CCIE SPv3 Gotchas

There seems to be a lot of gotchas from the lab.

I've been searching this forum and could find a lot, like MPLS TE autoroute announce breaking single topology ISIS, BSR issues with IOS XR and etc...

I'm openning this so we can discuss these little annoying things that may make one good canditate fail an exam.

I'm compiling a list and should post shortly, feel free to post !

Thanks!




Comments

  • IOX XR and VPN Multicast:

    I could not see other mdt nei of vrf in IOS XR for long.  I configured as follow for mdt of vrf ABC

    multicast-routing
     address-family ipv4
      interface all enable
     !
     vrf ABC
      address-family ipv4
       mdt source Loopback0
       mdt default ipv4 239.255.13.27
       interface all enable
    !

    I could not see other nei if I do 'sh pim vrf ABC nei'.

    Finally, I got the nei after I removed ' mdt source Loopback0' and reactivate again.  During my test of BGP, I lost again neighbor.  I deactivate and activate the same procedure like before.  I got back nei at once.  This is weird.  No configuration changes but could lost pim nei.  If the router reboot, it can loose all nei.  Is there any other way to fix this problem?  [:(]

  • More multicast. Configured network as per full lab 4 and configured multicast perfectly which I was quite proud of, only for XR to smote me. Got the below error over and over again.

    LC/0/4/CPU0:Sep 27 17:37:46.581 : ipv4_mfwd_partner[211]: %ROUTING-IPV4_MFWD-4-FROM_MRIB_UPDATE : MFIB couldn't process update from MRIB : Unable to commit new (0xe0000000):(10.0.0.5,232.0.0.1/32) - No such file or directory

    XR1 was working fine and debug pim bsr showed this when I shut down loop0 on R6.

    RP/0/0/CPU0:XR1#RP/0/0/CPU0:Sep 27 17:29:40.665 : pim[1127]: [10] FOO: Received BSR message pkt len 36 from 10.0.0.1 (mdtFOO) for 172.16.0.6, priority 0 hash mask length 0
    RP/0/0/CPU0:Sep 27 17:29:40.666 : pim[1127]: [10] FOO: state = No-info stored - (172.16.0.6, 0) new - (172.16.0.6, 0)
    RP/0/0/CPU0:Sep 27 17:29:40.666 : pim[1127]: [10] FOO: Current BSR info: addr = 172.16.0.6 priority = 0 cand-state = No-info, elect-state = Accept-Preferred
    RP/0/0/CPU0:Sep 27 17:29:40.666 : pim[1127]: [10] FOO: 172.16.0.6/16: Skipping interface mdtFOO, incoming MDT interface
    RP/0/0/CPU0:Sep 27 17:29:40.666 : pim[1127]: [10] FOO: Forwarding BSR message on interface Lo1
    RP/0/0/CPU0:Sep 27 17:29:40.666 : pim[1127]: [10] FOO: Recieved Group range 224.0.0.0/4, RP count 1 Fragment RP count 1 Proto SM
    RP/0/0/CPU0:Sep 27 17:29:40.666 : pim[1127]: [10] FOO: RP 172.16.0.6, Holdtime 150, Priority 0

    The corresponding debug on XR2 gave absolutely nothing.  There were PIM neighbourships to all the connected routers, GRT and VRF etc but XR2 didn't learn the BSR and consequently neither did R7 and R8. commit/rollback worked.

     

    EDIT: i before e except after c? Recieved ha ha ha no spell checker on XR




  • Have you enabled "router pim" inside IOS-XR ?

    --
    Jah Bless


    From: [email protected]
    To: [email protected]
    Date: Fri, 27 Sep 2013 11:05:15 -0700
    Subject: Re: [CCIE SP] CCIE SPv3 Gotchas

    IOX XR and VPN Multicast:

    I could not see other mdt nei of vrf in IOS XR for long.  I configured as follow for mdt of vrf ABC

    multicast-routing
     address-family ipv4
      interface all enable
     !
     vrf ABC
      address-family ipv4
       mdt source Loopback0
       mdt default ipv4 239.255.13.27
       interface all enable
    !

    I could not see other nei if I do 'sh pim vrf ABC nei'.

