x*********n
发帖数: 28013 | 1 用 loopback 做router ID,如果AS都是65011,那不是ibgp么?
这个ebgp-multihop 20是啥意思呢?
router bgp 65011
no synchronization
bgp log-neighbor-changes
network 172.16.220.0 mask 255.255.255.0
neighbor 172.16.20.1 remote-as 65011
neighbor 172.16.20.1 ebgp-multihop 20
neighbor 172.16.20.1 update-source Loopback0
neighbor 172.16.20.3 remote-as 65011
neighbor 172.16.20.3 ebgp-multihop 20
neighbor 172.16.20.3 update-source Loopback0
neighbor 172.16.20.4 remote-as 65011
neighbor 172.16.20.4 ebgp-multihop 20
neighbor 172.16... 阅读全帖 |
|
c******0
发帖数: 881 | 2 1. 单模多模光纤有啥特点,什么时候用哪一种?
2. 两台路由器直接用光纤口连,接口起不来,怎么办?
3. HSRP和GLBP是干什么的,有什么区别?
4. OSPF LSA type..
5. OSPF 邻居起不来,怎么办?
6. OSPF中一台路由器想把直连口加进来,除了在进程中起接口,还有什么方法?
答: redistribute connected
7. 这样redistribute进来的话,看到这个接口的网段是什么类型的LSA?
答: type 5
8. 还有没有别的办法加接口?
答: 接口下开启ospf进程
9. 如果不希望这个接口另外一边有人借此窃听到网络信息怎么办?
答: 加MD5验证
10. 还有没有别的办法?
答: passive interface
11. 什么是IBGP和EBGP?
12. 一般这两种邻居用什么接口建立关系?
答: IBGP -- loopback
EBGP -- 直连口
13. 为什么EBGP要用直连口连?
答: TTL值是1
14. 有什么办法可以用环回口?
答: multi-hop
15. IBGP和EBGP的防环方式?
答: Sp... 阅读全帖 |
|
z**r
发帖数: 17771 | 3 in http://tools.ietf.org/html/draft-raggarwa-l3vpn-2547-mvpn-00#page-10
it says
Option A: VRF-to-VRF connections at the AS border routers.
Option B: EBGP redistribution of labeled VPN-IP routes from AS to
neighboring AS.
Option C: Multihop EBGP distribution of labeled VPN-IP routes between
source and destination ASes, with EBGP redistribution of labeled IP
routes from AS to neighboring AS.
but in many other document, I see
Back to Back VRF connections (Option A)
VPNv4 routes di |
|
x*********n
发帖数: 28013 | 4 想来想去没想明白。
2个interface是这样的,用的是public IP
interface FastEthernet0/0
description **** MPLS data interface *****
ip address 10.99.32.1 255.255.255.128
ip pim sparse-dense-mode
duplex full
speed 100
!
interface FastEthernet0/1
description **** Voice interface *****
ip address 10.99.33.1 255.255.255.128
ip pim sparse-dense-mode
duplex full
speed 100
WAN IP,multilink出去。
interface Multilink1
ip address 65.112.128.118 255.255.255.252
ppp multilink
ppp multilink fragment disable
ppp multilink group 1
然后这2个... 阅读全帖 |
|
u*****e
发帖数: 47 | 5 最近刚开始接触juniper的产品,路由器,还真是跟cisco 有很多的不一样啊。搞得头
疼啊。。目前手上的资料也就只有juniper bgp configuration guide...着实压力不小
。经理又催着给配置文件(ibgp & ebgp,我们的网有点小复杂。。。)
1:
公司购买了/22的超网,但是在配置时,在路由器上还是划分成/25的小网段。现在要配
置BGP, 公司要求要把/22和/25都宣告出来。请问这个/22该怎么宣告呢? 有点没想明
白该怎么宣告/22网段。毕竟不在机器上啊。。。
2:
在juniper上配BGP,关于宣告网段,是不是只能用bgp routing policy 去做。比如
inject OSPF , 把直连导入BGP?对于ibgp 和ebgp, 这个导入的命令得做两次,对吧
?(记得cisco,只要宣告一次,ibgp和ebgp都可以用。) |
|
z**r
发帖数: 17771 | 6 I actually wanted to mean the IGP routes are exchanged between AS's in
option C, because an ASBR must have the knowledge of all loopbacks of the PE
routers within the AS, then uses eBGP to advertise them to other AS's. This
requires greater trust between 2 SP's.
Also a lot of situations that ppl use RR to improve the scalability, thus
the eBGP connections exist only between the blue RR in the blue AS and the
green RR in the green AS.
In option B, ASBR VPN awareness shouldn't be a problem at all, |
|
z**r
发帖数: 17771 | 7 切,以前有人问过俺类似的一个问题,他还回去把实验搭起来重做,结果一样发生了同
样的现象。后来俺看了一下,忘记具体怎么回事了,但是大致是开始是ospf,后来ebgp
又起来了,而且是通过另外一条路,结果由于administrative distance的问题,原来
的ospf routes就失效了,导致另外一个协议down了,这个协议又影响到了ebgp之间的
tcp session,所以ospf routes又回来了,然后就这么不停重复。考试的时候他说他根
本没时间等很久来发现这个重复,以为是考官搞破坏。
其实说到底,还是理解不够深入。当然ccie也不是就理解多深,其实大多也是半瓶子醋。 |
|
t*******r
发帖数: 3271 | 8 来自主题: EmergingNetworking版 - 求面试问题 Describe the series of events going on when the 4 Routers connected the
Ethernet power up the same time.
What fields are contained in OSPF’s HELLO Packets ? (10 40 seconds)
Desribe Hello Packets when two routers are in the 2WAY state (neighbor field
) …
Can a router with a higher priority pre-empt a DR or BDR ?
What does Priority 0 mean ?
Describe the various LSA types (1,2,3,4,5) and what they are used for ?
1. Explain the 1st line – what is is (NET)
2. What’s in the second line ? (LSP-ID)
Expl... 阅读全帖 |
|
x*********n
发帖数: 28013 | 9 router bgp 100
neighbor 150.2.5.5 ebgp-multihop 2
R5:
router bgp 200
neighbor 150.2.4.4 ebgp-multihop 2
加了这2个,neighbor还是没建立啊。一共才2跳,2够了吧? |
|
d******t
发帖数: 834 | 10 nope.
如果没有冗余链路,建ebgp邻居最好用直连接口。
真要用loopback建,要互相添加静态路由的,ebgp peers之间没igp,network有啥用。
。。 |
|
x*********n
发帖数: 28013 | 11 这个面试等了1年多了,石沉大海不知为啥就找我了。感谢chee的题目,题目有些相似。
我把全过程写一下,面的优点压力山大啊。
介绍你的daily duty,design什么,那个project最复杂,最难,遇到什么问题。
技术开始
1.single mode vs multimode
我说length,价格
MM的length value是啥?我说400,但是不同vendor不一样的,他说他们looking for
300 meters,你说的也算对。不同vendor不一样的。
2.Circuit CRC value, how do they work
瞎扯了一下,我说看看CPU,看看有没有什么broadcast storm,sh in transceiver看
看信号lost多少
3.circuit is not up, what will you check,
瞎说,真心不太懂。扯了一点transitmitter,smartjack,interface。
4.HSRP vs GLBP
又准备
5.OSPF LSA types,
又准备
6.how LSA 5 to reach LSA... 阅读全帖 |
|
x*********n
发帖数: 28013 | 12 eBGP needs to directly connected, iBGP doesn't
eBGP 不directly connected也能peer,3种方式,一种是常见的emulti-hop,一种是
disconnected,一种是TTL-max啥的,总之都是改TTL。
BGP是over TCP的,你想啊,这都是在layer 4了,底层是要有IGP running的。
synchronation都是要和IGP match才能做BGP的。
你可以把interview题目发上来,大家帮你看看,弄清楚了,下次就不会错了。 |
|
z**r
发帖数: 17771 | 13 well I over looked the option C statement in the draft. it does say "labeled
IP routes" from AS to neighboring AS, that means IPv4 and labels are
distributed between the ASBRs.
