a role called NOC that will have right to use only selected show commands. Or we could have a role for Junior Engineers that will allow them to configure only certain aspects of the device like interface descriptions. Before we can configure specific views, we need to enable aaa and configure enable password: aaa-new model enable secret cisco After that we can enter the root view to confirm parser views are enabled: R1#enable view Password: R1#sh parser...

Continue reading »

On: CCIE, DMVPN, IPSEC, VRF

In this post I want to show how to configure DMVPN with IPSEC, with tunnel source/destination IPs located in a separate VRF. Idea here is to have underlay network running in a VRF, often called FVRF or Front Door VRF. By using Front Door VRF we are isolating transport network, usually Internet facing, and this allows us to configure default route that won't interfere with routing in our global table. There are other benefits of this design and it's quite commonly used in the SP/Enterprise world. We will be working with the following topology: R1 is a DMVPN...

Continue reading »