awa Network

Tuesday, June 14, 2011

Past Time ... Next Time will coming

Very long time, I'm not update this blog, blog about network. Not all content this blog about network, sometime about news, technology and life. I will update my posision now, many experience life, interesting, exciting from last I post around one year. Now my job is Network Quality still in same company, but there is interesting in last two year, I have new experience, my bos give special job to learn about cellular network, right cellular network in cellular company. My company is child company from the cellular company where is I join. I have new experience in there, security, cellular network (2G, 3G etc) and with many vendor network, wow is cool right.

One make me very interesting that is security. I configure, design, clarify high/low level design, optimize and audit security. What environment is ? Firewall Cisco PIX, Cisco ASA, Juniper NetScreen and the biggest firewall Juniper SRX 5800. I do with 4 firewall 2 from Cisco, 2 from Juniper. All firewall different syntax and flow, but concept little same. I like with this experience, interesting and very exciting for me, never I do it before.

Other experience is from Ericsson, Gi Network for cellular network from GGSN until Internet, GGSN from Juniper/Ericsson environment, SASN Cluster (Deep Packet Inspection environment), MSP (multi service proxy). Last from Motorola with OSN (Optimizing Services Node) all new experience is very very interesting, exciting and cool :D.

How about now, still exciting job ? of course, Network Quality is new for me and I will make it excting like before ;)

Tuesday, July 20, 2010

Find AS-Number BGP Neighbor without Ask Administrator

I have topology with 2 router (router A & router B) :

(A) 172.16.0.1 ---- 172.16.0.2 (B)
ASN.65000 ---- ASN.65535

- (A) already config BGP with
router bgp 65000
neighbor 172.16.0.2 remote-as 65535

- (B) want to connect with A via BGP
- (B) not yet get information ASN (A)
- (B) how to find AS-Number (A) without ask administrator ?

1. config AS-Number (B)
router bgp 65535 ---> ASN (B)

2. config neighbor valid IP (A) & whatever AS-Number (A)
neighbor 172.16.0.1 remote-as 1 ---> ASN.1 is whatever AS-Number, just trigger log error

3. config bgp-log
router bgp 65535
bgp log-neighbor-changes ---> to show notification log error

- in router (B) will generate log :
%BGP-3-NOTIFICATION: sent to neighbor 172.16.0.1 2/2 (peer in wrong AS) 2 bytes FDE8

chars FDE8 is hexadecimal AS-Number (A)
convert hexadecimal FDE8 to decimal = 65000

- change your config
neighbor 172.16.0.1 remote-as 65000

- in router (B) will generate log :
%BGP-5-ADJCHANGE: neighbor 172.16.0.1 Up

Now you can find AS-Number BGP neighbor without ask administrator ;)

Friday, June 12, 2009

Manual reroute traffic 'ip ospf cost' better than auto reroute

Router1#sh ip os int b
Interface    PID   Area            IP Address/Mask    Cost  State Nbrs F/C
Vl50         1     0               161.1.79.7/24      300   DR    1/1
Fa0/15       1     0               161.1.78.7/24      100   BDR   1/1
Lo0          1     0               150.1.7.7/24       1     LOOP  0/0

Router2#sh ip os int b
Interface    PID   Area            IP Address/Mask    Cost  State Nbrs F/C
Fa0/16       1     0               161.1.89.8/24      150   DR    1/1
Fa0/15       1     0               161.1.78.8/24      100   DR    1/1
Lo0          1     0               150.1.8.8/24       1     LOOP  0/0

Router3#sh ip os int b
Interface    PID   Area            IP Address/Mask    Cost  State Nbrs F/C
Fa0/16       1     0               161.1.89.9/24      150   BDR   1/1
Vl50         1     0               161.1.79.9/24      300   BDR   1/1
Lo0          1     0               150.1.9.9/24       1     LOOP  0/0

Router3#sh ip ro 150.1.7.7
Routing entry for 150.1.7.7/32
  Known via "ospf 1", distance 110, metric 251, type intra area
  Last update from 161.1.89.8 on FastEthernet0/16, 00:04:39 ago
  Routing Descriptor Blocks:
  * 161.1.89.8, from 150.1.7.7, 00:04:39 ago, via FastEthernet0/16
      Route metric is 251, traffic share count is 1

Router3#traceroute 150.1.7.7
Type escape sequence to abort.
Tracing the route to 150.1.7.7
  1 161.1.89.8 0 msec 4 msec 0 msec
  2 161.1.78.7 4 msec *  0 msec

# SCENARIO I, Change cost with 'ip ospf cost 50'

Router3(config)#do sh ip os int b
Interface    PID   Area            IP Address/Mask    Cost  State Nbrs F/C
Fa0/16       1     0               161.1.89.9/24      150   BDR   1/1
Vl50         1     0               161.1.79.9/24      50    BDR   1/1
Lo0          1     0               150.1.9.9/24       1     LOOP  0/0

Router3(config)#do sh ip ro 150.1.7.7
Routing entry for 150.1.7.7/32
  Known via "ospf 1", distance 110, metric 51, type intra area
  Last update from 161.1.79.7 on Vlan50, 00:00:36 ago
  Routing Descriptor Blocks:
  * 161.1.79.7, from 150.1.7.7, 00:00:36 ago, via Vlan50
      Route metric is 51, traffic share count is 1

Router3(config)#do traceroute 150.1.7.7
Type escape sequence to abort.
Tracing the route to 150.1.7.7
  1 161.1.79.7 4 msec *  0 msec

>> Verify with ping, during I change cost 50

Router3#ping 150.1.7.7 repeat 10000
Success rate is 100 percent (10000/10000), round-trip min/avg/max = 1/1/28 ms

# SCENARIO II, Force shutdown interface FastEternet0/15 in Router1 (Router1-Router2)
traffic from Router3 to Router 1 should be route to interface vlan 50 (Router1-Router3)

Router3(config-if)#do sh ip ro 150.1.7.7
Routing entry for 150.1.7.7/32
  Known via "ospf 1", distance 110, metric 301, type intra area
  Last update from 161.1.79.7 on Vlan50, 00:00:29 ago
  Routing Descriptor Blocks:
  * 161.1.79.7, from 150.1.7.7, 00:00:29 ago, via Vlan50
      Route metric is 301, traffic share count is 1

Router3(config-if)#do traceroute 150.1.7.7
Type escape sequence to abort.
Tracing the route to 150.1.7.7
  1 161.1.79.7 0 msec *  0 msec

>> Verify with ping, during I force shutdown

Router3#ping 150.1.7.7 repeat 10000
Success rate is 99 percent (9995/10000), round-trip min/avg/max = 1/1/216 ms