so the more clear way to describe option A B C should be,
option A: VRF-to-VRF connections at the ASBRs
option B: VPNv4 distribution is done at the ASBRs by directed connected eBGP
option 1: next-hop-self
option 2: redistribute connected
option C: VPNv4 distribution is done at the RRs in each AS, and IPv4+ |
|
c*a
发帖数: 806 | 14 印象中这个已经是RFC了,怎么还是MVPN的ID
labeled
eBGP
labels |
|
z**r
发帖数: 17771 | 15 why? the igp label distribution should be the same bah? I made the send-
label method work for inter-as l2vpn, and at the same time, the inter-as
l3vpn works fine too. the ebgp between ASBR's should do the same job
for |
|
z**r
发帖数: 17771 | 16 I always use this for ebgp between AS'es to distribute the labels (option C)
, but can we use it for label distribution within the AS? |
|
s**********9
发帖数: 1238 | 17
interview
哦,就是AS内只传递EBGP路由,不再传递IBGP路由吧,是叫所谓的水平分割么?这些特
定术语我没记得那么清楚了,我知道那回事就是了。
呵呵,这个是纯猜测吧,我觉得他问的都是很理论的东西,反而实际工作的具体问题似
乎没怎么问。
我记得他问的问题都很讲究细节,有时候我表达不清楚,他还能提点我一下,让我正确
描述,总之给我感觉就是个TUTOR
我觉的如果没考过IE LAB的,可能工程经验会很足够,但对这些细节没那么讲究的
最近想跳槽,所以才去面了一下,刚好楼主问到,我就随便回忆了一下! |
|
s******v
发帖数: 4495 | 18 backhaul不是太明白,我看我理解的对不对
ce1 --- peA (as 1) -- ..inter-isp cloud.. --- peB (as 2) --- ce 2
1) ce1 = hub base station router, 有自己的vlan, 例如100, 还有多个lan,每个
对应一个leaf base station;
2) ce2 = att msc, 这边是什么,ip? 还是vlan trunk?
感觉inter as l2vpn vpls是可以的,不过要两个isp都support,有点复杂。
最好还是 mpls l3vpn, 每个基站给个/24 network, peA - ce1 and peB - ce2用
ebgp,中间是 inter as opt b/c,不过这个isp的事。
于距离
MSC),
site |
|
z**r
发帖数: 17771 | 19 his pe-ce is RIPng instead of IPV6 eBGP
safi 2 |
|
z**r
发帖数: 17771 | 20 来自主题: EmergingNetworking版 - 一个面试题 题没有这么详细啊,对于PE-CE应该无所谓吧?咱们就假设OSPF和eBGP好了。
对于第二个,是否所有CE都是互通的,你问这个问题俺是比较意外的,咔咔。应该说,
同一个VPN的肯定互通的,不同的,还是不应该互通。至于个别共享的,就做export过
去就是了
第三个是好问题,不过就当是没有吧,另外有没有似乎也问题不大 |
|
a***n
发帖数: 262 | 21 Hi All,
We are trying to deploy the 10G IPS at our campus. Attached please find the
simplified version of our network topology. All devices are standalone
catalyst 6500, and we currently have iBGP full mesh between core and
distribution. campus and resnet have different routing/security policy.
My question is where is the good place to place the IPS?
1) directly put them inline with our connection to our service provider. IPS
admins are not so confident about it even they have the fail-open har... 阅读全帖 |
|
|
a***n
发帖数: 262 | 23 You are apparently way ahead than me :-).
I just did some thing very similar to what you described several
weeks ago on cat6500. I did stateless firewall failover with
symmetric routing w/ eBGP. Firewall stateless because we do not want
to have layer 2 adjacency for the two firewalls in two geographically
separated locations.
差不多是这样啦。我们当时做的是在cat6k上面用vrf把lan和wan分开,然后中间是
firewall,ips是 transparent mode在firewall前面。不过是好几年前搞的东西了。
better |
|
s*****g
发帖数: 1055 | 24 Your multilink is for Internet access, the two Fast Ethernet interfaces are
connected to your MPLS-VPN service provider, you are running eBGP as PE-CE
routing protocol. You iBGP session over IPsec/GRE tunnel is for redundancy. |
|
n*****2
发帖数: 38 | 25 背景: 2个campus nets,mutual redistribution. no ebgp, just eigrp to eigrp.
pim, msdp, anycast rp.
每个网里按一个rp, 现在源和终点各在一边。允许SPTswitchover.
问题是,有些组的终点到源的SPT 是错的,此时,东西传不过去。
有的组,好像也能找到正确的SPT,
当源和终点在一边的情况下,似乎总不出问题。 |
|
x*********n
发帖数: 28013 | 26 过几天发到版上来。
最可爱的是what is the difference between ibgp and ebgp?
我觉得吧,这种问题我entry level都直接答得上来,问NP level还是不太合适的,当
然了,也许还有玄机在里面,也许我entry level没有查知。
哈哈。 |
|
t*******r
发帖数: 3271 | 27 what is the difference between ibgp and ebgp?
