Sunday, April 21, 2013

VRF Lite (Virtual Routing & Forwarding)

- technology similar to VLANs but working at Layer 3.
- implemented in IP network router that allows two or more VPNs, where same IP Subnet can be overlapped among VPNs without conflicting each other

Key Concept - Each VRF instance is a separate route

- another term for VRF is VPN Routing and Forwarding, key element in Cisco MPLS VPN technology.

Lab Topology


Command Guide
1) To configure vrf --> ip vrf NAME (name is case sensitive)
2) Associate the interface with vrf --> ip vrf forwarding NAME
3) To check vrf routing table --> sh ip route vrf NAME
4) To verify the connectivity --> ping vrf NAME ip address

Wednesday, April 17, 2013

Symbols Generated in Ping Output



!:       Each exclamation point indicates receipt of a reply.
.:       Each period indicates the network server timed out while waiting for a reply.
U:     A destination unreachable error PDU was received.
Q:     Source quench (destination too busy).
M:    Could not fragment.
?:      Unknown packet type.
&:     Packet lifetime exceeded

Sunday, April 14, 2013

EIGRP Authentication


I would like to highlight how EIGRP did authentication when we used keychain. Please go through the below scenario before we explain how it work,




IP Addressing :
--------------------
R1 - s0/0.12 point-to-point = 131.1.12.1/24 ; lo1 = 1.1.1.1/8
R2 - s0/0.21 point-to-point = 131.1.12.2/24 ; lo1 = 2.2.2.2/8

Configure EIGRP Authentication on R1
------------------------------------------------
key chain EIGRP
key 1
key-string ABC
key 2
key-string cisco
!
!
interface Serial0/0.12 point-to-point
ip address 131.1.12.1 255.255.255.0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 EIGRP
frame-relay interface-dlci 102
!


Configure EIGRP Authentication on R2
------------------------------------------------
key chain EIGRP
key 1
key-string DEF
key 2
key-string cisco
!
!
interface Serial0/0.21 point-to-point
ip address 131.1.12.2 255.255.255.0
ip authentication mode eigrp 100 md5
ip authentication key-chain eigrp 100 EIGRP
frame-relay interface-dlci 201
!
!

According to the above configuration, will R1 and R2 form EIGRP neighbors?
!
!
!
!
!
!
!
!
Answer is no. The reason is EIGRP use LOWEST key number among all currently valid keys when SENDING EIGRP message but it use ALL currently valid keys when RECEIVING EIGRP message. Please learn the below picture for better understanding.



Reference : RHC blog & CCNP Route




Route Summarization for IGPs