CISCO EXPERT – CCIE#23373

Ricardo Martins

Archive for June, 2008

Cisco Expert – Proxy Arp

Posted by Ricardo Martins on June 28, 2008

I decided I should write about proxy arp, I find it interesting. Most people are very good when it comes to configure and understand technologies like OSPF or BGP but for smaller features they don’t even care. I actually ran into problems last week at my work with it so let’s see what proxy arp is all about.

In this example we will be working on LAN enviroments. It does work over point-to-point links with slightly difference results, however I dont see the need to arp over p2p links. Over frame-relay, it is a bad idea to try to use such a feature instead always send traffic on a next-hop basis.

Basically, what we will do is configuring a routing protocol or a static route between R1 and R2, generate some traffic and look into R1’s arp table. Then without any routing protocol in place, we will again generate some traffic and look into R1’s arp table and try to understand the process. I say it is rather simple but if you do not undestand it you can get stuck.

Diagram bellow

1 – Enable a static route (could be a dynamic routing protocol)on R1 pointing to R2 as such
ip route 0.0.0.0 0.0.0.0 10.10.10.2
In other words we are not arping traffic towards Vlan 20, instead we are sending traffic towards the next hop address which is R2

R1 arp table:
R1#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.10.2 0 cc01.1504.0000 ARPA FastEthernet0/0
Internet 10.10.10.3 0 cc02.1504.0000 ARPA FastEthernet0/0
Internet 10.10.10.1 – cc00.1504.0000 ARPA FastEthernet0/0

We can conclude that we cannot see the PC’s on vlan 20 on R1 arp table however we have ip reachability to them. That’s because we are sending traffic to a next-hop address.

2 – No routing protocols between R1 and R2.
Disabling Ip routing on R1 or either create a static route as such
ip route 0.0.0.0 0.0.0.0 f0/0
R2 needs to have ip proxy-arp enabled on f0/0 (default)

R1’s arp table
R1#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.10.2 1 cc01.1504.0000 ARPA FastEthernet0/0
Internet 10.10.10.3 1 cc02.1504.0000 ARPA FastEthernet0/0
Internet 10.10.10.1 – cc00.1504.0000 ARPA FastEthernet0/0
Internet 192.168.20.1 1 cc01.1504.0000 ARPA FastEthernet0/0
Internet 192.168.20.2 1 cc01.1504.0000 ARPA FastEthernet0/0
Internet 192.168.20.3 1 cc01.1504.0000 ARPA FastEthernet0/0

We can see that now, R2 is responding with its MAC address for all requests to the PC’s, that’s because now when we generate traffic towards a PC, we will send a ARP request which is basically a broadcast.

How can this help us?

A week ago at work, we received a call from an administrator let’s say, the administrator of the vlan 20 saying that they couldnt ping a server inside the vlan 20.
We don’t have a routing protocol between R1 and R2 and after inspecting R1 arp table, the MAC address of that server which should be the same MAC of R2, in fact it wasnt. We could see the MAC of the server itself.
What this means?
I assume someone had changed the server connection to the switch to other port that was in NO SHUT state and had vlan 10 assigned to it which caused R1 to learn the server MAC.

That’s all folks!!

Advertisements

Posted in IP Services | Tagged: , , | 12 Comments »

Cisco Expert – BGP load-balacing between 2 AS’s and Ebgp-multihop

Posted by Ricardo Martins on June 27, 2008

Let’s start with something simple BGP hehe, just kidding.

I always remember how this peace of technology works because I have spent quite sometime trying to solve the mystery why 2 EBGP neighboors wouldn’t peer even when everything seemed to be well configured.

I really believe that 99% of the problems you run into when trying to configure some technology is caused by not fully understanding the technology itself.

In this example, we are going to configure a peer between AS1 and AS2 using load-balacing between 2 links. Now, we all now that for 2 routers to peer via EBGP, they need to be directly connected which they are, so we should not have any problem with it, or do we??

Let’s take a closer look into the diagram and configurations:

Important part of the configuration:

R1:

ip route 200.2.2.2 255.255.255.255 10.10.10.2
ip route 200.2.2.2 255.255.255.255 10.10.20.2
!
router bgp 1
neighboor 200.2.2.2 remote-as 2
neighboor 200.2.2.2 update-source loopback 0
neighboor 200.2.2.2 ebgp-multihop

R2:

ip route 100.1.1.1 255.255.255.255 10.10.10.1
ip route 100.1.1.1 255.255.255.255 10.10.20.1
!
router bgp 2
neighboor 100.1.1.1 remote-as 1
neighboor 100.1.1.1 update-source loopback 0
neighboor 100.1.1.1 ebgp-multihop

First of all, we need to use 2 static routes in both sides pointing to the loopbacks with a next-hop address. There is nothing special about this so far.

What I believe is trick here, is that for 2 EBGP neighboors to peer they need either be directly connected or using the command ebgp multihop if not directly connected.
In this particulary case both routers are directly connected but we still need to use the command ebgp-multihop because we are peering with the loopbacks networks which they are 2 hop’s away.

Posted in BGP | Tagged: , , , | Leave a Comment »

Cisco Expert – Welcome to Cisco Expert Blog

Posted by Ricardo Martins on June 27, 2008

I just decided to start a blog. Yes, I know it is just another blog out there. I thought it would be a good idea to start a blog for the fact that it would help preparing myself to the CCIE R/S Lab. This way, while I post some technology configuration and the way it works it will help me to learn it better.

I have invited a friend that works with me, to participated in this blog. I believe it is lot funnier to write a blog with 2 people when they both share the same level of motivation.

Another reason I am starting this blog is because it is just nice for others to come and read someone elses experience about something they like. I actually every day visit 4 or 5 different blogs out there, it is just so enjoyable to read about something I love. Yes, we all know, we do this because we find network lovely.

A quick introduction here

My name is Ricardo Martins, I live in Northern Ireland at the moment, I am 26 and I am originally from Portugal. I work for Hewlett Packard since beginning 2008.

Welcome!!

 

Posted in Uncategorized | 3 Comments »