0% found this document useful (0 votes)

241 views155 pages

DGTL BRKRST 2044

Uploaded by

Ben Brahim

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

241 views155 pages

DGTL BRKRST 2044

Uploaded by

Ben Brahim

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 155

#CiscoLive

Enterprise Multi-Homed
Internet Edge Architectures

Zig Zsiga CCIE 44883 (RS/SP), CCDE 20160032

@Zig_Zsiga
DIGRST-2044

#CiscoLive
Agenda
• Introduction
• Session Goals, Scope, and Business Drivers
• Design Framework for the Internet Edge
• Toolset: Border Gateway Protocol
• Common Deployment Scenarios
• Alternative Solutions

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
What this session • Keeping it simple
is all about
• Meeting business needs

• Real and raw use cases

“In the wild”

• GitHub!!
https://github.com/mzsiga/
brkrst-2044

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
What this session • A fact recitation
is not about
• Troubleshooting session

• An exhaustive list of every

BGP detail

• Extra detail in reference

slides, marked with
in upper right corner

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
Internet Characteristics
Internet Services
• Unicast IPv4 & IPv6
• Multiple, Autonomous Service Provider Networks
• Internet Edge Routing via Static or BGP
• Best Effort; No QoS (Quality of Service)

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 6
Design Framework for
the Internet Edge
Internet Characteristics
Internet Edge Design
• Define Two, Separate Policies:
• Egress Path Selection
• Ingress Path Selection Internet

• Think of Path Selection as a

ISP A ISP B
Two-way street.

Ingress

Egress
R1 R2

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 8
Internet Characteristics
Traffic Engineering : Ingress
• How will traffic ENTER
the Enterprise? ISP X
ISP Z

Ingress
ISP Y
• What Problem is the Business Trying
to Solve?:
ISP A ISP B
• Basic High Availability?
• Survivability for Critical Applications
across Multiple Data Centers?
• Congestion?

Egress
• Or, Don’t Care…?
R1 R2

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 9
Identifying Technical Requirements
Traffic Engineering : Egress
• How will traffic EXIT
the Enterprise? ISP X
ISP Z

Ingress
ISP Y
• Again, What Problem is the Business
trying to Solve?:
ISP A ISP B
• High Availability?
• User-class Separation?
• Congestion (Delay, Loss, Jitter, or
Throughput)?

Egress
• Mind the Monetary Cost of Multiple
R1 R2
Links?

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
Internet Characteristics
Internet Edge Design: Traffic Patterns
ISP Z
• Consider The Traffic Patterns of ISP X
the Enterprise.
ISP Y
• Does the Enterprise host content?
• Does the Enterprise access ISP A ISP B

content?

Ingress
Egress
• Not sure? Graph interface byte
count
R1 R2

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 11
Toolset: Border
Gateway Protocol
IP Routing and Border Gateway Protocol
Key Takeaways
• Understand IP Routing and BGP Best Path Selection Process
• This will dictate which BGP tools we use.
• Discuss and Simplify the Tool-set for Policy Implementation
• Review BGP’s Multi-Protocol Capabilities and Why they are
important to our design.

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 13
IP Routing and Border Gateway Protocol
IP Routing Decision Process
• What is Rule #0?
• LONGEST MATCH ALWAYS WINS
• Which of the following Prefixes will be selected as Best Route For
Destination 10.0.8.1?
• 10.0.0.0/8
• 10.0.0.0/17
• 10.0.0.0/20
• 10.0.0.0/21
• 10.0.0.0/20 is Most Specific Prefix* [10.0.0.1 – 10.0.15.254]
• Same Principle applies for IPv6 Addresses
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
IP Routing and Border Gateway Protocol
BGP Best Path Selection: EYE CHART
BGP Receives Multiple Prefixes for the Same Destination:
0. Longest Match Wins
1. Highest WEIGHT
2. Highest LOCAL_PREF
3. Prefer Locally-Sourced Routes
4. Shortest AS_PATH
5. Lowest Origin type
6. Lowest multi-exit discriminator (MED)
7. Prefer eBGP over iBGP
8. Lowest IGP metric to the BGP next hop
9. Determine if multiple paths require installation in the routing table
10. When both paths are external, prefer the path that was received first.
11. Prefer the route that comes from the BGP router with the lowest
router ID
12. If the originator or RID is the same for multiple paths, prefer path with
minimum cluster list length.
13. Prefer the path with the lowest neighbor address.

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 15
BGP Path Selection and Multi-Homing
Rule # Rule Important? Notes
0 Longest Match Wins R Used for Traffic Engineering
1 Highest WEIGHT T Local to a Router
2 Highest LOCAL_PREF R Used for Traffic Engineering
3 Prefer Locally-Sourced Routes T All routes are learned via eBGP
4 Shortest AS_PATH R Used for Traffic Engineering
5 Lowest Origin type (IGP<EGP<INCOMPLETE) T Everything is External
6 Lowest multi-exit discriminator (MED) ? Non-Transitive
7 Prefer eBGP over iBGP R Some Multi-Homed Designs
8 Lowest IGP metric to the BGP next hop T IGP N/A between ISP/Customer
9 Multiple paths require installation in the routing table? T Applies to Multi-homed to Single AS
If both paths are external, prefer the path received first.
10 T Applicable when no real policy
configured; Oldest = Most Stable

Prefer the route from the BGP router with the lowest
11
router ID (RID) T Decision already made at this point

If the originator or RID is the same for multiple paths,

12
prefer path with minimum cluster list length. T Applies to BGP Route Reflectors

13 Prefer the path with the lowest neighbor address. T Decision already made at this point
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
BGP Path Selection and Multi-Homing
Rule # Rule Important? Notes
0 Longest Match Wins R Used for Traffic Engineering
1 Highest WEIGHT
T Local to a Router

2 Highest LOCAL_PREF
R Used for Egress TE
3 Prefer Locally-Sourced Routes
T All routes are learned via eBGP

4 Shortest AS_PATH R Used for Ingress TE

5 Lowest Origin type (IGP<EGP<INCOMPLETE) Everything is EGP for the most part

6 Lowest multi-exit discriminator (MED) ? Non-Transitive

7 Prefer eBGP over iBGP R Some Multi-Homed Designs
8 Lowest IGP metric to the BGP next hop
T IGP N/A between ISP/Customer

9 Multiple paths require installation in the routing table?

If both paths are external, prefer the path received first.
T Applies to Multi-homed to Single AS

10
? Applicable when no real policy
configured; Oldest = Most Stable

11 Prefer the route from the BGP router with the lowest router ID (RID) T Decision already made at this point

12 If the originator or RID is the same for multiple paths, prefer path with
minimum cluster list length. T Applies to BGP Route Reflectors

13 Prefer the path with the lowest neighbor address. Decision already made at this point

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
IP Routing and Border Gateway Protocol
BGP Policy Instrument : Route Map
• Route Maps: !
• Modify Attributes for Prefixes route-map sample_name permit 10
match X
• Allow or Prevent Prefixes from being set Y
sent or received. route-map sample_name permit 20
• Analogous to Computer match A
set B
Programming Syntax:
route-map sample_name deny 30
• IF, THEN, ELSE match Z
!

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
IP Routing and Border Gateway Protocol
BGP Policy Instrument : Route Map
• Evaluate in Order !
route-map sample_name permit 10
• Permit allows us to set attributes if match X
match succeeds set Y
route-map sample_name permit 20
• Use set without match will apply to all
match A
routes
set B
• Deny will filter prefixes based on route-map sample_name deny 30
match statement match Z
!
• Implicit DENY at the end
• Similar to ACLs

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
IP Routing and Border Gateway Protocol
Multiprotocol BGP (MP-BGP)
• RFC 2858 describes how we can transport reachability information
beyond IPv4 Unicast Prefixes.
• Multiprotocol BGP (MP-BGP) refers to the ability to store
information for different Address Families (Network Layer
Protocols).
• We will use MP-BGP to implement a dual-stack IPv4 and IPv6
configuration towards our ISPs.

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
IP Routing and Border Gateway Protocol
Multiprotocol BGP (MP-BGP)

IPv4 IPv6
Unicast Unicast

Multicast Multicast

VRF VRF

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
IP Routing and Border Gateway Protocol
Source: RFC 1998 Community Received Backbone Function
64499:100 Assign Local Preference of 100
• Service Providers may allow the ISP Z
64499:50ISP X Announce only to Customers
End User to “tag” prefixes (via 64499:20 ISP Y Pre-pend AS 64499 Two Times
BGP Communities). 64499:40 Pre-pend AS 64499 Four Times
ISP B
• Consult with your Service ISP A - AS 64499 ISP B - AS 64497
10.0.0.0/8 5.0.0.0/8
Provider before developing a 2100:A000::/32 2100:B000::/32
policy (Communities are Service
Provider specific). Providers Match AS 64498
Community Values and
Apply Policy (example) R1
Customer Advertises 128.66.0.0/16
these Prefixes and 2001:DB8:110::/44
Appends Community
Values
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Common Deployment
Scenarios
Reference Topology
Reference Topology 50.0.0.0/8
INET
2100:5000::/32
Internet Server IPs
- 16.16.16.16
- 2000:16:16:16::16
G0/2
BB1 G0/2
BGP
6450
0 BB2

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Reference Topology 50.0.0.0/8
INET
2100:5000::/32
Internet Server IPs
- 16.16.16.16
ISP-A - 2000:16:16:16::16
G0/1 G0/2
51.0.0.0/8 BB1 G0/2
2100:5100::/32 BGP
6450
0 BB2
BGP 64501
G0/1 ISP-B G0/1
ISP-A 52.0.0.0/8
2100:5200::/32
G0/1
BGP 64502
G0/2
ISP-B
G0/4

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 25
Reference Topology 50.0.0.0/8
INET
2100:5000::/32
Internet Server IPs
- 16.16.16.16
CDS 1 ISP-A - 2000:16:16:16::16
G0/1 G0/2
BGP 64491 51.0.0.0/8 BB1 G0/2
G0/1 2100:5100::/32 BGP
R1 6450
0 BB2
G0/2 BGP 64501
G0/2 ISP-B G0/1
G0/1
ISP-A 52.0.0.0/8
G0/0
128.1.0.0/16 2100:5200::/32
G0/1
FW1 10.1.0.0/16 BGP 64502
2001:1281::/44 G0/2
ISP-B
CDS 1 Server IPs G0/4
- 128.1.11.11
- 2001:1281:0:11::11

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
Reference Topology 50.0.0.0/8
INET
2100:5000::/32
Internet Server IPs
- 16.16.16.16
ISP-A - 2000:16:16:16::16
G0/1 G0/2
51.0.0.0/8 BB1 G0/2
2100:5100::/32 BGP
6450
0 BB2
BGP 64501
G0/1 ISP-B G0/1
ISP-A 52.0.0.0/8
G0/3 2100:5200::/32
G0/1
BGP 64502
G0/2
ISP-B

G0/1 CDS 2
R2 G0/2
G0/3 BGP 64492
CDS 2 Server IPs
G0/0 - 128.2.22.22
128.2.0.0/16 - 128.2.128.22
FW2 10.2.0.0/16 - 2001:1282:0:22::22
2001:1282::/44 - 2001:1282:8:128::22

