Tuesday, 16 March 2021

My First Python Script as a Network Engineer

import getpass
import telnetlib

HOST = input("Enter the IP Address of Device: ")
user = input("Enter your account: ")
password = getpass.getpass()

tn = telnetlib.Telnet(HOST)

tn.read_until(b"Username: ")
tn.write(user.encode('ascii') + b"\n")
if password:
    tn.read_until(b"Password: ")
    tn.write(password.encode('ascii') + b"\n")

tn.write(b"enable\n")
tn.write(b"terminal len 0\n")
tn.write(b"configure terminal\n")
tn.write(b"hostname amar\n")
tn.write(b"router eigrp 100\n")
tn.write(b"no auto-summary\n")
tn.write(b"network 0.0.0.0\n")
tn.write(b"exit\n")
tn.write(b"exit\n")
tn.write(b"show ip protocol\n")
tn.write(b"show version\n")
tn.write(b"write memory\n")
tn.write(b"exit\n")


print(tn.read_all().decode('ascii'))

Thanks for Reading 

amartechstuff 😊😊

Monday, 15 March 2021

BGP Chapter 22 - BGP Split Horizon Rule

 Route learned from an iBGP neighbor cannot be forwarded to other iBGP neighbor.

 Solution for this are :-

1) Full Mesh iBGP

2) Route Reflector 

3) Confederation 

Lets focus on 1st Solution in this chapter 

1) Full Mesh iBGP 

 Making full mesh of iBGP peers even if they are not directly connected .

 So that each iBGP router will have BGP routes for AS. 

The requirement of fully meshed iBGP means that, for n BGP speakers (within the same AS), there will be n(n-1)/2 iBGP peering sessions. 

For example, if there are 10 BGP speakers in a particular AS, then there must be 10(10-1)/2 iBGP sessions, which is 45 peering sessions. 

This may not scale well in ASs that have large number of iBGP peers. 

So the solution to this are the other two methods :- 

Route Reflector and Confederation. 

 

LAB 

=========


 
Basic Configuration

=======================

 R1
===============
config t
hostname R1
interface eth1/0
ip add 12.1.1.1 255.255.255.0
no shut
exit
interface eth1/1
ip add 13.1.1.1 255.255.255.0
no shut
exit
int loopback 0
ip address 1.1.1.1 255.255.255.255
int loopback 1
ip address 10.0.0.1 255.255.255.0
ip route 2.2.2.2 255.255.255.255 12.1.1.2
ip route 3.3.3.3 255.255.255.255 13.1.1.3
exit
exit

R2
===============
config t
hostname R2
interface eth1/0
ip add 12.1.1.2 255.255.255.0
no shut
exit
int loopback 0
ip address 2.2.2.2 255.255.255.255
int loopback 1
ip address 20.0.0.1 255.255.255.0
ip route 1.1.1.1 255.255.255.255 12.1.1.1
ip route 3.3.3.3 255.255.255.255 12.1.1.1
exit
exit

R3
===============
config t
hostname R3
interface eth1/1
ip add 13.1.1.3 255.255.255.0
no shut
exit
int loopback 0
ip address 3.3.3.3 255.255.255.255
int loopback 1
ip address 30.0.0.1 255.255.255.0
ip route 1.1.1.1 255.255.255.255 13.1.1.1
ip route 2.2.2.2 255.255.255.255 13.1.1.1
exit
exit

BGP Configuration on R1
========================
config t
router bgp 100
neighbor amar peer-group
neighbor amar remote-as 100
neighbor amar update-source loopback 0
neighbor amar password cisco123
neighbor 2.2.2.2 peer-group amar
neighbor 3.3.3.3 peer-group amar
exit
exit

BGP Configuration on R2
==========================
config t
router bgp 100
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source loopback 0
neighbor 1.1.1.1 password cisco123
exit
exit

BGP Configuration on R3
==========================
config t
router bgp 100
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source loopback 0
neighbor 1.1.1.1 password cisco123
exit
exit

===================
R1#sh ip bgp summary
BGP router identifier 1.1.1.1, local AS number 100
BGP table version is 1, main routing table version 1

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
2.2.2.2         4          100       6       7        1    0    0 00:02:51        0
3.3.3.3         4          100       5       4        1    0    0 00:02:39        0
R1#

R2#sh ip bgp summary
BGP router identifier 20.1.1.1, local AS number 100
BGP table version is 1, main routing table version 1

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.1         4          100       7       7        1    0    0 00:03:15        0
R2#

R3#sh ip bgp summary
BGP router identifier 30.1.1.1, local AS number 100
BGP table version is 1, main routing table version 1

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.1         4          100       5       6        1    0    0 00:03:24        0
R3#

========================================================================
R1

config t
router bgp 100
network 10.0.0.0 mask 255.255.255.0
exit
exit
wr

R2

config t
router bgp 100
network 20.0.0.0 mask 255.255.255.0
exit
exit
wr

R3

config t
router bgp 100
network 30.0.0.0 mask 255.255.255.0
exit
exit
wr

R1#sh ip bgp
BGP table version is 6, local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>  10.0.0.0/24      0.0.0.0                  0         32768 i
 *>i 20.0.0.0/24      2.2.2.2                  0    100      0 i
 *>i 30.0.0.0/24      3.3.3.3                  0    100      0 i

R2#sh ip bgp
BGP table version is 5, local router ID is 20.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>i 10.0.0.0/24      1.1.1.1                  0    100      0 i
 *>  20.0.0.0/24      0.0.0.0                  0         32768 i

R3#sh ip bgp
BGP table version is 3, local router ID is 30.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>i 10.0.0.0/24      1.1.1.1                  0    100      0 i
 *>  30.0.0.0/24      0.0.0.0                  0         32768 i


Lets try full mesh iBGP Peering

R2
config t
router bgp 100
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source loopback 0
neighbor 3.3.3.3 password cisco123
exit
exit

R3
config t
router bgp 100
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 update-source loopback 0
neighbor 2.2.2.2 password cisco123
exit
exit

R2#sh ip bgp summary
BGP router identifier 20.1.1.1, local AS number 100
BGP table version is 6, main routing table version 6
3 network entries using 432 bytes of memory
3 path entries using 240 bytes of memory
2/2 BGP path/bestpath attribute entries using 272 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 944 total bytes of memory
BGP activity 3/0 prefixes, 4/1 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.1         4          100      43      46        6    0    0 00:35:31        1
3.3.3.3         4          100       7       7        6    0    0 00:00:15        1

R3#sh ip bgp summary
BGP router identifier 30.1.1.1, local AS number 100
BGP table version is 4, main routing table version 4
3 network entries using 432 bytes of memory
3 path entries using 240 bytes of memory
2/2 BGP path/bestpath attribute entries using 272 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 944 total bytes of memory
BGP activity 3/0 prefixes, 3/0 paths, scan interval 60 secs

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.1         4          100      45      44        4    0    0 00:35:34        1
2.2.2.2         4          100       7       7        4    0    0 00:00:31        1
R3#

R2#sh ip bgp
BGP table version is 6, local router ID is 20.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>i 10.0.0.0/24      1.1.1.1                  0    100      0 i
 *>  20.0.0.0/24      0.0.0.0                  0         32768 i
 *>i 30.0.0.0/24      3.3.3.3                  0    100      0 i
R2#
R2#
R2#ping 30.0.0.1 source loopback0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 30.0.0.1, timeout is 2 seconds:
Packet sent with a source address of 2.2.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/34/44 ms

R3#sh ip bgp
BGP table version is 4, local router ID is 30.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
              x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found

     Network          Next Hop            Metric LocPrf Weight Path
 *>i 10.0.0.0/24      1.1.1.1                  0    100      0 i
 *>i 20.0.0.0/24      2.2.2.2                  0    100      0 i
 *>  30.0.0.0/24      0.0.0.0                  0         32768 i
R3#
R3#
R3#ping 20.0.0.1 sou
R3#ping 20.0.0.1 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.0.0.1, timeout is 2 seconds:
Packet sent with a source address of 3.3.3.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/33/64 ms

Thanks for Reading !!

amartechstuff

 

 

 


Sunday, 14 March 2021

BGP Chapter 20 - BGP Authentication

Simple
Supports Message Digest 5 (MD5) algorithm
Not mandatory
Incase used both the peers should have same password to form BGP neighborship. 

 


 

 

BGP Authentication

 


R1
==============

config t
hostname R1
int eth1/0
ip add 12.1.1.1 255.255.255.0
no shut
exit
exit

config t
int loopback 0
ip add 1.1.1.1 255.255.255.255
exit
exit

config t
ip route 2.2.2.2 255.255.255.255 eth1/0

R2
==============

config t
hostname R2
int eth1/0
ip add 12.1.1.2 255.255.255.0
no shut
exit
exit

config t
int loopback 0
ip add 2.2.2.2 255.255.255.255
exit
exit

config t
ip route 1.1.1.1 255.255.255.255 eth1/0

BGP Configuration
=====================

R1
====
config t
router bgp 100
neighbor 2.2.2.2 remote-as 200
neighbor 2.2.2.2 update-source loopback 0
neighbor 2.2.2.2 ebgp-multihop 255
neighbor 2.2.2.2 soft-reconfiguration in
exit
exit

R2
====
config t
router bgp 200
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source loopback 0
neighbor 1.1.1.1 ebgp-multihop 255
neighbor 1.1.1.1 soft-reconfiguration in
exit
exit

BGP Authentication Configuration
==================================
R1
====

R1(config)#
R1(config)#router bgp 100
R1(config-router)#neighbor 2.2.2.2 password ?
  <0-7>  Encryption type (0 to disable encryption, 7 for proprietary)
  LINE   The password

R1(config-router)#neighbor 2.2.2.2 password cisco123
R1(config-router)#exit
R1(config)#
R1(config)#exit


*Mar 13 14:09:37.667: %TCP-6-BADAUTH: Invalid MD5 digest from 2.2.2.2(33269) to 1.1.1.1(179) tableid - 0
*Mar 13 14:09:39.663: %TCP-6-BADAUTH: Invalid MD5 digest from 2.2.2.2(33269) to 1.1.1.1(179) tableid - 0
*Mar 13 14:09:43.671: %TCP-6-BADAUTH: Invalid MD5 digest from 2.2.2.2(33269) to 1.1.1.1(179) tableid - 0
*Mar 13 14:09:51.671: %TCP-6-BADAUTH: Invalid MD5 digest from 2.2.2.2(33269) to 1.1.1.1(179) tableid - 0

Lets quickly configure on R2 also

R2
====
config t
router bgp 200
neighbor 1.1.1.1 password cisco123
exit

After configuration the neighborship is now up

Logs on R1
=================
*Mar 13 14:12:31.591: %TCP-6-BADAUTH: Invalid MD5 digest from 2.2.2.2(27868) to 1.1.1.1(179) tableid - 0
*Mar 13 14:12:39.591: %TCP-6-BADAUTH: Invalid MD5 digest from 2.2.2.2(27868) to 1.1.1.1(179) tableid - 0
*Mar 13 14:13:01.599: %BGP-5-ADJCHANGE: neighbor 2.2.2.2 Up

R1#sh ip bgp summary
BGP router identifier 1.1.1.1, local AS number 100
BGP table version is 1, main routing table version 1

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
2.2.2.2         4          200       4       5        1    0    0 00:00:48        0


Now I have configured wrong password on R2

R2(config)#router bgp 200
R2(config-router)#neighbor 1.1.1.1 password cisco
R2(config-router)#exit
R2(config)#exit

Logs on R1
=================
*Mar 13 14:17:13.019: %TCP-6-BADAUTH: Invalid MD5 digest from 2.2.2.2(27879) to 1.1.1.1(179) tableid - 0
*Mar 13 14:17:35.879: %TCP-6-BADAUTH: Invalid MD5 digest from 2.2.2.2(20365) to 1.1.1.1(179) tableid - 0
*Mar 13 14:17:37.879: %TCP-6-BADAUTH: Invalid MD5 digest from 2.2.2.2(20365) to 1.1.1.1(179) tableid - 0
*Mar 13 14:17:40.219: %TCP-6-BADAUTH: Invalid MD5 digest from 2.2.2.2(179) to 1.1.1.1(13155) tableid - 0
*Mar 13 14:17:41.879: %TCP-6-BADAUTH: Invalid MD5 digest from 2.2.2.2(20365) to 1.1.1.1(179) tableid - 0


R1#sh ip bgp summary
BGP router identifier 1.1.1.1, local AS number 100
BGP table version is 1, main routing table version 1

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
2.2.2.2         4          200       0       0        1    0    0 00:01:07 Active

R2#sh ip bgp sum
BGP router identifier 2.2.2.2, local AS number 200
BGP table version is 1, main routing table version 1

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.1         4          100       0       0        1    0    0 00:02:15 Active


Now lets switchback and make the correction in password

& neigbhorship is up

R2#sh ip bgp sum
BGP router identifier 2.2.2.2, local AS number 200
BGP table version is 1, main routing table version 1

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.1         4          100       4       4        1    0    0 00:00:05        0

R1#sh run | section bgp
router bgp 100
 bgp log-neighbor-changes
 neighbor 2.2.2.2 remote-as 200
 neighbor 2.2.2.2 password cisco123
 neighbor 2.2.2.2 ebgp-multihop 255
 neighbor 2.2.2.2 update-source Loopback0
 neighbor 2.2.2.2 soft-reconfiguration inbound

R2#sh run | sec bgp
router bgp 200
 bgp log-neighbor-changes
 neighbor 1.1.1.1 remote-as 100
 neighbor 1.1.1.1 password cisco123
 neighbor 1.1.1.1 ebgp-multihop 255
 neighbor 1.1.1.1 update-source Loopback0
 neighbor 1.1.1.1 version 4
 neighbor 1.1.1.1 soft-reconfiguration inbound


Thanks for Reading !!!!

amartechstuff

 

Saturday, 13 March 2021

BGP Chapter 21 - BGP Peer Group

 Sometimes it happens that while configuring bgp neighbors some of the configuration for
neighbors is exactly same and configuring the same can irritate you !

So to avoid the same you can use "BGP Peer Group".

For sure it will save time and also CPU resources of the router since whenever BGP sends update
it will send the update for peer group rather than separately for each neighbor.

 

BGP Peer Group

 Basic Configuration

=======================

 R1
===============
config t
hostname R1
interface eth1/0
ip add 12.1.1.1 255.255.255.0
no shut
exit
interface eth1/1
ip add 13.1.1.1 255.255.255.0
no shut
exit
int loopback 0
ip address 1.1.1.1 255.255.255.255
router ospf 1
network 0.0.0.0 0.0.0.0 area 0
exit
exit

R2
===============
config t
hostname R2
interface eth1/0
ip add 12.1.1.2 255.255.255.0
no shut
exit
int loopback 0
ip address 2.2.2.2 255.255.255.255
router ospf 1
network 0.0.0.0 0.0.0.0 area 0
exit
exit

R3
===============
config t
hostname R3
interface eth1/1
ip add 13.1.1.3 255.255.255.0
no shut
exit
int loopback 0
ip address 3.3.3.3 255.255.255.255
router ospf 1
network 0.0.0.0 0.0.0.0 area 0
exit
exit
==============================================
BGP Configuration on R2
==========================
config t
router bgp 100
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source loopback 0
neighbor 1.1.1.1 password cisco123
exit

BGP Configuration on R3
==========================
config t
router bgp 100
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source loopback 0
neighbor 1.1.1.1 password cisco123
exit

Without Peer Group
=========================
BGP Configuration on R1

config t
router bgp 100
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 update-source loopback 0
neighbor 2.2.2.2 password cisco123
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source loopback 0
neighbor 3.3.3.3 password cisco123
exit


With Peer Group

=========================
BGP Configuration on R1

config t
router bgp 100
neighbor amar peer-group
neighbor amar remote-as 100
neighbor amar update-source loopback 0
neighbor amar password cisco123
neighbor 2.2.2.2 peer-group amar
neighbor 3.3.3.3 peer-group amar
exit
exit

R1#sh run | section bgp
router bgp 100
 bgp log-neighbor-changes
 neighbor amar peer-group
 neighbor amar remote-as 100
 neighbor amar password cisco123
 neighbor amar update-source Loopback0
 neighbor 2.2.2.2 peer-group amar
 neighbor 3.3.3.3 peer-group amar
R1#
R1#
R1#sh ip bgp summ
R1#sh ip bgp summary
BGP router identifier 1.1.1.1, local AS number 100
BGP table version is 1, main routing table version 1

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
2.2.2.2         4          100       6       6        1    0    0 00:02:05        0
3.3.3.3         4          100       6       4        1    0    0 00:02:04        0
R1#

R2#sh ip bgp summary
BGP router identifier 2.2.2.2, local AS number 100
BGP table version is 1, main routing table version 1

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.1         4          100      13      13        1    0    0 00:08:33        0
R2#

R3#sh ip bgp summary
BGP router identifier 3.3.3.3, local AS number 100
BGP table version is 1, main routing table version 1

Neighbor        V           AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
1.1.1.1         4          100      10      13        1    0    0 00:08:09        0
R3#

Thanks for reading !!!!

 amartechstuff