2007-11-12

Router interface naming

2007-11-12 10:57
gdt: Kangaroo road sign (Default)

Routers are addressed differently to hosts. Here's how to do it.

Router's have a control address, a IPv4 /32 and a IPv6 /128. Allocate an address range for these at the top of your address allocation. Make the range easily expressible in an access list.

Configure this control plane address on the major loopback interface:

interface Loopback0
 ip address 10.1.255.1 255.255.255.255
 no ip redirects
 no ip proxy-arp
 ipv6 enable
 ipv6 address 1020:3040:ffff::1/128
 no ipv6 redirects
 ipv6 ospf 64000 area 0.0.0.0
 ip pim sparse-mode
 ip sap listen

router ospf 64000
 network 10.1.255.1 0.0.0.0

This address is the control plane address for routing updates:

router ospf 64000
 router-id 10.1.255.1

ipv6 router ospf 64000
 router-id 10.1.255.1

ip msdp peer ...  connect-source Loopback0 remote-as 64000

router bgp 64000
 router-id 10.1.255.1
 neighbor IBGP-PEER4 peer-group
 neighbor IBGP-PEER4 remote-as 64000
 neighbor IBGP-PEER4 description iBGP links to other routers in my AS
 neighbor IBGP-PEER4 password ...
 neighbor IBGP-PEER4 update-source Loopback0
 neighbor IBGP-PEER6 peer-group
 neighbor IBGP-PEER6 remote-as 64000
 neighbor IBGP-PEER6 description iBGP links to other routers in my AS
 neighbor IBGP-PEER6 password ...
 neighbor IBGP-PEER6 update-source Loopback0
 address-family ipv4 unicast
  neighbor IBGP-PEER4 activate
  neighbor IBGP-PEER4 send-community
  no neighbor IBGP-PEER6 activate
  no synchronization
  no auto-summary
 exit-address-family
 address-family ipv4 multicast
  neighbor IBGP-PEER4 activate
  neighbor IBGP-PEER4 send-community
  no neighbor IBGP-PEER6 activate
  no auto-summary
 exit-address-family
 address-family ipv6 unicast
  no neighbor IBGP-PEER4 activate
  neighbor IBGP-PEER6 activate
  neighbor IBGP-PEER6 send-community
  no synchronization
 exit-address-family
 address-family ipv6 multicast
  no neighbor IBGP-PEER4 activate
  neighbor IBGP-PEER6 activate
  neighbor IBGP-PEER6 send-community
 exit-address-family

If you do not have a distinct management plane, use the control plane address for management activities:

ip ftp source-interface Loopback0
ip flow-export source Loopback0
ip tacacs source-interface Loopback0
logging source-interface Loopback0
snmp-server trap-source Loopback0
ntp source Loopback0
ip telnet source-interface Loopback0
ip tftp source-interface Loopback0
ip radius source-interface Loopback0

ip access-list standard VTY-LIST4
 permit 10.1.255.0 0.0.0.255

ipv6 access-list standard VTY-LIST6
 permit 1020:3040:ffff::1/64

line vty 0 4
 location Network
 transport preferred none
 transport intput ssh
 transport output ssh telnet
 access-class VTY-LIST4 in
 ipv6 access-class VTY-LIST6 in

The loopback interface holds the name of the router. Routers are named so that they are fully-described in the left-hand part of their DNS name. This is because many network management applications only display the first part of the domain name.

The name should be short (you'll be typing it a lot), specify the location, a location counter, the equipment and an equipment counter. Depending on your philosophy the equipment is specified using a general purpose identifier (such as "co" for a core router) or a make/model (such as c7200 or m40).

The name should be placed in a part of the DNS not used for any other purpose. So the top level of example.edu.au is not a good idea, net.example.edu.au is much better.

interface Loopback0
 description adl1-co1
$ORIGIN net.example.edu.au.
adl1-co1 IN AAAA 1020:3040:ffff::1
adl1-co1 IN A 10.1.255.1

Forwarding plane interfaces are named after the interface.

interface GigabitEthernet0
 description Building 23 (fiber path F-ASSD-01-03)
 ip address 10.1.4.255 255.255.255.0
 ipv6 address 1020:3040:0004:/64 eui-64

router ospf 64000
 passive-interface GigabitEthernet0

ipv6 router ospf 64000
 passive-interface GigabitEthernet0

Router-router links should use ::1/64 and ::2/64 and have a OSPF network type of point-to-point (router election is now the major delay in OSPF). Router-host links should use EUI-64 and disable OSPF.

The name for this interface will be:

$ORIGIN net.example.edu.au.
gi0.adl1-co1 IN A 10.1.4.255
gi0.adl1-co1 IN AAAA 1020:3040:0004:...

You can help users help themsleves by expanding the necessarily obscure router name; after all, you are never going to type this:

$ORIGIN net.example.edu.au.
gi0.core-1.pop-1.adelaide IN A 10.1.4.255
gi0.core-1.pop-1.adelaide IN AAAA 1020:3040:0004:...

VLANs and logical subnets simply get added in front of the interface name. Make debugging simpler by using the name to distinguish the technology used: so "vlan90" for 802.1Q, "isl90" for Cisco ISL, "lane90" for ATM, "vpls90" for MPLS and so on rather than giving all of these ethernet-like services an annodyne "vlan" name.

Tags:

Value of Router ID on Cisco IOS

2007-11-12 09:53
gdt: Kangaroo road sign (Default)

Many routing protocols use a Router Identifier, a 32-bit field which uniquely identifies the advertising router. It's traditionally printed as an IPv4 address.

Cisco's IOS is maddeningly inconsistent in its default for Router ID. Some routing processes use the highest address on a configured interface, some use the highest numbered loopback interface, and so on. There is no harm in having a differing Router ID between differing routing processes.

The harm appears because the routing process must reset if its Router ID changes. You add an additional loopback interface to be a Rendevous Point and, bang, routing resets. Or you move an customer's interface to be on another router and, bang, bang, both routers lose connectivity, interrupting services to other customers too.

So you must always explicitly code the Router ID. Set it to be the IPv4 address of Loopback0.

interface Loopback0
 description adl-a-ro1
 ip address 10.1.255.1 255.255.255.255

router ospf 64000
 router-id 10.255.255.1
 network 10.1.255.1 0.0.0.0

ipv6 router ospf 64000
 router-id 10.1.255.1

router bgp 64000
 router-id 10.1.255.1

You'll see how we used the top part of our address range for the loopback addresses, so that the default is usually right should we misconfigure.

Tags:

Chilling effect of defamation on sharing equipment reviews

2007-11-12 09:38
gdt: Kangaroo road sign (Default)

Writing the slides for the IPv6 summit where I detail AARNet's IPv6 rollout. As part of that I tested a great deal of equipment and thought I'd share the results.

That's not going to happen, since it runs too great a risk of defamation. Our lawyer says that relying on a defence of truth isn't really practical. Even if I give the hardware and software versions tested (and what a drag that would be on a 30 minute presentation), those facts must imply the manufacturer's wider support for IPv6 and, arguably, that impression could be misleading.

There was a recent case where a restuarant review in a major newspaper was found to be defaminatory and this has considerably increased the risk of review-like activities.

Of course, you don't pay lawyers to tell you the law, you pay them to find a way through the law. So I'll be presenting test and evaluation criteria that listeners can run on equipment they intend to buy.

Tags:

Profile

gdt: Kangaroo road sign (Default)
Glen Turner

September 2021

S M T W T F S
   1234
567891011
121314151617 18
19202122232425
2627282930  

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated 2025-07-20 02:38
Powered by Dreamwidth Studios