d****i
发帖数: 1038 | 1 其实现在从gui到script不是很难,做好了不一定很buggy,而且典型架构配置什么的也都
差不多,将来走gui化道路也不是不可能。以前的编辑器还都是vi呢,现在用visual
studio的不是也很多。至于debugging,输出到gui也不难。其实我理想中的这样一个咚
咚应该是这样的
1。不限于仅配置cisco产品,而是各个公司的产品都可以配置,这样同样配置一个协议
,比如bgp,你只需要关心bgp本身的配置,而不关心具体的产品及其config commands。
2。gui的结果应该能够存成xml,多次调用,也便于修改参数什么的。
3。gui到script,script到gui应该能够互相转化调用。
4。gui应该支持比较大的配置,比如一下config上百个router什么的。
5。最好是图形化的网络拓扑,从图形直接生成config.
嗬嗬,如果是这样的东西,我觉得还是应该有市场的。
by
do |
|
s*****g
发帖数: 1055 | 2 No, I was not talking about MPLS VPN label, I am talking about pure MPLS ...
The router only needs to assign labels for its IGP routes, it does not need separate labels for its BGP routes, it only needs to advertise ONE label for its BGP router ID.
Any router that has Internet routes installed in its IGP table, that network engineer should be fired.
especialy |
|
z**r
发帖数: 17771 | 3 I know LDP doesn't allocate labels to BGP routes, but I thought it would do
after the best paths in the BGP routers are installed into the IP routing
table. good to know this.
Is there any further reading? Looks like a verdor proprietary implementation
?
I quickly checked RFC 5036, didn't find this tho
peer
with a label. (RSVP or LDP), this peer just slap what ever label it received
from its IGP neighbor for 1.1.1.1, this process is exactly the same |
|
s*****g
发帖数: 1055 | 4 LDP does not care where the prefix is coming from, all it does is FEC and
label mapping. Why LDP does not advertise labels for BGP routes? it is not a matter of proprietary implementation but rather a matter whether it makes sense or not. I am pretty sure you technically can make LDP to advertise labels for BGP routes.
There are different LDP implementations (ordered control vs independent control, liberal retention vs conservative retention), but that has nothing to do with the topic we are dis |
|
z**r
发帖数: 17771 | 5 control plane和data plane分离在大多数中端以上router都早已经实现了吧,但是一
般都是centralized control plane,比如只跑在active RP上。俺说的不是这个,是
distributed control plane或者distributed route processor(DRP)。比如BGP,传
统的centralized control plane只跑一个speaker或者instance,有了DRP,就可以在
同一台router上跑多个BGP speaker/instance,大大提高了scalability和reliability
。这些多个speaker最后只形成一个统一的RIB,然后line card得到这些RIB以后,再做
forwarding (control plane 和data plane分离)。
你说的这个external RE blade有没有什么link? |
|
s*****g
发帖数: 1055 | 6 Since when IOS started supporting BGP signaling for L2VPN? I had the
impression that BGP is used only for auto-discovery in IOS. |
|
d****i
发帖数: 1038 | 7 You are right. IOS will never support BGP-VPLS. But I heard IOS-XR will
support BGP-VPLS. |
|
d****i
发帖数: 1038 | 8 IOS 不是用bgp send label, 只用bgp find neighbor. |
|
z**r
发帖数: 17771 | 9 right, again the BGP I was mentioning is NOT the BGP for discovring the
neighbors in L2VPN, I was talking about how the ASBR's distribute labels
between AS's. The link I posted was just for clarifying the purpose of send-
label command. My understanding is, send-label is just for exchanging ipv4
and labels with peer without enabling ldp on the ASBR's, it doesn't have to
be inter provider l3vpn right?
see the PE-agg-1/2 config at
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/fsstitch.ht |
|
s******v
发帖数: 4495 | 10 youtube被google收购之前,是买level three的service,那时候是$1m/mth左右,这是
根据youtube的拿到的funding,刨去工资之类开销,大概算的。
google有一个自己的全球的网,是不是在很多的地方,和很多的providers有peering?
为什么这个arbor有这个数据啊?bgp updates? netflow? 应该是bgp,根据nexthop?
as path推算出,有% traffic是在where deliver到google network上?
