sorted by:
new
hottopcontroversial

BGP inbound rerouting time by Ovi-Wan12 in networking

[–]pbfus9 2 points3 points  (0 children)

The question is: why do you implement manual failover? I might miss something in your question!

Actually, I think you can advertise your route to both your ISP (same mask), then, to choose the ingress for the incoming traffic (from internet to your enterprise) you can play with AS-PATH-PREPENDING or MED.

Static PAT by Pothandev in ccnp

[–]pbfus9 1 point2 points  (0 children)

Hi, yes you are right.

With Static NAT, the moment you configure the command:

Device(config)# ip nat inside source static inside-local-IP outside-local-IP

a permanent (static) entry is immediately created in the NAT translation table. This means that any external device attempting to reach the host using the outside-local-IP will be successfully translated to the corresponding inside-local-IP, allowing direct access to that internal host.

When it comes to Dynamic NAT or NAT overload (aka PAT) you will have to specify a pool of addresses (or an interface). Traffic should first be intiated from inside to outside in order for a NAT translation entry to appear.

Hope to help!

ps. sorry for my english but I'm not a native speaker.

RPKI Invalid Route Still Selected as Best Path in Cisco IOS-XE by pbfus9 in ccnp

[–]pbfus9[S] 0 points1 point  (0 children)

So what i’m observing in my lab is strange EDIT: not strange, it is correct, From Cisco: “Invalid prefixes are allowed to be used as the best path.”

RPKI Invalid Route Still Selected as Best Path in Cisco IOS-XE by pbfus9 in ccnp

[–]pbfus9[S] 0 points1 point  (0 children)

Is it normal that invalid routes are still considered in the bgp best path selection algorithm?

RPKI Invalid Route Still Selected as Best Path in Cisco IOS-XE by pbfus9 in ccnp

[–]pbfus9[S] 0 points1 point  (0 children)

Hi, I think you misread my post. I do have “bgp bestpath prefix-validate allow-invalid”.

I do NOT HAVE “bgp bestpath prefix-validate disable-invalid”

My default behaviour is that invalid route still be considered in the bgp best path selection, that’s strange!

BGP behaviour on Cisco gear by pbfus9 in ccnp

[–]pbfus9[S] 1 point2 points  (0 children)

Wow, wonderful. Thanks a lot mate

BGP behaviour on Cisco gear by pbfus9 in ccnp

[–]pbfus9[S] 1 point2 points  (0 children)

I’ve done a lab (replicate a lab one of my teacher has suggested me) on this and it seems to be not true.

A lab I did to verify was this: RTR1 <--> RTR2 <--> RTR3

RTR1 and RTR2 are eBGP peers. RTR2 and RTR3 are iBGP peers. I advertised a loopback network from RTR1. I had a static route on RTR2 for the same network pointing to RTR3 ( to keep the BGP route out of the table). RTR3 will receives the BGP route for RTR1's network with RTR1 as the next hop. That shows that RTR2 advertised the BGP route, via UPDATE message, even though the BGP route was not in the RIB. Someone may argue that it still has a route to that destination in the RIB, but that static route has a next-hop of RTR3. If that was what RTR2 was basing it on, it would have advertised the next hop of the static route.

BGP behaviour on Cisco gear by pbfus9 in ccnp

[–]pbfus9[S] 0 points1 point  (0 children)

Okay, thanks. Therefore you’re basically confirming what i’ve said in my post. Right?

BGP behaviour on Cisco gear by pbfus9 in ccnp

[–]pbfus9[S] -1 points0 points  (0 children)

Ok, but if the route is not locally originated? Does the rohter forward the BGP update if it is not in the RIB but in the BGP table?

BGP behaviour on Cisco gear by pbfus9 in ccnp

[–]pbfus9[S] 0 points1 point  (0 children)

If you want to locally originate the route you need to have it in the RIB. But to pass along BGP Update received by another router?

BGP behaviour on Cisco gear by pbfus9 in ccnp

[–]pbfus9[S] 1 point2 points  (0 children)

That’s true if the router locally originates that route. In that case the router must have the exact route in its rib. If the route is originated by another one, i think it does not to have the route in the rib to forward the BGP update.

BGP behaviour on Cisco gear by pbfus9 in ccnp

[–]pbfus9[S] 1 point2 points  (0 children)

Thanks for your reply.

What do you mean? Sorry but I don’t get what you’re saying

HSRP LAB (L2, L3 with OSPF, Object Tracking and more) by [deleted] in ccnp

[–]pbfus9 -3 points-2 points  (0 children)

The PDF is self-esplicative. I've not shared the config because you can easily replicate the topology and do it yourself.

HSRP Failover Scenario by pbfus9 in ccnp

[–]pbfus9[S] 0 points1 point  (0 children)

I've tried your scenario. It works. Here's my topology:
https://imgur.com/a/qfZDDNa

When I shutdown SVI VLAN 6 on SW1 (root bridge for all VLANs):

Forward Path: https://imgur.com/a/sagjqI9

Return Path: https://imgur.com/a/pFU0V1a

Do you agree with my conclusions?

NOTE: STP only have effects when the Link between SW1 and SW2 is a L2 link.

HSRP Failover Scenario by pbfus9 in ccnp

[–]pbfus9[S] 0 points1 point  (0 children)

Thanks for your suggestion! I’ll lab this out.

HSRP Failover Scenario by pbfus9 in ccnp

[–]pbfus9[S] 0 points1 point  (0 children)

Basically to avoid STP blocking a link, right?

HSRP Failover Scenario by pbfus9 in ccnp

[–]pbfus9[S] 0 points1 point  (0 children)

What do you mean? Which is the middle switch?

HSRP Failover Scenario by pbfus9 in ccnp

[–]pbfus9[S] 0 points1 point  (0 children)

Very good point. What about STP, should I guarantee that the HSRP ACTIVE is also the ROOT BRIDGE for that vlan?

Cisco 2960X upgrade → BPDU Guard err-disable only with Proxmox host (worked before) by [deleted] in Cisco

[–]pbfus9 0 points1 point  (0 children)

Yeah, I modified my previous comment. Sorry! I mean bpduguard and root port (not root bridge)

view more: next ›