Archive for March 2014

GNS3 1.0 Vs Cisco CML

02:48:00 7 Comments

Last week I started backing the crowd funded GNS3 1.0 project by making a small(ish) donation, I watched the preview video and I was very impressed. Some of the exciting new features of GNS3 are:

Grouping of devices for easier management
IOS on UNIX Support
IOU Switching Support
Ability to plug in network cables to running routers and switches (instead of having to turn them off)
Rapid Spanning Tree support
Enhanced Idle-PC calculations

 Many of you have probably used GNS3 for some time now. some of you may even have weighed up the pros and cons of using IOU, so its great that GNS3 now offers the ability to leverage the best of both worlds in one interface, but how does it shape up to CML, which is clearly going to be it's main (if not only rival)?

Costs and Limits

CML is going to be with us pretty soon (although Cisco are still keeping pretty quiet about it). The word on the street is that for the likes of you and I it will cost $100 and support a maximum of 15 devices.

 GNS3 does not have such a cost or device limit (although it does require memory from the host machine), and the CCIE exam itself has far more that 15 devices (30 from what I have seen of the v4.0, and would guess its roughly the same for the v5.0).  

Switching

With CML IOS switching won't be released until later in the year, possibly as an upgrade, maybe as an add-on, unknown if there is a price association.

 GNS3 Switching will be handled through connectivity to an IOU VM.

Resources

There are expected to be other issues with CML, in that as each device runs as a separate VM it is a "huge resource hog" - and this is coming from someone who worked on the beta from a thread over at the Cisco learning network here.

Both CML and GNS3 1.0 will hook into VMs for different requirements, out of the box GNS3 works exceedingly well, granted switching has been a bug-bear for most. GNS3 can already hook into VirtualBox for VMs and can run IOS XR vms, and any manner of VirtualBox guest. CMLs VM connectivity will be decided by Cisco.

Other features

CML offers a great way of overlaying data - from my earlier post on VIRL (as it was known then) you can overlay information such as BGP connections, which will be great for presentations, especially as the engine can be separated from the GUI (called VM Maestro), the GUI can run on a laptop and the engine could for instance run on a server back in the office. Both can however live happily on the one laptop though (if suitably specced). This separation of roles is very good, especially if this is in a corporate environment.

GNS3 can connect to read equipment whereas CML seems to be more self contained, which also keeps it within the node limit imposed by your license, but also means that one of the great features of GNS3, that overcame the switching issue, will go back to relying on emulation of ASICs to provide switching.

Who will win?

It's really early days yet, but for the one-off consumer looking to study for an exam I think it will be GNS3 that has the greater install base. CML will get a lot of attention, thats pretty obvious, but its device number limitation for the like of you and I that will be a real bug bear. GNS3 is free and will remain free, it has a great following and is only limited by the imagination. Yes I will will buy CML, just like I bought about $2000 worth of routers and switches before finding out that they are going to be no good for the CCIE v5, but I think I will probably use GNS3 more.

Amazon suggested I might like to buy my own book

02:57:00 Add Comment
As many of you probably are more than aware of Amazon often send out emails based on your browsing history, and on products similar to ones you have looked at.

Imagine my amusement when I got this email:

Amazon BGP for Cisco Networks

I already have a few copies, so I am sorted, but if you havn't already got a copy of the first of my CCIE books "BGP for Cisco Networks" then head over to the Books link on the menu which has links for your local Amazon retailer.

All about CEF - Cisco Express Forwarding

08:17:00 Add Comment

What is CEF, and why do we use it?

CEF stands for Cisco Express Forwarding. It is (as the name suggests) proprietary to Cisco. It operates at layer 3, and is designed to speed up packet switching, CEF supports ethernet, Frame Relay, PPP, ATM, FDDI, tunnels and HDLC.

CEF keeps two tables, the FIB (Forwarding Information Base), and the adjacency table, which contains the layer 2 information for each particular FIB entry. There are different adjacencies for different scenarios:

  • Cache adjacency: This type of entry contains the correct outbound interface and the correct MAC address for its FIB entry. The MAC address is the IP address's MAC address if the destination's subnet is directly connected to the router, or is the MAC address of the router that the packet needs to be sent to if the destination's subnet is not directly connected to the router currently processing the packet.
  • Receive adjacency: This type of entry handles packets whose final destinations include the router itself. This includes packets whose IP addresses are assigned to the router itself, broadcast packets, and multicasts that have set up the router itself as one of the destinations.
  • Null adjacency: Handles packets destined to a NULL interface. Packets with FIB entries pointing to NULL adjacencies will normally be dropped.
  • Punt adjacency: Deals with packets that require special handling or can not be switched by CEF. Such packets are forwarded to the next switching layer (generally fast switching) where they can be forwarded correctly.
  • Glean adjacency: This adjacency is created when the router knows that either the destination IP's subnet is directly connected to the router itself and it does not know that destination device's MAC address, or the router knows the IP address of the router to forward a packet to for a destination, but it does not know that router's MAC address. Packets that trigger this entry will generate an ARP request.
  • Discard adjacency: FIB entries pointing to this type of adjacency will be discarded.
  • Drop adjacency: Packets pointing to this entry are dropped, but the prefix will be checked.
There are two forms of CEF; Central CEF and Distributed CEF (dCEF). Central CEF which is available on the lower to mid-range devices uses the Route Processor (RP), higher end models use dCEF which splits the load over line cards, avoiding having to use the RP.