的带宽成本几乎为零,甚至比一个普通个人用户还低。
最新报告显示,YouTube的带宽成本几乎为零。
,认为YouTube的带宽成本约为3.6亿美元,今年有可能亏损5亿美元。但是Arbor
Networks却认为,YouTube的带宽成本甚至比一个普通个人用户还低。虽然在YouTube的
帮助下,谷歌目前在整个互联网流量中的占比已经至少达到6%,而且会使用大量的光缆
,但是谷歌却可以与大型ISP(互联网服务提供商)进行流量交换,而无须支付带宽费用。
安全局以外,对互联网流量最为了解的一 |
|
s**********9
发帖数: 1238 | 11 最近面了一次,问了些RS基础问题,对方估计是个IE吧
我记的问了
2层 TRUNK,STP原理,状态
3层 OSPF AREA0作用,ABR,ASBR代表啥
BGP选路,MED, LOCALPREFENCE,同步原理,AS伪装,FULLMESH用在IBGP,BGP水平分割
。。。。
都是很基础的,不难 |
|
d****i
发帖数: 1038 | 12 能详细说说这个bug是怎么回事么?
从报道看,是一个BGP path attribute不被XR 认识,
然后, XR就reset bgp neighbor connect乐? |
|
s*****g
发帖数: 1055 | 13 If your peering AS is announcing a bunch of routes that do not belong to
that AS to you, how do your write your BGP policy to filter those routes out
? last time I checked, current routers do not keep a table saying what
prefixes belong to what ASes.
BGP is very vulnerable, peering is based on trust, this is no way to avoid/
detect intentional or unintentional mis-configuraions of your peer. |
|
c*****i
发帖数: 631 | 14 full mesh bgp,bgp neigbour之间都是直连的,为啥要igp,你自己去试一下就知道了。
另外te是靠rsvp setup的和mpls ldp没有关系。我可以肯定的告诉你,而且有isp这样
用。
then
TE can establish the LSP you want, but you still need MPLS functionality to
switch the labeled packets. |
|
z**r
发帖数: 17771 | 15 LDP doesn't generate labels for BGP table, I think you need BGP-send-label
instead of LDP
了。
to |
|
s*****g
发帖数: 1055 | 16 BGP send-label is specifically designed for inter-AS MPLS VPN case, not used
for MPLS label distribution for general MPLS LSP establishment purpose, LDP
can advertise BGP routes if it is configured to do so, but ... but .... are
you guys talking about basic networking principle or TAI(2)GANG(4) ing? |
|
z**r
发帖数: 17771 | 17 不是抬杠拉,咱们这里讨论气氛一直都很好的。实际中的网络有时候经常不按照常理出
牌,每个网络都遵循基本规则/原理,但是也都有相对特殊之处。
大家都知道bgp send-label是干嘛的,只是在这个特殊情况下,的确可以用这个来解决
chongqi提出的这个假设。
请教下LDP怎么才能generate/distribute BGP prefixes?
used
LDP
are |
|
z**r
发帖数: 17771 | 18 don't quite understand your question. you want failover within the site or
you want failover cross the sites?
btw, you don't have run the firewall in transparent mode, coz BGP is TCP
based, as long as the 2 BGP routers can reach each other via TCP, then they
are good to go |
|
z**r
发帖数: 17771 | 19 你这个包含两个问题,第一,bgp如何通过loopback建立session,第二什么是loopback。
对于第一个,bgp session需要两方面都能通过tcp 179连接,你自己得advertise你的
loopback,对方才能连接
第二个,loopback就是一个virtual interface |
|
x*********n
发帖数: 28013 | 20 carrier用BGP是bgp在几千几万条route的时候比较有用。L3 switch不太行吧。 |
|
a***n
发帖数: 262 | 21 router bgp 12345
address family ipv4 vrf red
default-information originate
redistribute static
to inject static default into bgp. |
|
b******s
发帖数: 5329 | 22 这个是为了防止loop。
办法就是在BGP里面加那条命令或用network 0.0.0.0,只有CE过来的路由里面有0.0.0.0,BGP才产生一条。 |
|
s******v
发帖数: 4495 | 23 都是和bgp有关,我也是2手材料,大家有切身经验的,也讲讲?
1. youtube hijack
2年前?说是这个巴基斯坦电信用了条 /24 静态路由 block youtube access,"ip
route 208.65.153.0 255.255.255.0 null0"。youtube真正的route is /22, 本来巴电
有个route-map block 自己的null route,结果修改配置不小心把这个/24漏给了BT还
是Tata,对方也没check就转发了(也没有办法validate),因为/24比/22 long,结果
大家把本来youtube的req全转到巴电。在巴电修改之前,youtube自己先advertise /25
prefix,又把巴电/24给盖了。为此出了个draft,要validate prefix。
2. new community
好像是去年把,忘了时间了,说是IANA实验一个新的transistent community value,
也是不小心leak出来,receiving router没事,总之也不understand,又转发了,... 阅读全帖 |
|
t*******r
发帖数: 3271 | 24 来自主题: EmergingNetworking版 - 求面试问题 Describe the series of events going on when the 4 Routers connected the
Ethernet power up the same time.
What fields are contained in OSPF’s HELLO Packets ? (10 40 seconds)
Desribe Hello Packets when two routers are in the 2WAY state (neighbor field
) …
Can a router with a higher priority pre-empt a DR or BDR ?
What does Priority 0 mean ?
Describe the various LSA types (1,2,3,4,5) and what they are used for ?
1. Explain the 1st line – what is is (NET)
2. What’s in the second line ? (LSP-ID)
Expl... 阅读全帖 |
|
t*******r
发帖数: 3271 | 25 ipv6地址真的很不好看.
以前做项目, 看ipv4路由, show route, 刷的一下就出來了, 立刻能找到相应的路由条
目.
ipv6路由不行, 太长了记不住.
http://www.juniper.net/us/en/local/pdf/whitepapers/2000320-en.p
这个技术是可以承载ipv4和ipv6流量的, 如果都是ipv6路由的话prefix-length能达到/
432, 看起来实在是很痛苦的.
4:3:61200:250:128:2001:1890:c00:c810::5:128:ff05:239:208:208::2:10.144.10.81
:10.144.10.95/432
*[BGP/170] 19:48:21, localpref 100, from 10.0.0.166
AS path: I
> to 10.1.210.198 via ae0.0, Push 24680
... 阅读全帖 |
|
x*********n
发帖数: 28013 | 26 我们team呢,人人都training过了,就我还没,理由可以是dislike me,可以是觉得我
要走,或者的确,我是这个team最晚来的。
现在有个客户要弄一点BGP的东西,我们这里一个“senior”没搞定。
大家说,我可不可以试着跟老板谈谈,派我去学习一下BGP,以后更好地为公司服务? |
|
x*********n
发帖数: 28013 | 27 router bgp 100
neighbor 150.2.5.5 ebgp-multihop 2
R5:
router bgp 200
neighbor 150.2.4.4 ebgp-multihop 2
加了这2个,neighbor还是没建立啊。一共才2跳,2够了吧? |
|
m**t
发帖数: 1292 | 28 interworking with IPv4 host is troublesome, NAT64 is still clumsy
only some internet hosts support direct IPv6, check how many AAAA records
are available, this requires your internal DNS to have fall back from AAAA
query to AAA.
On separate note, the IPv6 introduces bigger overheads at header and
transporting it as transport provider needs a true v6 backbone or if not
some tweaks such as MP-BGP VPN.
though these are overcome-able issues but given there is little incentive,
it will always be "b... 阅读全帖 |
|
s*****g
发帖数: 1055 | 29 PFPF, educate us, more detail please.
If I had the opportunity to re-achitect my company's network infrastructure,
I would never run IGP over WAN, I would use BGP if all possible, BGP is so much more flexible, scalable, less overhead and converges much faster. |
|
a**********k
发帖数: 1953 | 30 Not quite sure what the exact problem is. But you may
take a look at the BigIP GTM, it can do Geo-DNS,
health-monitoring among others:
http://www.f5.com/products/big-ip/global-traffic-manager.html
user
also
accept prefixes longer than /24, this means BGP anycast won't work for us
anymore. The other problem with current solution is too much overhead to
manage BGP in order to get everything right. |
|
s*****g
发帖数: 1055 | 31 Not necessarily, according to the article, Google is deploying openflow on
its WAN infrastructure in stead of data centers. One big limitation with
routing protocols (IGP or BGP) is that only best route ("best" in general
term) is selected, i.e. it is hard to implement traffic engineering, let alone to implement application aware traffic engineering, PBR, BGP and MPLS TE implement traffic engineering in a far from elegant/scalable way, I
assume OpenFlow does not have this limitation.
, |
|
x*********n
发帖数: 28013 | 32 以前在版上很少看到面经,将来也许有人有用。
1.STP的大致情况,被问到第二次了,这次还没讲好,问我message name,BPDU愣是没
想起来,election讲对了一些。
2.HSRP VRRP,这块有点坑爹,讲到election的时候我又开始瞎扯,人家问我priority
default是多少,我瞎蒙100,结果他说对的。。。
3 IPsec vs GRE的区别,我跟他扯,IPsec encrypted的,GRE虽然encrypted了,但是
send的content是plain text的,不知道说对了没。
4.又问OSPF EIGRP,我直接说我们ISP直接static,很少用,BGP经常用。
5. BGP,我跟他扯attribute,从weight开始一个一个讲,先排序,再讲config,降了
点as-path list,route-map,set 一个value,瞎扯了点as prepend。
期间问了我local preference的default number,我说100,还问了如何影响outbound
,我说MED。后来讲着讲着发现,local prefere... 阅读全帖 |
|
c*****i
发帖数: 631 | 33 换个话题,tony问你一个juniper mpls te autoroute的问题。我看下面的doc
http://www.juniper.net/techpubs/software/erx/erx41x/swconfig-ro
是不是说,如果我有2个router,之间有TE,ospf和bgp。在routerA上面我看一个bgp的
prefix,next hop是routerB,这样routerA就会直接用TE。
如果routerB后面还有个routerC也是ospf。这样routerA reach到routerC还是走普通
link,除非配了"tunnel mpls autoroute announce ospf" |
|
s*****g
发帖数: 1055 | 34 No, I run BGP with SPs, I plan to run OSPF on the overlay network (GRE
tunnels among data centers), lots of work needs to be done even if this idea
works, for example, how to avoid route oscillations? how much can you
trust the probes?
certain
on
BGP |
|
z**r
发帖数: 17771 | 35 这些其实都不是问题,你花10分钟Review一下BGP就全搞定了,除了去考试或者一天到
晚在TAC里support BGP,谁也记不住 |
|
|
s*****g
发帖数: 1055 | 37 When you make a change and due to a fat finger error you lock yourself out,
no backdoor, no out-of-band console, what are you going to do?
I have exactly this situation now, luckily, on simulation: I fat-fingered a
route-map name on a BGP peer, BGP denies all advertisement to it. hehee |
|
s*****g
发帖数: 1055 | 38 VPN label is exchanged by BGP, it is used to de-mux the traffic coming from
the same LSP, usually there is one-to-one mapping between a vpn-label and a
vrf, but you can have BGP to advertise a label per prefix. Not sure what
this "associated next hop" is, I believe it refers to CE router which
advertises the prefixes in (PE's) VRF context. |
|
x*********n
发帖数: 28013 | 39 MED定义是optional-non-transitive
应用的范围一般是inside the AS。
这个non-transitive是only针对forwarding的吗?
我看receiving一点问题也没有啊,
Rack1R1#show ip bgp 24.1.1.0/24
BGP routing table entry for 24.1.1.0/24, version 2
Paths: (4 available, best #4, table Default-IP-Routing-Table)
Advertised to update-groups:
2
200 400
54.1.12.2 from 54.1.12.2 (2.2.2.2)
Origin incomplete, metric 200, localpref 100, valid, external
这个metric不是收到了吗?
问题2,这个收到的metric 200,跟别的IGP有关系吗?比如between AS是ospf,这个
200是怎么算的? |
|
h*****a
发帖数: 1992 | 40 小弟刚来,拜了大拿先。
I think there is some interesting problems in managing the configurations of
these spines/leafs. Take an example, assuming you run BGP to the TORs, and
you use Quagga. When you want to add a TOR, you not only have to provision
the TOR, but also change the configs of the connecting leafs. If you don't
have config replacing ability, you have to generate specific config snips
for the leaf to add the new TOR as a bgp neighbor, so that it won't
interrupt other connected TORs. If your clus... 阅读全帖 |
|
x*********n
发帖数: 28013 | 41 我知道了。
inside area,先把LSA收集起来了,然后算SPF,每个router都share一个database,这
样就不用一个机制去anti loop了。
BGP同AS,里面的每个router都自己管自己,这样vision不够,所以需要机制来anti-
loop
我原先以为是,收到一个LSA,直接算SPF,再收到一个,再算,这样貌似是不太科学。
所以这个有点像BGP的synchronization,要convergence了,再开始做活动?对吗?
