Fundamentals of Border Gateway Protocol (BGP) - Part 5

ccie r/s ccna r/s ccnp r/s May 21, 2019

This post is the 5th in a series of Border Gateway Protocol (BGP) posts. If you missed any of the first four, here are the links:

In this post, we're going to take a look at BGP scalability mechanisms and related concepts.

BGP Scalability Mechanisms

Just as IP address depletion has been a concern with the Internet, so has the depletion of available autonomous system numbers. To help solve this, the engineers turned to a familiar solution. They marked an AS number range as private-use only. This permits you to experiment with AS construction and policy in a lab (for example) and use AS numbers that are guaranteed not to conflict with Internet-based systems.

Remember, the AS number is a 16-bit number permitting up to 65,536 AS numbers. The private space is marked as 64512-65535.

Another...

Continue Reading...

Fundamentals of Border Gateway Protocol (BGP) - Part 4

ccie r/s ccna r/s ccnp r/s May 07, 2019

This post is the 4th in a series of Border Gateway Protocol (BGP) posts. If you missed any of the first three, here are the links:

In this post, we're going to take a look at configuring BGP to advertise Network Layer Reachability Information (NLRI), and also the configuration of a BGP routing policy.

Advertising NLRI

Before we even begin advertising NLRI using our various commands in this section, let’s take a moment to discuss an old feature of BGP that Cisco disables by default for you. The feature is called BGP synchronization. For proof that Cisco has disabled this feature on your device, just perform a show running-configuration on one of your lab BGP speakers and under the BGP process you will find the command no synchronization. If enabled, the synchronization feature prevents a BGP speaker from entering prefixes into BGP...

Continue Reading...

Fundamentals of Border Gateway Protocol (BGP) - Part 3

ccie r/s ccna r/s ccnp r/s Apr 08, 2019

This post is the 3rd in a series of Border Gateway Protocol (BGP) posts. If you missed either of the first two, here are the links:

Now, in this post, you'll learn about how BGP neighborships are formed, within an autonomous system, between autonomous systems, and even between routers that are not directly connected. Also, we'll check out BGP authentication.

eBGP Peerings

Given that BGP is an AS-to-AS routing protocol, it would make good sense that external BGP (i.e. eBGP) is a key ingredient in its operations. The very first thing that we need to keep in mind with eBGP is that the standards are built so that there is a requirement for a direct connection. This is something that we can work around (of course), but this point is worth consideration. Because a direct connection is assumed, the BGP protocol does two things:

  • It's going to check for a time-to-live (TTL) value, and that the...
Continue Reading...

Fundamentals of Border Gateway Protocol (BGP) - Part 2

ccie r/s ccna r/s ccnp r/s Mar 12, 2019

Part 1 of our blog series on Border Gateway Protocol (BGP) gave you an overview of  BGP and then delved into BGP message types and neighbor states. Now, in this post, you'll learn about one of the most challenging aspects of BGP, how it makes its path selection decision. While routing protocols such as RIP, OSPF, and EIGRP each have their own metrics used to pick the "best" path to a destination network, BGP uses a collection of path attributes (PAs).

BGP Path Attributes

When your BGP speaker receives a BGP prefix, there are going to be many path attributes tagged to it, and we know that these are going to be critical when it comes to BGP doing things like choosing a very best path to a destination. Interestingly, not all of these path attributes are created equal.

All BGP path attributes fall into one of four main categories. Note that this list also provides example attributes in each category. Do not be too concerned with these specific attribute values now, as you will...

Continue Reading...

Fundamentals of Border Gateway Protocol (BGP) - Part 1

ccie r/s ccna r/s ccnp r/s Jan 29, 2019

One of the most intimidating topics for Cisco certification candidates in the Route/Switch track is Border Gateway Protocol (BGP). To help remove the FUD (Fear, Uncertainty, and Doubt) surrounding BGP, I'll be sharing a series of blog posts with you to help demystify this routing protocol. In this first post of the series, you'll be introduced to the very basics of BGP and learn about its various message types and states.

