Category Archives: Uncategorized

Design your network BEFORE you buy it

How would you go about building a house? Would you buy building materials and the equipment you think you will need and then start building hoping that it will turn out ok? Or possibly even make some drawings based on what you have purchased before picking up the hammer? If the drawings shows that you have forgotten something important, would you then buy the missing parts even though you have spent your budget? Or maybe just try to build around it?
Continue reading

Laser in ze eyes – EPI-LASIK

Here’s description of my experience from yesterdays eye surgery. It’s in swedish because right now I can’t be ar*ed to rewrite it in english. Pardon my laziness as well as my inability stay on-topic in this blog 😉

Innan jag bestämde mig för att göra detta kollade jag runt bland vänner och bekanta. I efterhand upplever jag att jag inte riktigt fick en rättvisande beskrivning av hur det kunde vara så här kommer min beskrivning.
Continue reading

Multicast PIM-DM Acrobatics

Imagine a network looking like this:

Green boxes symbolize a small portion of two different MANs under the same management. Each city is running PIM-SM with their own RP. The cities interconnect with BGP and MSDP.
City1-R1 is directly attached to an IP-TV Service Provider. There is no PIM neighborship, the SP is just flooding all their streams out the interface connected to City1-R1.
Everything is working just fine in City1. The streams are visible in the Multicast routing table and customers all over the city can view the different channels. The MAN operator now wants customers in City 2 to be able to watch the same channels. This should be possible since they have a working MSDP connection. But of course it doesn’t work because that’s how it is in our wonderful world. Things don’t work(tm). City2-R1 (RP) lacks the SAs from the Service Provider. Looking at the mroute table on City1-R1 reveals the following sample

#sh ip mroute 233.x.y.z

IP Multicast Routing Table

Flags: D – Dense, S – Sparse, B – Bidir Group, s – SSM Group, C – Connected,

       L – Local, P – Pruned, R – RP-bit set, F – Register flag,
       T – SPT-bit set, J – Join SPT, M – MSDP created entry, E – Extranet,
       X – Proxy Join Timer Running, A – Candidate for MSDP Advertisement,
       U – URD, I – Received Source Specific Host Report,
       Z – Multicast Tunnel, z – MDT-data group sender,
       Y – Joined MDT-data group, y – Sending to MDT-data group
       V – RD & Vector, v – Vector
Outgoing interface flags: H – Hardware switched, A – Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 233.x.y.z), 7w0d/00:02:34, RP 10.x.y.z, flags: SJC
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Vlan42, Forward/Sparse, 00:41:21/00:02:30
    Port-channel70, Forward/Sparse, 11w0d/00:02:34
(a.valid.source.1.1.1.1, 233.x.y.z), 1w5d/00:03:27, flags: T
  Incoming interface: Vlan42, RPF nbr validNbr, RPF-MFD
  Outgoing interface list:
    Port-channel70, Forward/Sparse, 1w5d/00:02:40, 

Spot the flags for the S,G entry.  We are missing the A or M flags. This entry will not be propagated using MSDP. The first solution seems to be to just ask to get a MSDP connection with the Provider (will give the M-flag = propagation will occur) but this was not possible. The provider gave an explanation with some acceptable (..weeell..) arguments so we had to find a different solution.

This is when it becomes painfully obvious that Multicast is a bit of a black hole. There’s not a lot of resources out there. Well that’s not entirely true. There are resources but there’s not a lot of real world examples. The solution finally seems to appear when an operator of the MAN remembers that he saw something about dense-mode during an Advanced Multicast session at CLEUR2012. After some digging we find that there’s an add-on to ip pim dense-mode. Proxy register! From documentation:

Dense Mode with Proxy Registering
For a router in a PIM sparse mode (PIM-SM) domain configured to operate in sparse mode or sparse-dense mode, the ip pim dense-mode proxy-register command must be configured on the interface leading toward the bordering dense mode region. This configuration will enable the router to register traffic from the dense mode region with the rendezvous point (RP) in the sparse mode domain.