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
Reference Topology 50.0.0.0/8
INET
2100:5000::/32
Internet Server IPs
- 16.16.16.16
ISP-A - 2000:16:16:16::16
G0/1 G0/2
51.0.0.0/8 BB1 G0/2
2100:5100::/32 BGP
6450
0 BB2
BGP 64501
G0/1 ISP-B G0/1
ISP-A 52.0.0.0/8
G0/4 2100:5200::/32
G0/1
BGP 64502
G0/2
ISP-B G0/3
G0/4 CDS 3
G0/2
G0/1
G0/2
R3 G0/1 R4
BGP 64493
G0/3 G0/3
CDS 3 Server IPs
G0/1 G0/2
- 128.3.33.33 SW1
- 128.3.128.33 G0/3
- 2001:1283:0:33::33
G0/0
- 2001:1283:8:128::33 128.3.0.0/16
FW3 10.3.0.0/16
2001:1283::/44
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Reference Topology 50.0.0.0/8
INET
2100:5000::/32
Internet Server IPs
- 16.16.16.16
ISP-A - 2000:16:16:16::16
G0/1 G0/2
51.0.0.0/8 BB1 G0/2
2100:5100::/32 BGP
6450
0 BB2
BGP 64501
G0/1 ISP-B G0/1
ISP-A 52.0.0.0/8
G0/4 2100:5200::/32
G0/5 G0/1
BGP 64502
G0/2
ISP-B
G0/4
G0/1
CDS 4
G0/2 G0/1 G0/2
R5 BGP 64494 R6
G0/3 G0/3
G0/0 G0/1
CDS 4 West DC Server IPs CDS 4 East DC Server IPs
128.4.0.0/16
- 128.4.44.44 - 128.4.128.44
FW4 10.4.0.0/16 FW5
- 2001:1284:0:44::44 G0/1 G0/0 - 2001:1284:8:128::44
G0/1 2001:1284::/44 G0/2
G0/2 G0/1
R7 R8

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
Reference Topology 50.0.0.0/8
INET
2100:5000::/32
Internet Server IPs
- 16.16.16.16
CDS 1 ISP-A - 2000:16:16:16::16
G0/1 G0/2
BGP 64491 51.0.0.0/8 BB1 G0/2
G0/1 2100:5100::/32 BGP
R1 6450
0 BB2
G0/2 BGP 64501
G0/2 ISP-B G0/1
G0/1
ISP-A 52.0.0.0/8
G0/0
128.1.0.0/16 G0/3 2100:5200::/32
G0/4 G0/1
FW1 10.1.0.0/16 G0/5
BGP 64502
2001:1281::/44 G0/2
ISP-B G0/3
G0/4 CDS 3
G0/1
CDS 4 G0/2
G0/1
G0/1 CDS 2 G0/2 G0/1 G0/2 G0/2
R5 BGP 64494 R6 R3 G0/1 R4
R2 G0/2 G0/3 G0/3 BGP 64493
BGP 64492 G0/3 G0/3
G0/3 G0/0 G0/1
128.4.0.0/16 G0/1 G0/2
G0/0 SW1
128.2.0.0/16 FW4 10.4.0.0/16 FW5
G0/1 G0/0 G0/3
FW2 10.2.0.0/16 2001:1284::/44
G0/1 G0/2 G0/0
2001:1282::/44 128.3.0.0/16
G0/2 G0/1
R7 R8 FW3 10.3.0.0/16
2001:1283::/44
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
BRKRST-2044 Lab Content Overview
Github Content: https://github.com/mzsiga/brkrst-2044
• Github
• 18 different lab scenarios
• Workbook and blog style delivery
• Over 85 screenshots
• Initial and Final configurations
• VIRL topology

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Common Deployment
Scenario 1
Single Router, 1 Link
Internet Server IPs
- 16.16.16.16
- 2000:16:16:16::16

Internet

ISP A - AS 64501
51.0.0.0/8
2100:5100::/32

CDS 1 Reference
Topology G0/1
CDS 1
G0/2 R1 BGP 64491

G0/0
128.1.0.0/16
CDS 1 Server IPs
FW1 10.1.0.0/16 - 128.1.11.11
2001:1281::/44 - 2001:1281:0:11::11

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
Common Deployment Scenarios
Single Router, 1 Link
Internet Server IPs
• We could use Static - 16.16.16.16
- 2000:16:16:16::16
Routes to Solve for Connectivity….
Internet

ISP A - AS 64501
51.0.0.0/8
2100:5100::/32

AS 64491

R1
128.1.0.0/16 CDS 1 Server IPs
2001:1281::/44 - 128.1.11.11
- 2001:1281:0:11::11
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
Common Deployment Scenarios
BGP Dual Stack
Internet Server IPs
• Goal: Establish Baseline Understanding - 16.16.16.16
of BGP Configuration and Syntax - 2000:16:16:16::16

• Configure Router 1 to connect to ISP A Internet

with dual-stack capability to receive
Public IPv4 and IPv6 addresses ISP A - AS 64501
51.0.0.0/8
2100:5100::/32

AS 64491

R1
128.1.0.0/16 CDS 1 Server IPs
2001:1281::/44 - 128.1.11.11
- 2001:1281:0:11::11
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Common Deployment Scenarios
Dual Stack: Interface Configuration
• Enable IPv6 Unicast Routing R1#
!
• Configure Interface Towards ISP ipv6 unicast-routing
A with IPv4 and IPv6 addresses. !
!
• These addresses are assigned by
interface GigabitEthernt0/1
the provider description CONNECTION_TO_ISP-A
ip address 51.51.1.2 255.255.255.252
ipv6 address 2100:5100:51:1::2/64
!

AS 64491

R1
128.1.0.0/16
2001:1281::/44
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 36
Common Deployment Scenarios
Won’t you be my Neighbor?
• Configure Neighbors under
BGP <ASN> process R1# show run | section bgp
router bgp 64491
neighbor 51.51.1.1 remote-as 64501
neighbor 10.0.0.1 description eBGP_ISP-A
neighbor 2100:5100:51:1::1 remote-as 64501
neighbor 2100:A000:1:1::1 description
IPv6_eBGP_ISP-A
!

AS 64491

R1
128.1.0.0/16
2001:1281::/44
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
Common Deployment Scenarios
AF Neighbor Activation R1# show run | section bgp
router bgp 64491
• Configure Neighbors under BGP no bgp default ipv4-unicast
<ASN> process neighbor 51.51.1.1 remote-as 64501
neighbor 51.51.1.1 description eBGP_ISP-A
• We Activate and Configure Policies neighbor 2100:5100:51:1::1 remote-as 64501
neighbor 2100:5100:51:1::1 description
for each Neighbor under each IPv6_eBGP_ISP-A
respective Address Family !
address-family ipv4
neighbor 51.51.1.1 activate
exit-address-family
!
address-family ipv6
neighbor 2100:5100:51:1::1 activate
exit-address-family

R1 AS 64491
128.1.0.0/16
2001:1281::/44
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
Common Deployment Scenarios
Prefix Advertisement R1# show run | section bgp
router bgp 64491
• Configure Neighbor Addresses neighbor 51.51.1.1 remote-as 64501
under BGP <ASN> process neighbor 51.51.1.1 description eBGP_ISP-A
neighbor 2100:5100:51:1::1 remote-as 64501
• We Activate and Configure neighbor 2100:5100:51:1::1 description
IPv6_eBGP_ISP-A
Policies for each Neighbor !
under each respective Address address-family ipv4
neighbor 51.51.1.1 activate
Family network 128.1.0.0 mask 255.255.0.0
exit-address-family
• We now specify our address !
Prefix we want to announce to address-family ipv6
neighbor 2100:5100:51:1::1 activate
our Neighbors network 2001:1281::/44
exit-address-family
AS 64491
R1
128.1.0.0/16
2001:1281::/44
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
Common Deployment Scenarios
Enter Prefix in RIB
• BGP needs a matching route in the
Routing Table, otherwise it will not
announce our Prefixes!
• Add Static Routes for our Aggregate R1#
Prefix !
ip route 128.1.0.0 255.255.0.0 Null0
• Typically, we assign the next-hop to our !
Outside Firewall Interface ipv6 route 2001:1281::/44 Null0

AS 64491

R1
128.1.0.0/16
2001:1281::/44
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Common Deployment Scenarios
Allow Only Default
• Safety First:
Filter All Incoming Routes except for the Default Route
• Prefix Lists are used to Filter Routes
• Access-lists can be used instead. Prefix Lists are easier to understand.
• Apply the Prefix Lists to our Neighbors in each Address-Family

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
Common Deployment Scenarios
Allow Only Default
R1#
ipv6 prefix-list v6Default-Only description ALLOW_ONLY_v6DEFAULT_ROUTE
ipv6 prefix-list v6Default-Only seq 5 permit ::/0
!
ip prefix-list v4Default-Only description ALLOW_ONLY_v4DEFAULT_ROUTE
ip prefix-list v4Default-Only seq 5 permit 0.0.0.0/0
R1#
router bgp 64498
!
address-family ipv4
neighbor 51.51.1.1 prefix-list v4Default-Only in
exit-address-family
!
address-family ipv6
neighbor 2100:5100:51:1::1 prefix-list v6Default-Only in
exit-address-family
R1 AS 64491
128.1.0.0/16
2001:1281::/44
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 42
Common Deployment Scenarios
Refresh BGP/IP RIB
R1# clear ip bgp *
• Finally, After changing our Policy, we need to
update the BGP Routing tables R1#
router bgp 64491
• We can clear the BGP session, however we !
address-family ipv4
will lose our BGP neighbor peer relationship(s) neighbor 51.51.1.1 soft-
and routing table reconfiguration inbound
exit-address-family
• We can apply soft-reconfiguration to avoid full !
session reestablishment address-family ipv6
neighbor 2100:5100:51:1::1 soft-
• WARNING: This command increases BGP memory reconfiguration inbound
consumption
• RECOMMENDED: If both routers support Route R1#clear ip bgp <…> in
Refresh capability, you can perform a dynamic soft
inbound refresh without enabling
R1 AS 64491
soft-reconfiguration per-neighbor. Supported
since 12.0(7)T and does not increase BGP 128.1.0.0/16
memory consumption. 2001:1281::/44
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
Common Deployment Scenarios
R1#sho ip bgp ipv4 unicast
BGP RIB and Connectivity Network Next Hop Metric LocPrf Weight Path
• Verify we have a *> 0.0.0.0 51.51.1.1 0 0 64501 I

Default Route for both R1#sho ip bgp ipv6 unicast

IPv4 and IPv6 Network Next Hop Metric LocPrf Weight Path
*> ::/0 2100:5100:51:1::1 0 0 64501 i
• Test connectivity to R1#ping 50.1.1.1
Hosts on the Internet. Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 50.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

R1#ping ipv6 2100:5000:1:1::1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2100:5000:1:1::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip R1
min/avg/max = 0/0/4 ms

128.1.0.0/16 AS 64491
2001:1281::/44
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Common Deployment Scenarios
Summary: Single Router, Single Link
• ADD_DESCRIPTIONS_EVERYWHERE_POSSIBLE
• Keep IPv4 and IPv6 configurations separate
• no bgp default ipv4-unicast
• Use “IP Prefix-lists” for route filtering rather than ACLs
• Think: IP Prefix-list = Control Plane & Access-List = Data Plane

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 45
Common Deployment
Scenario 2
Single Router, 2 Links
(Equal and Unequal BW)
Internet Server IPs
- 16.16.16.16
- 2000:16:16:16::16

Internet

ISP A - AS 64501 ISP B - AS 64502

51.0.0.0/8 52.0.0.0/8
2100:5100::/32 2100:5200::/32

CDS 2 Reference
Topology G0/1 CDS 2
R2 G0/2

G0/3 BGP 64492

CDS 2 Server IPs
G0/0 - 128.2.22.22
128.2.0.0/16 - 128.2.128.22
FW2 10.2.0.0/16 - 2001:1282:0:22::22
- 2001:1282:8:128::22
2001:1282::/44

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
Common Deployment Scenarios
Problem Statement
Internet Server IPs
• Consider when Multi-Homed: - 16.16.16.16
- 2000:16:16:16::16
• How are these links going to be used?
• High-Availability? Internet
• Active/Stand-By
• Congestion and High-Availability? ISP A - AS 64501 ISP B - AS 64502
• Active/Active 51.0.0.0/8 52.0.0.0/8
2100:5100::/32 2100:5200::/32

AS 64492

R2
128.2.0.0/16
2001:1282::/44

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Common Deployment Scenarios
Direct Internet Access (DIA) Internet Server IPs
- 16.16.16.16
• At Cisco Live US 2019 - 2000:16:16:16::16
• Received 13 comments about adding a
DIA example
Internet
• Your Feedback Matters!
• Added a new section on DIA connections ISP A ISP B

• Distribute Traffic Evenly to Alleviate 50Mbps

Congestion
• Both Links have the same value when 50Mbps
measured in different directions
R2

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 49
Common Deployment Scenarios Internet Server IPs
- 16.16.16.16
Ingress : Direct Internet Access (DIA) - 2000:16:16:16::16
• What is our Ingress Policy?
• Distribute the Load Evenly Across Both Links Internet
• Tool: Port Address Translation (PAT)
ISP A - AS 64501 ISP B - AS 64502
• PAT with provider given outside 51.0.0.0/8 52.0.0.0/8

addresses
• Maintains state of the traffic leaving R2
• Allow the corresponding return traffic (Ingress)
back in
PAT Outside ISP1 PAT Outside ISP2
51.51.2.2 52.52.2.2

R2
• NOTE: Cannot inherently host
services behind R2. 10.2.0.0/16

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Common Deployment Scenarios
Egress: Direct Internet Access (DIA) Load Sharing Outbound Traffic
Internet Server IPs
• What is our Egress Policy? - 16.16.16.16
• Distribute the Load Evenly Across Both Internet - 2000:16:16:16::16
Links
• Tool: ECMP Default Routes with IP SLA and ISP A - AS 64501 ISP B - AS 64502
Track Objects 51.0.0.0/8 52.0.0.0/8

• Two static tragic default routes

• One to each ISP respectively with same
cost
• Leverage CEF to load balance between ISPs
Default route to 51.51.2.1 Default route to 52.52.2.1
• IP SLA and track objects for dynamic Track Default route with Track Default route with
failover IP SLA R2 IP SLA

• Propagate Default routes in local IGP 10.2.0.0/16

• Redistribute static on R2 in IGP (EIGRP) Redistribute Default routes into IGP

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 51
Common Deployment Scenarios
Ingress DIA: Port Address Translation Configuration
• Create ACL to match traffic R2#
!
• ACL is used to match interesting traffic for our access-list 100 permit ip 10.2.0.0 0.0.255.255 any
PAT configuration !
route-map NAT_ISP1 permit 10
• Create two route maps match ip address 100
• Match PAT ACL
Internet
match interface GigabitEthernet0/1
!
• Match ISP interface route-map NAT_ISP2 permit 10
matchISP A - AS 64501
ip address 100 ISP B - AS 64502
51.0.0.0/8
match interface GigabitEthernet0/252.0.0.0/8
! 2100:5100::/32 2100:5200::/32

R2
10.2.0.0/16

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 52
Common Deployment Scenarios
Ingress DIA: Port Address Translation Configuration
• Enable PAT on interfaces R2#
interface range gi0/1-2
• Inside interfaces: Gi0/3 ip nat outside
• Outside interfaces: Gi0/1, Gi0/2 !
interface gi0/3
• Create two PAT rules ip nat inside
Internet
!
• One for each ISP link ip nat inside source route-map NAT_ISP1 interface
• Call corresponding route-map for ISP interface GigabiteEthernet0/1 overload
! ISP A - AS 64501 ISP B - AS 64502
ip nat inside51.0.0.0/8 52.0.0.0/8
source route-map NAT_ISP2 interface
• Verify real time PAT translations 2100:5100::/32
GigabiteEthernet0/2 overload 2100:5200::/32
• show ip nat translations

R2
10.2.0.0/16

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 53
Common Deployment Scenarios
Egress: Direct Internet Access (DIA) Load Sharing Outbound Traffic
Internet Server IPs
• What is our Egress Policy? - 16.16.16.16
• Distribute the Load Evenly Across Both Internet - 2000:16:16:16::16
Links
• Tool: ECMP Default Routes with IP SLA and ISP A - AS 64501 ISP B - AS 64502
Track Objects 51.0.0.0/8 52.0.0.0/8

• Two static tragic default routes

• Propagate Default routes in local IGP 10.2.0.0/16

• Redistribute static on R2 in IGP (EIGRP) Redistribute Default routes into IGP

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 54
Common Deployment Scenarios
Egress DIA: IP SLA
• Build IP SLAs R2#
ip sla 1
• Utilize the source-interface option of icmp-echo icmp-echo 51.51.2.1 source-interface
• Modify threshold, timeout, and frequency as GigabitEthernet0/1
needed !
ip sla schedule 1 life forever start-time now
• Don’t forget to start the IP SLA ! Internet
ip sla 2
• Each IP SLA needs to be scheduled icmp-echo 52.52.2.1 source-interface
ISP A - AS 64501
GigabitEthernet0/2 ISP B - AS 64502
• ip sla schedule # life forever start-time now 51.0.0.0/8 52.0.0.0/8
!
2100:5100::/32
ip sla schedule 2100:5200::/32
2 life forever start-time now
• Verify IP SLAs are up
• show ip sla summary

R2
10.2.0.0/16

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 55
Common Deployment Scenarios
Egress DIA: Track Objects, Default Routes
• Build Track objects R2#
!
• Call each IP SLA we made track 1 ip sla 1 reachability
track 2 ip sla 2 reachability
• Configure default “tragic” routes !
• One for each ISP ip route 0.0.0.0 0.0.0.0 51.51.2.1 track 1
ip route 0.0.0.0 0.0.0.0 Internet
52.52.2.1 track 2
• Leverage the corresponding track object !
router eigrp DUAL-STACK
• Pass the default route into the local IGP ISP A - AS
address-family ipv464501 ISP B - AS 6450210
unicast autonomous-system
51.0.0.0/8
topology base 52.0.0.0/8
• Redistribute static in IGP (EIGRP) 2100:5100::/32
redistribute static 2100:5200::/32

• Verification
• show track, show ip route, and show ip eigrp
topology
R2
10.2.0.0/16

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 56
Common Deployment Scenarios
Active-Standby : Ingress/Egress
Internet Server IPs
• What is our Ingress Policy? - 16.16.16.16
- 2000:16:16:16::16
ISP Z
• Use ISP A for all Incoming traffic. ISP X
Fail-over to ISP B if ISP A fails. ISP Y

• Tool: AS-Path Prepend

ISP A - AS 64501 ISP BISP
- ASB 64502
• What is our Egress Policy? 51.0.0.0/8
2100:5100::/32
52.0.0.0/8
2100:5200::/32
• Use ISP A for all Outgoing traffic.
Fail-over to ISP B if ISP A fails.
LocalPref 200 Prepend +4
• Tool: Local-Pref
AS 64492

R2
128.2.0.0/16
2001:1282::/44
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 57
Common Deployment Scenarios
Question?
• Lets say we want the full internet table
on R2 Internet
• What could happen?
ISP A - AS 64501 ISP B - AS 64502
51.0.0.0/8 52.0.0.0/8
2100:5100::/32 2100:5200::/32

AS 64492
R2
128.2.0.0/16
2001:1282::/44

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 58
Common Deployment Scenarios
Unintentional Transport Provider
• In a Multi-homed situation, we could
receive Prefixes from ISP B and Pass ISP Z
them to ISP A. ISP X
ISP Y

ISP A - AS 64501 ISP BISP

- ASB 64502
51.0.0.0/8 52.0.0.0/8
2100:5100::/32 2100:5200::/32

AS 64492
R2
128.2.0.0/16
2001:1282::/44

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 59
Common Deployment Scenarios
Unintentional Transport Provider
• In a Multi-homed situation, we could
receive Prefixes from ISP B and Pass ISP Z
them to ISP A. ISP X
ISP Y
• Customers of ISP A (or Neighboring AS)
could see our AS as a shorter path to
ISP A - AS 64501 ISP BISP
- ASB 64502
ISP B and we will now provide a transit 52.0.0.0/8
51.0.0.0/8
path for ISP A to reach ISP B. 2100:5100::/32 2100:5200::/32

AS 64492
R2
128.2.0.0/16
2001:1282::/44

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 60
Common Deployment Scenarios
R2#
Advertise Only Enterprise Prefixes !
• Safety First: ip as-path access-list 1 permit ^$
!
Filter All Outgoing Routes except Enterprise
Address Space R2#
router bgp 64492
• Use a filter-list to filter prefixes that we do not !
address-family ipv4
originate. Internet
neighbor 51.51.2.1 filter-list 1 out
neighbor 52.52.2.1 filter-list 1 out
• Our Local AS Number is added after exit-address-family
processing AS Path List, so we match on ! ISP A - AS 64501 ISP B - AS 64502
empty AS Path 51.0.0.0/8
address-family ipv6 52.0.0.0/8
2100:5100::/32
neighbor 2100:5100:51:2::12100:5200::/32
filter-list 1 out
• (^) matches beginning of path. ($) matches neighbor 2100:5200:52:2::1 filter-list 1 out
end of path.
AS 64492
• Finally, apply filter-list in outbound direction R2
128.2.0.0/16
2001:1282::/44
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 61
Common Deployment Scenarios
Ingress : Prepend out ISP B R2#
• TE Ingress over ISP A, we prepend our !
AS-Path out to ISP B. route-map OUT-IspB permit 10
description
• Remember: BGP prefers the shortest AS- APPLY_TO_OUTBOUND_PREFIXES_TOWARDS_ispB
Path set as-path prepend 64492 64492 64492 64492

• Prepend <=4 time. >=5 is considered R2#sh run | sec bgp

Obnoxious. router bgp 64492ISP X ISP Z
!
ISP Y
• Apply Route-Map to BGP Neighbors in address-family ipv4
neighbor 52.52.2.1 route-map OUT-IspB out
Outbound Direction ! ISP B
address-family ipv6
neighbor 2100:5200:52:2::1 route-map OUT-IspB out

AS 64492
R2
128.2.0.0/16
2001:1282::/44
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 62
Common Deployment Scenarios
Test Ingress Policy via Remote Server
BB1#sh ip bgp | be 128.2.0.0
• Test Ingress TE Policy *> 128.2.0.0 50.50.51.2 0 64501 64492 i

• Search Engine: “Looking Glass” or BB1#traceroute 128.2.1.1

“Route Server” Type escape sequence to abort.
• Telnet Access to Remote Router Upstream Tracing the route to 128.2.1.1
to End-User
1 50.50.51.2 0 msec 0 msec 0 msec
2 51.51.2.2 [AS 64501] 0 msec 0 msec *
• Perform Traceroute or Show ip bgp | ISP A - AS 64501 ISP B - AS 64502
begin <prefix> 51.0.0.0/8 52.0.0.0/8
2100:5100::/32 2100:5200::/32

AS 64492
R2
128.2.0.0/16
2001:1282::/44
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 63
Common Deployment Scenarios
Egress: Local-Pref ISP A Prefixes R2#
!
• Egress TE: Local Pref all Prefixes from route-map IN-IspA permit 10
description
ISP-A. APPLY_TO_INBOUND_PREFIXES_FROM_ispA
• Remember: Highest Local Pref Wins. set local-preference 200

• Apply Route-Map to BGP Neighbors in R2#sh run | sec bgp

router bgp 64492
Inbound Direction !
address-family ipv4
neighbor
ISP A -51.51.2.1
AS 64501 route-map
ISP
IN-IspA
B - ASin64502
! 51.0.0.0/8 52.0.0.0/8
address-family
2100:5100::/32
ipv6 2100:5200::/32
neighbor 2100:5100:51:2::1 route-map IN-IspA in

AS 64492
R2
128.2.0.0/16
2001:1282::/44
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 64
Common Deployment Scenarios
Verify v4 BGP RIB
• Test Egress TE Policy
for the IPv4 address
family R2#sh ip bgp ipv4 unicast
BGP table version is 13, local router ID is 128.2.1.1
• show ip bgp ipv4 unicast Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next ISP

HopA - AS 64501
Metric LocPrf ISP
Weight
B - AS
Path64502
*> 0.0.0.0 51.51.2.151.0.0.0/8 0 200 52.0.0.0/8
0 64501 64500 i
* 52.52.2.1
2100:5100::/320 0 64502 64500 i
2100:5200::/32
*> 128.2.0.0 0.0.0.0 0 32768 i

AS 64492
R2
128.2.0.0/16
2001:1282::/44
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 65
Common Deployment Scenarios
Verify v6 BGP RIB
• Test Egress TE Policy
for the IPv6 address
family R2#sh ip bgp ipv6 unicast
BGP table version is 5, local router ID is 128.2.1.1
• show ip bgp ipv6 unicast Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

AS 64492
R2
128.2.0.0/16
2001:1282::/44
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 66
Common Deployment Scenarios
Solve: Congestion; Equal Link Speed Internet Server IPs
- 16.16.16.16
• Distribute Traffic Evenly to Alleviate - 2000:16:16:16::16
Congestion
• Both Links have the same value when Internet
measured in different directions
ISP A ISP B

50Mbps

50Mbps
R2

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 67
Common Deployment Scenarios
Ingress : Split PI (Provider Independent) Space
• What is our Ingress Policy?
• Distribute the Load Evenly Across Both Links Internet
• Tool: More Specific Advertisements

• Split PI Aggregates in Half; advertise across both ISP A - AS 64501 ISP B - AS 64502
Providers 51.0.0.0/8 52.0.0.0/8
2100:5100::/32 2100:5200::/32
• Half of /16 = /17
• Half of /44 = /45

• Advertise Complete Aggregate in case of Failure 128.2.0.0/17 & 128.2.128.0/17 &

2001:1282::/45 2001:1282:8::/45
• Remember, If you cannot split PI aggregate, you /16 & /44 /16 & /44
can Anycast your prefixes or use AS_PATH pre-
pend. AS 64492
R2
• Anycast = Unpredictable Results
128.2.0.0/16
• AS_Path Pre-Pend = Active/Standby
2001:1282::/44

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 68
Common Deployment Scenarios
Split Up NAT Pool
• What if there is a NAT Device behind the
Edge Router?
Internet
• How Can We Maintain Splitting Our ISP A - AS 64501 ISP B - AS 64502
Aggregate Prefix for Egress Traffic? 51.0.0.0/8 52.0.0.0/8
2100:5100::/32 2100:5200::/32
• Solution: Use Multiple NAT/PAT Pools
• “NAT” for IPv6 (NPTv6) is Not Shown.
AS 64492
EXAMPLE
NAT_POOL_1 NAT_POOL_2
R2
128.2.0.0/17 128.2.128.0/17 128.2.0.0/16
Outside 2001:1282::/44
NAT Boundary
Inside 10.2.0.0/16
2001:1282::/44 FW2
10.2.0.0/17 10.2.128.0/17
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 69
Common Deployment Scenarios
Load Sharing Outbound Traffic to Avoid Congestion
• What is our Egress Policy?
• Distribute the Load Evenly Across Both Internet
Links
• Tool: Local Preference & More Specifics ISP A - AS 64501 ISP B - AS 64502
51.0.0.0/8 52.0.0.0/8
• Filter every other /4 (and select v6 2100:5100::/32 2100:5200::/32
prefixes) from ISP A and accept default
routes v4: : 0/4,32/4, 64/4,
• Implies We Must receive Full Internet Routes etc., (v4: 0/0)
from ISP A. & select v6 Prefixes 0.0.0.0/0 & ::/0
(::/0) Local Pref = 200
• Accept default routes from ISP B and
increase their LOCAL_PREF AS 64492
R2
128.2.0.0/16
2001:1282::/44

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 70
Common Deployment Scenarios 0.0.0.0/4 le 24
Every Other /4: IPv4
16.0.0.0/4 le 24
32.0.0.0/4 le 24
Break Up 0.0.0.0/0 by /4 (or 240.0.0.0) 48.0.0.0/4 le 24
Keep These Prefixes 64.0.0.0/4 le 24
Drop These Prefixes 80.0.0.0/4 le 24
96.0.0.0/4 le 24
112.0.0.0/4 le 24
128.0.0.0/4 le 24
144.0.0.0/4 le 24
160.0.0.0/4 le 24
176.0.0.0/4 le 24
192.0.0.0/4 le 24
208.0.0.0/4 le 24
Class D & E Space is unroutable
on the Public Internet 224.0.0.0/4 le 24
240.0.0.0/4 le 24
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 71
Common Deployment Scenarios
IPv6 Aggregates

2001:0000::/18

2001:4000::/20
2001:8000::/22
2002:0000::/15
2001:5000::/20
2400:0000::/6
2800:0000::/5
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 72
Common Deployment Scenarios
Advertise More Specifics : Ingress Path R2#
!
• Ingress Path Selection: Advertise More ip route 128.2.0.0 255.255.128.0 Null0
ip route 128.2.128.0 255.255.128.0 Null0
Specifics ipv6 route 2001:1282::/45 Null0
• *Remove Any Inbound Filters that would ipv6 route 2001:1282:8::/45 Null0
prevent Receiving Full Routes R2#sh run | sec bgp
router bgp 64492
Internet
• First, Add Static Routes for Specific !
address-family ipv4
Prefixes network 128.2.0.0 mask 255.255.128.0
ISP A - AS 64501 ISP B - AS 64502
network 128.2.128.0 mask 255.255.128.0
• Use Network command to advertise more !
51.0.0.0/8 52.0.0.0/8
2100:5100::/32 2100:5200::/32
specific prefixes. address-family ipv6
network 2001:1282::/45
network 2001:1282:8::/45

AS 64492
R2
128.2.0.0/16
2001:1282::/44
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 73
Common Deployment Scenarios
Single Router, 2 Links (Equal Speed) : Congestion
• Create Prefix Lists to Filter Outbound R2#
!
Routes for IPv4 ip prefix-list ispA description
• Prefix-lists are applied in outbound OUTBOUNDv4_FILTER_FOR_ispA
direction ip prefix-list ispA seq 5 permit 128.2.0.0/16
ip prefix-list ispA seq 10 permit 128.2.0.0/17
! Internet
Ip prefix-list ispB description
OUTBOUNDv4_FILTER_FOR_ispB
ISP A ispB
ip prefix-list - AS seq
64501 ISP B - AS 64502
5 permit 128.2.0.0/16
51.0.0.0/8
ip prefix-list 52.0.0.0/8
ispB seq 10 permit 128.2.128.0/17
! 2100:5100::/32 2100:5200::/32

AS 64492
R2
128.2.0.0/16
2001:1282::/44
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 74
Common Deployment Scenarios
Single Router, 2 Links (Equal Speed) : Congestion
• Create Prefix Lists to Filter Outbound
Routes for IPv6 R2#
ipv6 prefix-list ispAv6 description
• Prefix-lists are applied in outbound OUTBOUNDv6_FILTER_FOR_ispA
direction ipv6 prefix-list ispAv6 seq 5 2001:1282::/44
ipv6 prefix-list ispAv6 seq 10 2001:1282::/45
!
Internet
ipv6 prefix-list ispBv6 description
OUTBOUNDv6_FILTER_FOR_ispB
ISP A - AS 64501 ISP B - AS 64502
ipv6 prefix-list ispBv6 seq 5 2001:1282::/44
51.0.0.0/8 52.0.0.0/8
ipv6 prefix-list ispBv6 seq 10 2001:1282:8::/45
2100:5100::/32 2100:5200::/32

AS 64492
R2
128.2.0.0/16
2001:1282::/44
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 75
Common Deployment Scenarios
Keep Every Other /4 for Egress Path Selection
• Egress Path Selection: Local R2#
ip prefix-list v4ispAin description EVERY_OTHER_SLASH4
Preference ip prefix-list v4ispAin seq 5 permit 0.0.0.0/0
ip prefix-list v4ispAin seq 10 permit 0.0.0.0/4 le 24
• Build Appropriate Prefix Lists to Match ip prefix-list v4ispAin seq 15 permit 32.0.0.0/4 le 24
Aggregates and Set Local-Preference ip prefix-list v4ispAin seq 20 permit 64.0.0.0/4 le 24
ip prefix-list v4ispAin seqInternet
25 permit 96.0.0.0/4 le 24
• Apply Prefix Lists to Appropriate Neighbors ip prefix-list v4ispAin seq 30 permit 128.0.0.0/4 le 24
(Inbound) ip prefix-list v4ispAin seq 35 permit 160.0.0.0/4 le 24
ip prefix-list
ISPv4ispAin seq 40 permitISP
A - AS 64501 192.0.0.0/4 le 24
B - AS 64502
! 51.0.0.0/8 52.0.0.0/8
ipv6 prefix-list v6ispAin
2100:5100::/32description FIRST_HALF_V6_OUT
2100:5200::/32
ipv6 prefix-list v6ispAin seq 5 permit ::/0
ipv6 prefix-list v6ispAin seq 10 permit 2001:0000::/18 le 32

AS 64492
R2
128.2.0.0/16
2001:1282::/44
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 76
Common Deployment Scenarios
Single Router, 2 Links (Equal Speed) : Congestion
• Egress TE: Local Preference R2#
!
• Build Appropriate Prefix Lists to !
ip prefix-list v4ispBin description DEFAULT_IN_B
Match Aggregates and Set ip prefix-list v4ispBin seq 5 permit 0.0.0.0/0
Local-Preference !
Internet
ipv6 prefix-list v6ispBin description SECOND_HALF_OUT
• Apply Prefix Lists to Appropriate ipv6 prefix-list v6ispBin seq 5 permit 2001:4000::/20 le 32
Neighbors ipv6 prefix-list v6ispBin seq 10 permit 2001:8000::/22 le 32
ISPv6ispBin
ipv6 prefix-list A - AS 64501
seq 15 permitISP B - AS 64502 le 32
2002:0000::/15
51.0.0.0/8
ipv6 prefix-list v6ispBin 52.0.0.0/8
seq 20 permit 2001:5000::/20 le 32
ipv6 prefix-list2100:5100::/32
v6ispBin seq 25 permit 2100:5200::/32
2400:0000::/6 le 32
ipv6 prefix-list v6ispBin seq 30 permit 2800:0000::/5 le 32

AS 64492
R2
128.2.0.0/16
2001:1282::/44
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 77
Common Deployment Scenarios
Single Router, 2 Links : NAT !ASA
!ver 8.3
• Create First Dynamic NAT Pool Address !
Assignment for Outside Address Prefix object network nat-range1
Internet
range 128.2.0.0 128.2.127.253
• Add an Address for Dynamic Pat !
ISPnetwork
A - AS 64501 ISP B - AS 64502
object pat-ip1
51.0.0.0/8
host 128.2.127.254 52.0.0.0/8
• Combine Both Assignments into an Object ! 2100:5100::/32 2100:5200::/32
Group object-group network nat-pat-grp1
network-object object nat-range1
network-object object pat-ip1
! AS 64492

R2
128.2.0.0/16
Outside 2001:1282::/44
NAT Boundary
Inside 10.2.0.0/16
2001:1282::/44 FW2

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 78
Common Deployment Scenarios
Single Router, 2 Links : NAT !ASA
!ver 8.3
• Create Second Dynamic NAT Pool Address !
Assignment for Outside Address Prefix object network nat-range2
range 128.2.128.0Internet
128.2.255.253
• Add an Address for Dynamic Pat !
ISP A - AS pat-ip2
64501 ISP B - AS 64502
object network
51.0.0.0/8
host 128.2.255.254 52.0.0.0/8
• Combine Both Assignments into an Object ! 2100:5100::/32 2100:5200::/32
Group object-group network nat-pat-grp2
network-object object nat-range2
network-object object pat-ip2
! AS 64492

R2
128.2.0.0/16
Outside 2001:1282::/44
NAT Boundary
Inside 10.2.0.0/16
2001:1282::/44 FW2

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 79
Common Deployment Scenarios
Single Router, 2 Links : NAT
• Finally, Assign Both Inside Pools to Outside
Ranges !ASA
!ver 8.3 Internet
• If all Addresses are allocated, Dynamic PAT is !
used. ISP
object A - AS First_Half_Nat_Pool
network 64501 ISP B - AS 64502
subnet51.0.0.0/8 52.0.0.0/8
10.2.0.0 255.255.128.0
2100:5100::/32 2100:5200::/32
nat (inside,outside) dynamic nat-pat-grp1
!
object network Second_Half_Nat_Pool
subnet 10.2.128.0 255.255.128.0
AS 64492
nat (inside,outside) dynamic nat-pat-grp2

R2
128.2.0.0/16
Outside 2001:1282::/44
NAT Boundary
Inside 10.2.0.0/16
2001:1282::/44 FW2

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 80
Common Deployment Scenarios
Monitor and Tweak Internet Server IPs
- 16.16.16.16
• Monitor Traffic BYTE COUNT per-Link - 2000:16:16:16::16
• CLI, SNMP, RMON
Internet
• If Traffic is Not Evenly Distributed (i.e.,
ISP A - AS 64501 ISP B - AS 64502
Causing Congestion), use Same Techniques 51.0.0.0/8 52.0.0.0/8
to Distribute Traffic For Unequal Speed Links 2100:5100::/32 2100:5200::/32
• *Tweak based on Traffic Pattern (Provide vs.
Access)

20% Util. Avg. 80% Util. Avg.

AS 64492

R2
128.2.0.0/16
2001:1282::/44

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 81
Common Deployment Scenarios
Unequal Speeds : Two Methods
• Unequal Link Speeds
• Balance Methods:
• Manually Internet
• Dynamically*
ISP A ISP B

50Mbps

100Mbps
R2

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 82
Common Deployment Scenarios
Manual Adjustment : Ingress & Egress
• Ingress Traffic
• Announce additional more-specific Routes
or, if using NAT, adjust NAT Pool
configuration Internet
• Move Prefixes with AS_Path Prepends to
different links
ISP A ISP B
• Egress Traffic
50Mbps
• Easy; a matter of slicing (and dicing)
prefixes in local BGP table
• (More Specifics, Local Preference)
100Mbps
R2

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 83
Common Deployment Scenarios
Unequal Speeds : Manual Egress Adjustment
• From a Router’s Perspective, Which Single Prefix Best Describes the Entire
IPv4 Address Space?
• 0.0.0.0/0

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 84
Common Deployment Scenarios
Creating More Specific Routes : Egress Traffic

Breaking Up /0

/1 /1

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 85
Common Deployment Scenarios
Creating More Specific Routes : Egress Traffic

Breaking Up /0 Aggregate: Quarters,

Eighths, and Sixteenths

/4 /4 /2
/4
/4

/3
/2
/3

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 86
Common Deployment Scenarios
Creating More Specific Routes : Egress Traffic
128.2.0.0/16

Half Prefix 128.2.0.0/17

128.2.128.0/17
Quarter Prefix 128.2.0.0/18
128.2.64.0/18
128.2.128.0/18
128.2.192.0/18
Eight Prefix 128.2.0.0/19
128.2.32.0/19
128.2.64.0/19
128.2.96.0/19
128.2.128.0/19
128.2.160.0/19
128.2.192.0/19
128.2.224.0/19

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 87
Identifying Technical Requirements
Example: Unequal Speeds
• Consider the pictured scenario
(right)
• ISP A has provisioned 50Mbps circuit
Internet
• ISP B has provisioned 100Mbps

• For Egress TE, Begin by “evenly” ISP A ISP B

splitting up aggregates.
50Mbps

100Mbps
R2

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 88
Common Deployment Scenarios
Manual Adjustment Strategy
• Take a Default from ISP B, Local Pref Internet
200
• Take Full Routes from ISP A, Accept ISP A - AS 64501 ISP B - AS 64502
(filter) a fraction of the usable ‘every 51.0.0.0/8 52.0.0.0/8
other /4’ aggregates 2100:5100::/32 2100:5200::/32

• Monitor byte count and adjust prefix- 50Mbps 100Mbps

list as necessary
v4: 48/4,80/4,144/4,160/4, 0/0 0.0.0.0/0 & ::/0
& IPv6 Specifics + ::/0 Local Pref = 200

R2 AS 64492
128.2.0.0/16
2001:1282::/44

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 89
Common Deployment Scenarios
Manual Adjustment
• More Specifics Will Have Next Hop Internet
to ISP A
• All Other Traffic out towards ISP B ISP A - AS 64501 ISP B - AS 64502
(via Default Route, Local Pref=200) 51.0.0.0/8 52.0.0.0/8
2100:5100::/32 2100:5200::/32
• If ISP B fails, use Default from ISP A
(Local Pref = 100) 50Mbps 100Mbps

v4: 48/4,80/4,144/4,160/4, 0/0 0.0.0.0/0 & ::/0

& IPv6 Specifics + ::/0 Local Pref = 200

R2 AS 64492
128.2.0.0/16
2001:1282::/44

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 90
Common Deployment Scenarios
Manual Adjustment
• Same Can Be Done to Tweak Equal Internet
Speed Links
• For Example, Break up Address ISP A - AS 64501 ISP B - AS 64502
Space by /4 and Use Every other 51.0.0.0/8 52.0.0.0/8
Aggregate 2100:5100::/32 2100:5200::/32

• (Instead of /1) 50Mbps 100Mbps

v4: 48/4,80/4,144/4,160/4, 0/0 0.0.0.0/0 & ::/0

& IPv6 Specifics + ::/0 Local Pref = 200

R2 AS 64492
128.2.0.0/16
2001:1282::/44

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 91
Common Deployment Scenarios
Further Optimizations
• Consider Alternatives to filtering ‘Every other /4’ ranges
• Every other /3?
• Every other /8?

• Receive the ISP’s Customer Prefixes

• Request from ISP: sometimes referred to as Partial Routes, Local Routes, or Carrier Routes
• AS_Path Filter using Regular Expressions to match AS_Paths of your upstream ISP.
• Filter Based on BGP Community Tag

• Build Prefix list based on Netflow or Customer-specific information

• All prefixes filtered except Top-N prefixes along with a default route.

• Dynamic Policy based on Usage, SLA, or Metric beyond what BGP natively provides
• This is accomplished with Cisco Performance Routing; more on this later.

• Software Defined Networking (SDN)

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 92
Common Deployment
Scenario 3
Multiple Routers, Multiple Links
(Equal and Unequal BW)
Internet Server IPs
- 16.16.16.16
- 2000:16:16:16::16

Internet
ISP A - AS 64501 ISP B - AS 64502
51.0.0.0/8 52.0.0.0/8
2100:5100::/32 2100:5200::/32

CDS 3 Reference G0/1 CDS 3

G0/2

Topology R3
G0/2
G0/1 R4
BGP 64493
G0/3 G0/3
G0/1 G0/2
SW1
CDS 3 Server IPs G0/3
- 128.3.33.33 G0/0
- 128.3.128.33 128.3.0.0/16
- 2001:1283:0:33::33 FW3 10.3.0.0/16
- 2001:1283:8:128::33 2001:1283::/44

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 94
Common Deployment Scenarios Internet Server IPs
- 16.16.16.16
2 Routers, 2 Links (Equal Speed) : Firewall and FHRP - 2000:16:16:16::16
• Option 1: Leverage Firewall and First Hop
Internet
Redundancy Protocol
ISP A - AS 64501 ISP B - AS 64502
• Hot Standby Router Protocol (HSRP) 52.0.0.0/8
51.0.0.0/8
2100:5100::/32 2100:5200::/32
• The Stacked Switch is a Layer 2 Bridge
• The Firewall is Layer 2 Adjacent to Both AS 64493
Routers
R3 R4
VLAN X

VLAN X

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 95
Common Deployment Scenarios
Ingress: Split and Advertise PI Space
• Ingress Traffic Engineering Policy
Internet
• Advertisements to both ISPs are ISP A - AS 64501 ISP B - AS 64502
Same Policy as in Option 1 51.0.0.0/8 52.0.0.0/8
2100:5100::/32 2100:5200::/32

AS 64493

R3 R4
128.3.0.0/17 &
2001:1283::/45,
/16 & /44

128.3.0.0/16
128.3.128.0/17 &
2001:1283:8::/45
2001:1283::/44
/16 & /44

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 96
Common Deployment Scenarios
2 Routers, 2 Links (Equal Speed) : Firewall and FHRP
• Ingress Traffic Engineering Policy
Internet
• Both Routers use a Static Route ISP A - AS 64501 ISP B - AS 64502
Pointing Back to Firewall for PI 51.0.0.0/8 52.0.0.0/8
Address Space 2100:5100::/32 2100:5200::/32

AS 64493
128.3.0.0/16 128.3.0.0/16
2001:1283::/44 R3 R4 2001:1283::/44

128.3.0.0/16
2001:1283::/44

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 97
Common Deployment Scenarios
2 Routers, 2 Links (Equal Speed) : Firewall and FHRP
• Examine Ingress Traffic Flow
Internet
• Break a Link; The Black Hole Appears again.
ISP A - AS 64501 ISP B - AS 64502
• Solution: 51.0.0.0/8 52.0.0.0/8
2100:5100::/32 2100:5200::/32
• Enable EIGRP between FW and Routers. ASA
supports EIGRP summary-address. Ignore Previous
Slide as well. AS 64493

R3 R4

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 98
Common Deployment Scenarios
Egress : Take Defaults
• Egress Traffic Engineering Policy
Internet
• We Can Accept Default Routes from Both ISP A - AS 64501 ISP B - AS 64502
Service Providers 51.0.0.0/8 52.0.0.0/8
2100:5100::/32 2100:5200::/32

AS 64493

R3 R4

v4 = 0.0.0.0/0
v6 = ::/0

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 99
Common Deployment Scenarios
2 Routers, 2 Links (Equal Speed) : Firewall and FHRP
• Egress Traffic Engineering Policy
Internet
• Create two HSRP Groups across HSRP Group 1 - Primary HSRP Group 1 - Secondary
ISP A - AS 64501 ISP B -=AS 64502
both Routers v4 VIP = 192.168.1.1 (Preempt) v4 VIP 192.168.1.1
v6 VIP = 2001:1283::1/64 51.0.0.0/8
(Preempt) v6 VIP52.0.0.0/8
= 2001:1283::1/64
• Each Router is Active for One of the 2100:5100::/32 2100:5200::/32
HSRP Groups
AS 64493
• Egress From Firewall:
• Default Routes on FW to HSRP R3 R4
Groups; BGP handles outbound
forwarding. HSRP Group 2 - Secondary HSRP Group 2 - Primary
v4 VIP = 192.168.1.2 v4 VIP = 192.168.1.2 (Preempt)
v6 VIP = 2001:1283::2/64 v6 VIP = 2001:1283::2/64 (Preempt)

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 100
Common Deployment Scenarios
asa8.3(config)#
Firewall IP Routing Configuration Example !
• Egress Traffic Engineering Policy ! Send first aggregate ISPblock
Y to HSRP Group 1
route outside 0.0.0.0 128.3.0.0 192.168.1.1
! ISP X ISP Z
• Finally, Configure Static Routes on ipv6 route outside 2001:0000::/18 FC00:1::1
the Firewall using Aggregates that
ISP B ISP
- ASB64497
! ISP A - AS 64499
5.0.0.0/8
! 10.0.0.0/8
2100:B000::/32
Point to Different HSRP VIPs 2100:A000::/32
! Send Second aggregate block to HSRP Group 2
route outside 128.0.0.0 128.3.0.0 192.168.1.2
!
ipv6 route outside 2001:4000::/20 FC00:1::2AS 64498
ipv6 route outsideR1 2001:8000::/22
R2 FC00:1::2
ipv6 route outside 2002:0000::/15 FC00:1::2
ipv6 route outside 2001:5000::/20 FC00:1::2
ipv6 route outside 2400:0000::/6 FC00:1::2
ipv6 route outside 2800:0000::/5 FC00:1::2

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 101
Common Deployment Scenarios
2 Routers, 2 Links (Equal Speed) : Firewall and FHRP
• What about Gateway Load Balancing Protocol
(GLBP)? Internet
R3A=-AVG
ISP AS 64501 ISP BR4- AS 64502
• The firewall will perform ARP and the AVG Virtual MAC: Virtual MAC:
52.0.0.0/8
51.0.0.0/8
(Active Virtual Gateway) will respond with Virtual 0007.b400.0101
2100:5100::/32 0007.b400.0102
2100:5200::/32
MAC of either R3 or R4.
AS 64493
• Traffic is now polarized to a single link.
• More specific routes and use of Local Preference is R3 R4
required for forwarding on both links. ARP
Response

Default Gateway MAC

0007.b400.0102
ARP Request

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 102
Common Deployment Scenarios
2 Routers, 2 Links (Equal Speed):
• Option 2: ECMP on Firewall
Internet
• IGP between Edge Routers and Firewall
ISP A - AS 64501 ISP B - AS 64502
• Redistribute Default (or Prefixes) into IGP 51.0.0.0/8 52.0.0.0/8
• Firewall will perform ECMP across multiple Edge 2100:5100::/32 2100:5200::/32
Routers
AS 64493
• Firewall advertises Aggregate
R3 R4
VLAN X EIGRP 10

0.0.0.0/0 0.0.0.0/0
::/0 ::/0

VLAN X

128.3.0.0/16
2001:1283::/44
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 103
Common Deployment Scenarios
2 Routers, 2 Links (Equal Speed)
• Option 3: Intermediate Equal-Cost Multipath
(ECMP) Internet
ISP A - AS 64501 ISP B - AS 64502
• Leverage Layer 3-capable Switch for ECMP 52.0.0.0/8
51.0.0.0/8
to Edge Routers 2100:5100::/32 2100:5200::/32
• Stackwise Switch for High Availability (R2
AS 64493
connects to Stack Member 1 and R4 connects to
Stack Member 2)
R3 R4

128.3.0.0/16
2001:1283::/44

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 104
Common Deployment Scenarios
Split PI Space for Ingress TE
• Ingress Traffic Engineering Policy
Internet
• Advertise More Specific Routes along with their
ISP A - AS 64501 ISP B - AS 64502
Aggregate for Failover 52.0.0.0/8
51.0.0.0/8
• Use Same Techniques For Single Router, Multiple 2100:5100::/32 2100:5200::/32
Links
AS 64493

128.3.0.0/17 & R3 R4
2001:1283::/45,
/16 & /44

128.3.128.0/17 &
2001:1283:8::/45
/16 & /44

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 105
Common Deployment Scenarios
ECMP : Egress Strategy
• Egress Traffic Engineering Policy
Internet
• Enable an IGP Routing Protocol that Supports
ISP A - AS 64501 ISP B - AS 64502
ECMP between Edge Routers and Layer 3 52.0.0.0/8
51.0.0.0/8
Switch 2100:5100::/32 2100:5200::/32
• EIGRP, OSPF, iBGP, IS-IS
AS 64493
• Redistribute a Default Route on each Edge
Router into the IGP R3 R4
IGP
• The Layer 3 Switch has a Static Route for PI 0.0.0.0/0 0.0.0.0/0
Address Space set to Next-Hop of the Firewall ::/0 ::/0

• The Firewall has a Single Default Route pointed 0.0.0.0/0

outbound ::/0

128.3.0.0/16
2001:1283::/44
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 106
Common Deployment Scenarios
2 Routers, 2 Links (Equal Speed) : ECMP
• Examine Ingress Traffic Flow
Internet
ISP A - AS 64501 ISP B - ASISP
64502
51.0.0.0/8 52.0.0.0/8
2100:5100::/32 2100:5200::/32

AS 64493

R3 R4
EIGRP 10

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 107
Common Deployment Scenarios
2 Routers, 2 Links (Equal Speed) : ECMP
• Examine Ingress Traffic Flow
Internet
• What if one of the Links between the ISP A - AS 64501 ISP B - AS 64502
Routers and Layer 3 Switch Fail? 51.0.0.0/8 52.0.0.0/8
2100:5100::/32 2100:5200::/32
• Traffic will become Black-Holed
• Solution: AS 64493

• 1. Create iBGP Neighbor Relationship R3 R4

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 108
Common Deployment Scenarios
2 Routers, 2 Links (Equal Speed) : ECMP
• Examine Ingress Traffic Flow
Internet
• What if one of the Links between the Routers
ISP A - AS 64501 ISP B - AS 64502
and Layer 3 Switch Fail? 52.0.0.0/8
51.0.0.0/8
• Traffic will become Black-Holed 2100:5100::/32 2100:5200::/32

• Solution:
AS 64493
• Create iBGP Neighbor Relationship
R3 R4
• Redistribute PI Address Space: EIGRP 10
EIGRP->BGP
128.3.0.0/16
2001:1283::/44

128.3.0.0/16
2001:1283::/44

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 109
Common Deployment Scenarios
2 Routers, 2 Links (Equal Speed) : ECMP
• Examine Ingress Traffic Flow
Internet
• iBGP and Redistribution allows for Dynamic
ISP A - AS 64501 ISP B - AS 64502
Convergence 52.0.0.0/8
51.0.0.0/8
2100:5100::/32 2100:5200::/32

AS 64493

R3 R4
EIGRP 10

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 110
Common Deployment Scenarios
2 Routers, 2 Links (Equal Speed) : ECMP
• Examine Egress Traffic Flow
Internet
• The Layer 3 Switch has two Default Routes
ISP A - AS 64501 ISP B - AS 64502
from R3 and R4; Cisco Express Forwarding 52.0.0.0/8
51.0.0.0/8
(CEF) automatically performs ECMP. 2100:5100::/32 2100:5200::/32

AS 64493

R3 R4
EIGRP 10

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 111
Common Deployment Scenarios
2 Routers, 2 Links (Equal Speed) : ECMP
• What if the Link Between R4 and the Layer
Internet
3 Switch Breaks?
ISP A - AS 64501 ISP B - AS 64502
• Only One Path will be Active 51.0.0.0/8 52.0.0.0/8
2100:5100::/32 2100:5200::/32
• Solution:
• Filter every other /4 on R1 and Take Default AS 64493
and Local Preference on R4 R3 R4
• (we previously configured this) EIGRP 10

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 112
Common Deployment Scenarios
2 Routers, 2 Links (Equal Speed) : ECMP
• Corrected Egress Traffic Flow
Internet
• R3 will send traffic to R4 as Default Path if no
More-Specific Path is found on R3 ISP A - AS 64501 ISP B - AS 64502
51.0.0.0/8 52.0.0.0/8
2100:5100::/32 2100:5200::/32

AS 64493

R3 R4
EIGRP 10

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 113
Common Deployment Scenarios
2 Routers, 2 Links Unequal Speed Adjustment
• Ingress Traffic
Internet
• Advertise More Specific Routes or, if using NAT,
adjust NAT Pool configuration ISP A - AS 64501 ISP B - AS 64502
• Rearrange Prefix and AS_PATH prepend 51.0.0.0/8 52.0.0.0/8
2100:5100::/32 2100:5200::/32
Advertisements
• Egress Traffic: AS 64493
• FHRP or ECMP: R4
R3
• R3 uses Partial-Full Routes and Increase Local Preference
of Default Route on R4. (i.e. “Every other /4”)

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 114
Common Deployment
Scenario 4
Multiple Routers, Links, and Sites
Internet Server IPs
- 16.16.16.16
- 2000:16:16:16::16

Internet
ISP A - AS 64501 ISP B - AS 64502
51.0.0.0/8 52.0.0.0/8
2100:5100::/32 2100:5200::/32

G0/2
G0/1
CDS 4 Reference
CDS 4
G0/2 G0/1

Topology
R5 BGP 64494 R6
G0/3 G0/3
G0/0 G0/1
128.4.0.0/16
FW4 10.4.0.0/16 FW5
G0/1 G0/0
G0/1 2001:1284::/44 G0/2
G0/2 G0/1
R7 R8
CDS 4 West DC Server IPs CDS 4 East DC Server IPs
- 128.4.44.44 - 128.4.128.44
- 2001:1284:0:44::44 - 2001:1284:8:128::44

© 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 116
Common Deployment Scenarios
CDS 4
• Connectivity to the Internet is Split Internet
Across Two Data Centers.
ISP A ISP B
• Each Firewall is Active; State is not X/16 & Y/44 X/16 & Y/44
Shared Between Devices.
If you Anycast BGP Advertisements,

West Coast Data Center

•

East Coast Data Center

Symmetry of Traffic Flow is our Main
Concern
• NAT solves all Symmetry problems!

• Two Independently Active Stateful

Firewalls (Routed Mode)

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 117
Common Deployment Scenarios
Edge Router Peering Link
• There are designs where this link may Internet
not be available.
ISP A ISP B
• Mostly due to budget/cost.
• What does this link provide?

West Coast Data Center

Protects against ISP Link Failure

East Coast Data Center

§
• Existing Dynamic sessions are lost
§ Allows for Advanced Outbound Load
Distribution Techniques
• Possible workarounds:
• GRE Tunnel through Internal DC Core
• Provision new L2/L3 VPN service over
existing L2/L3 VPN service
• Use Overlay over existing L3 VPN Service

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 118
Common Deployment Scenarios
Configure IPv4 NAT Boundary
• Split PI Address Space (Aggregate) Internet
Across Both Firewalls on the Outside of
the NAT Boundary. ISP A ISP B

128.4.0.0/17

128.4.128.0/17

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 119
Common Deployment Scenarios
Egress TE: eBGP Multihop to Core
• Create an eBGP Peering between
Internet
each Edge and Core Router
• Use Private ASN for Core Routers ISP A ISP B
(64512 to 65535)
• The eBGP Peer is Configured AS 64494

Multihop Feature since both peers

are not on a Common Subnet

Multihop

Multihop
eBGP
eBGP
• We use eBGP because iBGP does
not natively redistribute into our
IGP.

AS 65535 AS 65534
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 120
Common Deployment Scenarios
Egress: Advertise Defaults to Core
• Egress Traffic Engineering Internet
• Configure the Edge Routers to Send ISP A ISP B
a Default (v4 and v6) Route to their
Core Peer via eBGP. AS 64494

0.0.0.0/0 0.0.0.0/0
::/0 ::/0

AS 65535 AS 65534
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 121
Common Deployment Scenarios
Egress: Redistribute Defaults into IGP
• Egress Traffic Engineering Internet
• Redistribute the Default Routes from ISP A ISP B
BGP into the local IGP
AS 64494

0.0.0.0/0 0.0.0.0/0
::/0 ::/0

AS 65535 AS 65534

EIGRP 10
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 122
Common Deployment Scenarios
Egress: Manipulate IGP Metrics for Default Internet
• Egress Traffic Engineering
ISP A ISP B
• Increase the IGP Metrics for the Default
Routes before they are sent to their AS 64494
Neighbors
• Topology for One Campus Network may
be smaller or larger than Others.
• Some Campus network locations may use
the Wrong Egress Path, creating Sub-Optimal
Routing Issues.