不觉得这是个可笑的问题. |
|
s******v
发帖数: 4495 | 28 就是因为这个,
neighbor x.x.x.x remote-as 1
neighbor x.x.x.x upd loopback0 (if y.y.y.y)
R1 bgp 第一步建立tcp,src = y.y.y.y, dest = x.x.x.x,到了R2,无法建立tcp,因
为没有route回到y.y.y.y。
ebgp-mhop是另外一个因素。 |
|
s******v
发帖数: 4495 | 29 ebgp应该是between as,之间应该是没有igp的。在edge上,如果是peering with
loopback,就是static。当然在lab里面就无所谓了。 |
|
z**r
发帖数: 17771 | 30 in OSPF, it's not just how many neighbors the router/switch can handle, LSA
types, number of prefix, number of area etc. all play big role.
I had a situation that the PE router needed to build up approx. 500 sessions
with CE routers, each CE router fed in only about 20 prefixes or less, but
due to there were mixed LSA types, 3, 5, etc., the CPU on the PE routers
suffered a lot. So I had to provide 2 steps solutions, 1) make all these
areas totally stub or totally stub NSSA, this saved big immedi... 阅读全帖 |
|
x*********n
发帖数: 28013 | 31 谢谢大猫猫refer。
直白的问题就一个:
IBGP VS eBGP, why we need full mesh on iBGP
剩下的都是情景题。
RR, confederation,
at confederation, if sub-AS pass to another, sub-AS, will BGP attribute pass
or not?这个要我回答是or不是,我不太确定,就说sub AS的information应该是独立
的,不应该传给别人,他问我为啥这么想,我说传给别人了是不是要loop了啊?当时好
紧张,好混乱,寒风习习的,心那个凉啊。
router reflector, 2 group, 3 client, how packet goes from client1 to RR,
then RRA to RRB, then ....then what would happen, ( drop) what RRA do when
RRB send back, (Cluster-ID)基本上就是要我一步步的往哪里走,只有前面2步我貌似
走对了,他说correct,后... 阅读全帖 |
|
x*********n
发帖数: 28013 | 32 BGP or EBGP is the only protocol works with different AS.
so when you got BGP, you can advertise your internal network to public, most
time, when you are running ospf, it would be much easier for your ISP to
know which network we should advertise out.
on the other side, ISP may have some filter by as-path list or community-
list to filter out by accepting routes from customer.
the traffic goes different way is very normal, simply the ISP PE got
different ways to deal with traffic.
the edge route... 阅读全帖 |
|
r********t
发帖数: 338 | 33 - eBGP peer with loopback (set ttl >1)
- create 2 static routes for peer loopback using each link.
- Use EEM to track link protocol of primary link.
Down event -> bring up secondary link
Up event -> shut secondary link
In reality, it is not a best practice for redundancy design. |
|
x*********n
发帖数: 28013 | 34 这个叫floating routes,一个by default, static routes metric是0,一个是15.比
20小。记得我跟你说过的eBGP是20,OSPF是110,这些你面试很容易问的。 |
|
x*********n
发帖数: 28013 | 35 你要从头理解它。
AS本来就是一个virtual的concept,和area一样。
现在你几个location是一个company,你用什么iBGP还是eBGP?
iBGP require direct connection吗?为啥你config iBGP的时候不用改TTL?
后面的问题你应该都知道的,那就是自问自答了,呵呵。
再说RR,为什么要RR,是因为full mesh database大,那跟next-hop有什么关系? |
|
c*****i
发帖数: 631 | 36 IP FRR是based on IGP,对你这个case没啥用。你和isp之间是direct connect ebgp还
是有别的?另外一个可以考虑的是用IP SLA来track,不知道可行不。 |
|
发帖数: 1 | 37 https://github.com/SolomonYang/pysession
在pexpecect之上开发的,说起来很简单,就是login router/switch and run
commands. 好处是,比较handy
可以standalone运行,例如
./pysession.py -s 'telnet 1.1.1.1 2001; ssh [email protected]/* */' -c 'show ver;
show ip route' -p pswd -e enablepswd'
login "telnet 1.1.1.1 2001" and "ssh [email protected]/* */", execute commands - "
show ver" and "show ip route"
或者用作library, like
import pysession
rtr = pysession(session='telnet 10.1.1.1', user="admin", password="password")
output ... 阅读全帖 |
|
