Sketches of IP, Routing, Internet, Security and Life!
Some years ago I was consulting a project and there the team faced an issue with load-sharing the outbound traffic towards different eBGP neighbors from different ASs. They reached out to me and it took me some times to find the solution. Suddenly I was skimming through my documents and saw that, so I’m gonna share it … Continue reading “BGP Multipath load-sharing in Cisco!”
OSPF external routes are automatically blocked from being redistributed in BGP by default. A solution to minimize Internet route instability is using Aggregation. Fluctuation of any single route in an Aggregation does not cause fluctuation in the Aggregate itself. Backdoor routes offer an alternative IGP path instead of external BGP path. Using Backdoor for specific … Continue reading “Tuning BGP Capabilities”
Service Provider should filter some IP prefixes in incoming updates, such as RFC1918. Because a customer should only advertise its global networks to the Service Provider. Multihomed Customers should avoid becoming a Transit-AS. As by default in most of the cases the tie breaker for BGP is the Shortest AS-Path, so the providers connected to … Continue reading “BGP Routing using Policy Controls”
Below you will find some very basic Cisco IOS EEM applets which can be used as a module in more complex applets, such as configuration wizards. Obviously, EEM applets are able to be implemented for many automation use cases; i.e. monitoring SLA/tracks, making actions based on syslog patterns, re-configuring route-maps, ACLs, BGP configuration and whatever … Continue reading “Some basic EEM applets”
This is typical ACL which you can configure on the Public interface of your router in the Inbound direction. ip access-list EDGE_ROUTER_FW_IN remark ***DENY_FRAGMENTS*** deny tcp any PUBLIC_NETWORK fragments deny udp any PUBLIC_NETWORK fragments remark ***DENY_RFC3330*** deny ip host 0.0.0.0 any deny ip 127.0.0.0 0.255.255.255 any deny ip 192.0.2.0 0.0.0.255 any deny ip … Continue reading “Typical access-list on edge router”