    Finally, I got the nei after I removed ' mdt source Loopback0' and reactivate again.  During my test of BGP, I lost again neighbor.  I deactivate and activate the same procedure like before.  I got back nei at once.  This is weird.  No configuration changes but could lost pim nei.  If the router reboot, it can loose all nei.  Is there any other way to fix this problem?  Sad



    INE - The Industry Leader in CCIE Preparation

    http://www.INE.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx

  • You don't need to if you enable all interfaces in multicast

  • From the top of my head :

     

    ISIS -> AF v4 /v6 and metric must match ;

    MPLS TE -> if using multi-topology ok, if single cannot run autoroute announce (or static ?)

    BSR on XR -> totatlly broken, must be reset via static rp config or reload ;

    MULTICAST X MPLS TE -> must have multicast-intact 

    IOS XR Specific -> by default ISIS multitopology / router static needed for send-label on CsC / route-policy pass on eBGP

    Route-map outbound on eBGP border (inter as option C / CsC)  must have the set-label keyword;

    Redistribute EIGRP -> redistribute command on AF IPv4 vrf needs metric 

    L3VPN client with backdoor links -> old and simple set tag / deny tag inbound on PE ;

    L2VPN -> MTU Must match on PE interfaces , on CE must match for IGP

    L2VPN PE config -> FR Switching / intf-type dce / clock rate ; 

    Inter-AS Option C -> Next-hop unchanged between RR in diferente ASes , next-hops in IGP(MPLS) or BGP (labelled unicast)

    BGP to RIPv2 redistribution -> If med = 0 redistribution doesn't occur ;




  • EIGRP/MPBGP redistribution may require clear ip ro vrf $blah * in 12.2 IOS

  • EIGRP PE-CE with backdoor links smells funky , loopback from directly connected CE appears on the routing table as prefereed from iBGP to another PE -> other CE -> backdoor link.

     

    Ideas ?

  • EIGRP PE-CE with backdoor links smells funky , loopback from directly connected CE appears on the routing table as prefereed from iBGP to another PE -> other CE -> backdoor link.

     

    Ideas ?

    Make sure you DONT have "bgp bestpath cost-community ignore". Can you compare the FD?

    Regards,

    AB.

  • Got it, it's on ATC , set the bandwidth and delay on backdoor link to most high, making it less prefereable, also, be sure to match default k values on redistribution on both PEs.

     

    XR2 was connected via gigabitethernet and R1 via fast, sooooo =D


  • Have you enabled "router pim" inside IOS-XR ?


    --

    Jah Bless

    Definitely, I did.  After deactivate and activate 'mdt source lo0', every multicast are working well.

    Khine

  • L2VPN PE config -> FR Switching / intf-type dce / clock rate ; 

    If connection is like [CE----<frame-relay>-----PE] direct connection, you are right but

    if connection is like [CE---|FR Cloud/Switch]----PE] via frame-relay cloud, interface will not up if you set 'intf-type dce'.  You don't need to set DCE on PE interface because external FR switch is acting as DCE.

  • ...

    Route-map outbound on eBGP border (inter as option C / CsC)  must have the set-label keyword;

    ...

    Is it needed only for IOS or IOS-XR also?

  • Just IOS

    Correct command is set mpls-label, must be set on all route-map statements including ones without a mtach statement

     

    route-map blah permit 10

    match ip addr pref blurg

    set mpls-label

    route-map blah permit 20

    set mpls-label

  • Yes IOS only, since outbound route-maps strip the labels.

     

  • Doing clear bgp ipv4 uni * soft on an IOS box causes a hard reset of IOX session if IOX is the PE.  This doesnt happen in my own lab (4.3.0) so presumably its an issue for 3.9.1

  • In the exam,

    Should hardcode

    'ip cef' on every IOS routers.  They could remove 'ip cef'.  If we don't notice, it will be big problem.

    'mpls ldp router-id lo0' on every MPLS routers.  If another loopback is higher IP address, it will take LDP router-id role when router reboot.  You will loose all LDP connectivities.

    'ip mulicast-routing' and 'ip multicast-routing vrf XXX'all related multicast routers.  They can remove that one. I faced the problem as that line was missing. Thanks, it was just during tesing period, not real exam.  That's remind me.  I took about one hour to solve that.  :(

    'bgp router-id x.x.x.x'.. Although IOS is not very important, it is critical for XR.  Better add on all BGP routers.

     

    From the top of my head :

     

    ISIS -> AF v4 /v6 and metric must match ;

    MPLS TE -> if using multi-topology ok, if single cannot run autoroute announce (or static ?)