How do we use CEF and what is reliant on it?

CEF is enabled by default, and has been since IOS 12.0, if for any reason CEF is not enabled then the IOS will revert to process switching, which is a bit slower than CEF.

We will go through some of the basics of CEF with a simple three router example:

CEF router

So far just the interface IPs have been set on the interfaces.

Looking at R1 we can see that the routing table (RIB) looks good.
R1#sh ip route | beg Gate
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C        10.1.1.0/24 is directly connected, GigabitEthernet1/0
L        10.1.1.1/32 is directly connected, GigabitEthernet1/0
C        10.3.1.0/24 is directly connected, GigabitEthernet2/0
L        10.3.1.1/32 is directly connected, GigabitEthernet2/0
R1#
And it's ARP cache also looks good:
R1#sh arp
Protocol  Address   Age (min)  Hardware Addr   Type  Interface
Internet  10.1.1.1         -   ca00.0253.001c  ARPA  GigabitEthernet1/0
Internet  10.1.1.2         4   ca01.0253.001c  ARPA  GigabitEthernet1/0
Internet  10.3.1.1         -   ca00.0253.0038  ARPA  GigabitEthernet2/0
Internet  10.3.1.3         3   ca02.0253.001c  ARPA  GigabitEthernet2/0
R1#
We can also check that CEF is enabled, either through a sh run: 
R1#sh run
Building configuration...

Current configuration : 1130 bytes
!
! Last configuration change at 12:37:25 UTC Sat Mar 15 2014
upgrade fpd auto
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
ip source-route
no ip icmp rate-limit unreachable
ip cef
!
Or through the command "sh ip cef" which will show us the FIB table: 
R1#sh ip cef
Prefix               Next Hop             Interface
0.0.0.0/0            no route
0.0.0.0/8            drop
0.0.0.0/32           receive              
10.1.1.0/24          attached             GigabitEthernet1/0
10.1.1.0/32          receive              GigabitEthernet1/0
10.1.1.1/32          receive              GigabitEthernet1/0
10.1.1.2/32          attached             GigabitEthernet1/0
10.1.1.255/32        receive              GigabitEthernet1/0
10.3.1.0/24          attached             GigabitEthernet2/0
10.3.1.0/32          receive              GigabitEthernet2/0
10.3.1.1/32          receive              GigabitEthernet2/0
10.3.1.3/32          attached             GigabitEthernet2/0
10.3.1.255/32        receive              GigabitEthernet2/0
127.0.0.0/8          drop
224.0.0.0/4          drop
224.0.0.0/24         receive              
240.0.0.0/4          drop
255.255.255.255/32   receive              
R1#
Here we can see the FIB along with the different adjacency tables as well. We can confirm our adjacencies are as expected by looking directly at the adjacencies table:
R1#sh adjacency 
Protocol Interface                 Address
IP       GigabitEthernet1/0        10.1.1.2(9)
IP       GigabitEthernet2/0        10.3.1.3(9)
R1#
We can create a dummy entry for 0.0.0.0/0 pointing to Null0 and see the change in our FIB:
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#ip route 0.0.0.0 0.0.0.0 null0
R1(config)#exit
R1#
*Mar 15 12:53:14.443: %SYS-5-CONFIG_I: Configured from console by console
R1#sh ip cef
Prefix               Next Hop             Interface
0.0.0.0/0            attached             Null0
0.0.0.0/8            drop
0.0.0.0/32           receive              
10.1.1.0/24          attached             GigabitEthernet1/0
10.1.1.0/32          receive              GigabitEthernet1/0
10.1.1.1/32          receive              GigabitEthernet1/0
10.1.1.2/32          attached             GigabitEthernet1/0
10.1.1.255/32        receive              GigabitEthernet1/0
10.3.1.0/24          attached             GigabitEthernet2/0
10.3.1.0/32          receive              GigabitEthernet2/0
10.3.1.1/32          receive              GigabitEthernet2/0
10.3.1.3/32          attached             GigabitEthernet2/0
10.3.1.255/32        receive              GigabitEthernet2/0
127.0.0.0/8          drop
224.0.0.0/4          drop
224.0.0.0/24         receive              
240.0.0.0/4          drop
255.255.255.255/32   receive              
R1#
We can use the command "sh ip cef" along with a ip address, or ip and prefix and get different results:
R1#sh ip cef 0.0.0.0/0
0.0.0.0/0
  attached to Null0
R1#sh ip cef 0.0.0.0  
0.0.0.0/32
  receive
R1#
We can use CEF for load balancing. If we create another route on R1 pointing to R2 for the 0.0.0.0/0 route, we can use CEF to load balance the two routes (though to be fair both routes will still exist in the sh ip route output if CEF is turned off). 
R1(config)#no ip route 0.0.0.0 0.0.0.0 null0
R1(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.2
R1(config)#do sh ip route | beg Gate 
Gateway of last resort is 10.1.1.2 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 10.1.1.2
      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C        10.1.1.0/24 is directly connected, GigabitEthernet1/0
L        10.1.1.1/32 is directly connected, GigabitEthernet1/0
C        10.3.1.0/24 is directly connected, GigabitEthernet2/0
L        10.3.1.1/32 is directly connected, GigabitEthernet2/0
R1(config)#ip route 0.0.0.0 0.0.0.0 10.3.1.3
R1(config)#do sh ip route | beg Gate        
Gateway of last resort is 10.3.1.3 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 10.3.1.3
                [1/0] via 10.1.1.2
      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C        10.1.1.0/24 is directly connected, GigabitEthernet1/0
L        10.1.1.1/32 is directly connected, GigabitEthernet1/0
C        10.3.1.0/24 is directly connected, GigabitEthernet2/0
L        10.3.1.1/32 is directly connected, GigabitEthernet2/0
R1(config)#
We can check CEF for the route: 
R1#sh ip cef 0.0.0.0/0
0.0.0.0/0
  nexthop 10.1.1.2 GigabitEthernet1/0
  nexthop 10.3.1.3 GigabitEthernet2/0
R1#
And we can see that CEF is happy. If we look at the details we can also see that CEF is load-balancing: 
R1#sh ip cef 0.0.0.0/0 detail       
0.0.0.0/0, epoch 0, per-destination sharing
  recursive via 10.1.1.2
    attached to GigabitEthernet1/0
  recursive via 10.3.1.3
    attached to GigabitEthernet2/0
R1#
Per-destination is the default load-balancing, we can switch to per-packet using the following interface commands: 
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#int g1/0
R1(config-if)#ip load-sharing per-packet 
R1(config-if)#int g2/0
R1(config-if)#ip load-sharing per-packet 
R1(config-if)#
And again we can see what CEF is now doing: 
R1#sh ip cef 0.0.0.0/0 detail 
0.0.0.0/0, epoch 0, per-packet sharing
  recursive via 10.1.1.2
    attached to GigabitEthernet1/0
  recursive via 10.3.1.3
    attached to GigabitEthernet2/0
R1#
The caveat here though is that per-packet load-balancing usually means packets are delivered out of order. So generally per-destination is preferred. None of this really goes to show how useful CEF is though. On high end routers and switches it does take a large pressure off of the Route Processor, and routing will still use process switching, so what else requires CEF?

QoS

QoS depends heavily on CEF, NBAR requires it as does Class-Based packet marking using the set command, class-based policing and Auto QoS.

MPLS

MPLS also requires CEF. In MPLS networks packets that are labelled will be switched according to the LFIB (Label Forwarding Information Base). IP packets will be switched according to the CEF table. If an IP packet exits the router with an MPLS label it is CEF that needs to label the packet.

When should we not use CEF?

Its safer to leave CEF on, chances are your router will perform slower, and functionality (as explained above) will be missing if you turn if off. Should you do absolutely have to, or want to, disable it, then globally the command is "no ip cef", or for an interface "no ip route-cache cef".

Book sales first week.

04:52:00 2 Comments
Sales of my book "BGP for Cisco Networks" have been pretty good for the first week, considering the limited market the book is aimed at.

I have sold:
  • 12 in the USA (and three have been borrowed)
  • 3 in the UK
  • 1 in Germany
  • 1 in Spain (Hi to Nersas!)
  • 2 in Japan
I might never be the Stephen King of the networking world, but I am really pleased that its being read and that I have had some good feedback.

I have started on the MPLS volume, not sure when it will be completed, but I am really spurred on now!

Thanks to everyone who has bought it so far.

BGP for Cisco Networks
AmazonPaperbackKindle

24 hours in and the book is doing well

03:46:00 Add Comment
I have had some good feedback so far from the book.

I have been asked if I will post the GNS3 topology files in full, and I will do this shortly.

It's doing all right at the moment. On Amazon.com it's number 10 in the best sellers rank under Intranets and Extranets, 21 under Bridges and Routes and number 22 in Cisco!

Month nine done - I wrote a book!

08:18:00 3 Comments
I decided a few months back that in order to do well in the CCIE exam that I would need to know the various protocols like the back of my hand.

Several pages of BGP notes soon started to become a mountain of papers, and in the end it seemed pretty obvious that this was starting to look more and more like a book. 

So why not I thought. So three months later I gave just published my first book "BGP for Cisco Networks". It's available on the Amazon kindle book stores across the world, and for what I believe to be a very reasonable price - around the same price as a decent cup of coffee.



It presents a large topology to worm through and will take you from basic iBGP and eBGP peer creation through to all the advanced topics such as multiprotocol BGP, dynamic peering, BGP security, and loads if ither good stuff. 

It's closely aligned with the CCIE v5 exam topics, and I hope it will be the start of a series. 

If you have a Kindle Fire then I have made it part of the borrowers library so you can borrow it for thirty days without having to pay a penny!

You can get it from the Amazon.co.uk store here, or from Amazon.com here.

I hope you enjoy it!
Subscribe to: Posts (Atom)