An Overview of BGP

Let’s face it - Border Gateway Protocol is just incredibly unique, especially when we compare it to other routing protocols. The very first thing that makes BGP so unique, is what it does for us. It is our only Exterior Gateway Protocol (EGP) in major use today. We know we have our Interior Gateway Protocols (IGPs), and that would be like OSPF running inside of an autonomous system. But BGP is an EGP, which means that it is (usually) going to take prefixes that are inside an autonomous system and send those to other autonomous systems....

Continue Reading...

Cisco ASA High Availability Implementation

security Dec 18, 2018

As a redundancy measure, it’s possible to deploy multiple Cisco ASAs together in a failover configuration, also known as a High Availability Implementation. This requires that the ASAs have identical software, licensing, memory, and interfaces. There are three possible high availability options to protect against downtime, which we'll explore here.

Active/Standby Failover Implementation: In this model, only one of the firewalls is responsible for processing traffic, while the other is designated as a hot standby. The standby device has the ability to take over traffic processing duties in the event that the active device fails.

Active/Active Failover Implementation: In this model, both firewalls actively process traffic as a cluster. The network is able to tolerate the failure of one of the devices, since they are performing identical duties.

This implementation is a bit more complex and requires multiple context mode. With multiple context mode, it’s possible to...

Continue Reading...

Route Redistribution- Part 4

ccie r/s ccnp r/s Nov 29, 2018

This post is the fourth in a series of posts on route redistribution. If you haven't yet read the first three, here are the links:

Up until now in this series, we’ve seen the need for route redistribution, looked at a basic configuration, saw how we could filter specific routes from being redistributed, and learned how to prevent a routing loop by tagging redistributed routes. In this final route redistribution post, we want to check out route redistribution with IPv6, and how that configuration varies a bit from what we’ve done previously with IPv4 networks.

Consideration #1 - The Redistribution of Connected Networks

First, consider a router running a routing protocol; let’s say it’s OSPF in this instance. Also, let’s say that router has several interfaces that are participating in the OSPF routing protocol. On that same router, imagine we’re running...

Continue Reading...

ZPF Concepts and Implementation

security Nov 27, 2018
 

Cisco Zone-Based Policy Firewalls are a more modern implementation of the interface-based stateful inspection. This allows you to group interfaces into zones, which have similar functions or features. This allows for stateful packet inspection and application control, and a much more granular firewall policy.

In this video, I'll discuss common ZPF concepts and walk through a basic CLI implementation.

All the best,


Charles Judd - Instructor
CCNA Security & R/S, BS Network Security

Continue Reading...

"Getting Your Hands Dirty" with Cisco Packet Tracer

Uncategorized Nov 19, 2018
 

In this video, you'll learn how to download (for FREE) Cisco Packet Tracer.

Then, you'll load a .PKT file (click HERE to download your .PKT topology file) into your copy of Cisco Packet Tracer and complete the described tasks.

The video then walks you through a complete solution.

Kevin Wallace, CCIEx2 (R/S and Collaboration) #7945

Continue Reading...

VLAN Security Concepts

security Nov 13, 2018

A Virtual Local Area Network (VLAN) is a logical grouping of devices on one or more LANS, configured to communicate as if they were on the same segment. In order to communicate with devices in another VLAN, a Layer 3 device must be present for routing.

Private VLAN (PVLAN)

One way to simplify a multi-VLAN deployment is by use of the Private VLAN (PVLAN) feature. PVLANs achieve isolation at Layer 2 between ports in the same VLAN. This is done by designating the ports as one of three types: promiscuous, isolated, orcommunity. Each designation has its own unique set of rules which regulate the ability to communicate with other devices in the same VLAN.

Promiscuous Ports: These ports have the ability to communicate with all other ports within the PVLAN. The default gateway for the network segment would likely be a promiscuous port, since all devices need to be able to communicate with the gateway.

Isolated Ports: These ports have Layer 2 separation from all other ports...

Continue Reading...
Close

50% Complete

Two Step Opt-In

Please submit your information below to receive updates from Kevin Wallace Training: