Thursday, January 24, 2013

BGP Error Code Cease & subCode @ other configuration changed

One of the most important player of a Service Provider Backbone Network is BGP which should be stable at any cost, but it will make life tough when you see some logs like shown below or something down and BGP is associated with that down state. Same is the case happened with us yesterday, we received a TT for a circuit was down, when we check all the possible aspects, so We came across with this BGP error named CEASE with subCode error other configuration changed shown below in logs.  

Jan 22 2013 09:45:07.700.3+03:00 PE-AggX16-Baha-712-1 %%01BGP/3/STATE_CHG_UPDOWN(l)[743]:The status of the peer 172.31.184.110 changed from ESTABLISHED to IDLE. (InstanceName=V1907:MOI-PRISON, StateChangeReason=Notification Message Received)

Jan 22 2013 09:44:51.50.1+03:00 PE-AggX16-Baha-712-1 %%01BGP/3/STATE_CHG_UPDOWN(l)[744]:The status of the peer 172.31.184.110 changed from OPENCONFIRM to ESTABLISHED. (InstanceName=V1907:MOI-PRISON, StateChangeReason=Up)

Jan 22 2013 09:44:19.690.3+03:00 PE-AggX16-Baha-712-1 %%01BGP/3/STATE_CHG_UPDOWN(l)[745]:The status of the peer 172.31.184.110 changed from ESTABLISHED to IDLE. (InstanceName=V1907:MOI-PRISON, StateChangeReason=Notification Message Received)

Jan 22 2013 09:44:05.40.1+03:00 PE-AggX16-Baha-712-1 %%01BGP/3/STATE_CHG_UPDOWN(l)[747]:The status of the peer 172.31.184.110 changed from OPENCONFIRM to ESTABLISHED. (InstanceName=V1907:MOI-PRISON, StateChangeReason=Up)

Jan 22 2013 09:43:33.620.3+03:00 PE-AggX16-Baha-712-1 %%01BGP/3/STATE_CHG_UPDOWN(l)[748]:The status of the peer 172.31.184.110 changed from ESTABLISHED to IDLE. (InstanceName=V1907:MOI-PRISON, StateChangeReason=Notification Message Received)

Peer: 172.x.x.x
Date/Time     : 2013-01-22 13:22:19+03:00
State         : Down
Error Code    : 6(CEASE)
Error Subcode : 6(Other Configuration Change)
Notification: Receive Notification

There can be multiple Subcode error, I will talk here error CEASE with Subcode other configuration changed, According to RFC 4486 - If a BGP speaker decides to administratively reset the peering with a neighbour due to a configuration change other than the ones described above, then the speaker SHOULD send a NOTIFICATION message with the Error Code Cease and the Error Subcode “Other Configuration Change“.

I hope this will be informative for you :) 

Sunday, July 15, 2012

PPPoE (Point-to-Point Protocol over Ethernet)

What is the need of PPPoe? Why we use PPPoe? Suppose a DSL user want to communicate with the Service Provider (SP),  that user must be authenticated and we can do that by using PPPoe but we can do so by other ways also so what is the real need for PPPoe to be used ?  Many things we can do with PPPoe like to verify the user before it comes on a link. We can use OSPF or EIGRP for authentication but we need authentication before the routing process starts. So if you want to do the authentication on the link so PPPoe is the cool and right feature.
The DSL will dial ISP and will ask that I want to dial up.  The ISP will reply that let me check your credential like username and password. The DSL will say this is my username and password, the ISP will confirm through AAA or any other server and will allow DSL to communicate to the internet using the ISP backbone if request is successful.
In this lab to see the results we will be using two Cisco-7200 routers where one will act as ISP and other will act as DSL-Client.
First thing we need to do is the bba (Broadband Access group)
SP-SERVER SIDE CONFIGURATION
SP-Server (config)# bba-group pppoe TESTGROUP
SP-Server (config-bba-group)# do show ip int brief            =====> virtual group made
At this point we need to associate a virtual template to bba-group which we define (TESTGROUP). A Virtual Template is define so that any user who will come through the virtual interface (define later) so all parameters which are set in this Virtual Template will be apply on them. Blow is the definition of the virtual template which associate it to the bba-group.
SP-Server (config-bba-group)# virtual-template 1                =====> only this to associate with group
Now I will create the virtual interface and will associate to the virtual template that I define above.
SP-Server (config)# interface virtual-template 1                   ======> same no as defined above
SP-Server (config-if)#                                                               ========> now we are in template interface and what we define here will be for all those user who dial here in on this interface.
SP-Server (config-if)# do show ip int brief
Virtual-Access is the bba-group
Virtual-Template 1
SP-Server (config-if)# ip address 192.168.1.1 255.255.255.0
SP-Server (config)# default interface fast1/0
SP-Server (config)# int fas1/0
SP-Server (config-if)# pppoe enable group TESTGROUP
SP-Server#debug pppoe packet

CLIENT-SIDE CONFIGURATION
DSL-Client(config)# int fa0/0
DSL-Client (config-if)# pppoe-clinet dial-pool-number 10
DSL-Client (config-if)# do show ip int brief
Now we will create a Dialer Interface which is sued to dial virtually out to SP-Server.
DSL-Client (config)# interface dialer 1
NOTE: We can use DHCP or static ip here, i will show both methods here, first static IP
DSL-Client(config-if)# ip address 192.168.1.10 255.255.255.0
DSL-Client(config-if)# encapsulation ppp
Now we will associate this interface (Dialer) to the dial-pool (define above)
DSL-Client (config-if)# dialer pool 10
DSL-Client # debug ppoe packets
We have dialer interface here on DSL-Client and mean while see the debug on DSL-Client side which send the broadcast messages, mac-address, this is basically the DSL-Client is dialling the SP-Server.
DSL-Client#
*Jul 15 19:01:09.431: pppoe_send_padi:
         FF FF FF FF FF FF CA 01 01 FC 00 1C 88 63 11 09
         00 00 00 0C 01 01 00 00 01 03 00 04 64 56 34 5C ...
 
But when we enable the interface on SP-Server to allow the DSL request by unshut the interface so communication between SP and DSL stats as show in the below debug messages:


SP-Server(config-if)#
*Jul 15 19:01:57.927: PPPoE 0: I PADI  R:ca01.01fc.001c L:ffff.ffff
         FF FF FF FF FF FF CA 01 01 FC 00 1C 88 63 11 09
         00 00 00 0C 01 01 00 00 01 03 00 04 64 56 34 5C ...
*Jul 15 19:01:57.931: PPPoE 0: O PADO, R:ca00.01fc.001c L:ca01.01fc
*Jul 15 19:01:57.931:  Service tag: NULL Tag
         CA 01 01 FC 00 1C CA 00 01 FC 00 1C 88 63 11 07
         00 00 00 2D 01 01 00 00 01 03 00 04 64 56 34 5C ...
*Jul 15 19:01:58.435: %LINK-3-UPDOWN: Interface FastEthernet1/0, ch
o up
*Jul 15 19:01:58.435: %ENTITY_ALARM-6-INFO: CLEAR INFO Fa1/0 Physic
istrative State Down
*Jul 15 19:01:59.435: %LINEPROTO-5-UPDOWN: Line protocol on Interfa
et1/0, changed state to up
*Jul 15 19:02:00.015: PPPoE 0: I PADR  R:ca01.01fc.001c L:ca00.01fc
         CA 00 01 FC 00 1C CA 01 01 FC 00 1C 88 63 11 19
         00 00 00 2D 01 01 00 00 01 03 00 04 64 56 34 5C ...
*Jul 15 19:02:00.047: [1]PPPoE 1: O PADS  R:ca01.01fc.001c L:ca00.0
0
         CA 01 01 FC 00 1C CA 00 01 FC 00 1C 88 63 11 65
         00 01 00 2D 01 01 00 00 01 03 00 04 64 56 34 5C ...
*Jul 15 19:02:03.183: [1]PPPoE 1: Vi1.1 O FS

DSL-Client(config-if)#
*Jul 15 19:01:57.879: pppoe_send_padi:
         FF FF FF FF FF FF CA 01 01 FC 00 1C 88 63 11 09
         00 00 00 0C 01 01 00 00 01 03 00 04 64 56 34 5C ...
*Jul 15 19:01:57.979: PPPoE 0: I PADO  R:ca00.01fc.001c L:ca01.01fc.001c Fa1/0
         CA 01 01 FC 00 1C CA 00 01 FC 00 1C 88 63 11 07
         00 00 00 2D 01 01 00 00 01 03 00 04 64 56 34 5C ...
*Jul 15 19:01:59.943: OUT PADR from PPPoE Session
         CA 00 01 FC 00 1C CA 01 01 FC 00 1C 88 63 11 19
         00 00 00 2D 01 01 00 00 01 03 00 04 64 56 34 5C ...
*Jul 15 19:02:00.139: PPPoE 1: I PADS  R:ca00.01fc.001c L:ca01.01fc.001c Fa1/0
         CA 01 01 FC 00 1C CA 00 01 FC 00 1C 88 63 11 65
         00 01 00 2D 01 01 00 00 01 03 00 04 64 56 34 5C ...
*Jul 15 19:02:00.167: %DIALER-6-BIND: Interface Vi1 bound to profile Di1
*Jul 15 19:02:00.267: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state t
o up
*Jul 15 19:02:03.151: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Ac
cess1, changed state to up
*Jul 15 19:02:03.307: [0]PPPoE 1: Vi1 O FS
*Jul 15 19:02:13.555: [0]PPPoE 1: Vi1 O FS
*Jul 15 19:02:23.827: [0]PPPoE 1: Vi1 O FS 

We can also see the PPPoe session made between SP-Server and DSL-Client.
SP-Server#show pppoe session
*Jul 15 19:08:52.779: [1]PPPoE 1: Vi1.1 O FS
     1 session  in LOCALLY_TERMINATED (PTA) State
     1 session  total
Uniq ID  PPPoE  RemMAC          Port                    VT  VA         State
           SID  LocMAC                                      VA-st
      1      1  ca01.01fc.001c  Fa1/0                    1  Vi1.1      PTA
                ca00.01fc.001c                              UP

Using DHCP
I hope you all know about how to configure DHCP on Routers, if not Please see Cisco Router as DHCP Server.
Please remove manual IP address from interface fas1/0 and dialer on DSL-Client and make the method as DHCP and configure DHCP on SP-Server. The configuration is given below:
SP-Server:
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp pool POOLFORPPPOE
   network 192.168.1.0 255.255.255.0
interface Virtual-Template1
 ip address 192.168.1.1 255.255.255.0
 peer default ip address dhcp-pool POOLFORPPPOE
DSL-Client
DSL-Client(config)#interface fa1/0
DSL-Client(config-if)#no ip address
DSL-Client(config-if)#ip address dhcp                                               =====> Add this command
DSL-Client(config)#interface dialer 1
DSL-Client(config-if)#no ip address
DSL-Client(config-if)#ip address dhcp
 Verification
DSL-Client#show ip interface brief

Interface                  IP-Address      OK? Method Status                Prot
ocol
FastEthernet0/0            unassigned      YES unset  administratively down down
FastEthernet1/0            unassigned      YES DHCP   up                    up
FastEthernet1/1            unassigned      YES unset  administratively down down
Virtual-Access1            unassigned      YES unset  up                    up
Dialer1                    192.168.1.13    YES DHCP   up                    up

DSL-Client#show pppoe session

     1 client session
Uniq ID  PPPoE  RemMAC          Port                    VT  VA         State
           SID  LocMAC                                      VA-st
    N/A      2  ca00.01fc.001c  Fa1/0                  Di1  Vi1        UP
                ca01.01fc.001c                              UP
 

I hope this will be informative for you !

Cheers :)

Saturday, June 30, 2012

PW Down, VSI Down, Layer-2 Circuit Down

Migration of Cisco CRS-1 to Huawei NE40E-X16 was performed few days ago & all goes well. After a day we received complaint about few sites from customer that they are not able to reach our backbone :(, while checking the related configuration for that customer, we notice that the Pseduowire is down, although we notice that vsi is down for that customer. migration was done on aggregator node. You can issue following command to see the status:

PE-AggX16-RegionName-2222-1 -- display vsi name Vlan8888 verbose

***VSI Name : Vlan8888
Administrator VSI : no
Isolate Spoken : disable
VSI Index : 28
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : ethernet
MTU : 1500
VSI State : down
..................................................output Omitted

VSI ID : 8888
*Peer Router ID : 192.168.98.21
primary or secondary : primary
ignore-standby-state : no
VC Label : 5461
Peer Type : dynamic
State : down
.................................................output Omitted

**PW Information:

*Peer Ip Address : 192.168.98.21
PW State : down
Local VC Label : 5461
Remote VC Label : 28751
PW Type : label
.................................................output Omitted

After checking the configuration and logs we find out that at Agg-222, PW under VSI Vlan8888 was down. We found vsi id under vsi Vlan8888 was 8888 while at the peer Edge-333 that VSI ID was configured under different VSI. So we changed VSI-id at aggregator to 1880. At edge there was no vsi Vlan8888, so we create it & define same vsi-id under it whis is 1880.

Second, We also notice that Interface vlan 8888 was not bind to Vsi Vlan8888 at both Agg-222 and Edge-333, so we bind it to the interface vlan 8888 and then VSI came up.

Configuration done on both Aggreegator and Edge are:

Edge - 2222 Configuration:
==========================

vsi Vlan1058 static
pwsignal ldp
vsi-id 1880
peer 192.168.xx.xx
encapsulation ethernet
tnl-policy loadbalance

#
interface Vlanif8888
l2 binding vsi Vlan8888
#


Agg-2222 Configuration:
=======================

vsi Vlan1058 static
pwsignal ldp
vsi-id 1880
peer 192.168.xx.xx
encapsulation ethernet
tnl-policy loadbalance
#
interface Vlanif8888
l2 binding vsi Vlan8888


Verification:

PE-AggX16-RegionName-2222-1 -- dis vsi name Vlan8888
Vsi Mem PW Mac Encap Mtu Vsi
Name Disc Type Learn Type Value State
--------------------------------------------------------------------------
Vlan1058 static ldp unqualify ethernet 1500 up


PE-AggX16-RegionName-2222-1 -- display vsi name Vlan8888 verbose

***VSI Name : Vlan8888
Administrator VSI : no
Isolate Spoken : disable
VSI Index : 28
PW Signaling : ldp
Member Discovery Style : static
PW MAC Learn Style : unqualify
Encapsulation Type : ethernet
MTU : 1500
Diffserv Mode : uniform
Service Class : --
Color : --
DomainId : 255
Domain Name :
Tunnel Policy Name : loadbalance
Ignore AcState : disable
P2P VSI : disable
Create Time : 0 days, 0 hours, 26 minutes, 18 seconds
VSI State : up

VSI ID : 1880
*Peer Router ID : 192.168.xx.xx
primary or secondary : primary
ignore-standby-state : no
VC Label : 5461
Peer Type : dynamic
Session : up
Tunnel ID : 0x60036ed9
Broadcast Tunnel ID : 0x60036ed9
Broad BackupTunnel ID : 0x0
CKey : 69
NKey : 66
StpEnable : 0
PwIndex : 0

Interface Name : Vlanif8888
State : up
Access Port : false
Last Up Time : 2012/06/26 21:04:41
Total Up Time : 0 days, 0 hours, 10 minutes, 33 seconds

**PW Information:

*Peer Ip Address : 192.168.xx.xx
PW State : up
Local VC Label : 5461
Remote VC Label : 28751
PW Type : label
Tunnel ID : 0x60036ed9
Broadcast Tunnel ID : 0x60036ed9
Broad BackupTunnel ID : 0x0
Ckey : 0x45
Nkey : 0x42
Main PW Token : 0x40007e66
Slave PW Token : 0x40007e67
Tnl Type : LSP
OutInterface : Tunnel0/0/3000
Backup OutInterface :
Stp Enable : 0
Mac Flapping : 0
PW Last Up Time : 2012/06/26 21:04:41
PW Total Up Time : 0 days, 0 hours, 10 minutes, 33 seconds

I Hope this will be informative for you !

Thursday, June 21, 2012

Multiprotocol Label Switching (MPLS) VPN

Yes Guys & Girls! Waiting for detail step wise configuration of Multiprotocol Label Switching Virtual Private Network (MPLS-VPN).

R1(config) # ip cef
R1(config) # mpls ldp router-id loopback 0
R1(config) # mpls label protocol ldp
R1(config) # mpls ip

Repeat same commands on router R2 & R3



We can divide the configuration phase into four steps:

1 - VRP related Configuration
2 - MP-BGP Related Configuration
3 - PE-CE Routing Protocol Configuration
4 - Redistribution

Step # 1 VRF Configuration

R1(config)# ip vrf test
R1(config-vrf)# rd 1:1
R1(config-vrf)# route-target 1:1

By using above command for RT it is defined automatically for both
importa and export, if you want to use seperate you can do so. Use
R1 # show running-config command to see that both import and export
RT is defined using above command.

R1(config)# interface serial 1/1
R1(config-if)# ip vrf forwarding test

./. You will get Warning that IP Address 5.1.1.2 is removed due to
vrf configuration. Assign IP Address again.

R1(config)# interface serial 1/1
R1(config-if)# ip address 5.1.1.1 255.0.0.0

Note: Now when you check your routing table you will not see 5.0.0.0 network as it is removed and move to vrf table. you can confirm it using below command:

R1 # show ip route vrf test

R1 # ping vrf test 5.1.1.1

The result should be sucessfull :)


R3(config)# ip vrf test //The vrf name here can be differnt.
R3(config-vrf)# rd 1:1
R3(config-vrf)# route-target 1:1

R3(config)# interface serial 1/0
R3(config-if)# ip vrf forwarding test

./. You will get Warning that IP Address 5.1.1.2 is removed due to
vrf configuration. Assign IP Address again.

R3(config)# interface serial 1/0
R3(config-if)# ip address 3.1.1.1 255.0.0.0


Step # 2 MP-BGP Configuration

R1(config)# router bgp 1
R1(config-router)# bgp router-id 11.1.1.1
R1(config-router)# bgp auto-summary
R1(config-router)# no synchronization
R1(config-router)# neighbor 33.3.3.3 remote-as 1
R1(config-router)# neighbor 33.3.3.3 update-source loopback 0

R3(config-router)# router bgp 1
R3(config-router)# bgp router-id 33.3.3.3
R3(config-router)# bgp auto-summary
R3(config-router)# no synchronization
R3(config-router)# neighbor 11.1.1.1 remote-as 1
R3(config-router)# neighbor 11.1.1.1 update-source loopback 0

The above is basic BGP configuration. Now MP-BGP configuraiton (We used Multi-Protocol BGP (MP-BGP) because we need this to carry VPNv4, VPNv6, IPv6 & IPv4 Packets while BGP only carry IPv4 traffic.

R1(config) # router bgp 1
R1(config-router) # address-family vpnv4
R1(config-router-af) # neighbor 33.3.3.3 activate
R1(config-router-af) # neighbor 33.3.3.3 send-community both

R3(config) # router bgp 1
R3(config-router) # address-family vpnv4
R3(config-router-af) # neighbor 11.1.1.1 activate
R3(config-router-af) # neighbor 11.1.1.1 send-community both



Step # 3 PE-CE Configuration

Run OSPF between PE & CE but make sure to use different process-id from one which is already running on PE as you all routes will be in service provider area.

R1(config)# router ospf 10 vrf test
R1(config-vrf)# router-id 5.1.1.2
R1(config-vrf)# network 5.0.0.0 0.255.255.255 area 0

Note: We used different id other than loopback as that is already use by OSPF-1.

R5(config)# router ospf 1
R5(config-router)# router-id 55.5.5.5
R5(config-router)# network 55.5.5.5 0.0.0.0 area 0
R5(config-router)# network 50.1.1.1 0.0.0.0 area 0
R5(config-router)# network 5.1.1.1 0.0.0.0 area 0

R1# show ip route vrf test


R3(config)# router ospf 10 vrf test
R3(config-vrf)# router-id 3.1.1.1
R3(config-vrf)# network 3.0.0.0 0.255.255.255 area 0

R7(config)# router ospf 1
R7(config-router)# router-id 77.7.7.7
R7(config-router)# network 77.7.7.7 0.0.0.0 area 0
R7(config-router)# network 70.1.1.1 0.0.0.0 area 0

R3# show ip route vrf test

R3# ping 11.1.1.1


Step # 4 Redistribution

On R1, Routes which are learned via OSPF are now redistributed into BGP which is run in the MPLS domain.

