LAB 1
======================================= Tips ===================================
1.2
.In one switch, protected port doesn't forward traffic to any other protected port
interface FastEthernet0/23
switchport access vlan 13
switchport protected
!
interface FastEthernet0/24
switchport protected
1.6
.inter atm 0/0.1 point-to-point ==> Frame Mode
inter atm 0/0.1 mpls ==> Cell mode
2.3
."not able to intercept any ospf traffic" ====> (unicast) neighbor xxxx
4.4 mpls traffic engineering, ospf, in case of link fail
CiscoSample
4 steps:
--a, routing protocal: ON all core router
mpls traffic-eng area X
mpls traffic-eng router-id LoopbackN
--b, enable mpls engineering on ALL interface: On all core router
mpls traffic-engineering tunnel
--c, enable rsvp on ALL interface: On all core router
ip rsvp bandwidth
--d, tunnel interface: On tunnel head and tail Only
tunnel mode mpls traffic-eng
5.4 R5 announce R8 to vpn_A by importing and exporting its RT.
5.5 VRF aware NAT: R5 translate VPN_A address to others.
interface Ethernet0/0
ip nat outside
!i
nterface Serial0/0.1 point-to-point
ip nat inside
ip nat inside source route-map NAT_FROM_BB2 interface Ethernet0/0 vrf
VPN_A overload
ip nat inside source route-map NAT_FROM_R7 interface Loopback0 vrf
VPN_A overload
5.6 R5 VPN_B only import R6's RT, it is why R6 and R4 use different RT for VPN_A.
6.1 R3 disseminates RP to group mappings and accepts all PIM register messages throughout the multicast network.
i
p pim bsr-candidate Loopback0 0
ip pim rp-candidate Loopback0
6.2 Core network use group 239.0.100.1 to carry VPN_A's multicast
ip vrf VPN_A
mdt default 239.100.0.1
b, ip mroute:
Usage Guidelines
This command allows you to statically configure where multicast sources are located (even though the unicast routing table shows something different).
7. QoS
MPLS exp bit
8. Security
9. System Management
R4:
mpls traffic-eng logging lsp setups
mpls traffic-eng logging lsp teardowns
!l
ogging 131.1.26.100
10. IP service.
R1:
no mpls ip propagate-ttl forwarded
1, NAT aware VRF
2, Multicast VRF
==============1, NAT Aware VRF ===========================
5.5 NAT Integration with MPLS VPNs
NAT could be implemented on the PE route in the following scenarios:
•Service point—Shared access can be from a generic interface or from a VPN interface.
•NAT point—NAT can be configured on the PE router that is directly connected to the shared access gateway, or on the PE router that is not directly connected to the shared access gateway.
•NAT interface—The shared access gateway interface most often is configured as the outside interface of NAT. The inside interface of NAT can be either the PE-CE interface of a VPN, the interface to the MPLS backbone, or both. The shared access gateway interface can also be configured as the inside interface.
•Routing type—Common service can be Internet connectivity or a common server. For Internet connectivity, a default route should be propagated to all the VPN customers that use the service. For common server access, a static or dynamically learned route should be propagated to the VPN customers.
•NAT configuration—NAT can have different configurations: static, dynamic, pool/interface overloading, and route-map.
ip nat inside source
To enable Network Address Translation (NAT) of the inside source address, use the ip nat inside source command in global configuration mode. To remove the static translation or remove the dynamic association to a pool, use the no form of this command.
ip nat inside source {list {access-list-number | access-list-name} | route-map name} {interface type number | pool pool-name} vrf vrf-name [overload]
no ip nat inside source {list {access-list-number | access-list-name} | route-map name} {interface type number | pool pool-name} vrf vrf-name [overload]
Static NAT
ip nat inside source {static {local-ip global-ip} vrf vrf-name [extendable] [no-alias] [no-payload] [route-map] [redundancy group-name]
no ip nat inside source {static {local-ip global-ip} vrf vrf-name [extendable] [no-alias] [no-payload] [route-map] [redundancy group-name]
Port Static NAT
ip nat inside source {static {tcp | udp local-ip local-port global-ip global-port} [extendable] [no-alias] [no-payload]
no ip nat inside source {static {tcp | udp local-ip local-port global-ip global-port} [extendable] [no-alias] [no-payload]
Network Static NAT
ip nat inside source {static {network local-network global-network mask} [extendable] [no-alias] [no-payload]
no ip nat inside source {static {network local-network global-network mask} [extendable] [no-alias] [no-payload]
Syntax Description
list access-list-number
Standard IP access list number. Packets with source addresses that pass the access list are dynamically translated using global addresses from the named pool.
list access-list-name
Name of a standard IP access list. Packets with source addresses that pass the access list are dynamically translated using global addresses from the named pool.
route-map name
Specifies the named route-map.
interface type
Specifies the interface type for the global address.
interface number
Specifies the interface number for the global address.
pool pool-name
Specifies the pool from which global IP addresses are allocated dynamically.
vrf vrf-name
Associates the NAT translation rule with a particular VPN routing/forwarding (VRF) instance.
overload
(Optional) Enables the router to use one global address for many local addresses. When overloading is configured, the TCP or User Datagram Protocol (UDP) port number of each inside host distinguishes between the multiple conversations using the same local IP address.
================== 2, Multicast VRF ================
a, sample configure from Cisco
What's RP?
RPs are used by senders to a multicast group to announce their existence and by receivers of multicast packets to learn about new senders.
The RP address is used by first hop routers to send PIM register messages on behalf of a host sending a packet to the group. The RP address is also used by last hop routers to send PIM join and prune messages to the RP to inform it about group membership. You must configure the RP address on all routers (including the RP router).
Router(config)# ip pim rp-address rp-address [access-list] [override]
Auto-RP
Configuring Auto-RP
Auto-RP is a feature that automates the distribution of group-to-RP mappings in a PIM network. This feature has the following benefits:
•The use of multiple RPs within a network to serve different group ranges is easy.
•It allows load splitting among different RPs and arrangement of RPs according to the location of group participants.
•It avoids inconsistent, manual RP configurations that can cause connectivity problems.
Multiple RPs can be used to serve different group ranges or serve as backups of each other. To make Auto-RP work, a router must be designated as an RP-mapping agent, which receives the RP-announcement messages from the RPs and arbitrates conflicts. The RP-mapping agent then sends the consistent group-to-RP mappings to all other routers. Thus, all routers automatically discover which RP to use for the groups they support.
ip pim send-rp-announce type number scope ttl-value [group-list access-list] [interval seconds]
RP --|--(anounce RP)-----Mapping Agent------All Multicast router
RP --|
mapping agent:
Assigning the RP Mapping Agent
The RP mapping agent is the router that sends the authoritative discovery packets telling other routers which group-to-RP mapping to use. Such a role is necessary in the event of conflicts (such as overlapping group-to-RP ranges).
Router(config)# ip pim send-rp-discovery scope ttl-value
Auto-RP is a feature that automates the distribution of group-to-RP mappings in a PIM network. This feature has the following benefits:
•The use of multiple RPs within a network to serve different group ranges is easy.
•It allows load splitting among different RPs and arrangement of RPs according to the location of group participants.
•It avoids inconsistent, manual RP configurations that can cause connectivity problems.
BSR (bootstrap router)
Configuring Candidate BSRs
Configure one or more candidate BSRs. The routers to serve as candidate BSRs should be well connected and be in the backbone portion of the network, as opposed to the dialup portion of the network.
Router(config)# ip pim bsr-candidate type number hash-mask-length [priority]
Configure one or more candidate RPs. Similar to BSRs, the RPs should also be well connected and in the backbone portion of the network. An RP can serve the entire IP multicast address space or a portion of it. Candidate RPs send candidate RP advertisements to the BSR.
Router(config)# ip pim rp-candidate type number [group-list access-list] [priority value]
========================================
v
Tuesday, September 23, 2008
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment