Wednesday, 12 July 2023

Plumbing... QoS

Rule no 1. QoS does not help in situations where there is no enough bandwidth but helps optimize performance by prioritization of the traffic which helps to mitigate issues that occur periodically on the network.


Most common problems to solve:

1. Jitter: control the difference in delay between packets

2. Packet loss: Ensure that traffic capable of handling packet loss is dropped before traffic that cannot

3. TCP global synchronisation - refers to a network performance issue that can occur in congested or heavily loaded networks. It occurs when multiple TCP connections simultaneously reduce their sending rates due to congestion, resulting in periods of low network utilisation followed by sudden bursts of increased traffic


Main concepts:

1. Packet classification. Process of identifying different types of the network traffic based on its characteristic/flow (IP information, port, protocol, markings). 

  
2.  Traffic marking involves setting specific values (bits) in packet headers to indicate its priority following mechanisms can be used:

- at layer 3 by setting DSCP or IP precedence

- at layer 2 by setting CoS bits (Ethernet 802.1q defines three bits priority)

- when using MPLS by setting EXP bits

  
3.  Traffic classification can be also achieved with ACLs, NBAR (Network Based Application Recognition)

 
4. Congestion management/avoidance - RED and WRED two mechanisms to keep the traffic going by dropping randomly or per threshold traffic ahead of expected congestion. main difference between the two is that WRED provide more granular control over what is dropped. 

- marking is used to determine queue for each packet

- queues are used to make sure delay sensitive flows are not dropped i.e.: VoIP traffic is transmitted and not dropped.

- non-delay sensitive packets/lower priority queues may randomly drop traffic 

RED - Random Early Detection (treats all packets the equally)
       - avoids TCP global synchronisation streams, drops or marks packets randomly before queues are full
  
WRED - Weighted Random Early Detection (RED with more granular approach in terms of traffic classification, different queues and probability profiles)


5. Queuing or also called buffering uses two main mechanisms: LLQ and CBWFQ
    LLQ - Low Latency Queueing (extension of CBWFQ) adds strict-priority capability provides both bandwidth and latency guarantee. Recommended for real time traffic.
  both use to manage and schedule packets during congestion times.
    CBWFQ - Class-Based Weighted Fair Queuing - data traffic management only


6. Policing and shaping - both are traffic managment techniques used to enforce bandwidth limitation. Shaping rate/delay traffic to configured requirement. Policing monitors traffic and drops or remarks it if the configured limit is reached.


Traffic characteristics:


- Voice traffic:

  - smooth

  - benign

  - drop sensitive - less that 1%

  - delay sensitive - less 150ms one way delay / 30ms jitter

  - UDP


- voice/video conference traffic:

  - bursty and greedy:

    - dependent on codec and video quality

  - drop sensitive (less that 1%)

  - delay sensitive (150ms one way delay / 30ms jitter)

  - UDP


- Data traffic:

  - smooth or bursty

  - bening or greedy

  - drop insensitive

  - delay insensitive

  - TCP or UDP (TCP prevelent)

  

Traffic is often split into different traffic classes such us:

- premium (or platinium)

   - VoIP

   - Video conferencing

- gold

   - critical

- silver

  - Transactional

- Best Effort

   - Web traffic

   - email

   - etc...





Monday, 1 May 2023

OSPF area types and operations (JUNIPER - REVIEW)

OSPF area types allow networks to be segmented into smaller areas to reduce the amount of routing information that needs to be exchangedThe backbone area is the central area of the OSPF network and must exist in every OSPF network. Standard areas are connected to the backbone area and have their own LSDBs, while stub areas and NSSAs block external routing information to reduce the amount of routing information exchanged between areas. Totally stubby areas block both external and inter-area routes. Routers within the same area share the same LSDB and use it to calculate the shortest path to a destination network.


OSPF defines several types of areas, each with different functions and characteristics below are the OSPF area types and their operations:


Backbone Area (Area 0) - The backbone area (also called Area 0 - area id must be 0 / 0.0.0.0 in 32bit notation) is the central area of an OSPF network and it must exist in every OSPF multiarea network. All other areas must be connected to the backbone area directly, exeption her ei sthe use of Virtual-Link/tunnel. The backbone area is responsible for distributing routing information to other areas, and it forms the foundation of the entire OSPF network.


Standard Areas (Non-Backbone Areas) - Standard areas (also called non-backbone areas) are areas that are connected to the backbone area. Same as Backbone area Standard areas are identified by Area ID which must be different than 0 (or 0.0.0.0). Each standard area has its own link-state database (LSDB) that contains information about the network topology within that area. 


Stub Areas - Stub areas are standard areas that do not receive external routing information. External routing information is information about networks outside the OSPF domain. Stub areas are used to reduce the amount of routing information that needs to be exchanged between areas. Instead of receiving external routing information, stub areas use a default route to forward traffic to networks outside the OSPF domain. Stub areas can be configured as totally stubby areas, where no inter-area or external routes are allowed, or as not-so-stubby areas (NSSAs), which allow the injection of external routes but with some limitations.