for |
|
s******v
发帖数: 4495 | 42 具体的实现不清楚,不过local OCA是有BGP peering with ISP. 而且我猜,local oca
和netflix central server也有bgp peering,不然的话,server怎么会知道那个oca
serve 那些src ip哪? |
|
s*****g
发帖数: 1055 | 43 ???? 这个不难做到, for example, google "Internap MIRO", nothing fancy,
they have dedicated route servers act as RR server, this server can take
into account performance metrics (latency, packet drop etc)to destination
prefixes, the server can change path attribute dynamically based the
performance metrics and then reflect to RR clients. There is a recent RFC
written by a Microsoft engineer talking about BGP SDN, the BGP controller is
only couple thousand Python code, no software changes needed on... 阅读全帖 |
|
s******v
发帖数: 4495 | 44 internap是自己写的bgp stack?他是在自己AS里面,而且他那个solution有scale问题
,几年前有过一个case。
netflix的大概意思是,我也是听了一耳朵,在现有的design下,他的节点就是一个
router, 希望用API把内存里面bgp table里面其中一条prefix改了,具体的scenario不详
,
is |
|
s*****g
发帖数: 1055 | 45 Guys, I am wondering anybody has any inside knowledge how Amazon implemented
their VPC VPN gateways. For those who are not familiar with this, Amazon
allows VPC customers to establish private IPsec connectivity to their corp
network with dynamic (BGP only) routing.
I am not sure there is any commercial product that can
1) allow customers to establish IPsec tunnels and run dynamic routing with
overlapping BGP ASN and customer routes
2) allow true programablility of this VPN gateway
3) Scale indef... 阅读全帖 |
|
I********x
发帖数: 858 | 46 我看了下VTS:
Open Standards
Standards-based protocols: Supports Border Gateway Protocol-Ethernet VPN (
BGP-EVPN), Virtual Extensible LAN (VXLAN), and Multiprotocol Label Switching
(MPLS)
REST APIs: Supports transparent integration with a variety of domain
managers and virtual infrastructure managers (VIMs) such as OpenStack and
vCenter
Programmability: Industry-leading, multivendor device programmability with
support for multiple hypervisors
看起来VTS只是个框架,低层实现还可以是bgp evpn?因为cisco文档在ACI内部实现的
细节很少,所以我还不... 阅读全帖 |
|
I********x
发帖数: 858 | 47 我看了下VTS:
Open Standards
Standards-based protocols: Supports Border Gateway Protocol-Ethernet VPN (
BGP-EVPN), Virtual Extensible LAN (VXLAN), and Multiprotocol Label Switching
(MPLS)
REST APIs: Supports transparent integration with a variety of domain
managers and virtual infrastructure managers (VIMs) such as OpenStack and
vCenter
Programmability: Industry-leading, multivendor device programmability with
support for multiple hypervisors
看起来VTS只是个框架,低层实现还可以是bgp evpn?因为cisco文档在ACI内部实现的
细节很少,所以我还不... 阅读全帖 |
|
发帖数: 1 | 48 https://github.com/SolomonYang/pysession
在pexpecect之上开发的,说起来很简单,就是login router/switch and run
commands. 好处是,比较handy
可以standalone运行,例如
./pysession.py -s 'telnet 1.1.1.1 2001; ssh [email protected]/* */' -c 'show ver;
show ip route' -p pswd -e enablepswd'
login "telnet 1.1.1.1 2001" and "ssh [email protected]/* */", execute commands - "
show ver" and "show ip route"
或者用作library, like
import pysession
rtr = pysession(session='telnet 10.1.1.1', user="admin", password="password")
output ... 阅读全帖 |
|
n**********l
发帖数: 271 | 49 拿到了AWS Netops (backbone & border)的offer 在犹豫要不要去
现在在Tier 1运营商Ops, 主要做BGP/MPLS, 技术说的过去. 公司人很少, 业界口碑很
好, 可以学到很多东西, 不过内部没有从Ops进Engineering的途径. 之前在CTAC做过DC
, IOS-XR
Amazon 电面BGP/OSPF聊得还可以, 当时就告知准备onsite
recruiter说onsite会有不同的组来决定哪个适合我 (我说了想做backbone & border
architecture), onsite的时候只有2轮是technical (其中一个是DC), hiring manager
也是DC
onsite感觉被当成了new grad (interviewer NDE1/NDE2大都毕业比我还晚), 而且技术
轮比我准备的浅很多
结果给了我NDE1 offer, package和new grad return offer差不多, no room for
negotiation
我是先拿到unofficial offer告知我是border &... 阅读全帖 |
|
