Juniper OSPF adjency stuck in exstart between MX480 and EX9208

May 31st, 2014 No comments

I have a 20GB aggregated-ethernet between an MX480 and an EX9208 virtual-chassis. This link is a layer3 link and has been working from day one with no issues. Recently, the need arose to change that link from l3 to l2 and to pass multiple vlans over it. While I am not a fan of doing l2 stuff on the MX480 as it is a routing platform, business needs trump my personal inclinations.

Config before I started:
MX480 side:

jose@mx480> show configuration interfaces ae1
aggregated-ether-options {
minimum-links 1;
link-speed 10g;
lacp {
active;
}
}
unit 0 {
family inet {
address 10.10.10.12/31;
}
}

EX9208 side:
jose@ex9208> show configuration interfaces ae1
aggregated-ether-options {
minimum-links 1;
link-speed 10g;
lacp {
active;
}
}
unit 0 {
family inet {
address 10.10.10.13/31;
}
}

After making the necessary changes, I noticed that OSPF was not coming up. The session was stuck in Exstart. Issues with Exstart almost always indicate an MTU issue.

jose@ex9208# run show ospf neighbor
Address Interface State ID Pri Dead
10.10.10.10 ae0.0 Full 10.10.10..0 128 35
10.10.10.12 irb.7 ExStart 10.10.10.1 128 34

I turned on OSPF traceoptions and we can see the issue right away

jose@mx480> show configuration protocols ospf
traceoptions {
file ospf;
flag all;
}
jose@mx480> show log ospf | match 10.10.10.13
May 31 11:37:21.357761 OSPF rcvd DbD 10.10.10.13 -> 224.0.0.5 (ae1.7 IFL 354 area 0.0.0.3)
May 31 11:37:21.357808 ospf_process_dbd: processing dbd from 10.10.10.13
May 31 11:37:21.357814 OSPF restart signaling: Received DBD with LLS data from nbr ip=10.10.10.13 id=10.10.10.2.
May 31 11:37:21.357819 OSPF packet ignored: MTU mismatch from 10.10.10.13 on intf ae1.7 area 0.0.0.3
May 31 11:37:21.533689 OSPF resend last DBD to 10.10.10.13
May 31 11:37:21.533721 OSPF retransmitting DBD to 10.10.10.13

This forced me to check the MTU for each side and we can see the MTU difference.

jose@mx480# run show interfaces ae1.7 | match MTU
Protocol inet, MTU: 1500

jose@ex9208> show interfaces irb| match MTU
Type: Ethernet, Link-level type: Ethernet, MTU: 1514
Protocol inet, MTU: 1504
Protocol inet6, MTU: 1504
Protocol multiservice, MTU: 1504

We force the MTU for the irb interface:

jose@dist.edi03> show configuration interfaces irb.7
family inet {
mtu 1500;

After changing MTU, we have an OSPF adjency

jose@ex9208> show ospf neighbor
Address Interface State ID Pri Dead
10.10.10.10 ae0.0 Full 10.10.10.0 128 32
10.10.10.12 irb.7 Full 10.10.10.1 128 39

Unfortunately my OSPF logs rolled over before I was able to show the adjency being established, but I promise its there 🙂

Categories: Uncategorized Tags:

Latest Update….

May 26th, 2014 1 comment

I have not posted here in almost two years, but I am trying to get back into the studying and blogging as well. Much has happened since my last post. I have been working at Apple for almost 2 years and my wife is currently pregnant with our 3rd child. We have moved twice, once to North Carolina and more recently to San Jose, CA, both times for Apple. In between all of these things I have not found the time to dedicate myself to studying the way I should and therefore I still have not passed my CCIE. This is my attempt to get into the studying once and for all, pass this exam and move on with my life.

I have learned quite a bit at my time with Apple, but unfortunately, most of it has been Nexus-related, so it wont be much use on my R&S CCIE. I am working on a schedule that will allow me personal time as well as time for studying. With two kids, a pregnant wife and summer approaching, time will be at a premium, but I will do my best to make it all work.

My goal is to update this site 2 x per week and to study 10hrs/week. I think these are relatively small goals and can be accomplished. I will keep things updated here as I move along in my studies. Thank you.

Categories: Uncategorized Tags:

Dynamips reducing CPU even further

June 28th, 2012 No comments

While at my CCIE lab 10-day bootcamp, I was told of another way to reduce CPU usage on my box that is running Dynamips. The original link is from here. I was checking on my dynamips stuff and here is a before/after picture. I was sitting at 100% CPU at all three cores on my AMD box, and after following the instructions here, I was able to drop CPU on two of the cores in half to about 40~50%. Here are the before/after pics:

    Before:

                  After:

                Categories: Uncategorized Tags:

                Ctrl+Z and IOS auto-completing commands….

                April 5th, 2012 2 comments

                I have now run into the same issue twice in the past two weeks with IOS. I am very accustomed to using Ctrl+Z, to exit config mode completely and move onto to doing show commands. Yesterday, I was doing some labs and after configuring IPv6 RIP on an interface, I started typing a “show” command, realized I was in config mode, so hit Ctrl+Z to exit and then be able to continue with my show commands.

                Rack1R1#conf t
                Enter configuration commands, one per line. End with CNTL/Z.
                Rack1R1(config)#int serial 0/0
                Rack1R1(config-if)#ipv6 rip RIPNG enable
                Rack1R1(config-if)#sh^Z

                *Mar 1 07:39:35.966: %LINK-5-CHANGED: Interface Serial0/0, changed state to administratively down
                *Mar 1 07:39:36.966: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0, changed state to down

                After having this happen to me twice, I looked it up and found this note here

                If you use Ctrl-Z at the end of a command line in which a valid command has been typed, that command will be added to the running configuration file. In other words, using Ctrl-Z is equivalent to hitting the Enter (Carriage Return) key before exiting. For this reason, it is safer to end your configuration session using the end command. Alternatively, you can use the Ctrl-C key combination to end your configuration session without sending a Carriage Return signal.

                Needless to say, i will be more careful and try using Ctrl+C or the “end” command instead of Ctrl+Z.

                Categories: CCIE Lab Preparation Tags:

                Enabling IPv6 on Cisco 3560

                April 5th, 2012 1 comment

                When starting with the IPv6 portion of Vol 1, one of the tasks is to enable IPv6 on SW1 and SW3. When trying to do this, I forgot how to enable IPv6 on the Catalyst switch line.

                For starters, I went into the switch and I had forgotten of the procedure necessary to have IPv6 working on the switches. As you can see, I tried various commands to enable IPv6 but to no avail.

                Enter configuration commands, one per line. End with CNTL/Z.
                Rack1SW1(config)#int vlan 67
                Rack1SW1(config-if)#ip?
                ip

                Rack1SW1(config-if)#ipv6 enable ?
                % Unrecognized command
                Rack1SW1(config-if)#exit
                Rack1SW1(config)#ipv
                Rack1SW1(config)#ipv6 un
                Rack1SW1(config)#ipv6 ?
                % Unrecognized command
                Rack1SW1(config)#exit

                Rack1SW1#conf t
                Enter configuration commands, one per line. End with CNTL/Z.
                Rack1SW1(config)#ipv?
                % Unrecognized command
                Rack1SW1(config)#exit

                Rack1SW1#sh license
                ^
                % Invalid input detected at ‘^’ marker.

                Rack1SW1#sh version
                Cisco IOS Software, C3560 Software (C3560-ADVIPSERVICESK9-M), Version 12.2(46)SE, RELEASE SOFTWARE (fc2)
                Copyright (c) 1986-2008 by Cisco Systems, Inc.
                Compiled Thu 21-Aug-08 15:26 by nachen
                Image text-base: 0x00003000, data-base: 0x01A00000

                After a little bit of digging, I remembered that the way to enable IPv6 on the 3560’s is via the SDM.

                Rack1SW1#show sdm prefer
                The current template is “desktop default” template.
                The selected template optimizes the resources in
                the switch to support this level of features for
                8 routed interfaces and 1024 VLANs.

                number of unicast mac addresses: 6K
                number of IPv4 IGMP groups + multicast routes: 1K
                number of IPv4 unicast routes: 8K
                number of directly-connected IPv4 hosts: 6K
                number of indirect IPv4 routes: 2K
                number of IPv4 policy based routing aces: 0
                number of IPv4/MAC qos aces: 0.5K
                number of IPv4/MAC security aces: 1K

                Rack1SW1#conf t

                Rack1SW1(config)#sdm prefer ?
                access Access bias
                default Default bias
                dual-ipv4-and-ipv6 Support both IPv4 and IPv6
                ipe IPe bias
                routing Unicast bias
                vlan VLAN bias

                Rack1SW1(config)#sdm prefer dual-ipv4-and-ipv6 ?
                default Default bias
                routing Unicast bias
                vlan VLAN bias

                Rack1SW1(config)#sdm prefer dual-ipv4-and-ipv6 routing
                Changes to the running SDM preferences have been stored, but cannot take effect
                until the next reload.
                Use ‘show sdm prefer’ to see what SDM preference is currently active.
                Rack1SW1(config)#exit
                Rack1SW1#wri mem

                Rack1SW1#show sdm prefer
                The current template is “desktop default” template.
                The selected template optimizes the resources in
                the switch to support this level of features for
                8 routed interfaces and 1024 VLANs.

                number of unicast mac addresses: 6K
                number of IPv4 IGMP groups + multicast routes: 1K
                number of IPv4 unicast routes: 8K
                number of directly-connected IPv4 hosts: 6K
                number of indirect IPv4 routes: 2K
                number of IPv4 policy based routing aces: 0
                number of IPv4/MAC qos aces: 0.5K
                number of IPv4/MAC security aces: 1K

                On next reload, template will be “desktop IPv4 and IPv6 routing” template.