Increase Cost / Metric:

V4 – 0.0.0.0/0 EIGRP 10
V6 - ::/0

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 123
Common Deployment Scenarios
Ingress TE: Advertise Split PI Space Across Providers
• Split PI Address Space
(Aggregate) Across Both
Firewalls on the Outside of the Internet
NAT Boundary. ISP A ISP B
• Advertise Both Aggregates to
each respective ISP
• Send Aggregates plus complete
PI Space 128.4.0.0/17 &
2001:1284::/45,
• Where do we originate the /16 & /44 128.4.128.0/17 &
aggregates? 2001:1284:8::/45
/16 & /44
• Originate from the Core (R7/R8)
into eBGP
• Why? R5 or R6 have no insight
into link between FW and Core
Routers

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 124
Common Deployment Scenarios
Analyze Failure Scenarios
• ISP A to R5 Failure Internet
• R5 will not Receive a Default Route from ISP A ISP B
ISP A
iBGP
R5 will Send Default Route to R7 now

West Coast Data Center

•

East Coast Data Center

learned from R6
• R7 will use Default Route received from R5 R6
eBGP Neighbor R5 (with iBGP at Edge) or
R8 (without iBGP at Edge)
• Ingress and Egress Traffic will Flow
Through R6
• Remember, We Advertised the /16 and /44 R7 R8
out both Edge Routers.

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 125
Common Deployment Scenarios
Analyze Failure Scenarios
• R5 to FW4 Failure Internet
ISP A ISP B
• R7 will receive default route from R8.
iBGP
• Ingress: Advertise PI Address Space into

West Coast Data Center

BGP across iBGP Neighbors

East Coast Data Center

• Egress: Accept More Specifics and R5 R6
Default on R5 and Default (with higher
local preference) on R6

R7 R8

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 126
Common Deployment Scenarios
Analyze Failure Scenarios
• R5 <-> R6 Failure? Internet
ISP A ISP B
• Breaks Advanced Egress Strategy
(i.e. Every other /4) iBGP

West Coast Data Center

East Coast Data Center

• Loose protection from a single ISP
failure R6
R5

R7 R8

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 127
Common Deployment Scenarios
Maintain Symmetry without NAT
• How do you Maintain Symmetry Internet
without NAT? ISP A ISP B
X/16 & Y/44 X/16 & Y/44
• If both Datacenters are
Active/Active, then it is easy to

West Coast Data Center

East Coast Data Center

black-hole traffic.
• Remember to treat Ingress and
Egress Traffic Engineering as two
separate processes.

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 128
Common Deployment Scenarios
EGRESS: No NAT in Active/Active Scenario
• Use the same method for egress traffic
Internet
that would be used if NAT was enabled.
ISP A ISP B
• Configure the Edge Routers to Send a
Default (v4 and v6) Route to their Core
Peer via eBGP. AS 64494

0.0.0.0/0 0.0.0.0/0
::/0 ::/0

AS 65535 AS 65534

EIGRP 10
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 129
Common Deployment Scenarios
INGRESS: No NAT in Active/Active Scenario
• Ingress traffic is the problem
we’re really trying to solve. Internet
• Consider Each Data Center ISP A ISP B
contains some amount of local
subnets.
AS 64494
• First, redistribute the subnets from
the IGP into BGP.

EIGRP 10

AS 65535 AS 65534

Subnets X,Y,Z Subnets A,B,C

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 130
Common Deployment Scenarios
INGRESS: No NAT in Active/Active Scenario
• Ingress traffic is the problem
we’re really trying to solve. Internet
R7(config-route-map)#set metric-type ?
• Consider Each Data Center external IS-IS external metricISP A ISP B
contains some amount of local internal IS-IS internal metric or Use IGP metric as the MED for BGP
subnets. type-1 OSPF external type 1 metric
type-2 OSPF external type 2 metric AS 64494
• First, redistribute the subnets from
the IGP into BGP.
• The key is to carry the IGP metric into
BGP
• Use a route-map when redistributing
and use this 'set' command.
No need to use a 'match' statement EIGRP 10
unless you want to add filters.
AS 65535 AS 65534

Subnets X,Y,Z Subnets A,B,C

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 131
Common Deployment Scenarios
INGRESS: No NAT in Active/Active Scenario Internet
• The subnets and their metrics are ISP A ISP B
redistributed into BGP and carried up to X,Y,Z = Low MED X,Y,Z = High MED
the Internet Edge routers. A,B,C = High MED A,B,C = Low MED
AS 64494
• BGP will install the prefix with the
lowest MED.
• BGP only advertises “Best Routes”

eBGP

eBGP
• NOTE: BGP will not compare MED
values from different AS
• Enable:
bgp always-compare-med
• Or, use same ASN across Internal Core AS 65535 Increase IGP
(without iBGP; see next slide). AS 65534
Metric
Subnets X,Y,Z Bidirectionally Subnets A,B,C
EIGRP 10

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 132
Common Deployment Scenarios
INGRESS: No NAT in Active/Active Scenario Internet
• In the Diagram to the Right, The ISP A ISP B
Core uses same AS Number (no X,Y,Z = Low MED X,Y,Z = High MED
A,B,C = High MED A,B,C = Low MED
iBGP between Core Routers).
AS 64494
• No need for ‘bgp always-
compare-med’
• Easier to implement and manage

eBGP

eBGP
than using two, distinct AS
number for the core. A Matter of
Preference…
AS 65535 Increase IGP AS 65535
Metric
Subnets X,Y,Z Bidirectionally Subnets A,B,C
EIGRP 10

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 133
Common Deployment Scenarios Traffic Destined
to Subnet X
INGRESS: No NAT in Active/Active Scenario ISP X
ISP Z
• The Edge routers will forward traffic to the ISP Y
correct Firewall based on MED values. ISP A ISP B

• If East Edge Router forwarded the traffic to East AS 64494

Firewall, the traffic would be dropped since the
firewall would not have state for those flows.
• This entire No NAT solution is shown in the
CDS-4 lab on GitHub!
• https://github.com/mzsiga/brkrst-2044
AS 65535 AS 65534

Subnets X,Y,Z Subnets A,B,C

EIGRP 10
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 134
Common Deployment Scenarios
INGRESS: No NAT in Active/Active Scenario ISP X
ISP Z
• Important: The iBGP link between Edge routers is ISP Y
required. ISP A ISP B
• Otherwise Blackhole condition will exist.
AS 64494
• Again, Possible workarounds:
• GRE Tunnel through Core
• Provision additional L2/L3 VPN service over existing
L2/L3 VPN service
• Use Overlay over existing L3 VPN Service
AS 65535 AS 65534

Subnets X,Y,Z Subnets A,B,C

ISP A ISP B ISP D ISP E

ISP C

AS 64494

AS 65535

EIGRP 10

Subnets A,B,C Subnets D,E,F Subnets G,H,I Subnets J,K,L

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 136
Alternative Solutions
Cisco Performance Routing
version 2
Performance Routing v2 Overview
Passive Link Destination Prefix
Reachability Delay Loss § Load balancing § BGP
§ Max utilization - Egress: route injection or
Egress BW Ingress BW Modifying the BGP Local
Learning § Link grouping Preference attribute
§ PfR Netflow Monitoring
§ Prefixes § $Cost - Ingress: BGP AS-PATH
§ Flows Need not be
§ ACL symmetrical Prepend or AS Community
§ DSCP Based § EIGRP Route Control
Active
§ Applications Application § Static Route Injection
Reachability Delay Loss § PIRO
Jitter MOS
Performance
§ PfR enables IP SLA feature § Reachability Application
§ Probes sourced from BR § Delay § Dynamic PBR
§ ICMP probes learned or § Loss § NBAR/CCE
configured § MOS
§ TCP, UDP, JITTER need ip § Jitter
sla responder
#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 138
PfRv2 and BGP
Using PfR to Influence Ingress and Egress Traffic

BGP ASN No Caveats

Prepend
Ingress Not All ISPs support
ASN Community the BGP Prepend
Prepend Community
PfR Tools for
Traffic Requires Additional
Engineering Configuration for
Inject BGP
Route iBGP Neighbors
Egress
BGP Local No Caveats
Preference

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 139
PfRv2 Components
• Master Controller (MC)
• Decision Maker; Apply Policy, Verify, Reporting Internet
• Cisco IOS software feature ISP A - AS 64501 ISP B - AS 64502
• Standalone or collocated with BR 51.0.0.0/8 52.0.0.0/8
2100:5100::/32 2100:5200::/32
• No Routing Protocol Required
• No Packet Forwarding/Inspection Required
• Border Router (BR) AS 64498
• Learn, Measure, Enforce
• Cisco IOS software feature in Forwarding Router BR 1 BR 2
• Uses Embedded Cisco IOS Technologies
• (IP SLA, Netflow)
MC

• Utilization on a given link is >90% Internet

• Utilization between Two Links ISP A ISP B
>10%

iBGP
eBGP eBGP

BR 1 BR 2

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 141
PfRv2 Configuration
pfr master Link Range Utilization
max-range-utilization percent 10 • Keep the usage on a set of exit
logging links within a certain percentage
!
range of each other
border 10.4.5.4 key-chain pfr
interface Ethernet0/0 internal Max Link Utilization
interface Ethernet0/1 external • Upper threshold on the amount of
max-xmit-utilization percentage 90
traffic a specific link can carry
!
border 10.4.5.5 key-chain pfr
interface Ethernet0/0 internal Max Prefixes
interface Ethernet0/1 external • Limit the number of prefixes to 1000
max-xmit-utilization percentage 90 • Delete Prefix if not relearned in 60
! Minutes
!
learn Global Policies
prefixes 1000 • Load Balancing enabled by default
expire after time 60
! • Link = Out Of Policy if :
! • % Util > Lowest + 10
periodic 600 • % Util > 90
! • Revaluate Exit every 10 Minutes

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 142
PfRv2 Example
Link Utilization Range Master Controller
Consumer (MC)NET
MC# is Profiling Traffic
*Mar 25 15:14:33.544: %OER_MC-5-NOTICE: Prefix Learning WRITING DATA ISP C
*Mar 25 15:14:33.618: %OER_MC-5-NOTICE: Prefix Learning STARTED Internet
MC#
MC#
*Mar 25 15:14:44.360: %OER_MC-5-NOTICE: Range OOP BR 10.4.5.5, i/f Et0/1, percent 93. Other BR 10.4.5.4, i/f Et0/1,
percent 44 ISP A ISP B
*Mar 25 15:14:44.360: %OER_MC-5-NOTICE: Load OOP BR 10.4.5.5, i/f Et0/1, load 279 policy 270
*Mar 25 15:14:44.360: %OER_MC-5-NOTICE: Exit 10.4.5.5 intf Et0/1 OOP, Tx BW 279, Rx BW 0, Tx Load 93, Rx Load 0
MC#
iBGP
*Mar 25 15:14:58.389: %OER_MC-5-NOTICE: Route changed Prefix 30.1.3.0/24, BR 10.4.5.4,
eBGP i/f Et0/1, Reason Utilization,
eBGP
OOP Reason Utilization
MC#
MC Detects Traffic is
out-of-policy (93%) and R4 BR 2
Modifies a Prefix

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 143
PfRv2 Example
Link Utilization Range Consumer NET
BR_2#sh ip bgp
BGP table version is 83, local router ID is 10.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, ISP C
r RIB-failure, S Stale, m multipath, b backup-path, x best-external Internet
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path ISP A ISP B

[snip]
PfR has Modified Local
*>i30.1.0.0/24 100.5.9.9 0 500 0 200 20 i Preference iBGP
eBGP eBGP
*>i30.1.1.0/24 100.5.9.9 0 500 0 200 20 i
*>i30.1.2.0/24 100.5.9.9 0 500 0 200 20 i
*>i30.1.3.0/24 100.4.8.8 0 5000 0 100 20 i
R4 BR 2
[snip]

BR_2#
MC

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 144
PfRv2 Example
Did PfR change Local_Pref? Prove it! Consumer NET
BR_2#sh pfr border routes bgp ISP C
BGP table version is 92, local router ID is 10.5.5.5
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, Internet
r RIB-failure, S Stale, m multipath, b backup-path, x best-external
Origin codes: i - IGP, e - EGP, ? - incomplete
OER Flags: C - Controlled, X - Excluded, E - Exact, N - Non-exact, I - ISP A ISP B
Injected

Network Next Hop OER LocPrf Weight Path iBGP

*>i30.1.3.0/24 100.4.8.8 XN 5000 0 100 20 i
eBGP eBGP
*>i30.1.5.0/24 100.4.8.8 XN 5000 0 100 20 i
*>i40.1.0.0/24 100.4.8.8 XN 5000 0 100 20 i
R4 BR 2
BR_2#

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 145
Alternative Solutions
Dynamic Adjustment : PfR Key Takeaways
• Cisco Performance Routing is a tool that can override Routing Protocol
to Select a Path
• Active Probes and Monitoring significantly improves reconvergence
due to Blackholes and Brownouts
• Key to Multi-Homed Internet Edge when:
• Applications are Most Critical Criteria in Traffic Engineering Policy
• Designs that scale >=(2+N) Edge Routers.
• Not all new hardware supports PFRv2
• New protocol called Dynamic Application Policy Routing (DAPR)
• Handles ingress traffic load balancing of per-application traffic
• Cisco Live Session: BRKRST-1999

Location ID Separation Protocol

Alternative Solutions
Locator/ID Separation Protocol : LISP
• Next Generation Routing Architecture: LISP (RFC 6830)
Decouple Device Location and Device Address
Address-Family Agnostic
• LISP has many Applications; What does it have to do with the Multi-
Homed Internet Edge?

#CiscoLive © 2020 Cisco and/or its affiliates. All rights reserved. Cisco Public 148
Alternative Solutions
Locator/ID Separation Protocol : LISP
• Next Generation Routing Architecture: LISP (RFC 6830)
• LISP has many Applications; What does it have to do with the Multi-
Homed Internet Edge?
• Complex Ingress Traffic Engineering: Simplified and Solved; Dead Issue.
• Global Routing Table Bloat Diminished
• Do I need BGP?
• What is the function of a Proxy Ingress Tunnel Router (PITR)?
• What if one of my current providers supported this function today?

Process Overview PxTR

Advertise
• The Enterprise is 128.10.0.0/16
Advertising more-
specifics to achieve Configure LISP Internet
Traffic Distribution.
• Proxy Router(s) Configure Default
announce Aggregate. Routing

• Enterprise Router is ‘shutdown’ BGP

Provider Y
configured for LISP and Neighbor statements Provider X
Default Routing. PI Prefix:
128.10.0.0/16
• Shutdown the BGP Advertising via BGP:
neighbor statements (or 128.10.0.0/18
xTR
remove). 128.10.64.0/18
128.10.128.0/18 Enterprise
128.10.192.0/18

Process Overview 128.10.0.0/16 PxTR

• Traffic from the Internet is
attracted to the PxTR via BGP
Advertisements Internet

• The Proxy Router distributes

the Load across both xTR
interfaces Provider Y
Provider X
• Ratio is defined by the Enterprise

xTR
Enterprise

• Reliable connectivity
starts with defining your
policy

• Policy Implementation is
Simple!

• Session workbooks, labs,

VIRL topology and all
configurations
• https://github.com/mzsiga/brkrst-
2044

#CiscoLive
#CiscoLive

T-SP4-IP Routing Fast Convergence-Miloslav Kopka
No ratings yet
T-SP4-IP Routing Fast Convergence-Miloslav Kopka
91 pages
CCNP Slides Updated May2022
No ratings yet
CCNP Slides Updated May2022
598 pages
The Qos Paradigm Shift BRKRST 2056
No ratings yet
The Qos Paradigm Shift BRKRST 2056
148 pages
40-BGP Regular Expression
No ratings yet
40-BGP Regular Expression
5 pages
BRKSPG 2397
100% (1)
BRKSPG 2397
54 pages
ACI VLAN Types-and-VLAN Scope
No ratings yet
ACI VLAN Types-and-VLAN Scope
7 pages
Nexus 7000 NX OS PDF
No ratings yet
Nexus 7000 NX OS PDF
370 pages
Configure A Site-To-Site UsingVTI On ASA
No ratings yet
Configure A Site-To-Site UsingVTI On ASA
6 pages
MPLS To SRv6 Migration-1
100% (1)
MPLS To SRv6 Migration-1
9 pages
Segment Routing Research Testing
No ratings yet
Segment Routing Research Testing
15 pages
BRKDCT-3313 Fabricpath
No ratings yet
BRKDCT-3313 Fabricpath
94 pages
Configuring 10GE LAN Services by Using The TDX and NS2 Boards
No ratings yet
Configuring 10GE LAN Services by Using The TDX and NS2 Boards
8 pages
SRTE TOI Dev V20a EXTERNAL
No ratings yet
SRTE TOI Dev V20a EXTERNAL
186 pages
BRKSPG-2003 - Internet Peering
No ratings yet
BRKSPG-2003 - Internet Peering
96 pages
Cisco Live Learning Map ACI Fabrics Operations
No ratings yet
Cisco Live Learning Map ACI Fabrics Operations
1 page
BRKMPL-2333 2014 San Francisco
No ratings yet
BRKMPL-2333 2014 San Francisco
64 pages
BGP Troubleshooting Commands
No ratings yet
BGP Troubleshooting Commands
14 pages
BGP Overview FAL
100% (1)
BGP Overview FAL
24 pages
Ccie Entreprise SW
100% (1)
Ccie Entreprise SW
282 pages
Ccie en Part 01 Switch & Router
No ratings yet
Ccie en Part 01 Switch & Router
269 pages
BRKOPT-2204 - Building Carrier Ethernet Services Using Cisco Ethernet Virtual Circuit (EVC) Framework PDF
No ratings yet
BRKOPT-2204 - Building Carrier Ethernet Services Using Cisco Ethernet Virtual Circuit (EVC) Framework PDF
109 pages
BGP Case Studies - Cisco
No ratings yet
BGP Case Studies - Cisco
80 pages
BGP Filtering Best Practices
No ratings yet
BGP Filtering Best Practices
24 pages
Site To Site VPN With Dynamic Crypto Map
No ratings yet
Site To Site VPN With Dynamic Crypto Map
7 pages
1
No ratings yet
1
187 pages
Brkipm-3017 2
No ratings yet
Brkipm-3017 2
112 pages
TECDCT-2145 Cisco FabricPath
No ratings yet
TECDCT-2145 Cisco FabricPath
156 pages
REP Carrier-Ethernet-resiliency Phuong v2
No ratings yet
REP Carrier-Ethernet-resiliency Phuong v2
20 pages
BRKSPG 2535
100% (1)
BRKSPG 2535
88 pages
AZ-104 Exam - Free Actual Q&as, Page 2 - ExamTopics-An
0% (1)
AZ-104 Exam - Free Actual Q&as, Page 2 - ExamTopics-An
8 pages
Rapid Spanning-Tree (RSTP)
No ratings yet
Rapid Spanning-Tree (RSTP)
27 pages
BGP Labeled Unicast Segment Routing Multi-Agent Support
No ratings yet
BGP Labeled Unicast Segment Routing Multi-Agent Support
6 pages
WWW - Flashcardguy.ch CCIE RS PDF Version
No ratings yet
WWW - Flashcardguy.ch CCIE RS PDF Version
101 pages
BRKSPG-2668 Cleaned
No ratings yet
BRKSPG-2668 Cleaned
31 pages
6.1 38-06 Model Driven Programmability - YANG, NETCONF, RESTCONF and GRPC
No ratings yet
6.1 38-06 Model Driven Programmability - YANG, NETCONF, RESTCONF and GRPC
13 pages
Brkaci 2644
No ratings yet
Brkaci 2644
53 pages
STP Part2 - CheatSheet ATech (Waqas Karim)
No ratings yet
STP Part2 - CheatSheet ATech (Waqas Karim)
1 page
Tecrst-2310 (2015)
No ratings yet
Tecrst-2310 (2015)
146 pages
Yasser Auda CCIEv5 IPv4 Multicast Study Guide PDF
No ratings yet
Yasser Auda CCIEv5 IPv4 Multicast Study Guide PDF
50 pages
Cisco ACI Multi-Pod (Pt.2) - APIC Configuration - Haystack Networks
No ratings yet
Cisco ACI Multi-Pod (Pt.2) - APIC Configuration - Haystack Networks
14 pages
Sharing Session Basic Routing BGP
No ratings yet
Sharing Session Basic Routing BGP
18 pages
2016 Brkspg-2061 Cableipv6
No ratings yet
2016 Brkspg-2061 Cableipv6
107 pages
MPLS Part 3
No ratings yet
MPLS Part 3
63 pages
MultiPOD Webminar External
No ratings yet
MultiPOD Webminar External
34 pages
MPLS VPN Implementation On Ios Platform PDF
No ratings yet
MPLS VPN Implementation On Ios Platform PDF
202 pages
IOS XR BGP Commands PDF
No ratings yet
IOS XR BGP Commands PDF
420 pages
Understanding OSPF
No ratings yet
Understanding OSPF
289 pages
ACI MultiPod and How To Build MultiDatacenter With Cisco ACI - How Does Internet Work
No ratings yet
ACI MultiPod and How To Build MultiDatacenter With Cisco ACI - How Does Internet Work
3 pages
Devnet 2367
No ratings yet
Devnet 2367
24 pages
CFM Tac Toi1
No ratings yet
CFM Tac Toi1
161 pages
Brkipm-2011 - Multicast Mpls
No ratings yet
Brkipm-2011 - Multicast Mpls
106 pages
BGP Understanding-Part 1
No ratings yet
BGP Understanding-Part 1
109 pages
BRKSPG 2206
No ratings yet
BRKSPG 2206
89 pages
BGP Overview
No ratings yet
BGP Overview
33 pages
Routing Implementation Cisco Vs Mikrotik PDF
No ratings yet
Routing Implementation Cisco Vs Mikrotik PDF
24 pages
BGP Fundamental
No ratings yet
BGP Fundamental
141 pages
BRKSPG 2904 ASR 9000IOS XR Hardware Architecture QOS EVC IOS XR Configuration and Troubleshooting 2014 Milan 2 Hours
No ratings yet
BRKSPG 2904 ASR 9000IOS XR Hardware Architecture QOS EVC IOS XR Configuration and Troubleshooting 2014 Milan 2 Hours
165 pages
Troubleshooting When BGP Routes Are Not Advertised
No ratings yet
Troubleshooting When BGP Routes Are Not Advertised
9 pages
CCIE R&S Lab Blueprint v4
No ratings yet
CCIE R&S Lab Blueprint v4
24 pages
CCNP ROUTE Skills Based Assessment Notes
No ratings yet
CCNP ROUTE Skills Based Assessment Notes
4 pages
Smart Rack NFR 42U 8014 GR SMR Datasheet
No ratings yet
Smart Rack NFR 42U 8014 GR SMR Datasheet
3 pages
OK Fortigate System Administration 54
No ratings yet
OK Fortigate System Administration 54
92 pages
Smartcabinet Brochure 1
No ratings yet
Smartcabinet Brochure 1
10 pages