Some good presetation on BGP Links https://www.sanog.org/resources/sanog33/SANOG33_Tutorials-BGP_Communities_and_Geotags-Muhammad_Moinur_Rahman-DZCRD.pdf https://www.denog.de/media/DENOG10/day2_0900_communities-no-anim.pdf https://nsrc.org/workshops/2014/afnog-are/raw-attachment/wiki/Agenda/09-BGP-Communities.pdf
BGP – Do not advertise a network
Remove routes from Advertisement on a Forigate firewall Not to myself: 10.255.32.0/20 was wired on C1, local pref was missing. so it might make sens to add this to all incoming routes 'set local-preference 100', incoming there is no issue. show router route-map show router route-map config router route-map edit "EBGP-OUT-R2" config rule edit 1 …
BGP – Prevent becoming a Transit-AS
AS-Path FilteringNo-export CommunityPrefix-list FilteringDistribute List Filtering AS-Path Filtering ip as-path access-list 1 permit ^$ neighbor x.x.x.x filter-list 1 out No-export Community ip bgp-community new-format route-map NO-EXPORT ​set community no-export neighbor x.x.x.x route-map NO-EXPORT in neighbor x.x.x.x send-community Prefix-list Filtering ip prefix-list NO-TRANSIT permit x.x.x.x/x neighbor x.x.x.x prefix-list NO-TRANSIT out Distribute List Filtering access-list x deny x.x.x.x y.y.y.y …
BGP – MultiHoming
Cisco cisco01config show ip bgp summaryshow ip routeshow ip bgpcisco02config show ip bgp summaryshow ip routeEdgeRouter-Xedge01configshow ip routeedge02configshow ip routeFortiGateconfigget router info routing-table detailsTestsChanging the AS Numbersshow ip routeshow ip bgpOptimizing route mapscisco1show ip bgp neighbors 10.255.80.29 received-routesshow ip bgpshow ip routecisco2show ip bgp neighbors 10.255.80.28 received-routesshow ip routeBGP Prevent becoming an Transit ASNo-Export CommunityLinks …
Cisco Nexus Port-channel Issue
Some strange thing we came across the other day. After the Power outage one of the Port-channels did not came up. VPC consistency showed that the Port-channel has ports assigned on both Nexus Switches there should only be local ports connected. Even the remote port was configured for a different port channel. We ended up …
LAG Groups
Some collection of LAG configurations and status commands seen over time. LinuxManually ConfigurationStatusFreeBSDConfig ExampleStatusPermanentCheckpoint ConfigStatus - Clish Status - Expert ModeFortigateConfigStatusCisco - CatalystsConfig StatusLinks Linux Manually Configuration modprobe bonding mode=802.3ad ifconfig bond1 192.168.1.1 netmask 255.255.255.0 up ifenslave bond1 eth0 ifenslave bond1 eth1 The Permanent way depends on the distribution. Status cat /proc/net/bonding/bond1 Ethernet Channel Bonding …
Cisco Catalyst 9200 – Software Update
Looks that software maintainance on newer Cisco Catalysts running IOSXE is a bit diffrence. -- TLDR -- copy http://tftpboot.example.pp52.de/cat9k_lite_iosxe.17.09.05.SPA.bin flash: install add file flash:cat9k_lite_iosxe.17.09.05.SPA.bin install activate Copy the Image to the Switch copy http://tftpboot.rd.pp52.de/cat9k_lite_iosxe.17.09.05.SPA.bin flash: Setup the Boot enviroment c9200#conf t Enter configuration commands, one per line. End with CNTL/Z. de052-ne1-rt-cisco01(config)#boot system flash:packages.conf de052-ne1-rt-cisco01(config)#no boot …
Cisco IPv6 Unicast Routing
! ipv6 unicast-routing !
Cisco – QoS
After dealing with CBQoS in the past days, some observations i have made Cisco seams not to fill the SNMP variables on Catalyst 2960C /2960CG / 2960CX platforms. snmp genarator is picky about ordering. You may find this line "- source_indexes: [cbQosObjectsIndex, cbQosPolicyIndex]" in the GitHub Issues but this "- source_indexes: [cbQosPolicyIndex, cbQosObjectsIndex]" seams to …
Controlling the Power in my Homelab
I’ve been using Home Assistant for a while now, and it’s time to explore automation with my Homelab equipment. Home Assistant offers integrations for a wide range of power outlets and allows for the control of PoE ports as well. Usually i power things with ZigBee Power Plugs or over PoE if possible. Raspberry PI …
Cisco Nexus – Policy Based Routes
So after a while some basic Cisco stuff. Thanks Craig for being the Guy you are. We had to divert traffic some traffic to an dedicated line for Netscope, to an different Internet Line. configure terminal ip access-list pbr-netscope-over-second-provider permit 10.255.86.0 0.0.1.255 3.123.155.214 0.0.0.0 permit 10.255.86.0 0.0.1.255 3.123.215.247 0.0.0.0 permit 10.255.86.0 0.0.1.255 3.123.221.103 0.0.0.0 permit …
Patrick Marc's Networks 