                Rack1SW1#reload
                Proceed with reload? [confirm]

                *Mar 1 05:08:34.051: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload command.

                After rebooting, everything is set and ready for IPv6 traffic.

                Rack1SW1#conf t
                Enter configuration commands, one per line. End with CNTL/Z.
                Rack1SW1(config)#ipv6 unicast-routing
                Rack1SW1(config)#exit
                Rack1SW1#wri mem
                Building configuration…
                [OK]
                Rack1SW1#
                *Mar 1 00:01:39.270: %SYS-5-CONFIG_I: Configured from console by console
                Rack1SW1#conf t
                Rack1SW1(config)#int vlan 67
                Rack1SW1(config-if)#ipv6 enable
                Rack1SW1(config-if)#int gig0/3
                Rack1SW1(config-if)#ipv6 enable
                Rack1SW1(config-if)#^Z
                Rack1SW1#
                *Mar 1 00:09:58.426: %SYS-5-CONFIG_I: Configured from console by console

                OSPF retransmission issue in Dynamips

                April 4th, 2012 No comments

                While doing my Multicast labs, I ran into an OSPF issue that I have seen before while doing OSPF labs. OSPF tends to be troublesome over some interfaces when using Dynamips due to MTU issues. Here are some logs from my device R6:

                *Mar 1 00:20:40.815: %OSPF-5-ADJCHG: Process 1, Nbr 150.1.7.7 on FastEthernet0/0.67 from EXSTART to DOWN, Neighbor Down: Too many retransmissions
                *Mar 1 00:21:40.819: %OSPF-5-ADJCHG: Process 1, Nbr 150.1.7.7 on FastEthernet0/0.67 from DOWN to DOWN, Neighbor Down: Ignore timer expired

                The cause of this issue is an MTU mismatch preventing a full OSPF adjacency from happening.

                Rack1R6#sh int fastEthernet 0/0.67
                FastEthernet0/0.67 is up, line protocol is up
                Hardware is Gt96k FE, address is c207.09cf.0000 (bia c207.09cf.0000)
                Internet address is 155.1.67.6/24
                MTU 1500 bytes, BW 100000 Kbit/sec, DLY 1000 usec,

                Rack1SW1#sh int vlan 67
                Vlan67 is up, line protocol is up
                Hardware is EtherSVI, address is 0023.05e3.a8c3 (bia 0023.05e3.a8c3)
                Internet address is 155.1.67.7/24
                MTU 1504 bytes, BW 1000000 Kbit, DLY 10 usec,

                The first way to correct the issue is rather obvious, which is to make the MTU’s match on the interfaces. Unfortunately, I was unable to do this on either device.

                Rack1R6#conf t
                Rack1R6(config)#int fastEthernet 0/0.67
                Rack1R6(config-subif)#mtu 1504
                % Interface FastEthernet0/0 does not support user settable mtu.

                Rack1SW1#conf t
                Rack1SW1(config)#int vlan 67
                Rack1SW1(config-if)#ip mtu ?
                <68-1504> MTU (bytes)

                Rack1SW1(config-if)#ip mtu 1500
                % ip mtu is not supported on this interface

                There is another way to correct the problem, which is the “ip ospf mtu-ignore” command. You take the interface from the error message, in this case “FastEthernet0/0.67” and apply the command to it.

                Rack1R6#conf t
                Rack1R6(config)#int fastEthernet 0/0.67
                Rack1R6(config-subif)#ip ospf mtu-ignore

                *Mar 1 00:21:48.291: %OSPF-5-ADJCHG: Process 1, Nbr 150.1.7.7 on FastEthernet0/0.67 from LOADING to FULL, Loading Done

                To read more about the solution, please go here or read below:

                ip ospf mtu-ignore

                To disable OSPF MTU mismatch detection on receiving DBD packets, use the ip ospf mtu-ignore command in interface configuration mode. To reset to default, use the no form of this command.

