Recently I revived my relationship with Python in an effort to tackle the routine tasks appearing here and there. So I started to write some pocket scripts and, luckily, was not the only one on this battlefield - my colleagues also have a bunch of useful scripts. With all those code snippets sent in the emails, cloned from the repos, grabbed on the network shares… I started to wonder how much easier would it be if someone had them all aggregated and presented with a Web UI for a shared access?

Thus, I started to build web front-end to the python scripts we used daily with these goals in mind:

  • allow people with a zero knowledge of Python to use the scripts by interacting with them through a simple Web UI;
  • make script’s output more readable by leveraging CSS and HTML formatting;
  • aggregate all the scripts in one a single repo but in a separate sandboxed directories to maintain code manageability.

This short demo should give you some taste of what it is:

Disclaimer: I am nowhere near even a professional python or web developer. And what makes it even worse is that I used (a lot) a very dangerous coding paradigm - SDD - Stack Overflow Driven Development. So, hurt me plenty if you see some awful mistakes.

Project source code

The topic of this post is Layer 3 VPN (L3VPN or VPRN as we call it in SROS) configuration, and I decided to kill two birds with one stone by inviting Juniper vMX to our cozy SROS environment.

The BGP/MPLS VPN (RFC 4364) configuration will undergo the following milestones:

  • PE-PE relationship configuration with VPN IPv4 address family introduction
  • PE-CE routing configuration with both BGP and OSPF as routing protocols
  • Export policy configuration for advertising VPN routes on PE routers
  • AS override configuration
  • and many more

We’ll wrap it up with the Control Plane/Data Plane evaluation diagrams which help a lot with understanding the whole BGP VPN mechanics. Take your seats, and buckle up!

In the first part of this BGP tutorial we prepared the ground by configuring eBGP/iBGP peering. We did a good job overall, yet the plain BGP peering is not something you would not normally see in production. The power of BGP is in its ability for granular management of multiple routes from multiple sources. And the tools that help BGP to handle this complex task are BGP policies at their full glory.

In this part we will discuss and practice:

  • BGP export/import policies for route advertisement/filtering
  • BGP communities operations
  • BGP routes aggregation: route summarization and the corresponding aggregate and atomic-aggregate path attributes

There is no way I would leave you without covering configuration steps for one of the most versatile, scalable and robust internet protocols also known as BGP. And here it is - BGP configuration guide for Nokia (Alcatel-Lucent) Service Routers.

As with the OSPF configuration tutorial I will cover the configuration process for various BGP scenarios along with the verification and troubleshooting steps bundled with colorful figures, detailed code snippets and useful remarks.

BGP is so huge that I had no other option but to write about it in several parts:

Part 1 is dedicated to basic eBGP/iBGP configuration. We will practice with common BGP configuration procedures at first, then learn how to export routes into BGP process and prevent unnecessary route reflection by means of split-horizon over eBGP links.

Next we go over iBGP configuration to spread the eBGP learned routes across the Autonomous Systems. I will explain the necessity of having a full-mesh iBGP topology and the use of the next-hop-self command for iBGP peers.

It’s a perfect time to configure some BGP, right?

Packet filters (or in Cisco terminology Access Control Lists, aka ACL) are one of the most used tools in a network engineer’s tool set. Blocking telnet/ssh access, restricting specific traffic flows, implementing policy-based routing or NATing - all of these tasks use IP filter’s capabilities.

In this example I’ll show you how to configure a basic SSH-blocking IP filter on a Nokia (Alcatel-Lucent) SROS running TiMOS-B-12.0.R8.

The purpose of this post is to cover basic OSPFv2 configuration steps and commands for Nokia SROS routers. Intended readers are engineers with basic OSPF knowledge who want to know how to configure OSPF on Alcatel-Lucent Service Routers (7750-SR, 7705-SR, 7210-SR).

All examples are valid for TiMOS-B-12.0.R8 software.

When it comes to basic OSPF troubleshooting the first-aid kit is Neighbor states and things, that should match to form an adjacency. And on one early morning while refreshing my memory on OSPF neighbor states I accidentally ran into quite interesting problem.

But before we start, answer the short question:

Will adjacency be formed between directly connected via Gig. Ethernet interfaces routers R1 and R2 if

  • R1’s OSPF interface type configured as point-to-point
  • R2’s OSPF interface type configured as broadcast
  • Time’s up. The answer is – yes and no. Wanna know why? Jump in, I have to show you something.

    Major network vendors (except Cisco) default to the following modes of Label Distribution Protocol (LDP) operation (as per RFC 5036 LDP Specification):

    • Label Distribution (Advertisement): Downstream Unsolicited (section 2.6.3)
    • Label Control: Ordered (section 2.6.1)
    • Label Retention: Liberal (section 2.6.2)

    This topic focuses on Ordered Label Distribution Control procedure to help you better understand when LSR actually assigns labels and initiates transmission of a label mapping.

    About me

    Hey, let’s meet? I am Roman, an engineer with a passion for network automation and this is my technical blog. ProjectsHey, this will be filled out soon. Talks & DemosContainerlab @ NLNOG 2021The very first in-person networking after a long COVID dry-out. In this talk I introduce containerlab to the audience where 30 minutes is all it takes to get the gist of the project and how it can fit in your environment.