Totally Stubby Areas - Totally stubby areas are a type of stub area that not only blocks external routes, but also inter-area routes. This means that routers within the totally stubby area only know about routes within their own area and the default route to reach networks outside the OSPF domain.


Not-So-Stubby Areas (NSSAs) - NSSAs are a type of stub area that allow the injection of external routes, but with some limitations. Unlike standard areas, NSSAs do not receive external routing information directly. Instead, an NSSA border router (ASBR) injects external routes into the NSSA as Type 7 LSAs, which are then translated into Type 5 LSAs by an NSSA Area Border Router (ABR) before being propagated into other areas.

Thursday, 13 October 2022

BGP Lab topology for AS123 (part one 1)

 


> Topology Overview:

- Routers RG 31/32 - peering routers 

- Routers RR-10 / RR-20 - route reflectors

- Ps and PEs - core and customer connectivity


BGP CONCEPTS


> Pourpouse of BGP:

- interconnect between different AS (interdomain communication)

- widely used in Service Provider, Large Enterprise and Datacenter enviroments

- multihomed customers

- scalable 

- created with stability in mind


> Main considerations

- trust one one - eBGP filter advertisment in and out 

- policy based 

- multiprotocol support IPv4/6, VPNv4/6 and VXLAN

- reliable updates

- triggered updates only

- uses rich metrics/attributes


> Internal BGP

- neighbourship between two nodes in the same AS

- AS-PAth is not updated when sending to iBGP

- BGP Split-horizon is used to prevent the loops, iBGP updates are not forwarded to any other iBGP peer

- BGP next-hop is not changed

- used to carry partial of full table of internet routing prefixes


> External BGP

- neigborship between two nodes with different AS numbers

- when router receives a route with its own AS in the AS Path the information is discarded  (loop prevention)

- used to exchange prefixes with other ASes

- implements routing policies


> RFC 4456 / Route Reflectors

- removes the need for Full Mesh IBGP

- loop prevention is done using non-transitive attribute called CLUSTER_LIST and adding it is own ID to it

- when router receives update which CLUSTER_LIST contains router's own cluster ID the update is discarded.

- By default BGP Router ID value is used for cluster ID - has to be 32bit and can be changed i.e.: 0.0.0.1

- Multiple cluster IDs (MCID) feature allows to assign per-neighbor cluster IDs


> Possible scenarios of route reflection

- Between client and non-client

- Between clients in the same cluster (intra-cluster)

- Between clients in different clusters (inter-cluster)

Monday, 12 September 2022

Routing protocols - ISIS brief


What is IS-IS?

- it is a link state protocol which originates from ISO 10589 - Connectionless Network Protocol (CLNP)

- was originally designed to support CLNS, still uses CLNS for its transport

- supports both IPv4 and IPv6

- mostly popular in large ISP environments 

- similarly to OSPF it runs Dijkstra SPF algorithm

- use Hello packets to manage adjacencies (IIHs)

- use areas and two-level hierarchy, only two types of the areas 

- summarisation is only possible on ABRs between areas 

- elects designated router (DIS) similar to OSPF DR except no backup DR (backup DIS)


Sample lab diagram:



NOTE. It is essential to understand that the IS-IS connectivity between areas relays on the level-1-2 adjacencies. 

Concepts and Operations: 
- Router is an Intermediate System and host is End System
- SNPA - Subnetwork Point of Attachment - concept that relates to data link/data switch
- Frame is Data Link PDU / Packet is Network PDU
- LSP - Link State PDU - LSP is a packet itself
- two types of areas: Level 2 - backbone area and Level 1 - a non backbone area
- Level 1/2 routers (similar to OSPFs ABRs) must have databases for Level 1 and 2 areas 
- Virtual-Link not suported by many vendors, but it is possible to expand L1/2 adjacency  
- in general much simpler that OSPF
- supports two metric types: narrow(only IPv4) & wide (both IPv4 and IPv6 recommended)

Hierarchy:
Level 1 routing - routing within area
Level 2 routing - routing between areas - backbone 

Design concepts for IS-IS:
- good addressing schema to summerize on ABRs
- need to plan CLNP addressing (NET)
- two layer hierarchy to limit LSP flooding and point of subnet summarization
- need to use wide metrics
- all interfaces by default are cost of 10
- cost needs to be set manually (plan cost per link speed then assign)
- allows up to 1000 routers per area - great for scalability


Thursday, 16 June 2022

DevNet notes - Linux - Bash (2)

grep basics

grep is a command line tool for searching plain text to match a regular expression

grep use examples:


#grep 'import' test_requests.py - will display line in the file that contains word 'import'


output:


    from turtle import title

    import requests

    from bs4 import BeautifulSoup


#grep -R 'import' . - will look for all files within the directory and subdirectories that contain word 'import'


output:


    ./test_urllib:import urllib3

    ./xml2-to-dict.py:import xmltodict

    ./xml-to-dict.py:import xmltodict

    ./eveng-request.py:import requests

    ./parse_yaml.py:import yaml

    ./test_requests.py:from turtle import title

    ./test_requests.py:import requests

    ./test_requests.py:from bs4 import BeautifulSoup

    ./automate-l1.py:from __future__ import print_function, unicode_literals

    ./automate-l1.py:import logging

    ./automate-l1.py:from netmiko import ConnectHandler, redispatch

    ./automate-l1.py:from netmiko import Netmiko

    ./automate-l1.py:from getpass import getpass

    ./json-test.py:import json

    ./parse_json.py:import json


other options:


'-i' - will make above search case sensitive, example:


#grep -R -i 'Cisco123' .


output:


    ./curl_get_token.sh:curl -X POST -u 'devnetuser:Cisco123!' -H 'Content-Type: application/json' https://sandboxdnac.cisco.com/dna/system/api/v1/auth/token


'-G' -indicates a standard regular expression, supports following metachracters:

     ^ beggining of the line

     $ end of the line

     . single character

     * zero or more occurences of the preceeding character

     [xyz] to match either 'x', 'y' or 'z'

     [d-f] or [1-3] to match character in the range between 'd-f' or '1-3'

     \< or \b to match beggining of the word

     \> to match end of the word

     \ escape character

     

'-E' -indicates extended regular expression, supports all above metacharacters used in standard expression and additionally:

     ? zero or one occurance of the proceeding character

     + one or more occurancess of the proceeding character

     {X} or {X,Y} strings with X repetition or X repetition but lower that Y repetition

     | operator 'OR'

     () capture group


'-F' -indicates fixed regular expression

'-P' -indicates Perl regular expression


Bash - echo command


echo " Hello! " - outputs the text inside quatation marks, also supports following escape characters:

    \n -new line

    \t -horizontal tab

    \v -vertical tab

    \b -backspace

    \\ -prints the backslash


echo - how to show variable/run command within quotation marks? use '$' sign, example:


lets set a variable:

#MY_VAR='0123456789'


use case:

#echo "my test variable is: $MY_VAR" 


output:

    my test variable is: 0123456789


another use example:

#echo "list of my files: $(ls)" - will return list of files in the current location


Monday, 9 May 2022

YANG Data Model (notes - part 1)

- YANG is defined in RFC 6020 

- defines hierarhy of data, structures data models in to modules and submodules

- used to model data for NETCONF

- permits the definition of reusable groupings of nodes

- RFC 6021 - describes common YANG types used in networking 

   these can be imported with import statment:

   

   import "ietf-yang-types" {

      prefix-yang;

   }

   - then as a reference when accessing definitions use "yang" as a prefix i.e.:

    type yang:port-number    


- Four types of nodes are used for data modeling:

   a) Leaf node(s) - smallest component, one value i.e. ipv4 address 

   b) Leaf-list - a sequence of leaf nodes with exactly one value of a

   particular type per leaf

   c) Container nodes - group related nodes in a subtree

   d) List nodes - defines a sequence of list entries


- examples of build-in YANG data types:

   a) binary

   b) bits

   c) boolean

   d) decimal64

   e) int8/16/32/64

   f) uint8/16/32/64

   g) empty

   h) string


- Derived Types (typedef)

   "typedef" statment can be used to define derived types, example:

     

       typedef listen-port {

         type uint16 {

         range "65520 .. 65530";

     }

     description "open ports for testing"

     }

   

   Derived type statments:

   a) default

   b) description

   c) status

   d) reference

   e) type

   f) units


- augment - is to add new schema nodes to a previously defined schema node

Thursday, 28 October 2021

DevNet - Linux - Bash (1)

 BASH basics

- acronym for "Bourne Again Shell"

- allows for command and script processing

- supports piping i.e.:

$env | more 

will add page breaks when displaying the information:




- For help  "man" can be used to access detailed information about command i.e.:

$man pwd

will return:



- sample commands:

pwd - print current working directory

ls - list files and directories, optionally can be used with "-a" (show all including hidden files) or "-l" to list permissions and user/group ownership, example:


mkdir - create directory

rm - deletes file or directory, useful flag "-rf" to force remove all files within deleted

        folder

cp - copy file or folder, does not delete the source file

mv - move file/folder between directories, also can be used to rename files/folders

        using "mv -f " will force overwrite if destination file already exists

cat - can be used to view or create files, 

        useful example $cat filename.txt | more 

touch - used to create an empty file or change the time stamp without opening it

- running commands at the admin level "sudo" can be used, example:

  $sudo apt-get update - this will prompt user to enter password before proceeding with an update of the list of available packages

- environment variables:

env - to view current set of variables, example: $env | more

echo - can be used to display single variable i.e.: echo $PATH

export - can be used to add new variable i.e.: export PASS=c1sco

unset - can be used to remove variable i.e.: unset PASS


note! newly created variable will be lost after session reload unless it is added to .bashrc file (or .zshrc on MacOS) 

to add variable, example:

$echo "export PASS=c1sco" >> .bashrc

to reload the variables:

$source ~/.bashrc or $. ~/.bashrc 

Plumbing... QoS

Rule no 1. QoS does not help in situations where there is no enough bandwidth but helps optimize performance by prioritization of the traffi...