So we change from ip pim sparse-mode to ip pim dense-mode proxy-register on the interface facing the provider and whoop. A new show ip mroute:

#sh ip mroute 233.x.y.z

IP Multicast Routing Table

Flags: D – Dense, S – Sparse, B – Bidir Group, s – SSM Group, C – Connected,

       L – Local, P – Pruned, R – RP-bit set, F – Register flag,

       T – SPT-bit set, J – Join SPT, M – MSDP created entry, E – Extranet,
       X – Proxy Join Timer Running, A – Candidate for MSDP Advertisement,
       U – URD, I – Received Source Specific Host Report,
       Z – Multicast Tunnel, z – MDT-data group sender,
       Y – Joined MDT-data group, y – Sending to MDT-data group
       V – RD & Vector, v – Vector

 

Outgoing interface flags: H – Hardware switched, A – Assert winner

Timers: Uptime/Expires

Interface state: Interface, Next-Hop or VCD, State/Mode

(*, 233.x.y.z), 7w0d/00:02:51, RP 10.x.y.z, flags: SJC
  Incoming interface: Null, RPF nbr 0.0.0.0
  Outgoing interface list:
    Vlan42, Forward/Dense, 10:35:15/00:00:00
    Port-channel70, Forward/Sparse, 5w0d/00:02:51

(a.valid.source.1.1.1.1, 233.x.y.z), 5d23h/00:03:23, flags: TA  Incoming interface: Vlan42, RPF nbr validNbr, Mroute, RPF-MFD
  Outgoing interface list:
    Port-channel70, Forward/Sparse, 5d23h/00:03:01, H

Spot the flags. We now have an A which means that it will be sent to MSDP peers and verification on City2-R1 shows:

#sh ip msdp sa-cache 233.x.y.zMSDP Source-Active Cache – 1 entries for 233.x.y.z(validsource.1.1.1, 233.x.y.z), RP 10.11.254.2, BGP/AS 65001, 00:01:40/00:05:16, Peer 10.x.y.z 

 


#sh ip mroute 233.x.y.z

 

 

(*, 233.x.y.z), 00:02:53/00:02:36, RP 10.x.y.z, flags: S  Incoming interface: Null, RPF nbr 0.0.0.0  Outgoing interface list:    GigabitEthernet1/36, Forward/Sparse, 00:02:53/00:02:36
 

(validsource.1.1.1.1, 233.x.y.z), 00:02:53/00:03:21, flags: MT  Incoming interface: Vlan2002, RPF nbr validNbr, Mroute, RPF-MFD   

Outgoing interface list:    GigabitEthernet1/36, Forward/Sparse, 00:02:53/00:02:36, H

There we go. dense-mode proxy-register solved the issue and customers in City2 can now view the channels. Note that this is a workaround solution implemented while waiting for the provider to be able to setup MSDP connections.

Cisco Live Europe 2012

The Event

CLEUR 2012 was a LOT better than 2011. They had redone the entire venue from last year. Last year the venue felt extremely large (which it is) because there was so much walking about and while walking between different areas there were no real sense of continuity. For 2012 they had obviously given it more thought. Everything felt more like one (extremely) large area instead of several different islands who just happened to be in the same (extremely) large building.

CLEUR 2011 also left a lot of people hungry because quite frankly, the food was utterly worthless. I’m sorry England but you have no sense of taste what so ever. I’m guessing that quite a few people expressed this in the event review afterwards. This year they had given it more effort and I have to say that none of the lunches attached themselves in my memory. That might not sound good but remember that we’re talking about lunch for oh I don’t know how many, around 7k? It’s impossible to serve something that anyone will remember as one of the top 5, 10 or even 100 experiences of their lives. Look at it from the other angle instead, if I don’t remember the lunches they can’t have been bad, right? Well done! 

But same as last year, there’s just not enough coffee available. I realize that they don’t want to serve coffee outside of the breakout rooms because they of course want the people to move down to the World of Solutions. They need to have people there or no one will pay for a booth next year. That’s all understandable and acceptable. BUT! With only one escalator going each way to/from the breakouts and World of Solutions as well as a pretty damn long walk it takes better part of a 30 min break to just do a coffee raid. And what’s with not even having coffee in the World of Solutions at the lunch break? Official response from @CiscoLiveEurope was that there would be Coffee at 3 pm. Guys, seriously. We swedes need our own coffee container!

