Just another Cisco tech blog

Static route redistribution is straightforward in EIGRP, you need to use the redistribution keyword under the EIGRP process, and add a seed metric to it.

R1:

router eigrp 1
network 191.1.0.0
redistribute static metric 1 1 1 1 1

ip route 191.1.2.0 255.255.255.0 191.1.125.5

Thanks to the loop prevention behavior of the protocol, EIGRP will advertise this route as an EIGRP External route, which has an AD of 170.

R1’s neighbor:

D EX     191.1.2.0/24 [170/2560512256] via 191.1.13.1, 00:00:06, Serial1/2

If you point the route to an interface (which you can, if it’s a point-to-point interface), the protocol will do something very different. According to Cisco’s technical whitepaper:

When you install a static route to an interface, and configure a network statement using router eigrp, which includes the static route, EIGRP redistributes this route as if it were a directly connected interface

It will do this redistribution even if you don’t use the redistribute static keyword.

It is also funny, that if you do static redistribution, and you point the route to the interface, it will redistribute the route as an EIGRP internal route, which has an AD of 90.

R1:

ip route 191.1.1.0 255.255.255.0 191.1.125.5
ip route 191.1.1.0 255.255.255.0 Serial1/0
ip route 191.1.2.0 255.255.255.0 191.1.125.5

R1’s neighbor router:

      191.1.0.0/16 is variably subnetted, 9 subnets, 2 masks
D        191.1.1.0/24 [90/2681856] via 191.1.13.1, 00:28:53, Serial1/2
D EX     191.1.2.0/24 [170/2560512256] via 191.1.13.1, 00:07:59, Serial1/2
D        191.1.125.0/24 [90/2681856] via 191.1.13.1, 00:29:23, Serial1/2

 

That’s something what we should keep in mind

On Cisco IOS you can suspend any actively running process (ping, traceroute, etc. ) using the Ctrl-Shift-6, X (^^X) key sequence. (The X is only needed through a Modem connection). This is the default behavior, we can change this using escape-character  command under the line vty x y section.

Now sometimes we initiate telnet connection from a router/switch to another IOS device. In this case using the above method will suspend the telnet connection itself.

So how can we stop a traceroute started on the second device?

We can found the solution in the command reference: “To send an escape sequence over a Telnet connection, press Ctrl-Shift-6 twice.”

So if you are configuring the device through an access server, you can always suspend a process on the second device using the CTRL – SHIFT – 6 – 6 key sequence!

Check out this Cisco article about how IOS internally provides priority for certain control plane protocols.

What is PAK_PRIORITY?

While the IP precedence value specifies treatment of a datagram within its transmission through the network, the pak_priority mechanism specifies treatment of a packet during its transmission inside the router.

Which protocols are marked with high priority?

The RIP and OSPF routing processes that run on the core CPU of a router mark all traffic they originate with both IP precedence 6 and pak_priority. In contrast, the Border Gateway Protocol (BGP) instructs TCP to mark its traffic with IP precedence 6, but does not set pak_priority.

Cisco IOS must also ensure a low drop probability for several types of non-IP control packets. These packet types include these:

• Intermediate System-to-Intermediate System (IS-IS) routing protocol messages

• Enhanced Interior Gateway routing protocol (EIGRP) messages

• Point-to-Point Protocol (PPP) and high-level data link control (HDLC) keepalives on serial and packet over SONET (POS) interfaces

• Operations, administration, and maintenance (OAM) cells and address resolution protocol (ARP) messages on ATM interfaces

Since such traffic is not IP, Cisco IOS cannot match on the IP precedence value to provide prioritization. Instead, it uses only the internal pak_priority value in the packet buffer header.

Auto-MDIX is enabled by default on all 3560 interfaces. In order this feature to work, you should however use speed and duplex auto on the interface. So this is one of the reasons, why you don’t want to hardcode speed and duplex settings ( at least during your CCIE Lab exam)

Auto-MDIX can be disabled with the following command: no mdix auto

You can verify the feature:

sh controllers ethernet-controller gi0/27 phy

GigabitEthernet0/27 (gpn: 27, port-number: 27)
———————————————————–
0000: 1140 Control Register                      :  0001 0001 0100 0000
0001: 796D Control STATUS                        :  0111 1001 0110 1101
0002: 0020 Phy ID 1                              :  0000 0000 0010 0000
0003: 63B0 Phy ID 2                              :  0110 0011 1011 0000
0004: 0181 Auto-Negotiation Advertisement        :  0000 0001 1000 0001
0005: CDE1 Auto-Negotiation Link Partner         :  1100 1101 1110 0001
0006: 000F Auto-Negotiation Expansion            :  0000 0000 0000 1111
0007: 2001 Next Page Transmit                    :  0010 0000 0000 0001
0008: 0000 Next Page Receive                     :  0000 0000 0000 0000
0009: 0400 1000BaseT Control                     :  0000 0100 0000 0000
000A: 0000 1000Base-T Status                     :  0000 0000 0000 0000
000F: 3000 IEEE Extended Status                  :  0011 0000 0000 0000
0010: 4001 Phy Extended Control                  :  0100 0000 0000 0001
0011: 2323 Phy Extended Status                   :  0010 0011 0010 0011
0012: 0000 Receive Error Counter                 :  0000 0000 0000 0000
0013: 00FF False Carrier Sense Counter           :  0000 0000 1111 1111
0014: 1413 Receiver NOT_OK Counter               :  0001 0100 0001 0011
0019: FD1C Auxiliary Status Summary              :  1111 1101 0001 1100
001A: 267E Interrupt Status                      :  0010 0110 0111 1110
001B: FFFF Interrupt Mask                        :  1111 1111 1111 1111
001C: 7CFC Control Reg 2                         :  0111 1100 1111 1100
001D: 0244 Spare Control Register                :  0000 0010 0100 0100
001E: 0080 Test Register 1                       :  0000 0000 1000 0000
 Auto-MDIX                             :  Off   [AdminState=1   Flags=0x000108C8]

Check out Will’s blog post about how TPB can hide the location of their servers:

The Pirate Bay – North Korean hosting? No, it’s fake. (P2)

Just one note: They obviously corrected something:

root@RS1:~# tcptraceroute -f 128 -m 128 thepiratebay.se                
Selected device eth0, address 176.58.89.138, port 56935 for outgoing packets
Tracing the path to thepiratebay.se (194.71.107.15) on TCP port 80 (www), 128 hops max
128  thepiratebay.org (194.71.107.15) [open]  486.677 ms  488.404 ms  488.069 ms

2012 was a busy year, but not really related to the CCIE practical study. I mainly enhanced my theoretical knowledge, so in 2013 I will go for practical areas. Last Sunday I tried to do my first INE VOL II LAB… well it was a fail, so I’m far away from the LAB Exam yet, but every beginning is hard.

And to share some information in this post also, here is the TCL script for checking IP addresses in an IOS router (from INE). This is definitely handy if you are doing a redistribution scenarios:

router#tclsh 
proc ping-test{} {
foreach i { 
192.168.0.1
192.168.0.2
192.168.0.3
192.168.0.4
192.168.0.5

} { puts [ exec "ping vrf test $i" ] } 
}

router(tcl)#ping-test

Don’t forget to quit from the TCL Shell after you are ready.

Last Friday RIPE region run out of unallocated IPv4 addresses. They serve addresses from the last /8. This isn’t a good news for the LIR’s:

“This section states that an LIR may receive one /22 allocation (1,024 IPv4 addresses), even if they can justify a larger allocation. This /22 allocation will only be made to LIRs if they have already received an IPv6 allocation from an upstream LIR or the RIPE NCC. No new IPv4 Provider Independent (PI) space will be assigned.

It is now imperative that all stakeholders deploy IPv6 on their networks to ensure the continuity of their online operations and the future growth of the Internet.”

As home/SMB user you don’t have to worry about anything, but until your ISP will be IPv6 ready, you can begin implementing and testing IPv6 by using freely a tunnelbroker.

Let’s start using IPv6, this will be legen…wait for it…dary!

I like this platform very much, but a while ago we can buy ASR100x and ISR G2 routers. So Cisco announced the end-of-sale and end-of-life dates for the 7200 Series Routers. If you whish, you can buy your last one at September 29, 2012.

I would like to whish a Happy New Year to every Network Engineer out there:)

UPDATE: I completed the CCIE R&S Written Exam in December 2011, so I will begin to study for the LAB. I already created an MS Project Plan (According to this, I will take the LAB in August).

I will use only INE materials, RFCs, books, Dynamips, IOU and rack rentals – hope it will be enough:)

Well, this will be a story about a voice gateway, which is restarting every 12th day:)
For mounts we didn’t notices the problem, because the router was quickly rebooted. After we implemented central logging (I will write about this a post), we received mail about the reboot. We begun writing mails to the Cisco TAC. Personally, I have always bad feeling, when I have to give a mysterious issue to the vendor’s support team.
This was however a nice job. I would like to include the final mail about the problem, because I think it is “funny”:) Of course you can imagine, that we had to escalate the problem many times, until we received the solution…but Cisco TAC, I like you.
Read more