    BSR on XR -> totatlly broken, must be reset via static rp config or reload ;

    MULTICAST X MPLS TE -> must have multicast-intact 

    IOS XR Specific -> by default ISIS multitopology / router static needed for send-label on CsC / route-policy pass on eBGP

    Route-map outbound on eBGP border (inter as option C / CsC)  must have the set-label keyword;

    Redistribute EIGRP -> redistribute command on AF IPv4 vrf needs metric 

    L3VPN client with backdoor links -> old and simple set tag / deny tag inbound on PE ;

    L2VPN -> MTU Must match on PE interfaces , on CE must match for IGP

    L2VPN PE config -> FR Switching / intf-type dce / clock rate ; 

    Inter-AS Option C -> Next-hop unchanged between RR in diferente ASes , next-hops in IGP(MPLS) or BGP (labelled unicast)

    BGP to RIPv2 redistribution -> If med = 0 redistribution doesn't occur ;

     

     

  • In the exam,

    Should hardcode

    'ip cef' on every IOS routers.  They could remove 'ip cef'.  If we don't notice, it will be big problem.

    'mpls
    ldp router-id lo0' on every MPLS routers.  If another loopback is
    higher IP address, it will take LDP router-id role when router reboot.  You will loose all LDP connectivities.

    'ip
    mulicast-routing' and 'ip multicast-routing vrf XXX'all related
    multicast routers.  They can remove that one. I faced the problem as
    that line was missing. Thanks, it was just during tesing period, not
    real exam.  That's remind me.  I took about one hour to solve that.  :(

    'bgp router-id x.x.x.x'.. Although IOS is not very important, it is critical for XR.  Better add on all BGP routers.

    From the top of my head :

     

    ISIS -> AF v4 /v6 and metric must match ;

    MPLS TE -> if using multi-topology ok, if single cannot run autoroute announce (or static ?)

    BSR on XR -> totatlly broken, must be reset via static rp config or reload ;

    MULTICAST X MPLS TE -> must have multicast-intact 

    IOS XR Specific -> by default ISIS multitopology / router static needed for send-label on CsC / route-policy pass on eBGP

    Route-map outbound on eBGP border (inter as option C / CsC)  must have the set-label keyword;

    Redistribute EIGRP -> redistribute command on AF IPv4 vrf needs metric 

    L3VPN client with backdoor links -> old and simple set tag / deny tag inbound on PE ;

    L2VPN -> MTU Must match on PE interfaces , on CE must match for IGP

    L2VPN PE config -> FR Switching / intf-type dce / clock rate ; 

    Inter-AS Option C -> Next-hop unchanged between RR in diferente ASes , next-hops in IGP(MPLS) or BGP (labelled unicast)

    BGP to RIPv2 redistribution -> If med = 0 redistribution doesn't occur ;

     

     

  • I have solve it.  I configured mdt source under vrf.  It must be under global.  Correct config is as follow.

    multicast-routing
     address-family ipv4
      interface all enable
      mdt source Loopback0
     !
     vrf ABC
      address-family ipv4
       mdt default ipv4 239.255.13.27
       interface all enable
    !

    IOX XR and VPN Multicast:

    I could not see other mdt nei of vrf in IOS XR for long.  I configured as follow for mdt of vrf ABC

    multicast-routing
     address-family ipv4
      interface all enable
     !
     vrf ABC
      address-family ipv4
       mdt source Loopback0
       mdt default ipv4 239.255.13.27
       interface all enable
    !

    I could not see other nei if I do 'sh pim vrf ABC nei'.

    Finally, I got the nei after I removed ' mdt source Loopback0' and reactivate again.  During my test of BGP, I lost again neighbor.  I deactivate and activate the same procedure like before.  I got back nei at once.  This is weird.  No configuration changes but could lost pim nei.  If the router reboot, it can loose all nei.  Is there any other way to fix this problem?  Sad

     

  • One crucial for all candidates is this one:

    DO NOT USE  ctrl+shift+6  as you may hit 7 instead of 6, and then all your devices will reset (reload). Use tcl script for testing instead. This is lab feature and not a bug (really!)

    Cheers!

  • If IOS XR router is running MPLS TE only with no LDP, LDP needs to be enabled anyways, otherwise MPLS forwarding will not work even though control plane for this is perfectly fine.

     

Sign In or Register to comment.