Keynotes

I barely remember what Padmasree Warrior talked about. The entire speech felt more like something aimed at management and not the more technical types who I am sure makes up at least 98% of the attendees. We’re not interested in fluff. Fluff is for those who don’t understand what’s really going on. Yes, I’m talking about management.

Dave Evans gave the second keynote. It was slightly more interesting but I think he left his charisma in some sort of jet lag or something. Don’t look at the floor! Change your tone now and then! And be more prepared when you “interview” the guest speaker.

Richard Noble from Bloodhound Project was guest speaker during the second keynote. Excellent! He was way more charismatic than Dave and I would really have liked to hear more about the Bloodhound project!

So in summary: this years keynotes lands at the bottom in the list of Live’s I’ve attended (only 3 so still Bronze, I guess).

Breakouts


It was much harder to schedule my breakouts this year. Probably because it was my third time in four years. I skipped a lot of sessions because they felt like something I’ve heard before. But as always there were a couple of good sessions. I especially liked the session about IPv6 security. I wish I hadn’t changed form Advanced LISP to Carrier Ethernet as techtorial. I’ve been to three techtorials now and the best one was my first. It was about Datacenter and they did about 60 min (?) of talking followed by 15 min of demo about what they had just talked about and then on to the next subject. The other two were pretty much 98% talk and 2% demo. That’s not a good setup for a 9 hour day. It needs to be more alive. I will have to think very hard about a techtorial next year. It’s not worth the 500 extra quid for about as many extra slides.

Summary


All in all I’m happy with the week. 8.5 routers out of 10. I can’t really think of anything they could do to make it better. At least not something that is likely. More escalators would be a nice surprise, I guess. I feel a bit Cisco-Live-saturated and as it is right now I don’t feel like going next year. But I know that will change I will most likely be back in London this time next year.

So yeah, apart from not having coffee CLEUR 2012 was a VERY well planned and designed. Well done!

CCIE Security by the end of 2012?

Nah, not likely. I’ve bought workbooks and I’m actively following two co-workers who are both studying for their CCIE Sec. For now I’m mostly interested in the technology workbooks but who knows, maybe I’ll go for an attempt at the lab myself.

I’d prefer Service Provider, though…

“What’s your best advice for CCIE preparations?”

I get a lot of questions from co-workers and others regarding advice for the CCIE lab. Here are my own personal top two. The two things that I truly feel helped tipped the scale:

  1. Take care of yourself. During those last months of serious labbing I still took the time to exercise. Go for a long walk, take a run. Go for a swim. Anything that gets you moving. Eat right. Take care of yourself! It really helps you to get the most out of a 12 hour lab session.
  2. Go for that first attempt even if you feel you’re not ready. I’ve written about that before so go read that post as well.
Did you come here from Google looking for tech advice? I have a few of those as well but none of those made an impact as huge as the two above.

There is a post-CCIE life

The best thing about being DONE is that I can finally come home and sit down with something other than a Cisco Press book. I can actually do non-tech stuff without feeling that stab of guilt. I think I’ve forgotten how, though 😮

Next on my tech-related schedule is:
  • Develop a series of workshops for my colleagues going for their CCNA
  • Develop a series of workshops for my (other) colleagues going for their CCNP
  • Write an internal Best Practice document regarding Data Center networking
And I must not forget to have some fun so I’m also going back to my old CCIE SPv2 workbooks. No, not because I want the certification (which I do) but because SP is the most interesting part about networking (imho).

Clarifications about the reread

I’ve gotten a lot of “well don’t forget undebug all”-comments. A couple of clarifications here:

1) The lab is very stressful. It’s easy to not think straight when you’re running out of time. For every device that I forgot to disable debug on there are 10 that I did NOT forget to disable debug on.

2) I’m not even sure if debug was the issue. It could have been anything.

I could have gotten new questions that they hadn’t had the chance to perfect the grading scripts for yet. I can think of several technology specific issues that I will not say out loud due to NDA. I said “do not fear the reread” and what I meant was; When in doubt; ask for a reread. Do not fear the statistics that more or less tell you to fsck off.

JUST DO IT.