R1(config)# router bgp 1
R1(config-router)# address-family ipv4 vrf test
R1(config-router)# redistribute ospf 10 match internal external

R3# show ip route vrf test

Now redistribute BGP into OSPF as routes reached to R3 but not R7 as on R7 we have OSPF, so redistribute BGP into OSPF.

R3(config)# router ospf 10
R3(config-router)# redistribute bgp 1 subnets

Now do the redistribution in reverse direction. Redistribute OSPF into BGP.

R3(config)# router bgp 1
R3(config-router)# address-family ipv4 vrf test
R3(config)# redistribute ospf 10 match internal external

R1(config)# router ospf 10
R1(config-router)#redistribute bgp 1 subnets


Verifications:

R5# ping 77.7.7.7
R5# traceroute 77.7.7.7

I hope this will be informative for you :)

Saturday, June 16, 2012

MPLS Traffic Engineering:: Part – 1 :: Theory

Whenever data is moved and we want the data not to follow the routing protocol dedicated path but to redirect to the path which we select for the traffic to follow. When we determined the path for traffic or data to follow so there are some concept on which Multiprotocol Label Switching - Traffic Engineering (MPLS-TE) is based:

When Routing Protocol is configured on a node it results about the interface parameters like Bandwidth information:

1. MPLS-TE also gives us some information like Bandwidth of the link, how much bandwidth is left (remaining) or Bandwidth is available. Basically it gives the link properties (all these are link constraints).

2. Protocol is needed which carry information and these information are carried by Link State Protocol either OSPF or IS-IS.

3. Constraint based SPF or Path Calculation algorithm is needed for the determination of best path to various routes. This CBSPF use many constraints for path selection other than bandwidth.

4. We have to make sure that the connectivity is available on that path which is selected for traffic. Resource Reservation Protocol (RSVP) is used to reserve bandwidth on the path. For example, we need 10 Mbps on a link, so RSVP ensures this much of bandwidth & RSVP also do the label, changing end-to-end changing (information).

Path Message: Which ensure Bandwidth?
Reserve Message: Confirmation of Bandwidth



In TE, the tunnel headed router decided which path the traffic should follow

a: The LSP Path/Tunnel is one way

b: TE Tunnel configuration is done on Head router, that’s why one way

c: We can use RSVP and LDP parallel like some traffic will pass through tunnel which will use Tunnel Label while some traffic will pass out of Tunnel which will use LDP Label.

d: We can have multiple Tunnels so we can have more than one label.



e: In MPLS TE we basically decided: How to allow the traffic in tunnel means How to route the traffic to the tunnel? & How to feed the traffic in Tunnel?

f: In TE we basically engineer, Like we select another path other than the path which is selected by routing protocols. Routing protocols select best path using only metric which TE use many other parameters for it.

I hope this will be informative for you !

Cheers :)

Interfac GigabitEthernet 2/9/1 :: Received Pause Frames Exceeded Threshold

At time something is not that big thing but live network is live which makes you so careful and conscious that you take care of each and every alarms of Router (NE40E). I saw the above alarms on my NE40E, when I try to troubleshoot so it was not that big problem. At time due to this may be some data services lost on that interface. You can get this due to some reasons which include “The receiving rate of pause frames exceeded the threshold” or it is receiving for continuous time.

Solution:

You just need to check the rate on the interface; if you see this alarm what you need is to reduce the traffic rate from neighbor node. In my case when I notice this so no high rate was noticed on the interface, it just appear for a while and then disappear.

I hope this will be informative for you.

Monday, May 14, 2012

Cisco Career Certification Complete Reference

A Complete Reference to Cisco Career Certification Tracks !

Which Track are you following ?




I hope this will be informative for you !

Cheers :)