                OSPF checks whether neighbors are using the same MTU on a common interface. This check is performed when neighbors exchange Database Descriptor (DBD) packets. If the receiving MTU in the DBD packet is higher than the IP MTU configured on the incoming interface, OSPF adjacency will not be established.

                Categories: CCIE Lab Preparation Tags:

                Vol 1 progress, Vol 2 and bootcamp

                April 2nd, 2012 No comments

                I have been making some good progress on the Vol 1 workbook. Petr Lapukhov’s How to pass the CCIE R&S with INE’s 4.0 Training Program guide estimates 8 weeks to complete Vol 1, i am proud to say that I am more than halfway done after only 5 days. In the next 11 weeks I will have to complete Vol. 1, do as much of Vol 2 as I can as well as watching the Advanced Technologies Video on Demand. To be quite honest, I think I have set myself up at a good pace and cannot wait for the bootcamp to be here.

                Here are the sections I have completed thus far:
                Completed:
                Bridging & Switching: 1.1-1.15
                Frame-Relay: 2.1-2.8
                IP Routing: 3.1-3.11
                RIP: 4.1-4.11
                EIGRP: 5.1-5.10
                OSPF: 6.1-6.14
                BGP: 7.1-7.6

                To be completed:
                BGP: 7.7-7.12
                IPv6: 9.1-9.9
                Multicast: 8.1-8.10
                MPLS VPN: 14.1-14.7

                IP Routing section complete

                March 30th, 2012 No comments

                Just completed the INE IP Routing section of Vol 1. I feel I am making very good time on these Vol 1 labs as in INE has suggested it would take 8 weeks to get wholly familiar with these topics and I have done the first 3 in 3 days. I am pretty happy with my progress and plan to keep going forward. Overall, my plan is to complete the aforementioned sections of Vol 1, then move onto Vol 2 and work that while also listening to the Advanced Technologies Class on demand and having both of them complete before going to my 10-day bootcamp. WIth only 11 weeks left, it sounds do-able, but you never know. Either way, I will keep this blog updated with progress. Thank you.

                INE Workbook Vol 1. section 1.1-1.15 complete

                March 28th, 2012 No comments

                I have started my studying again and have completed the INE Workbook vol. 1 section 1.1 through 1.15. The topics in this section are all review and to be honest are a section that I work on quite a bit on a daily basis, but its always good to review. The included sections are:
                1.1 Layer 2 Access Switchports
                1.2 Layer 2 Dynamic Switchports
                1.3 ISL Trunking
                1.4 802.1q Trunking
                1.5 802.1q Native VLAN
                1.6 Disabling DTP Negotiation
                1.7 Router-on-a-stick
                1.8 VTP
                1.9 VTP Transparent
                1.10 VTP pruning
                1.11 VTP Prune-eligible list
                1.12 Layer 2 Etherchannel
                1.13 Layer 2 Etherchannel with PAgp
                1.14 Layer 2 Etherchannel with LACP
                1.15 Layer 3 Etherchannel

                I look forward to moving onto the Frame Relay section, as it is one that I am not that familiar with. I have already completed this entire section once, but am reviewing as part of my study plan for the 10-day bootcamp I am attending in June. I plan on completing Vol 1 sections detailed in my previous post, as well as completing watching the Advanced Technologies Video on Demand from INE.com. If i have time left over, I will start some Vol 2 labs, just to be ahread before the class begins. I feel I have ample time to complete these goals before the actual class. Until tomorrow…..

                Studying continues and 10-day lab bootcamp

                March 23rd, 2012 2 comments

                I have signed up for the 10-day INE.com bootcamp in Seattle, WA from Jun 18th – Jun 29th, 2012. In order to be prepared for the bootcamp, they recommend you complete Vol 1 of their self-study material as well as the Advanced Technologies Video on Demand. I have done the key sections of Vol 1 as one of their guides had instructed. For those of you interested in what exactly I have done, here are the sections:

                Bridging & Switching: 1.1-1.15
                Frame-Relay: 2.1-2.8
                IP Routing: 3.1-3.11
                RIP: 4.1-4.11
                EIGRP: 5.1-5.10
                OSPF: 6.1-6.14
                BGP: 7.1-7.12
                IPv6: 9.1-9.9
                Multicast: 8.1-8.10
                MPLS VPN: 14.1-14.7

                I have started watching the Advanced Technologies Video On Demand which consist of 81h 59min of Brian McGahan teaching a two-week course going over the fundamentals of what will be on the lab exam. I have about 3 months to prepare for the class and according to INE.com, I will need about 3-4 months after the class of self-prep to be truly prepared. Either way, I am trying to update this site more regularly as I back into studying hardcore.

                Categories: CCIE Lab Preparation, Uncategorized Tags: