flokinet-012 - keep putting it together

Nicholas Morrison <nick@nanocat.net>

Tags:

Connecting to the lab server

Open your favourite Terminal Emulator

SSH to the netlab server:

$ ssh-keygen -R netlab.nanocat.net   <- delete the cached fingerprint
                                        (lab server rebuilt frequently)
$ ssh lab@netlab.nanocat.net
Password: (generated fresh each week)

List the running containerlab devices:

$ sudo containerlab inspect --all

Connect to an Arista device:

$ sudo docker exec -it clab-device–name Cli

.. or connect to a Linux device:

$ sudo docker exec -it clab-pcXX-name bash

Goals

Build a global network with sites in Bucharest, Amsterdam, Berlin, Helsinki and Sydney

Diagram: Global

Supinet: global view

Diagram: Site

Supinet: site view

Overview

Earlier:
- Create an IP address plan
  - https://docs.google.com/spreadsheets/d/1FevHIOJb1swzmeK_0-NXG5ug7BmXeViMwcAkq4C5ZxQ/edit?usp=sharing
Now:
- Configure spanning tree
- Create a management VLAN
- Create VLANs for the customers (pc1-pc3)
- Configure the router
- Test that PCs can ping one another within a site
Soon:
- Configure BGP sessions between your router and the ISP router
- Advertise and learn the appropriate networks
- Convert to an L3 leaf-spine
- Configure iBGP
- Configure VXLAN
- Get Layer 2 traffic across the internet like a boss

Configure BGP on your router

Make a BGP connection with the ISP router.

The ISP’s AS number is 65667

!
router bgp 65420
   router-id x.x.x.x
   neighbor x.x.x.x remote-as 65667
   neighbor x.x.x.x description earths-ISP
   network x.x.x.x/x
   network x.x.x.x/x
!

r1.xxx#show ip bgp summary
r1.xxx#show ip route bgp
r1.xxx#show ip bgp neighbor x.x.x.x advertised-routes
r1.xxx#show ip bgp neighbor x.x.x.x received-routes

Do you see the routes?

BGP won’t advertise a network unless there’s a matching prefix in the local routing table
Add null0 routes matching your network prefixes

Add null0 routes

!
ip route x.x.x.x/24 null0
ip route x.x.x.x/23 null0
!

r1.xxx#show ip bgp neighbor x.x.x.x advertised-routes

Do you see your remote routes?

BGP won’t accept a prefix from an eBGP peer, if it sees your own AS in the AS PATH.
This behaviour can be disabled (carefully) with allowas-in

Enable allowas-in

router bgp 65420
   neighbor x.x.x.x allowas-in
!

r1.xxx#show ip bgp neighbor x.x.x.x advertised-routes
r1.xxx#show ip bgp neighbor x.x.x.x received-routes

Nicholas Morrison - Networking Specialist